Vous êtes sur la page 1sur 133

Introduction to Questa AutoCheck, CoverCheck, and Formal Connectivity Checking

Chris Rockwood

Verification Technologist Design Verification Technology Division

April 2014

Introduction to Questa AutoCheck, CoverCheck, and Formal Connectivity Checking Chris Rockwood Verification Technologist Design Verification Technology

Agenda

  • Questa AutoCheck

— Automatic formal checks for common design issues

  • Questa CoverCheck

— Formal analysis to improve code coverage — Also targets SVA covergroups (new in 10.3 release)

  • Connectivity Checking with Questa Formal

— Exhaustive validation of SoC connectivity

  • 2 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Questa Platform

Mentor Graphics’ Functional Verification Solutions

Questa Platform Mentor Graphics’ Functional Verification Solutions A broad arsenal of verification solutions Seamless integration of
A broad arsenal of verification solutions
A broad arsenal of
verification solutions
Seamless integration of formal and simulation
Seamless integration of
formal and simulation
  • Common compilers

  • Common GUI features

  • Unified Coverage Database

  • 3 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Questa Formal-based Technologies

A full range of formal solutions

Higher Property Effort Checking Automated Applications Fully Automatic Low Effort
Higher
Property
Effort
Checking
Automated
Applications
Fully
Automatic
Low
Effort
I/F Protocols Control Logic Data Integrity Post-Silicon Debug
I/F Protocols
Control Logic
Data Integrity
Post-Silicon Debug
Connectivity Register Map Checks Design Constraints
Connectivity
Register Map Checks
Design Constraints
Assertion Generation Reset and X-States Improve Coverage Automatic Checks CDC Verification
Assertion Generation
Reset and X-States
Improve Coverage
Automatic Checks
CDC Verification
  • 4 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Questa Formal-based Technologies

A full range of formal solutions

Higher Property Effort Checking Automated Applications Fully Automatic Low Effort
Higher
Property
Effort
Checking
Automated
Applications
Fully
Automatic
Low
Effort
I/F Protocols Control Logic Data Integrity Post-Silicon Debug
I/F Protocols
Control Logic
Data Integrity
Post-Silicon Debug
Connectivity Register Map Checks Design Constraints
Connectivity
Register Map Checks
Design Constraints
Assertion Generation Reset and X-States Improve Coverage Automatic Checks CDC Verification
Assertion Generation
Reset and X-States
Improve Coverage
Automatic Checks
CDC Verification
  • 4 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Agenda

  • Questa AutoCheck

— Automatic formal checks for common design issues

  • Questa CoverCheck

Formal analysis to improve code coverage Also targets SVA covergroups (new in 10.3 release)

  • Connectivity Checking with Questa Formal

Exhaustive validation of SoC connectivity

  • 5 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Questa Formal-based Technologies

A full range of formal solutions

Higher Property Effort Checking Automated Applications Fully Automatic Low Effort
Higher
Property
Effort
Checking
Automated
Applications
Fully
Automatic
Low
Effort
I/F Protocols Control Logic Data Integrity Post-Silicon Debug
I/F Protocols
Control Logic
Data Integrity
Post-Silicon Debug
Connectivity Register Map Checks Design Constraints
Connectivity
Register Map Checks
Design Constraints
Assertion Generation Reset and X-States Improve Coverage Automatic Checks CDC Verification
Assertion Generation
Reset and X-States
Improve Coverage
Automatic Checks
CDC Verification
  • 6 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Automatic Checks

Easy-to-use, predefined checks for common problems

  • “Push-button” functional verification for checks such as:

Initialization Checks - Uninitialized registers - X propagation/reachability Functional Issue Checks - Combinational loops - Case
Initialization Checks
-
Uninitialized registers
-
X propagation/reachability
Functional Issue Checks
-
Combinational loops
-
Case statement checks
-
Arithmetic checks
-
Bus checks
-
FSM checks
Coverage Reachability Checks
-
Unreachable Logic
-
Unreachable FSM state
-
Unreachable FSM transition
-
Register stuck at constant
  • 7 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

Verilog, Verilog, VHDL, VHDL, SystemVerilog SystemVerilog
Verilog,
Verilog,
VHDL,
VHDL,
SystemVerilog
SystemVerilog

RTL

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Automatic Checks

Easy-to-use, predefined checks for common problems

  • “Push-button” functional verification for checks such as:

Automatic Checks Easy-to-use, predefined checks for common problems  “Push-button” functional verification for checks such as:

RTL

Automatic Checks Easy-to-use, predefined checks for common problems  “Push-button” functional verification for checks such as:
Verilog, Verilog, VHDL, VHDL, SystemVerilog SystemVerilog
Verilog,
Verilog,
VHDL,
VHDL,
SystemVerilog
SystemVerilog
Initialization Checks - Uninitialized registers - X propagation/reachability Functional Issue Checks - Combinational loops - Case
Initialization Checks
-
Uninitialized registers
-
X propagation/reachability
Functional Issue Checks
-
Combinational loops
-
Case statement checks
-
Arithmetic checks
-
Bus checks
-
FSM checks
Coverage Reachability Checks
-
Unreachable Logic
-
Unreachable FSM state
-
Unreachable FSM transition
-
Register stuck at constant

Synthesized

Netlist

Automatic Checks Easy-to-use, predefined checks for common problems  “Push-button” functional verification for checks such as:

No testbench No assertions No constraints (initially)

Assumptions optional

Automatic Checks Easy-to-use, predefined checks for common problems  “Push-button” functional verification for checks such as:

Formal

Netlist

Includes design functionality, design configurations, operating conditions, and initialization sequence

  • 7 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Finding Bugs with Simulation

Timeline

Finding Bugs with Simulation Timeline 8 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies ©
  • 8 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Finding Bugs with Simulation

Timeline

Finding Bugs with Simulation Timeline Develop RTL 8 Rockwell Collins Technology Day 2014 | Questa Formal-based
Develop RTL
Develop RTL
  • 8 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

RTL
RTL

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Finding Bugs with Simulation

Timeline

Finding Bugs with Simulation Timeline Develop RTL Develop testbench Testbench RTL 8 Rockwell Collins Technology Day
Develop RTL
Develop RTL
Develop testbench
Develop testbench
Testbench RTL
Testbench
RTL
  • 8 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Finding Bugs with Simulation

Timeline

Finding Bugs with Simulation Timeline Develop RTL Develop testbench Run simulation Testbench RTL Simulate 8 Rockwell
Develop RTL
Develop RTL
Develop testbench
Develop testbench
Run simulation
Run simulation
Testbench RTL Simulate
Testbench
RTL
Simulate
  • 8 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Finding Bugs with Simulation

Timeline

Finding Bugs with Simulation Timeline Develop RTL Develop testbench Run simulation Measure results Testbench RTL Simulate
Develop RTL
Develop RTL
Develop testbench
Develop testbench
Run simulation
Run simulation
Measure results
Measure results
Testbench RTL Simulate
Testbench
RTL
Simulate

Coverage

  • 8 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Finding Bugs with Simulation

Timeline

Finding Bugs with Simulation Timeline Develop RTL Develop testbench Run simulation Measure results Analyze results Bug?
Develop RTL
Develop RTL
Develop testbench
Develop testbench
Run simulation
Run simulation
Measure results Analyze results
Measure results
Analyze results

Bug?

