



# **Formality Jumpstart Training**





#### CONFIDENTIAL INFORMATION

The following material is being disclosed to you pursuant to a non-disclosure agreement between you or your employer and Synopsys. Information disclosed in this presentation may be used only as permitted under such an agreement.

#### **LEGAL NOTICE**

Information contained in this presentation reflects Synopsys plans as of the date of this presentation. Such plans are subject to completion and are subject to change. Products may be offered and purchased only pursuant to an authorized quote and purchase order. Synopsys is not obligated to develop the software with the features and functionality discussed in the materials.





## **Formality Mission Statement**

#### If Design Compiler reads, optimizes, or writes, Formality must verify.

- Primary Goal Highest design QoR in a verifiable flow
  - Verification of all Design Compiler Ultra default optimizations
- No need to turn off optimizations to pass equivalence checking
  - Lockstep language support (Verilog, SystemVerilog, or VHDL)
  - Low power (UPF) design support
- Secondary Goal Time to results
  - -Auto-setup environment for Design Compiler Ultra
  - Less manual setup
  - Continuous improvement in performance and capacity





# Agenda

#### Introduction to Equivalence Checking

**Using Formality** 

Flow Overview

Guidance

Read

Setup

Match

Verify

Debug

Documentation and Help





#### **Glossary**

- Reference Design
  - -The golden design versus the design
  - Usually the RTL (Verilog, SystemVerilog, or VHDL)
  - -Simulated and known to be good
- Implementation Design
  - The modified design versus the reference design
- Containers
  - A Formality database consisting of designs and libraries
  - -The default reference container 'r'
  - -The default implementation container 'l'
  - -Any Formality versions can be used to save and read





#### **Equivalence Checking**

- Assumes that the reference design is functionally correct
- Determines if the implementation design is functionally equivalent to the reference design
  - Provides counter examples if designs are functionally different
- Checks are mathematically exhaustive with no missing corner cases
- Does not require test vectors







#### **Equivalence Checking in The Flow**







# **Key Equivalence Checking Concepts**

- Logic Cones and Compare Points
  - Common Compare Points
    - Primary output
    - Register or latch
    - Input of a black box
  - Less Common Compare Points
    - Multiply-driven net
    - Loop
    - Cutpoint
  - Logic Cone
    - · A block of combinational logic that drives a compare point





#### **Logic Cone**



#### Inputs to a logic cone

- Register Output Pins
- Primary Input Ports
- Black-Box Output Pins

#### **Compare Points**

- Registers
- Primary Output Ports
- Black-Box Input Pins





## **Logic Cones and Compare Points**

Formality breaks the reference and implementation designs into compare points, each with its own logic cone







#### **Formality Flow Overview**







# The Design Read Cycle

#### **Breaks Designs into Logic Cones**







#### The Matching Cycle

#### Matches corresponding points between designs

#### Reference Design Implementation Design



These points match automatically

Most compare points match by name. For those compare points that do not need guidance information, matching is performed manually or by compare rules.





## **The Matching Cycle**





# **The Verification Cycle**

#### Verifies logical equivalence for each logic cone

#### Reference Design



#### Implementation Design



Passing Cone

Failing Cone

Unmatched Cone





# **The Debug Cycle**

#### Isolates implementation errors







# Agenda

Introduction to Equivalence Checking

#### **Using Formality**

Flow Overview

Guidance

Read

Setup

Match

Verify

Debug

Documentation and Help





## **Invoking Formality**

Torun a typical Formality Tcl script

```
% fm_shell -f runme.fms | tee runme.log
```

To start the GUI from UNIX

```
% formality
or
% fm_shell -gui -f runme.fms | tee runme.log
```

To start the GUI within a batch session

```
fm_shell (setup)> start_gui
```

To view other invocation options

```
% fm_shell -help
```





## **Files That Formality Generates**

- Record of commands issued
  - -fm\_shell\_command.log
- Log file that stores informational messages
  - -formality.log
- Working files
  - -FM\_WORK directory
  - -fm shell command.lck and formality.lck
  - Formality automatically deletes all working files when you exit the tool (gracefully)





## **Formality Setup File**

- Formality reads the .synopsys\_fm.setup file when invoked.
- A typical setup file contains commands such as:
  - -set search path ". ./lib ./netlists ./rtl"
  - -alias h history
- Formality reads this file from the following locations:
  - The Formality installation directory:
    - -formality root/admin/setup/.synopsys fm.setup
  - Your home directory
  - The current working directory
- The setup is a cumulative effect of all three files.





