CSE 497A Spring 2002 Functional Verification Lecture 2/3 Vijaykrishnan Narayanan - PowerPoint PPT Presentation

About This Presentation

CSE 497A Spring 2002 Functional Verification Lecture 2/3 Vijaykrishnan Narayanan


CSE 497A Spring 2002 Functional Verification Lecture 2/3 Vijaykrishnan Narayanan Course Administration Instructor Vijay Narayanan (vijay_at_cse.psu.edu ... – PowerPoint PPT presentation

Number of Views:319
Avg rating:3.0/5.0
Slides: 124
Provided by: kaat60
Learn more at: https://www.cse.psu.edu


Transcript and Presenter's Notes

Title: CSE 497A Spring 2002 Functional Verification Lecture 2/3 Vijaykrishnan Narayanan

CSE 497ASpring 2002Functional
VerificationLecture 2/3Vijaykrishnan Narayanan
Course Administration
  • Instructor Vijay Narayanan (vijay_at_cse.psu.
  • 229 Pond Lab
  • Office Hours T
    1000-1100 W 100-215
  • Tool Support Jooheung Lee (joolee_at_cse.psu.edu)
  • TA TBA
  • Laboratory 101 Pond Lab
  • Materials www.cse.psu.edu/vijay/verify/
  • Texts
  • J. Bergeron. Writing Testbenches Functional
    Verification of HDL Models. Kluwer Academic
  • Class notes - on the web

  • Grade breakdown
  • Midterm Exam 20
  • Final Exam 25
  • Verification Projects (4) 40
  • Homework (3) 15
  • No late homeworks/project reports will be
  • Grades will be posted on course home page
  • Written/email request for changes to grades
  • April 25 deadline to correct scores

  • Secret of Verification
  • (Verification Mindset)

  • The Art of Verification
  • Two simple questions
  • Am I driving all possible input scenarios?
  • How will I know when it fails?

Three Simulation Commandments
Thou shalt not move onto a higher platform until
the bug rate has dropped off
  • Thou shalt stress thine logic harder than it will
    ever be stressed again

Thou shalt place checking upon all things
  • General Simulation Environment

Compiler (not always required)
C/C HDL Testbenches Specman e Synopsis' VERA
Event simulator Cycle simulator Emulator
Initialization Run-time requirements
Testcase results
Event Simulation compiler Cycle simulation
compiler .... Emulator Compiler
VHDL Verilog
Logic Designer
Environment Developer
Verification Engineer
  • Transfer Testcase

Model Builder
Project Manager
  • Some lingo
  • Facilities a general term for named wires (or
    signals) and latches. Facilities feed gates
    (and/or/nand/nor/invert, etc) which feed other
  • EDA Engineering Design Automation--Tool vendors.

  • More lingo
  • Behavioral Code written to perform the function
    of logic on the interface of the
  • Macro 1. A behavioral 2. A piece of logic
  • Driver Code written to manipulate the inputs of
    the design-under-test. The driver understands
    the interface protocols.
  • Checker Code written to verify the outputs of
    the design-under-test. A checker may have some
    knowledge of what the driver has done. A check
    must also verify interface protocol compliance.

  • Still more lingo
  • Snoop/Monitor Code that watches interfaces or
    internal signals to help the checkers perform
    correctly. Also used to help drivers be more
  • Architecture Design criteria as seen by the
    customer. The design's architecture is specified
    in documents (e.g. POPS, Book 4, Infiniband,
    etc), and the design must be compliant with this
  • Microarchitecture The design's implementation.
    Microarchitecture refers to the constructs that
    are used in the design, such as pipelines,
    caches, etc.
  • Escape An error that appears in test floor
    escaping verification

  • Typical Verification diagram

Coverage Data
  • Verification Cycle

Develop environment
Create Testplan
Debug hardware
Escape Analysis
Hardware debug
  • Verification Testplan
  • Team leaders work with design leaders to create a
    verification testplan. The testplan includes
  • Schedule
  • Specific tests and methods by simulation level
  • Required tools
  • Input criteria
  • Completion criteria
  • What is expected to be found with each test/level
  • What's not covered by each test/level

Verification is a process used to demonstrate the
functional correctness of a design. Also called
logic verification or simulation.
Reconvergence Model
  • Conceptual representation of the verification
  • Most important question
  • What are you verifying?

