#### ΣΧΟΛΗ ΘΕΤΙΚΩΝ ΕΠΙΣΤΗΜΩΝ # ΔΠΜΣ Space Technologies, Applications and seRvices (STAR) M806 Space Data Systems Best Practice VHDL Coding for Aerospace Systems Ακαδημαϊκό Έτος 2023-2024 Νεκτάριος Κρανίτης ### DO-254 and DO-178C Standards - DO-254 and DO-178C are standards developed by Radio Technical Commission for Aeronautics (RTCA) and adopted by regulatory bodies i.e. the Federal Aviation Administration (FAA) and European Aviation Safety Agency (EASA) for Aerospace industry - DO-254, "Design Assurance Guidance for Airborne Electronic Hardware (AEH)" - Provides a structured and standardized approach to the development, verification, and validation of electronic HW used in aerospace systems - Covers electronic HW components, such as ICs, PCBs, and other electronic equipment, and defines a set of Design Assurance Levels (DALs) that must be met for each component based on level of safety criticality. - Compliance with DO-254 is required for achieving certification of electronic HW used in airborne systems - DO-178C, "Software Considerations in Airborne Systems and Equipment Certification" - Provides a structured and standardized approach to the development, verification, and validation of SW used in airborne systems - Covers SW components, including OSs, application software, and SW tools, and defines five levels of criticality, called Software Levels (SWLs), that must be met for each component - Compliance with DO-178C is required for achieving certification of SW used in airborne systems. - In summary, **DO-254 focuses on electronic HW**, while **DO-178C focuses on SW**, and both standards are critical for ensuring the safety and reliability of airborne systems ### VHDL coding for DO-254 and DO-178C Compliance - VHDL design with DALA, B and C must establish conformance to VHDL coding standards - No official list from FAA or EASA - Guidance & list of rules proposed by DO-254 UG (2010) - RTCA/DO-254 provides design assurance guidance for airborne electronic HW - Ensure that AEH works reliably as specified, avoiding faulty operation and potential functional hazards - Discusses need for "Design Standards" - FAA Order 8110.105 section 6-2a clarified that HDL coding standards should be defined and checked when it stated: - "To prevent potentially unsafe attributes of HDLs from leading to unsafe features of the components, we must expect that, if they use an HDL, applicants define the coding standards for this language consistent with the system safety objectives, and establish conformance to those standards by HDL code reviews." | | | 1 1 1 1 | |---------|----------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | DAL | Failure<br>Condition | Resulting Conditions | | Level A | Catastrophic | Failure may result in deaths and loss of the aircraft | | Level B | Hazardous | Failure creates a major negative impact on safety or performance or reduces the aircraft crew's ability to operate the aircraft. This can result in serious or fatal injuries. | | Level C | Major | Failure causes significant reduction of the safety margin or significant increase in the aircraft crew workload. Passenger discomfort or minor injuries can result. | | Level D | Minor | Failure slightly reduces the margin of safety or causes slight increase in aircraft crew workload. Results can include passenger inconvenience or changes to a routine flight plan. | | Level E | No Effect | Failure causes no impact or effect on safety, crew workload, or operation of the aircraft. | ## DO-254 UG Positioning Paper - Provide a list of generally accepted VHDL design best practice coding guidelines that should be considered for a fail-safe design, including DO-254 programs - These coding guidelines should NOT be viewed as what must be done in a DO- 254 program - What must be done is always the decision of the applicant in conjunction with the certification authority - However, if project team is looking for a good foundational set of checks to assess the HDL design quality for their DO-254 program, this document provides that foundation DO-254 Users Group Position Paper DO254-UG-001 Best Practice VHDL Coding Standards for DO-254 Programs COMPLETED 2/26/10 (MODIFIED 9/13/10) (Rev 1a) Team Primary Author: Michelle Lange NOTE: This position paper has been coordinated among representatives from the Europe and US DO-254 users groups. This document is provided for educational and informational purposes only and should be discussed with the appropriate certification authority when considering actual projects. This position paper does not represent an official position the EASA, FAO restrocas/RTCA related committees ## DO-254 UG Positioning Paper ### Following 4 Rule Categories Were Proposed - Coding Practices [14 Rules CP1 CP14] - This set of rules ensures that a coding style supporting safety-critical and good digital design practices are used - Safe Synthesis [21 Rules SS1-SS21] - This set of rules ensure that a proper netlist is created by the synthesis tool. - Code Reviews [13 rules DR1 DR13] - This set of rules are checked to ease design reviews & code comprehension - Clock Domain Crossings [1 Rule CDC1] - This rule addresses potential hazards with designs containing multiple clock zones and asynchronous clock zone transitions - This category ensures that a coding style supporting safety-critical and good digital design practices are used - Each rule that follows is given a coding practice (CP) number for ease of reference #### 3. Avoid Hard-Coded Numeric Values (CP3) For design IP reuse and portability ease, hard-coded numeric values should not be used. Constants or generics should be used and documented within the design. This will greatly reduce the probability of a design error from creeping into the design code as it is being ported to a new application. Default severity: Warning ### 4. Avoid Hard-Coded Vector Assignment (CP4) For vector reset assignments; do not use hard-coded values. The reset assignment should be done in a way that is independent of the size of the vector. This limits the impact of changing vector sizes and enhances design portability ease. Default severity: Note ### 5. Ensure Consistent FSM State Encoding Style (CP5) a. A design should employ a consistent state encoding style for Finite State Machines (FSM). b.FSM state types should not be hard-coded, unless unavoidable. Default severity: Error ``` TYPE cpu_sm_state_type IS ( IDLE, -- reset & default state START OP, WRITE_DATA, DO READ, WAITMEM, STALL WAIT, DO RD -- Note, FSM states are encoded as enumerated type ); P_CPU_SM_NEXT_STATE : PROCESS( . . . ) BEGIN CASE current_state_r is WHEN IDLE => WHEN START OP => WHEN "0011" => -- Violation, inconsistent state encoding END CASE; END PROCESS P CPU SM NEXT STATE; ``` #### 6. Ensure Safe FSM Transitions (CP6) - a. An FSM should have a defined reset state. - b. All unused (illegal or undefined) states should transition to a defined state, whereupon this error condition can be processed accordingly. - c. There should be no unreachable states (i.e., those without any incoming transitions) and dead-end states (i.e., those without any outgoing transitions) in an FSM. Default severity: Error Example: END CASE; ``` TYPE fsm_state_type IS ( IDLE, -- reset & default state START_OP, WRITE_DATA, DO READ, WAITMEM, -- wait for memory response STALL_WAIT, -- cpu stall DO RD -- AIS -- Commented out AIS state will cause violation CASE current_state IS WHEN IDLE IF (rd_req='1' AND pre='0') THEN next_state <= DO RD;</pre> WHEN DO_READ => -- Violation, no incoming transition next_state <= DO_RD;</pre> WHEN DO_RD IF (pre='1') THEN status <= WAITMEM; -- Violation, no outgoing transition WHEN OTHERS => -- Others, including error states -- transition to the AIS state next_state <= AIS;</pre> -- Violation, AIS is not a defined state ``` #### 10. Assign Value Before Using (CP10) Every object (e.g., signal, variable, port) should be assigned a value before using it. When objects are used before being defined, a latch may be inferred during synthesis, which is most likely unintentional functional behavior for the design. Default severity: Warning ``` Example: ENTITY fifo bk pressure IS PORT ( -- Port Declarations clk_ck2 : IN std_logic; -- GLOBAL: downstream clock rst ck2 n : IN std logic; -- GLOBAL: downstream reset(N) cntr ck1 i : IN std logic vector(FIFO CNTR-1 DOWNTO 0); -- 9-bit -- Cut-and-paste error, should be cntr_ck2_i, results in violation ); ARCHITECTURE rtl OF fifo_bk_pressure is -- register definitions signal full_threshold_r : fifo_cntr_type; -- 9-bit data type threshold proc: PROCESS(cntr_ck2_i, full_threshold_r) BEGIN assert bk pressure s <= '0'; ELSIF (cntr_ck2_i = full_threshold_r - CDC_DELAY) THEN --VIOLATION "cntr_ck2_i" should be assigned before being read assert_bk_pressure_s <= '1';</pre> END IF; END PROCESS threshold_proc; ``` ### DO-254 Category: Clock Domain Crossing (CDC) This set of standards addresses potential hazards with designs containing multiple clock zones and asynchronous clock zone transitions. ### 1. Analyze Multiple Asynchronous Clocks (CDC1) Any time a design has multiple asynchronous clocks, or if internally-generated clocks are allowed, a thorough clock domain crossing (CDC) analysis should be done. Improper clock domain crossings result in metastability or indeterminate circuit operation, which can have serious adverse affects on a device's operation. This design guidance needs to be mentioned, even though clock domain crossing issues and analysis is beyond the scope of typical HDL linting tools and beyond the scope of this document. - The following standards are checked to ensure a proper netlist is created by synthesis tool. - 1. Avoid Implied Logic (SS1) Do not allow coding that implies feed-throughs, delay chains, and internal tri-state drivers. Default severity: Warning ``` Example: SIGNAL mode : std_logic; -- Internal Tri-state Control SIGNAL tri bus : std logic vector (1 DOWNTO 0); -- Internal signal -- (not top level port) Tristate_Control: PROCESS (mode) BEGIN IF (mode = '0') THEN tri bus <= "OZ"; -- Do not allow internal tristates ELSE tri bus <= "ZO"; -- Do not allow internal tristates END IF; END PROCESS Tristate_Control; Example: ENTITY feed through ea IS PORT ( a_i : IN std_logic; av_i : IN std_logic_vector (10 DOWNTO 0); x_o : OUT std_logic END feed_through_ea; ARCHITECTURE rtl OF feed_through_ea IS BEGIN x_o <= a_i; -- Violation, feed-through from input port "a_i" to output port "x_o" ``` ### 2. Ensure Proper Case Statement Specification (SS2) Case statements should: - a. Be complete - b. Never have duplicate/overlapping statements - c. Never have unreachable case items - d. Always include the "when others" clause ``` CASE addr IS WHEN "000" => clk_div_en <= '1'; WHEN "001" => clk_div_en <= '1'; WHEN "000" => -- Duplicate/overlapping case specification clk_div_en <= '1'; -- Incomplete case specification WHEN "10X" => -- Not reachable case specification xmitdt_en <= '1';</pre> ser_if_select <= addr(1 DOWNTO 0); WHEN "110" => ser_if_select <= addr(1 DOWNTO 0); WHEN "111" => clr_int_en <= '1'; -- Missing WHEN OTHERS clause END CASE; ``` ### 4. Avoid Latch Inference (SS4) The HDL coding style should avoid inference of latches. ``` library ieee; use ieee.std_logic_1164.all; ENTITY vhdlatch IS PORT ( in1, in2, in3, in4 : IN std_logic; out1 : OUT std_logic; out2 : OUT std logic vector(3 DOWNTO 0)); END; ARCHITECTURE arch OF vhdlatch IS BEGIN PROCESS (in1, in2, in3, in4) -- Violation BEGIN IF(in4 = '0') THEN out2(3) <= in1; out2(0) <= in2; ELSE out2 <= (others => in3); END IF; END PROCESS: END; ``` ### 7. Avoid Uninitialized VHDL Deferred Constants (SS7) Ensure all VHDL deferred constants are initialized. Default severity: Warning ``` PACKAGE trafficPackage IS CONSTANT MaxTimerVal: integer -- Violation. Deferred constant 'MaxTimerVal' without initial -- value may not be synthesizable END trafficPackage; ``` #### 8. Avoid Clock Used as Data (SS8) Clock signals should not be used in a logic path that drives the data input of a register. Default severity: Error ``` Example: P_GATED_IN : PROCESS(in1, mclk) BEGIN gated in s <= '0'; IF (in1 = TRANSITION) and (mclk = '0') THEN -- Associated Violation gated in s <= '1'; -- See below END IF; END PROCESS P_GATED_IN; P_PULSE_FF : PROCESS(mclk, rst_n) -- Violation clock used as data BEGIN -- Race condition can occur here IF (rst_n = '0') THEN pulse r <= '0';</pre> ELSIF rising edge (mclk) THEN pulse_r <= gated_in_s;</pre> END IF; END PROCESS P_PULSE_FF; ``` ### 9. Avoid Shared Clock and Reset Signal (SS9) The same signal should not be used as both a clock and reset signal. Default severity: Error ### 10. Avoid Gated Clocks (SS10) Data signals should not be used in a logic path that drives the clock input of a register. Default severity: Warning Clock gating designs for FPGA should not be allowed if the targeted FPGA device does not contain special purpose-built clock gating circuitry in silicon. ### 13. Avoid Mixed Polarity Reset (SS13) The same reset signal should not be used with mixed styles or polarities. Default severity: Warning ``` Example: ARCHITECTURE rtl OF top IS BEGIN proc1: PROCESS(clk_master, clk_n, rst_master) BEGIN IF rising_edge(clk_master) THEN IF (rst_master = '1') THEN -- Violation, inconsistent q <= '0'; -- reset polarities & style ELSE q \ll d1; END IF; END IF; IF (rst_master = '0') THEN -- Violation, inconsistent q <= '0'; -- reset polarities & style ELSIF (falling_edge(clk_n)) THEN q \ll d2; END IF; END PROCESS; END rtl; ``` #### 15. Avoid Asynchronous Reset Release (SS15) Reset signals should have a synchronous release. For synchronous digital designs, it is considered best practice to generate reset control as asynchronous assertion and synchronous de-assertion signal to avoid problems when the reset signal is de-asserted during the active edge of the clock.. Default severity: Error #### Example: Note that the following figure demonstrates a *correct* on-chip reset scheme as described in the preceding text. #### 20. Ensure Nesting Limits (SS20) Conditional branching constructs should have a maximum nesting depth. Default severity: Warning ``` Example: ``` ``` FLIP_FLOP: PROCESS(rst,clk) BEGIN IF rst = '1' THEN qout <= '0'; out_one <= '0'; out_two <= '0'; out_three <= '0'; ELSIF RISING_EDGE(clk) THEN IF in_one = '1' THEN out_one <= in_one; IF in_two = '1'THEN out_two <= in_two; IF in_three = '1' THEN -- Violation if set to 3, as 4<sup>th</sup> level out_three <= in_three;</pre> ``` . . #### 21. Ensure Consistent Vector Order (SS21) *Use the same multi-bit vector order consistently throughout the design.* Default severity: Warning ``` Bus_ascending : IN std_logic_vector (7 DOWNTO 0); Bus_decending : IN std_logic_vector (0 TO 7); -- Violation if Descending order enabled ``` ### 2. Avoid Mixed Case Naming for Differentiation (DR2) Names should not be differentiated by case alone. Default severity: Warning ### Example: ENTITY top IS ``` PORT (nrw: OUT std_logic ); END top; ARCHITECTURE flow OF top BEGIN Nrw <= '0'; -- Violation. Do not allow mixing of case identifier "nrw" -- Identifiers "nrw" and "Nrw" are differentiated by case only END ``` ### 4. Use Separate Declaration Style (DR4) Each declaration should be placed on a separate line. Default severity: Note ``` ARCHITECTURE spec OF status_registers IS SIGNAL xmitting_r, done_xmitting_r : std_logic; -- declaration -- Violation. Multiple signals declared in one line, -- declarations should be on separate lines. END spec; ``` #### 5. Use Separate Statement Style (DR5) Each statement should be placed on a separate line. Default severity: Note ``` Example: ``` ``` IF (en_i = '1') THEN x1_s <= NOT(a1_i); x2_s <= a1_i; -- Violation, multiple statements ELSE x1s <= '0'; x2_s <= '0'; -- Violation, multiple statements END IF;</pre> ``` ### 6. Ensure Consistent Indentation (DR6) Code should be consistently indented. Default severity: Note ``` FLOP FLIP: PROCESS(rst,clk) -- Consistently formatted BEGIN IF rst = '1' THEN tout one <= '0'; tout two <= '0'; tout three <= '0'; ELSIF rising_edge(clk) THEN IF in_one = '1' THEN tout_one <= in_one; IF in_two = '1' THEN tout_two <= in_two; IF in three = '1' THEN tout_three <= in_three;</pre> ENDIF; ENDIF; ENDIF: ENDIF; ``` 7. Avoid Using Tabs (DR7) Tabs should not be used. Default severity: Warning 10. Ensure Consistent File Header (DR10) Ensure a consistent file header. Default severity: Warning 11. Ensure Sufficient Comment Density (DR11) Code should be sufficiently documented via inline comments. Default severity: Warning #### 13. Ensure Company Specific Naming Standards (DR13) Each company or project should establish and enforce its own naming standards. These standards will vary from company to company, or even project to project, and therefore cannot be explicitly included in a generic set of DO-254 coding standards. However, they should be considered and included in each company's HDL coding standards. The sorts of things to consider include: - Having the component have the same name as the associated entity - Ensuring name association between formal and actual generics, ports or parameters - Enforcing specific filename matching with associated entity - Enforcing specific object type naming convention, with a prefix or postfix appended to the object