Verification of an AES RTL Model with an Advanced Object-Oriented Testbench in SystemVerilog by Ruud, Henrik
January 2007
Einar Johan Aas, IET
Torstein Hernes Dybdahl, Falanx Microsystems AS
Master of Science in Electronics
Submission date:
Supervisor:
Co-supervisor:
Norwegian University of Science and Technology
Department of Electronics and Telecommunications
Verification of an AES RTL Model with
an Advanced Object-Oriented
Testbench in SystemVerilog
Henrik Ruud

Problem Description
Verification is the process that is performed to show that the design is according to the
specification.
SystemVerilog was developed to improve the Verilog language with attention to the verification
tasks. The assignment involves the following:
- Develop a verification plan for the AES module
- Develop a testbench architecture using SystemVerilog constrained randomisation
- Use assertions and functional coverage to track progress and quality of verification
Assignment given: 29. August 2006
Supervisor: Einar Johan Aas, IET

Summary
This Master's thesis reports the veriﬁcation planning and veriﬁcation process of a
Verilog RTL model. Modern veriﬁcation techniques like constrained randomization,
assertions, functional coverage analysis and object orientation are demonstrated on
an AES RTL model.
The work of this thesis was naturally divided in three phases: First, a phase of
literature studies to get to know the basics of veriﬁcation. Second, the creation of
a veriﬁcation plan for the selected module. Third, implementation of the testbench,
and simulation tasks.
The veriﬁcation plan created states the goals for the simulation. It also states
plans for details about the testbench, like architecture, stimuli generation, random-
ization, assertions, and coverage collection. The implementation was done using the
SystemVerilog language. The testbench was simulated using the Synopsys VCS ver-
iﬁcation software.
During simulation, coverage metrics were analyzed to track the progress and
completeness of the simulation. Assertions were analyzed to check for errors in the
behavior during simulation. The analysis carried out revealed high code coverage for
the simulations, and no major errors in the veriﬁed module.
i

Preface
This Master's thesis was submitted to the Norwegian University of Science and Tech-
nology (NTNU), Department of Electronics and Telecommunication. It is the result
of a thesis problem given by ARM Norway AS. The work was carried out during the
autumn of 2006, starting in August 2006 and ending in January 2007.
I would like to thank my supervisors, Professor Einar J. Aas, NTNU and Torstein
Hernes Dybdahl, ARM Norway AS, for their guidance and feedback through the
whole thesis process.
Trondheim, January 23rd, 2007
Henrik Ruud
iii

Contents
Summary i
Preface iii
Contents v
List of Figures ix
List of Tables xi
Abbreviations xiii
1 Introduction 1
1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Problem Formulation . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.3 Contribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.4 Organization of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . 2
2 Veriﬁcation Theory 5
2.1 What is Veriﬁcation? . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.1 Veriﬁcation vs Test . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.2 Veriﬁcation Technologies . . . . . . . . . . . . . . . . . . . . . 5
2.2 Coverage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2.1 Code Coverage . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2.2 Functional Coverage . . . . . . . . . . . . . . . . . . . . . . . 8
2.2.3 When Are We Done? . . . . . . . . . . . . . . . . . . . . . . . 8
2.3 Randomization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.3.1 What to Randomize . . . . . . . . . . . . . . . . . . . . . . . 10
2.3.2 Constraints . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.3.3 Seeds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.4 Layers and Reuse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.4.1 Layered Testbench Architecture . . . . . . . . . . . . . . . . . 12
2.4.2 Callbacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.4.3 Veriﬁcation IPs . . . . . . . . . . . . . . . . . . . . . . . . . . 15
v
2.5 Assertions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.5.1 Assertion Types . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.5.2 Assertion Placement . . . . . . . . . . . . . . . . . . . . . . . 15
2.5.3 Error Reporting . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.6 Veriﬁcation Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.6.1 The Veriﬁcation Team . . . . . . . . . . . . . . . . . . . . . . 17
2.6.2 Day-in-the-Life Document . . . . . . . . . . . . . . . . . . . . 17
2.6.3 Tools and Technologies . . . . . . . . . . . . . . . . . . . . . . 17
2.6.4 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.6.5 Assertions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.6.6 Implementation Phases . . . . . . . . . . . . . . . . . . . . . 19
2.6.7 Coverage Collection and Goals . . . . . . . . . . . . . . . . . 19
3 Tools and Languages 21
3.1 HVLs and HDLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.2 SystemVerilog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.2.2 Language Properties . . . . . . . . . . . . . . . . . . . . . . . 22
3.3 Synopsys VCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
4 Veriﬁcation Plan 27
4.1 Module Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
4.1.1 Advanced Encryption Standard . . . . . . . . . . . . . . . . . 28
4.1.2 Wishbone Bus . . . . . . . . . . . . . . . . . . . . . . . . . . 29
4.2 Day-in-the-Life Document . . . . . . . . . . . . . . . . . . . . . . . . 29
4.3 Tools and Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.4 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.5 Assertions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
4.6 Implementation Phases . . . . . . . . . . . . . . . . . . . . . . . . . . 32
4.7 Coverage Collection and Goals . . . . . . . . . . . . . . . . . . . . . 33
5 Testbench Implementation 35
5.1 AES Module Simulation Test . . . . . . . . . . . . . . . . . . . . . . 35
5.2 Testbench Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
5.2.1 Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
5.2.2 AES Top Module . . . . . . . . . . . . . . . . . . . . . . . . . 36
5.2.3 Test Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
5.2.4 External Assertion Module . . . . . . . . . . . . . . . . . . . 37
5.3 Transactors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
5.3.1 Data Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
5.3.2 Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
5.3.3 Bus Functional Model . . . . . . . . . . . . . . . . . . . . . . 38
5.3.4 Generator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
5.3.5 Scoreboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
vi
5.3.6 Checker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
5.4 Assertions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
5.5 Functional Coverage . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
6 Simulation 45
6.1 Synopsys VCS Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
6.2 Testbench Compilation . . . . . . . . . . . . . . . . . . . . . . . . . . 45
6.3 Simulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
6.4 Testbench Debug . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
6.5 Assertion and Coverage Reporting . . . . . . . . . . . . . . . . . . . 47
7 Discussion 49
7.1 Coverage Progress . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
7.2 Code Coverage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
7.2.1 Line Coverage . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
7.2.2 Condition Coverage . . . . . . . . . . . . . . . . . . . . . . . 50
7.2.3 FSM Coverage . . . . . . . . . . . . . . . . . . . . . . . . . . 51
7.2.4 Branch Coverage . . . . . . . . . . . . . . . . . . . . . . . . . 51
7.2.5 Path Coverage . . . . . . . . . . . . . . . . . . . . . . . . . . 52
7.2.6 Toggle Coverage . . . . . . . . . . . . . . . . . . . . . . . . . 53
7.3 Assertions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
7.4 Functional Coverage . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
7.5 Testbench Discussion and Future Work . . . . . . . . . . . . . . . . . 54
8 Conclusion 57
Bibliography 59
A Day-in-the-Life Document 61
A.1 General Information . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
A.2 Module Blocks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
A.3 Communication Bus . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
A.4 AES Operation Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
A.5 AES Internal Operations . . . . . . . . . . . . . . . . . . . . . . . . . 65
B Veriﬁcation Plan 69
B.1 Typical Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
B.2 Tools and Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . 69
B.3 Implementation Phases . . . . . . . . . . . . . . . . . . . . . . . . . . 70
B.4 System Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
B.5 Layer Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . 71
B.6 Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
B.7 Block Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
B.8 Randomization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
B.9 Assertions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
vii
B.10 Code Coverage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
B.11 Functional coverage . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
C Testbench Source Code 77
C.1 Top Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
C.2 Wishbone Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
C.3 Test Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
C.4 External Assertions Module . . . . . . . . . . . . . . . . . . . . . . . 93
C.5 AES Top Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
C.6 C Language Communication Function . . . . . . . . . . . . . . . . . 97
D Coverage Reports 101
D.1 cmView.short_ld File . . . . . . . . . . . . . . . . . . . . . . . . . . 101
D.2 cmView.short_cd File . . . . . . . . . . . . . . . . . . . . . . . . . . 103
