

# 特别说明

此资料来自豆丁网(http://www.docin.com/)

您现在所看到的文档是使用下载器所生成的文档

此文档的原件位于

http://www.docin.com/p-82957046.html

感谢您的支持

抱米花

http://blog.sina.com.cn/lotusbaob



# 用 Formality 做形式验证

### 1. 什么是形式验证?

形式验证是一种系统化方法,用穷举的算法技术证明设计实现满足设计规范的特征。它覆盖了输入的所有可能序列,不需要开发测试向量,检查所有的边角逻辑,提供了完整的覆盖率。

## 2. Formality 的验证原理

找到 reference design 和 implementation design 二者相对应的 compare points, 把相邻两个 compare point 之间的组合逻辑电路转化为数学模型,把每一个 compare point 的输入的各种逻辑情况都遍历一遍,比较二者是否一致,即比较每一个 compare point 在输入相同的情况下所得到的值是否相同。相邻两个 compare point 之间是一些组合逻辑电路,Formality 主要就是比较这两个组合逻辑电路的功能是否一致。

compare point: a compare point can be an output port, register, latch, black box input pin, or net driven by multiple drivers.

# 3. Formality 的验证步骤

- (1) load reference design and implementation design
- (2) match compare points
- (3) verify

# 4. 一个通过验证的模块的 report

Reference design is 'r:/WORK/Dsss\_TX'
Implementation design is 'i:/WORK/Dsss TX'

Status: Checking designs ...

Status: Building verification models...

Status: Generating datapath components ...

Arch Source Instance Path
No multipliers match these criteria.

Status: Qualifying datapath components ...

Status: Datapath qualification complete.

Status: Matching ...

\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* Matching Results\*\*\*\*\*\*\*\*\*\*\*\*\*\*

- 7 Compare points matched by name
- 199 Compare points matched by signature analysis
- O Compare points matched by topology
- 47 Matched primary inputs, black-box outputs
- 6(0) Unmatched reference(implementation) compare points
- 0(0) Unmatched reference(implementation) primary inputs, black-box

#### outputs

#### 58(0) Unmatched reference(implementation) unread points

| Unmatched Objects | REF    | IMPL  |  |
|-------------------|--------|-------|--|
|                   |        |       |  |
| Registers         | 6      | 0     |  |
| Constant 0        | 6      | 0     |  |
| ********          | ****** | ***** |  |

1

#### 6 Unmatched points (6 reference, 0 implementation):

```
Ref DFF0
              r:/WORK/Dsss TX/CCK 11 MOD1/CdataI reg[0]
Ref DFF0
              r:/WORK/Dsss TX/CCK 11 MOD1/CdataQ reg[0]
Ref DFF0
              r:/WORK/Dsss TX/CCK 55 MOD1/CdataI reg[0]
Ref DFF0
              r:/WORK/Dsss_TX/CCK_55_MOD1/CdataI_reg[2]
Ref DFF0
              r:/WORK/Dsss_TX/CCK_55_MOD1/CdataQ_reg[0]
Ref DFF0
              r:/WORK/Dsss TX/CCK 55 MOD1/CdataQ reg[2]
```

[BBNet: multiply-driven net

BBox: black-box

BBPin: black-box pin

Block: hierarchical block

BlPin: hierarchical block pin

Cut: cut-point

DFF: non-constant DFF register DFF0: constant 0 DFF register DFF1: constant 1 DFF register DFFX: constant X DFF register LAT: non-constant latch register LATO: constant 0 latch register LAT1: constant 1 latch register LATX: constant X latch register LATCG: clock-gating latch register LATTR: transparent latch register Loop: cycle break point

Net: matchable net

Port: primary (top-level) port

Und: undriven signal cut-point]

1
Reference design is 'r:/WORK/Dsss\_TX'
Implementation design is 'i:/WORK/Dsss TX'

\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* Matching Results \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*

- 7 Compare points matched by name
- 199 Compare points matched by signature analysis
- O Compare points matched by topology
- 47 Matched primary inputs, black-box outputs
- 6(0) Unmatched reference(implementation) compare points
- 0(0) Unmatched reference(implementation) primary inputs, black-box outputs

58(0) Unmatched reference(implementation) unread points

| Unmatched Objects | REF   | IMPL  |  |  |  |
|-------------------|-------|-------|--|--|--|
|                   |       |       |  |  |  |
| Registers         | 6     | 0     |  |  |  |
| Constant 0        | 6     | 0     |  |  |  |
| ************      | ***** | ***** |  |  |  |

Status: Verifying...