name. Choose only one of these two methods (prefix vs. postfix labels) and consistently apply it through out the entire design. Consideration should be give to naming conventions for clocks, resets, signals, constants, variables, registers, FSM State Variables, generics, labels etc. For example: - a. signals use "\_s" - b. registers use "\_r" - c. constants use "\_c" - d. processes use "\_p" - e. off-chip inputs use "\_I" - f. on-chip inputs use "\_i" - g. off-chip outputs use "\_O" - h. on-chip outputs use "\_o" - i. etc. Default severity: Note ### **Automated Rule Checking** - Design reviews: can be done manually - Automated approach (called linting): - guarantees a more consistent VHDL code quality assessment - has the added benefit of promoting regular VHDL design checking steps throughout the design development process, as opposed to waiting for gating design reviews where issues can be overwhelming and more costly to address ### **SIEMENS Questa Lint** BluePearl ### **CNES Rules** - Originally developed by CNES for internal projects - To improve the way VHDL code is written and thus reducing the time spent for code review - Useful for other companies that want to share common VHDL rules between them and their subcontractors - Handbook is divided into two chapters: - "Standard Rules": includes general rules or recommendations that are common between all companies working with VHDL. These rules share a general agreement between CNES and partners initially involved. Addition and changes to these rules have to be agreed by everyone. - "Custom Rules": includes company specific rules that are adapted/refined from standard rules or completely new. These custom rules allow third party companies to create their own version of the VHDL Handbook. POR VLSI DEVELOPMENT **CNES Edition** ### **CNES Rules** Version 2.2 DESIGN AND VHDL HANDBOOK **Table of Contents** 2.3. Requirement . STD\_03100 : Dead VHDL code INTRODUCTION GLOSSARY VERSION HISTORY | 2021-10-20 | | |------------|--| | | | 29 35 #### FOR VLSI DEVELOPMENT | STANDARD RULES | |----------------------------------------------------------| | 1. Formatting | | 1.1. Naming | | STD_00100 : VHDL object naming convention | | STD 00200 : Name of clock signal | | STD 00300 : Name of reset signal | | STD 00400 : Label for process | | STD_00500 : Name of signal relation with behaviour | | STD_00600 : VHDL file extension | | STD_00701 : Preservation of signal name inside an entity | | STD_00800 : File name convention | | STD_00900 : File name of an entity | | 1.2. FileStructure | | STD_01000 : Number of entities per file | | STD_01100 : Number of architectures in files | | STD_01200 : Number of statements per line | | STD_01300 : Number of ports declaration per line | | STD_01400 : Instantiation of components | | STD_01500 : Entity ports convention | | STD_01600 : Entity port sort | | STD_01700 : Entity special ports | | STD_01800 : Primitive isolation | | STD_01900 : Indentation of source code | | STD_02000 : Indentation style | | STD_02100 : Compactness of VHDL source code | | 2. Traceability | | 2.1. Versioning | | STD_02200 : Version control in header of file | | STD 02300 : Copyright information in the header of file | STD\_02400 : Creation information in the header of the file STD\_02500 : Functional information in the header of file STD\_02600 : IEEE libraries preference ... STD 02700 : Default language . STD 02800 : Comment strategy ... STD 02900 : Comments for entity ports .... STD\_03000 : Comments for objects declaration and statements STD\_03800 : Synchronous elements initialization . STD 04000 : State machine case enumeration completion . STD 03900 : State machine type definition ... | c | sigu | 29 | |---|-------------------------------------------------------|----| | | 3.1. I/O | 29 | | | STD_03200 : Unused output ports components management | | | | STD_03300 : Buffer port type | 30 | | | STD_03400 : Top level ports | 31 | | | STD_03500 : Record type for top level entity ports | 32 | | | 3.2. Reset | 32 | | | STD_03600 : Reset sensitive level | 32 | | | STD_03700 : Reset assertion and deassertion | 34 | | | | | Table of Contents | Version 2.2 | DESIGN AND VHDL HANDBOOK<br>FOR VLSI DEVELOPMENT | 2021-10-20 | |-------------|------------------------------------------------------------------------------------------------|------------| | 3. | 4. Clocking | 41 | | | STD 04100 : Clock domain crossing | | | | STD 04200 : Clock domain crossing handshake based | 42 | | | STD 04300 : Clock domain crossing FIFOs based | | | | STD 04400 : Clock management module | 46 | | | STD 04500 : Unsuitability of Clock Reassignment | 47 | | | STD 04600 : Clock domain number in the design | 50 | | | STD 04700 : Number of clock domains per modules | | | | STD 04800 : Clock edge sensitivity | | | 3. | 5. Synchronous | | | | STD 04900 : Edge detection best practice | | | | STD 05000 : Sensitivity list for synchronous processes | | | | STD 05100 : Metastability management | | | | STD 05200 : Output signal registration | | | 3 | 6. Combinational | | | 3. | STD 05300 : Sensitivity list for combinational processes | | | | STD 05400 : Unsuitability of internal tristate | | | | STD 05500 : Unsuitability of latches | | | | STD 05600 : Unsuitability of tatches STD 05600 : Unsuitability of combinational feedbacks | | | | STD 05700 : Unsuitability of combinational feedbacks STD 05700 : Unsuitability of gated clocks | | | | | | | 3. | 7. Type | 69 | | | STD_05800 : Use of VHDL types in RTL design | | | | STD_05900 : Range for integers | | | | STD_06000 : Range direction for arrays | | | | STD_06100 : Range direction for std_logic_vector | | | | STD_06200 : Management of numeric values | | | | STD_06300 : Unsuitability of variables in RTL design | | | 3. | 8. Reliability | | | | STD_06400 : Error mitigation strategy | | | | STD_06500 : Counters end of counting | | | | STD_06600 : Dimension of comparison elements | | | 3. | 9. Miscellaneous | 78 | | | STD 06700 : Unsuitability of wait statement in RTL design | 78 | | | STD 06800 : Unsuitability of signal initialization in declaration section | 78 | | | STD 06900 : Unsuitability of procedures and functions in RTL design | 79 | | | STD 07000 : Maximum depths of nested objects | 80 | | 4. Simu | lation | 81 | | 4. | 1. Miscellaneous | 81 | | | STD 07100 : Simulation ending | | | | STD_07200 : Use of procedures and functions in testbenches | 82 | | | STD 07300 : Use of wait statement in testbenches | 83 | | 5 Impl | ementation | | | | 1. Analysis | | | ٥. | STD 08000 : Analyze correctness of VHDL | | | CUSTOM DI | JLES | | | | atting | | | | 1. Naming | | | 1. | CNE 00100 : Identification of active low signal | | | | | | | | CNE_00200 : Unsuitability of frequency in clock name | | | | CNE_00300 : Unsuitability of pin number in signal name | | | | CNE_00400 : Name of testbench entity | | | | CNE_00500 : Convention for signal naming | | | | CNE_00600 : Convention for constant naming | | | | CNE_00700 : Convention for process naming | | | | CNE_00800 : Convention for generic ports | | | | CNE_00900 : Convention for custom type naming | | | | CNE_01000 : Identification of variable name | | | | CNE_01100 : Identification of ports direction inside entity port name | 92 | | CNE_01300 : Identification of constant name | . 5 | |---------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | CNE_01400 : Identification of generic port name | . 5 | | CNE_01500 : Identification of custom type name | . 