Design and Verification of CoreConnect IP Using Esterel

1
Design and Verification of CoreConnect IP Using
Esterel

• Satnam Singh
• Xilinx Research Labs

2
History

• Gerard Berrys invited talk at CHARME 2001
• Verification of Esterel designs using synchronous
  observers.
• Evaluation project at Xilinx.
• PSL/Sugar Evaluation at CHARME 2005?

3
Evaluation Project

• Gentler introduction to assertions using safe
  state machines (sync charts).
• Esterel for design (OPB peripherals)
• Esterel for verification (OPB protocol violations)

4
(No Transcript)
5
ZBT SSRAM
SDRAM
ROM
DDRSDRAM
OPB
ZBT SSRAMController
SDRAMController
DDR SDRAMController
External BusController
OPB Bridge
On-ChipPeripheral
CoreConnect OPB(On-Chip Peripheral Bus)
CoreConnect Processor Local Bus (PLB) Arbiter
On-ChipPeripheral
405 PPC
I-Cache PLB
OPB Bridge
D-Cache PLB
High-SpeedPeripheral
6
LocalLink (Point to Point)
7
Aurora (Link Layer Protocol)
8
TX of 10 Gigabit Ethernet MAC
9
Verify RX Control Signals
10
Single Specification for Hardware and Software
VHDL, Verilog -gt hardware implementation
HW/SW agnostic specification
void uart_device_driver () .....
uart.c
C -gt software implementation
11
Configuration
12
(No Transcript)
13
FSM Specification
14
Esterel Specification
15
Esterel Studio
16
Creating design
Via Safe State Machines
Via Esterel code
loop await A await B emit O each
R
17
sender
18
parallel to serial shift
19
receive
20
serial to parallel
21
FIFO
22
UART without bus interface
23
Hardware UART XC2V1000
24
OPB Protocol
25
UART with OPB Interface
26
Direct use in SoC
27
Soft UART MicroBlaze XC2V1000
28
Verification by simulation
29
Verification with Observers
Inputs
Observed system
System model
Observer
BUG
Outputs
BUG is possibly emitted
BUG is always emitted
Verifier
BUG is never emitted
30
Verification engines

• 2 proof engines available inside Esterel Studio
• Built-in verifier TiGer
• BDD technique
• Prover Plug-in
• SAT technique

31
Formal verification
FIFO property only a read access can cause an
exit from the full state
Proven in less than 2 seconds
32
Specification of master behavior ...
33
slave
34
and arbiter
35
OPB Protocol violations
e.g. Checking that RNW doesnt change during a
transaction
36
Formal verification
Of the OPB slave interface proving that it
wont cause bus timeouts
Proven in less than 2 seconds
37
Formal verification
Of the FIFO proving that only initialized data
is returned
Using an internal observer to access internal
signals No constraint on input signals
Proven in 30 seconds
38
Conclusions

• Synchronous observers provide a plausible
  additional verification technique to simulation,
  assertion languages (PSL/Sugar and OpenVERA
  etc.).
• Esterel shows promising results for the synthesis
  of control-based circuits.
• More accessible to engineers than grammar based
  techniques?

39
Next Steps

• Comparison with PSL/Sugar and OVL
• Currently working on
• Xilinx Link Layer protocol (LocalLink, Aurora).
• TX portion of 10 gigabit ethernet MAC.
• Language enhancements to better support HW
  design.
• Compiling observers into HW.