D.3 cmView.short_fd File . . . . . . . . . . . . . . . . . . . . . . . . . . 105
D.4 cmView.short_bd File . . . . . . . . . . . . . . . . . . . . . . . . . . 110
D.5 cmView.short_pd File . . . . . . . . . . . . . . . . . . . . . . . . . . 118
D.6 cmView.short_td File . . . . . . . . . . . . . . . . . . . . . . . . . . 130
D.7 cmView.mod_td File . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
D.8 Assertions Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
E Signal Waves and Screenshots 141
E.1 Screenshots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
E.2 Signal Waves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
viii
List of Figures
2.1 Veriﬁcation vs test [1] . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 Testbench and DUT . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.3 Analyzing functional and code coverage results [2] . . . . . . . . . . . 9
2.4 Bug rate graph [2] . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.5 Coverage versus time [2] . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.6 Bathtub distribution [2] . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.7 Coverage feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.8 Layered testbench example [2] . . . . . . . . . . . . . . . . . . . . . . 13
2.9 Wasting time vs starting early [5] . . . . . . . . . . . . . . . . . . . . 17
5.1 Testbench module structure . . . . . . . . . . . . . . . . . . . . . . . 36
5.2 Source code for a_rounds assertion . . . . . . . . . . . . . . . . . . . 44
5.3 Source code for covWbDatIn cover group . . . . . . . . . . . . . . . 44
A.1 AES module blocks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
A.2 Wishbone module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
A.3 AES ﬂow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
A.4 SubBytes operation [3] . . . . . . . . . . . . . . . . . . . . . . . . . . 65
A.5 S-box table [3] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
A.6 Shiftrows operation [3] . . . . . . . . . . . . . . . . . . . . . . . . . . 66
A.7 MixColumns operation [3] . . . . . . . . . . . . . . . . . . . . . . . . 66
A.8 AddRoundKey operation [3] . . . . . . . . . . . . . . . . . . . . . . . 67
B.1 Testbench data ﬂow . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
B.2 Testbench data ﬂow . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
E.1 DVE screenshot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
E.2 cmView screenshot . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
E.3 AES module signal waves . . . . . . . . . . . . . . . . . . . . . . . . 144
E.4 Wishbone write operation . . . . . . . . . . . . . . . . . . . . . . . . 145
ix

List of Tables
3.1 cmView code coverage reports . . . . . . . . . . . . . . . . . . . . . . 25
5.1 Testbench modules and ﬁles . . . . . . . . . . . . . . . . . . . . . . . 36
5.2 Mailboxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
5.3 Transaction class properties . . . . . . . . . . . . . . . . . . . . . . . 38
6.1 Compile-time switches . . . . . . . . . . . . . . . . . . . . . . . . . . 46
6.2 Runtime switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
7.1 Code coverage progress (percentage) . . . . . . . . . . . . . . . . . . 49
7.2 Line coverage summary . . . . . . . . . . . . . . . . . . . . . . . . . 50
7.3 Condition coverage summary . . . . . . . . . . . . . . . . . . . . . . 51
7.4 FSM coverage summary . . . . . . . . . . . . . . . . . . . . . . . . . 52
7.5 Branch coverage summary . . . . . . . . . . . . . . . . . . . . . . . . 52
7.6 Path coverage summary . . . . . . . . . . . . . . . . . . . . . . . . . 53
7.7 Toggle coverage summary . . . . . . . . . . . . . . . . . . . . . . . . 53
A.1 Signals of the Wishbone module . . . . . . . . . . . . . . . . . . . . . 63
A.2 Valid addresses of wb_adr_i . . . . . . . . . . . . . . . . . . . . . . 63
B.1 Typical operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
B.2 Tools, language and technologies . . . . . . . . . . . . . . . . . . . . 69
B.3 Phases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
B.4 Component Implementation . . . . . . . . . . . . . . . . . . . . . . . 71
B.5 XY-grid phases/layers . . . . . . . . . . . . . . . . . . . . . . . . . . 72
B.6 Scoreboard description . . . . . . . . . . . . . . . . . . . . . . . . . . 72
B.7 Checker description . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
B.8 BFM description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
B.9 Generator description . . . . . . . . . . . . . . . . . . . . . . . . . . 73
B.10 Assertions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
B.11 Code Coverage Analysis Plan . . . . . . . . . . . . . . . . . . . . . . 74
B.12 Cover groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
xi

Abbreviations
AES . . . . . . . . . Advanced Encryption Standard
BFM . . . . . . . . . Bus Functional Model
DITL . . . . . . . . Day in the Life
DUT . . . . . . . . . Device Under Test
DVCon . . . . . . Design & Veriﬁcation conference & exhibition
DVE . . . . . . . . . Discovery Visualization Environment
FIFO . . . . . . . . First In First Out
GCC . . . . . . . . . GNU Compiler Collection
HDL . . . . . . . . . Hardware Description Language
HDVL . . . . . . . Hardware Description and Veriﬁcation Language
HVL . . . . . . . . . Hardware Veriﬁcation Language
IP . . . . . . . . . . . Intellectual Property
SVA . . . . . . . . . SystemVerilog Assertions
URG . . . . . . . . . Uniﬁed Report Generator
VMM . . . . . . . . Veriﬁcation Methodology Manual
xiii
 
1Chapter 1
Introduction
T
he main topic of this master thesis is the planning and employment of modern
veriﬁcation techniques to verify the functionality and properties of a selected
open source RTL model.
1.1 Motivation
Veriﬁcation is the task of verifying that an implementation meets its functional in-
tend. As digital hardware designs grow more and more complex, the veriﬁcation
task gets more important in order to ensure that bugs are found before the design
hits the market. At the same time, a more complex chip requires a more complex
veriﬁcation process.
From the 1990s until today, several new technologies have been introduced to
help the veriﬁcation process. To speed up the veriﬁcation process, stimuli is gener-
ated by constrained random functions, instead of manual generation of each input
set. Code coverage and functional coverage is used to track the progress and quality
of the simulations. Assertions are implemented to monitor the behavior of the device
being tested. Testbenches are split up using object oriented techniques to make them
more maintainable and reusable.
Many of these techniques have been introduced by the veriﬁcation languages E
and Vera in the late 1990s. The recent years, a new language called SystemVerilog
has been standardized. It is a veriﬁcation and high-level modelling language based
on Verilog, which makes it easy to integrate with Verilog models to be veriﬁed.
1.2 Problem Formulation
When the thesis was given, it was made clear that the work would naturally consist
of three main parts, where most of the focus would be on the ﬁrst two:
2 1. Introduction
The ﬁrst part of the job was to get to know the theory about veriﬁcation plan-
ning, and veriﬁcation using SystemVerilog. A number of books and articles on the
subject were recommended by the supervisors. This part also contained the task of
selecting a module suitable for being veriﬁed.
The second part involved making a veriﬁcation plan for the selected module. The
veriﬁcation process and testbench planned should exploit modern veriﬁcation tech-
niques from the theory, like constrained randomization, functional coverage, object
orientation and assertions.
The third part was the practical work: To implement the testbench planned in
the veriﬁcation plan, carry out the simulations using Synopsys VCS and analyze the
results with the available tools.
1.3 Contribution
In this thesis a veriﬁcation plan for an AES RTL model has been created, based on
theory about constrained randomization, functional coverage, object orientation and
assertion based simulation. The planned veriﬁcation system has then been imple-
mented using SystemVerilog, and simulated using Synopsys VCS. Simulation results
have been analyzed to ensure that the veriﬁcation process has been adequate.
1.4 Organization of the Thesis
Chapter 2 of the thesis is a theory chapter that explains the techniques used in the
veriﬁcation process, and will serve as the theory basis for the planning and imple-
mentation process.
Chapter 3 is a theory chapter introducing the SystemVerilog language and the
Synopsys VCS tools. It contains the theory background for the implementation of
the testbench in SystemVerilog, and the simulation of the system using Synopsys
VCS.
Chapters 4, 5 and 6 present my contributions. Chapter 4 steps through the cre-
ation of a veriﬁcation plan for the chosen module. The module selection process is
also described.
In Chapter 5, the implementation of the testbench is presented. The simulation
of the testbench is described in Chapter 6.
Chapter 7 contains the discussion of the simulation results. It also contains a
discussion on the testbench design and future work. Conclusions are drawn in chapter
Organization of the Thesis 3
8.

5Chapter 2
Veriﬁcation Theory
T
his chapter gives an introduction to techniques commonly used in the veriﬁ-
cation process, and gives the necessary background for the veriﬁcation planning
and implementation described in later chapters.
2.1 What is Veriﬁcation?
The purpose of the veriﬁcation process is to verify that the design functions like it is
intended to. This process should both verify that the implemented functions behave
correctly, and that all parts of the planned system are implemented.
2.1.1 Veriﬁcation vs Test
Veriﬁcation must not be confused with the test process. Veriﬁcation is the process
of verifying the functionality of a design, while the test process tests if the design
has been manufactured correctly. This is shown in Figure 2.1.
Figure 2.1: Veriﬁcation vs test [1]
2.1.2 Veriﬁcation Technologies
Simulation based veriﬁcation and formal veriﬁcation are the two most common tech-
nologies used in veriﬁcation.