What is a testbench?
  • A testbench usually refers to the code used to
    create a pre-determined input sequence to a
    design, then optionally observe the response.
  • Generic term used differently across industry
  • Always refers to a testcase
  • Most commonly (and appropriately), a testbench
    refers to code written (VHDL, Verilog, etc) at
    the top level of the hierarchy. The testbench is
    often simple, but may have some elements of
  • Completely closed system
  • No inputs or outputs
  • effectively a model of the universe as far as the
    design is concerned.
  • Verification challenge
  • What input patterns to supply to the Design Under
    Verification and what is expected for the output
    for a properly working design

  • Show Multiplexer Testbench

Importance of Verification
  • Most books focus on syntax, semantics and RTL
  • Given the amount of literature on writing
    synthesizeable code vs.. writing verification
    testbenches, one would think that the former is a
    more daunting task. Experience proves otherwise.
  • 70 of design effort goes to verification
  • Properly staffed design teams have dedicated
    verification engineers.
  • Verification Engineers usually outweigh designers
  • 80 of all written code is in the verification

  • The Line Delete Escape
  • Escape A problem that is found on the test
    floor and therefore has escaped the verification
  • The Line Delete escape was a problem on the H2
  • S/390 Bipolar, 1991
  • Escape shows example of how a verification
    engineer needs to think

  • The Line Delete Escape
  • (pg 2)
  • Line Delete is a method of circumventing bad
    cells of a large memory array or cache array
  • An array mapping allows for removal of defective
    cells for usable space

  • The Line Delete Escape
  • (pg 3)

If a line in an array has multiple bad bits (a
single bit usually goes unnoticed due to
ECC-error correction codes), the line can be
taken "out of service". In the array pictured,
row 05 has a bad congruence class entry.
  • The Line Delete Escape
  • (pg 4)

Data enters ECC creation logic prior to storage
into the array. When read out, the ECC logic
corrects single bit errors and tags Uncorrectable
Errors (UEs), and increments a counter
corresponding to the row and congruence class.
  • The Line Delete Escape
  • (pg 5)

Data in
When a preset threshhold of UEs are detected from
a array cell, the service controller is informed
that a line delete operation is needed.
Data out
  • The Line Delete Escape
  • (pg 6)

The Service controller can update the
configuration registers, ordering a line delete
to occur. When the configuration registers are
written, the line delete controls are engaged and
writes to row 5, congruence class 'C'
cease. However, because three other cells remain
good in this congruence class, the sole
repercussion of the line delete is a slight
decline in performance.
  • The Line Delete Escape
  • (pg 7)

How would we test this logic? What must occur in
the testcase? What checking must we implement?
Data out
Verification is on critical path
Want to minimize Verification Time!
Ways to reduce verification time
  • Verification can be reduced through
  • Parallelism Add more resources
  • Abstraction Higher level of abstraction (i.e. C
    vs.. Assembly)
  • Beware though this means a reduction in control
  • Automation Tools to automate standard processes
  • Requires standard processes
  • Not all processes can be automated

  • Hierarchical Design

Allows design team to break system down into
logical and comprehendable components. Also
allows for repeatable components.
  • Hierarchical design
  • Only lowest level macros contain latches and
    combinatorial logic (gates)
  • Work gets done at these levels
  • All upper layers contain wiring connections only
  • Off chip connections are C4 pins

  • Current Practices for Verifying a System
  • Designer Level sim
  • Verification of a macro (or a few small macros)
  • Unit Level sim
  • Verification of a group of macros
  • Element Level sim
  • Verification of a entire logical function such as
    a processor, storage controller or I/O control
  • Currently synonomous with a chip
  • System Level sim
  • Multiple chip verification
  • Often utilizes a mini operating system

Ways to reduce verification time
  • Verification can be reduced through
  • Parallelism Add more resources
  • Abstraction Higher level of abstraction (i.e. C
    vs.. Assembly)
  • Beware though this means a reduction in
    control/additional training
  • Vera, e are examples of verification languages
  • Automation Tools to automate standard processes
  • Requires standard processes
  • Not all processes can be automated

Human Factor in Verification Process
  • An individual (or group of individuals) must
    interpret specification and transform into
    correct function.