5 | | | | | CNE 01700 : Identification of rising edge detection signal | 5 | | CNE 01800 : Identification of falling edge detection signal | 5 | | CNE 01900 : Identification of registered signals | 10 | | CNE 02000 : Identification of Finite State Machine | 10 | | CNE 02100 : Name of RTL architectures | 10 | | CNE 02200 : Name of configuration entity | 10 | | CNE 02300 : Preservation of clock name | 10 | | CNE 02400 : Preservation of reset name | 10 | | 1.2. FileStructure | 10 | | CNE 02500 : Length of entities name | 10 | | CNE 02600 : Length of signals name | 10 | | CNE 02700 : Number of lines in file | 10 | | 2. Traceability | 11 | | 2.1. Versioning | 11 | | CNE 02800 : Software VHDL generator in header of file | 11 | | CNE 02900 : File name in the header of file | 11 | | CNE 03000 : Creation date in the header of file | 11 | | CNE 03100 : Project name in the header of file | 11 | | CNE 03200 : Author in the header of file | 11 | | CNE 03300 : Functional description in the header of file | 11 | | CNE 03400 : Naming convention in the header of file | 11 | | CNE 03500 : Functional limitation in the header of file | 11 | | CNE 03600 : Current version number in the header of file | 11 | | CNE 03700 : Author of modification(s) in the header of file | 11 | | CNE 03800 : Version history in the header of file | 11 | | CNE 03900 : Reason(s) of modification(s) in the header of file | 11 | | CNE 04000 : Functional impact(s) of modifications in the header of file | 11 | | CNE 04100 : Functional description of modifications in the header of file | 11 | | CNE 04200 : Applicable license in header of file | 11 | | CNE 04300 : Company coding in the header of file | 11 | | | | | 3. Design | 12 | | 3.1. Reset | 12 | | | | | | | | | | | | | | | CNE_01200: Identification of process label CNE_01300: Identification of constant name CNE_01300: Identification of constant name CNE_01300: Identification of custom type name CNE_01500: Identification of receive port name CNE_01500: Identification of receive port name CNE_01500: Identification of receive port name CNE_01500: Identification of resisted signal CNE_01500: Identification of resisted signals CNE_01500: Identification of resisted signals CNE_01500: Identification of resisted signals CNE_01500: Identification of resisted signals CNE_01500: Identification of resisted signals CNE_02500: Identification of resisted signals CNE_02500: Name of RTL_architectures CNE_02300: Preservation of clock name CNE_02300: Preservation of clock name CNE_02500: Length of entities name CNE_02500: Length of entities name CNE_02500: Length of entities name CNE_02500: Length of signals name CNE_02500: Length of signals name CNE_02500: Length of signals name CNE_02500: Software VHDL generator in header of file CNE_02500: File name in the header of file CNE_03500: File name in the header of file CNE_03500: Project name in the header of file CNE_03500: Author in the header of file CNE_03500: Project name heade | DESIGN AND VHDL HANDBOOK FOR VLSI DEVELOPMENT Version 2.2 Table of Contents CNE\_04800 : Finite State Machine two processes based . CNE\_04900 : Use of clock signal . CNE\_05000 : Multiplexor coding style . CNE\_05100 : Multiplexor single process based CNE 05300 : Hierarchical level of entity CNE 05400 : Number of nested packages CNE 05500 : Dimension of array CNE\_05200 : Multiplexor direct assertion based . CNE\_06000 : GHDL Analysis messages reports . 3.3. Clocking 3.4. Combinational . 3.5. Miscellaneous ... 4. Implementation . 125 126 126 127 129 129 129 130 130 132 132 2021-10-20 ### STD\_00300 : Name of reset signal | STD_00300 | Name of reset signal | Major | |-------------------|---------------------------------------------------------|-------| | Revision | 7 / 2020-04-23 | | | Status / Engine | Implemented / ZamiaCad | | | Classification | VLSI / Formatting / Naming | | | Application Field | General | | | Parent Rule | STD_00100 | | | Description | The reset signal name includes "rst", "reset" or "clr". | | #### Detailed Description: A signal is considered as a "RESET" whenever it is used inside a clocked-process to initialize signals value to a known state (most of the time zero) or mapped on a IP reset input. If several reset signals are used, each reset is identified with a different name. #### · Rationale: The reset signal is critical. This signal needs to be easily found through the design. #### Good Example: Extracted from STD 00300 good.vhd ``` i_Reset_n : in std_logic; -- Reset signal ``` #### STD\_00400 : Label for process | STD_00400 | Label for process | Minor | | |--------------------------|--------------------------------------|-------|--| | Revision | 5 / 2020-04-23 | | | | Status / Engine | Implemented / ZamiaCad | | | | Classification | VLSI / Formatting / Naming | | | | <b>Application Field</b> | General | | | | Parent Rule | STD_00100 | | | | Description | Processes are identified by a label. | | | #### · Detailed Description: No additional information. #### Rationale: Labels improve readability of simulations, VHDL source code and synthesis logs. #### · Good Example: Extracted from STD 00400 good.vhd ``` -- LABELLED PROCESS P_FlipFlop: process(i_Clock, i_Reset_n) begin if (i_Reset_n = '0') then Q <= '0'; elsif (rising_edge(i_Clock)) then Q <= i_D; end if; end process; ``` #### · Bad Example: Extracted from STD 00400 bad.vhd #### STD\_01600: Entity port sort | STD_01600 | Entity port sort | |--------------------------|------------------------------------------| | Revision | 6 / 2020-04-23 | | Status / Engine | Validated / None | | Classification | VLSI / Formatting / FileStructure | | <b>Application Field</b> | General | | Parent Rule | STD_01500 | | Description | Entity ports are organized by interface. | #### · Detailed Description: Entity ports are grouped by external interfaces. Within an interface group, ports could then be sorted by direction (input, output, bidirectional). #### Rationale: Ports grouped by external interfaces improves readability. #### Good Example: Extracted from STD 01600 good.vhd #### Bad Example: Extracted from STD\_01600\_bad.vhd ``` entity STD_01600_bad is -- We sort port by name port ( i_A1 : in std_logic; -- First Mux, first input i_A2 : in std_logic; -- Second Mux, first input i_B1 : in std_logic; -- First Mux, second input i_B2 : in std_logic; -- Second Mux, second input i_Sel1 : in std_logic; -- First Mux, selector input i_Sel2 : in std_logic; -- Second Mux, selector input i_Clock : in std_logic; -- Clock input i_Reset_n : in std_logic; -- Reset input o_Q1 : out std_logic; -- First module output o_Q2 : out std_logic -- Second module output ); end STD_01600_bad; ``` ### STD\_01700 : Entity special ports | STD_01700 | Entity special ports | Minor | | |-------------------|-------------------------------------------------|-------|--| | Classification | VLSI / Formatting / FileStructure | | | | Application Field | General | | | | Parent Rule | STD_01500 | | | | Description | Special ports are the first group of an entity. | | | #### · Detailed Description: Special input ports like clock(s), reset and global enable are the first to be written in an entity. #### Rationale: These special signals are important for the understanding of the module functionalities. Thus gathering them at the beginning of an entity improves readability. #### · Good Example: Extracted from STD\_01700\_good.vhd #### Bad Example: Extracted from STD 01700 bad.vhd ``` entity STD_01700_bad is port ( o_Q : out std_logic; -- D Flip-Flop output signal i_D : in std_logic; -- D Flip-Flop input signal i_Clock : in std_logic; -- Clock signal i_Reset_n : in std_logic -- Reset signal ); end STD_01700_bad; ``` #### STD 03600 : Reset sensitive level | STD_03600 | Reset sensitive level | Major | |-------------------|-----------------------------------------------------------------|-------| | Revision | 5 / 2020-04-23 | | | Status / Engine | Implemented / ZamiaCad | | | Classification | FPGA / Design / Reset | | | Application Field | General | | | Parent Rule | N/A | | | Description | Every synchronous process uses the same reset activation level. | | #### · Detailed Description: No additional information. #### · Rationale: In a FPGA, the reset signal is usually a high fan-out signal routed using a dedicated global signal routing track. Usin both levels of the reset signal to asynchronously reset the flip-flops of the design results in the synthesis of the resisgnal itself and its inverted version, which leads to the usage of 2 global dedicated routing tracks versus a single on with one of the reset signal passing through an inverter in the FPGA fabric rendering the reset recovery timings closu harder to meet for the FPGA EDA tools. #### Good Example: Extracted from STD 03600 good.vhd ``` architecture Behavioral of STD 03600 good is signal D_rl : std_logic; -- D signal registered 1 time signal D r2 : std logic; -- D signal registered 2 times signal D_re : std_logic; -- Module output P First Register : process(i Reset n, i Clock) begin if (i_Reset_n = '0') then D rl <= '0'; elsif (rising edge (i Clock)) then D rl <= i D; end process; P Second Register : process(i Reset n, i Clock) if (i_Reset_n = '0') then D_r2 <= '0'; D re <= '0'; elsif (rising edge(i Clock)) then D r2 <= D r1; D re <= D rl and not D r2; end if; end process; o Q <= D re; end Behavioral: ``` #### **Bad Example:** Extracted from STD 03600 bad.vhd ``` architecture Behavioral of STD_03600_bad is signal D_rl : std_logic; -- D signal registered 1 time signal D_r2 : std_logic; -- D signal registered 2 times signal Dre : std logic; -- Module output signal Reset : std_logic; -- Reset signal (active high) P_First_Register : process(i_Reset_n, i_Clock) begin if (i Reset n = '0') then D_rl <= '0'; elsif (rising_edge(i_Clock)) then D_rl <= i_D; end if: end process; Reset <= not