2016/2/ “Formal verification of a public-domain DDR2 controller design”, VLSI Design Author: Abhishek Datta, Vigyan Singhal Speaker: Chia-Wei Chang
Chia-Wei Chang 2016/2/4 2 Introduction Formal verification usage has been increasing in recent times. However, formal verification can still not lay claim to mainstream acceptance as a necessary part of verification sign-off. This can be attributed to a dearth of published material on three key aspects of effective formal verification Structured verification planning. re-usable verification IP. Good verification strategy.
Chia-Wei Chang 2016/2/4 3 Introduction Using the open-source OpenSPARC T1 DDR2 controller design as a context to demonstrate formal verification planning and implementation Most memory controllers have common design strategies, even though they have been designed independently By extension, the techniques used to tackle the complexity are applicable to the whole class of memory controller designs and can be leveraged for other design types
Chia-Wei Chang 2016/2/4 4 OpenSPARC-T1 A highly integrated processor that implements the 64-bit SPARC V9 architecture Multi-threading, multi-CPU This paper focus at the DDR2 DRAM controllers 144-bit interface per channel 25 GB/sec peak total bandwidth Open source. Verilog RTL source Documentation Simulation-based regression environment
Chia-Wei Chang 2016/2/4 5 The DDR2 Controller
Chia-Wei Chang 2016/2/4 6 The DDR2 Controller Existing high concurrency in the control path due to the multiple independent sources of command words to the DDR2 DIMMs In order of priority, these sources are: Periodic Refresh requests. Pending CAS Requests. Scrub Row-Address-Strobe (RAS) requests. Incoming Read RAS requests. Incoming Write RAS requests. The data-path contains elements like ECC-based error correction which due to the arithmetic operations involving large data-paths is not ideal for formal analysis.
Chia-Wei Chang 2016/2/4 7 Formal Verification-planning Identification involves determination of design components that are in the formal verification. Blocks that have concurrency with limited sequential depth are good candidates. Target is DDR2 control path logic. Description involves a high-level functional specification of the target block. Use JEDEC DDR2 protocol specification.
Chia-Wei Chang 2016/2/4 8 Formal Verification-planning Interface description Refers to the documentation of the inputs and outputs of the target block. The DRAM section of the OpenSPARC micro-architecture document describes the interface in detail. Requirements Checklist refers to the creation of a set of English language properties derived from the high-level design description. 1. Activate cannot be issued to a non-Idle bank. 2. Read and write commands can only be issued to active banks. 3. Check that the minimum Write to Read turnaround time is (CL-1) + (BL/2) + T_WTR … formal properties To translate the requirements to a formal description. using a pre-verified set of DDR2 properties, packaged as verification IP, in this effort.
Chia-Wei Chang 2016/2/4 9 DDR2 Formal VIP The re-use of proven, canned sets of properties is an important element of formal verification planning and re- use. The DDR2 Formal VIP is articulated into module level and per-bank properties with minimum auxiliary code sharing between different properties. Coding one or more monolithic FSMs and then writing properties that are derived from the states (or state transitions) in the large FSMs. Minimize the shared logic between the different properties The former approach is considered better for implementing constraints and the latter for assertions.
Chia-Wei Chang 2016/2/4 10 CSR Value Selection and Initialization Initializing CSRs registers. Module enumeration.
Chia-Wei Chang 2016/2/4 11 Identifying Formal Sweet-spots
Chia-Wei Chang 2016/2/4 12 Exploiting Design Symmetry Design symmetry can be used to reduce analysis complexity. The DDR2 controller is capable of accessing four DDR2 modules concurrently with a 4-bit chip-select. The symmetry of the implementation means that if we verify the correctness for a single module while allowing the other modules to be accessed (but not monitored) then we have reasonable confidence in the completeness of the proof.
Chia-Wei Chang 2016/2/4 13 Abstracting Large Counters Large counters can add substantial amount of sequential depth (diameter) to the formal analysis. As a result, the analysis might not converge. Scrub Interval – The controller issues internal scrub commands at periodic intervals. The period is established by a 12-bit counter. If we place a cut-point on “que_scrb_time” net (treat this net as if it were a primary input) This increases the likelihood of analysis convergence.
Chia-Wei Chang 2016/2/4 14 Handling Address Comparisons
Chia-Wei Chang 2016/2/4 15 Handling Address Comparisons
Chia-Wei Chang 2016/2/4 16 Applying Verification Patterns Patterns can be defined as generalized solutions in a given engineering domain that find recurring application to the problems of that domain. Pattern: Floating Pulse Specify that a single bit value can be asserted for only one cycle in any cycle of an infinite sequence. DDR2 property – No more than 4 ACTIVATE commands may be issued to the DDR2 SDRAM within a window of T_FAW clock cycles.
Chia-Wei Chang 2016/2/4 17 Setup a pulse element.
Chia-Wei Chang 2016/2/4 18 Binding the pulse to (any and all) occurrence of an ACTIVATE command. The pulse assertion marks the start of our sampling window.
Chia-Wei Chang 2016/2/4 19 The following assertion ties everything together.
Chia-Wei Chang 2016/2/4 20 Result
Chia-Wei Chang 2016/2/4 21 Conclusion Presenting a way to apply the verification planning process and a set of abstraction techniques on a non- trivial open-source example Showed how simulation-assisted initialization, exploiting design symmetry. Using cut-points, design abstractions and verification patterns can be used to reduce complexity. The techniques and abstractions presented have been found to be equally effective in the verification of other classes of designs.