

# Static Analysis

Adam@Adiuvoengineering.com

www.adiuvoengineering.com

## "FPGAs should be forbidden in space applications until the designers learn how to design with them"

Lessons Learned from FPGA Developments - 2002 – S Habinc





## We are Pretty Bad at Designing FPGAs

FPGA projects are performing no better than ASIC



Page 5 Unrestricted | © Siemens 2022 | Functional Verification Study

SIEMENS



## Types of Errors we see

Causes of FPGA non-trivial bug escapes into production Logic/functional failures consistently the top cause of FPGA non-trivial bug escapes



Source: Wilson Research Group and Siemens EDA, 2022 Functional Verification Study

Page 6 Unrestricted |© Siemens 2022 | Functional Verification Study

SIEMENS



## Why is this

Several Reasons

- Incomplete / Poor / Fluid Requirement specifications
- Project time scales We are expected to do more faster
- Poor Process III defined process to go from beginning to end
- Investment in tools Reliance on free versions of tools, simulators etc.
- We are human bugs happen The key is to find them early, and efficiently



## What is Static Analysis

Analyses RTL, to find issues in minutes which might take hours in Synthesis and Simulation.

Done correctly it enables a better quality of code for simulation and synthesis.

Adiuvo uses Blue Pearls – Visual Verification Suite



### What is Blue Pearl's Visual Verification Suite<sup>TM</sup>

- Analyze RTL<sup>™</sup> linting and debug
  - This enables us to ensure coding standards are followed, analyse the design for several structural issues, verify the design complies with manufacturer coding standards e.g. Xilinx Ultrafast Methodology, run path analysis and explore finite state machines.
- Clock Domain Crossing
  - Analyze design and clocking structures to ensure CDC is implemented correctly in the design.
- Automated SDC generation
  - Identified false paths and multi-cycle paths in your design and generated the appropriate SDC file.





Current Design: C:/Users/aptay/Documents/BluePearlExamples/FSM/UnreachableState/unreachable.bps



## Adiuvo / ESA Project

Multi Year project to analyse IP cores using static analysis tool Blue Pearl Visual Verification Suite.

- 2020 Creation of coding rules and analysis circa 50% of IP cores, ESA
  Training
- 2021 Analysis of remaining blocks
- 2022 Reflect changes on identified block, rerun verification training of ESA

Engineers in basic and advanced BPS.



## ESA BPS Coding Rules

Activity Started in 2020 to identify Set of coding rules which can be applied by ESA to its IP cores

Some challenges – ESA is unique several organizations delivering RTL code

Diverse presentation standards e.g camelCase, PascalCase, Snake\_Case etc.

Presentation standards – Not as important

Coding Standards are however important - These ensure quality of the actual design



## ESA BPS Coding Rules

Creation of coding rules pulled from

- ECSS-Q-ST-60-02C
- CNES DESIGN AND VHDL HANDBOOK FOR VLSI DEVELOPMENT
- ESA IP ESA IP Core Technical Requirements
- ESA Model VHDL Modelling Guidelines
- Realtra Coding Rules



## Coding Rules covering

#### ESA BPS Coding rules cover

- FSM Unreachable States
- No Initialization statements
- Ensuring all Flip Flops are Set / Reset
- Input and Output Registers being used
- Unconnected and undriven pins and nets
- Identifying use of Hard Coded Constraints
- Incomplete Sensitivity Lists
- CDC Incorrectly performed
- Unconstrained INT
- Latch Creation
- Using RE and FE edges of the clock



## ESA Coding Rules

Collated into a TCL script for use with BluePearl Visual Verification Studio

Available here <a href="https://github.com/ATaylorCEngFIET/BPS\_Rules">https://github.com/ATaylorCEngFIET/BPS\_Rules</a>

Additional information includes

- How to install the BPS Rules
- How to use the Scripts and Batch files to analyse a Project



## BPS Rules

| Search or jump to             | / Pull requests Issues Codespa                 | ces Marketplace Explore                  |                                    |
|-------------------------------|------------------------------------------------|------------------------------------------|------------------------------------|
| 🛱 ATaylorCEngFIET / BPS_Ru    | ules Public                                    |                                          |                                    |
| <> Code 🕢 Issues ্বি Pull req | uests 🕞 Actions 🖽 Projects 🖽 Wil               | ki 😲 Security 🗠 Insights 🛱 Setting       | gs                                 |
|                               | င္ငံ master → င္ငံ 1 branch 💿 0 tags           |                                          | Go to file Add file ▼ <> Code -    |
|                               | ATaylorCEngFIET Installation instruction       | s added                                  | 118e1c1 20 seconds ago 🕚 3 commits |
|                               | BPS_Scripts                                    | Installation instructions added          | 20 seconds ago                     |
|                               | Project Scripts                                | Initial Issue                            | 1 minute ago                       |
|                               | Help people interested in this repository unde | erstand your project by adding a README. | Add a README                       |



## Modules Analyzed

2020 Batch Components

- EDAC
- FTADR
- HurriCAN
- Leon
- PTME
- SHYLOC 121
- SHYLOC 123
- SPACE FIBRE
- SPW

2021 Batch Components

- AUIP
- EDAC-07
- NoCIP
- Pdec
- PTCD
- SCCC
- SPW RMPA
- SPW Node



# As would be expected with IP cores already verified no MAJOR issues were found however there were some minor issues.





#### Main Issues

- Unbound generics
- Reset not synchronously de-asserted
- Arithmetic Overflow Warnings
- Clock Synchronizer Warnings
- Combination feedback loop created
- Missing bit ranges
- Missing if then else, check no latches are created
- Update design to include all registers being capable of being reset – this prevents reliance on unknown register states at power up which could lead to undefined behaviour



