Life Isn t Fair, So Use Formal by Roger Sabbagh, Mentor Graphics

Similar documents
VERIFICATION HORIZONS

VERIFICATION HORIZONS

AMS Verification for High Reliability and Safety Critical Applications by Martin Vlach, Mentor Graphics

Meeting the Challenges of Formal Verification

Rapid FPGA Modem Design Techniques For SDRs Using Altera DSP Builder

The Need for Gate-Level CDC

Policy-Based RTL Design

Trends in Functional Verification: A 2014 Industry Study

Model checking in the cloud VIGYAN SINGHAL OSKI TECHNOLOGY

Improving Evolutionary Algorithm Performance on Maximizing Functional Test Coverage of ASICs Using Adaptation of the Fitness Criteria

The role of testing in verification and certification Kerstin Eder

Enabling Model-Based Design for DO-254 Compliance with MathWorks and Mentor Graphics Tools

Functional Coverage Collection for Analog Circuits Enabling Seamless Collaboration between Design and Verification

Making your ISO Flow Flawless Establishing Confidence in Verification Tools

Debugging a Boundary-Scan I 2 C Script Test with the BusPro - I and I2C Exerciser Software: A Case Study

Coverage Metrics. UC Berkeley EECS 219C. Wenchao Li

Lies, Damned Lies and Hardware Verification. Mike Bartley, Test and Verification Solutions

Skylands Learning is your trusted learning advisor. That is our promise your trusted learning advisor. Four simple words.

Formal Hardware Verification: Theory Meets Practice

COEN7501: Formal Hardware Verification

Questa ADMS supports all three major methodologies for mixed-signal verification:

Questa ADMS. Analog-Digital Mixed-Signal Simulator. Mixed-Signal Simulator for Modern Design. A Flexible Mixed-Signal Strategy

The future of formal model checking is NOW!

Guaranteeing Silicon Performance with FPGA Timing Models

LOW POWER SCANNER FOR HIGH-DENSITY ELECTRODE ARRAY NEURAL RECORDING

RESPONSIBILITY OF THE SEMICONDUCTOR DESIGN INFRASTRUCTURE

Exercise 3: Voltage in a Series Resistive Circuit

The Curated Collection Blog Post Template

The Predictable Selling System

Virtual Prototyping - For Real Success

Introduction to co-simulation. What is HW-SW co-simulation?

Radio Window Sensor and Temperature Sensor Programming in HomeWorks QS

Privacy and the EU GDPR US and UK Privacy Professionals

CS221 Project Final Report Automatic Flappy Bird Player

Stratix Filtering Reference Design

LOW-POWER SOFTWARE-DEFINED RADIO DESIGN USING FPGAS

Being successful with visual marketing as a blogging and business online is a matter of being consistent and of having a great plan.

Ring Oscillator PUF Design and Results

EECS150 Spring 2007 Lab Lecture #5. Shah Bawany. 2/16/2007 EECS150 Lab Lecture #5 1

Instructions. Answers. This means write down your answer or show your working and your answer. Calculators. You may use a calculator in this test.

PART 2 RESEARCH. supersimpl.com Start Here Workbook 40

Digital Power: Consider The Possibilities

How to choose a marketing agency

The VBA will have such a set of files available on the VBA Bridge Resource CD for some major systems. Guess where you can get a copy

Parents Guide to Fortnite

Guide to Physics Teaching Aids (version 1. December 2005) Dispersion of White Light

-opoly cash simulation

Hillary Clinton collapses (Tuesday, February 1, 2005)

Verification of Digitally Calibrated Analog Systems with Verilog-AMS Behavioral Models

Assembly Set. capabilities for assembly, design, and evaluation

FUNCTIONAL VERIFICATION: APPROACHES AND CHALLENGES

HUSTLE YOUR WAY TO THE TOP

Cyclone II Filtering Lab

The Crystal Ball or 2001 A Design Odyssey

Craps Wizard App Quick Start Guide

5 False Beliefs That Hurt Client Retention for Hair Salons

A Mathematical Analysis of Oregon Lottery Keno

The challenges of low power design Karen Yorav

Sign Up Script (This would be used after the Prospect has received their Decision Pack)

TOP 10 INTERVIEWING TIPS

Chapter 1 Introduction to VLSI Testing

SV3C CPTX MIPI C-PHY Generator. Data Sheet

Introducing Functional Qualification

How to get publicity for your destination on a shoestring budget 2018 SPARROW TRAVEL MEDIA. ALL RIGHTS RESERVED.

