Synopsys’ chairman sounds off on why the company is pushing heavily into software, the need for security, and R&D costs in the wake of fewer acquisition targets.
Aart de Geus, chairman and co-CEO of Synopsys, sat down with Semiconductor Engineering to talk about acquisitions, software and EDA. What follows are excerpts of that interview, which was conducted in front of a live audience at DAC.
SE: A lot of Synopsys’ investments are moving in a new direction, namely software. Why is that becoming so important to your company?
De Geus: It’s not a different direction. It’s the same direction. But you’re right, it is growing in importance. We’ve been successful in hardware. If you look at logic chips, everyone single one is a super mega computer by the standards of yesterday. With computation comes an enormous amount of software to do something useful as this. We refer to this as embedded software. It’s embedded in the hardware. But if hardware or software don’t work, nothing works. For us it’s natural to start looking at the complexity in software to see if there’s something we can do to help. Software has not had the same stringent requirements for success as hardware. With hardware it’s really expensive to do a modification or a re-spin of the chip. With software you send out a patch, and if the patch doesn’t work you send out another patch. That works for a while until the complexity goes haywire. So for us, engaging in that makes sense.
SE: You also assume the hardware will work when you buy it, but you don’t necessarily assume the software will work consistently. How do you solve that, and how do you make the software that has been patched multiple times more efficient?
De Geus: First, hardware doesn’t quite ever work perfectly. Everything has a number of sigmas of accuracy. Hardware just happens to be incredibly far along on that journey. Software is less far along. But they’re following the same principals, which is an exponential scale growth—more gates, more lines of code. But it also follows exponential systemic complexity growth, which is more interactions in multiple dimensions. It’s the combination of those things that makes both problems really difficult and challenging. But also, there are quite a number of similarities except for one thing, which is more prevalent in software today than hardware—there are guys who proactively like to hack things. That adds a new twist because most of those guys are very smart, very dedicated, and very motivated for many reasons. That means that not only it’s not only complexity that we have to deal with, but also a certain degree of hacked randomness.
SE: Even worse, legitimate companies don’t talk to each other but the hackers do.
De Geus: That’s true in early industries, if you can call hackers an industry. In EDA there was a lot of sharing. That’s true even today. What’s different today is that the systemic complexity makes a fabulously great idea into a platform that impacts other things. So let’s say you have some great idea of how to reduce power with some area benefits, but in the process you mess up the scan chains and nothing works anymore. Scan chains are immensely complex today. In the early stages you can take individual ideas and put them together and have something better immediately. In the later stages, the industry you have to be backward compatible with all the stuff that’s there.
SE: We’ve been developing hardware for years based upon hardware first, software second. As systems companies start developing products, they’re thinking more software first, hardware matched to software. What happens to EDA along the way?
De Geus: I would go even stronger. A number of systems providers look at what the applications are. All you have to do is look at people developing servers. They highly optimize those servers for different types of applications. You can’t develop servers for Amazon and Facebook. Facebook is looking for face recognition, Amazon is much more interested in the optimization of buying patterns. All of these are applications, which if you can augment them with hardware speed, makes it very valuable. It’s now becoming clear that the software is both very integral with the hardware, and it’s actually very independent of the hardware with applications, but it’s still part of the value chain.
SE: But there’s a fundamental shift under all of that, right? What may be the fastest processor may not be the best solution.
De Geus: Absolutely, and so what our customers do is to develop platforms. Most of this stuff works for multiple customers, and then you customize something. It could be hardware, software, or other things, for a particular application. Then the only question is, economically, whether the cost of that customization is significantly lower than what you get for a smaller customer base.
SE: So are we coming up with a new class system, where some companies can afford to customize while others are buying stuff off the shelf?
De Geus: Originally, the generic off-the-shelf compute engine was exactly that. It was very general purpose. The benefits of that are still immense. The question is whether there is a certain part of the application that is narrow enough where hardware acceleration makes sense. This is true in our own field, as well. If you look at simulation, it’s way too slow. For 40 years simulation was always in the same sentence as, ‘too slow.’ One of the ways you can do more stuff is to apply a general-purpose computer to that. We’ve done that. Now you have emulators or hardware accelerators, and that’s taking general-purpose hardware and narrowing it down for one application. This increasingly will be the case for a broad set of applications that are extremely demanding.
