Mathematical Problems in Engineering

Volume 2018, Article ID 6398616, 10 pages

https://doi.org/10.1155/2018/6398616

## Simulation-Based Hardware Verification with a Graph-Based Specification

College of Computer, National University of Defense Technology, Changsha 410072, China

Correspondence should be addressed to Yaohua Wang; moc.liamxof@hytdun

Received 18 September 2017; Revised 24 December 2017; Accepted 8 January 2018; Published 8 February 2018

Academic Editor: Xinkai Chen

Copyright © 2018 Zhao Lv et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

#### Abstract

Simulation-based verification continues to be the primary technique for hardware verification due to its scalability and ease of use; however, it lacks exhaustiveness. Although formal verification techniques can exhaustively prove functional correctness, they are limited in terms of the scale of their design due to the state-explosion problem. Alternatively, semiformal approaches can involve a compromise between scalability, exhaustiveness, and resource costs. Therefore, we propose an event-driven flow graph-based specification, which can describe the cycle-accurate functional behaviors without the exploration of whole state space. To efficiently generate input sequences according to the proposed specification, we introduce a functional automatic test pattern generation (ATPG) approach, which involves the proposed intelligent redundancy-reduction strategy to solve problems of random test vectors. We also proposed functional coverage criterion based on the formal specification to support a more reliable measure of verification. We implement a verification platform based on the proposed semiformal approach and compare the proposed semiformal approach with the constrained randomized test (CRT) approach. The experiment results show that the proposed semiformal verification method ensures a more exhaustive and effective exploration of the functional correctness of designs under verification (DUVs).

#### 1. Introduction

Functional verification is the process that ensures conformance of a design under verification (DUV) to its specification. Due to the rapidly growing complexity of designs and time-to-market requirements, functional verification has become a major blockage in the hardware design cycle in terms of development costs and time.

Formal and simulation-based verification are two major techniques of functional verification. In formal verification, an engine exhaustively exploits the state space of the design to prove the functional properties. However, the state space grows exponentially with the increase of flip-flops in design. With a design with flip-flops, the corresponding number of states is ; considering a relatively complex design, the state space would be too large to explore. Although formal verification has been improved significantly in recent years, it is still unable to handle complex designs with reasonable computation and storage resources. On the other hand, due to its scalability and ease of use, simulation-based verification is still widely used in industrial manufacturing. However, simulation is time-consuming and labor-intensive; it requires abundant test vectors. Furthermore, due to the lack of exhaustiveness in simulation, the functional coverage is hard to guarantee.

A practical choice is semiformal verification, in which the specification of design functionality is formally completed and checking is undertaken through simulation. And the test vectors are automatically derived from the knowledge of the formal functional specification. Semiformal verification avoids the state-explosion problem due to the absence of exploiting the whole state space. Meanwhile, it improves the degree of automation in generating test vectors and checking functional correctness. Therefore, semiformal verification is a promising method for functional verification.

In this paper, a fast, semiformal verification approach with high scalability and completeness is presented. In this context, three main contributions are provided.

We propose an event-driven flow graph-based specification. The key idea is to order functional behaviors in the event-driven flow graph in a timing-accurate manner, so that the cycle-accurate functional behaviors can be described without the exploration of whole state space. This can greatly increase the scalability and reduce modeling complexity.

We introduce a functional ATPG approach to efficiently generate input sequences according to the proposed specification. The equality of test-space distribution and the coverage of corner cases are two problems of random test vectors. To solve these two problems, we categorize the input ports into data-path ports and control-path ports. Data-path ports relate to data communication and control-path ports relate to the functional mode change. For the equality of test-space distribution, we propose test-space decomposition strategy to decompose the large test space into small parts and traverse each part evenly. This method ensures the same verification strength among different parts of test space. For the coverage of corner cases, we have two critical findings: (a) the corner cases are always the combinations of all corner values of data-path ports and all legal values of control-path ports; (b) with the guidance of expert knowledge base, the corner values of a data-path port can be inferred from the data type of the data-path port. To this end, we can generate corner cases based on the properties and data types of input ports automatically.

Functional coverage criterion is proposed based on the proposed EDFG and formal specification. In traditional simulation process, the functional coverage provided by these vectors is hardly measured, and it leads to uncertainty of exhaustiveness in the simulation. We define functional coverage based on the proposed specification, and it ensures that the coverage of design functionality provided by vectors is easily measured. Compared with traditional code coverage, the proposed functional coverage supports a more reliable measure in the simulation process.

#### 2. Related Work

Simulation-based verification is still the main method of the functional verification process [1]. To promote verification efficiency, some technical approaches have been developed, such as coverage-driven verification [2], constraint-randomized verification [3], and assertion-based verification [4]. Although these methods accelerate procedure convergence, automatically generate test vectors, and locate defects, there are still some inevitable weaknesses in the simulation. Firstly, compared with the automatic capture of code coverage, the functional coverage of design by input vectors is difficult to measure due to the artificial analysis of the informal specification. Secondly, constrained randomized test (CRT) vectors are still ineffective due to the presence of many redundant vectors and targeting interesting corner test cases requires abundant human labor. Thirdly, assertion-based checking can only check the correctness of the functional properties and not arithmetical operations. Furthermore, the lack of exhaustiveness has historically been a difficult problem to solve.