RTL Coding
Interpre- tation
  • Need for Independent Verification
  • The verification engineer should not be an
    individual who participated in logic design of
    the DUT
  • Blinders If a designer didn't think of a
    failing scenario when creating the logic, how
    will he/she create a test for that case?
  • However, a designer should do some verification
    on his/her design before exposing it to the
    verification team
  • Independent Verification Engineer needs to
    understand the intended function and the
    interface protocols, but not necessarily the

  • Verification Do's and Don'ts
  • DO
  • Talk to designers about the function and
    understand the design first, but then
  • Try to think of situations the designer might
    have missed
  • Focus on exotic scenarios and situations
  • e.g try to fill all queues while the design is
    done in a way to avoid any buffer full conditions
  • Focus on multiple events at the same time

  • Verification Do's and Don'ts (continued)
  • Try everything that is not explicitly forbidden
  • Spend time thinking about all the pieces that you
    need to verify
  • Talk to "other" designers about the signals that
    interface to your design-under-test
  • Don't
  • Rely on the designer's word for input/output
  • Allow RIT Criteria to bend for sake of schedule

Ways to reduce human-introduced errors
  • Automation
  • Take human intervention out of the process
  • Poka-Yoka
  • Make human intervention fool-proof
  • Redundancy
  • Have two individuals (or groups) check each
    others work

  • Obvious way to eliminate human-introduced errors
    take the human out.
  • Good in concept
  • Reality dictates that this is not feasible
  • Processes are not defined well enough
  • Processes require human ingenuity and creativity

  • Term coined in Total Quality Management circles
  • Means to mistake-proof the human intervention
  • Typically the last step in complete automation
  • Same pitfalls as automation verification
    remains an art, it does not yield itself to
    well-defined steps.

  • Duplicate every transformation
  • Every transformation made by a human is either
  • Verified by another individual
  • Two complete and separate transformations are
    performed with each outcome compared to verify
    that both produced the same or equivalent result
  • Simplest
  • Most costly, but still cheaper than redesign and
    replacement of a defective product
  • Designer should NOT be in charge of verification!

What is being verified?
  • Choosing a common origin and reconvergence points
    determines what is being verified and what type
    of method to use.
  • Following types of verification all have
    different origin and reconvergence points
  • Formal Verification
  • Model Checking
  • Functional Verification
  • Testbench Generators

Formal Verification
  • Once the end points of formal verification
    reconvergence paths are understood, then you know
    exactly what is being verified.
  • 2 Types of Formal
  • Equivalence
  • Model Checking

Equivalence Checking
  • Compares two models to see if equivalence
  • Netlists before and after modifications
  • Netlist and RTL code (verify synthesis)
  • RTL and RTL (HDL modificiations)
  • Post Synthesis Gates to Post PD Gates
  • Adding of scan latches, clock tree buffers
  • Proves mathematically that the origin and output
    are logically equivalent
  • Compares boolean and sequential logic functions,
    not mapping of the functions to a specific
  • Why do verification of an automated synthesis

Equivalence Reconvergence Model
Model Checking
  • Form of formal verification
  • Characteristics of a design are formally proven
    or disproved
  • Find unreachable states of a state machine
  • If deadlock conditions will occur
  • Example If ALE will be asserted, either DTACK or
    ABORT signal will be asserted
  • Looks for generic problems or violations of user
    defined rules about the behavior of the design
  • Knowing which assertions to prove is the major

Steps in Model Checking
  • Model the system implementation using a finite
    state machine
  • The desired behavior as a set of temporal-logic
  • Model checking algorithm scans all possible
    states and execution paths in an attempt to find
    a counter-example to the formulas
  • Check these rules
  • Prove that all states are reachable
  • Prove the absence of deadlocks
  • Unlike simulation-based verification, no test
    cases are required

Problems with Model Checking
  • Automatic verification becomes hard with
    increasing number of states
  • 10100 states (larger than number of protons in
    the universe) but still does not go far beyond
    300 bits of state variables.
  • Absurdly small for millions of transistors in
    current microprocessors
  • Symbolic model checking explores a larger set of
    states concurrently.
  • IBM Rulebase (Feb 7) is a symbolic Model Checking