Testbench RTL Simulate Analyze
Testbench
RTL
Simulate
Analyze

Coverage

  • 8 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Finding Bugs with Simulation

Timeline

Finding Bugs with Simulation Timeline Develop RTL Develop testbench Run simulation Measure results Analyze results Bug?
Develop RTL
Develop RTL
Develop testbench
Develop testbench
Run simulation
Run simulation
Measure results
Measure results
Analyze results
Analyze results
Bug?
Bug?
Testbench RTL Simulate Analyze
Testbench
RTL
Simulate
Analyze

Coverage

Time to find bugs can be too long Simulation cannot find all bugs

  • 8 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Finding Bugs with Questa AutoCheck

Timeline

Finding Bugs with Questa AutoCheck Timeline 9 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies
  • 9 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Finding Bugs with Questa AutoCheck

Timeline

Finding Bugs with Questa AutoCheck Timeline Develop RTL 9 Rockwell Collins Technology Day 2014 | Questa
Develop RTL
Develop RTL
  • 9 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

RTL
RTL

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Finding Bugs with Questa AutoCheck

Timeline

Finding Bugs with Questa AutoCheck Timeline Develop RTL Run AutoCheck 9 Rockwell Collins Technology Day 2014
Develop RTL
Develop RTL
Run AutoCheck
Run AutoCheck
  • 9 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

RTL AutoCheck
RTL
AutoCheck

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Finding Bugs with Questa AutoCheck

Timeline

Finding Bugs with Questa AutoCheck Timeline Develop RTL Run AutoCheck Analyze results Bug? 9 Rockwell Collins
Develop RTL
Develop RTL
Run AutoCheck Analyze results
Run AutoCheck
Analyze results

Bug?

  • 9 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

RTL AutoCheck
RTL
AutoCheck
Analyze
Analyze

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Finding Bugs with Questa AutoCheck

Timeline

Finding Bugs with Questa AutoCheck Timeline Develop RTL Run AutoCheck Analyze results Bug? You can use
Develop RTL
Develop RTL
Run AutoCheck Analyze results
Run AutoCheck
Analyze results

Bug?

You can use

You can use

AutoCheck

AutoCheck

as soon as you

as soon as you

have your RTL

have your RTL

code

code

RTL AutoCheck
RTL
AutoCheck
Analyze
Analyze
  • 9 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Finding Bugs with Questa AutoCheck

Timeline

Finding Bugs with Questa AutoCheck Timeline Develop RTL Run AutoCheck Analyze results Bug? You can use
Develop RTL
Develop RTL
Run AutoCheck Analyze results
Run AutoCheck
Analyze results

Bug?

You can use

You can use

AutoCheck

AutoCheck

as soon as you

as soon as you

have your RTL

have your RTL

code

code

RTL AutoCheck
RTL
AutoCheck
Analyze
Analyze

Shortest time to find bugs

Finds bugs that simulation misses!

  • 9 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Questa AutoCheck

Automated design checking for: Questa • Common design errors  • Coverage closure issues • The
Automated design checking for:
Questa
Common design errors
Coverage closure issues
The functional impact of X’s
  • 10 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

  

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Questa AutoCheck

Automated design checking for: Questa • Common design errors  • Coverage closure issues • The
Automated design checking for:
Questa
Common design errors
Coverage closure issues
The functional impact of X’s
  • No testbench required

— You can use it whenever you have RTL available for your block/chip and BEFORE you simulate

  • 10 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Questa AutoCheck

Automated design checking for: Questa • Common design errors  • Coverage closure issues • The
Automated design checking for:
Questa
Common design errors
Coverage closure issues
The functional impact of X’s
  • No testbench required

— You can use it whenever you have RTL available for your block/chip and BEFORE you simulate

  • No need to write assertions

— Assertions are automatically generated by Questa AutoCheck and used/proved “under the hood”

  • 10 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Questa AutoCheck

Automated design checking for: Questa • Common design errors  • Coverage closure issues • The
Automated design checking for:
Questa
Common design errors
Coverage closure issues
The functional impact of X’s
  • No testbench required

— You can use it whenever you have RTL available for your block/chip and BEFORE you simulate

  • No need to write assertions

— Assertions are automatically generated by Questa AutoCheck and used/proved “under the hood”

  • Easy to run

  • 10 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Arithmetic and Bus Checks

 Arithmetic checks — Overflow checks — Division by 0 checks
Arithmetic checks
— Overflow checks
— Division by 0 checks
 Various bus checks — Multiple drivers active — No driver active
Various bus checks
— Multiple drivers active
— No driver active
Arithmetic and Bus Checks  Arithmetic checks — Overflow checks — Division by 0 checks 
  • Clear reporting of violations

  • Easy debugging

— Show waveforms — Source code view

  • 11 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Arithmetic and Bus Checks

 Arithmetic checks — Overflow checks — Division by 0 checks
Arithmetic checks
— Overflow checks
— Division by 0 checks
 Various bus checks — Multiple drivers active — No driver active
Various bus checks
— Multiple drivers active
— No driver active
Overflow happens here
Overflow happens here
  • Clear reporting of violations

  • Easy debugging

— Show waveforms — Source code view

  • 11 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Combinational Feedback Loop Check

  • Combinational feedback loops (CFLs) may simulate at the RTL level without problems

  • Bad behavior only shows in simulation with back-annotated timing or ultimately in silicon

Combinational Feedback Loop Check  Combinational feedback loops (CFLs) may simulate at the RTL level without
  • Easy to debug

Schematic view spans modules

— Direct link to source code

  • Finds CFLs early

Saves debug time later

Prevent respins

— Checks sequential control logic

  • 12 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Combinational Feedback Loop Check

  • Combinational feedback loops (CFLs) may simulate at the RTL level without problems

  • Bad behavior only shows in simulation with back-annotated timing or ultimately in silicon

Combinational Feedback Loop Check  Combinational feedback loops (CFLs) may simulate at the RTL level without
  • Easy to debug

Schematic view spans modules

— Direct link to source code

  • Finds CFLs early

Saves debug time later Prevent respins

— — Loops can span multiple levels of logic and modules
Loops can span multiple
levels of logic and modules

— Checks sequential control logic

  • 12 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Example: Dead Code

  • Sometimes dead code is due to a complex functional bug in the design and should be resolved

