SlideShare a Scribd company logo

2010 bristol q1_hybrid-formal-coverage

O
Obsidian Software

This document discusses using hybrid-formal methods to help address the problem of coverage convergence in verification. It can summarize as follows: 1. Hybrid-formal techniques, which combine formal methods and random simulation, can be leveraged to help achieve coverage convergence by finding paths through the design state space to uncovered coverage targets. 2. This overcomes limitations of pure simulation-based approaches by using formal analysis, but addresses capacity issues of pure formal methods by incorporating random simulation as well. 3. The Synopsys Magellan hybrid-formal tool has been used successfully for coverage convergence on production designs for several years using this approach.

1 of 17
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Hybrid-Formal Coverage Convergence Dan Benua Synopsys Verification Group January 18, 2010 1
Abstract •  Formal and Hybrid methods typically employed in property checking can also be leveraged to attack coverage convergence problems. •  The Synopsys Magellan hybrid-formal tool has supported coverage convergence on production designs for several years. •  This talk will briefly review the technology and methodology considerations for this application. •  Hybrid formal technology is distinct from the automation of stimulus coverage closure used in simulation. (e.g. “Echo” feature in VCS) 2
Agenda •  Coverage Convergence & FPV •  The Problem of Constraints •  Handling Capacity Issues •  Hybrid-Formal Coverage Methodology •  Benefits & Limitations •  Future Directions 3
Traditional Coverage Convergence Methodology 100% Directed tests coverage (manual effort) Constraint Random tests Time 4
Improving Convergence with Hybrid-Formal Techniques 100% Unreachable Targets 100% Formal Coverage Convergence Directed tests coverage (manual effort) Constraint Random tests Time 5
Finding Paths Through the State Space of the DUV & Environment •  Formal Analysis of Safety Properties – For each assertion: •  “Does a legal path exist from a reset state to a property failure state?” •  Coverage Closure – For each coverage target: •  “Does a legal path exist from a reset state to a state satisfying the coverage target?” 6
State Space View DUV + Env State Space Target State If no path exists, target state is “Unreachable” Initial State 7
Formal method coverage closure: Challenges •  Formal vs. Simulation environment –  Behavioural models not synthesizable –  Declarative vs Procedural representation –  cycle vs event semantics •  Capacity Issues –  Number of Coverage Targets •  Functional (Covergroups, Cover Properties) •  Structural (line, condition, FSM, toggle…) –  Trace Depth •  Number of cycles from an initial state to a goal state reaching each coverage target System level test environments … 1.  ontain abstractions which can’t be synthesized into Finite state C automata needed by pure formal solutions. 2.  ften exceed model-checking algorithm capacity. O 8
What is Hybrid Search? •  Finds paths to goal states that consist of some random simulation cycles and some cycles calculated by formal engines. •  Sacrifices exhaustive search in exchange for better capacity and performance. 9
Hybrid Search Illustrated DUV + Env State Space Target State Hybrid Trace: Dynamic + Formal Initial State 10
Methodology Fit •  Block Level – < 10M gates, < 100K Coverage targets – Unreachable analysis can handle larger circuits (w/ approximation) •  Synthesizable DUT – With extensions, E.g. SVA, XMR, Monitors •  Formal-compatible constraints – SVA /PSL+ RTL modeling code – Constraint solver for stimulus generation – Good leverage with FPV flow 11
Practical Implementation of Hybrid- Formal Coverage Convergence 1.  Tool instruments design to select desired functional and structural coverage targets. 2.  Run unreachability analysis without constraints to detect “uncoverable” targets. 3.  Create and validate formal-compatible constraint environment. 4.  Run constrained random simulation to hit “easy” coverage targets 5.  Run hybrid search algorithm to find remaining “hard” reachable coverage targets 6.  Merge coverage results from “hard”, “easy”, and “uncoverable” runs. 12
Benefits of Hybrid Convergence •  Automated convergence, within the limits of tool capacity •  No conventional testbench required, but testbench monitors may be reused •  Coverage metrics measured in familiar simulation context •  Easy to parallelize on server farms 13
Limitations •  Non-exhaustive, some targets may remain “uncovered” •  Uses cycle-based semantics •  Large compute resource requirements and potentially long runtimes •  Requires caution when merging coverage from distinct environments 14
The Future •  More flow automation for hybrid solutions •  Multi-core, multi-processor servers for performance/capacity increases •  Standardization of coverage databases, including formal (Accellera UCIS Technical Committee) •  Continued research on testbench-based coverage closure automation 15
Conclusion •  Hybrid-Formal techniques address a sub- set of the general problem of coverage closure •  Multiple users are seeing benefits from this technology when combined with FPV and conventional CR testbench methods 16
Q&A 17