i_Reset_n; P Second Register : process(Reset, i Clock) begin if (Reset = '1') then D r2 <= '0'; D_re <= '0'; elsif (rising edge (i Clock)) then D r2 <= D r1; D re <= D rl and not D r2; end if: end process; o Q <= D re; ``` ### STD\_03700 : Reset assertion and deassertion | STD_03700 | Reset assertion and deassertion | Major | |-------------------|-------------------------------------------------------------------------|-------| | Revision | 7 / 2020-04-23 | | | Status / Engine | Implemented / ZamiaCad | | | Classification | VLSI / Design / Reset | | | Application Field | General | | | Parent Rule | N/A | | | Description | Internal reset is asserted asynchronously and deasserted synchronously. | | #### · Detailed Description: If several clock domains are used then several reset signals are created to be deasserted synchronously with each targeted clock domain. #### · Figure: #### Good Example: Extracted from STD 03700 good.vhd ``` entity STD 03700 good is port ( i Clock : in std logic; -- Clock signal i Reset Input n : in std logic; -- Reset input o Main Reset n : out std logic -- Global reset signal active low end STD 03700 good; architecture Behavioral of STD 03700 good is signal Main Reset n : std_logic; -- Internal signal between FlipFlops signal Main Reset n r : std logic; -- Assertion block output P Reset Assert : process(i Reset Input n, i Clock) begin if (i Reset Input n = '0') then Main Reset n <= '0'; -- Output reset signal is active low Main Reset n r <= '0'; elsif rising edge (i Clock) then Main Reset n <= '1'; -- Reset is deasserted. Since it is active low, the inactive Main Reset n r <= Main Reset n; end if: end process; o Main Reset n <= Main Reset n r; ``` #### Rationale: Synchronous design uses the principle that all registers in a same clock domain leave the reset state at the same time. Asynchronous assertion ensures that the design could be reset even if the input clock is not yet functional. Synchronous deassertion ensures that the component startup sequence is reproducible and that the clock is ready and stable before the deassertion of the reset inside the component. Doing so, if there is a glitch on the external reset, it will produce an internal reset that is active at least one clock period and guarantees a correct reset of the internal logic. ### STD\_03900 : State machine type definition | STD_03900 | State machine type definition | Major | |-------------------|-----------------------------------------------|-------| | Revision | 5 / 2020-04-23 | | | Status / Engine | Implemented / Yosys-ghdl | | | Classification | VLSI / Design / StateMachine | | | Application Field | General | | | Parent Rule | N/A | | | Description | FSM states are encoded using enumerated type. | | #### · Detailed Description: Other type of state machine definition like vectors or integer are forbidden. #### · Rationale: Enumerated type to encode FSM states allows readability and reuse. #### Good Example: Extracted from STD\_03900\_good.vhd ``` architecture Behavioral of STD 03900 good is constant c Length : std logic vector(3 downto 0) := (others => '1'); -- How long we should count is (init, loading, enabled, finished); -- Enumerated type type t state for state encoding signal sm State : t state; -- State signal signal Raz : std logic; -- Load the length value and initialize the counter signal Enable : std logic; -- Counter enable signal signal Length : std logic vector(3 downto 0); -- Counter length for counting signal End Count : std logic; -- End signal of counter begin -- A simple counter with loading length and enable signal Counter:Counter port map ( i Clock => i Clock, i Reset n => i Reset n, i Raz => Raz, i Enable => Enable, i Length => Length, o Done => End Count -- FSM process controlling the counter. Start or stop it in function of the input (i Start -- load the length value, and wait for it to finish P FSM:process(i Reset n, i Clock) begin if (i Reset n='0') then sm State <= init; <= '0'; ``` ``` Count Length <= (others=>'0'); elsif (rising edge(i Clock)) then case sm State is -- Set the length value Length <= c Length; sm State <= loading; when loading => -- Load the counter and initialize it Raz <= '1'; sm State <= enabled; when enabled => -- Start or stop counting depending on inputs until it finishes Raz <= '0'; if (End Count='0') then -- The counter has not finished, wait Enable <= i Start xor not i Stop; sm State <= Enabled; -- The counter has finished, nothing else to do Enable <= '0'; sm State <= finished; end if; when others => sm State <= init; end case; end if: end process; end Behavioral; ``` #### Bad Example: Extracted from STD 03900 bad.vhd ``` architecture Behavioral of STD 03900 bad is constant c Length : std logic vector(3 downto 0) := (others => '1'); -- How long we should count signal sm State : std logic vector(3 downto 0); -- State signal signal Raz : std logic; -- Load the length value and initialize the counter signal Enable : std logic; -- Counter enable signal signal Length : std_logic_vector(3 downto 0); -- Counter length for counting signal End Count : std logic; -- End signal of counter -- A simple counter with loading length and enable signal Counter : Counter port map ( i Clock => i Clock, i Reset n => i Reset n, i Raz => Raz, i_Enable => Enable, i Length => Length, o Done => End Count -- FSM process controlling the counter. Start or stop it in function of the input (i Start -- load the length value, and wait for it to finish P FSM : process(i Reset n, i Clock) if (i Reset n = '0') then sm State <= "0001"; Raz <= '0'; Enable <= '0'; Count Length <= (others=>'0'); elsif (rising edge(i Clock)) then case sm State is when "0001" => -- Set the length value Length <= c Length; sm State <= "0010"; when "0010" => ``` ### STD\_04000 : State machine case enumeration completion | STD_04000 | State machine case enumeration completion | Major | |-------------------|------------------------------------------------------------------|-------| | Revision | 6 / 2021-10-14 | | | Status / Engine | Implemented / Yosys-ghdl | | | Classification | VLSI / Design / StateMachine | | | Application Field | General | | | Parent Rule | N/A | | | Description | VHDL code addresses all the defined states of the state machine. | | ### · Detailed Description: When all cases statement are not explicitly addressed in the VHDL code, an extra "when others" case will be added. "when others" instruction handles the default condition when none of the previous case statements are met. ### · Rationale: State completion ensures deterministic behaviour between simulation and final design. ### STD 04000: State machine case enumeration completion Good Example: Extracted from STD\_04000\_good.vhd ``` architecture Behavioral of STD 04000 good is constant c Length : std logic vector(3 downto 0) := (others => '1'); -- How long we should count type t state is (init, loading, enabled, finished); -- Enumerated type for state encoding signal sm_State : t_state; -- State signal : std logic; -- Load the length value and initialize the counter signal Raz signal Enable : std logic; -- Counter enable signal signal Count Length : std logic vector(3 downto 0); -- Counter length for counting signal End Count : std logic; -- End signal of counter -- A simple counter with loading length and enable signal Counter : Counter port map ( i Clock => i Clock, i Reset n => i Reset n, i Raz => Raz, i Enable => Enable, i Length => Count Length, o Done => End Count ); -- FSM process controlling the counter. Start or stop it in function of the input (i Start -- load the length value, and wait for it to finish P FSM : process(i Reset n, i Clock) begin if (i Reset n = '0') then sm State <= init; Raz <= '0'; Enable <= '0'; Count Length <= (others=>'0'); elsif (rising edge(i Clock)) then case sm State is when init => -- Set the length value Count Length <= c Length; sm State <= loading; when loading => -- Load the counter and initialize it Raz <= '1'; sm State <= enabled; when enabled => -- Start or stop counting depending on inputs until it finishes Raz <= '0'; if (End Count = '0') then -- The counter has not finished, wait Enable <= i_Start xor not i_Stop;</pre> sm State <= Enabled; -- The counter has finished, nothing else to do Enable <= '0'; sm State <= finished; when others => sm State <= init; end case; end if: end process; end Behavioral: ``` Bad Example: Extracted from STD\_04000\_bad.vhd ``` architecture Behavioral of STD 04000 bad is constant c Length : std logic vector(3 downto 0) := (others => '1'); -- How long we should count type t state is (init, loading, enabled, finished); -- Enumerated type for state encoding signal sm State : t