6 2. Verification Theory
Simulation Based Veriﬁcation
Simulation has traditionally been the main technology for veriﬁcation. In its sim-
plest form, a testbench is used to generate relevant input stimuli, which is sent to
the device being veriﬁed. The testbench will also fetch the output from the device,
to check for its correctness, as illustrated in Figure 2.2. The device being veriﬁed is
often called device under test (DUT)
Figure 2.2: Testbench and DUT
Seen from the device under test, the testbench will act like a simulation of the
outside world. It is usually impossible to test all combinations of indata, this could
require years of simulation time. It is therefore important that the testbench stimuli,
and also the sequence of the stimuli, reﬂects the randomness a normal user would
provide. There will be more about random stimuli generation in Section 2.3.
Simulation can show only the presence of bugs, never prove their absence [1].
There is, for designs of normal sizes, never time enough to simulate all combinations
and sequences of stimuli and outside inﬂuence. There will always be a possibility
for undiscovered bugs in the design. Section 2.2 is about coverage, which is a way
to measure the completeness of a simulation, and therefore predict the possibility of
remaining bugs.
Formal Veriﬁcation
Formal veriﬁcation is a way to mathematically check that a design is functionally
correct. This is done using special tools acting on assertions, which is a way to spec-
ify the properties of the design.
Formal veriﬁcation on large designs is an operation with very high complexity,
and therefore not used on full designs. Formal veriﬁcation is more commonly used
to verify corner cases of the design, which is not easily reached by simulation.
Coverage 7
Some tools combine the power of simulation based and formal veriﬁcation. This
combination is often called hybrid veriﬁcation.
2.2 Coverage
Coverage is a way to measure how thoroughly the design has been veriﬁed during
simulations. This is important, since there is never inﬁnite time available for the
veriﬁcation process. We need to know when we could be conﬁdent enough that the
design is bug-free, and ready for the market. There are two main types of coverage:
Code coverage and functional coverage.
2.2.1 Code Coverage
Code coverage answers the following question: How much of the design implementa-
tion has been executed during veriﬁcation?
Code coverage is collected automatically by the simulation tools. Even though
collecting code coverage does not represent much extra work for the veriﬁcation en-
gineer, it might be a good indicator to see if enough simulations have been carried
out. In addition, code coverage analysis can often reveal redundant code in the DUT.
There are many diﬀerent types of code coverage metrics. These are the main
ones, listed in [4]:
• Line Coverage tells which lines, statements and blocks that have been executed
during the simulation.
• Condition Coverage shows which combinations of inputs to conditional expres-
sions that are covered.
• FSM Coverage reports about which states, state transitions and sequences of
state transitions that are covered in the ﬁnite state machines of the design.
• Branch Coverage shows which parts of each single if and case expressions that
have been covered.
• Path Coverage shows which sequences of if and case selections that have been
covered.
• Toggle Coverage monitors the value change from 0 to 1 and 1 to 0 for every
signal, and reports which combinations that have been covered.
Often, the goal for each metric is set to 100% explained coverage. The non-covered
parts of the code will then have to be explained why it is not covered.
8 2. Verification Theory
2.2.2 Functional Coverage
Code coverage, as shown in the previous chapter, is a good way to ﬁnd out how
thoroughly the implementation has been tested. But what if some planned features
are simply missing in the implemented design? This is where functional coverage
can help.
Functional coverage answers the following question: How much of the design
speciﬁcation has been veriﬁed?
In contrast to code coverage analysis, functional coverage analysis is associated
with quite a lot of manual work. Since functional coverage measures the completeness
of the simulation compared to the speciﬁcation, the speciﬁcation has to be somehow
entered into the system. This is done manually, using cover groups or cover proper-
ties.
The most ﬂexible of the two is the cover group. It consists of one or more cover
points, which are speciﬁed to sample data at speciﬁed signals or expressions in the
design. Expected data are grouped in ranges called bins. When data is sampled,
the corresponding bin is marked as covered. Coverage analysis will reveal which bins
that are covered, and which ones are not.
Two cover points could be combined to form a matrix-style data bin. This is
called cross-coverage.
The second, simpler, mechanism for functional coverage collection is cover proper-
ties. Cover properties look much like assertions, described in later chapters. Analysis
of cover properties will reveal how many times the property has been hit.
2.2.3 When Are We Done?
The main purpose of using coverage analysis is to get a measure about how thor-
oughly the design has been tested, and to give an indication on whether the veriﬁ-
cation process is complete or not.
Figure 2.3 shows a table about how to react on the coverage percentages. If the
functional coverage is high, but the code coverage is low, it might be necessary to
include more functional cover points. If the code coverage is high while the functional
coverage is low, it might be worthwhile to check out the design code, to see if the
speciﬁcation is fully implemented.
The goal is high code coverage and high functional coverage. If this is achieved,
the bug rate could be checked. Figure 2.4 shows an example of a bug rate graph for
Randomization 9
Figure 2.3: Analyzing functional and code coverage results [2]
a veriﬁcation process. The graph, showing bugs found per week during the project,
could be an indicator on how much work there is left.
Figure 2.4: Bug rate graph [2]
2.3 Randomization
If the design to be veriﬁed is small, with only a few inputs (and input data combi-
nations), a classic, directed approach to the veriﬁcation process might be adequate.
Each set of input data will then carefully be written manually, in order to achieve
the wanted coverage.
With today's complex designs, however, writing directed testcases will usually
take way too much time. A better way to generate test inputs and scenarios is to
10 2. Verification Theory
use pseudo-random functions. Instead of spending a lot of time of aiming one bug
at the time with a directed test, a set of random tests will hit a larger area at the
same time, with automatically generated stimuli. Peet James [5] compares this with
using a shotgun to hit bugs, instead of using a peashooter.
The graph of covered design space versus time will be a bit diﬀerent between the
two approaches, as shown in ﬁgure 2.5. Using directed tests the graph will be quite
linear, since each testcase will be written manually. Using random testing, the graph
will ﬁrst be ﬂat, representing the time spent on creating the random testbench. The
graph will then typically rise faster than the directed graph, and then (hopefully)
reach the coverage goal faster than the directed tests.
Figure 2.5: Coverage versus time [2]
2.3.1 What to Randomize
The obvious thought about randomization is to randomize the input data. In this
way the need for manually created stimuli is eliminated. However, randomization is
much more powerful than that.
The purpose of a testbench is to simulate the outside world as good as possible. It
should test the device to its limits, to create special situations often discovering bugs.
It should act random in more ways than just generation random input data, just like
a normal user would do. [2] gives some examples on what could be randomized:
• Device conﬁguration
• Environment conﬁguration
• Primary input data
Randomization 11
• Encapsulated input data
• Protocol exceptions
• Communication delays: Delay responses with a number of clock cycles
• Transaction status
• Errors and violations
Scenarios are often planned in order to implement the more advanced random
features. Each valid operation of the design is then deﬁned as a scenario in the
testbench. This could for instance be a memory read operation. The scenarios are
then randomly selected by the testbench during the simulation.
2.3.2 Constraints
Randomization without constraints, like described previously, would be like shooting
in the dark. By specifying constraints for the random stimuli generator, you could
"aim the gun" at the design parts with high probability of bugs. And, more impor-
tantly, try to reach the parts of the design which are not already covered.
One type of constraints is the speciﬁcation of the data format. For instance the
width of a bus address, or valid conﬁguration bits.
Constraints could be used to create a higher probability for interesting data.
Often data in the upper and lower extremes of the allowed range could provoke
overﬂow errors. To achieve this, a so-called bathtub distribution of the data could
be made, as shown in Figure 2.6.
Figure 2.6: Bathtub distribution [2]
Using a feedback mechanism like the one in Figure 2.7 it is (at least theoreti-
cally) possible to automatically seed the random generator, so that areas not already
covered are targeted. I practice, this is diﬃcult and yet not very common to do with
today's veriﬁcation tools [6].
12 2. Verification Theory
Figure 2.7: Coverage feedback
2.3.3 Seeds
Given the exact same testbench, and the same simulator software, the pseudo-random
number generator will always generate the same numbers. It is possible to seed
the number generator to achieve diﬀerent random number series. This could be
interesting to be able to run many short series of simulations, instead of one long
series.
2.4 Layers and Reuse
If you are verifying a very small design, almost any testbench architecture could be
adequate. However, as DUTs and veriﬁcation systems grow more complex, it is im-
portant to have more structured testbenches. The code should be easy maintainable
even when the project grows bigger. Code will also often have to be reused in future
veriﬁcation projects.
To achieve this the testbench has to be split up in layers and components. With
smaller units it is easier to achieve goals of maintainability and reusability.
