Analyzing functional coverage in bounded model checking

Formal verification is an important issue in circuit and system design. In this context, bounded model checking (BMC) is one of the most successful techniques. However, even if all the specified properties can be verified, it is difficult to determine whether they cover the complete functional behavior of a design. We propose a practical approach to analyze coverage in BMC. The approach can easily be integrated in a BMC tool with only minor changes. In our approach, a coverage property is generated for each important signal. If the considered properties do not describe the signal's entire behavior, the coverage property fails, and a counter example is generated. From the counter example, an uncovered scenario can be derived. This way, the approach also helps in design understanding. We demonstrate our method for a reduced instruction set computer (RISC) CPU. First, the coverage of the block-level verification is considered. Second, it is demonstrated how the technique can be applied on a higher level. Therefore, we investigate the instruction set verification of the RISC CPU. The experiments show that the costs for coverage analysis are comparable to the verification costs. Based on the results, we identified coverage gaps during the verification. We were able to close all of them and achieved 100% functional coverage in total.