How to Avoid the Pitfalls of Mixing Formal and Simulation Coverage

Driven by the need to objectively measure the progress of their verification efforts, and the relative contributions of different verification techniques, customers have adopted “coverage” as a metric. However, what exactly is being measured is different depending on underlying verification technology in use. Consequently, simple merging coverage measurements from different sources — in particular, blindly combining functional coverage from constrainedrandom simulations and coverage from formal analysis — can fool the end-user into believing that they have made more progress, and/or they have observed behaviors of importance, when neither is the case. In this paper we will first review what these forms of “coverage” are telling the user, and how to merge them together in a manner that accurately reports status and expected behaviors.

Mark Eslinger, Siemens
Joe Hupcey III, Siemens
Nicolae Tusinschi, Siemens