CN114117979A - Method and device for eliminating function errors and trojans of FPGA (field programmable Gate array) circuit - Google Patents

Abstract

A method of providing a function transformation for a programmable circuit such as an FPGA to eliminate functional errors or hardware trojans, comprising: providing a look-up table mapping circuit representation originating from a programmable circuit implemented with a first register transfer level, RTL, document having an original specification; providing a second RTL document having a revised specification modified from an original specification and having a function transformed from the original specification; converting the look-up table mapping circuit representation to a shadow netlist corresponding to a gate-level netlist representing the look-up table mapping circuit representation; generating a second gate-level netlist from the second RTL document; generating a functional ECO patch circuit to be completely merged into the look-up table mapping circuit representation based on the comparison of the shadow netlist and the second gate netlist; and transforming the functionality of the programmable circuitry by incorporating the ECO patch circuitry into a look-up table mapping circuitry representation. The invention reduces the time spent on ECO iteration in the programmable circuit construction, and minimizes the area of the programmable circuit chip occupied after the patch circuit is added.

Description

Method and device for eliminating function errors and trojans of FPGA (field programmable Gate array) circuit

Statement of benefit relating to use of prior application

The present application claims benefit from united states continuation-in-part application No.17/005337 entitled "method and apparatus for eliminating functional errors and hardware trojans in integrated circuits implemented by Field Programmable Gate Arrays (FPGAs)", continuation-in-part application time 8/28/2020, the contents of which are incorporated herein by reference in their entirety.

Technical Field

The present invention relates generally to circuit design and, more particularly, to a method and apparatus for improving the efficiency of converting integrated circuit functions.

Background

Modern circuits, such as Integrated Circuits (ICs), are very complex. For example, an average desktop computer chip may have over 10 hundred million transistors. Due to complexity and high cost, IC designs are often outsourced to third parties to complete circuit designs. This outsourcing approach provides an attacker with the opportunity to damage the designed IC by introducing malicious alterations or Hardware Trojans (HT), which leads to serious security issues, especially for critical applications such as military applications. HT may cause malfunction or damage to circuits embedded in HT, reducing circuit reliability and leaking confidential information.

There is a need for new methods and apparatus for verifying and improving circuit security.

In addition, in designing Very Large Scale Integration (VLSI), the functionality of an IC may have to be changed at some point after its initial design for various reasons, such as improving its performance, introducing new functionality, or masking HT. Such changes are typically accomplished by performing Engineering Changes (ECO). However, existing ECO technologies are slow and inefficient. Therefore, new methods and apparatus for transforming IC functions are needed.

Disclosure of Invention

An exemplary embodiment is presented herein that provides a method of detecting, locating and masking functional Hardware Trojans (HT) in arithmetic circuits to improve circuit security. The method detects and eliminates HT in a second netlist by comparing a standard arithmetic circuit (referred to as a first netlist) with a circuit (referred to as a second netlist) corrupted by HT.

The arithmetic macroblocks are extracted from the first netlist and the second netlist respectively, and then the extracted arithmetic macroblocks are compared. An arithmetic macro block is used to locate the HT in the second netlist, and patch circuits are added to the second netlist to mask HT for circuit security.

One example embodiment provides a method of transforming a function of a circuit. The method provides a first Register Transfer Level (RTL) document of an original specification and a second RTL document of a revised specification, generates a first gate level (GTL) netlist and a second GTL netlist, compares the two RTL documents to identify an instance to be modified, locates the instance to be modified in the first GTL netlist, and transforms the function of the circuit by patching the circuit so that the patched first GTL netlist is equivalent to the second GTL netlist.

One example embodiment provides a method of transforming the functionality of a programmable circuit (e.g., an FPGA). The method comprises the following steps: providing a look-up table (LUT) mapping circuit representation derived from a programmable circuit implemented with a first Register Transfer Level (RTL) document, the first RTL document having an original specification; providing a second RTL document for the programmable circuit, the second RTL document having a revised specification, wherein the revised specification is modified from the original specification and has functionality transformed from the original specification; converting the LUT mapped circuit representation to a shadow netlist corresponding to a gate level (GTL) netlist representing the LUT mapped circuit representation; generating a second GTL netlist from the second RTL document; generating an Engineering Change (ECO) patch circuit to be fully merged into the LUT mapping circuit representation based on a comparison of the shadow netlist with the second GTL netlist; and transforming the functionality of the programmable circuit by incorporating the ECO patch circuit into the LUT mapping circuit representation, wherein the incorporated LUT mapping circuit representation is equivalent to the second GTL netlist to perform the same function, thereby enabling the programmable circuit to be reprogrammed in accordance with the revision specification by exploiting the free incorporation cost characteristics of the LUT structure.

Other exemplary embodiments are also discussed herein.

Drawings

FIG. 1 shows a diagram of a situation of a hardware Trojan Horse (HT) implant during a circuit design process in accordance with an example embodiment.

Fig. 2A shows a gate level (GTL) circuit diagram according to an example embodiment.

Fig. 2B shows a circuit diagram after HT injection in a GTL circuit according to an example embodiment.

Fig. 2C shows a modified GTL circuit diagram according to an example embodiment.

Fig. 2D shows an HT diagnostic report according to an exemplary embodiment.

Fig. 3 shows a flowchart of an example method according to an example embodiment.

Fig. 4A shows a composition diagram of a multiplier according to an exemplary embodiment.

Fig. 4B shows a composition diagram of a multiplier according to an exemplary embodiment.

FIG. 5 shows a schematic diagram of an XOR forest, according to an example embodiment.

FIG. 6 illustrates a flow diagram of an example reverse engineering technique, according to an example embodiment.

FIG. 7A shows a schematic diagram of checking a netlist in accordance with an illustrative embodiment.

FIG. 7B shows a schematic diagram of a target netlist in accordance with an illustrative embodiment.

FIG. 7C illustrates a net list schematic after pruning in accordance with an exemplary embodiment.

Fig. 8A shows a schematic diagram before adding patch circuitry in accordance with an example embodiment.

Fig. 8B shows a schematic diagram after patch circuitry is added in accordance with an example embodiment.

FIG. 9A shows a schematic before adding a conservative class patch in accordance with an illustrative embodiment.

FIG. 9B shows a schematic after addition of a conservative class patch in accordance with an illustrative embodiment.

FIG. 10A shows a schematic before adding an aggressive class patch in accordance with an example embodiment.

FIG. 10B shows a schematic diagram after adding an aggressive class patch in accordance with an example embodiment.

FIG. 11A shows a circuit diagram before optimizing a patch circuit using an Add-First re-routing transform in accordance with an example embodiment.

FIG. 11B shows a circuit diagram after optimizing a patch circuit using an Add-First re-routing transform in accordance with an example embodiment.

FIG. 12A shows a circuit diagram before optimizing a patch circuit using a Cut-First rewiring transformation, according to an example embodiment.

FIG. 12B shows a circuit diagram after optimizing a patch circuit using the Cut-First rewiring transform in accordance with an exemplary embodiment.

FIG. 13 illustrates a test case information table in accordance with an illustrative embodiment.

Fig. 14 shows a table of experimental results according to an example method.

FIG. 15 illustrates a computer system that may be obtained in accordance with an exemplary embodiment.

Fig. 16 shows a flow diagram of an example method of transforming a circuit function according to an example embodiment.

FIG. 17 is a diagram illustrating an example method of generating a netlist to be patched in accordance with an illustrative embodiment.

FIG. 18 shows a diagram of an example method of obtaining instances, module ports, and signals to be patched, according to an example embodiment.

Fig. 19 is a diagram illustrating an example of an ECO process according to an exemplary embodiment.

FIG. 20A shows a diagram of an old netlist in a non-programmable circuit prior to ECO in accordance with an illustrative embodiment.

FIG. 20B shows a diagram of a corresponding ECO netlist in the non-programmable circuit of FIG. 20A in accordance with an example embodiment.

FIG. 21A shows a diagram of an old netlist in a programmable circuit prior to ECO in accordance with an illustrative embodiment.

FIG. 21B shows a diagram of a corresponding ECO netlist in the programmable circuit of FIG. 21A in accordance with an example embodiment.

FIG. 22 shows a flowchart of an example method of transforming the functionality of a programmable circuit according to an example embodiment.

Fig. 23 shows a flowchart of an example process of LUT-directed ECO, according to an embodiment.

Detailed Description

Example embodiments relate to methods and apparatus to improve circuit security.

Circuit (e.g., Integrated Circuit (IC)) or chip design and fabrication is very complex. Modern ICs typically include millions of miniature electronic components such as gates, transistors and diodes (e.g., today average desktop computer chips may have over 10 hundred million transistors), which makes it impossible for one to design such circuits or chips with a stylus or manually. These tasks are typically accomplished using hardware such as a computer device or system that installs corresponding software, such as Electronic Design Automation (EDA) or Computer Aided Design (CAD) tools.

As the complexity of IC design and manufacture increases significantly, designs are often outsourced by using third party intellectual property (3PIP) from vendors. The likelihood of Hardware Trojans (HT) or errors (e.g., unexpected or unauthorized functional hardware insertion, malicious hardware insertion, or unauthorized design modification) being injected into a circuit by an attacker (e.g., untrusted or dishonest engineer or spy) is greatly increased. In addition, unreliable manufacturers may also install unexpected functionality into a circuit or chip during the hardware fabrication stage.

