The present invention relates to a method of circuit verification in digital design and in particular relates to a method of register transfer level property checking to enable the same.
Today""s electrical circuit designs frequently contain up to several million transistors and circuit designs need to be checked to ensure that circuits operate correctly. Formal methods for verification are becoming increasingly attractive since they confirm design behaviour without exhaustively simulating a design. Over the past years, bounded model checking and bounded property checking have increased in significance in electronic design automation (EDA). When checking large industrial circuits, long run times, ranging between hours and several days, are quite common. With designs continually increasing in size and complexity the test for correct behaviour becomes more important and a major economic issue, but at the same time becomes more complex, time consuming and expensive. Automated abstraction techniques have been developed to enhance capabilities of formal verification methods.
Abstraction techniques are used as a pre-process in high-level property checking of digital circuits. The majority of today""s industrial hardware verification tools use bit-level decision procedures, like decision procedures for the Boolean satisfiability problem (SAT) or decision procedures based on binary decision diagrams (BDDs). In electronic design automation, SAT procedures have many direct applications, including test pattern generation, timing analysis, logic verification, functional testing, etc. SAT belongs to the class of NP-complete problems, with algorithmic solutions having exponential worst case complexity. This problem has been widely investigated and continues to be so because efficient SAT techniques can greatly affect the operation of many EDA tools. For example in VLSI CAD, SAT formulations start from an abstract circuit description, for which a required output value needs to be validated. The resulting formulation is then mapped on to an instance of SAT. Conjunctive Normal Form (CNF) formulae can be used and several versions of this procedure incorporate a chronological backtrack-determination: at each node in the search tree, an assignment is selected and a subsequent search procedure is controlled by iterative application of xe2x80x9cunit clausesxe2x80x9d and xe2x80x9cpure literal rulesxe2x80x9d. Non-chronological backtrack determinations are also known. An alternative to SAT are BDDs: a set of BDD""s can be constructed representing output value constraints. The conjunction of all the constraints expressed as a Boolean product of the corresponding BDD (termed as a product BDD) represents the set of all satisfying solutions. Any element of the resulting constraint set gives a feasible SAT solution. However a major limitation of this approach is that there is a corresponding exponential increase in memory requirement for the operating system and in run times of the verification tools. The CNF-based SAT solvers can be directly applied to circuits, which are broken down into bit-level Boolean logic, by transforming the entire circuit into CNF formulae. However, since practical gate-level circuit descriptions can be quite large, dealing with substantially large CNF formulae results in unacceptable CPU run times. However, circuit designs are usually defined in terms of Register-Transfer-Level (RTL) specifications, for example, coded in hardware description languages (HDL""s) like VHDL or Verilog. RTL specifications of digital circuits contain explicit structural information which is lost in bit-level descriptions. At the bit-level, for example in gate lists, all signals are of 1-bit width and all available functional units are Boolean gates. In contrast, with RTL, word-level data structures, for example bit-vectors and buses, as well as high-level operators, for example adders, multipliers and shifters, are still visible. Several approaches to formal circuit verification have been proposed which make use of such high level information.
D. Cyrluk et al present a word-level decision procedure for the core theory of bit-vectors with extraction and concatenation in xe2x80x9cAn efficient decision procedure for the theory of fixed sized bit-vectorsxe2x80x9d (CAV-97), pages 60 to 71, 1997, using bit-vector BDDs and applying width abstraction to the core theory.
The present invention seeks to provide an improved circuit verification procedure.
In accordance with a first aspect of the invention, there is provided a digital circuit design verification method wherein, prior to a property checking process for each property of a non-reduced RTL model, a reduced RTL model is determined, which reduced RTL model retains specific signal properties of a non-reduced RTL model which are to be checked.
Conveniently the design verification process comprises, in a step prior to the determination of a reduced width RTL model, of determining the design specification of the digital circuit design and the specification of the properties to be investigated, synthesizing an RTL netlist of high level primitives, whereby the circuit is defined as an interconnection of control and data path portions, wherein signals of a width n are determined such that n xcex5 N+, wherein bitvectors of respective length determine the signal value and N+represents the natural numbers (excluding 0). i.e. 1, 2, 3, . . . Conveniently, in the property checking process, an internal bit level representation contains a bit level variable for each bit of each word signal. This bit-level representation is passed to a verification engine and then to a property test unit which operates to provide a positive result if the investigated property holds true for the circuit and which operates to provide a counter-example if the property does not hold. In the event that a counter-example is produced for the reduced RTL design, signal width enhancement is performed to create a counter-example for the original RTL.
wherein bitvectors of respective length determine the signal value. Conveniently, in the property checking process, an internal bit level representation contains a bit level variable for each bit of each word signal. This bit-level representation is passed to a verification engine and then to a property test unit which operates to provide a positive result if the investigated property holds true for the circuit and which operates to provide a counter-example if the property does not hold. In the event that a counter-example is produced for the reduced RTL design, signal width enhancement is performed to create a counter-example for the original RTL.
In accordance with a further aspect of the present invention there is provided a digital circuit design verification tool wherein a pre-property checking unit is operable to reduce the widths of the signals occurring in an RTL model of an input design specification and an input property specification, which reduced width RTL model retains the specific signal property of a non-reduced RTL model.
Preferably the tool further comprises a front end unit operable to receive input data relating to a design specification and the property characteristics of a design to be verified and is operable to provide an RTL netlist of the circuit design and property whereby the circuit can be defined as an interconnection of control and data path portions, wherein in signals of a width n are determined such that
n xcex5 +; and bitvectors of a respective length determine the signal value. Conveniently a property checking unit is operable to create an internal bit level representation having received a reduced RTL representation. This representation is sequentially passed to a verification engine and to a property test unit. The property test unit being operable to provide a positive result if the circuit property holds true and which is operable to provide a counter-example in the case of the property does not hold. Conveniently the signal width enhancement unit is operable to receive counter-examples for reduced RTL data and to expand the signal width to provide a counter example for the original RTL.
A linear signal width reduction causes an exponential reduction of the induced state space. Reducing state space sizes in general goes hand in hand with reduced verification runtimes. Thus the technique holds a high potential for speeding up verification tasks. Tests have shown that the present invention can significantly reduce the runtimes of existing prover tools. Furthermore, the present invention will be able to process design sizes which have, hitherto, exceeded the capacities of existing verification tools and which could not be taken into account before due to resource limitations. FIFO""s, queues, stacks, bridges and interface protocols comprise part of a class of digital hardware designs to which the present invention is particularly well suited to processing.
A further advantage of the present invention is that, if the analysis yields that no reduction at all is possible for a given design and a given property, then reduced model and original design are identical. The verification task itself cannot be impaired by using the proposed method as a pre-process, and in all case studies pre-processing runtimes were negligible Furthermore, the technique can be applied in high-level equivalence checking and high-level simulation. High-level equivalence checking, for example, can be considered a special case of high-level property checking. The design specification can include two different implementations of the same circuit and the property can require functional equivalence, or the property itself can be written in a hardware description language representing a functional specification of the circuit.