  • Example: AutoCheck will find this; most lint tools won’t:

always @(posedge clk or negedge rstn)

if (!rstn) else

en1 <= 1'b0;

en1 <= FSMst[0] ? 1'b1 : 1'b0;

always @(posedge clk or negedge rstn)

if (!rstn)

en2 <= 1'b0;

else

case (FSMst) 3'b100: en2 <= 1'b1; 3'b010: en2 <= 1'b1; 3'b001: en2 <= 1'b0; default: en2 <= 1'b0; endcase

assign sel = en1 && en2; always @* if (sel) pmux <= d1;

else

pmux <= d0;

  • 13 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Example: Dead Code

  • Sometimes dead code is due to a complex functional bug in the design and should be resolved

  • Example: AutoCheck will find this; most lint tools won’t:

always @(posedge clk or negedge rstn)

if (!rstn) else

en1 <= 1'b0;

en1 <= FSMst[0] ? 1'b1 : 1'b0;

always @(posedge clk or negedge rstn)

if (!rstn)

en2 <= 1'b0;

else

always 0

case (FSMst) 3'b100: en2 <= 1'b1; 3'b010: en2 <= 1'b1; 3'b001: en2 <= 1'b0; default: en2 <= 1'b0; endcase

assign sel = en1 && en2; always @* if (sel) pmux <= d1;

else

pmux <= d0;

dead code
dead code
  • 13 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Example: FSM Deadlock with Dead Code

  • Sometimes checks are related

  • Simple FSM Deadlock conditions due to incorrect structure can be found by lint tools and Questa AutoCheck

  • More complex sequential logic causing FSM Deadlock and Dead Code can only be found by Questa AutoCheck

Complex Sequential Logic
Complex
Sequential
Logic

bar

… FSM.v case (cstate) 3'b001: if (en) nstate <= 3'b010; else nstate <= 3'b001; 3'b010: nstate
FSM.v
case (cstate)
3'b001: if (en)
nstate <= 3'b010;
else
nstate <= 3'b001;
3'b010: nstate <= 3'b100;
3'b100: if (bar)
nstate <= 3'b100;
else
nstate <= 3'b100;
default: nstate <= 3'b001;
endcase
Example: FSM Deadlock with Dead Code  Sometimes checks are related  Simple FSM Deadlock conditions
  • 14 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Example: FSM Deadlock with Dead Code

  • Sometimes checks are related

  • Simple FSM Deadlock conditions due to incorrect structure can be found by lint tools and Questa AutoCheck

  • More complex sequential logic causing FSM Deadlock and Dead Code can only be found by Questa AutoCheck

… FSM.v case (cstate) Complex Sequential bar Logic Typo in FSM, FSM structurally incorrect 3'b001: if
FSM.v
case (cstate)
Complex
Sequential
bar
Logic
Typo in FSM,
FSM structurally incorrect
3'b001: if (en)
nstate <= 3'b010;
else
nstate <= 3'b001;
3'b010: nstate <= 3'b100;
3'b100: if (bar)
nstate <= 3'b100;
else
nstate <= 3'b100;
default: nstate <= 3'b001;
endcase
Lint and AutoCheck Catch it
Lint and
AutoCheck
Catch it
  • 14 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Example: FSM Deadlock with Dead Code

  • Sometimes checks are related

  • Simple FSM Deadlock conditions due to incorrect structure can be found by lint tools and Questa AutoCheck

  • More complex sequential logic causing FSM Deadlock and Dead Code can only be found by Questa AutoCheck

Complex Sequential Logic
Complex
Sequential
Logic

bar

… … FSM.v FSM.v case (cstate) case (cstate) 3'b001: if (en) 3'b001: if (en) nstate <=
FSM.v
FSM.v
case (cstate)
case (cstate)
3'b001: if (en)
3'b001: if (en)
nstate <= 3'b010;
nstate <= 3'b010;
else
else
nstate <= 3'b001;
nstate <= 3'b001;
3'b010: nstate <= 3'b100;
3'b010: nstate <= 3'b100;
3'b100: if (bar)
3'b100: if (bar)
nstate <= 3'b100;
nstate <= 3'b001;
else
else
nstate <= 3'b100;
nstate <= 3'b100;
default: nstate <= 3'b001;
default: nstate <= 3'b001;
endcase
endcase
Lint and AutoCheck Catch it
Lint and
AutoCheck
Catch it
  • 14 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Example: FSM Deadlock with Dead Code

  • Sometimes checks are related

  • Simple FSM Deadlock conditions due to incorrect structure can be found by lint tools and Questa AutoCheck

  • More complex sequential logic causing FSM Deadlock and Dead Code can only be found by Questa AutoCheck

… … … FSM.v FSM.v case (cstate) case (cstate) case (cstate) 3'b001: if (en) 3'b001: if
FSM.v
FSM.v
case (cstate)
case (cstate)
case (cstate)
3'b001: if (en)
3'b001: if (en)
3'b001: if (en)
nstate <= 3'b010;
nstate <= 3'b010;
nstate <= 3'b010;
Complex
else
else
else
FSM.v
nstate <= 3'b001;
nstate <= 3'b001;
nstate <= 3'b001;
Lint and
Sequential
Only
bar
3'b010: nstate <= 3'b100;
3'b010: nstate <= 3'b100;
3'b010: nstate <= 3'b100;
AutoCheck
AutoCheck
3'b100: if (bar)
3'b100: if (bar)
3'b100: if (bar)
Logic
nstate <= 3'b100;
nstate <= 3'b001;
nstate <= 3'b001;
catches it
Catch it
else
else
else
nstate <= 3'b100;
nstate <= 3'b100;
nstate <= 3'b100;
default: nstate <= 3'b001;
default: nstate <= 3'b001;
default: nstate <= 3'b001;
endcase
endcase
endcase
bar stuck; FSM Deadlock,
FSM structurally correct
  • 14 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Example: FSM Unreachable State/Transition

  • Lint finds simple case; only AutoCheck finds complex case

process (clk,rstn) begin

if (rstn = '0') then start <= '0'; inA_r <= '0';

elsif (clk'event and clk = '1') then

start <= inA and inB; inA_r <= inA; …

process (clk,rstn) begin

if (rstn = '0') then enable <= '0';

elsif (clk'event and clk = '1') then

enable <= not inA_r and inB and start; …

process (cstate,start,enable) begin case (cstate) is

when idle => if (start = '1') then nstate <= go;

else nstate <= idle; end if;

when go

=> nstate <= cont;

Example: FSM Unreachable State/Transition  Lint finds simple case; only AutoCheck finds complex case process (clk,rstn)

when cont => if (enable = '1') then nstate <= idle;

else nstate <= idle; end if;

when pass => nstate <= idle; …

  • 15 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Example: FSM Unreachable State/Transition