Formal verification, specifically checking models and proving theorems, provides high-quality and exhaustive verification; however, it cannot be treated as a general solution in industrial verification in the near future [5]. The well-known state-explosion problem is the main limitation of checking models and the costs of skilled manual labor limit proving theorems. Moreover, checking models and proving theorems require detailed formal system specifications that are not always defined or up to date in the design flows. Therefore, design practices limit formal verification.

Semiformal verification is a practical alternative to simulation-based and formal verification. There is some academic and industrial research on semiformal verification, which consists of a standard language specifying correctness criteria and design and vector generation based on constraints [6]. The constraints are derived according to the given language and design. These works adopt different languages, which are categorized as either formal or semiformal.

Existing formal functional behavior descriptions of DUT include the transaction-based behavioral level description, such as SystemC [7, 8], UML [9], and other transactional description methods [10, 11]. These transaction-based descriptions can model functional behaviors into transactions, but they are unable to describe cycle timing sequence of function behaviors. On the other hand, the FSM-based behavior specification, including FSM [12], EFSM [13–15], assignment decision diagram [16, 17], and BDD [18], enables the description of cycle-accurate functional behaviors at the cost of exploring the whole state spaces and transitions, which limits the scale of design it can support.

Semiformal languages currently adopt simple natural languages with a specific format so that they can be processed by machines. These languages are parsed and converted into UML [19, 20] or temporal logic languages [21, 22] to guide vector sequence generation. These semiformal specifications are easy to use, but they are ambiguous and incapable of specifying all types of functional operations. The verification framework of semiformal languages also requires a great deal of human interaction. This limits the degree of automation of semiformal verification.

The proposed semiformal approach offsets these limitations and is well balanced in its scalability and exhaustiveness. In terms of the disadvantage of existing formal functional behavior descriptions, we propose the event-driven flow graph-based specification, where functional behaviors are ordered in a timing-accurate manner, so that the cycle-accurate functional behaviors can be described without the exploration of whole state space. In terms of the disadvantages of simulation, the proposed ATPG approach with an intelligent redundancy-reduction strategy can enhance the quality of random vectors and target interesting corner test cases with limited human intervention. Moreover, functional coverage based on the proposed graph-based specification is proposed to realize a reliable measure for simulation verification.

#### 3. Graph-Based Specification

The functionality of the design is composed of separate function points. Each function point is defined as a DUV showing the corresponding actions in the specific scenarios. The specific scenarios are the triggers of the function point and are referred to as “condition.” The corresponding actions are referred to as “reaction.”

Each function point of the design can be modeled with the help of our proposed event-driven flow graph (EDFG). The proposed graph-based specification (GBS) is the formal specification of EDFGs. In Section 3.1, we will detail the proposed EDFG and how a function point is described by EDFG. The proposed GBS is introduced in Section 3.2.

##### 3.1. Event-Driven Flow Graph

The functionality of the design is presented by a set of variables. Among the variables, there are input and output parameters of the design and some local variables indicating inner register of the design. All predicates and functions mentioned below are defined over that set of variables.

The structure of EDFG is described by a directed graph where three kinds of nodes are admitted:* event nodes*,* control nodes*, and* function-point node*. Each event node is used for specifying the operation by the set of variables. Control nodes specify control flow branching, and the function-point node is used for specifying the function point and separating the condition and reaction of the function point in EDFG. Nodes in EDFG are connected and ordered by directed edges. Each directed edge has a weight which is used to mark the accurate cycle interval between joint nodes.

Next, we will further discuss the definition of event nodes and control nodes. Each event node describes an operation of the design which is described by , where is an enabling predicate function and is an update function. For an event node, if the enabling predicate function is satisfied, the update function is executed. If the enabling predicate function is false, it indicates that the event node is interlocked and it will be unlocked when is true. Control nodes specify control flow branching, which is described by branching predicate function . When moving to a control node, the branching predicate function of the control node is estimated and choice among two alternative outgoing edges is made.

An example of our proposed EDFG describing a function point is shown in Figure 1. The ellipse nodes, the diamond-shaped node, and the square node represent the event nodes, the control node, and the function-point node, respectively. The left part of the graph is the condition of function point , which is used to restrict situations in which is activated. , , , and are event nodes of the condition, and cond is a control node having two outgoing edges (marked by true and false). The right part of the graph describes the reaction of function point* f;* the resultant action after is activated. and are the event nodes of reaction. The weight of the directed edge marks the accurate cycle interval between the two joint nodes. The cycle interval is described as “## num” with num being a specific number or a range between two numbers (described as “[number_{1} : number_{2}]”).