Introduction To Questa Autocheck Covercheck, and Formal Connectivity Checking PDF

Introduction to
Questa AutoCheck,
CoverCheck, and Formal
Connectivity Checking
Chris Rockwood
Verification Technologist
Design Verification Technology Division
April 2014
Agenda
Questa AutoCheck
Automatic formal checks for common design issues
Questa CoverCheck
Formal analysis to improve code coverage

Also targets SVA covergroups (new in 10.3 release)
Connectivity Checking with Questa Formal

Exhaustive validation of SoC connectivity
2014 Mentor Graphics Corp.
Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies
www.mentor.com
Company Confidential
Questa Platform
Mentor Graphics Functional Verification Solutions
A broad arsenal of
verification solutions
Seamless integration of
formal and simulation
Common compilers
Common GUI features
Unified Coverage Database

www.mentor.com
Questa Formal-based Technologies

A full range of formal solutions
Higher
Effort
Property
Checking
Automated
Applications
Fully
Automatic
Low
Effort
I/F Protocols
Control Logic
Data Integrity
Post-Silicon Debug
Connectivity
Register Map Checks
Design Constraints
Assertion Generation
Reset and X-States
Improve Coverage
Automatic Checks
CDC Verification
www.mentor.com

Higher
Effort
Property
Checking
Automated
Applications
Fully
Automatic
Low
Effort
I/F Protocols
Control Logic
Data Integrity
Post-Silicon Debug
Connectivity
Register Map Checks
Design Constraints
Reset and X-States
Improve Coverage
Automatic Checks
CDC Verification
www.mentor.com
Agenda
Questa AutoCheck
Questa CoverCheck


www.mentor.com

Higher
Effort
Property
Checking
Automated
Applications
Fully
Automatic
Low
Effort
I/F Protocols
Control Logic
Data Integrity
Post-Silicon Debug
Connectivity
Register Map Checks
Design Constraints
Reset and X-States
Improve Coverage
Automatic Checks
CDC Verification
www.mentor.com
Automatic Checks
Easy-to-use, predefined checks for common problems
Push-button functional verification

for checks such as:
RTL
Initialization Checks
- Uninitialized registers
- X propagation/reachability
Functional Issue Checks
- Combinational loops
- Case statement checks
- Arithmetic checks
- Bus checks
- FSM checks
Verilog,
VHDL,
SystemVerilog
Coverage Reachability Checks

- Unreachable Logic
- Unreachable FSM state
- Unreachable FSM transition
- Register stuck at constant
www.mentor.com
Automatic Checks
Easy-to-use, predefined checks for common problems
Push-button functional verification

for checks such as:
RTL
- Case statement checks
- Arithmetic checks
- Bus checks
- FSM checks
- Unreachable Logic
- Unreachable FSM state
- Unreachable FSM transition
- Register stuck at constant
Verilog,
VHDL,
SystemVerilog
Synthesized
Netlist
No testbench
No assertions
No constraints (initially)
Assumptions optional
Includes design functionality, design configurations,

operating conditions, and initialization sequence
Formal
Netlist
www.mentor.com
Finding Bugs with Simulation

Timeline
www.mentor.com

Timeline
Develop RTL
RTL
www.mentor.com

Timeline
Develop RTL
Develop testbench
Testbench
www.mentor.com
RTL

Timeline
Develop RTL
Develop testbench
Run simulation
Testbench
Simulate
RTL
www.mentor.com

Timeline
Develop RTL
Develop testbench
Testbench
RTL
Simulate
Run simulation
Measure results
Coverage
www.mentor.com

Timeline
Develop RTL
Develop testbench
Testbench
RTL
Simulate
Run simulation
Measure results
Analyze results
Coverage
Analyze
Bug?
www.mentor.com

Timeline
Develop RTL
Develop testbench
Testbench
RTL
Simulate
Run simulation
Measure results
Analyze results
Analyze
Coverage
Bug?
Time to find bugs can be too long

Simulation cannot find all bugs
www.mentor.com
Finding Bugs with Questa AutoCheck

Timeline
www.mentor.com

Timeline
Develop RTL
RTL
www.mentor.com

Timeline
Develop RTL
RTL
Run AutoCheck
AutoCheck
www.mentor.com

Timeline
Develop RTL
RTL
Run AutoCheck
AutoCheck
Analyze results
Bug?
Analyze
www.mentor.com

Timeline
Develop RTL
Run AutoCheck
Analyze results
Bug?
RTL
You can use

AutoCheck
as soon as you
have your RTL
code
AutoCheck
www.mentor.com
Analyze

Timeline
Develop RTL
Run AutoCheck
Analyze results
Bug?
RTL
You can use

AutoCheck
as soon as you
have your RTL
code
AutoCheck
Analyze
Shortest time to find bugs

Finds bugs that simulation misses!
www.mentor.com
Questa AutoCheck
Questa
Automated design checking for:
Common design errors

Coverage closure issues
The functional impact of Xs
10
www.mentor.com
Questa AutoCheck
Questa

No testbench required
You can use it whenever you have RTL available for your
block/chip and BEFORE you simulate
10
www.mentor.com
Questa AutoCheck
Questa