HT or errors can damage a circuit or chip in many ways. For example, HT maliciously changes or modifies the functionality of a circuit by adding, deleting, or modifying one or more components of the circuit (e.g., logic gates, transistors, diodes, etc.). As another example, HT indirectly changes a circuit function by modifying one or more parameters to be sent into the circuit. HT may interrupt a circuit (e.g., IC) or alter the function of a normal circuit. By way of example, HT causes an IC to fail and/or perform one or more functions that constitute a security attack. HT may also be designed or implanted by spy to retrieve sensitive data or information, or to change host circuit specifications, such as latency, power consumption and reliability. For example, if HT is implanted or embedded in a circuit, a circuit or chip designated to operate normally for ten years may be shortened to be reliable for only one year.

Therefore, in industries such as IC design, verification and manufacturing, consumer products, and military applications, it is very important to detect the presence of HT or defects in a circuit (e.g., an arithmetic circuit, such as an IC) and to mask or kill such HT. And detecting and removing such HT or errors to improve circuit safety is of great significance in these industries. Undetected HT in a circuit such as an IC can make the circuit at great risk in a number of respects, such as sensitive information leakage. Existing detection algorithms are inefficient in detecting and removing HT (e.g., high runtime or time complexity), greatly extend product design cycles, and increase time-to-market and jeopardize profitability. Furthermore, the unsatisfactory efficiency or complexity of the runtime of existing algorithms requires that the computer device provide more resources (such as memory usage) and high performance (such as high processing power and speed), and also increases network consumption when data is transmitted over a network to a remote server. Thus, unsatisfactory methods or schemes for HT detection and capture not only technically and economically jeopardize many industries (e.g., the IC industry and other industries related to or dependent on the IC industry), but also require expensive computer hardware, require significant resource consumption, such as memory usage and high processing speeds.

Existing or conventional methods have difficulties and drawbacks in detecting and killing HT in the circuit. On the one hand, this is because the presence of HT is not easily detectable. HT may reside within the test circuitry of the chip to avoid being detected during normal operation and occasionally activated to perform malicious operations. Furthermore, the number of logic gates in modern ICs or chips is too large to be feasible for exhaustive testing. On the other hand, existing methods are inherently deficient in one or more respects.

For example, many existing methods can only extract simple logic patterns from gate level (GTL) netlists, such as gates, but cannot handle complex but basic arithmetic modules, such as adders and multipliers. Some existing methods use simulation tools to identify logic gates with low activation probabilities, which, however, are inaccurate. Some existing approaches employ Satisfiability (SAT) -based functional form verification techniques to detect HT in a circuit, however, they are not able to verify certain arithmetic logic (e.g., non-booth multipliers and booth multipliers) designed in different styles. The main reason that existing SAT-based functional formal verification techniques do not work well is that existing SAT algorithms are highly dependent on successfully locating the internal equivalence of the comparison logic. When a small number of internal equivalence points are found, the solution time grows exponentially in the worst case (e.g., when performing comparisons between multipliers designed in different patterns (e.g., non-booth versus booth)) even for fairly small circuits. Existing SAT algorithms also appear to be unworkable in terms of an equivalent check of a circuit (e.g., an arithmetic circuit), such as failing to demonstrate equality between two arithmetic circuits. Furthermore, the current methods do not detect and locate where the main body and boundaries of the HT are, and do not allow the chip owner or designer to analyze the circuit for the expected damage of HT.

Thus, existing methods or schemes exhibit inefficiencies in detecting and masking or removing circuits or arithmetic circuits (e.g., ICs, Application Specific Integrated Circuits (ASICs) and Field Programmable Gate Arrays (FPGAs), Digital Signal Processors (DSPs), etc.). From a computer technology point of view, the prior art is also disadvantageous: because the less efficient process of detecting and masking HT can consume a significant amount of time (e.g., tens of hours or days, or even not converge (leaving the subject matter unresolved after a significant amount of runtime)); large resource usage (e.g., memory usage and network consumption) is required; expensive computer equipment (e.g., high processing power).

Exemplary embodiments solve the above-described problems by providing technical solutions in new methods and apparatuses that function in an unconventional manner to benefit the circuit industry and the computer industry. Exemplary embodiments have significantly improved or enhanced efficiency in preventing (e.g., detecting, locating and masking or removing) HT, increasing circuit production (e.g., yield) and lifetime by reducing or preventing circuit failures and malfunctions caused by HT. On the other hand, circuit security is improved by avoiding sensitive data leakage or by avoiding circuits or devices or machines containing such circuits to prevent the circuits from being taken over by attackers or spyware. The exemplary embodiments further benefit computer technology by reducing resource consumption (e.g., memory usage and network consumption). The example method may be performed by a computer device or system having lower hardware requirements, and thus reduce the need for expensive computers having expensive chips, memory, and other internal electronic components.

Exemplary embodiments solve the above problems by providing technical solutions in new methods and apparatuses. The new methods and apparatus may detect one or more functional differences between a problem circuit and the correct circuit caused by one or more HT or faults, may locate or display the differences to correct HT or investigate tampering intent or purpose, and kill, mask or remove HT by restoring functionality to the original specification (e.g., the correct specification). By way of example, the example embodiments restore the functionality of a circuit or chip back to the original specification with minimal circuit changes to avoid significantly impacting the performance of the circuit or chip (such as clocks and timing). The exemplary embodiments improve circuit security by preventing intentional or drawn damage to the circuit at an early stage and find spy sources by revealing HT intent.

By way of example, the illustrative embodiments solve the above-described problems by providing a combinatorial technical solution with reverse engineering, formal verification, functional Engineering Change (ECO), logic rewiring algorithms. As an example, an exemplary embodiment may automatically handle multiple HT's, ensuring that a hundred percent of the HT's present are captured in the circuit.

By way of example, the illustrative embodiments overcome the problem of SAT algorithms not being usable in arithmetic verification by combining reverse engineering with formal verification, referred to as the Complementary Coupled (CC) formal verification scheme. Example reverse engineering performed well in validating equality proofs, while example SAT solvers performed well in validating inequality proofs. The coupling of reverse engineering and SAT techniques can take advantage of the benefits of both reverse engineering and SAT simultaneously and achieves a combined benefit that improves HT detection, reduces run-time complexity, and increases the ability to verify circuit correctness. By way of example, exemplary embodiments may compare a netlist of a correct or standard design with a netlist of potential embedded or implanted HT circuits.

In an example embodiment, when a functional difference is detected between the actual production circuitry and the standard circuitry, functional ECO techniques are used to locate the HT and patch circuitry is inserted or added to mask or eliminate the HT. In another example embodiment, a logic re-routing technique is applied to optimize patch circuitry such that the size of the circuitry is minimized. This technique minimizes the difference between the performance of the circuit after correction and the performance before correction.

By way of example, an exemplary embodiment for detecting, locating and masking multiple HT's (without limitation to the number of HT's) in an IC with millions of logic gates may only require a few minutes of runtime, as compared to hours or even days of current methods.

Exemplary embodiments include computer systems with specific software, as well as such computer systems embedded in a network. Example computer systems solve technical problems caused in the circuit industry, such as the IC industry, by performing the example methods herein. When performing the example method, the example computer system improves hardware performance by reducing resource usage, such as memory usage and network consumption.

Fig. 1 shows a diagram of a scenario of HT injection during a circuit design process according to an example embodiment. The graph 100 includes a client 110, a design factory 120, a chip fabrication factory 130, and a spy or attacker 140.

By way of example, customer 110 has planned or proposed specifications (e.g., microarchitectural and system-level specifications, etc.) for designing new circuits or chips (e.g., ICs, ASICs, FPGAs, DSPs, etc.) to accommodate the industry domain. By way of example, a Register Transfer Level (RTL) specification language, such as Verilog or VHDL, is used to specify a design function or specification. Design factory 120 then goes through a lengthy design process in which the design team performs circuit design using hardware (e.g., computers) including software (e.g., EDA or CAD tools) according to the prescribed design functions provided by customer 110. Customer 110 is equivalent to outsourcing a particular circuit design to design factory 120.

By way of example, the design process performed in design factory 120 includes logical synthesis and physical place and route (P & R). For example, as shown in FIG. 1, RTL stage circuit 122 is converted to gate-level (GTL) circuit 124, which is then converted to circuit-level circuit 126. The final circuit design is delivered to the manufacturer 130 for production.

As shown in fig. 1, during the design phase of the design factory 120, a spy 140 (e.g., untrusted person or dishonest engineer) maliciously inserts or embeds an HT or error into a circuit or chip. By way of example, HT may be introduced to the design process of circuits, such as RTL level circuits 122, gate level circuits 124, and circuit level circuits 126, at any intermediate stage in design factory 120.

Client 110 must be able to effectively and efficiently detect and remove HT (e.g., detect HT in a hundred percent of the practical time limit, e.g., in polynomial time or even linear time). Otherwise, a spy 140 with an injected HT may cause a circuit or chip failure, damage the system of the chip or steal confidential information. Clients 110 may also be prone to inexpensive HT acquisition procedures (e.g., lower requirements on hardware such as computer devices).

Fig. 2A-2D show schematic diagrams of HT injection in a gate-level (GTL) circuit, according to an example embodiment. For illustrative purposes only, FIG. 2A shows an original GTL circuit 210, which includes an 8-AND gate 214 with an input vector 212, 212 having 8 inputs represented as in [7:0], an AND gate 216 having one output 218 (as out) AND two inputs: one is the output of 8-AND gate 214 AND the other is input 213 (as s).

As an example, GTL circuit 210 in fig. 2A is the original netlist of the circuit. As an example, the input 213 receives a redundant internal signal s, which is a fixed logic 1 during normal operating mode or normal operation.

