1. Field of the Invention
The invention relates to the field of electronic design automation, and in particular to a system and method for accurately and efficiently performing clock modeling in design formal verification.
2. Related Art
An electronic design automation (EDA) system is a computer software system used for designing integrated circuit (IC) devices. The EDA system typically receives one or more high level behavioral descriptions of an IC device (e.g., in HDL languages like VHDL, Verilog, etc.) and translates (“synthesizes”) this high-level design language description into netlists of various levels of abstraction. A netlist describes the IC design and is composed of nodes (functional elements) and edges, e.g., connections between nodes. At a higher level of abstraction, a generic netlist is typically produced based on technology independent primitives.
The generic netlist can be translated into a lower level technology-specific netlist based on a technology-specific (characterized) cell library that has gate-specific models for each cell (i.e., a functional element, such as an AND gate, an inverter, or a multiplexer). The models define performance parameters for the cells; e.g., parameters related to the operational behavior of the cells, such as power consumption, delay, and noise. The netlist and cell library are typically stored in computer readable media within the EDA system and are processed and verified using many well-known techniques.
FIG. 1 shows a simplified representation of an exemplary digital ASIC design flow. At a high level, the process starts with the product idea (step E100) and is realized in an EDA software design process (step E110). When the design is finalized, it can be taped-out (event E140). After tape out, the fabrication process (step E150) and packaging and assembly processes (step E160) occur resulting, ultimately, in finished chips (result E170).
The EDA software design process (step E110) is actually composed of a number of steps E112-E130, shown in linear fashion for simplicity. In an actual ASIC design process, the particular design might have to go back through steps until certain tests are passed. Similarly, in any actual design process, these steps may occur in different orders and combinations. This description is therefore provided by way of context and general explanation rather than as a specific, or recommended, design flow for a particular ASIC.
A brief description of the component steps of the EDA software design process (step E110) will now be provided. During system design (step E112), the designers describe the functionality that they want to implement and can perform what-if planning to refine functionality, check costs, etc. Hardware-software architecture partitioning can occur at this stage. Exemplary EDA software products from Synopsys, Inc. that can be used at this step include Model Architect, Saber, System Studio, and DesignWare® products.
During logic design and functional verification (step E114), the VHDL or Verilog code for modules in the system is written and the design is checked for functional accuracy. More specifically, does the design as checked to ensure that produces the correct outputs. Exemplary EDA software products from Synopsys, Inc. that can be used at this step include VCS, VERA, DesignWare®, Magellan, Formality, ESP and LEDA products.
During synthesis and design for test (step E116), the VHDL/Verilog is translated to a netlist. The netlist can be optimized for the target technology. Additionally, the design and implementation of tests to permit checking of the finished chip occurs. Exemplary EDA software products from Synopsys, Inc. that can be used at this step include Design Compiler®, Physical Compiler, Test Compiler, Power Compiler, FPGA Compiler, Tetramax, and DesignWare® products.
During design planning (step E118), an overall floorplan for the chip is constructed and analyzed for timing and top-level routing. Exemplary EDA software products from Synopsys, Inc. that can be used at this step include Jupiter and Floorplan Compiler products.
During netlist verification (step E120), the netlist is checked for compliance with timing constraints and for correspondence with the VHDL/Verilog source code. Exemplary EDA software products from Synopsys, Inc. that can be used at this step include VCS, VERA, Formality and PrimeTime products.
During physical implementation (step E122), placement (positioning of circuit elements) and routing (connection of the same) is performed. Exemplary EDA software products from Synopsys, Inc. that can be used at this step include the Astro product.
During analysis and extraction (step E124), the circuit function is verified at a transistor level, this in turn permits what-if refinement. Exemplary EDA software products from Synopsys, Inc. that can be used at this step include Star RC/XT, Raphael, and Aurora products.
During physical verification (step E126), various checking functions are performed to ensure correctness for manufacturing, electrical issues, lithographic issues, and circuitry. Exemplary EDA software products from Synopsys, Inc. that can be used at this step include the Hercules product.
During resolution enhancement (step E128), geometric manipulations of the layout are performed to improve manufacturability of the design. Exemplary EDA software products from Synopsys, Inc. that can be used at this step include the iN-Phase, Proteus, and AFGen products.
Finally, during mask data preparation (step E130), the “tape-out” data for production of masks for lithographic use to produce finished chips is performed. Exemplary EDA software products from Synopsys, Inc. that can be used at this step include the CATS(R) family of products.