No need to write assertions
Assertions are automatically generated by Questa AutoCheck and

used/proved under the hood
10
www.mentor.com
Questa AutoCheck
Questa

No need to write assertions
Assertions are automatically generated by Questa AutoCheck and

used/proved under the hood
Easy to run
10
www.mentor.com
Arithmetic and Bus Checks
Arithmetic checks
Overflow checks
Division by 0 checks
Various bus checks
Multiple drivers active

No driver active
Clear reporting of violations
Easy debugging
Show waveforms
Source code view
11
www.mentor.com
Arithmetic and Bus Checks
Arithmetic checks
Overflow checks
Division by 0 checks
Overflow happens here
Various bus checks
Multiple drivers active

No driver active
Clear reporting of violations
Easy debugging
Show waveforms
Source code view
11
www.mentor.com
Combinational Feedback Loop Check
Combinational feedback loops (CFLs) may simulate at the RTL level

without problems
Bad behavior only shows in simulation with back-annotated timing or

ultimately in silicon
Easy to debug
Finds CFLs early
Schematic view spans modules

Direct link to source code
Saves debug time later

Prevent respins
Checks sequential control logic
12
www.mentor.com
Combinational Feedback Loop Check
Combinational feedback loops (CFLs) may simulate at the RTL level

without problems
Bad behavior only shows in simulation with back-annotated timing or

ultimately in silicon
Easy to debug
Finds CFLs early
Schematic view spans modules

Direct link to source code
Saves debug time later

Prevent respins
Checks sequential control logic
Loops can span multiple

levels of logic and modules
12
www.mentor.com
Example: Dead Code
Sometimes dead code is due to a complex functional bug

in the design and should be resolved
Example: AutoCheck will find this; most lint tools wont:

always @(posedge clk or negedge rstn)
if (!rstn)
en1 <= 1'b0;
else
en1 <= FSMst[0] ? 1'b1 : 1'b0;

if (!rstn)
else
en2 <= 1'b0;
case (FSMst)
3'b100: en2 <= 1'b1; 3'b010: en2 <= 1'b1;
3'b001: en2 <= 1'b0; default: en2 <= 1'b0; endcase
assign sel = en1 && en2;

always @*
if (sel) pmux <= d1;
else
pmux <= d0;

13
www.mentor.com
Example: Dead Code
Sometimes dead code is due to a complex functional bug

in the design and should be resolved
Example: AutoCheck will find this; most lint tools wont:

if (!rstn)
en1 <= 1'b0;
else
en1 <= FSMst[0] ? 1'b1 : 1'b0;

if (!rstn)
else
en2 <= 1'b0;
case (FSMst)
3'b100: en2 <= 1'b1; 3'b010: en2 <= 1'b1;
always 0
3'b001: en2 <= 1'b0; default: en2 <= 1'b0; endcase
assign sel = en1 && en2;

always @*
if (sel) pmux <= d1;
else
dead code
pmux <= d0;

13
www.mentor.com
Example: FSM Deadlock with Dead Code
Sometimes checks are related
Simple FSM Deadlock conditions due to incorrect structure

can be found by lint tools and Questa AutoCheck
More complex sequential logic causing FSM Deadlock and

Dead Code can only be found by Questa AutoCheck
case (cstate)
3'b001: if (en)
nstate <= 3'b010;
else
nstate <= 3'b001;
3'b010: nstate <= 3'b100;
3'b100: if (bar)
nstate <= 3'b100;
else
nstate <= 3'b100;
default: nstate <= 3'b001;
endcase
FSM.v
Complex
Sequential
Logic
bar
14
www.mentor.com


case (cstate)
3'b001: if (en)
nstate <= 3'b010;
else
nstate <= 3'b001;
3'b010: nstate <= 3'b100;
3'b100: if (bar)
nstate <= 3'b100;
else
nstate <= 3'b100;
endcase
FSM.v
Complex
Sequential
Logic
bar
Typo in FSM,
FSM structurally incorrect
Lint and
AutoCheck
Catch it
14
www.mentor.com


case (cstate)
3'b001: if (en)
nstate <= 3'b010;
else
nstate <= 3'b001;
3'b010: nstate <= 3'b100;
3'b100: if (bar)
nstate <= 3'b001;
3'b100;
else
nstate <= 3'b100;
endcase
FSM.v
Complex
Sequential
Logic
bar
Lint and
AutoCheck
Catch it
14
www.mentor.com


case (cstate)
3'b001: if (en)
nstate <= 3'b010;
else
nstate <= 3'b001;
3'b010: nstate <= 3'b100;
3'b100: if (bar)
nstate <= 3'b001;
3'b100;
else
nstate <= 3'b100;
endcase
FSM.v
Complex
Sequential
Logic
bar
bar stuck; FSM Deadlock,

FSM structurally correct
FSM.v
Lint
and
Only
AutoCheck
AutoCheck
Catch itit
catches
14
www.mentor.com
Example: FSM Unreachable State/Transition
Lint finds simple case; only AutoCheck finds complex case

process (clk,rstn) begin
if (rstn = '0') then start <= '0'; inA_r <= '0';
elsif (clk'event and clk = '1') then
start <= inA and inB; inA_r <= inA;
if (rstn = '0') then enable <= '0';
enable <= not inA_r and inB and start;
process (cstate,start,enable) begin case (cstate) is
when idle => if (start = '1') then nstate <= go;
else nstate <= idle; end if;
when go
=> nstate <= cont;
when cont => if (enable = '1') then nstate <= idle;

when pass => nstate <= idle;
15
www.mentor.com

when go
=> nstate <= cont;
when cont => if (enable = '1') then nstate <= idle;
typo