Fig. 2B shows a netlist 220 including malicious logic or HT 225 according to an example embodiment. As a result, the AND gate 216 in FIG. 2A is replaced or changed to a Multiplexer (MUX) 226. The added malicious logic 225 is not triggered in the normal operating mode and therefore cannot be detected by using conventional methods such as normal input test vectors.

FIG. 2C illustrates a patched netlist 230 in accordance with an exemplary embodiment. As shown, the patched netlist 230 includes patch or patch logic 235 that masks or kills malicious logic or HT 225 in an example embodiment, the size of the patch 235 is minimized to reduce the performance loss of the target circuit or chip. As an example, the target circuit or chip is the final product with HT removed or shielded.

Fig. 2D shows an HT diagnostic report 240 according to an example embodiment. HT diagnostic report 240 includes a first portion 242 showing the netlist of patch 235 and a second portion 244 showing MUX 236 after correction with patch 235.

Fig. 2A-2D illustrate a process for improving circuit safety by an exemplary method of detecting, locating and masking or killing an inserted or implanted HT or defect in a circuit. The inserted HT is masked by introducing a patch so that the circuit can be restored back to the correct circuit according to the original or correct specification.

Fig. 3 shows a flow chart according to an exemplary embodiment. The flow diagram 300 represents an example method performed by a computer or device incorporating the computer with associated software installed. Computers include electronic devices such as computer systems or electronic systems, wearable electronic devices, servers, portable electronic devices, hand-held portable electronic devices, and hardware (e.g., processors, processing units, digital signal processors, controllers, memories, etc.).

The example method, when executed by a computer, solves one or more of the prior art problems in the circuit industry as described above by improving the effectiveness and efficiency of circuit design (e.g., reducing runtime complexity). The example method also improves the performance of a computer executing the example method by consuming fewer resources (e.g., memory, processor, and network usage such as bandwidth).

Block 302 depicts a first netlist of an arithmetic circuit for use in an example method.

For example, the first netlist is an original designated (standard or correct) netlist that conforms to a planned or proposed specification of a customer or individual. As an example, the first netlist is a gate level (GTL) netlist converted from standard Register Transfer Level (RTL) circuitry.

Block 304 depicts a second netlist of the arithmetic circuitry used in the example method.

For example, the second netlist is the netlist that was checked. As an example, the second netlist is modified by HT generated by a spy or attacker. To improve circuit safety, it is necessary to check whether the second netlist is functionally identical to the first netlist.

Block 306 indicates extracting arithmetic macro cells from the first netlist to obtain first one or more arithmetic macros. Block 308 depicts extracting arithmetic macros from the second netlist to obtain one or more arithmetic macros.

By way of example, a macro or arithmetic macro is defined as a logic block that is a building element in a circuit (e.g., an IC), such as an adder, multiplier, Multiplexer (MUX), or a logic block such as (a + B) xc, may be considered a macro.

In an exemplary embodiment, an example Reverse Engineering (RE) technique is applied to extract and compare all arithmetic macros, such as adders and multipliers. Arithmetic macros are typically composed of many basic components, 1-bit adders, including 1-bit Half Adders (HA) and/or 1-bit Full Adders (FA). The reverse engineering technique (RE) first identifies all these basic components from the entire circuit. The RE then builds a 1-bit adder graph where the output of one adder is the input of the other adder. The functionality of different arithmetic macros can be derived from different composition styles of the constructed adder diagram.

As an example, arithmetic components (such as an adder and a multiplier) are implemented in various forms such as a CLA adder, a Ripple adder, a Booth multiplier, and a Non-Booth multiplier, which are constituted by 1-bit adders. For example, fig. 4A-4B illustrate two different versions of multipliers 410 and 420. Where FA represents a 1-bit full adder and HA represents a 1-bit half adder. As shown, both multiplier 410 and multiplier 420 include some common structural elements (e.g., 1-bit adders).

In an exemplary embodiment, all 1-bit adders are fetched first. A 1-bit Full Adder (FA) has 3 input signals (e.g., a, b, and c) and 2 output signals (e.g., sum and carry (also known as co)). The function of the 1-bit full adder is as follows:

FAco＝a&b+b&c+a&c (1)

wherein

Also known as an XOR operation represents a Boolean XOR function, and a "+" represents a Boolean OR function "&"means a Boolean" sum "function.

A 1-bit Half Adder (HA) HAs two input signals (e.g., a and b) and 2 output signals (e.g., sum and carry (also referred to as co)). The function of the 1-bit half adder is as follows:

HAco＝a&b

for example, both the adder and the multiplier consist of one or more 1-bit adders. For example, the third output of a Non-Booth type 4-bit multiplier is represented as:

as an example, the fourth bit output of the non-booth 4-bit multiplier is represented as:

wherein FACo and HAco are output signals of other 1-bit adders

In an exemplary embodiment, to compute a 1-bit adder map, all 1-bit adders are first identified. To compute a 1-bit adder, first all 2-input single-output sub-circuits that function as exclusive-ors (XOR) are identified. One or more XOR trees are then identified. The XOR tree contains one or more 2-input XOR sub-circuits and the output of each 2-input XOR sub-circuit is the input signal of the other XOR sub-circuit. The inputs to the one or more XOR trees are the initial inputs to the adders and multipliers or the carry signal of the internal 1-bit adder. The correct carry signal may be derived based on the one or more XOR trees, such that the one or more XOR trees are connected together to form an XOR forest. As an example, the XOR forest is also considered to be a 1-bit adder graph. The construction of a 1-bit adder diagram according to an exemplary embodiment is shown in FIG. 5.

FIG. 6 shows a flow diagram of a reverse engineering technique, according to an example embodiment. The example method shown in table 600 includes: identifying or determining a plurality of 2-input XOR sub-circuits; establishing one or more XOR trees; determining a carry signal; connecting the plurality of XOR trees to form an XOR forest such as a 1-bit adder graph; the logic function of the arithmetic macro and the circuit boundaries of the arithmetic macro are determined from the 1-bit adder diagram. In an example embodiment, after forming or constructing a 1-bit adder map (also referred to as an XOR forest), the XOR forest is used to determine arithmetic logic functions such as addition, subtraction, and multiplication, as well as more complex arithmetic logic (e.g., a combination of adders and multipliers (e.g., (a + b) × c, a × b + c × d, etc.)).

Returning to FIG. 3, block 310 detects HT by comparing a first arithmetic macro with a second arithmetic macro.

In an example embodiment, the process as described in block 310 is considered a global HT location, as it globally determines in which region or regions the HT is located. In another exemplary embodiment, in order to improve the efficiency of globally localizing one or more HT, a pruning technique is applied for processing.

For example, using pruning techniques, pairs of equivalent sub-circuits may be identified and stripped from the circuit, with all HT only present inside the non-equivalent sub-circuit regions. As an example, if the first part of the first circuit and the second part of the second circuit are pairs of equivalent sub-circuits, the first part and the second part have the same function or they are functionally equivalent. If the first part and the second part have different functions, they are functionally non-equivalent, not an equivalent pair of sub-circuits. As another example, the first arithmetic macro is composed of part a1 and part B1, and the second arithmetic macro is composed of part a2 and part B2. Part a1 and part a2 are functionally equivalent, and part B1 and part B2 are functionally non-equivalent. As an example, a2 is removed from the second arithmetic macro such that HT is determined to be located in B2 of the second arithmetic macro.

7A-7C illustrate diagrams of a pruning process according to an example embodiment. FIG. 7A shows a check netlist 710 (or a second netlist) containing HT. The netlist 710 that is checked includes a portion 714 with 6-XOR subcircuits (i.e., implementing a 6-input XOR function) and a portion 712 indicative of other portions of the netlist 710 that is checked FIG. 7B shows a standard or correct netlist 720 (or a first netlist). Standard netlist 720 includes a portion 724 having 6-XOR subcircuits and other portions 722 that indicate standard netlist 720. Portion 714 and portion 724 have the same function or functional equivalents, but have different implementation styles.

As shown in FIG. 7C, the equivalent pairs (portions 714 and 724) are pruned or stripped from the corresponding netlist to obtain a pruned netlist 730. In another exemplary embodiment, the pruning or stripping process is iteratively performed until no equivalent sub-circuit pairs or equivalent pairs are found between the checked netlist 710 and the standard netlist 720.

Returning to FIG. 3, block 312 locates HT in the second netlist with a function Engineering Change (ECO) engine.

As an example, an ECO engine or technique is applied to locate and mask the HT.

Block 314 masks HT using the ECO engine by adding patches in the second netlist, thereby improving the security of the arithmetic circuitry.

As an example, an ECO engine represents a set of inputs (PI) in a circuit as a set of boolean variables X ═ X1. F (X) { f1(X), f2(X),. fm (X) } denotes a logic function in the second netlist; g (X) { g1(X), g2(X),. gm (X) } denotes a logic function in the first netlist.

For the pairs of logic function functions fi and gi in the check netlist and the standard netlist, diff-set represents a certain set of circuit inputs where the functions fi and gi have opposite values and are defined as follows:

the ECO engine minimizes the diff-sets of each function pair by incrementally adding patch logic or circuitry until all diff-sets are empty, which means that the function being examined is functionally the same as the standard function logic, i.e., HT has been completely cleared. In an exemplary embodiment, patch logic is continually inserted into the circuit to minimize diff-sets.

For example, for an internal signal r to be inserted into the circuitry of the patch logic, assuming that the function of r is t (X), the function for PO is fi and the function value is affected by the r signal, then the care-set for r is defined as follows:

care-set represents a certain set of circuit inputs, in which case any change at the signal r can be observed at the output function fi. In an exemplary embodiment, all circuit inputs are divided into two partitions according to the inclusion relationship of diff-set to care-set:

(i) care-out-diff: a certain set of circuit inputs, where the value of care-set is 1 and this circuit input is not included in diff-set. And:

(ii) care-in-diff: a set of circuit inputs that are both contained by care-set and diff-set.