# Agenda

Introduction to Equivalence Checking

**Using Formality** 

Flow Overview

Guidance

Read

Setup

Match

Verify

Debug

Documentation and Help





**Formality Flow Overview** 





# The Formality GUI

GUI is recommended for new users

- Guides you through the flow
- Contains context-sensitive help
- Tabs for each step of the flow
- Do not have to remember the Tcl syntax
- Displays the corresponding Tcl commands
- Stores GUI preferences in the
  - ~/.synopsys fmg folder







## Formality Low Power Capabilities

- Complete low-power static verification solution
- Adheres to IEEE 1801 (UPF)
- Comprehensive low-power checks
  - Verifies all legal power states as defined in the power state table
    - Including power-up and power-down states
  - Supports advanced low-power design techniques
  - Supports special low-power cells
- VCLP support for static low-power rule checking







#### **Low Power Verification Flow**

- Data Requirements
  - RTL and UPF must be simulated with Synopsys tool VCS NLP
  - Design Compiler netlist can be either Verilog or DDC
  - –UPF must be from the Design Compiler command save\_upf
  - Technology libraries
    - Power aware cells must have power pins and power down functions
    - Formality can create power pins for standard logic function cells







## **A Basic Formality Script**

```
#Step 0: Guidance
set_svf default.svf
#Step 1: Read Reference Design
read_verilog -r alu.v
set_top alu
load_upf -r alu.upf
#Step 2: Read Implementation Design
read_db -i lsi_10k.db
read verilog -i alu.fast.vg
set top -auto
load_upf -I alu.fast.upf
#Step 3: Setup
#No setup required here
#Steps 4 & 5: Match and Verify
verify
```



## Agenda

Introduction to Equivalence Checking

**Using Formality** 

Flow Overview

#### Guidance

Read

Setup

Match

Verify

Debug

Documentation and Help





#### What is Guidance?

- SVF Automated Guidance Setup file
- Hints passed from Design Compiler to Formality
  - -Automatically generated by Design Compiler
  - Contains both setup and guidance information
  - -Reduces user setup effort and errors
  - Removes unnecessary verification iterations
- SVF data is implicitly or explicitly proven in Formality or it is not used
- Using the SVF flow is recommended
  - Required when verifying a netlist containing retiming, register merging, or register inversions









#### **Guidance File Contents**

- SVF contains the following information:
  - Object name changes
  - Constant register optimizations
  - Duplicate and merged registers
  - Multiplier and divider architecture types
  - Datapath transformations
  - Finite State Machine (FSM) re-encoding
  - Retiming
  - -Register phase inversion





## **Using the Automated Setup File**

- By default, Design Compiler names the automated setup file default.svf
  - -To specify the name, use the **set\_svf** file.svf command in Design Compiler
- Formality uses the same command to read automated setup files: set\_svf file.svf
  - -Specifies one file, multiple files, or a directory
  - Specifies SVF guidance using the design name
  - -Automatically determines multiple SVF file processing order
  - Places the formality\_svf directory in the current working directory
    - Creates ASCII text version "svf.txt"





#### **Using Feature: Auto Setup Mode**

- Variable: set synopsys\_auto\_setup true
  - Assumptions made in Design Compiler are also made in Formality
  - Increases out-of-the-box (OOTB) verification success rate
  - -Set the auto setup variable before using the **set\_svf** file.svf command
- Works with or without the SVF, does more with SVF
  - Handles undriven signals like synthesis
  - RTL interpretation like synthesis
  - Auto-enable clock-gating and auto-disable scan (requires SVF)
- You can overwrite the SVF passed variables and commands
  - Transcript summary shows variable settings
  - -Variables take the last value that was set
- Selectively controls auto setup using synopsys\_auto\_setup\_filter
- You must not use auto setup mode for gate-to-gate verifications