15
www.mentor.com

when go
=> nstate <= cont;
when cont => if (enable = '1') then nstate <= pass;
good

15
www.mentor.com

unreachable

enable
always
0
<= not inA_r and inB and start;

when go
=> nstate <= cont;
when cont => if (enable = '1') then nstate <= pass;
good

15
www.mentor.com
Other Miscellaneous Design Checks
Various register checks

Multiply-driven signals
Stuck-at checks
Develop RTL
Run AutoCheck
Clock-in-data checks
Undriven logic checks
Illegal range checks
Case statement checks
and other RTL, structural, and formal checks!
Analyze results
Bug?
16
www.mentor.com
Other Miscellaneous Design Checks
Various register checks

Multiply-driven signals
Stuck-at checks
Develop RTL
Run AutoCheck
Clock-in-data checks
Undriven logic checks
Illegal range checks
Case statement checks
and other RTL, structural, and formal checks!
Analyze results
Bug?
AutoCheck finds design problems early

16
www.mentor.com
AutoCheck: Intuitive Debug
17
www.mentor.com
Select
Category
17
www.mentor.com
Select
Category
RMB choose
menu item to show
source/schematic/
FSM/waveforms
17
www.mentor.com
Conclusion
Simulation alone is not enough
It takes too long to find bugs

Not all bugs will be found in simulation
18
www.mentor.com
Conclusion

Questa

18
www.mentor.com
Conclusion

Questa

The shortest time to find bugs

Finds critical bugs that simulation cant find
18
www.mentor.com
Agenda
Questa AutoCheck
Questa CoverCheck


19
www.mentor.com

Higher
Effort
Property
Checking
Automated
Applications
Fully
Automatic
Low
Effort
I/F Protocols
Control Logic
Data Integrity
Post-Silicon Debug
Connectivity
Register Map Checks
Design Constraints
Reset and X-States
Improve Coverage
Automatic Checks
CDC Verification
20
www.mentor.com
Automatic Checks: CoverCheck
Easy-to-use predefined checks for common problems
Push-button functional verification for checks such as:

- Arithmetic checks
- Bus checks
-
RTL
Verilog,
VHDL,
SystemVerilog

- Statement
- Branch
- Condition
- Expression
- FSM
- Toggle
- Covergroups (New in 10.3)
21
www.mentor.com
Automatic Checks: CoverCheck
Easy-to-use predefined checks for common problems
Push-button functional verification for checks such as:

- Arithmetic checks
- Bus checks
-
- Statement
- Branch
- Condition
- Expression
- FSM
- Toggle
- Covergroups (New in 10.3)
RTL
Verilog,
VHDL,
SystemVerilog
Synthesized
Netlist
No testbench
No assertions
No constraints (initially)
Assumptions optional
Includes design functionality, design configurations,

operating conditions, and initialization sequence
21
Formal
Netlist
www.mentor.com
Coverage Metrics
Basic: Code/FSM/Assertion Coverage
Checks that all RTL has been exercised

Checks that all assertions have been exercised
Semi-automated: Transaction/Structural Coverage
Checks that all types of transactions have occurred

Ensures that the tests have sufficiently stressed the design
Advanced: Functional Coverage
Checks that all requirements for the design have been tested
Does the design work in all scenarios?
All of these coverage types are measured and tracked to

determine when verification is complete and the chip is
ready to tape out or go into the lab
22
www.mentor.com
Coverage Metric Holes
Code/FSM/Assertion Coverage
Functional dead code and unreachable FSM states/transitions

Unreachable covergroup bins
Modes of the design that create dead code
Time can be wasted trying to hit these holes!
Transaction/Structural Coverage
Testbench doesnt stress the design enough

Incomplete functional models dont exercise all transactions
Functional Coverage
Incomplete specification or planning; lack of knowledge or time
Proper test planning can mitigate these challenges
Making use of static verification techniques such as

Questa CoverCheck can minimize time to closure
23
www.mentor.com
Code Coverage: Statement (s)
Counts the execution of each statement on a line

Even if multiple statements
Example:
reg <= dat;
C <= A && B;
Report style based on number of Statements

Enabled Coverage
Active
Hits
Misses
% Covered
----------------
------
----
------
---------
415
387
28
93.2
Stmts
24
www.mentor.com
Code Coverage: Statement (s)
Counts the execution of each statement on a line

Even if multiple statements
Example:
reg <= dat;

Count the statements
and the number of
times each one is hit
C <= A && B;
Report style based on number of Statements