As an example, if the value of function fi in the care-out-diff is changed, diff-set is amplified, so that the hazard of HT increases, so the patch function p (x) trying to cancel HT must satisfy the following constraint:

on the other hand, to minimize diff-set, the value of t in care-in-diff needs to be changed:

therefore, if p (X) and diff-set satisfy the following condition,

this means that

Then p (x) may completely empty diffi (x) and complete the golden function gi. Specifically, for example, when r ═ PO_iWhen the temperature of the water is higher than the set temperature,

always satisfied, this means that one can find a patch function that satisfies constraint equation (8), which completely empties diffi (x) and completes the golden function gi (e.g., gi directly acts as a patch function).

8A-8B illustrate patch function creation diagrams in accordance with exemplary embodiments. Fig. 8A shows a diagram 810 before repair. Graph 810 includes a care-set 812 and a diff-set 814 with an overlap 816 (i.e., a care-in-diff). The care-set 812 excluding the care-in-diff 816 is a care-out-diff. Fig. 8B shows diagram 820 after the patch function is added. The area of diff-set in graph 820 is reduced, indicating that the impact and damage caused by HT is also relatively reduced.

As an example, constraint equations (6-8) are considered when creating a patch or patch function. If the signal r drives only a single output, the corresponding patch function must satisfy equations (6) and (7). In an example embodiment, to enhance the possibility of creating valid patches while avoiding exhaustive searches, the method proposes to generate two types of patch solutions: conservative and aggressive class patches.

FIGS. 9A-9B illustrate conservative class patches generated in accordance with an exemplary embodiment. FIG. 9A shows a plot 910 of care-set versus diff-set area before a patch is created. Fig. 9B shows the area map 920 after the patch is created.

In the conservative patch-like strategy, the patch generated at the signal r will ensure that the diff-set area corresponding to any PO is not increased. Thus, the conservative class patch satisfies constraint equation (6) for all POs. For example, a subset of POs is selected from the set of POs { PO1, PO 2.., POm }. The subset { POi1, POi 2.., POil } is referred to as the modified PO set. The patch function created at r will satisfy constraint equation (7). In other words, constraint equation (7) is satisfied for each PO in the set. For example, as the logical patching progresses, the selection of the PO and the size of the improved set of POs are dynamically adjusted. The smaller the improved PO set size, the easier it is to create a satisfactory patch.

9A-9B, the patch generated by 9B may minimize the area of diff-set.

10A-10B are diagrams of generating an aggressive class patch in accordance with an exemplary embodiment. FIG. 10A shows a plot 1010 of care-set versus diff-set area before an aggressive class patch is generated. Fig. 10B shows an area map 1020 after the radical class patch is generated.

As an example, the diff-set at the output signal o1 is completely eliminated (or improved), while the diff-set at the o2 is enlarged (deteriorated). In one example, the PO set is divided into three subsets:

(i) the ignore set: the diff-sets of the POs in the set are not considered during the process of generating the patch function, and in an exemplary embodiment, the diff-sets of such POs may become worse after the patch function is generated.

(ii) No change set: the diff-set of the POs in the set does not change. In an exemplary embodiment, the set of differences for the POs in the set also does not improve. For each PO in the set, it satisfies equation (6). The POs that were repaired in the previous iteration (e.g., whose diff-sets have been empty) will be assigned to the set so that they do not become unrepaired again.

(iii) The improvement set is as follows: the diff-set of the POs in the set is improved by the created patches. Which satisfies the constraint equation (6) and equation (7). Furthermore, for at least one PO in the set, constraint equation (8) is satisfied, which means that the created patch function can completely eliminate at least one HT.

As shown in FIGS. 10A-10B, HT of o1 can be completely eliminated while expanding diff-set of o 2.

In an exemplary embodiment, an example method includes using a functional Engineering Change (ECO) engine to improve the efficiency of locating an HT in a netlist. An example method would first generate conservative class patch candidates and aggressive class candidates, and then select the candidate with the smaller size as the actual patch circuit.

In some exemplary embodiments, circuit performance is improved by optimizing patch circuits using logic re-routing techniques to minimize patch circuits. As an example, the patch optimization process includes an Add-First re-wiring transformation and a Cut-First re-wiring transformation.

11A-11B are diagrams of Add-first rewiring transformations in accordance with exemplary embodiments. FIG. 11A is a circuit diagram 1110 showing a patch circuit prior to an Add-First rewiring transformation; the circuit diagram 1120 in FIG. 11B shows the patch circuit after the Add-First re-routing transformation.

As shown, for Add-First rewiring transformation, the redundant wires 1112 are First added to the patch circuits (e.g., the wires from g5 to g9 in the figure). Then, several connections and logic gates (e.g., g4, g6, and g7) may thus become redundant logic that may be removed, with the removed circuit shown in FIG. 11B. It can be seen that the size of the patch circuit after optimization is greatly reduced. A detailed implementation of this rewiring transformation is described in the paper "composite and Sequential Logic Optimization by reduction Addition and Removal" by L.A. Entrena and K.T Cheng (published in IEEE transaction on Computer-aid Design meeting 1995).

FIGS. 12A-12B are schematic diagrams of Cut-First rewiring transitions in accordance with an exemplary embodiment. The circuit diagram 1210 in fig. 12A is a patch circuit before a rewiring conversion; fig. 12B is a patch circuit diagram after rewiring conversion.

In the Cut-First rewiring conversion method, as shown in fig. 12A, the wires from B to g6 are First removed, and then the converted logic function can be kept unchanged by adding additional logic at g8 and g9, while the converted patch circuit requires fewer logic gates and connecting wires, and the converted circuit is shown in fig. 12B. The Cut-First rewiring transformation is implemented in the paper "ECR: a low complexity generated error concealment reporting scheme ", published in the Proceedings of the 47 th Design Automation Conference in 2010. For example, to design a series of internet of things (IoT) chips with small differences, assuming that each chip needs 3 months to complete the layout and routing process, the existing method needs 3+3 months to 6 months to complete the design of two chips. In contrast, the example method according to some example embodiments accomplishes the same task within 3 months +10 minutes.

FIG. 13 shows a table of arithmetic macroblocks that may be obtained in accordance with an example embodiment. In table 1300, in the column "style", B denotes a booth multiplier and NB denotes a non-booth multiplier. As shown, in addition to the basic multiplier, some more complex arithmetic macroblocks (see the "function" column in table 1300) are also present in the base.

In table 1300, the first column is the name of the case kit. Each kit includes 13 test circuits that implement similar arithmetic functions but with different operand bit widths. Example extracted arithmetic logic and its design and operand bit widths are shown in columns 3-5. The example method may successfully extract the vast majority (97%) of arithmetic macroblocks, with only the suites ut36 and hid10 failing. In the case of successful extraction of arithmetic logic, exemplary formal verification techniques may be employed with the functional ECO engine to detect the presence of one or more HT's in the circuit. Each of these references is, for example, a gate-level (GTL) combinational circuit that includes arithmetic logic. Example reverse engineering techniques are used to locate arithmetic logic from a flat circuit (e.g., "men hai") without knowledge of component input/output (I/O) and boundaries. Table 1300 shows that the formulas were successfully extracted using the example method.

FIG. 14 shows a result comparison table according to an example method.

In table 1400, the first three columns show test case basic information. Each use case has two circuits g1 and g2, which have logical differences. As an example, g1 is a HT tampered circuit and g2 is a standard or correct circuit. The next 4 columns show patch circuit sizes generated separately using the two example methods and the times used to generate the patch circuits. The last two columns show the number of patch circuits and patch circuit size at runtime using two example methods (i.e., example method 1 and example method 2). As shown, the patch circuit produced by the example method may be reduced by 40% and run time by 86%.

FIG. 15 illustrates a computer system or electronic system that may be obtained in accordance with an example embodiment. Computer system 1500 includes one or more computer or electronic devices (e.g., one or more servers) 1510 comprising a processor or processing unit 1512, such as one or more processors, microprocessors, and/or microcontrollers, one or more component computer-readable media (CRMs) or memory 1514, and a circuit security enhancer 1518.

The memory 1514 stores instructions that, when executed, cause the processor 1512 to perform the methods discussed herein and/or one or more blocks discussed herein. The circuit security enhancer 1518 is an example of dedicated hardware and/or software that facilitates improving performance of a computer and/or performing the methods discussed herein and/or one or more blocks discussed herein. Example functions of the circuit security enhancer are discussed in connection with fig. 3.

In an example embodiment, computer system 1500 includes memory or storage 1530, a portable electronic device or PED 1540 that communicates over one or more networks 1520.

Memory 1530 may include one or more memories or databases that store one or more of image files, audio files, video files, software applications, and other information discussed herein. By way of example, the memory 1530 stores images, instructions, or software applications that are retrieved by the server 1510 over the network 1520 such that the methods discussed herein are performed and/or one or more blocks discussed herein are performed.

PED 1540 includes a processor or processing unit 1542 (such as one or more processors, microprocessors, and/or microcontrollers), one or more components of a computer-readable medium (CRM) or memory 1544, one or more displays 1546, and a circuit security enhancer 1548.

PED 1540 can perform the methods discussed herein and/or one or more blocks discussed herein and display an image or file (e.g., a netlist) for viewing. Alternatively or in addition, PED 1540 can retrieve files, such as images and files, and software instructions, from memory 1530 via network 1520 and perform the methods discussed herein and/or one or more blocks discussed herein.