#### What Auto Setup Mode Does

• Runs the following commands by default (and more):

```
- set hdlin_error_on_mismatch_message false
- set hdlin_ignore_parallel_case false
- set hdlin_ignore_full_case false
- set svf_ignore_unqualified_fsm_information false
- set verification_set_undriven_signals synthesis
- set verification_verify_directly_undriven_output false
- set hdlin_ignore_embedded_configuration true
- set signature_analysis_allow_subset_match false
- set upf_assume_related_supply_default_primary true
- set upf_use_additional_db_attributes true
```

- Design Compiler places additional setup information in the SVF
  - Clock-gating notification
  - -Scan mode disable information





#### **Benefits of Auto Setup Mode**

- Formality is easier to use
- Reduces the need for debugging
  - A large percentage of failing verifications are "false failures" caused by incorrect or missing setup in Formality
- Improves productivity
  - Dramatically reduces manual setup
- Simplifies overall verification effort





#### **Formality Script Generator**

- The fm\_mk\_script command automatically generates Formality Tcl script using information in the SVF
- Syntax:

- Examples:
  - -The fm mk script default.svf command creates the fm mk script.tcl script.
  - -The fm\_mk\_script default.svf -output fm.tcl command creates the fm.tcl script





# Agenda

Introduction to Equivalence Checking

**Using Formality** 

Flow Overview

Guidance

#### Read

Setup

Match

Verify

Debug

Documentation and Help





#### **Read Commands**

Formality input formats:

Verilog (synthesizable subset)-read\_verilog

-VHDL (synthesizable subset) -read\_vhdl

SystemVerilog (synthesizable subset) -read\_sverilog

-Synopsys Milkyway -read\_milkyway

-Synopsys binary files -read\_db, read\_ddc

-UPF Files -load upf

Designs are read into containers

- **-r** # default reference container
- # default implementation container
- -container containerID # Other container name
- Links top level of design by using the set\_top command
  - -Loads all required designs and libraries before running the set\_top command
  - Elaborates each container before loading subsequent containers





### **Reading in Libraries**

- Verilog Simulation Libraries
  - -Use the -vcs option of the read\_verilog command

    Example: read\_verilog -i top.vg -vcs "-y ./lib +libext+.v"
- Design Libraries
  - -Use read\_verilog -tech design.vorread\_vhdl -tech design.vhd
  - Subsequent containers will have access to this library
  - -Use the -r or -i options to place library only within the specified containers





# **Reading in Libraries**

- Synopsys binary libraries (.db file format libraries)
  - -Use the read\_db command
    Example: read\_db lsi\_10k.db
  - Shared technology libraries
  - -Subsequent containers will have access to this library
  - −Use the ¬r or ¬i options to place the library in the reference or implementation containers
- Instantiated DesignWare components
  - -Set the hdlin\_dwroot variable to the top level of Design Compiler software tree
- Note that pure RTL does not require any component library





# **Linking and Referencing Designs**

- After reading the source files, use the **set\_top** command to elaborate or link the design and designate the top-level module.
  - Using default containers (r and i), the set\_top command automatically designates which design is reference or implementation.
  - -Using nondefault container names, specify which container is reference or implementation.

```
- set_reference_design
- set_implementation_design
```

- After set\_top has been completed,
  - -The **\$ref** Tcl variable specifies the reference design
  - -The \$impl Tcl variable specifies the implementation design
- The syntax of \$ref and \$impl is:
  - ContainerName:/Library/Design
  - Examples:

r:/DESIGN/chip i:/WORK/alu 0





#### Reference Design

```
fm_shell (setup)> read_verilog -r alu.v
fm_shell (setup)> set_top -auto
```

- The read\_verilog command loads design into a container
  - The –r option signifies the (default) reference container
- This script does not load a technology library into the reference container
  - -The file alu.v is pure RTL (no mapped logic)
- The set\_top -auto command finds and links the top-level module
  - -The set\_top command uses the current container (r)
  - The top-level module found by Formality is "alu"
  - -Since the current container is "r", Formality automatically sets the **set\_reference\_design** variable (\$ref) to r:/WORK/alu
    - WORK is the default library name





