Introduction to Formal Equivalence Verification (FEV) Erik Seligman CS 510, Lecture 4, January 2009

Goals Introduce basic concepts of FEV Enable you to try FEV using Cadence Conformal Examine some corner cases

FEV: The Basic Concepts

What Is FEV? Best-established form of FV Other names: Equivalence Checking Answers: Are two models equivalent?

Main Uses of FEV RTL-Netlist equivalence Essential part of design flows Also leveraged for late hand edits (ECOs) Verifying quick changes to a model Fast & easy if model almost the same

Types of FEV Combinatorial / Synchronous Sequential Models must be (mostly) state-matching Very efficient due to no time calculations Works very well for synthesized netlists Most synthesis tools expect this Cadence Conformal is leader Others: Synopsys Formality, Magma Quartz Sequential Allows more abstract RTL, or HLM-RTL FEV More flexibility for late netlist timing edits Much more risk/expense Few commercial tools (Calypto, NEC)

State-Matching FEV

Are these equivalent? a f1 f2 b out ck a f3 f4 b out ck

Inputs?- Match. Outputs? Match. States? f1->f3, f2->f4 Step 1: Map key points a f1 f2 b out f3 f4 ck a f3 f4 b out ck Inputs?- Match. Outputs? Match. States? f1->f3, f2->f4

Step 2: Build Equations a f1 f2 b out f3 f4 ck a f3 f4 b out ck f3 = b, f4 = f3, out = !(a&f4) f3=b, f4 = !(!f3), out = !a | !f4

Step 3: Compare Equations f1 f2 b out f3 f4 ck a f3 f4 b out ck f3 = b b EQUAL f4 = f3 !(!f3) EQUAL out = !(a&f4) !a | !f4 EQUAL

What if there was an error? b out f3 f4 ck a f3 f4 b out ck f3 = b b EQUAL f4 = f3 !f3 DIFFER out = !(a&f4) !a | !f4 EQUAL

Debugging: Where To Look Fanin cones (“support set”) Different fanin  major issue Set of counterexample values If only specific values cause cex, provides hint of root cause “Intelligent” hints from tools Is an overall inversion suspected? Identify similar areas of logic within cone? Isolate error

Debug Schematic View 1 1 f1 f2 f3 f4 ck 1 1 f3 f4 ck f3 f4 ck Combinational  other logic irrelevant Good tools provide annotated cex value

Introduction To Conformal

Conformal Terminology Gold = golden model (often RTL) Rev = revised model (often netlist) Many commands have –gold/-rev option Key Point = points to map Basic ones: primary inputs/outputs, states Others: blackboxes, dangling (Z) nodes, … Can refer to by name or integer ID Support Set = fanin cone

Conformal Modes Setup Mode: initial state LEC Mode: checking state Can load models, assign renaming rules Can set various global options Return to this mode: “set sys mode setup” LEC Mode: checking state Transition with “set sys mode lec” Automatically tries to map key points Models have been loaded, can compare

Conformal Usage Model Based on command console Startup with “LEC –nogui” Capable of taking general tcl scripts “help” available for any command Example: “help read design” Full manuals in /pkgs/cadence6/CONFRML71/doc “set log file <filename>” to start logging Always do this for homework! “set gui on” / “set gui off” can be done any time “dofile <filename>.do” to execute script Script = any set of console commands

Mapping Key Points LEC has good automapper View mapping as “renaming” Can guess many mappings But sometimes fails View mapping as “renaming” Temporarily rename RTL sig to match netlist “add renaming rule” to specify mappings Or “add mapped point” in LEC mode

Skeleton LEC Dofile set log file lec.log –replace read design –systemverilog –gold –f myrtl.filelist read design –systemverilog –rev –f mynetlist.filelist add renaming rule r1 foo bar –gold set sys mode lec report unmapped points add compare points –all compare report compare data