In an example embodiment, computer system 1500 includes PED 1550, which includes a processor or processing unit 1552 (such as one or more processors, microprocessors, and/or microcontrollers), one or more components 1554 of a computer-readable medium (CRM) or memory, and one or more displays 1556.

As an example, PED 1550 is in communication with server 1510 and/or memory 1530 through network 1520 such that the methods discussed herein and/or one or more blocks discussed herein are performed by server 1510 and the results are sent back to the output, storage, and review of PED 1550.

Network 1520 may include a cellular network, a public switched telephone network, the Internet, a Local Area Network (LAN), a Wide Area Network (WAN), a Metropolitan Area Network (MAN), a Personal Area Network (PAN), a home area network (HAM), and other public and/or private networks. In addition, the electronic devices need not communicate with each other over a network. As one example, the electronic devices may be coupled together via one or more wires (e.g., a direct wired connection). As another example, the electronic devices may communicate directly via a wireless protocol, such as bluetooth, Near Field Communication (NFC), or other wireless communication protocol.

In some example embodiments, the methods illustrated herein and the data and instructions associated therewith are stored in respective storage devices implemented as non-transitory computer-readable and/or machine-readable storage media, physical or tangible media, and/or transitory storage media. These storage media include different forms of memory, including semiconductor memory devices such as DRAM or SRAM, Erasable and Programmable Read Only Memory (EPROM), Electrically Erasable and Programmable Read Only Memory (EEPROM), and flash memory; magnetic disks such as fixed and removable disks; other magnetic media include magnetic tape; an optical medium such as a Compact Disc (CD) or a Digital Versatile Disc (DVD). Note that the instructions of the software described above may be provided on a computer-readable or machine-readable storage medium, or may be provided on multiple computer-readable or machine-readable storage media distributed in a large system having possibly multiple nodes. Such computer-readable or machine-readable media is considered to be part of an article (or article of manufacture). An article or article of manufacture may refer to a single component or to multiple components of manufacture.

The blocks and/or methods discussed herein may be executed on processors, controllers, and other hardware discussed herein. Further, the blocks and/or methods discussed herein may be performed automatically, with or without user instructions.

In another aspect of the invention, a method and apparatus for transforming a circuit function is disclosed.

When an IC chip is designed, the design complies with a specific specification. However, in many cases, the design must be revised to another specification at some time after the initial design. The reasons for making the revision may be many, such as detecting an error that affects the operation or reliability of the circuit, meeting new requirements, or improving performance by reducing the use of resources to perform a function, adding new features, or changing to another way to perform a function.

The changes to be made to an existing design are referred to as Engineering Changes (ECO). The principle of operation of an ECO is to add patch circuitry to the original specification to produce a transformed specification of the circuit. The ECO may be performed manually or using an automatic ECO tool, but the existing ECO tool cannot produce an optimized ECO result, and thus may affect the characteristics and performance of the circuit. This effect may be sufficient to render the circuit unable to meet performance, safety or usage requirements.

In other embodiments, a method of transforming a circuit function is disclosed. Referring to method 1600 of FIG. 16, in block 1602, a first Register Transfer Level (RTL) document is provided for a circuit. The first RTL document has the original specification or implementation, which is the circuit before any engineering changes are made.

In block 1604, a second RTL document is provided for the circuit, the second RTL document having a revision specification. Since the revision specification is designed by the user, a second RTL document is known and can be provided. In a preferred embodiment, both the first and second RTL documents are gold specifications.

In block 1606, a first gate level (GTL) netlist is generated or synthesized from the first RTL document. In block 1608, a second GTL netlist is generated or synthesized from the second RTL document. The netlist can be a synthesized netlist or a placed and routed netlist.

In block 1610, the first RTL document is compared to the second RTL document. By comparing the RTL documents, instances to be modified can be extracted and identified. In general, only a portion of the instance is modified, and the remainder remains unchanged, since some of the functionality of the original design is preserved to make the ECO efficient and effective. In this way, the comparison step eliminates unnecessary instances to be ECO, thereby minimizing modified instances, and thereby optimizing the operation of the ECO or function transformation. Examples, as in the context of this specification, include module ports, sequential examples, and signals.

In block 1612, the instance to be modified in the first RTL document is located in the first GTL netlist. From the located instances, a module in a first GTL netlist to be ECO is identified. In one embodiment, modules patched by an ECO are defined as a first module list and modules that are not affected by an ECO or remain in ECO operation are defined as a second module list. By keeping the list of second modules that are not patched, resource usage by the ECO engine may be reduced and the ECO process may be completed faster.

In block 1614, the ECO is performed on the first module list. The ECO engine first references the second GTL netlist to determine how the modules should be patched, and then applies the ECO patch circuit to the first module list to transform the circuit function so that the first GTL netlist after ECO is equivalent or identical to the second GTL netlist, which also means that the patched circuit is functionally equivalent to the revised design. In one embodiment, the implementation of the necessary changes may include at least one of rewiring, rewriting, technology mapping, cut clearing, and any other logic synthesis technology.

In other embodiments, the instances to be modified in the first GTL netlist are further specified using a Hardware Description Language (HDL). The HDL may be used to specify the signals in the first netlist that need to be modified and may also identify the corresponding signals in the second GTL netlist. This allows the computer system to further optimize the ECO process in the event the location of the instance in the first RTL document is not ideal.

In other embodiments, the module to be modified in the first netlist is determined iteratively. First, a first set of modules is identified as the modules on which the instance resides to be modified. Next, the first set of modules is traversed forward and backward, identifying to identify all other modules affected by the patch circuit. These other modules are defined as a second set of modules. The traversal process is repeated using the newly affected module identified as input, and the iteration ends when no further affected modules are found.

In other embodiments, the multi-bit register in the first netlist is retained in the ECO process. In existing ECO techniques, a multi-bit register is treated as a plurality of individual unit registers only. These multi-bit registers are typically split into single-bit registers when their function needs to be modified. However, this type of modification causes significant changes in circuit characteristics, such as logical characteristics and physical characteristics. By retaining a multi-bit register, even if a function, such as a clock function, a clock gating function, or a data function, must be modified, variations in circuit characteristics are minimized and formal verification checks are allowed.

FIG. 17 shows a diagram 1700 illustrating an example method of generating a netlist to be patched in accordance with an example embodiment.

Referring to FIG. 17, an old RTL document 1701 is a document that describes the original specification, which is the definition and requirements for the circuit design prior to any ECO process. Old synthesized netlist 1702 is the netlist resulting from the synthesis of old RTL document 1701. Old APR post netlist 1703 is the netlist after placement and routing of old synthesized netlist 1702. In an example embodiment, old synthesized netlist 1702 and old post-APR netlist 1703 are also referred to individually or together as an "old netlist".

The new RTL file 1704 is a document describing a revised specification, wherein the revised specification is about the definition and requirements of the circuit design after the ECO process, i.e., the target circuit design. The new synthesized netlist 1705 is the netlist resulting from the synthesis of the new RTL document 1704.

In the method shown in diagram 1700, first, an old RTL document 1701 and a new RTL document 1704 are generated to describe the original specification and the revised specification, respectively. The old RTL document 1701 and the new RTL document 1704 are further synthesized into an old synthesized netlist 1702 and a new synthesized netlist 1705. The old RTL document 1701 is then compared to the new RTL document 1704 to generate an ECO's netlist 1706. The ECO netlist 1706 is a list of modules in the original circuit design that need to be patched. After the module list is patched, the patched old netlist is functionally equivalent to the new RTL netlist 1704.

In an example embodiment, old synthesized netlist 1702 is a GTL netlist generated from old RTL document 1701. The new synthesized netlist 1705 is a GTL netlist generated from the new RTL documents 1704.

In an example embodiment, patch circuits are applied to the old synthesized netlist 1702 or the old post-APR netlist 1703 to make the old netlist functionally equivalent to the new RTL netlist 1704, depending on the implementation of the engineering change.

In an example embodiment, the old RTL document 1701 and the new RTL document 1704 are compared to identify signals that need to be modified in the old synthesized netlist so that the revised specification can be implemented. The identified signals to modify allow a minimal amount of change to modify the old netlist to the new netlist.

In one example embodiment, a Hardware Description Language (HDL) is used to further fine-tune the signals to be modified. Signals in old synthesized netlist 1702 and corresponding signals in new synthesized netlist 1705 that the function needs to be changed are specified in the HDL, respectively. This information will then be applied to further pinpoint the signal to be modified in the old synthesized netlist 1702.

In an example embodiment, the old netlist (old synthesized netlist 1702 or old post-APR netlist 1703, as needed) is searched for a signal to modify. These signals may reside in one or more modules. We refer to this set of modules as the first set of modules. The set of signals to be modified may be larger than the initial set, since the initial set of signals to be modified may affect other signals before or after it.

In one embodiment, fan-in and fan-out cones of a signal to be modified are established, and a first list of modules requiring repair is recursively identified in the fan-in and fan-out cones of the signal to be modified. The list of signals to be modified is automatically populated as the modules affected by the ECO are traversed. All other sub-modules that are not affected by the modification are identified as a second module list and will not be modified. The new netlist is then analyzed and used as a reference for making the necessary and accurate changes (i.e., patch circuits) in the old netlist.

In an example embodiment, the multi-bit registers in the old netlist are preserved during implementation of the necessary changes. Even if its function (clock function, clock gating function or data function) has to be modified, the multi-bit register is not divided into single-bit registers. This allows for a minimal amount of change in the logical and physical characteristics of the circuit. In addition to minimizing interference with circuit characteristics, this approach also facilitates formal verification checks.