As ASIC designs become increasingly complex, formal verification of those designs (step E114) becomes more and more difficult. FIG. 2 shows a flow diagram of a conventional formal verification process. An initial circuit design is first provided in a “DESIGN” step 210. A synthesis operation is then performed on the design in a “SYNTHESIS” step 220, to transform the original gate-level RTL layout into an equivalent set of sequential elements (flip flops and latches) in a synthesized layout. Next, in a “CLOCK MODELING” step 230, the propagation of data through the synthesized layout is monitored in response to discrete clock cycles to test the functionality of the circuit design. During a “VERIFICATION” step 240, the results of the clock modeling are evaluated, and any problems (or lack thereof) are provided in an “OUTPUT” step 260.
Conventional clock modeling methodologies often generate combinational loops when processing a synthesized layout of sequential logic (that includes latches). A combinational loop is problematic because the state of data values at locations within the loop (e.g., inputs to logic gates) are not explicitly defined at a given point in time. In a synthesized layout of sequential logic, any latch implemented in that layout has the potential to generate a combinational loop, due to the nature of latch behavior. Specifically, a latch is transparent when enabled (i.e., data at the latch input is passed directly to the latch output), and therefore cannot provide any stabilizing effect when incorporated into a loop of logic.
For example, FIG. 3A shows an exemplary portion of a synthesized layout that includes a multiplexer 310, a latch 320, a combinational logic block 330, a latch 340, and a combinational logic block 350, all connected in series, with the output of logic block 350 feeding back into an input of multiplexer 310. A common clock signal CLK is provided to the clock pins CK of latches 320 and 340, while a selection signal SEL provided to multiplexer 310 determines whether an input signal S1 or the output of logic block 350 is provided to the input pin D of latch 320.
If selection signal SEL instructs multiplexer 310 to feed the output of logic block 350 back to latch 320, a combinational loop is realized when clock signal CLK enables both latches 320 and 340 (e.g., when clock signal CLK is in a logic HIGH state). Such a situation is problematic for clock testing because the data values (e.g., the values at inputs D and outputs Q of latches 320 and 340) at the end of a given clock cycle are not explicitly defined by the circuit itself.
For example, if logic block 330 or 350 performs a data inversion, a logic HIGH value at the input of latch 320 will be (relatively) immediately provided as a logic LOW output to multiplexer 310 by logic block 350. Latch 320 will then receive a logic LOW input from multiplexer 310, which will switch the output of logic block 350 to a logic HIGH state. This data oscillation will continue as long as latches 320 and 340 are enabled (i.e., as long as clock signal CLK is in a logic HIGH phase). When clock signal CLK switches to a logic LOW phase, the most recent state of the data in circuit 300 is stored. However, because of the aforementioned combinational loop behavior (data oscillation), specific values for the stored data cannot be determined in a clock modeling environment.
To overcome this problem, conventional formal verification systems typically perform latch “unrolling” to generate a circuit that can be solved using clock modeling. To “unroll” a latch, the logic driven by that latch is duplicated a predetermined number of times to simulate the repetitive looping effect of the combinational loop. For example, FIG. 3B shows a sample unrolled circuit 300′ for clock modeling that could be generated from circuit 300 in FIG. 3A. Circuit 300′ simulates the combinational loop behavior of circuit 300 by imposing a breakpoint between latch 340 and logic block 350 and replicating the logic following that breakpoint (logic block 350, multiplexer 310, and logic block 330) a certain number of times. Specifically, in circuit 300′, logic block 350, multiplexer 310, and logic block 330 are repeated twice the first time as logic block 350-1, multiplexer 310-1, and logic block 330-1, respectively, and the second time as logic block 350-2, multiplexer 310-2, and logic block 330-2, respectively. Circuit 300′ therefore simulates two cycles of the combinational loop of circuit 300. Latch 340 (in circuit 300) is replaced with a flip flop 340′ coupled between logic block 330-2 and logic block 350-1, while latch 320 (in circuit 300) is replaced with a flip flop 320′ coupled to the output of multiplexer 310-2 to complete unrolled circuit 300′. Note that by choosing a breakpoint between latch 340 and logic block 350 in circuit 300, latch 320 is rendered a pass-through element for combinational loop situations. Accordingly, flip flop 320′ in circuit 300′ simply receives the output of multiplexer 310-2.
Unfortunately, the logic duplicating technique described with respect to FIG. 3B is less than ideal for accurate and efficient clock modeling. The duplicate logic blocks used in place of each latch can significantly expand the size of the synthesized layout, thereby making clock modeling very computationally expensive. Furthermore, since the actual combinational loop behavior of a given circuit will typically depend on propagation delays specific to that circuit, applying the same duplication factor to all latches in a circuit will not accurately represent the behavior of many of those circuits.
Accordingly, it is desirable to provide a method and system for performing formal verification of IC layouts that can accurately account for latch behavior while minimizing computational requirements.