Enabled Coverage
Active
Hits
Misses
% Covered
----------------
------
----
------
---------
415
387
28
93.2
Stmts
24
www.mentor.com
Code Coverage: Branch (b)
Counts the execution of each conditional if/then/else

and case statement
All true and false branches are considered
Each (if/else if/else | case) element counts as a branch
Example (if statement):

if (!rstn)
q <= 1b0;
else
q <= d;
Report style based on number of branches
Enabled Coverage
Active
Hits
Misses % Covered
----------------
------
----
------ ---------
47
45
Branches
2
25
www.mentor.com
95.7
Code Coverage: Branch (b)
Counts the execution of each conditional if/then/else

and case statement
All true and false branches are considered
Each (if/else if/else | case) element counts as a branch
Example (if statement):

if (!rstn)
q <= 1b0;
else
q <= d;
Count total coming

into if statement,
count times each
branch taken
Report style based on number of branches
Enabled Coverage
Active
Hits
Misses % Covered
----------------
------
----
------ ---------
47
45
Branches
2
25
www.mentor.com
95.7
Code Coverage: Condition (c)
Analyzes decisions made in if and ternary statements

Considered an extension of branch coverage
Example:
if (ce && we)
1
0/1
Report style based on Focused Expression Coverage
Enabled Coverage
Active
Hits
Misses
% Covered
----------------
------
----
------
---------
16
13
81.2
FEC Condition Terms
26
www.mentor.com
Code Coverage: Condition (c)
Analyzes decisions made in if and ternary statements

Considered an extension of branch coverage
Example:
All FEC conditions

must be hit:
if (ce && we)

1
0/1
ce = 0,1; we = 0,1
ce is uncovered:
Never hit 0
Enabled Coverage
Active
Hits
Misses
% Covered
----------------
------
----
------
---------
16
13
81.2
FEC Condition Terms
26
www.mentor.com
Code Coverage: Expression (e)

Analyzes expressions on the right hand side of an
assignment
Example:
wire C = A && B
1
0/1
Enabled Coverage
Active
Hits
Misses
% Covered
----------------
------
----
------
---------
25
14
11
56.0
FEC Condition Terms
27
www.mentor.com
Code Coverage: Expression (e)

Analyzes expressions on the right hand side of an
assignment
All FEC conditions
Example:
must be hit:
wire C = A && B
1
0/1
A = 0,1; B = 0,1
A is uncovered:
Never hit 0
Enabled Coverage
Active
Hits
Misses
% Covered
----------------
------
----
------
---------
25
14
11
56.0
FEC Condition Terms
27
www.mentor.com
Code Coverage: Toggle (t)

Counts each time a logic node transitions from one state
to another
Example:
reg FF_A;
always @(posedge clk)
FF_A <= din;
Report style based on Toggle Bins
Enabled Coverage
Active
Hits
Misses
% Covered
----------------
------
----
------
---------
356
351
98.5
Toggle Bins
28
www.mentor.com
Code Coverage: Toggle (t)

Counts each time a logic node transitions from one state
to another
To be covered,
Example:
FF_A must toggle:
0 to 1 and 1 to 0
bin
bin
reg FF_A;
always @(posedge clk)
FF_A <= din;
Report style based on Toggle Bins
Enabled Coverage
Active
Hits
Misses
% Covered
----------------
------
----
------
---------
356
351
98.5
Toggle Bins
28
www.mentor.com
Code Coverage: FSM (f)

Counts the states and transitions of each FSM
Example:
FSM States: S1; S2; S3

FSM Transitions: S1 S1; S1 S2;
S2 S3; S2 S1; S3 S1
29
Report style based on FSM States and Transitions

Enabled Coverage
Active
Hits
Misses
% Covered
----------------
------
----
------
---------
States
100.0
Transitions
80.0
www.mentor.com
Code Coverage: FSM (f)

Counts the states and transitions of each FSM
Example:
All states and

transitions must be hit
FSM States: S1; S2; S3

FSM Transitions: S1 S1; S1 S2;
S2 S3; S2 S1; S3 S1
This transition not
exercised (uncovered)
29
Report style based on FSM States and Transitions

Enabled Coverage
Active
Hits
Misses
% Covered
----------------
------
----
------
---------
States
100.0
Transitions
80.0
www.mentor.com
Typical Coverage Closure Methods
Fix design issues that prevent coverage from being

achieved
Run more vectors to hit missing coverage
Directed tests
Constrained-random tests
Intelligent testbench generation (e.g., Questa inFact)
Spend a lot of time analyzing and applying new vectors
Add exclusions by hand
Sometimes the simulator can add automated exclusions
Use an automated flow to generate exclusions for

coverage elements that are impossible to hit
30
www.mentor.com
Checks for Coverage Exclusions
Coverage Model
31
www.mentor.com
Branch
Unreachable if/else and case branches
Coverage Model
31
www.mentor.com
Branch
Condition/Expression
Unreachable FEC conditions
Coverage Model
31
www.mentor.com
Branch
Statement
Unreachable lines of code
Coverage Model
31
www.mentor.com
Branch
Statement
Toggle
Unreachable register transitions
Coverage Model
31
www.mentor.com
Branch
Statement
Toggle
Coverage Model
FSM
Unreachable FSM states and transitions
31
www.mentor.com
Branch
Statement
Toggle
Coverage Model
FSM
Covergroups (new in 10.3)
31
www.mentor.com
Branch
Statement
Toggle
Coverage Model
FSM
Covergroups (new in 10.3)
Unreachable items are automatically excluded

from your coverage model
31
www.mentor.com
CoverCheck Example Statement Coverage
Dead code easily slips into the design