Model Checking Reconvergence Model
Model Checking
Functional Verification
  • Verifies design intent
  • Without, one must trust that the transformation
    of a specification to RTL was performed correctly
  • Prove presence of bugs, but cannot prove their

Functional Reconvergence Model
Functional Verification
Testbench Generators
  • Tool to generate stimulus to exercise code or
    expose bugs
  • Designer input is still required
  • RTL code is the origin and there is no
    reconvergence point
  • Verification engineer is left to determine if the
    testbench applies valid stimulus
  • If used with parameters, can control the
    generator in order to focus the testbenches on
    more specific scenarios

Testbench Generation Reconvergence Model
Code Coverage/Proof
Testbench Generation
Functional Verification Approaches
  • Black-Box Approach
  • White-Box Approach
  • Grey-Box Approach

  • The black box has inputs, outputs, and performs
    some function.
  • The function may be well documented...or not.
  • To verify a black box, you need to understand
    the function and be able to predict the outputs
    based on the inputs.
  • The black box can be a full system, a chip, a
    unit of a chip, or a single macro.
  • Can start early

  • White box verification means that the internal
    facilities are visible and utilized by the
    testbench stimulus.
  • Quickly setup interesting cases
  • Tightly integrated with implementation
  • Changes with implementation
  • Examples Unit/Module level verification

  • Grey box verification means that a limited number
    of facilities are utilized in a mostly black-box
  • Example Most environments! Prediction of
    correct results on the interface is occasionally
    impossible without viewing an internal signal.

Perfect Verification
  • To fully verify a black-box, you must show that
    the logic works correctly for all combinations of
  • This entails
  • Driving all permutations on the input lines
  • Checking for proper results in all cases
  • Full verification is not practical on large
    pieces of designs, but the principles are valid
    across all verification.

  • Reality Check
  • Macro verification across an entire system is not
    feasible for the business
  • There may be over 400 macros on a chip, which
    would require about 200 verification engineers!
  • That number of skilled verification engineers
    does not exist
  • The business can't support the development
  • Verification Leaders must make reasonable
  • Concentrate on Unit level
  • Designer level on riskiest macros

  • Typical Bug rates per level

Cost of Verification
  • Necessary Evil
  • Always takes too long and costs too much
  • Verification does not generate revenue
  • Yet indispensable
  • To create revenue, design must be functionally
    correct and provide benefits to customer
  • Proper functional verification demonstrates
    trustworthiness of the design

Verification And Design Reuse
  • Wont use what you dont trust.
  • How to trust it?
  • Verify It.
  • For reuse, designs must be verified with more
    strict requirements
  • All claims, possible combinations and uses must
    be verified.
  • Not just how it is used in a specific environment.

When is Verification Done?
  • Never truly done on complex designs
  • Verification can only show presence of errors,
    not their absence
  • Given enough time, errors will be uncovered
  • Question Is the error likely to be severe
    enough to warrant the effort spent to find the

When is Verification Done? (Cont)
  • Verification is similar to statistical
  • Hypothesis Is the design functionally correct?

Hypothesis Matrix
Errors No Errors
Bad Design Type II (False Positive)
Good Design Type I (False Negative)
  • Tape-Out Criteria
  • Checklist of items that must be completed before
  • Verification items, along with Physical/Circuit
    design criteria, etc
  • Verification criteria is based on
  • Function tested
  • Bug rates
  • Coverage data
  • Clean regression
  • Time to market

Verification VS. Test
  • Two often confused
  • Purpose of test is to verify that the design was
    manufactured properly
  • Verification is to ensure that the design meets
    the functionality intent

Verification and Test Reconvergence Model
HW Design
Net list
  • Feb 7th IBM Guest lectures
  • 2 class lecture slots (415-630 p.m)
  • Homework Due Thursday (01/24)
  • HW2 on VHDL test benches will be assigned 01/24
  • TA office hours F 100-215 p.m 101 Pond

To do
  • Read chapter 2 from text book
  • Try the following tools on unix systems
  • Lint
  • vcs, sccs

Verification Tools
  • Automation improves the efficiency and
    reliability of the verification process
  • Some tools, such as a simulator, are essential.
    Others automate tedious tasks and increase
    confidence in the outcome.
  • It is not necessary to use all the tools.

