Formal Verification: An Overview

Download Report

Transcript Formal Verification: An Overview 

Introduction to Formal
Equivalence Verification
(FEV)
Erik Seligman
CS 510, Lecture 4, January 2009
Goals
 Introduce basic concepts of FEV
 Enable you to try FEV using Cadence
Conformal
 Examine some corner cases
FEV: The Basic Concepts
What Is FEV?
 Best-established form of FV
• Other names: Equivalence Checking
 Answers: Are two models equivalent?
Main Uses of FEV
 RTL-Netlist equivalence
• Essential part of design flows
• Also leveraged for late hand edits (ECOs)
 Verifying quick changes to a model
• Fast & easy if model almost the same
Types of FEV

Combinatorial / Synchronous
• Models must be (mostly) state-matching
• Very efficient due to no time calculations
• Works very well for synthesized netlists
– Most synthesis tools expect this
• Cadence Conformal is leader
– Others: Synopsys Formality, Magma Quartz

Sequential
• Allows more abstract RTL, or HLM-RTL FEV
• More flexibility for late netlist timing edits
• Much more risk/expense
• Few commercial tools (Calypto, NEC)
State-Matching FEV
Are these equivalent?
Step 1: Map key points
Inputs?- Match. Outputs? Match.
States? f1->f3, f2->f4
Step 2: Build Equations
f3 = b, f4 = f3, out = !(a&f4)
f3=b, f4 = !(!f3), out = !a | !f4
Step 3: Compare Equations
f3
f4
=b
= f3
b
!(!f3)
EQUAL
EQUAL
What if there was an error?
f3
f4
=b
= f3
b
!f3
EQUAL
DIFFER
Debugging: Where To Look
 Fanin cones (“support set”)
• Different fanin  major issue
 Set of counterexample values
• If only specific values cause cex, provides
hint of root cause
 “Intelligent” hints from tools
• Is an overall inversion suspected?
• Identify similar areas of logic within cone?
– Isolate error
Debug Schematic View
 Combinational  other logic irrelevant
 Good tools provide annotated cex value
Introduction To Conformal
Conformal Terminology
 Gold = golden model (often RTL)
 Rev = revised model (often netlist)
• Many commands have –gold/-rev option
 Key Point = points to map
• Basic ones: primary inputs/outputs, states
• Others: blackboxes, dangling (Z) nodes, …
• Can refer to by name or integer ID
 Support Set = fanin cone
Conformal Modes
 Setup Mode: initial state
• Can load models, assign renaming rules
• Can set various global options
• Return to this mode: “set sys mode setup”
 LEC Mode: checking state
• Transition with “set sys mode lec”
– Automatically tries to map key points
• Models have been loaded, can compare
Conformal Usage Model
 Based on command console
• Startup with “LEC –nogui”
• Capable of taking general tcl scripts
 “help” available for any command
• Example: “help read design”
• Full manuals in /pkgs/cadence6/CONFRML71/doc
 “set log file <filename>” to start logging
• Always do this for homework!
 “set gui on” / “set gui off” can be done any time
 “dofile <filename>.do” to execute script
• Script = any set of console commands
Mapping Key Points
 LEC has good automapper
• Can guess many mappings
• But sometimes fails
 View mapping as “renaming”
• Temporarily rename RTL sig to match netlist
• “add renaming rule” to specify mappings
– Or “add mapped point” in LEC mode
Skeleton LEC Dofile
set log file lec.log –replace
read design –systemverilog –gold –f
myrtl.filelist
read design –systemverilog –rev –f
mynetlist.filelist
add renaming rule r1 foo bar –gold
set sys mode lec
report unmapped points
add compare points –all
compare
report compare data
Skeleton LEC Dofile
set log file lec.log –replace
read design –systemverilog –gold –f
myrtl.filelist
read design –systemverilog –rev –f
mynetlist.filelist
add renaming rule r1 foo bar –gold
set sys mode lec