More Related Content

PDF
Introducing LCS to Digital Design Verification
Daniele Loiacono
 
PDF
Coverage and Introduction to UVM
Dr. Shivananda Koteshwar
 
PDF
Session 7 code_functional_coverage
Nirav Desai
 
PDF
Code coverage
Vijayan Reddy
 
PPT
Code coverage
Return on Intelligence
 
PDF
snug_europe_2016_FCA_concepts_and_practicalities
Sergio Marchese
 
PDF
2010 bristol q1_formal-property-checkers
Obsidian Software
 
PDF
Using a Formal Property Checker for Simulation Coverage Closure
DVClub
 
Introducing LCS to Digital Design Verification
Daniele Loiacono
 
Coverage and Introduction to UVM
Dr. Shivananda Koteshwar
 
Session 7 code_functional_coverage
Nirav Desai
 
Code coverage
Vijayan Reddy
 
Code coverage
Return on Intelligence
 
snug_europe_2016_FCA_concepts_and_practicalities
Sergio Marchese
 
2010 bristol q1_formal-property-checkers
Obsidian Software
 
Using a Formal Property Checker for Simulation Coverage Closure
DVClub
 

Similar to 2010 bristol q1_hybrid-formal-coverage (20)

PDF
Lafauci dv club oct 2006
Obsidian Software
 
PDF
Formal Verification
Ilia Levin
 
PDF
Effective Test Suites for ! Mixed Discrete-Continuous Stateflow Controllers
Lionel Briand
 
PPTX
Case Study of End to End Formal Verification Methodology
Jacob Ryan Maas
 
PPTX
20100522 software verification_sharygina_lecture01
Computer Science Club
 
PDF
Fault, Errors, and Promise Theory
Mark Burgess
 
PPT
OCAT: Object Capture based Automated Testing (ISSTA 2010)
Sung Kim
 
PDF
Verification Challenges and Methodologies
Dr. Shivananda Koteshwar
 
PDF
Topics in Verification: Reuse, Coverage, Regression Engineering, Planning, Qu...
DVClub
 
PDF
A Survey of functional verification techniques
IJSRD
 
PPT
Formal Method for Avionics Software Verification
AdaCore
 
PPTX
#1 formal methods – introduction for software engineering
Sharif Omar Salem
 
PPT
system verilog
Vinchipsytm Vlsitraining
 
PDF
Extensions to the CEGAR Approach on Petri Nets
Akos Hajdu
 
PPT
Dealing with the Three Horrible Problems in Verification
DVClub
 
PDF
Analytic Dependency Loops in Architectural Models of Cyber-Physical Systems
Ivan Ruchkin
 
PDF
Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Lionel Briand
 
PDF
Deployment of Debug and Trace for features in RISC-V Core
IRJET Journal
 
PDF
Argumentation in Artificial Intelligence: From Theory to Practice (Practice)
Mauro Vallati
 
PPT
Stephan berg track f
Alona Gradman
 
Lafauci dv club oct 2006
Obsidian Software
 
Formal Verification
Ilia Levin
 
Effective Test Suites for ! Mixed Discrete-Continuous Stateflow Controllers
Lionel Briand
 