2.4.1 Layered Testbench Architecture
Using layers is a way to split the testbench in diﬀerent levels of abstraction. The
lowest level of abstraction will typically be the functionality communicating with the
DUT. The upper layers deal with tasks of higher abstraction, like stimuli generation.
Layers and Reuse 13
Figure 2.8 shows an example of a layered testbench, based on ﬁgures and exam-
ples published in [2]. This must be regarded as an example only. For instance, DUTs
with more complex communication might require more layers. Small devices could
maybe do with even fewer layers than four.
Figure 2.8: Layered testbench example [2]
The components of the layers are implemented as classes. Features already well-
known from object oriented programming languages are therefore available, like in-
heritance, instantiation and threads. This opens for a more elegant way of handling
data, as well as greater possibilities for component reuse.
Test Layer
The test layer consists of the test component. Test is the top-level component. It
contains the constraints for the stimuli. It should be easy to change, so the simula-
tion easily could be ﬁne-tuned between each run.
Scenario Layer
The scenario layer contains the generator component. Generator generates the stim-
uli on behalf of the constraints from the test component. It also contains the sce-
narios. All randomization tasks are carried out in the generator. Generator also
contains the scenarios. The randomization mechanisms are discussed in detail in
Section 2.3.
14 2. Verification Theory
Functional Layer
In the functional layer data could be further processed and broken up before it is
sent to the command layer. This layer also contains the tasks related to checking
the correctness of the DUT outputs. It contains the agent, scoreboard and checker
components.
• Agent could be used to further process the data before it is sent to the driver.
• Scoreboard contains a high-level reference model of the design. It receives the
same stimuli as the DUT, and predicts the correct DUT response.
• Checker compares the DUT output received from the monitor with the predic-
tions received from the scoreboard.
Command Layer
The command layer is where the direct communication with the DUT is maintained.
Here the signals of the DUT are driven and monitored.
• Driver is the component which drives the inputs of the DUT, typically using
bus commands.
• Monitor is the second component communicating with the DUT. It monitors
the outputs of the DUT, and sends the received outdata to the checker.
• As seen in the ﬁgure, external assertions could be though of as a part of the
command layer.
Signal Layer
The signal layer simply contains the device which is being veriﬁed, and its signals.
2.4.2 Callbacks
Often it would be useful to be able to do some randomization tasks also in low-level
layers like the Driver. An example could be to simulate disturbances in the DUT
communication, like delaying a response signal, or dropping and retransmitting a
data packet.
However, specifying details about the randomization inside the Driver is not
a good idea. Randomization settings should be easy to change later. Therefore,
callback functions are often deﬁned. They are deﬁned in their own class, and can
therefore be easily changed later using inheritance. Driver should always call callback
functions right before and right after data transmission.
Assertions 15
2.4.3 Veriﬁcation IPs
For veriﬁcation of standard components, like buses, it could often be more worthwhile
to buy already ﬁnished code than writing it oneself. Veriﬁcation IPs are IPs with
veriﬁcation functionality.
2.5 Assertions
Assertions are small code blocks inserted in the design, containing statements about
the expected behavior of the design code. In its simplest form, an assertion can be
viewed as an if statement that does some error action if the DUT fails to fullﬁll its
requirements. Assertion statements are quite common in software design, but has
only become available in hardware design tools recent years.
Assertions could be speciﬁed by both the designer and the veriﬁer. Who does
what should be decided in the veriﬁcation planning process.
Assertions could either be coded from scratch, or picked from a library. Synopsys
VCS includes a library of SystemVerilog assertions [7]. In this way, a lot of common
functionality can be easily checked using assertions already made.
In addition to monitoring design properties during simulation, assertions can also
be used with formal veriﬁcation tools. The properties speciﬁed in the assertions are
then used as the basis for the mathematical proofs.
A good, practically oriented guide to SystemVerilog Assertions is written by Vi-
jayaraghavan and Ramanathan [8].
2.5.1 Assertion Types
In SystemVerilog, there are two ways to implement assertions: Immediate and con-
current assertions.
Immediate assertions are, as the name suggests, executed immediately along with
the code. They are placed in procedural blocks.
Concurrent assertions are clock-based. A concurrent assertion will monitor a
signal or an expression on each clock edge through the simulation, and ﬁre if the
expression fails.
2.5.2 Assertion Placement
Assertions could either be placed directly in the code of the DUT, or in the testbench
monitoring the bus. Assertions in the DUT are called internal assertions, while as-
16 2. Verification Theory
sertions placed in the testbench are called external assertions.
External assertions often monitor the bus signals between the testbench and the
DUT. If an interface is used, a module containing assertions could easily be con-
nected to the interface like any other module (interfaces are introduced in Section
3.2.2). If not, the assertions could be bound to the signals using a bind statement.
Internal assertions could either be written by the designer during the design
phase, or by the veriﬁer during the veriﬁcation process. Special internal conditions
and assumptions should be stated in assertions created by the designer. In this way
they are not accidentally left out from the veriﬁcation process. The VMM (Veriﬁ-
cation Methodology Manual) [6] even suggest designers to replace the ordinary code
comments with assertions. This might probably be a bit too dramatic to most de-
signers, but at least well illustrates the idea of internal assertions.
Assertions are left out during synthesis, and therefore does not aﬀect the ﬁnished
product after synthesis.
2.5.3 Error Reporting
By default assertions print an error message when they fail. However, the error ac-
tion can be customized.
This gives a possibility to create an error report mechanism. If an assertion fails,
it could trigger a mechanism that reports the relevant states and data for the design.
Previous data and states should also be included in the report.
With this kind of reports it would be easier to regenerate the situation where the
error was found, and to ﬁnd out what caused the error to happen in the ﬁrst time.
2.6 Veriﬁcation Planning
Since veriﬁcation projects are growing more and more complex, it is also becoming
more and more important to create a good plan before the veriﬁcation is started.
Creating a good plan will save a lot of time later. It is also essential to have a
plan in order to know when the veriﬁcation is ﬁnished and the coverage results are
considered good enough.
The theory about veriﬁcation planning is based on Peet James' book Veriﬁcation
Plans [5], which proposes a ﬁve-day approach to the veriﬁcation planning process.
However, some adjustments are made to better ﬁt SystemVerilog testbenches. The-
ory about veriﬁcation planning for SystemVerilog is to some degree found in [2], [1]
and [9]
Verification Planning 17
2.6.1 The Veriﬁcation Team
A veriﬁcation team should be assembled to do the veriﬁcation planning. In addition
to the veriﬁers, the team could consist of other people that has relevant input. First
of all, this should be the architects and designers, who have ﬁrst-hand knowledge of
the functionality of the design.
The veriﬁcation planning should start as early as possible. If possible, it should
start before the design phase of the design core starts. In this way, the parts of the
core could be veriﬁed before the entire design is ready. This is shown in Figure 2.9.
Figure 2.9: Wasting time vs starting early [5]
2.6.2 Day-in-the-Life Document
To be able to create a veriﬁcation plan for a design it is important to know its fea-
tures. A day-in-the-life document (DITL) is a short document demonstrating the
most common tasks of the design. It is short and consise, typically a few A4 pages.
This document can by no means exclude the needs for more detailed speciﬁcations
of the DUT, but it can give a good overview of the design.
By starting the veriﬁcation plan process by making such a document, the veri-
ﬁcation team will get an overview of the tasks of the DUT. This makes it easier to
make a good and relevant veriﬁcation plan.
2.6.3 Tools and Technologies
One of the things to be stated in the veriﬁcation plan is the choice of veriﬁcation
tools, veriﬁcation languages and veriﬁcation technologies. This is typically done
gradually in the veriﬁcation planning process, as the veriﬁcation needs for the design
are revealed.
18 2. Verification Theory
There is a wide variety of languages and tools available. There is more about
some of these in Chapter 3. Often many of the languages and tools could be adequate
for the process. Knowing which languages that are mastered by veriﬁcation team is
of course also important to make the right decision.
The veriﬁcation plan should also contain information about the veriﬁcation tech-
nologies to be used. If some areas of the design are veriﬁed using formal tools, there
should be information about this in the veriﬁcation plan.
2.6.4 Architecture
An important thing to deﬁne in the veriﬁcation plan is the architecture of the test-
bench. The veriﬁcation plan examples given in [5] starts oﬀ with a short list of
typical operations of the testbench.
Figures showing the blocks and the data ﬂow of the testbench should be added
to describe the architecture. In addition, the layers and the components of the test-
bench should be described in greater detail in text or a table.
Planned scenarios should be listed and described.
A plan for the randomization features should be made. If there are any planned
constraints, they should also be described.
For complex veriﬁcation systems, it could be smart to also work out more detailed
implementation plans for the testbench. In [5], these are called breakout documents
and appear in the appendix of the veriﬁcation plan.