## **Reading and Linking**

```
Example
read ver -r { controller.v multiplier.v top.v}
set top r:/WORK/top
Setting top design to 'r:/WORK/top' Status: Elaborating design top
Warning: Cannot link cell '/WORK/top/add1' to its reference design 'adder'. (FE-LINK-2)
Warning: Cannot link cell '/WORK/top/add2' to its reference design 'adder'. (FE-LINK-2)
Status: Elaborating design controller ...
Error: Unresolved references detected during link. (FM-234)
Error: Failed to set top design to 'r:/WORK/top' (FM-156)
0
read ver -r adder.v
No target library specified, default is WORK
Loading verilog file '/.../rtl/adder.v'
set top r:/WORK/top
Setting top design to 'r:/WORK/top'
Status:
              Elaborating design adder ...
              Implementing inferred operators...
Status:
Top design successfully set to 'r:/WORK/top'
Reference design set to 'r:/WORK/top'
```





### Implementation Design

```
fm_shell (setup)> read_verilog -i alu.vg
fm_shell (setup)> read_db -i class.db
fm_shell (setup)> set_top alu_0
```

- The read\_verilog command loads the implementation design.
  - -The -i option specifies the (default) implementation container.
- The read\_db command loads the technology library class.db
  - Because the -i option is specified, this library is visible only in the implementation container
- The set\_top command links top-level module alu\_0
  - The script reads both design and technology library before set\_top
  - -The set\_top command uses the current container ("i")
  - -Since the current design is "i", Formality automatically sets the implementation design variable (\$impl) to i:/WORK/alu\_0
    - WORK is the default library name
    - The script specifies that the top-level module is alu 0





# Simulation-Style Verilog Read

• The **read\_verilog** supports VCS style switches.

Use the -vcs option only once for each container.





# **Reading and Writing Containers**

- Command: write\_container
  - -Saves all design information in the current elaborated state, including libraries, to a file
  - -Recommended: Run the set top command before saving the container
    - Can save without running the set\_top command using the -pre\_set\_top option
- Command: read container
  - Restores a design
- Recommended to save containers before running match
  - SVF processing can change the contents of the container
- Complete containers can be used with any version of Formality

```
fm_shell> write_container -replace -r ref.fsc
fm_shell> read_container -r ref.fsc
```





### **Loading Low Power Data**

- Use the load\_upf command after running the set\_top command
- Example script for RTL and UPF versus Post-DC-Netlist+UPF

```
read_db {low_power_library.db special_lp_cells.db}
read_verilog -r {top.v block1.v block2.v block3.v}
set_top r:/WORK/top
load_upf -r top.upf
read_verilog -i {post_dc_netlist.v} set_top i:/WORK/top
load_upf -i top_post_dc.upf
```

- Formality modifies the reference or implementation design to meet the specification implied by the UPF commands
- UPF commands cannot be issued interactively





#### **Save and Restore Session**

- Use after verification to save the current state of Formality.
- Commonly used to debug failing verification in a separate Formality run
- Saved sessions are not portable across Formality releases

```
fm_shell> save_session -replace mysession_file
fm_shell> restore_session mysession_file.fss
```





# Agenda

Introduction to Equivalence Checking

**Using Formality** 

Flow Overview

Guidance

Read

Setup

Match

Verify

Debug

Documentation and Help





# **Setup Needed for Verification**

- Guidance might be needed for matching and verification
  - Recommended: Use the automated setup file (SVF)
    - Essential for retiming, register merging, or register inversion
- Design transformations that might need setup:
  - -Internal Scan
  - -Boundary Scan
  - Clock-gating
  - -Clock Tree Buffering
  - Finite State Machine (FSM) Re-encoding
  - -Black boxes
- Auto Setup Mode handles most setup automatically
  - -set synopsys\_auto\_setup true





#### **Internal Scan: What is it?**

- Implemented by DFT Compiler
  - Replaces flip-flops with scan flip-flops
  - Connects scan flip-flops into shift registers or "scan chains"
- The scan chains make it easier to set and observe the state of registers internal to a design for manufacturing test







# **Internal Scan: Why it Requires Attention?**

The additional logic added during scan insertion changes the combinational function







#### **Internal Scan: How to Deal With it?**

- Determine which ports disable the scan circuitry
  - Default for DFT Compiler is test\_se
- Set those ports to the inactive state using the set\_constant command

```
fm_shell (setup) > set_constant i:/WORK/TOP/test_se 0
```





