formal verification of advanced synthesis optimizations anant kumar jain pradish mathews mike mahar
TRANSCRIPT
FORMAL VERIFICATION OF ADVANCED SYNTHESISOPTIMIZATIONS
Anant Kumar JainPradish MathewsMike Mahar
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
Agenda
Introduction Formal Verification Flow Logic Equivalence Checking
Verification solutions for advanced Synthesis Optimizations Fault Tolerant Finite State Machine Encoding TMR Techniques Mapping of high level components like SRLs and DSPs Register Retiming
Conclusion
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
Formal Verification Flow
RTL
Formal Verification
Tool
FPGA VendorPlace & Route
FPGASynthesis
ToolFVI
FPGA Library
Net list
Net list
Formal Verification Interface (FVI) file generated by synthesis tool helps during formal verification
Each constraint in the FVI file is separately verified by the verification tool.
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
I1
I2
I3
I4
Out1
Out2
Out3
Out4
in1
in2
in3
in4
o1
o2
o3
o4
A_reg[3:0] C_reg[3:0]B_reg[3:0]
A_reg(3:0) B_reg(3:0) C_reg(3:0) User RTLUser RTLUser RTLUser RTL
Synthesized NetlistSynthesized NetlistSynthesized NetlistSynthesized Netlist
Match Register State PointsMatch Register State PointsMatch Register State PointsMatch Register State Points
Logic Equivalence Checking
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
User RTLUser RTL
in1
in2
in3
in4
o1
o2
o3
o4
A3A3
A2A2
A1A1
A0A0
EE
4 H
G
F
L
K
J
I
Synthesis o/pSynthesis o/p
I1
I2
I3
Out1
Out2
Out3
Out4I4
A3A3
A2A2
A1A1
A0A0
EE
4 H
G
F
L
K
J
I
A3_regA3_reg
CC
DD QQRR
SS
A3_regA3_reg
CC
DD QQRR
SS
tf[0-9]d
Logic Equivalence Checking
Formally verify the logic cone of all the matched
register pairs
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
FPGA Verification Challenges
Advanced Synthesis Optimizations like: Fault Tolerant Finite State Machine Encoding TMR techniques Mapping of high level components like shift registers
(SRL) and DSPs Register Retiming
Register points matching becomes complicated after
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
Finite State Machine (FSM)
Next State Next State FunctionFunction State State
VectorsVectors
Output Output LogicLogic
OutputsOutputs
clkclk rstrst
Present Present StateStateInputsInputs
FSM CircuitFSM CircuitFSM CircuitFSM CircuitState Transition GraphState Transition GraphState Transition GraphState Transition Graph
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
FSM Encoding
Common FSM encoding schemes utilized by the synthesis tool for a QofR improvement 1-hot (1-cold) encoding Grey Encoding Binary Encoding
Fault Tolerant FSM encoding schemes utilized for safety and mission critical applications Recovering or Correcting fault with Single Event Upset (SEU) Re-encoding using extra parity flops
MAPLD 2009 - Synthesis of Fault Tolerant Circuits for FSMs & RAMs
Next State Next State FunctionFunction
StateStateRegistersRegisters
InputsInputs
OutputOutputfunctionfunction
clkclk rstrst
Present Present StateState
Parity BitsParity BitsGeneratorGenerator
Parity Parity RegistersRegisters
ErrorErrorCorrectionCorrection
CircuitCircuit
Parity Parity RegistersRegisters
outputoutput
Single Event Upset Detection & Correction
Fault Tolerant FSM
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
Verification Challenges
Register mapping between RTL and synthesis netlist might get distort after FSM encoding
in1
in2 A0A0
A1A14
I1
I2A0A0
A1A1
A2A2
A3A34
RTL with NO EncodingRTL with NO EncodingRTL with NO EncodingRTL with NO Encoding Synthesis netlist with FSM EncodingSynthesis netlist with FSM EncodingSynthesis netlist with FSM EncodingSynthesis netlist with FSM Encoding
Logic ConesCannot be verified
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
Verification using Encoding FVI
Synthesis tool generates an encoding FVI constraint The constraint provides the information of the encoding
that includes the parity registers as well.
Verification tool creates an encoder-decoder circuit using this constraint to achieve a one-to-one register matching. Equivalence checking will be done on these matched
register pairs
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
Encoder - Decoder Circuitin1
in2 A0A0
A1A14
I1
I2A0A0
A1A1
A2A2
A3A34
RTL with Encoder CircuitRTL with Encoder CircuitRTL with Encoder CircuitRTL with Encoder Circuit Synthesis netlist with FSM EncodingSynthesis netlist with FSM EncodingSynthesis netlist with FSM EncodingSynthesis netlist with FSM Encoding
Registers matched for Equivalence checking
in1
in2
4
EENNCCOODDEERR
A0A0
A1A1
A2A2
A3A3
DDEECCOODDEERR
Verify that the illegal states found during synthesis
are unreachable
Encoding FVI
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
TMR Techniques
CombCombLogicLogic
VoterVoter
VoterVoter
VoterVoter
TMR Sequential elements Triplicate Flops and vote
the result out using majority voter circuit
TMR
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
TMR Formal Verification
RTL to TMR netlist verification FVI constraints are generated by synthesis tool for the
extra registers. These constraints provide the match for the extra TMR
registers with its equivalent register in the RTL. Equivalence checking is then used to verify the extra
TMR registers and the voter circuit.