Case Study of End to End Formal Verification Methodology
Jacob Ryan Maas
 
20100522 software verification_sharygina_lecture01
Computer Science Club
 
Fault, Errors, and Promise Theory
Mark Burgess
 
OCAT: Object Capture based Automated Testing (ISSTA 2010)
Sung Kim
 
Verification Challenges and Methodologies
Dr. Shivananda Koteshwar
 
Topics in Verification: Reuse, Coverage, Regression Engineering, Planning, Qu...
DVClub
 
A Survey of functional verification techniques
IJSRD
 
Formal Method for Avionics Software Verification
AdaCore
 
#1 formal methods – introduction for software engineering
Sharif Omar Salem
 
system verilog
Vinchipsytm Vlsitraining
 
Extensions to the CEGAR Approach on Petri Nets
Akos Hajdu
 
Dealing with the Three Horrible Problems in Verification
DVClub
 
Analytic Dependency Loops in Architectural Models of Cyber-Physical Systems
Ivan Ruchkin
 
Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Lionel Briand
 
Deployment of Debug and Trace for features in RISC-V Core
IRJET Journal
 
Argumentation in Artificial Intelligence: From Theory to Practice (Practice)
Mauro Vallati
 
Stephan berg track f
Alona Gradman
 
Ad

More from Obsidian Software (20)

PDF
Zhang rtp q307
Obsidian Software
 
PDF
Zehr dv club_12052006
Obsidian Software
 
PDF
Yang greenstein part_2
Obsidian Software
 
PDF
Yang greenstein part_1
Obsidian Software
 
PDF
Williamson arm validation metrics
Obsidian Software
 
PDF
Whipp q3 2008_sv
Obsidian Software
 
PPT
Vishakantaiah validating
Obsidian Software
 
PDF
Validation and-design-in-a-small-team-environment
Obsidian Software
 
PDF
Tobin verification isglobal
Obsidian Software
 
PDF
Tierney bq207
Obsidian Software
 
PDF
The validation attitude
Obsidian Software
 
PPT
Thaker q3 2008
Obsidian Software
 
PDF
Thaker q3 2008
Obsidian Software
 
PDF
Strickland dvclub
Obsidian Software
 
PDF
Stinson post si and verification
Obsidian Software
 
PDF
Shultz dallas q108
Obsidian Software
 
PDF
Shreeve dv club_ams
Obsidian Software
 
PDF
Sharam salamian
Obsidian Software
 
PDF
Schulz sv q2_2009
Obsidian Software
 
PDF
Schulz dallas q1_2008
Obsidian Software
 
Zhang rtp q307
Obsidian Software
 
Zehr dv club_12052006
Obsidian Software
 
Yang greenstein part_2
Obsidian Software
 
Yang greenstein part_1
Obsidian Software
 
Williamson arm validation metrics
Obsidian Software
 
Whipp q3 2008_sv
Obsidian Software
 
Vishakantaiah validating
Obsidian Software
 
Validation and-design-in-a-small-team-environment
Obsidian Software
 
Tobin verification isglobal
Obsidian Software
 
Tierney bq207
Obsidian Software
 
The validation attitude
Obsidian Software
 
Thaker q3 2008
Obsidian Software
 
Thaker q3 2008
Obsidian Software
 
Strickland dvclub
Obsidian Software
 
Stinson post si and verification
Obsidian Software
 
Shultz dallas q108
Obsidian Software
 
Shreeve dv club_ams
Obsidian Software
 
Sharam salamian
Obsidian Software
 
Schulz sv q2_2009
Obsidian Software
 
Schulz dallas q1_2008
Obsidian Software
 
Ad

2010 bristol q1_hybrid-formal-coverage

  • 1. Hybrid-Formal Coverage Convergence Dan Benua Synopsys Verification Group January 18, 2010 1
  • 2. Abstract •  Formal and Hybrid methods typically employed in property checking can also be leveraged to attack coverage convergence problems. •  The Synopsys Magellan hybrid-formal tool has supported coverage convergence on production designs for several years. •  This talk will briefly review the technology and methodology considerations for this application. •  Hybrid formal technology is distinct from the automation of stimulus coverage closure used in simulation. (e.g. “Echo” feature in VCS) 2
  • 3. Agenda •  Coverage Convergence & FPV •  The Problem of Constraints •  Handling Capacity Issues •  Hybrid-Formal Coverage Methodology •  Benefits & Limitations •  Future Directions 3
  • 4. Traditional Coverage Convergence Methodology 100% Directed tests coverage (manual effort) Constraint Random tests Time 4
  • 5. Improving Convergence with Hybrid-Formal Techniques 100% Unreachable Targets 100% Formal Coverage Convergence Directed tests coverage (manual effort) Constraint Random tests Time 5
  • 6. Finding Paths Through the State Space of the DUV & Environment •  Formal Analysis of Safety Properties – For each assertion: •  “Does a legal path exist from a reset state to a property failure state?” •  Coverage Closure – For each coverage target: •  “Does a legal path exist from a reset state to a state satisfying the coverage target?” 6
  • 7. State Space View DUV + Env State Space Target State If no path exists, target state is “Unreachable” Initial State 7
  • 8. Formal method coverage closure: Challenges •  Formal vs. Simulation environment –  Behavioural models not synthesizable –  Declarative vs Procedural representation –  cycle vs event semantics •  Capacity Issues –  Number of Coverage Targets •  Functional (Covergroups, Cover Properties) •  Structural (line, condition, FSM, toggle…) –  Trace Depth •  Number of cycles from an initial state to a goal state reaching each coverage target System level test environments … 1.  ontain abstractions which can’t be synthesized into Finite state C automata needed by pure formal solutions. 2.  ften exceed model-checking algorithm capacity. O 8
  • 9. What is Hybrid Search? •  Finds paths to goal states that consist of some random simulation cycles and some cycles calculated by formal engines. •  Sacrifices exhaustive search in exchange for better capacity and performance. 9
  • 10. Hybrid Search Illustrated DUV + Env State Space Target State Hybrid Trace: Dynamic + Formal Initial State 10
  • 11. Methodology Fit •  Block Level – < 10M gates, < 100K Coverage targets – Unreachable analysis can handle larger circuits (w/ approximation) •  Synthesizable DUT – With extensions, E.g. SVA, XMR, Monitors •  Formal-compatible constraints – SVA /PSL+ RTL modeling code – Constraint solver for stimulus generation – Good leverage with FPV flow 11
  • 12. Practical Implementation of Hybrid- Formal Coverage Convergence 1.  Tool instruments design to select desired functional and structural coverage targets. 2.  Run unreachability analysis without constraints to detect “uncoverable” targets. 3.  Create and validate formal-compatible constraint environment. 4.  Run constrained random simulation to hit “easy” coverage targets 5.  Run hybrid search algorithm to find remaining “hard” reachable coverage targets 6.  Merge coverage results from “hard”, “easy”, and “uncoverable” runs. 12
  • 13. Benefits of Hybrid Convergence •  Automated convergence, within the limits of tool capacity •  No conventional testbench required, but testbench monitors may be reused •  Coverage metrics measured in familiar simulation context •  Easy to parallelize on server farms 13
  • 14. Limitations •  Non-exhaustive, some targets may remain “uncovered” •  Uses cycle-based semantics •  Large compute resource requirements and potentially long runtimes •  Requires caution when merging coverage from distinct environments 14
  • 15. The Future •  More flow automation for hybrid solutions •  Multi-core, multi-processor servers for performance/capacity increases •  Standardization of coverage databases, including formal (Accellera UCIS Technical Committee) •  Continued research on testbench-based coverage closure automation 15
  • 16. Conclusion •  Hybrid-Formal techniques address a sub- set of the general problem of coverage closure •  Multiple users are seeing benefits from this technology when combined with FPV and conventional CR testbench methods 16
  • 17. Q&A 17