CHAPTER 9 VERIFYING MASSIVE RTL DESIGNS USING STATISTICAL
10.2 Verifying reliability of an SRAM cell
We now present some preliminaries regarding the source of variations in an SRAM cell. We describe the reliability property that we wish to verify on an SRAM cell in the presence of these variations. We also provide a brief background for the statistical model checking technique that we employ on the SRAM cell.
10.2.1 Variations in an SRAM cell
We consider an SRAM cell design that comprises six transistors [50]. Due to variations arising from the manufacturing process, the threshold voltages of these six transistors are
typically modeled as independent, Gaussian random variables [50]. Therefore, the SRAM cell can be viewed as a statistical entity with six random variables.
Let V ={v1, v2, v3, v4, v5, v6} be the set of six random variables that model the varying threshold voltages of the transistors in the SRAM cell. Each variable vj is real-valued and can be assigned a value in the range [vmin
j vjmax].
Definition 23. The sample space S of the SRAM cell is the 6-dimensional Euclidean space [vmin
1 v1max] × [vmin2 v2max] × [v3min vmax3 ] × [v4min v4max] × [vmin5 v5max] × [v6min vmax6 ] spanned by the set of threshold voltages V .
Each point in the sample space S corresponds to a unique assignment of concrete, real values to variables V . We use the 6-tuple {v1, v2, v3, v4, v5, v6} to denote a point in the sample space of the SRAM cell.
Let gj(v) denote the Gaussian probability density function (pdf) for variable vj. The mean and variance of the distribution gj(v) can be obtained from the specification of the transistor in the process technology library [50].
Definition 24. The statistical distribution D(V ) of the SRAM cell is given by the joint pdf of the threshold voltages V . Since the threshold voltages V are modeled to be sta- tistically independent variables, the joint pdf of V can be computed as a product of the individual pdfs gj(v) of the variables vj (j= 1 to 6).
Let Vi={vi
1, v2i, vi3, v4i, vi5, v6i} be a sample that is drawn from the space S (Definition 23) of the SRAM cell. During Monte Carlo simulation of the SRAM cell according to the distribution D(V ) , the probability density D(Vi) of the sample Vi is given by
D(Vi) = 6 Y j=1
gj(vji) (10.1)
10.2.2 Reliability of an SRAM cell
The delay of the SRAM cell depends on the threshold voltages of the transistors. An SRAM cell is said to fail if its delay exceeds a pre-defined timing constraint. We wish to verify that the probability with which an SRAM cell fails is less than a threshold θ. We express this reliability requirement as a property
Φ = P≤θ[f ail] (10.2)
If θ is very small, we consider that Φ deals with a rare-event scenario. In reliable hardware designs, the failure rate P [f ail] of an SRAM cell is required to be very low. Therefore, the reliability property of an SRAM cell deals with a rare-event scenario. Definition 25. A failing sample of an SRAM cell is a sample where the cell delay exceeds a user-specified timing constraint.
For each sample Vi drawn from the space S, the delay of the SRAM cell can be mea- sured by simulating the SRAM circuit using the corresponding values vi
j assigned to the threshold voltages vj (j= 1 to 6). The measured delay can be compared against the timing constraint in order to check whether the sample is failing or not.
Definition 26. The set of all failing samples in S constitute the failure region SF (SF ⊆ S) of the SRAM cell.
For a given timing constraint, the SRAM cell fails when the threshold voltages exceed a certain value. Let vF
j ∈ [vjmin vjmax] be the smallest value of vj for which an SRAM cell fails for a given timing constraint. Therefore, in all failing samples of the SRAM cell, the value of vj lies in the range [vjF vmaxj ].
Definition 27. For a given timing constraint, RF (RF ⊆ S) is the smallest 6-dimensional hyper-rectangle in which the failure region SF of the SRAM cell is completely contained. RF can be viewed as a “box” that bounds the failure region SF and is given by [vF1 v1max]× [vF
2 vmax2 ] × [v3F v3max] × [vF4 v4max] × [v5F vmax5 ] × [v6F v6max].
Definition 28. For a given timing constraint, CF (CF ⊆ S) is the smallest 6-dimensional hyper-cube in which the failure region SF of the SRAM cell is completely contained. CF is a box with equal-sized edges and is given by [v1max-c v1max] × [vF2-c v2max] × [vF3- c vmax
3 ] × [v4max-c v4max] × [v5max-c v5max] × [vmax6 -c v6max], where c is the size of each edge. The hyper-rectangle RF (Definition 27) is contained in the hyper-cube CF, i.e., RF ⊆ CF.
10.2.3 Statistical model checking of an SRAM cell
We wish to verify that an SRAM cell design M verifies a reliability property Φ (Equa- tion 10.2), denoted by M |= Φ. We briefly describe the statistical model checking tech- nique that we employ in order to verify M |= Φ.
Let pF denote the actual failure rate of M. If pF is less than the threshold θ specified in Φ, then M |= Φ. Statistical model checking obtains an estimate of the failure rate by performing Monte Carlo simulations of M. M |= Φ is verified by comparing this estimated failure rate against θ.
Let Vi denote the ith sample drawn according to the statistical distribution D(V ) (Definition 24) of M. We define I(Vi) to be an indicator function [21] that is equal to 1 if the sample Vi is failing (Definition 25) and 0 otherwise.
I(Vi) = 1, if Vi is a failing sample 0, if Vi is not failing (10.3)
After NS samples have been generated, the expected (average) failure rate can be estimated as c pF = 1 NS NS X i=1 I(Vi) (10.4)
However, in a different sampling run, another set of NS samples could be used instead to estimate the failure rate. Therefore, the estimate is itself a random variable. For large NS, the estimate is typically modeled as a Gaussian random variable (Figure 10.1) with meanpcF. The variance σp2F of the estimate is given by
σ2pF = NS P i=1[I(V i) − cp F]2 NS(NS− 1) (10.5)
The Gaussian distribution represents how wellpcF estimates the actual failure rate pF. pF is more likely to be near the mean pcF of the distribution and less likely to be in the tail regions.
Statistical model checking verifies M |= Φ by comparing cpF against the threshold θ. Since pcF is only an estimate obtained using a limited set of simulations, the verification result may be inaccurate. Statistical model checking draws sufficient samples until the verification results are within the specified bounds of error α and β (Equation 2.2).
Figure 10.1 depicts the scenario where pcF < θ. In this scenario, the verification result is incorrect if the actual failure rate pF is greater than θ. Therefore, the probability of error is equal to the area of the shaded region in the figure. We require this probability to be less than the bound α (Equation 2.2). Similarly, if pcF > θ, we require the probability of error to be less than β.
Verification errors arise when the actual failure rate pF and the estimate pcF lie on different sides of the threshold θ. As the number of samples NS increases, the variance of the estimate (Equation 10.5) reduces and the Gaussian curve becomes “narrower”. As a
Figure 10.1: Gaussian distribution of failure rate estimates, with meanpcF and variance σ2
pF. The area of the shaded region is the probability of error in the verification result.
result, the probability of occurrence of a verification error also reduces.