Especially after changes are made
Dead code often identifies incorrect assumptions
Can lead to critical bugs due to differing interpretation of design

requirements
May synthesize into logic that is not needed
32
www.mentor.com


requirements

reg [1:0] R;
always @* begin
if (a)
R = 2'b00;
else if (b) R = 2'b01;
else
R = 2'b11;
end
R can never be 2b10
32
www.mentor.com


requirements

reg [1:0] R;
always @* begin
if (a)
R = 2'b00;
else if (b) R = 2'b01;
else
R = 2'b11;
end
R can never be 2b10
Hence, this statement

can never be reached
reg T;
always @* begin
T = 1'bX;
case (R)
2'b00:
T
2'b01:
T
2'b10:
T
2'b11:
T
endcase
end
32
www.mentor.com
=
=
=
=
1'b0;
1'b1;
1'b1;
1'b0;
Questa CoverCheck: Before Simulation
Use formal analysis as a stand-alone tool to target coverage

RTL
CoverCheck
33
www.mentor.com

RTL
CoverCheck
Coverage Exclusions
TB
Coverage
Results
Simulation
33
www.mentor.com

RTL
CoverCheck
Coverage Exclusions
TB
Coverage
Results
Simulation
33
www.mentor.com

RTL
CoverCheck
Coverage Exclusions
TB
Coverage
Results
Simulation
This flow can be inefficient

because all coverage items
in the RTL code are targeted
by CoverCheck, which is
computationally expensive
33
www.mentor.com
Questa CoverCheck: After Simulation

Use formal analysis to improve simulation results
RTL
Simulation
TB
34
www.mentor.com

RTL
Simulation
TB
Coverage
Results
34
www.mentor.com

RTL
Simulation
TB
Coverage
Results
CoverCheck
34
www.mentor.com

RTL
Simulation
TB
Coverage
Results
Coverage Exclusions
CoverCheck
34
www.mentor.com

RTL
Simulation
TB
This flow is optimal because

only the coverage items that
were not hit in simulation
are targeted by CoverCheck
Coverage
Results
Coverage Exclusions
CoverCheck
34
www.mentor.com
CoverCheck Results in qverify GUI
35
www.mentor.com
CoverCheck Results in qverify GUI
Unreachable FSM state

Double-click or RMB, Show FSM to
visualize
35
www.mentor.com
CoverCheck Results: Covergroups
36
www.mentor.com
CoverCheck Results: Covergroups
Covergroup results in separate tab

36
www.mentor.com
Example: Generated Exclusion File

ex.do
#
#
Generated Exclusion File
#
coverage exclude -du work.pci_wb_slave -srcfile /project/design/rtl/vlog/pci_wb_slave.v
-linerange 757 -item s 1 -comment "CoverCheck:Statement"
coverage exclude -du work.pci_wb_slave_unit -srcfile project/design/rtl/vlog/pci_wb_slave_unit.v
-fecexprrow 703 2 -item 1 -comment "CoverCheck:Expression"
-feccondrow 886 1 -item 1 -comment "CoverCheck:Condition"
coverage exclude -du work.pci_conf_space -togglenode pci_ba0_bit31_12\[12\] -trans 10
-comment "CoverCheck:Toggle"
coverage exclude -du work.pci_wb_slave -fstate c_state S_CONF_READ
-comment "CoverCheck:FSM"
coverage exclude -cvgpath {/SYSTEM/bridge32_top/bridge/i_pci_target_unit/.../cp/auto[0]}
-comment "CoverCheck:Coverbin"
...
37
www.mentor.com
Example: Generated Exclusion File

ex.do
#
#
Generated Exclusion File
#
-linerange 757 -item s 1 -comment "CoverCheck:Statement"
coverage exclude -du work.pci_wb_slave_unit -srcfile project/design/rtl/vlog/pci_wb_slave_unit.v
-fecexprrow 703 2 -item 1 -comment "CoverCheck:Expression"
-feccondrow 886 1 -item 1 -comment "CoverCheck:Condition"
coverage exclude -du work.pci_conf_space -togglenode pci_ba0_bit31_12\[12\] -trans 10
-comment "CoverCheck:Toggle"
coverage exclude -du work.pci_wb_slave -fstate c_state S_CONF_READ
New in 10.3
-comment "CoverCheck:FSM"
coverage exclude -cvgpath {/SYSTEM/bridge32_top/bridge/i_pci_target_unit/.../cp/auto[0]}
-comment "CoverCheck:Coverbin"
...
37
www.mentor.com
Exclude Coverage After Simulation

Simulation has been previously run and a sim.ucdb exists
Apply the exclude file to the UCDB with vsim
Read in the old .ucdb, apply the exclusions, write out a new .ucdb
Example:
> vsim -c -viewcov sim.ucdb \
-do do ex.do; \
coverage save sim_w_excludes.ucdb; exit
38
www.mentor.com
Exclude Coverage After Simulation