# **Boundary Scan: What is it?**

- Boundary scan involves the addition of logic to a design
  - The added logic makes it possible to set and or observe the logic values at the primary inputs and outputs (the boundaries) of a chip
  - Used in manufacturing test at board and system level
  - Added by BSD Compiler
- Boundary scan is also referred to as
  - -The IEEE 1149.1 specification
  - -JTAG





# **Boundary Scan: Why it Requires Attention?**

- The logic cones at the primary outputs are different.
- The logic cones driven by primary inputs are different.
- The design has extra state holding elements.









### **Boundary Scan: How to Deal With it?**

- Disable the Boundary scan:
  - If the design has an optional asynchronous TAP reset pin (such as TRSTZ or TRSTN), use set\_constant on the pin to disable the scan cells.
  - If the design has only the 4 mandatory TAP inputs (TMS, TCK, TDI and TDO), then force an internal net of the design using the set\_constant command.

```
fm_shell (setup) > set_constant i:/WORK/TOP/TRSTZ 0
fm_shell (setup) > set_constant i:/WORK/alu/somenet 0
```





# **Clock-Gating: What is it?**

- Added by Power Compiler
- Adding logic in a register's clock path, which disables the clock when the register output is not changing
- Saves power by not clocking register cells unnecessarily





### **Clock-Gating**







# Clock-Gating: Why is it an Issue?

- Without intervention, compare points will fail verification
  - -A compare point is created for each clock-gating latch
    - This compare point does not have a matching point in the other design and will fail
  - -The logic feeding the clock input of the register bank has changed
    - The register bank compare points will fail





#### Clock-Gating: How to Deal With it?

- set verification\_clock\_gate\_hold\_mode low
  - -Use option low or any if the clock-gating net drives the clock pin of positive edge-triggered DFF
  - If the clock-gating net also drives primary outputs or black-box inputs, use the collapse\_all\_cg\_cells option
  - Use the set\_clock command to identify the primary input clock net if clock-gating cells do not drive any clock pin of a DFF
- Auto setup mode enables clock-gating by default
- Use the following variable only if clock-gating verification issues continue:

```
set verification_clock_gate_edge_analysis true
```

fm\_shell (setup)> set verification\_clock\_gate\_hold\_mode low





### **Clock Tree Buffering**

Clock tree buffering is the adding of buffers in the clock path to allow the clock signal to drive large loads.







### **Clock Tree Buffering: How to Deal With it?**

- Verification at the top level requires no setup
- When verifying at "blocka" sub-block level, use the set\_user\_match command to show that the buffered clock pins are equivalent

```
fm_shell (setup)> set_reference_design r:/WORK/blocka
fm_shell (setup)> set_implementation_design i:/WORK/blocka
fm_shell (setup)> set_user_match r:/WORK/blocka/clk \
i:/WORK/blocka/clk1 \
i:/WORK/blocka/clk2 \
i:/WORK/blocka/clk3
fm_shell (setup)> verify
```





# Finite State Machine Re-encoding

- Verify that the re-encoding in the automated setup file (SVF) is correct
  - View the ASCII file: ./formality\_svf/svf.txt
- Enable the use of this setup information in Formality
- Auto setup mode will enable use of this FSM information by default

fm\_shell> set svf\_ignore\_unqualified\_fsm\_information false





#### **Black Boxes**

- A black box is a module or entity which contains no logic
  - -The following modules that are not verified
    - Analog circuitry
    - Memory devices
  - Match black boxes between reference and implementation









#### **How Are Black Boxes Created?**

- RTL modules that have only I/O port declarations are read
- Library .db cells with port and timing information only
  - Typically a memory
- Missing a piece of design and are using this variable:
  - -set hdlin\_unresolved\_modules black\_box
- Usage of other variable when reading in designs:
  - -set hdlin interface only "SRAM\* dram16x8"
  - Any module beginning with SRAM and the dram16x8 module will become a black box
- Declare a sub-design as a black box
  - -set\_black\_box designID
- Command report\_black\_boxes shows list of black boxes