state; -- State signal : std logic; -- Load the length value and initialize the counter signal Raz : std logic; -- Counter enable signal signal Enable signal Count Length : std logic vector(3 downto 0); -- Counter length for counting signal End_Count : std_logic; -- End signal of counter -- A simple counter with loading length and enable signal Counter : Counter port map ( i Clock => i Clock, i_Reset_n => i_Reset_n, i_Raz => Raz, i Enable => Enable, i Length => Count Length, o Done => End Count ); -- FSM process controlling the counter. Start or stop it in function of the input (i Start -- load the length value, and wait for it to finish P FSM : process(i Reset n, i Clock) begin if (i Reset n = '0') then sm State <= init; Raz <= '0'; Enable <= '0'; Count Length <= (others=>'0'); elsif (rising edge(i Clock)) then case sm State is when init => -- Set the length value Count Length <= c Length; sm State <= loading; when loading => -- Load the counter and initialize it Raz <= '1'; sm State <= enabled; when enabled => -- Start or stop counting depending on inputs until it finishes if (End Count = '0') then -- The counter has not finished, wait Enable <= i Start xor not i Stop; sm State <= Enabled; -- The counter has finished, nothing else to do Enable <= '0'; sm State <= finished; end if; --*** MISSING finished state of the FSM ***-- end case; end if; end process; end Behavioral; ``` ### STD 04900: Edge detection best practice | STD_04900 | Edge detection best practice | Major | |-------------------|------------------------------------------------------------|-------| | Revision | 6 / 2020-04-23 | | | Status / Engine | Validated / None | | | Classification | VLSI / Design / Synchronous | | | Application Field | General | | | Parent Rule | N/A | | | Description | Synchronous mechanisms are used for signal edge detection. | | #### Detailed Description: A specific mechanism is used in order to detect rising or falling edge input signal. This mechanism involves a real design clock, at least one D Flip-Flop to delay the signal, and combinational gate(s) to select the edge. #### · Rationale: Flip-Flops clock input is dedicated to a clock signal. Thus, using it as a way to detect a signal edge (by using rising\_edge(...) or 'event attribute) may lead to the creation of a new clock domain for each signal edge detection implemented in the design: this is not the purpose. ### Good Example: Extracted from STD\_04900\_good.vhd ### STD\_05200: Output signal registration | STD_05200 | Output signal registration | Minor | |-------------------|------------------------------------------------------------|-------| | Revision | 6 / 2020-04-23 | | | Status / Engine | Implemented / Yosys-ghdl | | | Classification | VLSI / Design / Synchronous | | | Application Field | General | | | Parent Rule | N/A | | | Description | All outputs signal from a top level entity are registered. | | ### · Detailed Description: Combinational outputs at top level are forbidden. Those outputs belong to the timing domain in which they are generated at top level. Whenever it is possible, use I/O blocks register instead of internal register for top level outputs. Unless specified and approved, a combinational signal is never used directly as a top level output. #### Rationale: All outputs of an integrated circuit are coming from output registers whenever possible and from regular registers when not possible. The clock used is the same as the one used in the signal source clock domain. Doing so suppresses all glitches on the outputs whenever a signal level change occurs and enables control of the clocks to outputs delays of the circuit so that the time borrowed by any signal to propagate from its respective launching clock edge to its assigned device output is controlled and less than a given maximum allowed time. With controlled clocks to outputs delays, enough PCB propagation time and inputs to clocks delays is left for those outputs to be captured using the same clock in a remote device. ### **CNE\_00500**: Convention for signal naming | CNE_00500 | Convention for signal naming | Minor | |--------------------------|--------------------------------------------------------------------------------|-------| | Revision | 5 / 2020-04-23 | | | Status / Engine | Validated / None | | | Classification | VLSI / Formatting / Naming | | | <b>Application Field</b> | General | | | Parent Rule | STD_00100 | | | Description | Each word that composes a signal name are clearly identified with an underscor | ·e. | ### • Detailed Description: In order to separate words in signal name the following convention is applied: Name\_Of\_The\_Signal. The separation by uppercase (NameOfTheSignal) is not used. ### **CNE\_00600**: Convention for constant naming | CNE_00600 | Convention for constant naming Minor | | |--------------------------|------------------------------------------------------------------------------------|--| | Revision | 5 / 2020-04-23 | | | Status / Engine | Validated / None | | | Classification | VLSI / Formatting / Naming | | | <b>Application Field</b> | General | | | Parent Rule | STD_00100 | | | Description | Each word that composes a constant name are clearly identified with an underscore. | | ### • Detailed Description: In order to separate words in a constant name the following convention is applied: Name\_Of\_The\_Constant. The separation by uppercase (NameOfTheConstant) is not used. ### **CNE\_00700**: Convention for process naming | CNE_00700 | Convention for process naming | Minor | |--------------------------|--------------------------------------------------------------------------------|-------| | Revision | 5 / 2020-04-23 | | | Status / Engine | Validated / None | | | Classification | VLSI / Formatting / Naming | | | <b>Application Field</b> | General | | | Parent Rule | STD_00100 | | | Description | Each word that composes a process name are clearly identified with an undersco | ore. | ### • Detailed Description: In order to separate words in a process name the following convention is applied: Name\_Of\_The\_Process. The separation by uppercase (NameOfTheProcess) is not used. ### **CNE\_00800**: Convention for generic ports | CNE_00800 | Convention for generic ports | Minor | |--------------------------|---------------------------------------------------------------------------------|-----------| | Revision | 5 / 2020-04-23 | | | Status / Engine | Validated / None | | | Classification | VLSI / Formatting / Naming | | | <b>Application Field</b> | General | | | Parent Rule | STD_00100 | | | Description | Each words that composes a generic port name are clearly identified with an und | lerscore. | ### • Detailed Description: In order to separate words in a generic port name the following convention is applied: Name\_Of\_The\_Generic. The separation by uppercase (NameOfTheGeneric) is not used. ### **CNE\_01000**: Identification of variable name | CNE_01000 | Identification of variable name | Minor | |--------------------------|-----------------------------------------|-------| | Revision | 5 / 2020-04-23 | | | Status / Engine | Implemented / ZamiaCad | | | Classification | VLSI / Formatting / Naming | | | <b>Application Field</b> | General | | | Parent Rule | STD_00100 | | | Description | The name of a variable use "v_" prefix. | | ### • Detailed Description: No additional information. ### • Rationale: When an unique naming convention is applied to the whole source files from the design, then the resulting code is homogenized which increases readability. With this convention, designer will be able to track synthesis of variable and especially identify if a variable created some unwanted flip-flops. ### **CNE\_01900**: Identification of registered signals | CNE_01900 | Identification of registered signals | Minor | |--------------------------|------------------------------------------------------------------------|-------| | Status / Engine | Validated / None | | | Classification | VLSI / Formatting / Naming | | | <b>Application Field</b> | General | | | Parent Rule | STD_00100 | | | Description | The suffix of a signal that is a registration of another one is: "_r". | | ### · Detailed Description: The signal source is also included inside the signal name. Thus, a signal that is clock delayed of a signal named My Signal is My Signal r. If a small number of registration of a same signal is used (less or equal to 3), SIGNAL\_r can become SIGNAL\_rx where x is the number of registration stage. If a significant number of registration of a same signal is used, use an array for registration level instead of different signals. ### Good Example: Extracted