TIME- OPTIMAL CONVERGECAST IN SENSOR NETWORKS WITH MULTIPLE CHANNELS

Automated Software Engineering Writing Code to Help You Write Code. Gregory Gay CSCE Computing in the Modern World October 27, 2015

Separation of Concerns in Software Engineering Education

Analog-to-Digital Converter Performance Signoff with Analog FastSPICE Transient Noise at Qualcomm

SWEN 256 Software Process & Project Management

Special Report on Engaged Audience Building. Design Your. Audience Business

EECE Circuits and Signals: Biomedical Applications. Lab 3. Basic Instruments, Components and Circuits. Introduction to Spice and AC circuits

FOR THE MOST CHALLENGING TELECOM AND WIRELESS DESIGNS

Written a lot: Co-authored 3 programming books and a thesis Many technical and research papers as well magazine articles. Thousands of blog posts

Stratix II Filtering Lab

Using Signal Express to Automate Analog Electronics Experiments

Episode 6: Can You Give Away Too Much Free Content? Subscribe to the podcast here.

Software Eng. 2F03: Logic For Software Engineering

Chapter 12 Summary Sample Surveys

For Your Business Success make sure your bookkeeping is well established

STEPS TO MORE PROFIT IN YOUR BUSINESS

Persuasive. Software Development. Proposals. How to Write Persuasive. Proposals

Excellence in Engineering Since 1946

Parallel Multi-core Verilog HDL Simulation

Early Testing Without the Test and Test Again Syndrome

A Performance Study of Deployment Factors in Wireless Mesh

UNIT IV SOFTWARE PROCESSES & TESTING SOFTWARE PROCESS - DEFINITION AND IMPLEMENTATION

Are you ready for a new website?

#2: Challenge vs. Success

The data rates of today s highspeed

BUSINESS PLANNING MADE EASY

EECS 427 Lecture 21: Design for Test (DFT) Reminders

What My Content Was Like Four Years Ago

MODULE 7 WHY AM I NOT MAKING MONEY?

METRIC PITCH BGA AND MICRO BGA ROUTING SOLUTIONS

Bird Model 7022 Statistical Power Sensor Applications and Benefits

ERAU the FAA Research CEH Tools Qualification

SIDE GIG BRANDON COX

Semi-Automated Gameplay Analysis by Machine Learning

Real users. Real devices. Real time.

Knights, Knaves, and Logical Reasoning

Transcription:

Life Isn t Fair, So Use Formal by Roger Sabbagh, Mentor Graphics Most things in life are not evenly distributed. Consider for example, the sun and the rain. The city of Portland, Oregon gets much more than its fair share of rainy days per year at 164 on average, while in Yuma, Arizona, 90% of all daylight hours are sunny. 1 Or, how about life as an adolescent? Do you remember how some of us were blessed with acne, buck teeth and short sightedness, while others with seemingly perfect skin could spend the money they saved on skin cream, braces and eyeglasses to buy all the trendiest designer clothes? No, things are not always meted out in equal measures. So it is with the effort required to achieve code coverage closure. A state-of-the-art, constrained-random simulation environment will achieve a fairly high level of coverage as a by-product of verifying the functionality of the design. It is typically expected to achieve >90% coverage quite rapidly. However, getting closure on the last few percent of the coverage bins is typically where the effort starts to balloon. The traditional process that is followed to achieve coverage closure is depicted in Figure 1. While it looks quite straightforward, this flow actually presents a number of serious challenges. Firstly, as part of this process, design and verification engineers must spend a lot of time reviewing the coverage holes to determine whether or not they are coverable and write the additional tests or waivers. For large designs with millions of coverage bins, this could take many man-weeks of effort. Furthermore, it is a very tedious and error-prone task that runs the risk of mistakenly ignoring reachable coverage goals and missing bugs. Finally, it is not easily repeated as the design undergoes change and manually written waivers have to be maintained otherwise they become stale. That s simply not fair! What can be done to turn the tables here and get the upper hand in this situation? In this article, we will explore how formal methods are being used to do just that. Using formal for code coverage closure is one of the top 5 formal apps being used in the industry today. We will explain how it helps by bringing schedule predictability and improved design quality to the process, and potentially makes designs more verifiable. We will use the Ethernet MAC design from OpenCores 2 as a case study. Figure 1. Traditional Code Coverage Closure Process QUESTA COVERCHECK FOR CODE COVERAGE CLOSURE Questa CoverCheck is the formal app for code coverage closure. It targets all the different flavors of code coverage bins with formal analysis to determine if the coverage points are reachable or not. The results can be used to generate waivers 27

automatically for unreachable coverage bins and to see how the reachable ones can be hit. The code coverage closure flow using CoverCheck is depicted in Figure 2. AUTOMATIC GENERATION OF WAIVERS In any given design, there are many code coverage bins which are not expected to be covered. This occurs for a variety of reasons, including the possibility that the coding style requires some lines of code for synthesis that will never be exercised in simulation. For the purposes of this article, we will examine only the statement coverage, but the concepts presented here could be extended to branch, condition, FSM and toggle coverage as well. In the Ethernet MAC design, the default statement coverage achieved in simulation is 96.6%, with 62 statements missed. 28