2.6.5 Assertions
The assertion plan is a natural part of the veriﬁcation plan. It could well be speciﬁed
in a table form, such as the examples in [9]. As a minimum, the following information
should be stated:
• Which functionality to verify
• Where the assertion is placed (external or internal assertion)
• Assertion type (immediate or concurrent assertion)
• Who implements it (designer or veriﬁer, or name of the responsible if the
veriﬁcation team is large)
Who implements which assertions? The following rule of thumb is given in [9]:
Designer engineers should write assertions to verify assumptions that aﬀect the func-
tionality of a design block. That could be, for instance, that an internal module
Verification Planning 19
never gets X or Z values as an input. Veriﬁcation engineers should write assertions
that verify design functionality meets the design speciﬁcation. For example, that bus
behavior is correct.
2.6.6 Implementation Phases
Phases deﬁne the milestones in the implementation process. They are the steps in
the implementation of the testbench. Each phase will build on some of the previous
phases.
If the design to be veriﬁed is not yet ﬁnished, phases should be planned even more
carefully. It is important that the implementation of the veriﬁcation system closely
follows the implementation of the design. In that way parts of the design could be
veriﬁed before the full design is complete, and the time spent on veriﬁcation after
the design phase has ended will be shorter.
Layers and phases could be crossed in an XY grid to show which layers that needs
to be implemented in which phases.
2.6.7 Coverage Collection and Goals
A section should list which code coverage types that will be analyzed, and the ap-
proximate goals for each of them.
The functional coverage points should be planned, and listed. This list should at
least cover:
• Which signal or expression to cover
• Purpose
• How many bins there should be, and how the bins are speciﬁed
• The placement of the cover group (internal or external)
• The coverage goal for the cover group (expressed as a percentage)

21
Chapter 3
Tools and Languages
T
he background theory about veriﬁcation tools and veriﬁcation languages is
collected in this chapter. SystemVerilog and Synopsys VCS are treated in par-
ticular, since they will be used for implementation and simulation in later chapters.
3.1 HVLs and HDLs
Traditionally, veriﬁcation has been done using either a hardware descriptions lan-
guage (HDL) or a hardware veriﬁcation language (HVL) . As long as simple, directed
testbenches are suﬃcient to verify a design, the easiest would be to use a HDL. The
same language and tools as during the design could be used, which the designer
already is familiar to.
With more complex digital designs in the 1990s, there was need for specialized
veriﬁcation languages. Vera and e were two of them. More advanced features like
contrained randomization and object-orientation were introduced. The disadvantage
of the HDL is that they represent another language that has to be learnt. Vera and
e are both widely used today. However, in a survey in connection with DVCon 2005,
78 percent of the veriﬁcation engineers thought special veriﬁcation languages like e
and Vera would disappear in the coming years [10].
Even if better solutions are introduced, it does not necessarily mean that they
will be adopted by the industry. Most companies already have veriﬁcation code for
most of the functionality of their designs. This legacy code is often also reused in new
veriﬁcation projects. A change of veriﬁcation language would mean a lot of work,
since the legacy code will have to be translated and adjusted to ﬁt new simulators.
SystemVerilog, which is described in the next section, is an HVL with most of
the advantages of the HDLs.
22 3. Tools and Languages
3.2 SystemVerilog
3.2.1 Introduction
SystemVerilog has sometimes been called an HDVL, since it combines the strengths
of HDLs and HVLs. SystemVerilog is based on the widely used Verilog HDL, but
has new functionality for veriﬁcation and high-level system design. This makes it
both powerful and easy to learn for designers already familiar with Verilog. Using
the same language for both design and veriﬁcation also makes it easier to access the
internals of the DUT, no special interfaces are needed.
The veriﬁcation features of SystemVerilog include:
• Assertion-based veriﬁcation
• Random constrained stimuli generation
• Functional coverage
• Advanced object-orientation
The creation of the SystemVerilog language was initiated in the late 1990s by
Accellera, a consortium of EDA companies and users who wanted to create the next
generation of Verilog [2]. The OpenVera language was the basis for the veriﬁcation
functionality of the new language. SystemVerilog became an IEEE standard in 2005.
The Veriﬁcation Methodology Manual (VMM) [6] is a manual written by Synop-
sys and ARM to give guidelines for advanced veriﬁcation in using SystemVerilog. As
well as being a reference for the SystemVerilog language, it also states rules about
important veriﬁcation planning topics, like layering, randomization, coverage and
assertion usage.
3.2.2 Language Properties
In this section, some important language properties of SystemVerilog are collected.
This is based on the book by Spear [2], which has good examples of practical use of
the SystemVerilog language.
Data types
In addition to the 4-state types available in Verilog, SystemVerilog oﬀers 2-states
data types. Since 2-states only considers 0 and 1 values, not X and Z, they are faster
in simulation.
Two of the 2-state types are the bit and int types. Bit is a 2-state single bit
type. Like regs, it can be given a range to support multiple bits. Int is a 32-bit
SystemVerilog 23
signed integer which works much like in C. Fixed-size int arrays are available, which
is convenient for indexes and loop operations.
Strings, queues and associative arrays are also available in SystemVerilog.
Modules and Programs
In SystemVerilog, the active part of an testbench is usually contained in a program.
Programs could be compared to modules. The diﬀerence is that always blocks are
not allowed in programs.
The automatic keyword is often added to program to make the storage of variable
values more like programming languages than Verilog. Local variables are then stored
in the stack instead of being shared between all processes.
Signal Interface
An interface is a collection of signal deﬁnitions. Modules will then connect to the
interface instead of directly to each other. In this way signals deﬁnitions are collected
in one place, and does not need to be deﬁned in each module. Signal directions could
be speciﬁed by creating one modport for each module.
Functions and Tasks
Tasks can consume time, while functions cannot. Functions must have a return type.
In SystemVerilog, task inputs and outputs can be declares in parenthesis, much like
in C.
Object Orientation
Object orientation syntax in SystemVerilog looks very similar to the syntax of C++.
A special pair of keywords, fork and join, represents the threads functionality of
SystemVerilog. All statements between fork and join will be executed at the same
time, as in parallel.
The class-implemented testbench components like Scoreboard and Generator are
often called transactors.
External Functions
SystemVerilog (using Synopsys VCS) has at least three diﬀerent technologies to call
external functions placed in C code. DPI is the new technology for this purpose in
SystemVerilog. PLI is the corresponding functionality inherited from Verilog. The
last one, DirectC, is a VCS-speciﬁc technology. A user guide for DirectC [11] is
shipped with VCS.
24 3. Tools and Languages
Mailbox
Using mailboxes is a ﬂexible way to enable communication between two transactors.
A mailbox could be compared with a FIFO queue. The mailbox could contain any
number of objects.
3.3 Synopsys VCS
Synopsys VCS is a veriﬁcation software package which supports, among other lan-
guages, Verilog and SystemVerilog. It is the most common software solution for
SystemVerilog veriﬁcation. In addition to SystemVerilog, it also supports the Open-
Vera veriﬁcation language. In its MX version it is also capable of verifying VHDL
designs.
Details about VCS could be found in the VCS/VCSi User Guide [12]. There are
still parts of SystemVerilog not implemented in VCS, although most of the impor-
tant features are supported. VCS contains several tools to report simulation results,
described below.
Uniﬁed Report Generator (URG) is a new, easy-to-use report generator in VCS
that reports statistics for both functional coverage, code coverage and assertions cov-
erage.
cmView is a tool to report code coverage. It could be run in batch mode out-
putting text-based reports, or in graphical mode showing the results interactively.
cmView is started using the following commands: vcs -cm_pp gui for GUI mode,
and vcs -cm_pp -b for batch mode. Batch mode creates a number of text ﬁles in
the simv.cm/reports/ folder. For each code coverage type, 4 reports are generated.
The diﬀerent report types are shown in Table 3.1 . In addition, deﬁnition reports
are created, denoted by an added d in the ﬁlename. They show the cumulative code
coverage for all module instances. Examples of the text-based reports are found in
appendix D, while a screenshot of the graphical interface is shown in Appendix E.1.
Discovery Visualization Environment (DVE) is the signal-level debugger in VCS.
A screenshot of DVE is shown in Appendix E.1.
assertCovReport and fCovReport are VCS commands to generate reports for as-
sertions and functional cover properties. They add a set of HTML based reports to
the simv.vdb/reports/ folder. The reports provide statistics for each assertion: The
number of assertion hits, the number of statement success, failures and incomplete at-
tempts. The reports also contain summaries grouped on modules and failure severity.