Simulation has been previously run and a sim.ucdb exists
Apply the exclude file to the UCDB with vsim
Read in the old .ucdb, apply the exclusions, write out a new .ucdb
Example:
> vsim -c -viewcov sim.ucdb \
Apply the exclusions
-do do ex.do; \
coverage save sim_w_excludes.ucdb; exit
38
www.mentor.com
Simulation Coverage Before/After Exclusions

Coverage Report Summary by design unit:
Original Run
Design Unit: work.pci_target32_sm

Enabled Coverage
---------------Stmts
Branches
FEC Condition Terms
FEC Expression Terms
FSMs
States
Transitions
Toggle Bins
Active
-----98
22
0
186
Hits
---93
21
0
57
3
5
106
3
4
76
TOTAL COVERGROUP COVERAGE: 43.7%
Misses % Covered
------ --------5
94.8
1
95.4
0
100.0
129
30.6
90.0
0
100.0
1
80.0
30
71.6
COVERGROUP TYPES: 4
Total Coverage By Design Unit (filtered view): 46.7%
With exclusions
Design Unit: work.pci_target32_sm

Enabled Coverage
---------------Stmts
Branches
FEC Condition Terms
FEC Expression Terms
FSMs
States
Transitions
Toggle Bins
Active
-----93
21
0
186
Hits
---93
21
0
58
3
5
106
3
4
76
TOTAL COVERGROUP COVERAGE: 59.8%
Misses % Covered
------ --------0
100.0
0
100.0
0
100.0
128
31.1
90.0
0
100.0
1
80.0
30
71.6
COVERGROUP TYPES: 4
Total Coverage By Design Unit (filtered view): 51.3%

39
www.mentor.com
CoverCheck Success at Rockwell Collins
CoverCheck was evaluated and purchased last year
This purchase was outside the normal contract renewal cycle

CoverCheck was new in 2013, not part of the old Questa Formal
First design used for evaluation was not an ideal application

In-house design; had gone through requirements-based
verification, so code coverage misses were very small
Only 3 unreachable coverage items were found
Evaluation on third-party IP was dramatically more successful

Not all functions of DDR3 and PCIe IP blocks are used
Some inputs tied to 0/1; some registers set to fixed values
Code coverage was only 55% when CoverCheck was first used
6% improvement within hours (vs. 2 weeks using manual exclusions)

Thousands of exclusions generated within days (vs. months)
CoverCheck is ideally suited for some designs

Is your design one of them?
40
www.mentor.com
Questa CoverCheck Benefits
Schedule
predictability
Save project time that would have been spent manually

reviewing the coverage holes
Improved
metrics
Automatically eliminate code that was never meant to be

exercised
Tune measurement to the relevant modes of operation
Improved
design quality
Witness waveforms eliminate danger of ignoring

coverage holes that are reachable
Complexity measurement guides design for verification
Elimination of
waiver rot
Manually generated waivers have to be maintained as

the code changes
41
www.mentor.com
Agenda
Questa AutoCheck
Questa CoverCheck


42
www.mentor.com

Higher
Effort
Property
Checking
Automated
Applications
Fully
Automatic
Low
Effort
I/F Protocols
Control Logic
Data Integrity
Post-Silicon Debug
Connectivity
Register Map Checks
Design Constraints
Reset and X-States
Improve Coverage
Automatic Checks
CDC Verification
43
www.mentor.com
SoC Connectivity Validation

PHY
PHY
PHY
PHY
CPU
USB
Ethernet
Protocol
Custom
Core
MasterIF
SlaveIF
MasterIF
MasterIF
SlaveIF
Arbiter
AMBAAHB/AXI
MasterIF
MasterIF
CPU
Memory
DMA
Main Clock Domain
Bridge
Sub
Clock
Domain
AMBAAPB
SlaveIF
SlaveIF
UART
GPIO
Bridge
PCI
Express
PHY
44
www.mentor.com

Pin-constrained I/O pad muxing
Application
On-chip bus connectivity
PHY
PHY
PHY
PHY
CPU
USB
Ethernet
Protocol
Custom
Core
MasterIF
SlaveIF
MasterIF
MasterIF
SlaveIF
Arbiter
Objective
Check bus and I/O pad connections

Check all modes of operation
AMBAAHB/AXI
MasterIF
MasterIF
CPU
Memory
DMA
Main Clock Domain
Bridge
Sub
Clock
Domain
AMBAAPB
SlaveIF
SlaveIF
UART
GPIO
Bridge
PCI
Express
PHY
Challenge
100s to 1000s of connections

Tedious to check in simulation
Benefit of
Formal
Approach
Considers all modes of operation

Able to catch corner-case scenarios
44
www.mentor.com

Application
PHY
PHY
PHY
PHY
CPU
USB
Ethernet
Protocol
Custom
Core
MasterIF
SlaveIF
MasterIF
MasterIF
SlaveIF
Arbiter
Objective

AMBAAHB/AXI
MasterIF
MasterIF
CPU
Memory
DMA
Main Clock Domain
Bridge
Sub
Clock
Domain
AMBAAPB
SlaveIF
SlaveIF
UART
GPIO
Bridge
PCI
Express
PHY
Challenge