  • Lint finds simple case; only AutoCheck finds complex case

process (clk,rstn) begin

if (rstn = '0') then start <= '0'; inA_r <= '0';

elsif (clk'event and clk = '1') then

start <= inA and inB; inA_r <= inA; …

process (clk,rstn) begin

if (rstn = '0') then enable <= '0';

elsif (clk'event and clk = '1') then

enable <= not inA_r and inB and start; …

process (cstate,start,enable) begin case (cstate) is

when idle => if (start = '1') then nstate <= go;

else nstate <= idle; end if;

Example: FSM Unreachable State/Transition  Lint finds simple case; only AutoCheck finds complex case process (clk,rstn)

when go

=> nstate <= cont;

when cont => if (enable = '1') then nstate <= idle;

typo
typo

else nstate <= idle; end if;

when pass => nstate <= idle; …

  • 15 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Example: FSM Unreachable State/Transition

  • Lint finds simple case; only AutoCheck finds complex case

process (clk,rstn) begin

if (rstn = '0') then start <= '0'; inA_r <= '0';

elsif (clk'event and clk = '1') then

start <= inA and inB; inA_r <= inA; …

process (clk,rstn) begin

if (rstn = '0') then enable <= '0';

elsif (clk'event and clk = '1') then

enable <= not inA_r and inB and start; …

process (cstate,start,enable) begin case (cstate) is

when idle => if (start = '1') then nstate <= go;

else nstate <= idle; end if;

when go

=> nstate <= cont;

Example: FSM Unreachable State/Transition  Lint finds simple case; only AutoCheck finds complex case process (clk,rstn)

when cont => if (enable = '1') then nstate <= pass;

else nstate <= idle; end if;

good
good

when pass => nstate <= idle; …

  • 15 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Example: FSM Unreachable State/Transition

  • Lint finds simple case; only AutoCheck finds complex case

process (clk,rstn) begin

if (rstn = '0') then start <= '0'; inA_r <= '0';

elsif (clk'event and clk = '1') then

start <= inA and inB; inA_r <= inA; …

process (clk,rstn) begin

if (rstn = '0') then enable <= '0';

elsif (clk'event and clk = '1') then

always 0

enable <= not inA_r and inB and start; …

process (cstate,start,enable) begin case (cstate) is

when idle => if (start = '1') then nstate <= go;

else nstate <= idle; end if;

when go

=> nstate <= cont;

unreachable
unreachable

when cont => if (enable = '1') then nstate <= pass;

else nstate <= idle; end if;

good
good

when pass => nstate <= idle; …

  • 15 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Other Miscellaneous Design Checks

  • Various register checks

— Multiply-driven signals

— Stuck-at checks

  • Clock-in-data checks

  • Undriven logic checks

  • Illegal range checks

  • Case statement checks

Develop RTL
Develop RTL
Run AutoCheck
Run AutoCheck
Analyze results
Analyze results
Bug?
Bug?
  • … and other RTL, structural, and formal checks!

  • 16 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Other Miscellaneous Design Checks

  • Various register checks

— Multiply-driven signals

— Stuck-at checks

  • Clock-in-data checks

  • Undriven logic checks

  • Illegal range checks

  • Case statement checks

Develop RTL
Develop RTL
Run AutoCheck
Run AutoCheck
Analyze results
Analyze results
Bug?
Bug?
  • … and other RTL, structural, and formal checks!

AutoCheck finds design problems early

  • 16 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

AutoCheck: Intuitive Debug

AutoCheck: Intuitive Debug 17 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies © 2014 Mentor
  • 17 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

AutoCheck: Intuitive Debug Select Category
AutoCheck: Intuitive Debug
Select
Category
  • 17 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

AutoCheck: Intuitive Debug Select Category RMB  choose menu item to show source/schematic/ FSM/waveforms
AutoCheck: Intuitive Debug
Select
Category
RMB  choose
menu item to show
source/schematic/
FSM/waveforms
  • 17 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Conclusion

  • Simulation alone is not enough

— It takes too long to find bugs

— Not all bugs will be found in simulation

  • 18 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Conclusion

  • Simulation alone is not enough

— It takes too long to find bugs

— Not all bugs will be found in simulation

Automated design checking for: Questa • Common design errors  • Coverage closure issues • The
Automated design checking for:
Questa
Common design errors
Coverage closure issues
The functional impact of X’s
  • 18 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Conclusion

  • Simulation alone is not enough

— It takes too long to find bugs

— Not all bugs will be found in simulation

Automated design checking for: Questa • Common design errors  • Coverage closure issues • The
Automated design checking for:
Questa
Common design errors
Coverage closure issues
The functional impact of X’s

The shortest time to find bugs Finds critical bugs that simulation can’t find

  • 18 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Agenda

  • Questa AutoCheck

Automatic formal checks for common design issues

  • Questa CoverCheck

— Formal analysis to improve code coverage

— Also targets SVA covergroups (new in 10.3 release)

  • Connectivity Checking with Questa Formal

Exhaustive validation of SoC connectivity

  • 19 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Questa Formal-based Technologies

A full range of formal solutions

Higher Property Effort Checking Automated Applications Fully Automatic Low Effort
Higher
Property
Effort
Checking
Automated
Applications
Fully
Automatic
Low
Effort
I/F Protocols Control Logic Data Integrity Post-Silicon Debug
I/F Protocols
Control Logic
Data Integrity
Post-Silicon Debug
Connectivity Register Map Checks Design Constraints
Connectivity
Register Map Checks
Design Constraints
Assertion Generation Reset and X-States Improve Coverage Automatic Checks CDC Verification
Assertion Generation
Reset and X-States
Improve Coverage
Automatic Checks
CDC Verification
  • 20 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Automatic Checks: CoverCheck

Easy-to-use predefined checks for common problems

  • “Push-button” functional verification for checks such as:

Initialization Checks - Uninitialized registers - X propagation/reachability Functional Issue Checks - Combinational loops - Arithmetic
Initialization Checks
-
Uninitialized registers
-
X propagation/reachability
Functional Issue Checks
-
Combinational loops
-
Arithmetic checks
-
Bus checks
-
Coverage Reachability Checks
-
Statement
-
Branch
-
Condition
-
Expression
-
FSM
-
Toggle
-
Covergroups (New in 10.3)
  • 21 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

Verilog, Verilog, VHDL, VHDL, SystemVerilog SystemVerilog
Verilog,
Verilog,
VHDL,
VHDL,
SystemVerilog
SystemVerilog

RTL

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Automatic Checks: CoverCheck

Easy-to-use predefined checks for common problems

  • “Push-button” functional verification for checks such as:

Automatic Checks: CoverCheck Easy-to-use predefined checks for common problems  “Push-button” functional verification for checks such
Initialization Checks RTL - Uninitialized registers - X propagation/reachability Functional Issue Checks - Combinational loops Verilog,
Initialization Checks
RTL
-
Uninitialized registers
-
X propagation/reachability
Functional Issue Checks
-
Combinational loops
Verilog,
Verilog,
VHDL,
VHDL,
-
Arithmetic checks
SystemVerilog
SystemVerilog
-
Bus checks
-
Coverage Reachability Checks
-
Statement
No testbench
No assertions
No constraints (initially)
-
Branch
• Assumptions optional
-
Condition
-
Expression
-
FSM
-
Toggle
-
Covergroups (New in 10.3)

Synthesized

Netlist

Automatic Checks: CoverCheck Easy-to-use predefined checks for common problems  “Push-button” functional verification for checks such

Formal

Netlist

Includes design functionality, design configurations, operating conditions, and initialization sequence

© 2014 Mentor Graphics Corp.