Verification Tools
  • Improve efficiency e.g. spell checker
  • Improve reliability
  • Automate portion of the verification process
  • Some tools such as simulators are essential
  • Some tools automate the most tedious tasks and
    increase the confidence in outcome
  • Code coverage tool
  • Linting tols
  • Help ensure that a Type II mistake does not occur

Verification Tools
  • Linting Tools
  • Simulators
  • Third Party Models
  • Waveform Viewers
  • Code Coverage
  • Verification Languages (Non-RTL)
  • Revision Control
  • Issue Tracking
  • Metrics

Linting Tools
  • UNIX C utility program
  • Parses a C program
  • Reports questionable uses
  • Identifies common mistakes
  • Makes finding those mistakes quick and easy
  • Lint identified problems
  • Mismatched types
  • Misatched argument in function calls either
    number of or type

The UNIX C lint program
  • Attempts to detect features in C program files
    that are likely to be bugs, non-portabe or
  • Checks type usage more strictly than a compiler
  • Checks for
  • Unreachable statements
  • Loops not entered at top
  • Variables declared but not used
  • Logical expressions whse value is constant
  • Functions that return values in some places but
    not others
  • Functions called with a varying number or type of
  • Functions whose value is not used

Advantages of Lint Tools
  • Know about problems prior to execution
    (simulation for VHDL code)
  • Checks are entirely static
  • Do not require stimulus
  • Do not need to know expected output
  • Can be used to enforce coding guidelines and
    naming conventions

  • Can only find problems that can be statically
  • Cannot determine if algorithm is correct
  • Cannot determine if dataflow is correct
  • Are often too paranoid err of side of caution
    Type I/II??errors good design but error
    reported filtering output
  • Should check and fix problems as you go dont
    wait till entire model/code is complete

Linting Tools
  • Assist in finding common programming mistakes
  • Only identify certain class of problems
  • Linting is a Static checker
  • Same deficiencies as in a C linter
  • Many false negatives are reported
  • Does assist in enforcing coding guidelines

Linting VHDL source code
  • VHDL is strongly typed does not need linting as
    much as Verilog (Can assign bit vectors of
    different lenghts to each other)
  • An area of common problems is use of STD_LOGIC

VHDL Example
Library ieee Use ieee.std_logic_1164.all Entity
my_entity is port (my_input in std_logic) End
my_entity Architecture sample of my_entity
is signal s1 std_logic signal sl
std_logic Begin stat1 s1 lt my_input stat2
s1 lt not my_inputs End sample
Warning file x.vhd Signal s1 is multiply
defined Warning file x.vhd Signal sl Has no
Naming Conventions
  • Use a naming convention for signals with multiple
  • Multiple driven signals will give warning
    messages but with a naming convention can be

Cadence VHDL Lint Tool
HAL Checks
  • Some of the classes of errors that the HAL tool
    checks for include
  • Interface InconsistencyUnconnected ports
    Incorrect number or type of task/function
    arguments Incorrect signal assignments to input
    ports Unused or Undriven Variables Undriven
    primary output Unused task/function/parameters
    Event variables that are never triggered 2-State
    versus 4-State Issues Conditional expressions
    that use x/z incorrectly Case equality ()
    that is treated as equality ()Incorrect
    assignment of x/z values Expression
    Inconsistency Unequal operand lengths Real/time
    values that are used in expressions Incorrect
    rounding/truncation Case Statement
    Inconsistency Case expressions that contain x or
    z logic Case expressions that are out of range
    Correct use of parallel_case and full_case
    constructs Range and Index Errors Single-bit
    memory words Bit/part selects that are out of
    range Ranged ports that are re-declared

Code reviews
  • Objective Identify functional and coding style
    errors prior to functional verification and
  • Source code is reviewed by one or more reviewers
  • Goal Identify problems with code that an
    automatd tool would not identify

  • Simulators are the most common and familiar
    verification tool
  • Simulation alone is never the goal of an
    industrial project
  • Simulators attempt to create an artificial
    universe that mimics the environment that the
    real design will see
  • Only a approximation of reality
  • Digital values n std logic have 9 values
  • Reality signal is a continuous value between
    GND and Vdd