SE: The other side of this is security, which has always been based on a number of input-output channels into a device. The more channels, the more software layers, the more risk. How do we solve that?
De Geus: Welcome to IoT. We’re at the near beginning of this. IoT is like putting kitchen windows in the bank. Every thing is punching a hole into that. You can remove the tail light of a car and plug something straight into the bus. There are going to be thousands of those. Everything has to do with security and authentication, and this will migrate to the software and the hardware worlds. But it will be a moving target. Right now it’s the Wild West of ideas, and it ranges from hackers seeking a thrill and visibility all the way to rogue nations having cyber warfare departments. And they’re very advanced.
SE: When does this make its way into design? To be effective, this has to be thought of at the architectural level.
De Geus: It’s already begun. ARM systematically has built up a Trust Zone. The question is can you protect everything. They’re making a good effort. Gradually, methods will evolve that certify more pieces of a system. But we’re at the very beginning.
SE: Is EDA a big beneficiary of this effort? So verifying circuits do what they’re supposed to do, for example?
De Geus: It applies to every aspect of our field. Initially, EDA is not the center of this story. There is so much that can be done in the way software is written. Most of the code is high quality, but from a security point of view it has never been all that close to the center of the bank. The way we’re looking at it now is what we can do in terms of the adjacencies. That doesn’t mean that tomorrow we begin making random attacks on Web sites.
SE: You’ve been active in going after adjacent markets for a while. Is security one of the big ones you’re targeting for the future?
De Geus: Security is an angle in the software space. It’s an interesting one because within the quality part of software there are a quite a number of things that you can easily check for. But you do have to check for them, and you have to recheck and recheck as software evolves. If there are known attack forms in software and you can statically find those, it’s not smart to ignore that. All of these take effort, and to get them going takes a certain amount of investment, diligence, processes and commitment.
SE: As you sell IP, do you now say, this is secure.
De Geus: The first thing you learn in security is to never say it’s secure. You say it’s more secure than it was yesterday and how much, and maybe over time we’ll be able to develop some metrics. But this is the same as saying this code is not buggy. We’re working on that. We’ve been working on it a long time. It’s much more bug-free than it was 10 years ago or 20 years ago, and our software is much more complex. Synopsys has 400 million lines of code. That is the code that’s partially used to design much of this stuff. This race will never end in building complex software. We also have to work on software and efficiency.
SE: How do you get there? Do you hire more engineers? Do you continue buying up smaller companies?
De Geus: We have invested massively since day one in technology. That has never changed. We spend well over a third of our revenue on R&D.
SE: Is that going up?
De Geus: Not so much in terms of percentage. It’s between 31% and 34%, and it varies from quarter to quarter partly because of accounting rules. But it’s always been a strong commitment to technology leadership. That’s how we distinguish ourselves. On top of that, we have done between 70 and 80 acquisitions over the years. Many of those have brought fabulous DNA into the company in terms of outstanding people, outstanding products, and gradually we may bring them into the broader platform.
SE: Is it less expensive to acquire a small or midsize company than to develop it yourself?
De Geus: You have to think about that in terms of time. If you had time to develop it yourself, it would be less expensive. However, you can’t develop everything yourself. You might not have the resources, but even more important you might not have the right ideas at the right time. Think of this as a research portfolio approach, where you count on the randomness of many fabulous ideas, and they will self-select over time to what extent they become successful. They may be technologically successful, economically successful. And, of course, you pay much more for success.
SE: How does the pricing of EDA startups compare with software startups? Is it comparable?
De Geus: In all fields you go through big variations—we refer to them as bubbles—where buying a pet rock company is really expensive when everyone wants a pet rock. Three months later that company is really cheap. VCs always complain about bubbles and they just hope they’re in one of them. It’s the hope they hit some big return. But in aggregate, markets provide returns to whoever put in the money, so it balances out. But right now, software companies are definitely more expensive than EDA companies.