from CNE\_01900\_good.vhd ``` entity CNE 01900 good is port ( i Reset n : in std logic; -- Reset signal i Clock : in std logic; -- Clock signal i D : in std logic; -- Signal on which detect edges o D re : out std logic -- Rising edge of My Sig ); end CNE 01900 good; architecture Behavioral of CNE 01900 good is signal D rl : std logic; -- i D registered 1 time signal D r2 : std logic; -- i D registered 2 times -- Rising edge detection process P detection: process(i Reset n, i Clock) begin if (i Reset n='0') then D r1 <= '0'; D r2 <= '0'; elsif (rising edge(i Clock)) then D r1 <= i D; D r2 <= D r1; end if; end process; o D re <= D rl and not D r2; end Behavioral: ``` ### CNE\_04800 : Finite State Machine two processes based | CNE_04800 | Finite State Machine two processes based | Note | |--------------------------|------------------------------------------------|------| | Revision | 6 / 2020-04-23 | | | Status / Engine | Validated / None | | | Classification | VLSI / Design / StateMachine | | | <b>Application Field</b> | General | | | Parent Rule | CNE_04600 | | | Description | FSM coding style use the two processes method. | | ### • Detailed Description: #### Good Example: FSM coding style use one synchronous process for state registration and one asynchronous process for states and outputs assertion. Extracted from CNE\_04800\_good.vna ``` architecture Behavioral of CNE_04800 good is constant c Length : std logic vector(3 downto 0) := (others => '1'); -- How long we should count type t state is (init, loading, enabled, finished); type for state encoding signal sm State : t state; -- State signal signal sm Next State : t state; -- Next state signal Raz : std logic; -- Load the length value and initialize the counter signal Enable : std logic; -- Counter enable signal signal Length : std logic vector(3 downto 0); -- Counter length for counting signal End Count : std logic; -- End signal of counter Counter:pkg Counter port map ( i Clock => i Clock, i_Reset_n => i_Reset_n, i Raz => Raz, i Enable => Enable, i Length => Length, o Done => End Count -- FSM process controlling the counter. Start or stop it in function of the input (i Start -- load the length value, and wait for it to finish -- Process registration P_FSM_State_Reg:process(i_Reset_n, i_Clock) if (i Reset n='0') then sm State <= init; elsif (rising edge(i Clock)) then sm State <= sm Next State; end if; end process; -- Outputs assertion P FSM Output:process(sm State, i Start, i Stop, End Count) ``` ``` Raz <= '0'; Enable <= '0'; Length <= c Length; -- Set the length value case sm State is when init => sm Next State <= loading; when loading => -- Load the counter and initialize it Raz <= '1'; sm Next State <= enabled; when enabled => -- Start or stop counting depending on inputs until it finishes if (End Count='0') then Enable <= i Start xor not i Stop; sm Next State <= enabled; sm Next State <= finished; end if; when others => sm Next State <= init; end case; end process; end Behavioral; ``` ### CNE\_01100 : Identification of ports direction inside entity port name | CNE_01100 | Identification of ports direction inside entity port name | Minor | |--------------------------|---------------------------------------------------------------|-------| | Revision | 6 / 2020-04-23 | | | Status / Engine | Validated / None | | | Classification | VLSI / Formatting / Naming | | | <b>Application Field</b> | General | | | Parent Rule | STD_00100 | | | Description | Entity port name uses prefix to determine the port direction. | | ### · Detailed Description: Prefixes are: "i\_" for input port, "o " for output port, "b\_" for bidirectional port. ### Rationale: Indicating the port direction inside the port name improves readability. ### Good Example: Extracted from CNE 01100 good.vhd ``` entity CNE_01100_good is port ( i_Clock : in std_logic; -- Clock signal i_Reset_n : in std_logic; -- Reset signal i_D : in std_logic; -- D Flip-Flop input signal o_Q : out std_logic -- D Flip-Flop output signal ); end CNE_01100_good; ``` # **Automated Rule Checking** ## https://github.com/VHDLTool/Zamiacad-Rulechecker ## Traditional VHDL design ### Features - Many concurrent statements - Many signals - Few and small process statements - No unified signal naming convention - Coding is done at low RTL level: - Assignments with logical expressions - · Only simple array data structures are used ## Problems - Slow execution due to many signals and processes - Dataflow coding difficult to understand - Algorithm difficult to understand - No distinction between sequential and combinational signals - Difficult to identify related signals - Large port declarations in entity headers ## Abstract of synchronous digital system - Two separate parts - A combinational part - A sequential part # Two-process method (J. Gaisler) - Two local signals are declared: - register-in (rin) - register-out (rout) - The full algorithm (q = f(d,r)) is performed in combinational process - Comb. process is sensitive to all input ports and register outputs r - The sequential process is only sensitive to the clock - Record types are used extensively - Record in each module defines all the registers - Records in Packages define port I/O - Don't have to fix every instantiation when a port map changes, just update the record and everything still works! - Few signals, mostly in/out/state records - Variables - Functions / procedures are used extensively ## Two-process VHDL entity - From "A Structured VHDL Design Method" by Jiri Gaisler - Only two processes combinational (asynchronous) and sequential (registers) are used - Complete algorithm can be coded sequential in the combinational process that outputs the internal state and sequential process registers the internal state and handles reset <sup>\* &</sup>lt;a href="http://www.gaisler.com/doc/vhdl2proc.pdf">http://www.gaisler.com/doc/vhdl2proc.pdf</a> for a full write-up of the benefits of this style. # Two-process method: data types - The local signals r and rin are of composite type (record) and include all registered values - All outputs are grouped into one entity-specific record type, declared in a global interface package - Input ports are of output record types from other entities - A local variable of the registered type is declared in the combinational processes to hold newly calculated values - Additional variables of any type can be declared in the combinational process to hold temporary values # Example ``` use work.interface.all: entity iractrl is port ( clk : in std_logic; rst : in std_logic; sysif: in sysif_type; irqo : out irqctrl_type); end; architecture rtl of irqctrl is type reg_type is record irq : std_logic; pend : std_logic_vector(0 to 7); mask : std_logic_vector(0 to 7); end record: signal r, rin : reg_type; ``` ### begin ``` comb : process (sysif, r) variable v : reg_type; begin v := r; v.irq := '0'; for i in r.pend'range loop v.pend := r.pend(i) or (sysif.irq(i) and r.mask(i)); v.irq := v.irq or r.pend(i); end loop; rin <= v; irqo.irq <= r.irq; end process;</pre> ``` ``` reg : process (clk) begin if rising_edge(clk) then r <= rin; end if; end process;</pre> ``` end architecture; # Two-process method: using records - Useful to group related signals - Nested records further improves readability - Directly synthesizable - Element name might be difficult to find in synthesized netlist ``` type reg1_type is record f1 : std_logic_vector(0 to 7); f2 : std_logic_vector(0 to 7); f3 : std_logic_vector(0 to 7); end record: type reg2_type is record x1 : std_logic_vector(0 to 3); x2 : std_logic_vector(0 to 3); x3 : std_logic_vector(0 to 3); end record: type reg_type is record reg1 : reg1_type; reg2 : reg2_type; end record; variable v : regtype; v.reg1.f3 := "0011001100"; entity mul32 is generic ( : integer := 0; multype : integer range 0 to 3 := 0; pipe : integer range 0 to 1 := 0; : integer range 0 to 1 := 0; arch : integer range 0 to 3 := 0; scantest: integer := 0 ); port ( : in std ulogic; clk : in std ulogic; holdn : in std ulogic; muli nul32 in type; testen : in std ulogic := '0'; testrst : in std ulogic := '1' ); end; ``` ``` type mul32 in type is record : std logic vector (32 downto 0); -- operand 1 opI : std logic vector (32 downto 0); -- operand 2 op2 flush : std logic; : std logic; signed : std logic; start : std logic; mac : std logic vector (39 downto 0); acc : std logic vector(7 downto 0); -- Y (MSB MAC register) --y : std logic vector(31 downto 0); -- LSB MAC register --asr18 end record; type mul32 out type is record : std logic; ready nready : std logic; : std logic vector(3 downto 0); -- ICC icc : std logic vector(63 downto 0); -- mul result result