Analyzing Functional Coverage in Bounded Model Checking

Formal verification is an important issue in circuit and system design. In this context, bounded model checking (BMC) is one of the most successful techniques. However, even if all the specified properties can be verified, it is difficult to determine whether they cover the complete functional behavior of a design. We propose a practical approach to analyze coverage in BMC. The approach can easily be integrated in a BMC tool with only minor changes. In our approach, a coverage property is generated for each important signal. If the considered properties do not describe the signal's entire behavior, the coverage property fails, and a counter example is generated. From the counter example, an uncovered scenario can be derived. This way, the approach also helps in design understanding. We demonstrate our method for a reduced instruction set computer (RISC) CPU. First, the coverage of the block-level verification is considered. Second, it is demonstrated how the technique can be applied on a higher level. Therefore, we investigate the instruction set verification of the RISC CPU. The experiments show that the costs for coverage analysis are comparable to the verification costs. Based on the results, we identified coverage gaps during the verification. We were able to close all of them and achieved 100% functional coverage in total.

[1]  Stephan Merz,et al.  Model Checking , 2000 .

[2]  Edmund M. Clarke,et al.  Sequential circuit verification using symbolic model checking , 1991, DAC '90.

[3]  Dominik Stoffel,et al.  Cost-efficient block verification for a UMTS up-link chip-rate coprocessor , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[4]  Orna Kupferman,et al.  Coverage metrics for temporal logic model checking* , 2001, Formal Methods Syst. Des..

[5]  Robert P. Kurshan,et al.  An Analysis of SAT-Based Model Checking Techniques in an Industrial Environment , 2005, CHARME.

[6]  Rolf Drechsler,et al.  Improving simulation-based verification by means of formal methods , 2004, ASP-DAC 2004: Asia and South Pacific Design Automation Conference 2004 (IEEE Cat. No.04EX753).

[7]  Koen Claessen A Coverage Analysis for Safety Property Lists , 2007, Formal Methods in Computer Aided Design (FMCAD'07).

[8]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[9]  Timothy Kam,et al.  Coverage estimation for symbolic model checking , 1999, DAC '99.

[10]  Orna Kupferman,et al.  Coverage metrics for formal verification , 2003, International Journal on Software Tools for Technology Transfer.

[11]  Rolf Drechsler,et al.  SAT-based Calculation of Source Code Coverage for BMC , 2006, MBMV.

[12]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[13]  Orna Grumberg,et al.  "Have I written enough Properties?" - A Method of Comparison between Specification and Implementation , 1999, CHARME.

[14]  Rolf Drechsler,et al.  HW/SW co-verification of embedded systems using bounded model checking , 2006, GLSVLSI '06.

[15]  Fabio Somenzi,et al.  Dos and don'ts of CTL state coverage estimation , 2003, DAC '03.

[16]  R. Bryant Binary decision diagrams and beyond: enabling technologies for formal verification , 1995, Proceedings of IEEE International Conference on Computer Aided Design (ICCAD).

[17]  Rolf Drechsler,et al.  Debugging sequential circuits using Boolean satisfiability , 2004, IEEE/ACM International Conference on Computer Aided Design, 2004. ICCAD-2004..