In an example embodiment, the patching/modifying is accomplished by performing an engineering change. The implementation of the engineering change may involve rewiring, rewriting, technology mapping, cut clearing, and/or any other logic synthesis technique.

In one example embodiment, the circuits referred to herein are arithmetic circuits.

By adopting the steps, the invention effectively verifies the ECO result, performs small repair and minimum change on the circuit characteristic and reduces the calculation time.

Fig. 18 shows a diagram 1800 illustrating an example method of obtaining instances, module ports and signals to be patched in a circuit according to an example embodiment.

In fig. 18, an old RTL document 1801 and a new RTL document 1802 are generated for describing an original specification and a revised specification, i.e., a target specification, respectively. The old RTL document 1801 and the new RTL document 1802 are then entered into formal verification tools 1803 for verification. Formal verification tool 1803 makes a comparison between old RTL document 1801 and new RTL document 1802 and indicates with great precision at what point there is a difference between old RTL document 1801 and new RTL document 1802. Finally, the form verification tool 1803 outputs the module port 1804 to be modified, the sequence instance 1805 to be modified, and/or the signal to be modified.

In an example embodiment, formal verification tool 1803 is a Logical Equivalence Check (LEC) tool that extensively verifies GTLs, which is much faster than traditional gate-level simulations, and can reduce the risk of missing critical errors through independent verification techniques.

Fig. 19 shows a diagram 1900 illustrating an example of an ECO process according to an example embodiment.

In FIG. 19, non-equivalent module ports 1901, non-equivalent sequential instances 1902, old synthesized netlist 1903, old APR post netlist 1904, and new synthesized netlist 1905 are provided to ECO tool 1906 to generate ECO netlist 1907, where non-equivalent module ports 1901, non-equivalent sequential instances 1902 are generated by comparing the old RTL documents to the new RTL documents.

In another aspect of the invention, a method and apparatus for transforming the function of a circuit, in particular a programmable circuit such as an FPGA, is disclosed. As an example, FPGAs are an efficient implementation medium for prototyping and verification of SoC designs, it is also a cheaper option for a smaller number of electronic products, and enables shorter turn around times.

In many cases, the circuit design must be revised to another specification after the initial design or sometime after physical placement and routing (P & R). The reasons for making the revision may be many, such as detecting errors affecting the operation or reliability of the circuit or problematic functions caused by certain maliciously injected Hardware Trojan (HT) circuits, meeting new requirements, or improving performance by reducing resource usage for performing functions, adding new features, or performing functions in another way instead, etc. As described above, in addition to generating and inserting a repair circuit patch to effect a design change (i.e., ECO) in a circuit design, the patch may also be used to mask and eliminate problematic (bug) functions caused by certain maliciously injected HT circuits. For clarity, "problematic" refers to an error, bug, or bug in a hardware or software program that interferes with the program's intended outcome.

However, current programmable circuit (e.g., FPGA) design flows contain certain flow differences compared to non-programmable circuit (e.g., ASIC) design flows. For example, in a development cycle that requires frequent invocation of functional ECO iterations, it takes longer and it is difficult to eliminate HT in an already completed design. In embodiments discussed in detail below, the methods and systems may reduce the time it takes for an ECO iteration in building a programmable circuit prototyping (e.g., FPGA) and minimize the allocated programmable circuit chip area after adding patch circuits that eliminate ECO/HT. This solution can be used to both speed up the ECO process and eliminate HT in programmable designs.

To simplify the description, an ASIC circuit design is used as an example of the non-programmable circuit, and an FPGA circuit design is used as an example of the programmable circuit. It should be understood that other existing or future non-programmable or programmable circuits may also be suitable.

In the case where the problematic (i.e., old) design has completed the place and route phase, the ECO and HT elimination processes may be different and difficult under the FPGA design flow as compared to the ASIC design flow. In contrast, if a user needs to modify the functionality of an ASIC circuit design that has completed physical placement and routing, the following may be processed according to some embodiments: (a) modifying the problematic old RTL document to produce a corrected new RTL document; (b) synthesizing the new RTL document to generate a new netlist; (c) the new netlist is compared to the old netlist with the placement and routing completed, and a "repair circuit patch" is generated to be inserted into the old netlist to make it function the same as the new netlist corrected, and the ECO process is completed.

On the other hand, if the user needs to modify the functionality of the FPGA design with completed placement and routing, the ECO design iteration involves the following process: (a) modifying the problematic old RTL document to produce a corrected new RTL document; (b) synthesizing the new RTL document to generate a new netlist; (c) performing a technology mapping on the entire new netlist, wherein the new netlist is to be mapped to a K-input look-up Table (LUTK), wherein the LUTK may be used to implement any K-input function, which may also be referred to as a lookup Table (Truth Table); (d) the whole layout and wiring of the LUTK are carried out again; (e) recompile the design into a bitstream; (f) the FPGA is reprogrammed with a bitstream. That is, because the old netlist has already been converted to the LUTK mapping format, the netlist-to-netlist manipulation technique cannot be performed in this case. Thus, in each ECO iteration for the completed place and route, the work done is almost the same as repeating the entire FPGA design flow from scratch, and the efficiency of the ECO is not satisfactory. Even though only one row of old RTL documents is altered, FPGA chips such as 0.5M LUT6 take tens of hours per ECO iteration, let alone modern FPGA chips can accommodate millions of LUTs 6. The FPGA flow may also fail to achieve the intended goal of capturing and eliminating the hidden HT in the old design without further modification.

20A-20B illustrate diagrams of an old netlist and its corresponding ECO netlist in a non-programmable ASIC or chip in accordance with an example embodiment. Diagram 2010 in FIG. 20A shows the old netlist of an ASIC containing 3 cells. The old netlist has 4 inputs { a, b, c, d }, and the functional result is on output f. FIG. 2020 in FIG. 20B shows an ECO netlist containing an ASIC of 5 cells. The net list to be ECO also has 4 inputs a, b, c, d and the functional result is on output f'. In which a patch circuit 2021 has been inserted, making the two ASICs function identically. Patch circuit 2021 may be generated or produced in the manner described above.

FIGS. 21A-21B show diagrams of an old netlist and its corresponding ECO netlist in a programmable circuit or chip, according to an example embodiment. Diagram 2110 in fig. 21A shows the old netlist of an FPGA containing LUT 4. To achieve the same functionality as the ASIC of FIG. 20A, the old netlist of the FPGA uses LUT 4. As shown in FIG. 21B, the ECO netlist of the FPGA may still use LUT4 after patching the patch circuit. Unlike ASIC designs, since LUT4 can implement any 4-input function regardless of its complexity, when both functions are combined under the same set of supporting variables (e.g., { a, B, c, d }) in the same LUT4, as shown in fig. 21B, if the IO pin connections of LUT4 are not changed, this will not result in an increase in the allocated silicon area of the FPGA, even without the need for incremental placement and routing.

To take full advantage of the free-merge cost nature of LUT architectures, a good remapping algorithm can successfully merge patches into existing allocated LUTKs even without extensive incremental placement and routing work, and can save significant valuable runtime and area penalty (even timing).

In some embodiments, a method performed by a computer system to transform the functionality of programmable circuits to improve the circuit functionality and performance of the computer system is disclosed. Referring to the method 2200 of FIG. 22, in block 2202, a representation of a LUT mapping circuit derived from a programmable circuit is provided, where the programmable circuit has been implemented with a first RTL document. The first RTL document may be an original specification that is the circuit prior to accepting any Engineering Change (ECO) requests.

In this embodiment, the first RTL document has been implemented in a programmable circuit. For example, its physical placement and routing has been done in the FPGA, which means that the first RTL document has been converted to LUT-mapped format. Thus, the LUT mapping circuit representation for the programmed circuit may be retrieved and made available in various ways. As an example, the LUT mapping circuit representation may include a bit mask for each LUT and/or a functional expression for each LUT.

However, this initial design may be problematic or subject to HT, or for some other reason, it may require an ECO design iteration to transform the FPGA functionality according to a revised specification.

In block 2204, a second RTL document for the programmable circuit is provided. The second RTL document may be a revised specification that is modified from the original specification and has functionality transformed from the original specification. Since the revision specification is designed by the user, a second RTL document is known and can be provided.

In block 2206, the LUT mapped circuit representation is converted to a shadow netlist, wherein the shadow netlist corresponds to a gate level (GTL) netlist representing the provided LUT mapped circuit representation.

According to one embodiment, the bit mask for each 6-input LUT is recorded. In addition, the simplest logical expression corresponding to the bit mask of all 6 input LUTs is also recorded. In this way, the functionality of each LUT in the LUT mapping circuit representation can be easily mapped to its corresponding shadow netlist in linear time, which is an equivalent gate level circuit.

In block 2208, a second GTL netlist is generated or synthesized from the second RTL document. It should be understood that, although the operations or method steps described above are described in a particular order, these operations do not necessarily have to be performed in the particular order described. For example, some operations may be performed in a multitasking manner or in parallel.

In block 2210, at least one Engineering Change (ECO) patch circuit to be fully merged in the LUT mapping circuit representation is generated based on the comparison of the shadow netlist with the second GTL netlist, such that when the LUT mapping circuit representation is patched with the generated ECO patch circuit, the same function can be performed equivalently to the second GTL netlist. This LUT-directed ECO process takes advantage of the free (logical) merging cost characteristics of LUT structures to maximize the revenue for any FPGA design cost target.

