2010 bristol q1_hybrid-formal-coverage

280 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
280
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

2010 bristol q1_hybrid-formal-coverage

  1. 1. Hybrid-Formal Coverage Convergence Dan Benua Synopsys Verification Group January 18, 2010 1
  2. 2. Abstract •  Formal and Hybrid methods typically employed in property checking can also be leveraged to attack coverage convergence problems. •  The Synopsys Magellan hybrid-formal tool has supported coverage convergence on production designs for several years. •  This talk will briefly review the technology and methodology considerations for this application. •  Hybrid formal technology is distinct from the automation of stimulus coverage closure used in simulation. (e.g. “Echo” feature in VCS) 2
  3. 3. Agenda •  Coverage Convergence & FPV •  The Problem of Constraints •  Handling Capacity Issues •  Hybrid-Formal Coverage Methodology •  Benefits & Limitations •  Future Directions 3
  4. 4. Traditional Coverage Convergence Methodology 100% Directed tests coverage (manual effort) Constraint Random tests Time 4
  5. 5. Improving Convergence with Hybrid-Formal Techniques 100% Unreachable Targets 100% Formal Coverage Convergence Directed tests coverage (manual effort) Constraint Random tests Time 5
  6. 6. Finding Paths Through the State Space of the DUV & Environment •  Formal Analysis of Safety Properties – For each assertion: •  “Does a legal path exist from a reset state to a property failure state?” •  Coverage Closure – For each coverage target: •  “Does a legal path exist from a reset state to a state satisfying the coverage target?” 6
  7. 7. State Space View DUV + Env State Space Target State If no path exists, target state is “Unreachable” Initial State 7
  8. 8. Formal method coverage closure: Challenges •  Formal vs. Simulation environment –  Behavioural models not synthesizable –  Declarative vs Procedural representation –  cycle vs event semantics •  Capacity Issues –  Number of Coverage Targets •  Functional (Covergroups, Cover Properties) •  Structural (line, condition, FSM, toggle…) –  Trace Depth •  Number of cycles from an initial state to a goal state reaching each coverage target System level test environments … 1.  ontain abstractions which can’t be synthesized into Finite state C automata needed by pure formal solutions. 2.  ften exceed model-checking algorithm capacity. O 8
  9. 9. What is Hybrid Search? •  Finds paths to goal states that consist of some random simulation cycles and some cycles calculated by formal engines. •  Sacrifices exhaustive search in exchange for better capacity and performance. 9
  10. 10. Hybrid Search Illustrated DUV + Env State Space Target State Hybrid Trace: Dynamic + Formal Initial State 10
  11. 11. Methodology Fit •  Block Level – < 10M gates, < 100K Coverage targets – Unreachable analysis can handle larger circuits (w/ approximation) •  Synthesizable DUT – With extensions, E.g. SVA, XMR, Monitors •  Formal-compatible constraints – SVA /PSL+ RTL modeling code – Constraint solver for stimulus generation – Good leverage with FPV flow 11
  12. 12. Practical Implementation of Hybrid- Formal Coverage Convergence 1.  Tool instruments design to select desired functional and structural coverage targets. 2.  Run unreachability analysis without constraints to detect “uncoverable” targets. 3.  Create and validate formal-compatible constraint environment. 4.  Run constrained random simulation to hit “easy” coverage targets 5.  Run hybrid search algorithm to find remaining “hard” reachable coverage targets 6.  Merge coverage results from “hard”, “easy”, and “uncoverable” runs. 12
  13. 13. Benefits of Hybrid Convergence •  Automated convergence, within the limits of tool capacity •  No conventional testbench required, but testbench monitors may be reused •  Coverage metrics measured in familiar simulation context •  Easy to parallelize on server farms 13
  14. 14. Limitations •  Non-exhaustive, some targets may remain “uncovered” •  Uses cycle-based semantics •  Large compute resource requirements and potentially long runtimes •  Requires caution when merging coverage from distinct environments 14
  15. 15. The Future •  More flow automation for hybrid solutions •  Multi-core, multi-processor servers for performance/capacity increases •  Standardization of coverage databases, including formal (Accellera UCIS Technical Committee) •  Continued research on testbench-based coverage closure automation 15
  16. 16. Conclusion •  Hybrid-Formal techniques address a sub- set of the general problem of coverage closure •  Multiple users are seeing benefits from this technology when combined with FPV and conventional CR testbench methods 16
  17. 17. Q&A 17

×