Company Confidential

  • 21 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

www.mentor.com

Coverage Metrics

  • Basic: Code/FSM/Assertion Coverage

— Checks that all RTL has been exercised

— Checks that all assertions have been exercised

  • Semi-automated: Transaction/Structural Coverage

— Checks that all types of transactions have occurred

— Ensures that the tests have sufficiently stressed the design

  • Advanced: Functional Coverage

— Checks that all requirements for the design have been tested

— Does the design work in all scenarios?

  • All of these coverage types are measured and tracked to determine when verification is complete and the chip is

ready to tape out or go into the lab

  • 22 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Coverage Metric Holes

  • Code/FSM/Assertion Coverage

— Functional dead code and unreachable FSM states/transitions

— Unreachable covergroup bins

— Modes of the design that create dead code

Time can be wasted trying to hit these holes!

  • Transaction/Structural Coverage

— Testbench doesn’t stress the design enough

— Incomplete functional models don’t exercise all transactions

  • Functional Coverage

— Incomplete specification or planning; lack of knowledge or time

  • Proper test planning can mitigate these challenges

  • Making use of static verification techniques such as Questa CoverCheck can minimize time to closure

  • 23 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Code Coverage: Statement (s)

  • Counts the execution of each statement on a line

— Even if multiple statements

  • Example:

always @(posedge clk or negedge rstn)

reg <= dat;

C <= A && B;

  • Report style based on number of Statements

Enabled Coverage

Active

Hits

Misses

----------------

------

----

------

% Covered ---------

Stmts

415

387

28

93.2

  • 24 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Code Coverage: Statement (s)

  • Counts the execution of each statement on a line

— Even if multiple statements

  • Example:

always @(posedge clk or negedge rstn)

Code Coverage: Statement (s)  Counts the execution of each statement on a line — Even

reg <= dat;

C <= A && B;

Count the statements and the number of times each one is hit
Count the statements
and the number of
times each one is hit
  • Report style based on number of Statements

Enabled Coverage

Active

Hits

Misses

----------------

------

----

------

% Covered ---------

Stmts

415

387

28

93.2

  • 24 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Code Coverage: Branch (b)

  • Counts the execution of each conditional “if/then/else” and case statement

— All true and false branches are considered

— Each (if/else if/else | case) element counts as a branch

  • Example (if statement): if (!rstn)

q <= 1’b0;

else

q <= d;

  • Report style based on number of branches

Enabled Coverage

Active

Hits

----------------

------

----

Misses % Covered ------ ---------

Branches

47

45

2

95.7

  • 25 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Code Coverage: Branch (b)

  • Counts the execution of each conditional “if/then/else” and case statement

— All true and false branches are considered

— Each (if/else if/else | case) element counts as a branch

  • Example (if statement): if (!rstn)

q <= 1’b0;

else

q <= d;

Code Coverage: Branch (b)  Counts the execution of each conditional “if/then/else” and case statement —
Code Coverage: Branch (b)  Counts the execution of each conditional “if/then/else” and case statement —
Count total coming into if statement, count times each branch taken
Count total coming
into if statement,
count times each
branch taken
  • Report style based on number of branches

Enabled Coverage

Active

Hits

----------------

------

----

Misses % Covered ------ ---------

Branches

47

45

2

95.7

  • 25 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Code Coverage: Condition (c)

  • Analyzes decisions made in “if” and ternary statements

— Considered an extension of branch coverage

  • Example: if (ce && we)

1

0/1

  • Report style based on Focused Expression Coverage

Enabled Coverage

Active

Hits Misses

----

% Covered

----------------

------

------

---------

FEC Condition Terms

16

13

3

81.2

  • 26 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Code Coverage: Condition (c)

  • Analyzes decisions made in “if” and ternary statements

— Considered an extension of branch coverage

All FEC conditions must be hit: ce = 0,1; we = 0,1
All FEC conditions
must be hit:
ce = 0,1; we = 0,1
  • Example: if (ce && we)

1

0/1

ce is uncovered: Never hit 0
ce is uncovered:
Never hit 0
  • Report style based on Focused Expression Coverage

Enabled Coverage

Active

Hits Misses

----

% Covered

----------------

------

------

---------

FEC Condition Terms

16

13

3

81.2

  • 26 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Code Coverage: Expression (e)

  • Analyzes expressions on the right hand side of an assignment

  • Example:

wire C = A && B

1

0/1

  • Report style based on Focused Expression Coverage

Enabled Coverage

Active

Hits Misses

----

% Covered

----------------

------

------

---------

FEC Condition Terms

25

14

11

56.0

  • 27 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Code Coverage: Expression (e)

  • Analyzes expressions on the right hand side of an assignment

  • Example:

wire C = A && B

1

0/1

All FEC conditions must be hit: A = 0,1; B = 0,1
All FEC conditions
must be hit:
A = 0,1; B = 0,1
A is uncovered: Never hit 0
A is uncovered:
Never hit 0
  • Report style based on Focused Expression Coverage

Enabled Coverage

Active

Hits Misses

----

% Covered

----------------

------

------

---------

FEC Condition Terms

25

14

11

56.0

  • 27 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Code Coverage: Toggle (t)

  • Counts each time a logic node transitions from one state to another

  • Example:

reg FF_A;

always @(posedge clk)

FF_A <= din;

  • Report style based on Toggle Bins

Enabled Coverage

Active

Hits Misses

----

% Covered

----------------

------

------

---------

Toggle Bins

356

351

5

98.5

  • 28 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Code Coverage: Toggle (t)

  • Counts each time a logic node transitions from one state to another

  • Example:

reg FF_A;

always @(posedge clk)

FF_A <= din;

To be covered, FF_A must toggle: 0 to 1 and 1 to 0 bin bin
To be covered,
FF_A must toggle:
0
to 1
and
1 to 0
bin
bin
  • Report style based on Toggle Bins

Enabled Coverage

Active

Hits Misses

------

% Covered

----------------

------

----

---------

Toggle Bins

356

351

5

98.5

  • 28 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Code Coverage: FSM (f)

  • Counts the states and transitions of each FSM

  • Example:

FSM States: S1; S2; S3

FSM Transitions: S1 S1; S1 S2;