Synopsys VCS 25
Report Explanation
long Main reports showing both covered and non-
covered code parts. Includes summaries.
short Short reports only showing non-covered code
parts and summaries.
hier Sums up coverage for module instances, also tak-
ing into account sub-hierarchy.
mod Sums up coverage for module instances, without
regard to any sub-hierarchy under the module.
Table 3.1: cmView code coverage reports

27
Chapter 4
Veriﬁcation Plan
T
he Verification Plan is the plan for the entire veriﬁcation process. This chap-
ter steps through the creation of the veriﬁcation plan for an AES module with
background in the theory in Section 2.6. The full veriﬁcation plan is given in ap-
pendix B, while the DITL document is available in appendix A.
In an ordinary veriﬁcation process many diﬀerent persons would be involved, as
mentioned in Section 2.6. In this thesis work, there was no such team available for
veriﬁcation planning. Making a DITL took more time than it would with the de-
signer available for inputs, since all details now had to be found in the literature and
source code.
It is also worth noting that the DUT was ﬁnished at the time the veriﬁcation
planning process started. This makes the veriﬁcation ﬂow more direct, instead of
verifying component-by-component.
4.1 Module Selection
One of the ﬁrst tasks of the thesis work was to ﬁnd a module to be veriﬁed. The
veriﬁcation tools and techniques were stated in the problem description. In the pre-
sentation of the thesis problem it was suggested that the most relevant place to ﬁnd
such a module would be OpenCores [13].
OpenCores is a collection of free digital hardware cores on the Internet. They are
often published under the GNU general public license, and usually written in Verilog
or VHDL. OpenCores is often thought of as a hardware parallel to the much larger
community of open source software.
Some requirements were discussed before the search for a module started:
• It should be ﬁnished and have code of high quality.
28 4. Verification Plan
• It should be a design that ﬁts well as an example for the veriﬁcation techniques.
• The size and complexity should be kept in manageable bounds.
• It should be written in Verilog, so all SystemVerilog features can be used.
• It should be well documented.
Among of the best alternatives were a few microcontroller designs, two USB cores,
and some encryption cores. A core implementing the Advanced Encryption Standard
(AES) was chosen. The core, called 128 AES [14], is written by Javier Castillo in
2000.
The core fullﬁlls most of the requirements: it was ﬁnished, and it looked like its
code was of high quality. The design ﬁts well as an example, containing both arith-
metic modules and FSMs. Even though the operation is quite complex, the design
has few inputs and few conﬁguration choices. The core is written in Verilog.
No documentation follows the module, and no code comments are written, which
is seems to be quite typical for all cores available at OpenCores. However, the AES
speciﬁcation is good, and could in many cases act as the documentation for the se-
lected core. In addition, the communication with the core is done using Wishbone,
a documented bus standard.
4.1.1 Advanced Encryption Standard
AES is an encryption and decryption algorithm. The AES title was given after a
selection process initiated in 1997 by the US National Institute of Standards and
Technology (NIST), in order to ﬁnd replacement for the Data Encryption Standard
(DES) and triple-DES. The winner of the AES selection process was a candidate
called Rijndael, developed by Belgian cryptographers Joan Daemen and Vincent Ri-
jmen. Rijndael strongest sides in the competition was good performance in both
hardware and software, and low memory requirements.
Rijndael operates on data blocks of 128 bits, while the keys are of sizes 128, 192
or 256 bits. The chosen AES core uses 128 bit keys, which is the least secure, but
fastest option.
The operation of the core was further explored in the creation of the DITL doc-
ument in Section 4.2. The DITL document is placed in Appendix A. Used literature
on AES includes an AES manual by Dr. B. Gladman [15], the AES speciﬁcation [3]
and a book written by the AES developers [16].
Day-in-the-Life Document 29
4.1.2 Wishbone Bus
Wishbone is a public domain System-on-Chip bus. The public domain status is
one of Wishbones strongest sides, as it can be used completely royalty-free. The
Wishbone Bus project is maintained by OpenCores. It was originally developed by
Silicore Corporation.
The Wishbone bus supports communication using one master and either one or
multiple slaves. Data transfer is done using a handshake behavior when data is in-
terchanged on the data signals. Wishbone supports data blocks in any size up to 64
bits. The width of the bus has to be deﬁned in the speciﬁcation documents. The
core to be veriﬁed supports only 32 bit blocks.
The simplest method of Wishbone communication are Single Read and Single
Write cycles, which transfers one block at the time. Every block transfer will then
require repetition of the handshake process. A faster and more convenient way to
transfer data could be implemented using the Block Read and Block Write cycles.
Here, the handshake process initiates a series of data transfers, with a data block
transferred on each clock cycle.
The Wishbone Speciﬁcation [17] states a set of requirements that has to be ful-
ﬁlled before the design can be called "Wishbone compliant". One of the requirements
is to provide a document specifying the Wishbone properties (like data block size and
error behavior). The distribution of the AES core does not contain such a document,
so the source code had to be inspected to reveal the Wishbone properties.
The Wishbone Bus properties of the AES module was further examined during
the DITL creation process. This process is documented in Section 4.2.
4.2 Day-in-the-Life Document
The ﬁnished Day-in-the Life document can be found in Appendix A. The work with
the DITL was started by collecting general information about AES and Wishbone.
Since the module is not documented, the source code also had to be examined to
ﬁnd out the detailed design properties of the design.
A short introduction to the module was written, based on the information given
on the OpenCores hosted web site of the project [14] and the AES speciﬁcation [3].
The source code of the project was examined to ﬁnd the module structure, given
in Section A.2. The structure does not diﬀer much from the examples given in the
speciﬁcation. The SubBytes and ShiftRows implementations are collected in one
module, while the AddRoundKey and MixColumns operations are placed in their
30 4. Verification Plan
own modules. The output and input signals in the implementation are also close to
the examples.
A section about the Wishbone bus properties of the design was written in Section
A.3. By examining the source code, it was clear that the module supports only single
read and single write operations, since the ACK signal is automatically lowered after
each data fetch. No connection to the AES module is provided, so a top module will
have to be written in order to simulate the full design.
The supported bus signals were found in the source code and documented in
Figure A.2 and Table A.1. The signals implemented are an absolute minimum of
signals to provide Wishbone compliant communication. The valid addresses of the
wb_adr_i signal were also found and documented in Table A.2.
A AES ﬂow diagram was created to show the internal ﬂow of the AES module. It
was based on the pseudo code found in the AES speciﬁcation [3]. The ﬂow diagram
is shown in Figure A.3. In 128 bit AES encryption, 10 rounds of the loop is used to
encrypt a message. The AES speciﬁcation also formed the basis for the ﬁgures and
descriptions of each step, placed in Section A.5.
4.3 Tools and Technologies
The veriﬁcation language, SystemVerilog, was already given in the text. Synopsys
VCS was recommended by the supervisors to be a good choice of tool for SystemVer-
ilog simulations. Synopsys VCS in version 2005.06-SP2 was available at the univer-
sity.
The module is veriﬁed with only simulation-based veriﬁcation, no formal veriﬁ-
cation is used. The focus of the thesis was on simulation based veriﬁcation from the
start, and using formal veriﬁcation in addition to this would require much more time
than allowed for study, planning and implementation.
However, the AES module does contain a lot of mathematical operations, so
formal veriﬁcation could probably have been an eﬀective way to verify some parts of
the design.
4.4 Architecture
A simple, typical operation of the testbench was outlined in the ﬁrst section of the
veriﬁcation plan. The chosen testbench ﬂow is a very common one: Stimuli is gen-
erated at the top, and then applied to both the DUT and a reference model. The
Architecture 31
results of the two are checked for equality.
An alternative way of checking this particular model could be to ﬁrst encrypt
the data, and then decrypt the output from the encryption using the same key. This
approach was not chosen, since the more general testbench using a reference model
acts better as an example of a veriﬁcation system.
Layers are planned in Section B.4 of the veriﬁcation plan. The layer division of
the testbench follows the theory in [2], and could be seen in Figure B.1. The planned
components of the testbench are a bit diﬀerent compared to the theory.
The Driver and Monitor components are combined in a component called bus
functional model (BFM. The two Wishbone operations from Driver and Monitor
are more eﬃciently modelled in one component, since common functionality can be
shared between the two operations. In addition, the two operations will have to
communicate directly, since the reading of the output has to be performed a ﬁxed
number of clock cycles after the writing of the input. This is more easily modelled
with one component (otherwise, a handshake signal would be necessary to allow di-
rect communication).
Agent is removed, since there is no need for further processing of the input data
in this case. The data is sent directly from the Generator to the BFM.
A plan of which classes that shall implement each other is provided in the same
chapter. This is done much in the same way as in the examples in [2].