Benefit of
Formal
Approach

44
www.mentor.com

Application
PHY
PHY
PHY
PHY
CPU
USB
Ethernet
Protocol
Custom
Core
MasterIF
SlaveIF
MasterIF
MasterIF
SlaveIF
Arbiter
Objective

AMBAAHB/AXI
MasterIF
MasterIF
CPU
Memory
DMA
Main Clock Domain
Bridge
Sub
Clock
Domain
AMBAAPB
SlaveIF
SlaveIF
UART
GPIO
Bridge
PCI
Express
PHY
Challenge

Benefit of
Formal
Approach

44
www.mentor.com

Application
PHY
PHY
PHY
PHY
CPU
USB
Ethernet
Protocol
Custom
Core
MasterIF
SlaveIF
MasterIF
MasterIF
SlaveIF
Arbiter
Objective

AMBAAHB/AXI
MasterIF
MasterIF
CPU
Memory
DMA
Main Clock Domain
Bridge
Sub
Clock
Domain
AMBAAPB
SlaveIF
SlaveIF
UART
GPIO
Bridge
PCI
Express
PHY
Challenge

Benefit of
Formal
Approach

44
www.mentor.com
Connectivity Applications
Pin-constrained I/O pads (pin multiplexing)
On-chip bus connectivity in SoC designs
Power rails
DFT and related test logic
Memory-related signals
Pure combinational logic functions
SoC/ASIC/FPGA designs all have applications
Other
45
www.mentor.com
ConnectivityCheck in Questa Formal
Easily, quickly and thoroughly verify connectivity
Courtesy of Mark Handover

46
www.mentor.com
Checker
Keyword
Source
Destination
connect
Signal 1
Signal 2
connect_dly
Signal 1
Signal 2
cond
Signal 1
Signal 2
cond_dly
Signal 1
Signal 2
Mutex
Signal 1
tied_high
Signal 1
tied_low
Signal 1
Condition
Delay
Delay Value
Condition
Signal
Condition
Signal
Delay Value
Create Connectivity spec (.csv, .tsv)

46
www.mentor.com
Checker
Keyword
Source
Destination
connect
Signal 1
Signal 2
connect_dly
Signal 1
Signal 2
cond
Signal 1
Signal 2
cond_dly
Signal 1
Signal 2
Mutex
Signal 1
tied_high
Signal 1
tied_low
Signal 1
Condition
Delay
Delay Value
Condition
Signal
Condition
Signal
Delay Value
Auto-generate
assertions and
testplan

46
www.mentor.com
Checker
Keyword
Source
Destination
connect
Signal 1
Signal 2
connect_dly
Signal 1
Signal 2
cond
Signal 1
Signal 2
cond_dly
Signal 1
Signal 2
Mutex
Signal 1
tied_high
Signal 1
tied_low
Signal 1
Condition
Delay
RTL
Delay Value
Condition
Signal
Condition
Signal
Delay Value
Exhaustively Check Connectivity
Auto-generate
assertions and
testplan
Questa
Formal
No testbench needed
14 automatically generated check types
+ coverage + testplan

46
www.mentor.com
Checker
Keyword
Source
Destination
connect
Signal 1
Signal 2
connect_dly
Signal 1
Signal 2
cond
Signal 1
Signal 2
cond_dly
Signal 1
Signal 2
Mutex
Signal 1
tied_high
Signal 1
tied_low
Signal 1
Condition
Delay
RTL
Delay Value
Condition
Signal
Condition
Signal
Delay Value
Exhaustively Check Connectivity
Auto-generate
assertions and
testplan
Questa
Formal
No testbench needed
14 automatically generated check types
+ coverage + testplan
Questa VM
Faster than using simulation cycles

46
www.mentor.com
Types of Connectivity Bugs
Source connected to the wrong destination

Directly or conditionally
Source connected to destination with scrambled bits

Breaks in connectivity due to design function

Connections to incorrect logic levels
Coverage to check whether bits of a connection are stuck
47
www.mentor.com
Connectivity Validation: Problem/Solution
Problem: Old methods are no longer adequate

Manual checking
Not feasible any more; designs are too large and complex
Simulation
Takes time to set up a test suite

Connectivity is usually tested indirectly, not directly
Not exhaustive
Solution: A semi-automated formal verification flow
48
www.mentor.com

Manual checking
Simulation

Not exhaustive
Define connectivity in a common format (usually a spreadsheet)
48
www.mentor.com

Manual checking
Simulation

Not exhaustive

Automatically translate specified connections into properties
48
www.mentor.com

Manual checking
Simulation

Not exhaustive

Connect properties to design with minimal effort by the user
48
www.mentor.com

Manual checking
Simulation

Not exhaustive

Run formal analysis
48
www.mentor.com

Manual checking
Simulation

Not exhaustive

Run formal analysis
View and debug results
48
www.mentor.com
Connectivity Check Types

Point to Point Connectivity
connect
Direct connect
connect_dly
Connect with delay
connect_inv
All signals inverted
connect_allsame
src[N:0]
dest[N:0]
src[N:0]
dest[N:0]
src[N:0]
dest[N:0]
src[N:0]
dest[M:0]
All 0s or all 1s
49
www.mentor.com
Conditional Point to Point Connectivity
Direct connect
src[N:0]
cond
dest[N:0]
conditionally
cond_dly
src[N:0]
dest[N:0]
Connect with delay
conditionally
cond_inv
src[N:0]
All signals inverted
dest[N:0]
conditionally
cond_allsame
All 0s or all 1s
src[N:0]
dest[M:0]
conditionally
50
www.mentor.com