S2 S3; S2 S1; S3 S1

  • Report style based on FSM States and Transitions

Enabled Coverage

Active

Hits Misses

------

% Covered

----------------

------

----

---------

States

3

3

0

100.0

Transitions

5

4

1

80.0

  • 29 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Code Coverage: FSM (f)

  • Counts the states and transitions of each FSM

  • Example:

FSM States: S1; S2; S3

All states and transitions must be hit
All states and
transitions must be hit

FSM Transitions: S1 S1; S1 S2;

S2 S3; S2 S1; S3 S1

This transition not exercised (uncovered)
This transition not
exercised (uncovered)
  • Report style based on FSM States and Transitions

Enabled Coverage

Active

Hits Misses

------

% Covered

----------------

------

----

---------

States

3

3

0

100.0

Transitions

5

4

1

80.0

  • 29 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Typical Coverage Closure Methods

  • Fix design issues that prevent coverage from being

achieved

  • Run more vectors to hit missing coverage

— Directed tests

— Constrained-random tests

— Intelligent testbench generation (e.g., Questa inFact)

Spend a lot of time analyzing and applying new vectors

  • Add exclusions by hand

Sometimes the simulator can add automated exclusions

  • Use an automated flow to generate exclusions for coverage elements that are impossible to hit

  • 30 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Checks for Coverage Exclusions

    Coverage Model  
Coverage Model
  • 31 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Checks for Coverage Exclusions

  • Branch

— Unreachable if/else and case branches    Coverage Model  
— Unreachable if/else and case branches
Coverage Model
  • 31 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Checks for Coverage Exclusions

  • Branch

— Unreachable if/else and case branches  Condition/Expression — Unreachable FEC conditions   Coverage Model
— Unreachable if/else and case branches
Condition/Expression
— Unreachable FEC conditions
Coverage Model
  • 31 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Checks for Coverage Exclusions

  • Branch

— Unreachable if/else and case branches  Condition/Expression — Unreachable FEC conditions  Statement — Unreachable
— Unreachable if/else and case branches
Condition/Expression
— Unreachable FEC conditions
Statement
— Unreachable lines of code
Coverage Model
  • 31 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Checks for Coverage Exclusions

  • Branch

— Unreachable if/else and case branches

Checks for Coverage Exclusions  Branch — Unreachable if/else and case branches Coverage Model  Condition/Expression

Coverage Model

  • Condition/Expression

— Unreachable FEC conditions

  • Statement

— Unreachable lines of code

  • Toggle

— Unreachable register transitions

  • 31 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Checks for Coverage Exclusions

  • Branch

— Unreachable if/else and case branches

Coverage Model
Coverage Model
  • Condition/Expression

— Unreachable FEC conditions

  • Statement

— Unreachable lines of code

  • Toggle

— Unreachable register transitions

  • FSM

— Unreachable FSM states and transitions

  • 31 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Checks for Coverage Exclusions

  • Branch

— Unreachable if/else and case branches

Coverage Model
Coverage Model
  • Condition/Expression

— Unreachable FEC conditions

  • Statement

— Unreachable lines of code

  • Toggle

— Unreachable register transitions

  • FSM

— Unreachable FSM states and transitions

  • Covergroups (new in 10.3)

— Unreachable covergroup bins

  • 31 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Checks for Coverage Exclusions

  • Branch

— Unreachable if/else and case branches

Coverage Model
Coverage Model
  • Condition/Expression

— Unreachable FEC conditions

  • Statement

— Unreachable lines of code

  • Toggle

— Unreachable register transitions

  • FSM

— Unreachable FSM states and transitions

  • Covergroups (new in 10.3)

— Unreachable covergroup bins

Unreachable items are automatically excluded

from your coverage model

  • 31 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

CoverCheck Example – Statement Coverage

  • Dead code easily slips into the design

— Especially after changes are made

  • Dead code often identifies incorrect assumptions

— Can lead to critical bugs due to differing interpretation of design

requirements

  • May synthesize into logic that is not needed

  • 32 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

CoverCheck Example – Statement Coverage

  • Dead code easily slips into the design

— Especially after changes are made

  • Dead code often identifies incorrect assumptions

— Can lead to critical bugs due to differing interpretation of design

requirements

  • May synthesize into logic that is not needed

reg [1:0] R; always @* begin if (a) R = 2'b00; else if (b) R =
reg [1:0] R;
always @* begin
if (a)
R = 2'b00;
else if (b) R = 2'b01;
else
R = 2'b11;
end
R can never be 2’b10
32
Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

CoverCheck Example – Statement Coverage

  • Dead code easily slips into the design

— Especially after changes are made

  • Dead code often identifies incorrect assumptions

— Can lead to critical bugs due to differing interpretation of design

requirements

  • May synthesize into logic that is not needed

reg [1:0] R; always @* begin reg T; always @* begin if (a) R = 2'b00;
reg [1:0] R;
always @* begin
reg T;
always @* begin
if (a)
R = 2'b00;
else if (b) R = 2'b01;
T = 1'bX;
case (R)
else
R = 2'b11;
2'b00:
end
2'b01:
2'b10:
2'b11:
T = 1'b0;
T = 1'b1;
T = 1'b1;
T = 1'b0;
endcase
end
R can never be 2’b10
Hence, this statement
can never be reached
  • 32 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Questa CoverCheck: Before Simulation

Use formal analysis as a stand-alone tool to target coverage

RTL
RTL
CoverCheck
CoverCheck
Questa CoverCheck: Before Simulation Use formal analysis as a stand-alone tool to target coverage RTL CoverCheck
  • 33 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Questa CoverCheck: Before Simulation

Use formal analysis as a stand-alone tool to target coverage

RTL
RTL
CoverCheck
CoverCheck
Coverage Exclusions
Coverage Exclusions
TB Simulation Coverage Results
TB
Simulation
Coverage
Results
Questa CoverCheck: Before Simulation Use formal analysis as a stand-alone tool to target coverage RTL CoverCheck
  • 33 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Questa CoverCheck: Before Simulation

Use formal analysis as a stand-alone tool to target coverage

RTL
RTL
CoverCheck
CoverCheck
Coverage Exclusions
Coverage Exclusions
TB Simulation
TB
Simulation
Questa CoverCheck: Before Simulation Use formal analysis as a stand-alone tool to target coverage RTL CoverCheck
Questa CoverCheck: Before Simulation Use formal analysis as a stand-alone tool to target coverage RTL CoverCheck
Coverage Results
Coverage
Results
Questa CoverCheck: Before Simulation Use formal analysis as a stand-alone tool to target coverage RTL CoverCheck
  • 33 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Questa CoverCheck: Before Simulation