A ﬁgure showing the data ﬂoat of the testbench has beed included as Figure
B.2 in Appendix B. The data ﬂoating though the system is planned to be contained
in objects. In this way, the data that belongs together keeps together through the
system. A short description of the operation of each of the testbench components is
given in Section B.7, as well as a description of the inputs and outputs.
The scenarios are planned in chapter B.6. The AES model does not have many
diﬀerent operations, so the scenarios are few. The three scenarios planned are en-
cryption, decryption and system reset.
The last part of the architecture planning is the planning of the randomization
features. The most obvious random feature of the testbench is to randomize the key
and data inputs. A common constraint was planned for two inputs: A bathtub data
distribution. The probability of values in the two extremes of the scale will then be
higher, and more interesting values will be generated.
Scenarios will also be randomized. The testbench will use random functions to
select between the three planned scenarios. The planned probability for each sce-
32 4. Verification Plan
nario is listed in the scenarios list in Section B.6.
To make sure the handshake functions in the Wishbone bus works as good as
proposed, a random delay is planned in the BFM. Each delay should be between 0
and 10 clock cycles.
4.5 Assertions
7 assertions were planned, and listed in Table B.10. In a real veriﬁcation project
it would be necessary to check a lot more details using assertions. To be able to
complete the veriﬁcation process in reasonable time, only a much smaller number of
assertions were planned. However, since the planned assertions have diﬀerent types
and placements, they are good examples of the assertion planning (and implemen-
tation) tasks of a real-world veriﬁcation project.
The assertion listing table (Table B.10) is inspired by [9]. For a larger veriﬁcation
project it could be better to create one table for each DUT block, like in [9].
4.6 Implementation Phases
As described in Section 2.6.6, phases are the milestones of the testbench implemen-
tation process. Seven phases were planned. Since the DUT was a complete design
when the veriﬁcation planning started, there was no need for the phases to follow the
steps in a design process. The phases were therefore quite straight forward planned,
heading straight for the full testbench architecture.
The ﬁrst phase is a bit special, since no other phases will use the functionality
implemented in this phase. Its purpose is to make sure, at an early stage, that the
chosen AES module actually communicates and could be simulated. The last six
phases follows a natural ﬂow of testbench implementation:
• Communication using Wishbone interface: The implementation of the BFM,
which is the building block for all communication with the module
• Output checking using reference model: Implement the reference model (oﬀ
the shelf model written in C) to run encryption in parallel with the DUT
• Assertions for checking properties: Implement the planned assertions in the
DUT and on the bus interface
• Constrained random stimuli: Implement the random features of the testbench
Coverage Collection and Goals 33
• Coverage calculation: Implement functional cover groups, and enable the sys-
tem for coverage report creation
• Veriﬁcation of decryption functionality: Add features to enable veriﬁcation
of decryption functionality (most of the features in this phase are probably
already implemented in previous phases)
The phases are listed in Table B.3. This list is also combined with the layers
planned earlier to form a layer implementation list, as shown in Table B.4. This
gives an overview of when (in which phase) each of the layers will need to be imple-
mented. This is also shown graphically in the XY-grid of phases and layers in Table
B.5.
With this phase plan, the system is built almost entirely from bottom to top with
regard to the layers, which is natural as long as the DUT design is ﬁnished. If there
were parts of the DUT not already ﬁnished, the ﬂow might have been diﬀerent.
4.7 Coverage Collection and Goals
First, code coverage was planned. A list of the code coverages to be analyzed was
created, and placed in table B.11 in Appendix B. The goals are all set to 100%,
meaning 100% explained coverage. All design space not covered will therefore have
to be explained (e.g. impossible states).
The collection of functional coverage is planned in Table B.12. The ﬁrst four
are straight-forward cover groups to check data distribution of diﬀerent signals. The
two external ones will be checking the distribution of the Wishbone data signals.
The two internal ones will check the distribution of the AES input signals. In this
way, it can be veriﬁed that the bathtub function, as planned in earlier sections, works.
The last planned cover group will be checking the coverage of the S-Box. It will
use cross coverage to check that all possible combinations of the two inputs are cov-
ered.
All function coverage collection was planned to be done using cover groups, not
cover properties. The goals for each of them are 100% coverage.

35
Chapter 5
Testbench Implementation
T
his chapter describes the implementation of the veriﬁcation system planned in
the veriﬁcation plan. The most important relevant properties of the SystemVer-
ilog language are given in the language theory chapter, Section 3.2.2. Important
references for the SystemVerilog language include Spear [2] and the VMM [6].
5.1 AES Module Simulation Test
This section describes the implementation of the phase 1 in the veriﬁcation plan.
Since the module to be veriﬁed was open source code, delivered with no guarantees
or earlier test results, a small testbench was used to check if the module actually
could be simulated with the available software.
This was done using an AES testbench posted on the same OpenCores project
as a basis. The module worked well with this test. A few basic functionalities of the
Synopsys VCS simulation software were also investigated during this test. A sample
waveguide for this communication is shown in Appendix E.
5.2 Testbench Modules
The module structure of the testbench is given in Figure 5.1. The blocks shown in
this ﬁgure are the modules instantiated by top. Each one of them are implemented
in their own ﬁle. Table 5.1 shows more details.
5.2.1 Interface
The communication signals between the modules are gathered in an interface object.
The reason to use an interface object is to gather all signal declarations in one place,
36 5. Testbench Implementation
Figure 5.1: Testbench module structure
Module name File name Implemented as Purpose
top top.sv Module Top-level module
test test.sv Program Containing layers and transactors
aestop aestop.sv Module New top module for DUT
svaexternal svaexternal.sv Module Containing external assertions
wb_if wb_if.sv Interface Signal interface
Table 5.1: Testbench modules and ﬁles
as mentioned in the theory chapter.
First, the Wishbone signals are deﬁned. The are deﬁned as logic, a 4-state type.
Then, three modports are deﬁned, one for each of the modules to connect to the
interface. Here the signal directions relative to the connecting module are stated.
This is deﬁned using output and input keywords.
5.2.2 AES Top Module
An AES top module had to be designed, since the Wishbone and AES functional-
ities in the design were not connected. This is a normal, simple module. Interface
and internal signals are deﬁned, and the aes and wb_aes_controller modules are
instantiated and connected.
The aes module has negative reset, while the wb_aes_controller has positive
reset. A reset signal sensitive block is written to invert the reset signal for aes.
5.2.3 Test Module
The test module implements the layers and components part of the testbench, the
ones in Figure B.1 in the veriﬁcation plan. It is implemented using the program
automatic keyword. Test instantiates Environment, which is further described in
Section 5.3.2.
Transactors 37
5.2.4 External Assertion Module
Assertions monitoring the bus, the so-called external assertions, are placed in their
own module. This module is called svaexternal, and is directly connected to the
interface. Assertion implementation is further described in Section 5.4.
5.3 Transactors
This section describes the implementation of the Test program. The test program
contains the layers and components shown in Figure B.1 from Appendix B. The com-
ponents are implemented as classes. They are commonly referred to as transactors
in the literature ([2] and [6]).
The VMM [6] has several ﬁnished classes for transactors, that could be used as
a basis for transactor implementation. In this testbench they are not used, since the
system speciﬁed will be easy to build using ordinary classes. For a more complex
testbench it could probably be more interesting to use more building blocks from the
VMM.
Variables in the transactors are implemented as 2-state data types. 2-state types
are also used when fetching data from the DUT, mostly because of their convenient
array properties. This means that X and Z values from the DUT outputs will not be
visible for the transactors, which is a potential problem. However, in this testbench
the X and Z value checking is done in the assertion module. It is directly connected
to the 4-state types in the interface, and will therefore detect any X or Z values. [18]
gives more details about X/Z-value issues in RTL design.
5.3.1 Data Flow
The data ﬂow between the transactors is implemented using mailboxes. Four mail-
boxes are used in the testbench, to enable the data ﬂow in Figure B.2 in Appendix
B. They are shown in Table 5.2.
Mailbox Communication path
gen2bfm Generator to BFM
gen2scb Generator to Scoreboard
bfm2chk BFM to Checker
scb2chk Scoreboard to Checker
Table 5.2: Mailboxes
The data sent in the mailboxes are objects of the Transaction class. This class
is deﬁned in the test program. The properties of transaction objects are shown in
38 5. Testbench Implementation
Table 5.3.
Name Data type Width Description
data_in bit 128 Input data
key bit 128 Key data
data_out bit 128 Output from DUT
data_c_out bit 128 Output from reference model
decrypt bit 1 Decryption selector
reset bit 1 Request reset operation
Table 5.3: Transaction class properties
A transaction is put into a mailbox using the put function of the mailbox with
the transaction object as a property. An object is fetched using the function called
get. Get is a blocking function. If get is called on an empty mailbox, the program
ﬂow will not proceed before an object is available for fetching.