\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* Verification Results \*\*\*\*\*\*\*\*\*\*\*\*\*\*

Verification SUCCEEDED

\_\_\_\_\_

Reference design: r:/WORK/Dsss\_TX

Implementation design: i:/WORK/Dsss\_TX

206 Passing compare points

| Matched Compare Points   | BBPin | Loop | BBNet | Cut | Port | DFF | LAT  | TOTAL |
|--------------------------|-------|------|-------|-----|------|-----|------|-------|
|                          |       |      |       |     |      |     |      |       |
| Passing (equivalent)     | 0     | 0    | 0     | 0   | 7    | 199 | 0    | 206   |
| Failing (not equivalent) | 0     | 0    | 0     | 0   | 0    | 0   | 0    | 0     |
| ******                   | ***** | **** | ****  | *** | **** | *** | **** | ****  |

1

No failing compare points.

1

可以看到有6个 unmatched reference compare points, 这6个点只在 reference design 中有,在 implementation design 中没有。并且列出了这6个点分别是什么,它们的类型全都是 constant 0 DFF register。这6个 DFF 都是在综合时被优化掉了,设计人员认为这6个 DFF 可以被优化。没有 failing compare points,验证通过。

# 5. 一个没有通过验证的模块

(1) match

\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* Matching Results \*\*\*\*\*\*\*\*\*\*\*\*\*\*

- 45 Compare points matched by name
- 157 Compare points matched by signature analysis
- O Compare points matched by topology
- 37 Matched primary inputs, black-box outputs
- 24(1) Unmatched reference(implementation) compare points
- 0(0) Unmatched reference(implementation) primary inputs, black-box outputs

171(37) Unmatched reference(implementation) unread points

| Unmatched Objects | REF | IMPL |  |  |  |
|-------------------|-----|------|--|--|--|
|                   |     |      |  |  |  |
| Registers         | 24  | 1    |  |  |  |
| DFF               | 8   | 1    |  |  |  |
| Constant 0        | 16  | 0    |  |  |  |
|                   |     |      |  |  |  |

有 24 个 unmatched reference compare points, 这 24 个点只在 reference design 中有, 在 implementation design 中没有; 有 1 个 unmatched reference compare point, 这个点只在 implementation design 中有, 在 reference design 中没有。

(2) verify

\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* Verification Results \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*

Verification FAILED

-----

Reference design: r:/WORK/Mti\_top

Implementation design: i:/WORK/Mti top

- 72 Passing compare points
- 20 Failing compare points
- O Aborted compare points
- 110 Unverified compare points

| Matched Compare Points   | BBPin | Loop | BBNet | Cut | Port | DFF | LAT | TOTAL |
|--------------------------|-------|------|-------|-----|------|-----|-----|-------|
|                          |       |      |       |     |      |     |     |       |
| Passing (equivalent)     | 0     | 0    | 0     | 0   | 45   | 27  | 0   | 72    |
| Failing (not equivalent) | 0     | 0    | 0     | 0   | 0    | 20  | 0   | 20    |
| Unverified               | 0     | 0    | 0     | 0   | 0    | 110 | 0   | 110   |
|                          |       |      |       |     |      |     |     |       |

有 20 个 failing compare points, 还有 110 个 unverified compare points。当出现 20 个 failing compare points 之后,剩下的点就不再验证了。

# 下面具体看其中一个点:



红色的那个 DFF 就是一个 failing compare point,它前面的那些就是它与前一个 compare point 之间的组合逻辑电路。为了看起来方便,我把与这个 failing compare point 有关的电路从整个电路中单独拿出来了。画面的上半部分是 reference design,下半部分是 implementation design。



有两种输入情况使 reference 和 implementation 不一致,上图是其中一种。当输入取图中情况 1 的值时,reference design 的 DsssCRC\_reg[1] 是 holding 0,即这个 DFF 维持状态为 0;implementation design 的 DsssCRC\_reg\_1\_0 是 loading 1,即这个 DFF 的下一个状态为 1。二者不符,该点没有通过验证。



这是另外一种输入情况。当输入取图中情况 2 的值时,reference design 的 DsssCRC\_reg[1] 是 holding 1, 即这个 DFF 维持状态为 1; implementation design 的 DsssCRC\_reg\_1\_0 是 loading 0, 即这个 DFF 的下一个状态为 0。二者不符,该点没有通过验证。