Use formal analysis as a stand-alone tool to target coverage

RTL
RTL
CoverCheck Coverage Exclusions
CoverCheck
Coverage Exclusions
TB Simulation
TB
Simulation
Questa CoverCheck: Before Simulation Use formal analysis as a stand-alone tool to target coverage RTL CoverCheck
Questa CoverCheck: Before Simulation Use formal analysis as a stand-alone tool to target coverage RTL CoverCheck
Coverage Results
Coverage
Results
Questa CoverCheck: Before Simulation Use formal analysis as a stand-alone tool to target coverage RTL CoverCheck

This flow can be inefficient

because all coverage items

in the RTL code are targeted

by CoverCheck, which is

computationally expensive

  • 33 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Questa CoverCheck: After Simulation

Use formal analysis to improve simulation results

RTL Simulation TB
RTL
Simulation
TB
Questa CoverCheck: After Simulation Use formal analysis to improve simulation results RTL Simulation TB 34 Rockwell
  • 34 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Questa CoverCheck: After Simulation

Use formal analysis to improve simulation results

RTL Simulation TB Coverage Results
RTL
Simulation
TB
Coverage
Results
Questa CoverCheck: After Simulation Use formal analysis to improve simulation results RTL Simulation TB Coverage Results
  • 34 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Questa CoverCheck: After Simulation

Use formal analysis to improve simulation results

RTL Simulation TB Coverage Results CoverCheck
RTL
Simulation
TB
Coverage
Results
CoverCheck
  • 34 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Questa CoverCheck: After Simulation

Use formal analysis to improve simulation results

RTL Simulation TB Coverage Results Coverage Exclusions CoverCheck
RTL
Simulation
TB
Coverage
Results
Coverage Exclusions
CoverCheck
  • 34 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Questa CoverCheck: After Simulation

Use formal analysis to improve simulation results

RTL Simulation TB Coverage Results Coverage Exclusions CoverCheck
RTL
Simulation
TB
Coverage
Results
Coverage Exclusions
CoverCheck

This flow is optimal because

only the coverage items that

were not hit in simulation

are targeted by CoverCheck

Questa CoverCheck: After Simulation Use formal analysis to improve simulation results RTL Simulation TB Coverage Results

© 2014 Mentor Graphics Corp.

Company Confidential

  • 34 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

www.mentor.com

CoverCheck Results in qverify GUI

CoverCheck Results in qverify GUI 35 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies ©
  • 35 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

CoverCheck Results in qverify GUI

Unreachable FSM state Double-click or RMB, Show  FSM to visualize © 2014 Mentor Graphics Corp.
Unreachable FSM state
Double-click or RMB, Show  FSM to
visualize
© 2014 Mentor Graphics Corp.
Company Confidential
  • 35 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

www.mentor.com

CoverCheck Results: Covergroups

CoverCheck Results: Covergroups 36 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies © 2014 Mentor
  • 36 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

CoverCheck Results: Covergroups

Covergroup results in separate tab
Covergroup results in separate tab
  • 36 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Example: Generated Exclusion File

  • ex.do

# # Generated Exclusion File # coverage exclude -du work.pci_wb_slave -srcfile /project/design/rtl/vlog/pci_wb_slave.v -linerange 757 -item s 1 -comment "CoverCheck:Statement" coverage exclude -du work.pci_wb_slave_unit -srcfile project/design/rtl/vlog/pci_wb_slave_unit.v -fecexprrow 703 2 -item 1 -comment "CoverCheck:Expression" coverage exclude -du work.pci_wb_slave -srcfile /project/design/rtl/vlog/pci_wb_slave.v -feccondrow 886 1 -item 1 -comment "CoverCheck:Condition"

coverage exclude -du work.pci_conf_space -togglenode pci_ba0_bit31_12\[12\] -trans 10 -comment "CoverCheck:Toggle" coverage exclude -du work.pci_wb_slave -fstate c_state S_CONF_READ -comment "CoverCheck:FSM"

coverage exclude -cvgpath {/SYSTEM/bridge32_top/bridge/i_pci_target_unit/ -comment "CoverCheck:Coverbin"

...

/cp/auto[0]}

...

  • 37 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Example: Generated Exclusion File

  • ex.do

# # Generated Exclusion File # coverage exclude -du work.pci_wb_slave -srcfile /project/design/rtl/vlog/pci_wb_slave.v -linerange 757 -item s 1 -comment "CoverCheck:Statement" coverage exclude -du work.pci_wb_slave_unit -srcfile project/design/rtl/vlog/pci_wb_slave_unit.v -fecexprrow 703 2 -item 1 -comment "CoverCheck:Expression" coverage exclude -du work.pci_wb_slave -srcfile /project/design/rtl/vlog/pci_wb_slave.v -feccondrow 886 1 -item 1 -comment "CoverCheck:Condition"

coverage exclude -du work.pci_conf_space -togglenode pci_ba0_bit31_12\[12\] -trans 10 -comment "CoverCheck:Toggle"

coverage exclude -du work.pci_wb_slave -fstate c_state S_CONF_READ -comment "CoverCheck:FSM"

New in 10.3
New in 10.3

coverage exclude -cvgpath {/SYSTEM/bridge32_top/bridge/i_pci_target_unit/ -comment "CoverCheck:Coverbin"

...

/cp/auto[0]}

...

  • 37 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Exclude Coverage After Simulation

  • Simulation has been previously run and a sim.ucdb exists

  • Apply the exclude file to the UCDB with vsim

— Read in the old .ucdb, apply the exclusions, write out a new .ucdb

  • Example: > vsim -c -viewcov sim.ucdb \

-do “do ex.do; \

coverage save sim_w_excludes.ucdb; exit”

  • 38 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Exclude Coverage After Simulation

  • Simulation has been previously run and a sim.ucdb exists

  • Apply the exclude file to the UCDB with vsim

— Read in the old .ucdb, apply the exclusions, write out a new .ucdb

  • Example: > vsim -c -viewcov sim.ucdb \

-do “do ex.do; \

Apply the exclusions
Apply the exclusions

coverage save sim_w_excludes.ucdb; exit”

  • 38 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Simulation Coverage Before/After Exclusions

Coverage Report Summary by design unit:

Design Unit: work.pci_target32_sm

Enabled Coverage

Active

Hits

----------------

------

----

Misses % Covered ------ ---------

Stmts

98

93

5

94.8

Branches

22

21

1

95.4

FEC Condition Terms

0

0

0

100.0

FEC Expression Terms

186

57

129

30.6

FSMs

90.0

States

3

3

0

100.0

Transitions

5

4

1

80.0

Toggle Bins

106

76

30

71.6

Original Run
Original Run

TOTAL COVERGROUP COVERAGE: 43.7% COVERGROUP TYPES: 4 Total Coverage By Design Unit (filtered view): 46.7%

