Verification Techniques for COTS Dedication of Commercial FPGA Tools

FPGA (Field-Programmable Gate Array) has received much attention from nuclear industry as an alternative platform of digital I&C (Instrumentation & Control) in nuclear power plants [1,2]. Commercial FPGA synthesis tools synthesize gate-level designs mechanically from RTL (Register Transistor Logic) designs modeled with HDLs (Hardware Description Languages). Nuclear regulation authorities [3], however, require more considerate demonstration of the correctness of the mechanical logic synthesis (i.e., COTS dedication), even if the FPGA industry have acknowledged them empirically as correct and safe processes and tools. While the synthesis can be formally verified with compiler verification techniques [4] directly, it is hard to apply them to the products of 3rd-party developers. An alternative solution we propose is to do the demonstration indirectly. For a specific input program (e.g., Verilog program), if a synthesis tool produces a program (e.g., Netlist) which shows the same behavior for all possible cases, we can claim that the tool works correctly at least for the program. We could use various commercial formal verification tools such as ‘FormalPro’, ‘Encounter Conformal EC’ and ‘Formality,’ which can be used as a means of the indirect demonstration. They are, however, too casesensitive to use naively, as depending on the combination of synthesis and verification tools. For example, we cannot use ‘FormalPro’ for ‘Actel Libero IDE’ with ‘Synopsys Synplify Pro’ synthesizer, which is the combination of the project we are working with. We need to develop a new customized solution for the combination. We propose a VIS-based correctness verification technique [5] for commercial FPGA logic synthesis. It formally checks the behavioral equivalence between an RTL design (i.e. Verilog) and a subsequently synthesized gate-level design (i.e., Netlist) with the support of two transformations making the VIS verification possible. The technique targets the combination of ‘Actel Libero IDE’ and ‘Synopsys Synplify Pro’ synthesizer, which other commercial verification tools could not deal with. If the formal equivalence checking succeeds, we can assure that the logic synthesis worked correctly. A case study we conducted also showed that the VIS-based correctness verification technique can be used positively as a means of demonstrating the correctness [6] of commercial FPGA synthesis tools of 3rd-party developers.