# Agenda

Introduction to Equivalence Checking

**Using Formality** 

Flow Overview

Guidance

Read

Setup

Match

Verify

Debug

Documentation and Help





# **Matching Compare Points**

fm\_shell (setup)> match

- The first thing match does is verify and apply the guidance (SVF) if set
  - The guidance makes the subsequent matching and verification far easier
  - Far less manual setup
  - Better completion
- With Formality 2014.09 and onwards, "applying the SVF" step can be done separately using preverify command
- The "applying the SVF" is only done once
  - If match has previously been run, a subsequent match will not apply the SVF again
  - If **preverify** has previously been run, a subsequent **match** will not apply the SVF again





# **Matching Compare Points**

- The match command is optional
  - -The **verify** command will also run matching
  - Recommendation:
    - For interactive work, use the match command for feedback
    - Omit the match command from scripts to reduce runtime
- Name matching algorithms are used first
- Remaining unmatched points matched by signature analysis
  - Includes structural techniques
  - -Signature analysis might be turned off (but not recommended)
- Any remaining unmatched points are then reported
  - -User can specify compare rules or can manually set matches
- Use of the SVF flow improves name matching performance and completion
  - Matches points by name without user intervention





### **GUI Unmatched Point Report**







### **Compare Rules**

- When names change in predictable ways, write a compare rule.
- Use SED syntax to translate names in one design to the corresponding names in the other design:





# Agenda

Introduction to Equivalence Checking

**Using Formality** 

Flow Overview

Guidance

Read

Setup

Match

Verify

Debug

Documentation and Help





# **Verify Implementation Design**

- Runs Formality's verification algorithms on compare points
  - Formality deploys many different solvers
  - Each solver uses a different algorithm to prove equivalence or nonequivalence
- Four possible results:

-Succeeded: Implementation is equivalent to the reference

– Failed: Implementation is not equivalent to the reference

True logic difference, or setup problem

Inconclusive: No points failed, but analysis is incomplete

Might be due to timeout or complexity

- Not run: A problem earlier in the flow prevented verification from running at all





# **Verify Implementation Design (contd...)**

- For each matched pair of compare points, Formality
  - Confirms same functionality of logic cones
  - Marks point as "passed"

Or

- Determines that functionality is different between logic cones
- Finds one or more "counter examples" that shows different response at compare point
- Marks the compare point as "failed"
- All valid compare points are verified
  - -Constant registers are not verified
  - "Unread" compare points are not verified by default
    - Unread points do not affect other compare points or primary outputs





### **Verify Example**

```
fm_shell (match)> verify
```

- Verification is incremental
  - -Verification can continue again after being stopped
  - You might match additional compare points manually and continue with verification
  - -To force verification of entire design: verify -restart
- Options:
  - Verification of single compare point
  - -Verification against a constant: verify \$ref/cp -constant0
  - -Use set\_dont\_verify to exclude points from verification





#### **Controlling Verification Runtimes**

- set verification\_timeout\_limit hrs:min:sec
  - Halts entire verification after a specified time
  - -36 CPU hours is default limit (0:0:0 means no timeout)
  - -Remaining unverified compare points are not attempted
- set verification\_failing\_point\_limit number
  - Halts verification after specified number of compare points fail (default is 20 failing compare points)
  - Allows you to correct for any missing setup
  - Allows you to begin debugging failing compare points





#### **Controlling Verification Runtimes**

- set verification\_effort\_level [super\_low | low | medium | high]
  - Specifies amount of effort spent solving a compare point (the default is high)
  - Using super\_low finds failing compare points quickly but will also produce several aborted compare points





#### **Hierarchical Verification**

- Command write\_hierarchical\_verification\_script
  - Formality generates Tcl script that performs hierarchical verification on current reference and implementation designs
  - Helpful for debugging large and hard-to-verify designs
  - -Usage:

```
set_top i:/WORK/top set_constant $impl/test_se 0
write_hier -replace -level 3 myhierscript
source myhierscript.tcl
quit
```

- View results in the file fm\_myhierscript.log
- Formality will create one session file (by default) if verification fails on a sub-design





#### **Multicore Support**

- Specify up to 4 cores with a single license
- Support for UPF designs and auto-factoring
  - -Legacy distributed processing did not support UPF or auto-factoring
- Single command for setup:

```
set_host_options -max_cores num_cores
```