Design Unit: work.pci_target32_sm

Enabled Coverage

Active

Hits

----------------

------

----

Misses % Covered ------ ---------

Stmts

93

93

0

100.0

Branches

21

21

0

100.0

FEC Condition Terms

0

0

0

100.0

FEC Expression Terms

186

58

128

31.1

FSMs

90.0

States

3

3

0

100.0

Transitions

5

4

1

80.0

Toggle Bins

106

76

30

71.6

With exclusions
With exclusions

TOTAL COVERGROUP COVERAGE: 59.8% COVERGROUP TYPES: 4 Total Coverage By Design Unit (filtered view): 51.3%

  • 39 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

CoverCheck Success at Rockwell Collins

  • CoverCheck was evaluated and purchased last year

— This purchase was outside the normal contract renewal cycle

— CoverCheck was new in 2013, not part of the old Questa Formal

  • First design used for evaluation was not an ideal application

— In-house design; had gone through requirements-based

verification, so “code coverage misses were very small”

– Only 3 unreachable coverage items were found

  • Evaluation on third-party IP was dramatically more successful

— Not all functions of DDR3 and PCIe IP blocks are used

– Some inputs tied to 0/1; some registers set to fixed values

— Code coverage was only 55% when CoverCheck was first used

– 6% improvement within hours (vs. 2 weeks using manual exclusions) – Thousands of exclusions generated within days (vs. months)

  • CoverCheck is ideally suited for some designs

— Is your design one of them?

  • 40 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Questa CoverCheck Benefits

Schedule • Save project time that would have been spent manually reviewing the coverage holes predictability
Schedule
• Save project time that would have been spent manually
reviewing the coverage holes
predictability
Improved • Automatically eliminate code that was never meant to be exercised metrics • Tune measurement
Improved
• Automatically eliminate code that was never meant to be
exercised
metrics
• Tune measurement to the relevant modes of operation
Improved design quality • Witness waveforms eliminate danger of ignoring coverage holes that are reachable •
Improved
design quality
• Witness waveforms eliminate danger of ignoring
coverage holes that are reachable
• Complexity measurement guides design for verification
Elimination of waiver rot • Manually generated waivers have to be maintained as the code changes
Elimination of
waiver rot
• Manually generated waivers have to be maintained as
the code changes
  • 41 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Agenda

  • Questa AutoCheck

Automatic formal checks for common design issues

  • Questa CoverCheck

Formal analysis to improve code coverage

Also targets SVA covergroups (new in 10.3 release)

  • Connectivity Checking with Questa Formal

— Exhaustive validation of SoC connectivity

  • 42 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

Questa Formal-based Technologies

A full range of formal solutions

Higher Property Effort Checking Automated Applications Fully Automatic Low Effort
Higher
Property
Effort
Checking
Automated
Applications
Fully
Automatic
Low
Effort
I/F Protocols Control Logic Data Integrity Post-Silicon Debug
I/F Protocols
Control Logic
Data Integrity
Post-Silicon Debug
Connectivity Register Map Checks Design Constraints
Connectivity
Register Map Checks
Design Constraints
Assertion Generation Reset and X-States Improve Coverage Automatic Checks CDC Verification
Assertion Generation
Reset and X-States
Improve Coverage
Automatic Checks
CDC Verification
  • 43 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

SoC Connectivity Validation

PHY PHY PHY PHY Custom CPU USB Ethernet Protocol Core Master IF SlaveIF Master IF Master
PHY
PHY
PHY
PHY
Custom
CPU
USB
Ethernet
Protocol
Core
Master IF
SlaveIF
Master IF
Master IF
Slave IF
Arbiter
AMBA AHB/AXI
Sub
Sub
Master IF
Master IF
Bridge
Bridge
Clock
Clock
Domain
Domain
Memory
CPU
AMBA APB
DMA
PCI
Express
Slave IF
Slave IF
Main Clock Domain
PHY
UART
GPIO
  • 44 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

SoC Connectivity Validation

Application • Pin-constrained I/O pad muxing • On-chip bus connectivity
Application
• Pin-constrained I/O pad muxing
• On-chip bus connectivity
Objective • Check bus and I/O pad connections • Check all modes of operation
Objective
• Check bus and I/O pad connections
• Check all modes of operation
Challenge • 100s to 1000s of connections • Tedious to check in simulation
Challenge
• 100s to 1000s of connections
• Tedious to check in simulation
Benefit of Formal • Considers all modes of operation • Able to catch corner-case scenarios Approach
Benefit of
Formal
• Considers all modes of operation
• Able to catch corner-case scenarios
Approach
PHY PHY PHY PHY Custom CPU USB Ethernet Protocol Core Master IF SlaveIF Master IF Master
PHY
PHY
PHY
PHY
Custom
CPU
USB
Ethernet
Protocol
Core
Master IF
SlaveIF
Master IF
Master IF
Slave IF
Arbiter
AMBA AHB/AXI
Sub
Sub
Master IF
Master IF
Bridge
Bridge
Clock
Clock
Domain
Domain
Memory
CPU
AMBA APB
DMA
PCI
Express
Slave IF
Slave IF
Main Clock Domain
PHY
UART
GPIO
SoC Connectivity Validation Application • Pin-constrained I/O pad muxing • On-chip bus connectivity Objective • Check
  • 44 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

SoC Connectivity Validation

Application • Pin-constrained I/O pad muxing • On-chip bus connectivity
Application
• Pin-constrained I/O pad muxing
• On-chip bus connectivity
Objective • Check bus and I/O pad connections • Check all modes of operation
Objective
• Check bus and I/O pad connections
• Check all modes of operation
Challenge • 100s to 1000s of connections • Tedious to check in simulation
Challenge
• 100s to 1000s of connections
• Tedious to check in simulation
Benefit of Formal • Considers all modes of operation • Able to catch corner-case scenarios Approach
Benefit of
Formal
• Considers all modes of operation
• Able to catch corner-case scenarios
Approach
PHY PHY PHY PHY Custom CPU USB Ethernet Protocol Core Master IF SlaveIF Master IF Master
PHY
PHY
PHY
PHY
Custom
CPU
USB
Ethernet
Protocol
Core
Master IF
SlaveIF
Master IF
Master IF
Slave IF
Arbiter
AMBA AHB/AXI
Sub
Sub
Master IF
Master IF
Bridge
Bridge
Clock
Clock
Domain
Domain
Memory
CPU
AMBA APB
DMA
PCI
Express
Slave IF
Slave IF
Main Clock Domain
PHY
UART
GPIO
SoC Connectivity Validation Application • Pin-constrained I/O pad muxing • On-chip bus connectivity Objective • Check
  • 44 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

© 2014 Mentor Graphics Corp.

www.mentor.com

Company Confidential

SoC Connectivity Validation

Application • Pin-constrained I/O pad muxing • On-chip bus connectivity
Application
• Pin-constrained I/O pad muxing
• On-chip bus connectivity
Objective • Check bus and I/O pad connections • Check all modes of operation
Objective
• Check bus and I/O pad connections
• Check all modes of operation