  • Execute a description of the design
  • Description limited to well defined language with
    precise semantics
  • Simulators are not a static tool require the
    user to set up an environment in which the design
    will find itself this setup is often called
  • Provides inputs and monitors results

  • Simulation outputs are validated externally
    against design intent (specification)
  • Two types
  • Event based
  • Cycle based

Event Based Simulators
  • Event based simulators are driven based on events
  • An attempt to increase the simulated time per
    unit of wall time
  • Outputs are a function of inputs
  • The outputs change only when the inputs do
  • Moves simulation time ahead to the next time at
    which something occurs
  • The event is the input changing
  • This event causes simulator to re-evaluate and
    calculate new output

Cycle Based Simulators
  • Simulation is based on clock-cycles not events
  • All combinational functions collapsed into a
    single operation
  • Cycle based simulators contain no timing and
    delay information
  • Assumes entire design meets setup and holdtime
    for all FFs
  • Timing is usually verified by static timing
  • Can handle only synchronous circuits
  • Only event is active edge of clock
  • All other inputs are aligned with clock (cannot
    handle asynchronous events)
  • Moore machine state changes whenver clk changes
    mealy machines they also depend on inputs which
    can change asynchronously
  • Much faster than event based

  • Types of Simulators
  • (con't)
  • Simulation Farm
  • Multiple computers are used in parallel for
  • Acceleration Engines/Emulators
  • Quickturn, IKOS, AXIS.....
  • Custom designed for simulation speed
  • Accel vs. Emulation
  • True emulation connects to some real, in-line
  • Real software eliminates need for special

  • Speed compare
  • Influencing Factors
  • Hardware Platform
  • Frequency, Memory, ...
  • Model content
  • Size, Activity, ...
  • Interaction with Environment
  • Model load time
  • Testpattern
  • Network utilization

Relative Speed of different Simulators
Event Simulator
Cycle Simulator
Event driven cycle Simulator
  • Speed - What is fast?
  • Cycle Sim for one processor chip
  • 1 sec realtime 6 month
  • Sim Farm with a few hundred computers
  • 1 sec realtime 1 day
  • Accelerator/Emulator
  • 1 sec realtime 1 hour

  • Co-simulators are combination of event, cycle,
    and other simulators (acceleration, emulation)
  • Both simulators progress along time in lockstep
  • Performance is decreased due to inter tool
  • Ambiguities arise during translation from one
    simulator to the other.
  • Verilogs 128 possible states to VHDLs 9
  • Analogs current and voltage into digitals logic
    value and strength.

Third Party Models
  • Many designs use off the shelf parts
  • To verify such a design, must obtain a model to
    these parts
  • Often must get the model from a 3rd party
  • Most 3rd party models are provided as compiled
    binary models
  • Why buy 3rd party models?
  • Engineering resources
  • Quality (especially in the area of system timing)

Hardware Modelers
  • Are for modeling new hardware. Some hardware may
    be too new for models to available
  • Example In 2000 still could not get a model of
    the Pentium III
  • Sometimes cannot simulate enough of a model in an
    acceptable period of time

Hardware Modelers (cont)
  • Hardware modeler features
  • Small box that connects to network that contains
    a real copy of the physical chip
  • Rest of HDL model provides inputs to the chip and
    obtains the chips output to return to your model

Waveform Viewers
  • Lets you view transitions on multiple signals
    over time
  • The most common of verification tools
  • Waveform can be saved in a trace file
  • In verification
  • need to know expected output and whenever the
    simulated output is not as expected
  • both the signal value and the signal timing
  • use the testbench to compare the model output
    with the expected

  • Coverage
  • Coverage techniques give feedback on how much the
    testcase or driver is exercising the logic
  • Coverage makes no claim on proper checking
  • All coverage techniques monitor the design during
    simulation and collect information about desired
    facilities or relationships between facilities

Coverage Goals
  • Measure the "quality" of a set of tests
  • Supplement test specifications by pointing to
    untested areas
  • Help create regression suites
  • Provide a stopping criteria for unit testing
  • Better understanding of the design