• New command for reporting maximum number of cores: report\_host\_options





#### **Multicore Support (contd...)**

- Measure performance using wall clock time
  - -Use new Formality command: elapsed\_time
  - -Shows "wall clock" seconds since session started
  - -Continues to run even when session is idle
  - -Use immediately after **verify** command to find total seconds for verification
  - Do not use Formality command: cputime
    - Adds up all CPU time of child processes serially





# Alternate Verification Strategies For Resolving Hard Compare Points

• Two new variables are introduced to enable alternate strategies

```
set verification_alternate_strategy <>
```

- Default is "none" which uses the standard strategy
- Setting value other than "none" enables an alternate verification solver flow
- Read-only variable

```
verification_alternate_strategy_names
```

- Contains list of names of all alternate strategies
- The names of the strategies, their number, and their functions might vary from release to release of Formality

```
fm_shell (setup)> printvar verification_alternate_strategy_names =
"none m1 s2 s3 s1 l2 s6 s10 l1 l3 s8 s4 s5 k1 k2 s7 s9"
```





# Agenda

Introduction to Equivalence Checking

**Using Formality** 

Flow Overview

Guidance

Read

Setup

Match

Verify

Debug

Documentation and Help





#### **Example of Typical Formality Script**

```
set search_path ". ./rtl ./lib ./netlist"
set synopsys auto setup true
set hdlin dwroot /tools/syn/E-2010.12
set svf default.svf
read verilog -r "fifo.v gray counter.v \
      pop ctrl.v push ctrl.v rs flop.v"
set top fifo
read db -i tcb013ghpwc.db
read_verilog -i fifo.vg
set top fifo
# set constant $impl/test se 0
verify
```





# **Debugging: Problem 1**

#### Find the problem in this script

```
read_verilog -r alu.v
set_top alu

read_verilog -i alu.fast.vg
set_top alu
read_db -i class.db

verify
```





#### **Debugging: Problem 2**

## Find the problem in this script

```
read_verilog -r alu.v

read_db -i class.db
read_verilog -i alu.fast.vg

set_top r:/WORK/alu
set_top i:/WORK/alu
verify
```





#### **Debugging Flow**

- Step 1: Look at the transcript for clues
- Step 2: Use debugging tools and commands
- Step 3: Identify and resolve problem areas
- Step 4: Try the verification again
- Step 5: Ask for help





**Debugging Flow Chart** 





#### **Steps of Debugging**

- Check for Warning Signs
  - Check for simulation or synthesis mismatch errors
  - Check RTL interpretation messages in transcript
  - Were full\_case and parallel\_cases pragmas interpreted?
  - Check for black-box warnings in the transcript
- Check for rejected SVF guidance commands
- Check for unmatched compare points
  - –Are unmatched compare points present only in implementation?
  - Are clock-gating latches found?
- Is there a setup problem? Did you disable scan?
- Try using Auto Setup Mode
  - -set synopsys\_auto\_setup true





#### **Debugging Tools: analyze\_points**

- Provides debugging guidance for failing or hard to verify compare points
- Command: analyze\_points
  - Options for failing verifications: -failing, -all
  - Options for hard verifications: -aborted , -unverified , -no\_operator\_svp , -all
  - Takes a single or list of compare points as an argument
- Report command: report\_analysis\_results
  - Option: -summary
- Variable: verification\_run\_analyze\_points
  - False is default
  - When enabled, runs analyze\_points -all
- For hard-to-verify compare points, the <a href="mailyze\_points">analyze\_points</a> command looks at datapath specific SVF operations involved with the logic cone
  - Produces Design Compiler Tcl script command: set\_verification\_priority
    - Targets specific blocks, instances, or arithmetic operators
    - Turns off specific optimizations
    - Improves verification success
    - Minimizes QoR impact