Specific Connectivity
mutex
cond_mutex
tied_high
cond_tied_high
tied_low
cond_tied_low
00010
src[N:0]
00010
cond
src[N:0]
src[N:0]
cond
src[N:0]
src[N:0]
cond
51
src[N:0]
www.mentor.com

Coverage
Coverage
Important to ensure absence of stuck bits on connections
Example
Consider the check:

if cond is true, then src is connected to dest
cond |-> src == dest
This checks the conditional connection between src and dest
But will be proven even if cond is stuck high
Cover properties are used to ensure all bits can toggle

cover property ( @($global_clock)
cover property ( @($global_clock)
$rose(cond[i]) );
$fell(cond[i]) );
52
www.mentor.com
Questa Formal Connectivity Flow

Connectivity Table
(.tsv/.csv)
qconnect_check
work
qconnect_checkers.sv
qconnect_bind.sv
vlog/vcom
RTL
formal
compile
formal
verify
53
www.mentor.com

Connectivity Table
(.tsv/.csv)
qconnect_check
work
qconnect_bind.sv
vlog/vcom
RTL
formal
compile
formal
verify
53
www.mentor.com
Connectivity Specification Format
Table header names and type names guide the script
Signal names for src/dest/cond must use SV top-down hierarchical references, can be constant Verilog values
Condition can be a signal or expression, delay is number of clock cycles
Comment with # and white spaces are permitted
type
src
dest
cond
delay
connect
signal
signal
connect_dly
signal
signal
connect_inv
signal
signal
connect_allsame
signal
signal
cond
signal
signal
signal/expression
cond_dly
signal
signal
signal/expression
cond_inv
signal
signal
signal/expression
cond_allsame
signal
signal
signal/expression
mutex
signal
cond_mutex
signal
tied_high
signal
cond_tied_high
signal
tied_low
signal
cond_tied_low
signal
signal/expression
signal/expression
signal/expression
54
www.mentor.com

Connectivity Table
(.tsv/.csv)
qconnect_check
work
qconnect_bind.sv
vlog/vcom
RTL
formal
compile
formal
verify
55
www.mentor.com

Connectivity Table
(.tsv/.csv)
qconnect_check
work
qconnect_bind.sv
vlog/vcom
RTL
formal
compile
formal
verify
55
www.mentor.com
Debug Connectivity Results in Questa Formal
qverify log_conn/formal_verify.db
56
www.mentor.com
View Source
(with annotation)
56
www.mentor.com
View Source
(with annotation)
View Waveforms
56
www.mentor.com
View Source
(with annotation)
View Waveforms
View Schematics
56
www.mentor.com

Higher
Effort
Property
Checking
Automated
Applications
Fully
Automatic
Low
Effort
I/F Protocols
Control Logic
Data Integrity
Post-Silicon Debug
Connectivity
Register Map Checks
Design Constraints
Reset and X-States
Improve Coverage
Automatic Checks
CDC Verification
57
www.mentor.com
www.mentor.com

Introduction To Questa Autocheck Covercheck, and Formal Connectivity Checking PDF

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Introduction To Questa Autocheck Covercheck, and Formal Connectivity Checking PDF

Hochgeladen von

Copyright:

Verfügbare Formate

Introduction to

Automatic formal checks for common design issues

Formal analysis to improve code coverage

Connectivity Checking with Questa Formal

2014 Mentor Graphics Corp.

Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

Mentor Graphics Functional Verification Solutions

Common GUI features

Unified Coverage Database

Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

Questa Formal-based Technologies

Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

Questa Formal-based Technologies

Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

Automatic formal checks for common design issues

Formal analysis to improve code coverage

Connectivity Checking with Questa Formal

2014 Mentor Graphics Corp.

Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

Questa Formal-based Technologies

Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

Easy-to-use, predefined checks for common problems

Push-button functional verification

Coverage Reachability Checks

Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

Easy-to-use, predefined checks for common problems

Push-button functional verification

Includes design functionality, design configurations,

2014 Mentor Graphics Corp.

Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

Finding Bugs with Simulation

2014 Mentor Graphics Corp.

Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

Finding Bugs with Simulation

2014 Mentor Graphics Corp.

Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

Finding Bugs with Simulation

2014 Mentor Graphics Corp.

Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

Finding Bugs with Simulation

2014 Mentor Graphics Corp.

Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

Finding Bugs with Simulation

2014 Mentor Graphics Corp.

Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

Finding Bugs with Simulation

2014 Mentor Graphics Corp.

Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

Finding Bugs with Simulation

Time to find bugs can be too long

Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

Finding Bugs with Questa AutoCheck

2014 Mentor Graphics Corp.

Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

Finding Bugs with Questa AutoCheck

2014 Mentor Graphics Corp.

Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

Finding Bugs with Questa AutoCheck

2014 Mentor Graphics Corp.

Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

Finding Bugs with Questa AutoCheck

2014 Mentor Graphics Corp.