Skeleton LEC Dofile set log file lec.log –replace read design –systemverilog –gold –f myrtl.filelist read design –systemverilog –rev –f mynetlist.filelist add renaming rule r1 foo bar –gold set sys mode lec report unmapped points add compare points –all compare report compare data

Skeleton LEC Dofile set log file lec.log –replace read design –systemverilog –gold –f myrtl.filelist read design –systemverilog –rev –f mynetlist.filelist add renaming rule r1 foo bar –gold set sys mode lec report unmapped points add compare points –all compare report compare data

Skeleton LEC Dofile set log file lec.log –replace read design –systemverilog –gold –f myrtl.filelist read design –systemverilog –rev –f mynetlist.filelist add renaming rule r1 foo bar –gold set sys mode lec report unmapped points add compare points –all compare report compare data

Skeleton LEC Dofile set log file lec.log –replace read design –systemverilog –gold –f myrtl.filelist read design –systemverilog –rev –f mynetlist.filelist add renaming rule r1 foo bar –gold set sys mode lec report unmapped points add compare points –all compare report compare data

Skeleton LEC Dofile set log file lec.log –replace read design –systemverilog –gold –f myrtl.filelist read design –systemverilog –rev –f mynetlist.filelist add renaming rule r1 foo bar –gold set sys mode lec report unmapped points add compare points –all compare report compare data

Skeleton LEC Dofile set log file lec.log –replace read design –systemverilog –gold –f myrtl.filelist read design –systemverilog –rev –f mynetlist.filelist add renaming rule r1 foo bar –gold set sys mode lec report unmapped points add compare points –all compare report compare data

Debugging Mismatches Debug commands available in console “diagnose <point>”: Display basic info But easier to debug in gui Report->Compare Data to see all points Red dots indicate mismatches Right-click at mismatch point, and “Diagnose” Gives support set, cex values, and LEC’s hints From Diagnose window can launch sch view

Report -> Compare Data

Example: Fanin Cone

Example: Inversion

Example: Messy Error

Schematic View

Minor exceptions to state-matching Useful if flops/latches don’t map Model “Flattening” Minor exceptions to state-matching Useful if flops/latches don’t map

Are These Equal? rst d rst d DLAT

Are These Equal? rst d rst d DLAT set flatten model –dff_to_dlat_zero

Are These Equal? rst ck rst DLAT ck

Are These Equal? rst ck rst DLAT ck set flatten model –dff_to_dlat_feedback

Are These Equal? ck

Are These Equal? ck set flatten model –seq_constant

Are These Equal? d ck d DLAT DLAT ck

Are These Equal? d ck d DLAT DLAT ck set flatten model –latch_fold

Are These Equal? DLAT

Are These Equal? DLAT set flatten model –latch_transparent

Model Flattening Tool modified cases on previous slides Internally changes view of logic Only on request, not automatic May cause mismatches rather than curing! Often useful if key point imbalance In Conformal: “set flatten model…” Many options, not just ones on slides Can also use “remodel …” on single point

FEV Constraints

Are these equivalent? a f1 f2 b out ck f3 f4 b out ck

Are these equivalent? a f1 f2 b out ck f3 f4 b out ck No! BUT– What if ‘a’ is always 1?

FEV: Why Constraints? RTL is often very general `ifdef CHIP_VERSION_1 `define A 1 `else `define A 2 `endif Design reuse: irrelevant RTL remains assign A = 1’b1; … if (!A) …

Why Do Contraints Matter? Good synthesis tools take advantage Assume constants to reduce size/scope Don’t synthesize masked-out RTL Allow out-of-band constraint specs in control files FEV must recognize constraints Otherwise get mismatches No effort *if* constraints visible at FEV level But may be only in wrapper RTL Or inside analog blackbox Or could be due to software / outside specs If not visible to tool, may need to specify add pin constraint 0 /foo/bar

Some References http://en.wikipedia.org/wiki/Formal_equivalence_checking http://cad-for-vlsi.blogspot.com/2007/03/111-art-of-equivalence-checking.html Full Conformal docs at /pkgs/cadence6/CONFRML71/doc