report unmapped points
add compare points –all
compare
report compare data
Skeleton LEC Dofile
set log file lec.log –replace
read design –systemverilog –gold –f
myrtl.filelist
read design –systemverilog –rev –f
mynetlist.filelist
add renaming rule r1 foo bar –gold
set sys mode lec
report unmapped points
add compare points –all
compare
report compare data
Skeleton LEC Dofile
set log file lec.log –replace
read design –systemverilog –gold –f
myrtl.filelist
read design –systemverilog –rev –f
mynetlist.filelist
add renaming rule r1 foo bar –gold
set sys mode lec
report unmapped points
add compare points –all
compare
report compare data
Skeleton LEC Dofile
set log file lec.log –replace
read design –systemverilog –gold –f
myrtl.filelist
read design –systemverilog –rev –f
mynetlist.filelist
add renaming rule r1 foo bar –gold
set sys mode lec
report unmapped points
add compare points –all
compare
report compare data
Skeleton LEC Dofile
set log file lec.log –replace
read design –systemverilog –gold –f
myrtl.filelist
read design –systemverilog –rev –f
mynetlist.filelist
add renaming rule r1 foo bar –gold
set sys mode lec
report unmapped points
add compare points –all
compare
report compare data
Skeleton LEC Dofile
set log file lec.log –replace
read design –systemverilog –gold –f
myrtl.filelist
read design –systemverilog –rev –f
mynetlist.filelist
add renaming rule r1 foo bar –gold
set sys mode lec
report unmapped points
add compare points –all
compare
report compare data
Debugging Mismatches
 Debug commands available in console
• “diagnose <point>”: Display basic info
 But easier to debug in gui
• Report->Compare Data to see all points
• Red dots indicate mismatches
• Right-click at mismatch point, and
“Diagnose”
– Gives support set, cex values, and LEC’s hints
– From Diagnose window can launch sch view
Report -> Compare Data
Example: Fanin Cone
Example: Inversion
Example: Messy Error
Schematic View
Model “Flattening”
 Minor exceptions to state-matching
 Useful if flops/latches don’t map
Are These Equal?
Are These Equal?
set flatten model –dff_to_dlat_zero
Are These Equal?
Are These Equal?
set flatten model –dff_to_dlat_feedback
Are These Equal?
Are These Equal?
set flatten model –seq_constant
Are These Equal?
Are These Equal?
set flatten model –latch_fold
Are These Equal?
Are These Equal?
set flatten model –latch_transparent
Model Flattening
 Tool modified cases on previous slides
• Internally changes view of logic
• Only on request, not automatic
• May cause mismatches rather than curing!
• Often useful if key point imbalance
 In Conformal: “set flatten model…”
• Many options, not just ones on slides
• Can also use “remodel …” on single point
FEV Constraints
Are these equivalent?
Are these equivalent?
• No! BUT– What if ‘a’ is always 1?
FEV: Why Constraints?
 RTL is often very general
`ifdef CHIP_VERSION_1
`define A 1
`else
`define A 2
`endif
 Design reuse: irrelevant RTL remains
assign A = 1’b1;
…
if (!A) …
Why Do Contraints Matter?
 Good synthesis tools take advantage
• Assume constants to reduce size/scope
• Don’t synthesize masked-out RTL
• Allow out-of-band constraint specs in control files
 FEV must recognize constraints
• Otherwise get mismatches
• No effort *if* constraints visible at FEV level
– But may be only in wrapper RTL
– Or inside analog blackbox
– Or could be due to software / outside specs
• If not visible to tool, may need to specify
– add pin constraint 0 /foo/bar
Some References
 http://en.wikipedia.org/wiki/Formal_equiv
alence_checking
 http://cad-forvlsi.blogspot.com/2007/03/111-art-ofequivalence-checking.html
 Full Conformal docs at
/pkgs/cadence6/CONFRML71/doc