#### Main Issues

- Update source code to remove hard coded constants from the source files to ensure the code is more readable.
- Correct FSM implementations to behave correctly in SEE environment.
- If-then-else statements too deep Can impact timing
- Mixed edge clocking check to ensure no timing issues
- Signals used but no driver check how these signals are used to ensure this isn't an issue



#### Example of FSM Issue Found





#### Example of FSM Issue Found

| le <u>V</u> iew                                                                                                                                                                            |                                                                                                                                                        |                                               | - 0                      |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------|--------------------------|
|                                                                                                                                                                                            |                                                                                                                                                        |                                               |                          |
| ଛ 🔍 🔍 🍳 🔒 🕯                                                                                                                                                                                | 2 💢 👘                                                                                                                                                  |                                               |                          |
| 4 File                                                                                                                                                                                     |                                                                                                                                                        | 6 ×                                           |                          |
| SMs:                                                                                                                                                                                       |                                                                                                                                                        |                                               |                          |
| FSM Name Singl                                                                                                                                                                             | le Process? Current State Ne                                                                                                                           | ext State R. ^                                |                          |
| pfi_pkg(spfi_pkg)(r_tx.st Ves                                                                                                                                                              | state                                                                                                                                                  |                                               | s,dar,lin                |
| pfi_pkg(spfi_pkg)(r_n.w Ves                                                                                                                                                                | wsync_state                                                                                                                                            |                                               | THE STORE                |
| pfi_pkg(spfi_pkg)(r.state) Ves<br>Jreset_sm(g_use_async_r Ves<br><<br>tates:                                                                                                               | state state                                                                                                                                            | ×                                             |                          |
|                                                                                                                                                                                            | Dental Territoria Herricolat                                                                                                                           | LAT MALE A                                    |                          |
| State Name #Transitions F<br>s_clear_line 1 N                                                                                                                                              | Kesetr Terminalr Unreachab<br>Io No No                                                                                                                 | No                                            | (s,darted)               |
|                                                                                                                                                                                            |                                                                                                                                                        |                                               |                          |
|                                                                                                                                                                                            | lo No No                                                                                                                                               | No                                            |                          |
|                                                                                                                                                                                            | lo No No                                                                                                                                               | No                                            | Carrieda                 |
|                                                                                                                                                                                            | lo No No                                                                                                                                               | No                                            | Conney                   |
| c ransitions:                                                                                                                                                                              |                                                                                                                                                        | >                                             | ( sameta                 |
|                                                                                                                                                                                            |                                                                                                                                                        |                                               | Long sonds Long Services |
|                                                                                                                                                                                            |                                                                                                                                                        |                                               |                          |
| ] Enable Cross Probing to RTL?                                                                                                                                                             |                                                                                                                                                        |                                               |                          |
| Enable Cross Probing to RTL?                                                                                                                                                               | rator                                                                                                                                                  |                                               |                          |
|                                                                                                                                                                                            | tl and (r.state = s_sta<br>tate_in := r.lfsr_state<br>fsr_state_in, v_tx_lfsr_<br>:= v_tx_lfsr_st<br>.nt := r.tx_word_cn                               | r_state_out, v_tx_lfsr_out);<br>tate_out;     |                          |
| 267       PR8S gene        269      1f g_prbs_ini        270      v_tx_ifsr_s        271      prbs(v_tx_i)        272      v.1fsr_stat        273      v.tx_iord_c        274      end if; | <pre>tl and (r.state = s_sta<br/>tate_in := r.lfsr_state<br/>fsr_state_in, v_tx_lfsr_st<br/>:e := v_tx_lfsr_st<br/>int := r.tx_word_cn<br/>thine</pre> | e;<br>state_out, v_tx_lfsr_out);<br>tate_out; |                          |

#### FSM Only 10 of 16 states covered



## Module Correction Flow





## Project Flow





## Configuring the Simulation





### Adiuvo Plato

Adiuvo Design Three FPGA for ESA Plato Mission PLIU

- CTRL Platform Controller Manages 10,000 Registers and 54 PID Loops Circa 20K SLOC
- RTD Ultra Low noise FPGA / ADC Game Changing Accuracy & Stability! Circa 15K SLOC
- Heater Low Noise High Power Heater drive

Static Analysis with agreed ESA rules used across all the modules prior to simulation – Full code coverage and synthesis.



### Adiuvo Plato





### Adiuvo Plato

All warning removed from code except for some which are waived

- If Then Else Depth Lucky Running at 6 MHz
- Internal Clock Warning None PLL divide by 2.5
- Tri State Warning on MRAM Interface
- IO Types used I2C

Demonstrates BPS is finding issues as the code is developed and the few warning not corrected are waived after analysis. And presented to ESA in verification plan with justification.



## Adiuvo Gateway

Adiuvo Developing FPGA for ERSA CDHU – Circa 30K lines of RTL

Static Analysis was run on the modules against the ESA coding rules – Integrated as part of the CI Suite

Each evening code in repo checked against results



## Adiuvo Model Based

Adiuvo Recently Pioneered model-based FPGA design targeting MicroChip PolarFire using a newly developed tool.

Developed using model-based flow – SysML to RTL

- RTL Generated is vendor independent Includes AXI Network instantiation
- Circa 100K lines of code
- Massively reduced development time & right first time come see demo

Next challenge is to run the ESA Rule set against the output code – Optimistic as we wrote the tool it will work as expected but will report back next year!



### Conclusion

Static Analysis great tool in the toolbox to help enforce good coding practice.

Enables entry into Simulation with a better code quality

Reduces development time (but hard to quantify) – When implemented in CI flow beneficial as just view reports no need to remember to do it









www.adiuvoengineering.com



adam@adiuvoengineering.com