  • Coverage Techniques
  • People use coverage for multiple reasons
  • Designer wants to know how much of his/her macro
    is exercised
  • Unit/Chip leader wants to know if relationships
    between state machine/microarchitectural
    components have been exercised
  • Sim team wants to know if areas of past escapes
    are being tested
  • Program manager wants feedback on overall quality
    of verification effort
  • Sim team can use coverage to tune regression

  • Coverage Techniques
  • Coverage methods include
  • Line-by-line coverage
  • Has each line of VHDL been exercised?
    (If/Then/Else, Cases, states, etc)
  • Microarchitectural cross products
  • Allows for multiple cycle relationships
  • Coverage models can be large or small

Code Coverage
  • A technique that has been used in software
    engineering for years.
  • By covering all statements adequately the chances
    of a false positive (a bad design tests good) are
  • Never 100 certain that design under verification
    is indeed correct. Code coverage increases
  • Some tools may use file I/O aspect of language
    and others have special features built into the
    simulator to report coverage statistics.

Adding Code Coverage
  • If built into simulator - code is automatically
  • If not built in - must add code to testbench to
    do the checking

Code Coverage
  • Objective is to determine if you have overlooked
    exercising some code in the model
  • If you answer yes then must also ask why the code
    is present
  • Coverage metrics can be generated after running a
  • Metrics measure coverage of
  • statements
  • possible paths through code
  • expressions

Report Metrics for Code Coverage
  • Statement (block)
  • Measures which lines (statements have been
    executed) by the verification suite
  • Path
  • Measures all possible ways to execute a sequence
    of instructions
  • Expression Coverage
  • Measures the various ways paths through the code
    are executed

Statements and Blocks
  • Statement coverage can also be called block
  • The Model Sim simulator can show how many times a
    statement was executed
  • Also need to insure that executed statements are
    simulated with different values
  • And there is code that was not meant to be
    simulated (code specifically for synthesis for

Path Coverage
  • Measures all possible ways you can execute a
    sequence of statements
  • Example has four possible paths

Path Coverage Goal
  • Desire is to take all possible paths through code
  • It is possible to have 100 statement coverage
    but less than 100 path coverage
  • Number of possible paths can be very, very large
    gt keep number of paths as small as possible
  • Obtaining 100 path coverage for a model of even
    moderate complexity is very difficult

Expression Coverage
  • A measure of the various ways paths through code
    are taken
  • Example has 100 statement coverage but only 50
    expression coverage

100 Code Coverage
  • What do 100 path and 100 expression coverage
  • Not much!! Just indicates how thoroughly
    verification suite exercises code. Does not
    indicate the quality of the verification suite.
  • Does not provide an indication about correctness
    of code
  • Results from coverage can help identify corner
    cases not exercised
  • Is an additional indicator for completeness of
  • Code coverage value can indicate if job is not

Functional Coverage
  • Coverage is based on the functionality of the
  • Coverage models are specific to a given design
  • Models cover
  • The inputs and the outputs
  • Internal states
  • Scenarios
  • Parallel properties
  • Bug Models

Interdependency-Architectural Level
  • The Model
  • We want to test all dependency types of a
    resource (register) relating to all instructions
  • The attributes
  • I - Instruction add, add., sub, sub.,...
  • R - Register (resource) G1, G2,...
  • DT - Dependency Type WW, WR, RW, RR and None
  • The coverage tasks semantics
  • A coverage instance is a quadruplet ltIj, Ik, Rl,
    DTgt, where Instruction Ik follows Instruction Ij,
    and both share Resource Rl with Dependency Type

Interdependency-Architectural Level (2)
  • Additional semantics
  • The distance between the instructions is no more
    than 5
  • Restrictions
  • Not all combinations are valid
  • Fixed point instructions cannot share FP

Interdependency-Architectural Level (3)
  • Size and grouping
  • Original size 400 x 400 x 100 x 5
  • Let the Instructions be divided into disjoint
    groups I1 ... In
  • Let the Resources be divided into disjoint groups
    R1 ... Rk
  • After grouping 60 x 60 x 10 x 5 180000