# Debugging Tools: analyze\_points (contd...) Guidance for Failing Verifications

```
fm shell (verify)> analyze points -failing
****************************** Analysis Results *********************
Found 1 Unconstrained Implementation Input
Unmatched input ports in the implementation typically result
from test logic insertion. Constraining the unmatched ports
to a constant value may correct the failures.
i:/WORK/bc top/test se
    Unmatched in the implementation cones for 20 compare point(s):
        i:/WORK/abc top/text in r reg 112
       i:/WORK/abc top/us22/sbox2/dreg reg 2
       i:/WORK/abc top/us22/sbox2/dreg reg 4
       i:/WORK/abc_top/us22/sbox2/dreg_reg_7_
       {...}
   Try adding this command before verify:
        set constant i:/WORK/abc top/test se 0
Analysis Completed
```





# Debugging Tools: analyze\_points (contd...) Guidance for Hard Verifications





#### Debugging Tools: analyze\_points (contd...)







# Debugging Tools: analyze\_points (contd...)







#### **Debugging Tools: Pattern Viewer**

- Formality automatically creates sets of vectors to illustrate failures at the compare point
  - These counter examples are failing patterns
  - Failing patterns are applied on the inputs of each logic cone
  - Proof of nonequivalence performed mathematically
  - No failing patterns exist for passing or hard to verify compare points
- Viewing the logic cone inputs and failing patterns are extremely helpful in debugging



Show Logic Cones



#### **Debugging Tools: Pattern Viewer (contd...)**





**Synopsys Confidential Information** 



#### **Debugging Tools: Pattern Viewer (contd...)**



- · Allows quick identification of issues with setup and matching
  - For this example, note failure when scan enable "test se" has "1" value
  - -Try using set\_constant \$impl/test\_se 0 for a successful verification





# **Debugging Tools: Pattern Viewer (contd...)**





**Synopsys Confidential Information** 

Show Logic Cones



#### **Debugging Tools: Logic Cone Viewer**





































# **Debugging Tools: Prune**







#### **Correlation From Logic Cone to Pattern Viewer**







#### **Viewing RTL Source From Schematics**







#### **Source Code Browser**







#### **Don't Care Conditions**

- In synthesis, the X state is considered as don't care and Design Compiler is free to choose 1 or 0
- By default in Formality, X is interpreted same as synthesis
- The variable verification\_passing\_mode controls how X will compare
  - verification\_passing\_mode consistency
    - Default: Ref:X = Impl:1; Ref:X = Impl:0
  - verification\_passing\_mode equality
    - Ref:X fails against Impl:1 or Impl:0
- consistency asymmetric: If RTL-to-gates passes, gates-to-RTL can fail
- Mode equality useful when comparing RTL-to-RTL





# **Formality Don't Care Symbol**





-When don't care (DC in figure) pin is 1; out is X . When don't care (DC in figure) is 0; out is F.





#### **Queued Setup Commands**







# **Debugging Tools: Dual Design Browser**

- Reference and implementation browser now integrated together
- Search feature
  - "Find Matching" feature
  - Select an object and find corresponding object in other container







# Agenda

Introduction to Equivalence Checking

**Using Formality** 

Flow Overview

Guidance

Read

Setup

Match

Verify

Debug

Documentation and Help





#### **Formality Online Help**

• Click on a hyperlink in the transcript, or use the man command



• Variable sh\_man\_browser\_mode controls the GUI opening the browser for man command





# Formality Online Help Web Browser Window







#### **Help For Commands and Variables**

• Three important commands for getting help:

#### printvar

- Displays the value of a Tcl variable
- Accepts wildcards

#### help

- Displays brief description of a Formality command
- Accepts wildcards

#### man

- Displays detailed information about a Formality command, Tcl variable, warning, or error message
- -Does not accept wildcards





#### **Help Examples**





# **Command Editing and Completion**

- The Tcl shell supports powerful command editing and completion capabilities
  - Command completion with "Tab"
  - -Use up and down arrow keys for moving through command stack





#### **Sources For Information**

- SolvNet Website: https://solvnet.synopsys.com/
  - Formality release notes and user guides
  - Online training
  - -Articles
  - Reference Methodology Guides
    - https://solvnet.synopsys.com/rmgen/
    - Design Compiler and Formality Tcl scripts
    - IC Compiler and Formality Tcl script
- Synopsys Website:

http://www.synopsys.com/Tools/Verification/FormalEquivalence/Pages/Formality.aspx





# SYNOPSYS®

**Predictable Success** 

