Traceability: From Transactions to RTL Dave Whipp

NVIDIA Confidential Abstraction is not Sloppiness Spice Switches Gates RTL ESL “System” Models volts, ohms, seconds ones, zeros, edges, loads cells clocks, cycles transactions: events, races clouds? To use multiple abstractions within a flow we need to know how each description maps to its neighbors

NVIDIA Confidential From Transactions to RTL What features are invariant? Interface Structures? Interface Traffic? Architectural State? End Result?

NVIDIA Confidential Multi-Unit Assemblies AEBCDFG a2bb2cc2dd2ee2ff2g

NVIDIA Confidential Multi-Unit Assemblies A E BC D F G a2bb2cc2d d2e e2f f2g

NVIDIA Confidential Multi-Unit Assemblies A E BC D F G a2bb2cc2d d2e e2f f2g

NVIDIA Confidential Multi-Unit Assemblies BEBE CFCF D a2be be2cf cf2d d2be cf2g G A

NVIDIA Confidential Comparing “Shapes” AEBCDFG D G A BEBE CFCF How do we tell our tools that these are the same thing?

NVIDIA Confidential Comparing Interfaces Simple “diff” Normalization (masking, snapping) Binning (collating, sorting) Accumulating In-memory FIFOs + scoreboard File-based post-processing

NVIDIA Confidential Step 1: Capture transactions RTL C-Model tid=A seq=1 tid=A seq=2 tid=A seq=3 tid=B seq=1 tid=B seq=2 tid=B seq=3 time

NVIDIA Confidential Step 2 : Normalize RTL C-Model tid=A seq=1 tid=A seq=2 tid=A seq=3 tid=B seq=1 tid=B seq=2 tid=B seq=3 time normal A1 A2 B1 A3 B2 B3 normal A1 A2 A3 B1 B2 B3

NVIDIA Confidential Step 3 : Binning RTL C-Model tid=A seq=1 tid=A seq=2 tid=A seq=3 tid=B seq=1 tid=B seq=2 tid=B seq=3 normal A1 A2 B1 A3 B2 B3 normal A1 A2 A3 B1 B2 B3 bin A1 A2 B1 A3 B2 B3 bin A1 A2 A3 B1 B2 B3

NVIDIA Confidential Step 4: Accumulation Binning may not be enough Random Memory Access don’t want to sort on every address Different Algorithms end result is same – checksum? “Spaghetti” Perl scripts often evolve We need to formalize the interface traffic to compare two very different models

NVIDIA Confidential Transaction Assertions in YACC valid_interface_traffic: | valid_interface_traffic packet; packet: begin middle end; begin: BEGIN; middle: | middle MIDDLE; end: END

NVIDIA Confidential Cycle Level Assertions in SVA sequence packet; (cmd==BEGIN) ##1 (cmd != BEGIN && cmd != END) [*0:$] ##1 cmd == END endsequence a_well_formed_packet: clk) cmd == BEGIN |-> sequence (packet) clk cmd BEGEND MID

NVIDIA Confidential Transaction Level Assertions in SVA sequence packet; (cmd==BEGIN) ##1 (cmd != BEGIN && cmd != END) [*0:$] ##1 cmd == END endsequence clk valid cmd BEGEND MID

NVIDIA Confidential Transaction Level Assertions in SVA event sample; clk) if (valid && ! busy) -> sample cmd == BEGIN |-> sequence (packet) clk valid busy cmd BEGEND MID MIDDLE

NVIDIA Confidential Transaction Assertions in Perl 6 grammar interface { rule valid_traffic { ^^ * $$ } rule packet { * } }

NVIDIA Confidential ESL Shape AEBCDFG D G A BEBE CFCF Topology: defining invariants of shape

NVIDIA Confidential End-to-End flow definition assert “logical pipeline” chain a2b  b2c  c2d  d2e  e2f  f2g assert “physical pipeline” chain a2be  be2cf.b2c  cf2d  d2be  be2cf.e2f  cf2g

NVIDIA Confidential Local in-order Properties Every a2be must appear on be2cf Every d2be must appear on be2cf Every be2cf must be a result of a2be or d2be Within a thread, transactions must remain in-order threads may be reordered BEBE d2be a2be be2cf

NVIDIA Confidential Transaction Interaction Algebra a2b -> b2c // propagate (a2x | b2x) -> x2y // merge a2b -> (b2x | b2y) // branch (a2x & b2x) -> x2y // join a2b -> (b2x & b2y) // fork a2b -> null // eat null -> a2b // generate (a2b | null) -> b2c// input must propagate a2b -> ( b2c | null )// output must propagate

NVIDIA Confidential Local in-order Properties module BE equiv tid, thread in a2be in d2be out be2cf assert :out_of_order( thread ) :in_order( tag ) link ( a2be | d2be )  be2cf BEBE d2be a2be be2cf

NVIDIA Confidential Local in-order Properties module BE equiv tid, thread in a2be in d2be out be2cf assert :out_of_order( thread ) :in_order( tag ) link a2be  be2cf.b2c link d2be  be2cf.e2f BEBE d2be a2be be2cf

NVIDIA Confidential Summary Bridging abstractions requires defined traceability ESL  RTL ESL  C-Model Use Transaction Abstraction for ESL RTL and C-Model share a common shape Transaction flow defines the equivalence class Designer Freedoms are defined by ESL This is a design activity Verification “trusts” the ESL

BACKUP

NVIDIA Confidential Interface Grammar grammar bc_ef_iface { rule b2c { … } rule e2f { … } rule be2cf { | } } struct iface { field tag { enum B2C, E2F } field be2cf [ *tag ] }

NVIDIA Confidential RTL Verification Compare Vs reference model reference model may be “Executable Specification” architectural state interface traffic Internal Assertions no reference model needed “design” assertions “verification” assertions

NVIDIA Confidential Multi-Cycle Interface : RTL traffic Module A Module B data - key value key value time

NVIDIA Confidential Multi-Cycle Interface: structural view Module A Module B 34 struct a2b_iface { struct command { union { struct key { bit valid, bit [7:0] key }, struct value { bit more, bit [7:0] value } } struct datum { bit valid, bit [7:0] data } };

NVIDIA Confidential Multi-Cycle Interface : grammar Module A Module B 34 seq command = where $1.valid attr more = $2.more seq commands = ** [0,64] where all( $1[ 0..$-1 ].more ) && ! $1[$].more seq data = ** [0,128] where all( $1[*].valid ) seq a2b_info = &

NVIDIA Confidential Multi-Cycle Interface: C-model struct Module A Module B struct A2B_info { map commands; vector data; }; 34

NVIDIA Confidential Topology

NVIDIA Confidential Equivalence classes for transactions Every implementation is a deformation of the ESL RTL C-Model We want to know up front how we’ll compare them Implementation-independent comprehension “Races” in the transaction graph are like “holes” in a topology may be non-deterministic