The Coverage Process
  • Defining the domains of coverage
  • Where do we want to measure coverage
  • What attributes (variables) to put in the trace
  • Defining models
  • Defining tuples and semantic on the tuples
  • Restrictions on legal tasks
  • Collecting data
  • Inserting traces to the database
  • Processing the traces to measure coverage
  • Coverage analysis and feedback
  • Monitoring progress and detecting holes
  • Refining the coverage models
  • Generating regression suites

Coverage Model Hints
  • Look for the most complex, error prone part of
    the application
  • Create the coverage models at high level design
  • Improve the understanding of the design
  • Automate some of the test plan
  • Create the coverage model hierarchically
  • Start with small simple models
  • Combine the models to create larger models.
  • Before you measure coverage check that your rules
    are correct on some sample tests.
  • Use the database to "fish" for hard to create
  • Try to generalize as much as possible from the
  • X was never 3 is much more useful than the task
    (3,5,1,2,2,2,4,5) was never covered.

  • Future Coverage Usage
  • One area of research is automated coverage
    directed feedback
  • If testcases/drivers can be automatically tuned
    to go after more diverse scenarios based on
    knowledge about what has been covered, then bugs
    can be encountered much sooner in design cycle
  • Difficulty lies in the expert system knowing how
    to alter the inputs to raise the level of

Verification Languages
  • Specific to verification principles
  • Deficiencies in RTL languages (Verilog and VHDL)
  • Verilog was designed with a focus on describing
    low-level hardware structures
  • No support for data structures (records, linked
    lists, etc)
  • Not object oriented
  • VHDL was designed for large design teams
  • Encapsulates all information and communicates
    strictly through well-defined interfaces
  • These limitations get in the way of efficient
    implementation of a verification strategy

Verification Languages (cont)
  • Some examples of verification languages
  • Verisitys Specman Elite
  • Synopsys Vera
  • Chronologys Rave
  • System C
  • Problem is that these are all proprietary,
    therefore buying into one will lock one into a

Verification Languages
  • Even with a verification language still
  • need to plan verification
  • design verification strategy and design
    verification architecture
  • create stimulus
  • determine expected response
  • compare actual response versus expected response

Revision Control
  • Need to insure that model verified is model used
    for implementation
  • Managing a HDL-based hardware project is similar
    to managing a software project
  • Require a source control management system
  • Such systems keep last version of a file and a
    history of previous versions along with what
    changes are present in each version

Configuration Management
  • Wish to tag (identify) certain versions of a file
    so multiple users can keep working
  • Different users have different views of project

File Tags
  • Each file tag has a specific meaning

Issue Tracking
  • It is normal and expected to find functional
    irregularities in complex systems
  • Worry if you dont!!! Bugs will be found!!!
  • An issue is anything that can affect the
    functionality of the design
  • Bugs during execution of the testbench
  • Ambiguities or incompleteness of specifications
  • A new and relevant testcase
  • Errors found at any stage
  • Must track all issues if a bad design could be
    manufactured were the issue not tracked

Issue Tracking Systems
  • The Grapevine
  • Casual conversation between members of a design
    team in which issues are discussed
  • No-one has clear responsibility for solution
  • System does not maintain a history
  • The Post-it System
  • The yellow stickies are used to post issues
  • Ownership of issues is tenuous at best
  • No ability to prioritize issues
  • System does not maintain a history

Issue Tracking Systems (cont.)
  • The Procedural System
  • Issues are formally reported
  • Outstanding issues are reviewed and resolved
    during team meetings
  • This system consumes a lot of meeting time
  • Computerized Systems
  • Issues seen through to resolution
  • Can send periodic reminders until resolved
  • History of action(s) to resolve is archived
  • Problem is that these systems can require a
    significant effort to use

Code Related Metrics
  • Code Coverage Metrics - how thoroughly does
    verification suite exercise code
  • Number of Lines of Code Needed for Verification
    Suite - a measure of the level of effort needed
  • Ratio of Lines of Verification Code to Lines of
    Code in the Model - measure of design complexity
  • Number of source code changes over time

Quality Related Metrics
  • Quality is subjective
  • Examples of quality metrics
  • Number of known outstanding issues
  • Number of bugs found during service life
  • Must be very careful to interpret and use any
    metric correctly!!!
Write a Comment
User Comments (0)
About PowerShow.com