The following exemplary LUT-directed ECO implementation achieves minimizing allocated silicon area and development cycle time, according to some embodiments. Fig. 23 illustrates an example process 2300 of LUT-directed ECO, according to an embodiment. At 2302, a comparison operation between the shadow netlist and the new netlist (i.e., the second GTL netlist) may be performed in the manner described above. For example, the result produced by comparing the shadow netlist to the second GTL netlist may include a module or list of modules to be ECO with corresponding ECO patch circuitry (hereinafter referred to as "ECO patch circuitry") in the LUT mapped circuit representation. The result produced by comparing the shadow netlist to the second GTL netlist may also include the location of the insertion point in the LUT mapping circuit representation at which the corresponding ECO patch circuit should be inserted. At 2304, the LUT containing the insertion point in the LUT mapping circuit representation is located or identified for insertion into its corresponding patch circuit.

It is then determined whether the generated patch circuit is ideal for the ECO. As an example, at 2306, it is determined whether the generated patch circuit can be fully incorporated into a LUT containing insertion points. If so, the LUT-directed ECO process is completed and the ECO patch circuit is identified as the ECO patch circuit to be merged. The generated patch circuit is identified as an ECO patch circuit for the ECO design iteration. In this case, the LUT mapping circuit representation with the merged patch circuit would be equivalent to the second GTL netlist to perform the same function, enabling the programmable circuit to be reprogrammed in accordance with the revised specification. At this point, the merged LUT map will indicate a fully equivalent function to the new table, i.e., the ECO completed or hidden HT is eliminated altogether.

In another embodiment, if the generated patch circuits may be fully merged in an unallocated empty or spare LUT or in more than one unallocated empty or spare LUT, the LUT-directed ECO process may also be considered complete and the ECO patch circuits identified as ECO patch circuits to be ready for merging. The generated patch circuit is identified as an ECO patch circuit for the ECO design iteration. Thus, it achieves a cost-benefit of time and allocated silicon area. That is, as an example, process 2300 can further include determining whether the generated patch circuit can be fully merged into one or more empty spare LUTs at 2308. If so, the LUT-directed ECO process is completed.

On the other hand, if the generated patch circuit cannot be fully merged into the LUT containing the insertion point or one or more unallocated empty LUTs, a Disjoint Support Decomposition (DSD) process may be applied at 2310 over the patch function to which the patch circuit corresponds. Disjoint support decomposability is an inherent operation of Boolean logic synthesis. Given a Boolean function F (x)₁,x₂,…,x_n) F can be represented generally by a simpler and decomposed component function.

According to some embodiments, a patch function is applied to certain disjoint support decompositions. At least one of the decomposed sub-patch functions has variable support that is a subset of the variable support of the LUT containing the insertion points. In some embodiments, the subset of variable support may be as large as possible. The sub-patch function is then merged 2312 into the LUT containing the insertion point. The shadow netlist and LUT mapping circuit representation are updated accordingly at 2314 and the process returns to 2302, generating a second (i.e., new) patch circuit to be inserted into the LUT mapping circuit representation based on the comparison of the updated shadow netlist to the second GTL netlist until no more ECO patch circuits are needed.

It should be appreciated that although the process 2300 is described in a particular order, the operations do not necessarily have to be performed in the particular order described above. For example, determinations 2306 and 2308 may be performed in a multitasking manner or in parallel, or only one of the two may be performed in process 2300.

Returning to fig. 22, block 2212 indicates that the functionality of the programmable circuit is transformed by merging the ECO patch circuit into the LUT mapping circuit representation. The merged LUT mapping circuit representation is equivalent to the second GTL netlist to perform the same function, thereby enabling the programmable circuit to be reprogrammed in accordance with the revised specification by taking advantage of the free merging cost characteristics of the LUT structure.

According to some embodiments, the functional transformation of the FPGA further includes performing place and route, recompiling the design into a bitstream and reprogramming the circuit with the bitstream. In one embodiment, incremental placement and routing may be employed. Since in most cases the ECO involves only a small portion of logic, this incremental process takes only a small amount of time compared to performing the technology mapping on the entire new netlist and redoing the entire place and route for the LUTK. Specifically, incremental placement and routing are applied, and a new bit stream is generated according to new placement and routing results; the programmable circuit is then reprogrammed with the new bit stream.

Other embodiments provide corresponding computer systems for transforming the functionality of programmable circuits to improve circuit functionality.

Methods according to example embodiments are provided as examples, and examples from one method should not be construed as limiting examples from another method. Graphs and other information show example data and example structures; other data and other database structures may be implemented with the example embodiments. Furthermore, the methods discussed in the different figures may be added to or exchanged with the methods in the other figures. Furthermore, specific numerical data values (e.g., specific quantities, categories, etc.) or other specific information should be construed as illustrative for discussing example embodiments. Such specific information is not provided to limit example embodiments.

As used herein, the term "hardware trojan" (HT) refers to an unauthorized or unexpected change, modification, insertion, implantation of a circuit. HT may cause circuit malfunction, reduce reliability, cause leakage of confidential information, and the like.

As used herein, the term "arithmetic circuitry" refers to circuitry in which one or more portions of the circuitry are used to perform operations such as addition, subtraction, multiplication, and any other arithmetic operations.

As used herein, the term "netlist" refers to the logic gates in a circuit and the connection relationships between them.

As used herein, the term "macro" or "arithmetic macro" refers to a collection of multiple logical units or standard cells that make up a particular component in a circuit (e.g., an IC). Specific components include, but are not limited to, adders, multipliers, Multiplexers (MUXs), and the like

As used herein, the term "subcircuit" refers to the term "macro," and these two terms may be used interchangeably.

As used herein, the term "2-input exclusive-or (XOR) subcircuit" refers to a subcircuit having 2 input signals and 1 output signal. The function of the output signal is an exclusive or function of the two input signals.

As used herein, the term "XOR tree" refers to a sub-circuit composed of one or more 2-input XOR sub-circuits and their connections.

As used herein, the term "1-bit adder" refers to a 1-bit half adder and/or a 1-bit full adder.

As used herein, the term "1-bit half adder" refers to an arithmetic macro having 2 inputs (e.g., a and b) and 2 outputs (e.g., sum and co). "co" may also be referred to as "carry". sum functions as an exclusive or function of a and b; the function of co is the "sum" function of a and b.

As used herein, the term "1-bit full adder" refers to an arithmetic macro with 3 inputs (e.g., a, b, and c) and 2 outputs (e.g., sum and co). "co" may also be referred to as "carry". The function of sum is an "exclusive or" function of a, b, and c; the function of co is the "majority vote" function of a, b and c.

As used herein, the term "1-bit adder diagram" refers to a sub-circuit consisting of one or more 1-bit adders and their connections.

As used herein, the term "XOR forest" refers to the term "1-bit adder map," and these two terms may be used interchangeably.

As used herein, the term "Reverse Engineering (RE)" refers to the process of extracting arithmetic macros from a circuit. The RE process includes identifying a 2-input exclusive OR (XOR) subcircuit, an XOR tree, a 1-bit adder map, and an arithmetic macro.

As used herein, the term "exponential time" means that the run time for an algorithm increases exponentially (e.g., 2) with the number of input signals to the algorithmⁿ) Where n is the number of input signals to the algorithm.

As used herein, the term "polynomial time" refers to the run time for an algorithm that increases in polynomial polarity with the number of input signals to the algorithm.

As used herein, the term "linear time" refers to the running time of an algorithm that increases linearly with the number of input signals to the algorithm.

Claims (20)

1. A method performed by a computer system for transforming a function of a programmable circuit to improve the function of the circuit, the method comprising:

providing a look-up table, LUT, mapping circuit representation derived from a programmable circuit implemented with a first register transfer level, RTL, document, the first RTL document having an original specification;

providing a second RTL document for the programmable circuit, the second RTL document having a revised specification, wherein the revised specification is modified from the original specification and has functionality transformed from the original specification;

converting the LUT mapped circuit representation to a shadow netlist, the shadow netlist corresponding to a gate-level GTL netlist representing the LUT mapped circuit representation;

generating a second GTL netlist from the second RTL document;

generating at least one engineering change ECO patch circuit to be fully merged into the LUT mapping circuit representation based on a comparison of the shadow netlist with the second GTL netlist; and

transforming, by the computer system and the ECO engine, a function of the programmable circuit by merging the at least one ECO patch circuit into the LUT mapping circuit representation, wherein the merged LUT mapping circuit representation is equivalent to the second GTL netlist to perform the same function, thereby enabling the programmable circuit to be reprogrammed in accordance with the revised specification pair by exploiting a free merging cost characteristic of the LUT structure.

2. The method of claim 1, wherein the generating step comprises:

comparing the shadow netlist and the second GTL netlist to obtain an ECO patch circuit for at least one module to be ECO and an insertion point in a LUT mapping circuit representation corresponding to the ECO patch circuit;

locating a LUT including the insertion point in the LUT mapping circuit representation for insertion into the ECO patch circuit;

determining whether the ECO patch circuit can be fully merged into a LUT containing the insertion point; and

in response to determining that the ECO patch circuit is capable of being fully merged into the LUT containing the insertion point, identifying the ECO patch circuit as an ECO patch circuit to be prepared for merging into a LUT mapping circuit representation.

3. The method of claim 2, wherein the generating step further comprises:

in response to determining that the ECO patch circuit cannot be fully merged into the LUT containing the insertion point, determining whether the ECO patch circuit can be merged into one or more empty LUTs; and

in response to determining that the ECO patch circuits are capable of being merged into one or more empty LUTs, identifying the ECO patch circuits as ECO patch circuits to be prepared for merging into the LUT mapping circuit representation.