How to match the extra registers in synthesized netlist ???
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
Verification with Fault Injector Circuit
Decoder will ensure the toggling of only one register at a time (SEU)
VOTER
Additional Inputs replicating the radiation effect TMR NetlistTMR NetlistTMR NetlistTMR Netlist
No Toggling
VOTER
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
TMR Formal Verification
TMR Netlist vs Non-TMR Netlist Both the netlists are synthesis output with no FVI
constraints. A standard match rule file can be used in matching the
extra registers in the TMR netlist with its equivalent register in the Non TMR netlist.
TMR for tech-cells like SRLs, DSPs Extra tech-cells created during TMR contain registers
which have no matching with the RTL registers. FVI constraints are generated to match these extra
registers absorbed in the new tech-cells created.
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
Mapping of High Level FPGA Components
clk
clkSRLSRL
Synthesis Synthesis NetlistNetlist
Synthesis Synthesis NetlistNetlist
FormalVerification
Tool
FVI
FPGA Library
RTLRTLRTLRTL
The RTL definition of a high level component is provided by the FPGA library to the verification tool
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
Verification of High Level Components
The register name is a static information in the FPGA library definition. It is used to generate the FVI constraints for matching the registers absorbed in these components with their equivalent RTL registers
This FVI information gives a huge runtime improvement in the register matching step during formal verification.
This register matching is further complicated if synthesis tool has employed retiming for the inference of these components.
Register Retiming
Forward retiming removes the registers at the input of a gate and creates new registers at the outputs. Thus reducing the number of flip flops.
1. Before Retiming1. Before Retiming1. Before Retiming1. Before Retiming 2. After Retiming2. After Retiming2. After Retiming2. After Retiming
3. After Re-synthesis3. After Re-synthesis3. After Re-synthesis3. After Re-synthesis
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
Retiming and Formal Verification
Retiming poses fundamental hurdles for equivalence checking NO Register mapping exists between RTL and
retimed netlist, required for verification
Formally verifying the RTL with the final synthesis output netlist is of enormous complexity It consists of combinational synthesis, retiming
and post retiming synthesis.
Retiming Verification Flow
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
RTL vs Pre-retimed netlist Only combinational synthesis before retiming. Standard equivalence checking methods used.
Pre-retimed netlist vs Final synthesis netlist Retiming and combinational synthesis after retiming. Constraints for Retiming steps are logged by synthesis
tool in the FVI file.
Two-step Formal Verification
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
Retiming Verification Flow
Input RTLInput RTL
Pre-Retimed Pre-Retimed NetlistNetlist
Retiming FVI Retiming FVI ConstraintsConstraints
Read RTLRead RTL
Combinational Combinational SynthesisSynthesis
RetimingRetiming
Pre-RetimedPre-RetimedNetlist generatedNetlist generated
Combinational Combinational SynthesisSynthesis
Final NetlistFinal Netlistgeneratedgenerated
Equivalence Check 1Equivalence Check 1(Only Combinational)(Only Combinational)
Equivalence Check 2Equivalence Check 2(Retiming + Combinational)(Retiming + Combinational)
Final NetlistFinal Netlist
Synthesis Flow Verification Flow
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
Retiming Verification Steps
1. FVI constraint gives a hint to the verification tool about the movement of registers in that retiming step.
2. Each retiming FVI constraint will be verified by applying standard retiming rules.
3. These register movements will be applied on the pre-retimed netlist.
4. After applying all the retiming constraints, one-to-one register matching can be done between the modified pre-retimed netlist and the final netlist.
5. Complete equivalence checking will be done on these two netlists.
Some Retiming Verification Criteria …
Verification of Register Initial States
Retiming of flops with multiple fanout
Retiming across sequential loop
Retiming of registers with different enables
State elements count check across all paths
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
Verification of Register Initial States
Retiming might change the initial state of the flop (i.e. an async reset flop might result in an async set flop after retiming).
Verification tool will compute the initial state of all the new registers created after retiming and will verify the synthesis results
Retiming of flops with multiple fanout
lut2clk
clk
o1
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
lut2
o1o2
o2
clklut2
o2
o1
Registers must be preserved in the fan-out other than the retiming path
Registers count in the sequential loop must remain same.
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
Retiming across sequential loop
Backward Retiming across feedback loop
Registers with different enables
lut2ce2clk
ce1
clk
o1
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
lut2???
o1
Enable must be dissolved with multiplexer feedback loop before retiming
Rules for the sequential loop will be applied
State Elements Count Check
A State elements count check will be done on the original pre-retimed netlist and the final netlist.
The number of the registers in all the paths from any input to any output must remain same for both the netlists.
The number of registers in all the loops in the design must remain same for both the netlists.
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations
Conclusion
A good FVI integration between a synthesis tool and a verification tool provides an automated flow for the verification of advanced synthesis optimizations.
FVI information from synthesis tool gives a significant improvement in the runtime during formal verification.
MAPLD 2009 - Formal Verification of Advanced Synthesis Optimizations