The code above contains a case statement default branch which can never be activated in simulation. This is an example of the type of code that is flagged as unreachable by CoverCheck and automatically pruned from the coverage model. These types of targets are essentially noise and removing them improves the fidelity of the code coverage metrics. After updating the Unified Coverage Database (UCDB) with the CoverCheck results, the statement coverage has now risen to 98.8% (as shown below). Of course, care must be taken to review the unreachable items to be certain they are expected. Some coverage items may be unreachable due to a design bug that overconstrains the operation of the logic, such as the case where the code is related to a mode of operation of a reused block that is not relevant to the current design. 29

The Ethernet MAC testbench does not test the design in half-duplex mode. Since this mode is not intended to be verified, the code related to that mode can be ignored for the purposes of code coverage measurements. But, rather than manually reviewing the code coverage holes to determine which ones are related to the half-duplex mode of operation, CoverCheck can automatically derive that information if a simple constraint is specified to indicate that the design should only be tested in full-duplex mode. The following TCL directive sets the mode register bit that controls operation of the device to full-duplex mode: netlist constant ethreg1.moder_1.dataout\[2\] 1 b1 Running CoverCheck with this constraint and updating the UCDB again shows that the statement coverage is actually sitting at 99.3% (as shown above). 30

GUIDANCE TO WRITE ADDITIONAL TESTS Now we ve reduced the number of coverage holes to be investigated by a factor of 5, which isn t bad. But what about the remaining 20%, or in this case 12 missed statements? The CoverCheck results show that 11 out of these 12 statements are in fact reachable, as illustrated on the previous page, lower left. Formal analysis can show how to exercise these tough to reach places in the design. For example, line 314 of the txethmac1 block related to the transmit packet retry function is not covered in simulation (shown above). CoverCheck provides a waveform (below) that shows the sequence of input stimulus that will get the design into this state. This can be directly converted into a simulation testbench or it can be used to guide the manual creation of new tests to hit this coverage point. 31

DESIGN FOR VERIFIABILITY So, at this point, we are down to 1 out of the original list of 62 missed statements that would have required manual review in the traditional flow. We have addressed the vast majority of the issues (98.4% to be precise). The last inconclusive coverage point would have to be reviewed by the designers to determine if it can be ignored, if it must be covered or if it is related to a bug in the design that makes it difficult or impossible to reach. The line of code in question is related to the excessive deferral of packets in the eth_txethmac block. Above is an example of a line of code that can t be reached through simulation regressions and is inconclusive when analyzed by formal analysis. It indicates that it s a very complex piece of logic potentially overly complex. When this type of situation occurs, the question could be asked: Could this part of the logic be redesigned in such a way as to make it more easily coverable and verifiable? 3 CONCLUSIONS Even a few percentages of missed targets on a large design will take a disproportionate amount of time and effort to review and get closure on in the traditional way. Using an automatic formal application like CoverCheck reduces the pain by at least an order of magnitude. Not only does it speed up the process, but it ensures that excluded coverage bins have been formally proven to be safe to ignore, delivering higher design quality. Finally, it provides feedback that is very useful in guiding the designers to give more consideration to design for verifiability. REFERENCES: 1. http://www.currentresults.com/weather-extremes/ index.php 2. OpenCores Ethernet MAC http://opencores.org/ project,ethmac 3. C. Richard Ho, Michael Theobald, Martin M. Deneroff, Ron O. Dror, Joseph Gagliardo, and David E. Shaw, Early Formal Verification of Conditional Coverage Points to Identify Intrinsically Hard-to-Verify Logic, Proceedings of the 45th Annual Design Automation Conference (DAC 08), Anaheim, California, June 9 13, 2008. 32

Editor: Tom Fitzpatrick Program Manager: Rebecca Granquist Wilsonville Worldwide Headquarters 8005 SW Boeckman Rd. Wilsonville, OR 97070-7777 Phone: 503-685-7000 To subscribe visit: www.mentor.com/horizons To view our blog visit: VERIFICATIONHORIZONSBLOG.COM

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback