introduction-to-questa-autocheck-covercheck,-and-formal-connectivity-checking.pdf

Chris Rockwood

Introduction toQuesta AutoCheck, CoverCheck, and Formal Connectivity Checking

Verification TechnologistDesign Verification Technology Division

April 2014

www.mentor.com 2014 Mentor Graphics Corp. Company Confidential

Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies

Agenda

Questa AutoCheck Automatic formal checks for common design issues

Questa CoverCheck Formal analysis to improve code coverage Also targets SVA covergroups (new in 10.3 release)

Connectivity Checking with Questa Formal Exhaustive validation of SoC connectivity

2


Questa PlatformMentor Graphics Functional Verification Solutions


A broad arsenal of verification solutions

Seamless integration of formal and simulation

Common compilers

Common GUI features

Unified Coverage Database

3


Property Checking

Automated Applications

Fully Automatic

Assertion GenerationReset and X-StatesImprove CoverageAutomatic ChecksCDC Verification

Questa Formal-based TechnologiesA full range of formal solutions


I/F ProtocolsControl LogicData IntegrityPost-Silicon Debug

ConnectivityRegister Map ChecksDesign Constraints

HigherEffort

LowEffort

4



Agenda




5


Property Checking


Fully Automatic






HigherEffort

LowEffort

6



Automatic ChecksEasy-to-use, predefined checks for common problems

Push-button functional verificationfor checks such as:

Initialization Checks- Uninitialized registers- X propagation/reachability

Functional Issue Checks - Combinational loops- Case statement checks- Arithmetic checks - Bus checks- FSM checksCoverage Reachability Checks- Unreachable Logic- Unreachable FSM state- Unreachable FSM transition- Register stuck at constant

Verilog, VHDL,SystemVerilog

RTL


7



Automatic ChecksEasy-to-use, predefined checks for common problems

Push-button functional verificationfor checks such as:


Functional Issue Checks - Combinational loops- Case statement checks- Arithmetic checks - Bus checks- FSM checksCoverage Reachability Checks- Unreachable Logic- Unreachable FSM state- Unreachable FSM transition- Register stuck at constant

Synthesized Netlist

Formal Netlist

Includes design functionality, design configurations, operating conditions, and initialization sequence


RTL


No testbenchNo assertionsNo constraints (initially)

Assumptions optional

7


Finding Bugs with Simulation

Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies8

Timeline




Develop RTL

RTL

Timeline




Develop RTL

Develop testbench RTLTestbench

Timeline




Develop RTL

Develop testbench

Run simulationSimulate

RTLTestbench

Timeline




Develop RTL

Develop testbench

Run simulation

Measure results

Simulate

RTLTestbench

Coverage

Timeline




Develop RTL

Develop testbench

Run simulation

Measure results

Bug?

Simulate

RTLTestbench

CoverageAnalyze results Analyze

Timeline




Develop RTL

Develop testbench

Run simulation

Measure results

Bug?

Simulate

RTLTestbench

CoverageAnalyze results Analyze

Time to find bugs can be too longSimulation cannot find all bugs

Timeline


Finding Bugs with Questa AutoCheck


Timeline




Develop RTL

RTL

Timeline




Develop RTL

Run AutoCheckAutoCheck

RTL

Timeline




Develop RTL

Run AutoCheck

Bug?

AutoCheck

RTL

Analyze results

Timeline

Analyze




Develop RTL

Run AutoCheck

Bug?

AutoCheck

RTL

Analyze results

Timeline

Analyze

You can useAutoCheck

as soon as you have your RTL

code



code




Develop RTL

Run AutoCheck

Bug?

AutoCheck

RTL

Analyze results

Shortest time to find bugsFinds bugs that simulation misses!

Timeline

Analyze



code



code


Questa AutoCheck

Questa

Automated design checking for: Common design errors Coverage closure issues The functional impact of Xs



Questa AutoCheck

No testbench required You can use it whenever you have RTL available for your

block/chip and BEFORE you simulate

Questa




Questa AutoCheck



No need to write assertions Assertions are automatically generated by Questa AutoCheck and

used/proved under the hood

Questa




Questa AutoCheck



No need to write assertions Assertions are automatically generated by Questa AutoCheck and

used/proved under the hood

Easy to run

Questa




Arithmetic and Bus Checks

Clear reporting of violations

Easy debugging Show waveforms Source code view

Arithmetic checks Overflow checks Division by 0 checks

Various bus checks Multiple drivers active No driver active



Arithmetic and Bus Checks

Clear reporting of violations

Easy debugging Show waveforms Source code view

Arithmetic checks Overflow checks Division by 0 checks

Various bus checks Multiple drivers active No driver active

Overflow happens here



Combinational Feedback Loop Check

Combinational feedback loops (CFLs) may simulate at the RTL level without problems

Bad behavior only shows in simulation with back-annotated timing or ultimately in silicon

Easy to debug Schematic view spans modules Direct link to source code

Finds CFLs early Saves debug time later Prevent respins Checks sequential control logic



Combinational Feedback Loop Check

Combinational feedback loops (CFLs) may simulate at the RTL level without problems

Bad behavior only shows in simulation with back-annotated timing or ultimately in silicon

Easy to debug Schematic view spans modules Direct link to source code

Finds CFLs early Saves debug time later Prevent respins Checks sequential control logic

Loops can span multiple levels of logic and modules



Example: Dead Code

Sometimes dead code is due to a complex functional bug in the design and should be resolved

Example: AutoCheck will find this; most lint tools wont:always @(posedge clk or negedge rstn)

if (!rstn) en1


Example: FSM Deadlock with Dead Code

Sometimes checks are related

Simple FSM Deadlock conditions due to incorrect structure can be found by lint tools and Questa AutoCheck

More complex sequential logic causing FSM Deadlock and Dead Code can only be found by Questa AutoCheck


Complex Sequential

Logic

case (cstate)3'b001: if (en)

nstate


Example: FSM Unreachable State/Transition

Lint finds simple case; only AutoCheck finds complex caseprocess (clk,rstn) begin

if (rstn = '0') then start


Other Miscellaneous Design Checks


Various register checks Multiply-driven signals Stuck-at checks

Clock-in-data checks

Undriven logic checks

Illegal range checks

Case statement checks

and other RTL, structural, and formal checks!

Develop RTL

Run AutoCheck

Bug?

Analyze results


Other Miscellaneous Design Checks


Various register checks Multiply-driven signals Stuck-at checks

Clock-in-data checks

Undriven logic checks

Illegal range checks

Case statement checks

and other RTL, structural, and formal checks!

AutoCheck finds design problems early

Develop RTL

Run AutoCheck

Bug?

Analyze results


AutoCheck: Intuitive Debug




Select Category




Select Category

RMB choose menu item to show source/schematic/

FSM/waveforms



Conclusion


Simulation alone is not enough It takes too long to find bugs Not all bugs will be found in simulation


Conclusion



Questa



Conclusion



Questa


The shortest time to find bugsFinds critical bugs that simulation cant find



Agenda




19


Property Checking


Fully Automatic






HigherEffort

LowEffort

20



Automatic Checks: CoverCheckEasy-to-use predefined checks for common problems

Push-button functional verification for checks such as:


Functional Issue Checks - Combinational loops- Arithmetic checks - Bus checks- Coverage Reachability Checks- Statement- Branch- Condition- Expression- FSM- Toggle- Covergroups (New in 10.3)


RTL


21



Automatic Checks: CoverCheckEasy-to-use predefined checks for common problems

Push-button functional verification for checks such as:


Functional Issue Checks - Combinational loops- Arithmetic checks - Bus checks- Coverage Reachability Checks- Statement- Branch- Condition- Expression- FSM- Toggle- Covergroups (New in 10.3)

Synthesized Netlist

Formal Netlist

Includes design functionality, design configurations, operating conditions, and initialization sequence


RTL


No testbenchNo assertionsNo constraints (initially)

Assumptions optional

21


Coverage Metrics

Basic: Code/FSM/Assertion Coverage Checks that all RTL has been exercised Checks that all assertions have been exercised

Semi-automated: Transaction/Structural Coverage Checks that all types of transactions have occurred Ensures that the tests have sufficiently stressed the design

Advanced: Functional Coverage Checks that all requirements for the design have been tested Does the design work in all scenarios?

All of these coverage types are measured and tracked to determine when verification is complete and the chip is ready to tape out or go into the lab



Coverage Metric Holes

Code/FSM/Assertion Coverage Functional dead code and unreachable FSM states/transitions Unreachable covergroup bins Modes of the design that create dead code Time can be wasted trying to hit these holes!

Transaction/Structural Coverage Testbench doesnt stress the design enough Incomplete functional models dont exercise all transactions

Functional Coverage Incomplete specification or planning; lack of knowledge or time

Proper test planning can mitigate these challenges

Making use of static verification techniques such as Questa CoverCheck can minimize time to closure



Code Coverage: Statement (s)

Counts the execution of each statement on a line Even if multiple statements

Example:always @(posedge clk or negedge rstn)

reg


Code Coverage: Branch (b)

Counts the execution of each conditional if/then/else and case statement All true and false branches are considered Each (if/else if/else | case) element counts as a branch

Example (if statement):if (!rstn)

q


Code Coverage: Condition (c)

Analyzes decisions made in if and ternary statements Considered an extension of branch coverage

Example:if (ce && we)

1 0/1

Report style based on Focused Expression CoverageEnabled Coverage Active Hits Misses % Covered

---------------- ------ ---- ------ ---------

FEC Condition Terms 16 13 3 81.2



Code Coverage: Condition (c)

Analyzes decisions made in if and ternary statements Considered an extension of branch coverage

Example:if (ce && we)

1 0/1


---------------- ------ ---- ------ ---------



All FEC conditions must be hit:

ce = 0,1; we = 0,1

ce is uncovered:

Never hit 0

26


Code Coverage: Expression (e)

Analyzes expressions on the right hand side of an assignment

Example:wire C = A && B

1 0/1


---------------- ------ ---- ------ ---------




Code Coverage: Expression (e)

Analyzes expressions on the right hand side of an assignment

Example:wire C = A && B

1 0/1


---------------- ------ ---- ------ ---------



All FEC conditions must be hit:

A = 0,1; B = 0,1

A is uncovered:Never hit 0

27


Code Coverage: Toggle (t)

Counts each time a logic node transitions from one state to another

Example:reg FF_A;

always @(posedge clk)

FF_A


Code Coverage: FSM (f)

Counts the states and transitions of each FSM Example:

FSM States: S1; S2; S3

FSM Transitions: S1 S1; S1 S2;

S2 S3; S2 S1; S3 S1

Report style based on FSM States and TransitionsEnabled Coverage Active Hits Misses % Covered

---------------- ------ ---- ------ ---------

States 3 3 0 100.0

Transitions 5 4 1 80.0



Code Coverage: FSM (f)

Counts the states and transitions of each FSM Example:

FSM States: S1; S2; S3

FSM Transitions: S1 S1; S1 S2;

S2 S3; S2 S1; S3 S1

Report style based on FSM States and TransitionsEnabled Coverage Active Hits Misses % Covered

---------------- ------ ---- ------ ---------

States 3 3 0 100.0

Transitions 5 4 1 80.0


All states and transitions must be hit

This transition not exercised (uncovered)

29


Typical Coverage Closure Methods

Fix design issues that prevent coverage from being achieved

Run more vectors to hit missing coverage Directed tests Constrained-random tests Intelligent testbench generation (e.g., Questa inFact) Spend a lot of time analyzing and applying new vectors

Add exclusions by hand Sometimes the simulator can add automated exclusions

Use an automated flow to generate exclusions for coverage elements that are impossible to hit



Checks for Coverage Exclusions

Coverage Model

31 Rockwell Collins Technology Day 2014 | Questa Formal-based Technologies



Branch Unreachable if/else and case branches

Coverage Model





Condition/Expression Unreachable FEC conditions

Coverage Model






Statement Unreachable lines of code

Coverage Model







Toggle Unreachable register transitions

Coverage Model








FSM Unreachable FSM states and transitions

Coverage Model









Covergroups (new in 10.3) Unreachable covergroup bins

Coverage Model









Covergroups (new in 10.3) Unreachable covergroup bins

Unreachable items are automatically excludedfrom your coverage model

Coverage Model



CoverCheck Example Statement Coverage

Dead code easily slips into the design Especially after changes are made

Dead code often identifies incorrect assumptions Can lead to critical bugs due to differing interpretation of design

requirements

May synthesize into logic that is not needed






requirements

May synthesize into logic that is not neededreg [1:0] R;always @* begin

if (a) R = 2'b00;else if (b) R = 2'b01;else R = 2'b11;

end

R can never be 2b10






requirements

May synthesize into logic that is not neededreg [1:0] R;always @* begin

if (a) R = 2'b00;else if (b) R = 2'b01;else R = 2'b11;

end

reg T;always @* beginT = 1'bX;case (R)2'b00: T = 1'b0;2'b01: T = 1'b1;2'b10: T = 1'b1;2'b11: T = 1'b0;endcase

endR can never be 2b10 Hence, this statement can never be reached




RTLCoverCheck

Questa CoverCheck: Before SimulationUse formal analysis as a stand-alone tool to target coverage

33



Simulation

Coverage Exclusions

TB

RTLCoverCheck


CoverageResults

33



Simulation

Coverage Exclusions

TB

RTLCoverCheck


CoverageResults

This flow can be inefficientbecause all coverage itemsin the RTL code are targetedby CoverCheck, which iscomputationally expensive

33



RTLSimulation

Questa CoverCheck: After SimulationUse formal analysis to improve simulation results

TB

34



RTLSimulation


CoverageResults

TB

34



RTLSimulation


CoverageResults

CoverCheck

TB

34



Coverage Exclusions

RTLSimulation


CoverageResults

CoverCheck

TB

34



Coverage Exclusions

RTLSimulation


CoverageResults

CoverCheck

TB

This flow is optimal becauseonly the coverage items thatwere not hit in simulationare targeted by CoverCheck

34


CoverCheck Results in qverify GUI



CoverCheck Results in qverify GUI


Unreachable FSM stateDouble-click or RMB, Show FSM to

visualize


CoverCheck Results: Covergroups



CoverCheck Results: Covergroups


Covergroup results in separate tab


Example: Generated Exclusion File

ex.do#

# Generated Exclusion File

#

coverage exclude -du work.pci_wb_slave -srcfile /project/design/rtl/vlog/pci_wb_slave.v

-linerange 757 -item s 1 -comment "CoverCheck:Statement"

coverage exclude -du work.pci_wb_slave_unit -srcfile project/design/rtl/vlog/pci_wb_slave_unit.v

-fecexprrow 703 2 -item 1 -comment "CoverCheck:Expression"


-feccondrow 886 1 -item 1 -comment "CoverCheck:Condition"

coverage exclude -du work.pci_conf_space -togglenode pci_ba0_bit31_12\[12\] -trans 10

-comment "CoverCheck:Toggle"

coverage exclude -du work.pci_wb_slave -fstate c_state S_CONF_READ

-comment "CoverCheck:FSM"

coverage exclude -cvgpath {/SYSTEM/bridge32_top/bridge/i_pci_target_unit/.../cp/auto[0]}

-comment "CoverCheck:Coverbin"

...



Example: Generated Exclusion File

ex.do#

# Generated Exclusion File

#


-linerange 757 -item s 1 -comment "CoverCheck:Statement"

coverage exclude -du work.pci_wb_slave_unit -srcfile project/design/rtl/vlog/pci_wb_slave_unit.v

-fecexprrow 703 2 -item 1 -comment "CoverCheck:Expression"


-feccondrow 886 1 -item 1 -comment "CoverCheck:Condition"

coverage exclude -du work.pci_conf_space -togglenode pci_ba0_bit31_12\[12\] -trans 10

-comment "CoverCheck:Toggle"

coverage exclude -du work.pci_wb_slave -fstate c_state S_CONF_READ

-comment "CoverCheck:FSM"

coverage exclude -cvgpath {/SYSTEM/bridge32_top/bridge/i_pci_target_unit/.../cp/auto[0]}

-comment "CoverCheck:Coverbin"

...


New in 10.3


Exclude Coverage After Simulation

Simulation has been previously run and a sim.ucdb exists Apply the exclude file to the UCDB with vsim

Read in the old .ucdb, apply the exclusions, write out a new .ucdb Example:> vsim -c -viewcov sim.ucdb \

-do do ex.do; \coverage save sim_w_excludes.ucdb; exit



Exclude Coverage After Simulation

Simulation has been previously run and a sim.ucdb exists Apply the exclude file to the UCDB with vsim

Read in the old .ucdb, apply the exclusions, write out a new .ucdb Example:> vsim -c -viewcov sim.ucdb \

-do do ex.do; \coverage save sim_w_excludes.ucdb; exit

Apply the exclusions



Simulation Coverage Before/After ExclusionsCoverage Report Summary by design unit:Design Unit: work.pci_target32_sm

Enabled Coverage Active Hits Misses % Covered---------------- ------ ---- ------ ---------Stmts 98 93 5 94.8Branches 22 21 1 95.4FEC Condition Terms 0 0 0 100.0FEC Expression Terms 186 57 129 30.6FSMs 90.0

States 3 3 0 100.0Transitions 5 4 1 80.0

Toggle Bins 106 76 30 71.6

TOTAL COVERGROUP COVERAGE: 43.7% COVERGROUP TYPES: 4

Total Coverage By Design Unit (filtered view): 46.7%

Design Unit: work.pci_target32_sm

Enabled Coverage Active Hits Misses % Covered---------------- ------ ---- ------ ---------Stmts 93 93 0 100.0Branches 21 21 0 100.0FEC Condition Terms 0 0 0 100.0FEC Expression Terms 186 58 128 31.1FSMs 90.0

States 3 3 0 100.0Transitions 5 4 1 80.0

Toggle Bins 106 76 30 71.6

TOTAL COVERGROUP COVERAGE: 59.8% COVERGROUP TYPES: 4

Total Coverage By Design Unit (filtered view): 51.3%

Original Run

With exclusions



CoverCheck Success at Rockwell Collins


CoverCheck was evaluated and purchased last year This purchase was outside the normal contract renewal cycle CoverCheck was new in 2013, not part of the old Questa Formal

First design used for evaluation was not an ideal application In-house design; had gone through requirements-based

verification, so code coverage misses were very small Only 3 unreachable coverage items were found

Evaluation on third-party IP was dramatically more successful Not all functions of DDR3 and PCIe IP blocks are used

Some inputs tied to 0/1; some registers set to fixed values Code coverage was only 55% when CoverCheck was first used

6% improvement within hours (vs. 2 weeks using manual exclusions) Thousands of exclusions generated within days (vs. months)

CoverCheck is ideally suited for some designs Is your design one of them?


Questa CoverCheck Benefits

Save project time that would have been spent manually reviewing the coverage holes

Schedule predictability

Automatically eliminate code that was never meant to be exercised

Tune measurement to the relevant modes of operation

Improved metrics

Witness waveforms eliminate danger of ignoring coverage holes that are reachable

Complexity measurement guides design for verification

Improved design quality

Manually generated waivers have to be maintained as the code changes

Elimination of waiver rot




Agenda




42


Property Checking


Fully Automatic






HigherEffort

LowEffort

43


SoC Connectivity Validation


Main Clock Domain

SubClock

Domain

SubClock

Domain

CPU

AMBAAHB/AXIArbiter

Bridge

AMBAAPB

UART

SlaveIF

GPIO

SlaveIF

PCIExpress

PHY

Bridge

MemoryDMA

MasterIF

CustomCore

PHY

SlaveIF

Protocol

PHY

MasterIF

Ethernet

PHY

MasterIF

USB

PHY

SlaveIFMasterIF

CPU

MasterIF


SoC Connectivity Validation


Main Clock Domain

SubClock

Domain

SubClock

Domain

CPU

AMBAAHB/AXIArbiter

Bridge

AMBAAPB

UART

SlaveIF

GPIO

SlaveIF

PCIExpress

PHY

Bridge

MemoryDMA

MasterIF

CustomCore

PHY

SlaveIF

Protocol

PHY

MasterIF

Ethernet

PHY

MasterIF

USB

PHY

SlaveIFMasterIF

CPU

MasterIF

Pin-constrained I/O pad muxing On-chip bus connectivity

Application

Check bus and I/O pad connections Check all modes of operation

Objective

100s to 1000s of connections Tedious to check in simulation

Challenge

Considers all modes of operation Able to catch corner-case scenarios

Benefit of Formal

Approach


Connectivity Applications


Pin-constrained I/O pads (pin multiplexing)

On-chip bus connectivity in SoC designs

Power rails

DFT and related test logic

Memory-related signals

Pure combinational logic functions

SoC/ASIC/FPGA designs all have applications

Other


ConnectivityCheck in Questa FormalEasily, quickly and thoroughly verify connectivity


Courtesy of Mark Handover



Create Connectivity spec (.csv, .tsv)

Checker Keyword Source Destination Condition Delay

connect Signal 1 Signal 2

connect_dly Signal 1 Signal 2 Delay Value

cond Signal 1 Signal 2 Condition Signal

cond_dly Signal 1 Signal 2 Condition Signal Delay Value

Mutex Signal 1

tied_high Signal 1

tied_low Signal 1











Mutex Signal 1

tied_high Signal 1

tied_low Signal 1

Auto-generateassertions and

testplan






Exhaustively Check Connectivity No testbench needed 14 automatically generated check types

+ coverage + testplan






Mutex Signal 1

tied_high Signal 1

tied_low Signal 1

RTLRTLRTL

QuestaFormalQuestaFormalQuestaFormal


testplan






Exhaustively Check Connectivity No testbench needed 14 automatically generated check types

+ coverage + testplan

Faster than using simulation cycles






Mutex Signal 1

tied_high Signal 1

tied_low Signal 1

RTLRTLRTL

QuestaFormalQuestaFormalQuestaFormal


testplan


Questa VM

46



Types of Connectivity Bugs


Source connected to the wrong destination Directly or conditionally

Source connected to destination with scrambled bits Directly or conditionally

Breaks in connectivity due to design function Directly or conditionally

Connections to incorrect logic levels

Coverage to check whether bits of a connection are stuck


Connectivity Validation: Problem/Solution


Problem: Old methods are no longer adequate Manual checking

Not feasible any more; designs are too large and complex Simulation

Takes time to set up a test suite Connectivity is usually tested indirectly, not directly Not exhaustive

Solution: A semi-automated formal verification flow







Solution: A semi-automated formal verification flow Define connectivity in a common format (usually a spreadsheet)







Solution: A semi-automated formal verification flow Define connectivity in a common format (usually a spreadsheet) Automatically translate specified connections into properties







Solution: A semi-automated formal verification flow Define connectivity in a common format (usually a spreadsheet) Automatically translate specified connections into properties Connect properties to design with minimal effort by the user







Solution: A semi-automated formal verification flow Define connectivity in a common format (usually a spreadsheet) Automatically translate specified connections into properties Connect properties to design with minimal effort by the user Run formal analysis







Solution: A semi-automated formal verification flow Define connectivity in a common format (usually a spreadsheet) Automatically translate specified connections into properties Connect properties to design with minimal effort by the user Run formal analysis View and debug results


Connectivity Check TypesPoint to Point Connectivity


connect Direct connect

connect_dly Connect with delay

connect_inv All signals inverted

connect_allsame All 0s or all 1s

src[N:0] dest[N:0]

src[N:0] dest[N:0]

src[N:0] dest[N:0]

src[N:0] dest[M:0]


Connectivity Check TypesConditional Point to Point Connectivity


cond Direct connect

cond_dly Connect with delay

cond_inv All signals inverted

cond_allsame All 0s or all 1s

dest[N:0]src[N:0]

conditionally

dest[N:0]src[N:0]

conditionally

dest[N:0]src[N:0]

conditionally

dest[M:0]src[N:0]

conditionally


Connectivity Check TypesSpecific Connectivity


mutex

cond_mutex

tied_high

cond_tied_high

tied_low

cond_tied_low

src[N:0]

cond

00010src[N:0]00010

src[N:0]

cond

src[N:0]

src[N:0]

cond

src[N:0]


Connectivity Check TypesCoverage


Coverage Important to ensure absence of stuck bits on connections

Example Consider the check:

if cond is true, then src is connected to dest

This checks the conditional connection between src and dest But will be proven even if cond is stuck high

Cover properties are used to ensure all bits can toggle

cond |-> src == dest

cover property ( @($global_clock) $rose(cond[i]) ); cover property ( @($global_clock) $fell(cond[i]) );


Questa Formal Connectivity Flow


RTL

formalcompile

work

qconnect_checkConnectivity Table

(.tsv/.csv)qconnect_checkers.sv

qconnect_bind.sv

vlog/vcom

formalverify


Connectivity Specification Format


Table header names and type names guide the script Signal names for src/dest/cond must use SV top-down hierarchical references, can be constant Verilog values Condition can be a signal or expression, delay is number of clock cycles Comment with # and white spaces are permitted

type src dest cond delayconnect signal signal

connect_dly signal signal N

connect_inv signal signal

connect_allsame signal signal

cond signal signal signal/expression

cond_dly signal signal signal/expression N

cond_inv signal signal signal/expression

cond_allsame signal signal signal/expression

mutex signal

cond_mutex signal signal/expression

tied_high signal

cond_tied_high signal signal/expression

tied_low signal

cond_tied_low signal signal/expression


Questa Formal Connectivity Flow


RTL

formalcompile

work

qconnect_checkConnectivity Table

(.tsv/.csv)qconnect_checkers.sv

qconnect_bind.sv

vlog/vcom

formalverify


Debug Connectivity Results in Questa Formal


qverify log_conn/formal_verify.db





View Source (with annotation)





View Waveforms






View Schematics

View Waveforms



Property Checking


Fully Automatic






HigherEffort

LowEffort

57

introduction-to-questa-autocheck-covercheck,-and-formal-connectivity-checking.pdf

Documents

Transcript of introduction-to-questa-autocheck-covercheck,-and-formal-connectivity-checking.pdf