4. The method of claim 2, wherein the generating step further comprises:

in response to determining that the ECO patch circuit cannot be fully incorporated into the LUT containing the insertion point,

applying a function with disjoint support decomposed in the ECO patch circuit to decompose at least one sub-patch function, wherein the at least one sub-patch function being decomposed has variable support that is a subset of the variable support of the LUT containing the insertion point;

merging the at least one sub-patch function into a LUT that includes the insertion point;

updating the LUT mapping circuit representation and the shadow netlist; and

iteratively, by comparing the updated shadow netlist with the second GTL netlist, new ECO patch circuits to be patched into the updated LUT mapping circuit representation are obtained until no more ECO patch circuits are needed.

5. The method of claim 1, wherein the generating step comprises:

comparing the shadow netlist and the second GTL netlist to obtain an ECO patch circuit for at least one module to be ECO and an insertion point in a LUT mapping circuit representation corresponding to the ECO patch circuit;

locating a LUT including the insertion point in the LUT mapping circuit representation for insertion into the ECO patch circuit;

determining whether the ECO patch circuit can be fully merged into one or more empty LUTs; and

in response to determining that the ECO patch circuits are capable of being fully merged into one or more empty LUTs, identifying the ECO patch circuits as ECO patch circuits to be prepared for merging into a LUT mapping circuit representation.

6. The method of claim 1, wherein the converting step further comprises:

recording the bit mask and corresponding simplest logical expression for each possible LUT 6; and

mapping the function of each LUT in the LUT mapping circuit representation into its equivalent subcircuits to obtain a corresponding shadow netlist.

7. The method of claim 1, further comprising:

applying incremental placement and routing;

generating a new bit stream according to the new placement and routing results; and

the programmable circuit is reprogrammed with the new bit stream.

8. A computer system for transforming the function of a programmable circuit to improve the function of the circuit, the computer system comprising:

a hardware processor;

a non-transitory computer-readable storage medium having instructions stored therein that, when executed, cause the hardware processor to:

deriving a look-up table, LUT, mapping circuit representation from a programmable circuit implemented using a first register transfer level, RTL, document, the first RTL document having an original specification;

obtaining a second RTL document for the programmable circuit, the second RTL document being a revised specification, wherein the revised specification is modified from the original specification and has functionality transformed from the original specification;

converting the LUT mapped circuit representation to a shadow netlist, the shadow netlist corresponding to a gate-level GTL netlist representing the LUT mapped circuit representation;

generating a second GTL netlist from the second RTL document;

generating at least one engineering change ECO patch circuit to be fully merged into the LUT mapping circuit representation based on a comparison of the shadow netlist with the second GTL netlist; and

transforming the function of the programmable circuit with an ECO engine by merging the at least one ECO patch circuit into the LUT mapping circuit representation, wherein the merged LUT mapping circuit representation is equivalent to the second GTL netlist to perform the same function, thereby enabling the programmable circuit to be reprogrammed in accordance with the revision specification by exploiting the free merging cost characteristic of the LUT structure.

9. The system of claim 8, wherein the instructions, when executed, further cause the processor to:

comparing the shadow netlist and the second GTL netlist to obtain an ECO patch circuit for at least one module to be ECO and an insertion point in a LUT mapping circuit representation corresponding to the ECO patch circuit;

locating a LUT including the insertion point in the LUT mapping circuit representation for insertion into the ECO patch circuit;

determining whether the ECO patch circuit can be fully merged into a LUT containing the insertion point; and

in response to determining that the ECO patch circuit is capable of being fully merged into the LUT containing the insertion point, identifying the ECO patch circuit as an ECO patch circuit to be prepared for merging into a LUT mapping circuit representation.

10. The system of claim 9, wherein the instructions, when executed, further cause the processor to:

in response to determining that the ECO patch circuit cannot be fully merged into the LUT containing the insertion point, determining whether the ECO patch circuit can be merged into one or more empty LUTs; and

in response to determining that the ECO patch circuits are capable of being merged into one or more empty LUTs, identifying the ECO patch circuits as ECO patch circuits to be prepared for merging into the LUT mapping circuit representation.

11. The system of claim 9, wherein the instructions, when executed, further cause the processor to:

in response to determining that the ECO patch circuit cannot be fully incorporated into the LUT containing the insertion point,

applying a function with disjoint support decomposed in the ECO patch circuit to decompose at least one sub-patch function, wherein the at least one sub-patch function being decomposed has variable support that is a subset of the variable support of the LUT containing the insertion point;

merging the at least one sub-patch function into a LUT that includes the insertion point;

updating the LUT mapping circuit representation and the shadow netlist; and

iteratively, by comparing the updated shadow netlist with the second GTL netlist, new ECO patch circuits to be patched into the updated LUT mapping circuit representation are obtained until no more ECO patch circuits are needed.

12. The system of claim 8, wherein the instructions, when executed, further cause the processor to:

comparing the shadow netlist and the second GTL netlist to obtain an ECO patch circuit for at least one module to be ECO and an insertion point in a LUT mapping circuit representation corresponding to the ECO patch circuit;

locating a LUT including the insertion point in the LUT mapping circuit representation for insertion into the ECO patch circuit;

determining whether the ECO patch circuit can be fully merged into one or more empty LUTs; and

in response to determining that the ECO patch circuits are capable of being fully merged into one or more empty LUTs, identifying the ECO patch circuits as ECO patch circuits to be prepared for merging into a LUT mapping circuit representation.

13. The system of claim 8, wherein the instructions, when executed, further cause the processor to:

recording the bit mask and corresponding simplest logical expression for each possible LUT 6; and

mapping the function of each LUT in the LUT mapping circuit representation into its equivalent subcircuits to obtain a corresponding shadow netlist.

14. The system of claim 8, wherein the instructions, when executed, further cause the processor to:

applying incremental placement and routing;

generating a new bit stream according to the new placement and routing results; and

the programmable circuit is reprogrammed with the new bit stream.

15. A computer-implemented method of improving circuit function iteration to transform a function of a programmable circuit, the method comprising:

receiving a look-up table, LUT, mapping circuit representation originating from a programmable circuit implemented with a first register transfer level, RTL, document, the first RTL document having an original specification;

receiving a second RTL document of the programmable circuit, the second RTL document having a revised specification, wherein the revised specification is modified from the original specification and has functionality transformed from the original specification;

converting the LUT mapped circuit representation to a shadow netlist, the shadow netlist corresponding to a gate-level GTL netlist representing the LUT mapped circuit representation;

generating a second GTL netlist from the second RTL document;

generating at least one engineering change ECO patch circuit to be fully merged into the LUT mapping circuit representation based on a comparison of the shadow netlist with the second GTL netlist; and

transforming, by the computer system and the ECO engine, a function of the programmable circuit by merging the at least one ECO patch circuit into the LUT mapping circuit representation, wherein the merged LUT mapping circuit representation is equivalent to the second GTL netlist to perform the same function, thereby enabling the programmable circuit to be reprogrammed in accordance with the revision specification by utilizing a free merging cost characteristic of the LUT structure.

16. The method of claim 15, wherein the generating step comprises:

comparing the shadow netlist and the second GTL netlist to obtain an ECO patch circuit for at least one module to be ECO and an insertion point in a LUT mapping circuit representation corresponding to the ECO patch circuit;

locating a LUT including the insertion point in the LUT mapping circuit representation for insertion into the ECO patch circuit;

determining whether the ECO patch circuit can be fully merged into one or more empty LUTs; and

in response to determining that the ECO patch circuits are capable of being fully merged into one or more empty LUTs, identifying the ECO patch circuits as ECO patch circuits to be prepared for merging into a LUT mapping circuit representation.

17. The method of claim 16, wherein the generating step further comprises:

in response to determining that the ECO patch circuit cannot be fully merged into the LUT containing the insertion point, determining whether the ECO patch circuit can be merged into one or more empty LUTs; and

in response to determining that the ECO patch circuits are capable of being merged into one or more empty LUTs, identifying the ECO patch circuits as ECO patch circuits to be prepared for merging into the LUT mapping circuit representation.

18. The method of claim 17, wherein the generating step further comprises:

in response to determining that the ECO patch circuit cannot be fully incorporated into the LUT containing the insertion point,

applying a function with disjoint support decomposed in the ECO patch circuit to decompose at least one sub-patch function, wherein the at least one sub-patch function being decomposed has variable support that is a subset of the variable support of the LUT containing the insertion point;

merging the at least one sub-patch function into a LUT that includes the insertion point;

updating the LUT mapping circuit representation and the shadow netlist; and

iteratively, by comparing the updated shadow netlist with the second GTL netlist, new ECO patch circuits to be patched into the updated LUT mapping circuit representation are obtained until no more ECO patch circuits are needed.

19. The method of claim 15, wherein the generating step comprises:

comparing the shadow netlist and the second GTL netlist to obtain an ECO patch circuit for at least one module to be ECO and an insertion point in a LUT mapping circuit representation corresponding to the ECO patch circuit;

locating a LUT including the insertion point in the LUT mapping circuit representation for insertion into the ECO patch circuit;

determining whether the ECO patch circuit can be fully merged into one or more empty LUTs; and

in response to determining that the ECO patch circuits are capable of being fully merged into one or more empty LUTs, identifying the ECO patch circuits as ECO patch circuits to be prepared for merging into a LUT mapping circuit representation.

20. The method of claim 15, wherein the converting step further comprises:

recording the bit mask and corresponding simplest logical expression for each possible LUT 6; and

mapping the function of each LUT in the LUT mapping circuit representation into its equivalent subcircuits to obtain a corresponding shadow netlist.

Images