Presentation is loading. Please wait.

Presentation is loading. Please wait.

ATG SoC Memory Modeling in ESL-RTL Equivalence Checking Alfred Koelbl, Jerry Burch, Carl Pixley Advanced Technology Group Synopsys, Inc. June 2007.

Similar presentations


Presentation on theme: "ATG SoC Memory Modeling in ESL-RTL Equivalence Checking Alfred Koelbl, Jerry Burch, Carl Pixley Advanced Technology Group Synopsys, Inc. June 2007."— Presentation transcript:

1 ATG SoC Memory Modeling in ESL-RTL Equivalence Checking Alfred Koelbl, Jerry Burch, Carl Pixley Advanced Technology Group Synopsys, Inc. June 2007

2 Outline Motivation Transaction equivalence Requirements for a memory model Memory layout differences Multiple memories Constraints on memories Proof procedure Experimental results Conclusion

3 Motivation Problem: ESL to RTL equivalence checking Arrays in ESL model are often implemented by memories in RTL Given mapping can greatly simplify equivalence check Many implementations possible: Differing memory layout Multiple memories Constraints on memory contents Timing differences Need to be able to reason about memory reads / writes

4 Related Work Simple read/write memory model used in Pipeline verification (Burch, Dill 1994) Symbolic simulation (Bryant, Velev 1997) Microprocessor verification Stump et al. 2001: Extensional theory of arrays Clever encoding: Manolios et al. 2006, Ganai et al. 2005 Bradley et al. 2006: Extensional theory with quantifiers

5 Proof procedure Transaction equivalence Assume that designs start in valid state (superset of reachable state set) Execute single transaction by unrolling ESL and RTL models for one transaction Check outputs after transaction Check state after transaction Proof strategy: Induction Needs state invariants Register mappings Memory mappings & memory constraints Additional invariants Prove that resulting SAT formula is UNSAT

6 Transaction equivalence SASA SBSB MAMA MBMB ESL RTL IAIA IBIB OAOA OBOB ESL 0 ESL 1 RTL 0 RTL 1 RTL 2 I A0 I B0 I B1 I B2 OAOA OBOB Transaction T A Transaction T B SA’SA’ MA’MA’ SB’SB’ MB’MB’ I A1

7 Valid end state ? Transaction equivalence ESL 0 ESL 1 RTL 0 RTL 1 RTL 2 I A0 I A1 I B0 I B1 I B2 OAOA OBOB SASA SBSB MAMA MBMB SA’SA’ MA’MA’ SB’SB’ MB’MB’ Valid starting state (superset of reachable state set) Outputs equivalent ? =

8 Transaction equivalence ESL 0 ESL 1 RTL 0 RTL 1 RTL 2 I A0 I A1 I B0 I B1 I B2 OAOA OBOB SASA SBSB MAMA MBMB SA’SA’ MA’MA’ SB’SB’ MB’MB’ Memory mappings Constraints on memories Register mappings State invariants

9 10 7 19 1024 203 48 0 1 2 3 4 5 write(M a, 3, 1024) Ma’Ma’ read(M a, 1) → 7 Memories / Arrays Operations: read(M, addr), write(M, addr, data) (no timing) How can we express relationships between memories/arrays? 10 7 19 5 203 48 0 1 2 3 4 5 MaMa

10 Memory mapping Relates content of one memory to another Universally quantified expression over all memory locations Expressed in terms of reads Example: One-to-one mapping between M a and M b :

11 Layout differences struct elem { char a; char b; } elem MA[4] reg [3:0] MB[2:0] 00000001 00000011 00000000 00000010 00000000 00000001 00000000 0 1 2 3 011110100010 0123

12 Layout differences Differing memory layout due to lack of bit-accurate data-types Memory mapping is big expression with bit-extracts and concatenation User can specify mapping with “template” template_t { a = [2:1]; b = [0]; } Memory mapping expression:

13 Multiple memories Single array in ESL implemented by multiple memories in RTL Increasing memory access performance Shadow registers Cache in RTL Complex address mappings between memories Optimized memory access pattern in RTL Splitting / Merging memories in RTL

14 Multiple memories ESL Memory M E RTL Memory M F RTL Memory M G 0 1 2 3 4 5 6

15 Constraints on memories Designs may only be equivalent if memory contents are constrained Constraints on individual memory elements Constraints on all memory elements Constraints relating multiple memories Constraint becomes proof obligation

16 Proof procedure Assumptions Proof obligations Check model assumptions, e.g., that no array accesses are out-of-bounds

17 Proof procedure Propagate reads over writes Replace universal quantifier variables in proof obligations by free variables Expand assumption quantifiers Perform completeness check

18 Proof procedure Replace reads by free variables Prove formulas using validity checker

19 Hector experimental results Design# lines of code # arrays # rams #disc repa ncies #bugs found timefinal result CRTL D15062001 / 1004minproven D2705801 / 1002minproven D357017201 / 391 RTL 1 C++ 4minproven D4170075004 / 481 RTL 1 C++ <1hproven D54300670031 / 33>404 RTL43min62 proven, 15 cex

20 Conclusion Arrays in ESL model are often implemented as memories in RTL Relationship between memories expressed by universally quantified memory map Memory map must be able to handle Layout differences Complicated address mappings Multiple memories Constraints on memories Proof procedure based on induction Memory maps as assumption and proof obligations Quantifier elimination


Download ppt "ATG SoC Memory Modeling in ESL-RTL Equivalence Checking Alfred Koelbl, Jerry Burch, Carl Pixley Advanced Technology Group Synopsys, Inc. June 2007."

Similar presentations


Ads by Google