end record; ``` # Hierarchical design Grouping of signals makes code readable and shows the direction of the dataflow ``` use work.interface.all; entity cpu is port ( clk : in std_logic; : in std_logic; rst mem_in : in mem_in_type; mem_out : out mem_out_type); end; architecture rtl of cpu is signal cache_out : cache_type; signal proc_out : proc_type; signal mctrl_out : mctrl_type: begin u0 : proc port map (clk, rst, cache_out, proc_out); u1 : cache port map (clk, rst, proc_out, mem_out cache_out); u2 : mctrl port map (clk, rst, cache_out, mem_in, mctrl_out, mem_out); end architecture: ``` # Dataflow vs. two-process comparison | | Two-process method | Dataflow coding | |--------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Adding ports Adding registers | Add field in interface record type Add field in register record type | <ul> <li>Add port in entity declaration</li> <li>Add port to sensitivity list (input)</li> <li>Add port in component declaration</li> <li>Add signal to port map of component</li> <li>Add definition of signal in parent</li> <li>Add two signal declaration (d &amp; q)</li> <li>Add q-signal in sensitivity list</li> <li>Add driving signal in comb. process</li> </ul> | | Debugging | <ul> <li>Put a breakpoint on first line of combination process and step forward</li> <li>New signal values visible in local variable v</li> </ul> | <ul> <li>Add driving statement in seq. process</li> <li>Analyze how the signal(s) of interest are generated</li> <li>Put a breakpoint on each process or concurrent statment in the path</li> <li>New signal value not immediately visible</li> </ul> | | Tracing | Trace the r-signal (state) Automatic propagation of added or deleted record elemenets | <ul> <li>Find all signals that are used to implement registers</li> <li>Trace all found signals</li> <li>Re-iterate after each added or deleted signal</li> </ul> | ## Coding Style Example – Simple Counter ``` entity Counter is generic ( TPD G : time := 1 ns); -- Simulated propagation delay port ( clk : in sl; rst : in sl; : in slv(7 downto 0); count : out slv(7 downto 0); rollover : out sl); end entity Counter; architecture rtl of Counter is -- Record containing all register elements type RegType is record count : slv(7 downto 0); rollover : sl; end record RegType; -- Initial and reset values for all register elements constant REG INIT C : RegType := ( count => (others => '0'), rollover => '0'); -- Output of registers. (The Q output) signal r : RegType := REG INIT C; -- Combinatorial input to registers (The D input) signal rin : RegType; begin -- Boilerplate sequential process -- Assign rin to r on rising edge of clk to create registers seq : process (clk) is begin if (rising edge(clk)) then r <= rin after TPD G; end if: ``` ``` end process seq; -- Main module logic -- Generates rin based on r and any module inputs comb : process (max, r, rst) is variable v : RegType; begin -- Initialize v with current value of all registers v := r; -- Set register values for next rising edge v.count := r.count + 1; v.rollover := '0'; -- Override above assignments when max reached if (r.count = max) then v.count := (others => '0'); v.rollover := '1'; end if: -- Synchronous reset -- Override all above assignments and apply init values if (rst = '1') then v := REG INIT C; end if: -- Assign final state of local variable to rin signal -- Registers will assume these values on next rising edge rin <= v; -- Assign registered signals to outputs count <= r.count;</pre> rollover <= r.rollover;</pre> end process comb; end architecture rtl; ``` ## Coding Style Example – UART BRG\* ``` entity UartBrg is begin generic ( comb : process (r, rst) is CLK FREQ G : real := 125.0E6; -- Default 125 MHz variable v : RegType; BAUD RATE G : integer := 115200; -- Default 115.2 kbps begin MULTIPLIER G : integer := 16); v := r; port ( v.count := r.count + 1; clk : in sl; v.baudClkEn := '0'; rst : in sl; if (r.count = CLK DIV C) then baudClkEn : out sl); v.count := 0; end entity UartBrg; v.baudClkEn := '1'; end if: architecture rtl of UartBrg is if (rst = '1') then constant CLK DIV C : integer := integer(CLK FREQ G / v := REG INIT C; real(BAUD RATE G * MULTIPLIER G)) - 1; end if; type RegType is record rin <= v; count : integer; baudClkEn <= r.baudClkEn;</pre> baudClkEn : sl; end process; end record RegType; seq : process (clk) is constant REG INIT C : RegType := ( begin count \Rightarrow 0, if (rising edge(clk)) then baudClkEn => '0'); r \ll rin; signal r : RegType := REG INIT C; end if; signal rin : Regtype; end process; ``` end architecture rtl; # Coding Style Example – FSMs - Simple case-statement implementation - Maintains current state - Both combinational and registered output possible ``` type state type is (first, second, last); type reg type is record state : state type; drive : std logic; end record; signal r, rin : reg type; begin comb : process(...., r) variable v : req type; begin v := r; case r.state is when first => if cond0 then v.state := second; end if; when second => if cond1 then v.state := first; elsif cond2 then v.state := last; end if; when others => v.drive := '1'; v.state := first; end case; if reset = '1' then v.state := first; end if; modout.cdrive <= v.drive; -- combinational output</pre> modout.rdrive <= r.drive; -- registered output end process; ``` architecture rtl of mymodule is # Procedure Example ``` procedure updateCount( v : inout RegType; begin if (v.count = max) then v.count := (others => '0'); v.rollover := '1'; else v.count := v.count + 1; v.rollover := '0'; end if; end procedure; Comb : process (r, max) is variable v := RegType; begin v := r; updateCount(v); rin <= v; end process; ``` # **Packages** - Packages are very useful for sharing constants, typedefs, functions and procedures - With the "two-process" coding style, functions and procedures become very easy to use - Can abstract complex logic to avoid code repetition - Procedures used when a logic block has more than one output, or needs to read and update a variable ## Two-process method: Benefits - Sequential coding is well known and understood - Algorithms easily extracted - Easy to extend - Readability = Maintainability - Fast simulation - Easier debugging and verification - No simulation/synthesis discrepancies - Example: Current NOEL-V integer pipeline - 2 processes - Combinational, 2200 lines - Clocked, 60 lines - 53/22 procedures/functions, ~5000 lines (not counting generic ones from other files) - 17 in port signals - 13 out port signals - 4 local signals (+12 for disassembler) - The in/out ports connect to separate modules for: caches, register file, branch prediction, IRQ, debug, mul/div. 65 - Example: Current NOEL-V cache controller and MMU - 3 processes - Combinational, 3500 lines - Two clocked, one assignment each (+debug) - 10/45 procedures/functions, ~1500 lines (not counting generic ones from other files) - 12 in port signals - 4 out port signals - 4 local signals (+2 for debug) - The in/out ports connect to: AHB bus, caches, integer pipeline. - Both LEON5 (Sparc) and NOEL-V (RISC-V)! 66 • **Example**: First half of the execute stage ``` ex flush := '0'; if wb fence i = '1' or v.wb.flushall = '1' or x branch = '1' then ex flush := '1'; end if; ex branch flush := '0'; if wb fence i = '1' or v.wb.flushall = '1' then ex_branch flush := '1'; end if; ex_forwarding(...); -- Lane 0 ex forwarding(...); -- Lane 1 branch unit(...); jump ex forwarding(...); jump_unit(...); alu execute(...); -- ALU0 alu execute(...); -- ALU1 ex stdata forwarding(...); mul gen(...); for i in 0 to ISSUEWAYS-1 loop ex xc(i) := r.e.ctrl(i).xc; ex_xc_cause(i) := r.e.ctrl(i).cause; ex xc tval(i) := r.e.ctrl(i).tval; end loop; ``` \*Source: Gaisler ... Example: Detail of the execute stage ``` -- Forwarding Lane 1 ------ ex forwarding(r, -- in : Registers -- in : Lane 1 r.e.forw(1), -- in : Forwarded from Memory -- out : Output op1 from Mux ex_alu_op1(1), ex alu op2(1) -- out : Output op2 from Mux -- Branch Unit ----- branch unit(ex alu op1(1), -- in: Forwarded Op1 ex alu op2(1), -- in: Forwarded Op2 r.e.ctrl(1).valid, -- in : Enable/Valid Signal r.e.ctrl(1).branch.valid, -- in : Branch Valid Signal r.e.ctrl(1).inst(14 downto 12), -- in: Inst funct3 r.e.ctrl(1).branch.addr, -- in : Branch Target Address r.e.ctrl(1).branch.naddr, -- in : Branch Next Address r.e.ctrl(1).branch.taken, -- in : Prediction r.e.ctrl(1).pc, -- in : PC In ex branch valid, -- out : Branch Valid ex_branch_mis, -- out : Branch Outcome ex branch addr, -- out : Branch Address ex branch xc, -- out : Branch Exception -- out: Exception Cause ex branch cause, -- out : Exception Value ex branch tval *Source: Gaisler ```