The DUT operation is a time-consuming task. In the time of one calculation of
the DUT, the Generator could generate hundreds of new objects. To prevent this,
a handshake mechanism is implemented between the BFM and the Generator. Now
the Generator will not produce more transaction objects than the BFM can consume.
A more elegant way of solving this problem would be to restrict the size of the
mailboxes. The put function would then be blocking when the mailbox is full. Size
restriction of mailboxes is a feature of the SystemVerilog language. Unfortunately it is
not implemented in this version of VCS, according to VCS' SystemVerilog Testbench
Constructs manual [19].
5.3.2 Environment
Environment is the transactor that is instantiated by the test program. Its only
purpose is to instantiate and start the other four transactors, as indicated in Figure
B.1.
The four other transactors should be started at the same time, run in parallel,
and the program ﬂow should not continue until all transactors are ﬁnished. This is
speciﬁed with the fork..join block. The operations between fork and join will be run
in parallel.
5.3.3 Bus Functional Model
The BFM was the ﬁrst part of the testbench to be implemented, it was implemented
in phase 2. The BFM drives the Wishbone bus to communicate with the DUT.
Transactors 39
The Wishbone interface of the DUT is not documented, so the source code of the
DUT had to be carefully examined to be able to communicate with it. It appeared
that the module only supported the simplest form of data transfer, single transfer.
The signals supported by the module are presented in Appendix A, Figure A.2.
Four tasks were created in the BFM to make a compact implementation: write-
cycle, readcycle, setsignals and sendreset.
• sendreset simply sets the reset signal low, high and then low again at following
rising clock edges to reset the DUT.
• setsignals is the lowest level of Wishbone communication found in the test-
bench. It sets the signals on the bus. However, before it does so, it calls a
callback task to get a random delay.
• writecycle is a higher level function to create one Wishbone write cycle. It uses
setsignals to set the desired signals on the bus. Then it waits for a wb_ack
from the DUT.
• readcycle uses the setsignals task to present the needed Wishbone signals to
the bus. Data is fetched from the bus when wb_ack is set high from the DUT,
and put in the right section of the data_cycle_out array.
The operation of the BFM is placed in a task called run, like in the other trans-
actors. The operation of run is the following:
• Get a transaction object from the Generator-BFM mailbox.
• Send a handshake to the Generator to tell it to make a new transaction object.
• Split the key and data objects into eight blocks of 32 bits.
• Compose a block to tell the DUT if this is an encryption (value 3'b001) or
decryption (3'b101) operation.
• Check if the transaction object is a reset object. If it is, sendreset is called and
nothing more except for the last point is done.
• If not, the nine cycles of data are sequentially set on the bus using writecycle.
• Wait for 600 clock cycles for the DUT to ﬁnish the AES calculations.
• Read the outdata using four readcycle operations.
• Add the received DUT outputs to the data_out variable of the transaction
object.
• Put the transaction object in the BFM-Checker mailbox.
40 5. Testbench Implementation
The callback task referred to earlier is deﬁned in its own class, called BFM_cbs.
In this way, it could more easily be changed between simulations, as described in
Section 2.4.2. The pre-transfer callback task itself is called pre_tx. The only thing
it does is to call for a random number using $urandom_range, and then wait the
corresponding number of clock cycles. A post-transfer callback is also deﬁned, but
not in use.
An example of a Wishbone write cycle with random delays could be found in
Appendix E.2.
5.3.4 Generator
As described in the theory chapters, the Generator transactor is responsible for the
randomization and data generation tasks. The main functionality of the Generator
was implemented in phase 5. However, a simple generator without the randomiza-
tion functions was implemented in phase 3 to support the scoreboarding operation.
Like in the other transactors, the main operation of Generator is placed in a
run task. The run task ﬁrst runs a reset task, since the DUT will not operate at all
before reset. After this, the task contains a for loop which creates a speciﬁed number
of stimuli sets. The number is speciﬁed in the global constant ROUNDS.
In the loop, a randsequence call is performed to randomly select between three
tasks: encrypt_task, decrypt_task and reset_task. The probabilities of each of the
three are speciﬁed in the stream expression, here set to be level between the three.
The selected task is called for randomization and stimuli generation.
The encrypt_task and decrypt_task have much in common. They both start
oﬀ by creating a new transaction object. New transaction objects must be created
for every simulation round to make the randomize call work. The new transaction
object is randomized using the randomize function. An assertion is added here to
check that the randomize operation does not fail (if it fails, it returns 0, and the
assertion is triggered). The bit variable specifying encryption or decryption is set to
0 or 1, depending on the task. At last, the transaction object is sent to the BFM
and the Scoreboard using the corresponding mailboxes.
It could be noted that the random selection of encryption/decryption could more
easily be implemented by simply randomizing the decryption bit of the transactor
object, just like the key and data are randomized. However, it was chosen to imple-
ment it using randsequence to show how random scenarios work.
The last task, the reset_task, also creates a new transaction object. But, instead
of randomizing, it leaves the stimuli empty and sets the reset bit high. The object
is then sent to the BFM and Scoreboard mailboxes. When it arrives in the BFM, it
Transactors 41
will tell the BFM to do a system reset instead of the normal AES operation.
In Section 4.4, a bathtub data distribution was planned for the inputs. Unfortu-
nately this was not implemented, due to diﬃculties with such large data types and
limited time.
5.3.5 Scoreboard
Scoreboard functionality was implemented in phase 3. This phase was the one to
require the most time spent on testing diﬀerent technologies and reference models to
ﬁnd a suitable solution.
Reference model selection
First of all, a reference model had to be found. Literature and websites were searched
for a suitable model. In [15], Dr. B. Gladman gives a reference model written in
the C language. On his website [20], a brand new low-level implementation was
found later. This one had quite simple input and output funtions, which made it
suitable for use with the testbench. However, no examples on use were given, so
some hours had to be spent reading C literature [21], and trying and failing, before a
test program communicating with the reference model could be written. In the end,
it turned out to be even more simple to communicate with it than expected.
A small test program was written. There were some problems because of un-
familiarity with the use of unsigned char arrays, but this was solved by reading C
reference literature [21]. The program was compiled with GCC on Red Hat Linux.
C model communication
The next important step to fullﬁll phase 3 was to enable communication between the
SystemVerilog testbench and the C reference model. SystemVerilog and Verilog (us-
ing VCS) has at least three diﬀerent techologies for C model communication: DPI,
PLI and DirectC.
DPI was ﬁrst tested, since it is the technology tightest bound to SystemVerilog.
A DPI communication example was found in the VCS examples directory. VCS was
used to try to compile it. But, it turned out that the VCS licence installed did not
include the DPI functionality. The system administrator did some checking about
the licences available, and it turned out that this functionality was unavailable with
the licence of the university.
PLI was then checked out. A book about PLI, [22], was obtained, and some work
was done to create a working example. PLI is more complicated than DPI, and this
took some time. However, at some point, a VCS speciﬁc functionality called DirectC
42 5. Testbench Implementation
was discovered. This seemed to be a much more usable solution than PLI, and the
PLI investigation was discontinued.
A DirectC user guide [11] was found in the VCS documentation catalog. DirectC
was easier to use than the two previous technologies, however, it took some work to
create a communication prototype supporting as large variables as 128 bits. The C
communication prototype worked well with VCS.
Final Scoreboard implementation
The communication prototype was used as a basis for the scoreboard implementa-
tion. A reference to the external function (described below) is created in the top of
the test.sv ﬁle. In the Scoreboard transactor does the following, repeated for each
simulation round:
• Get transaction object from the Generator mailbox
• If the reset bit is not high, send transaction object data to the external function
• Receive the output and add it to the data_c_out variable of the transaction
object
• Put the transaction object in the Checker mailbox
In the C model, an input and output function specially designed for this test-
bench was implemented. It receives data as UB type, a char based special type for
DirectC. The input variables, containing the key and data inputs, are reversed in
order to be compatible with Dr. Gladman's C model. Decrypt or encrypt operation
is selected by the decrypt scalar input. After AES operation, an UB array is reversed
and passed back to the SystemVerilog testbench.
A detail worth noting is a diﬀerence in the decryption behavior between the the
c model and the DUT. The DUT takes the original key as input, while the c model
needs the pre-processed key for input. This is solved by running an encryption with
the same key before the decryption, and using the output key from the encryption
as the input key for the decryption.
5.3.6 Checker
The checker transactor is implemented in phase 3 to enable output checking of the
parallel DUT and Scoreboard operations. Checker has the following behavior, re-
peated for each simulation round:
• Receive transaction objects from BFM and Scoreboard. Since the get function
is blocking, the checker will wait here until the BFM/DUT is ﬁnished.
Assertions 43
• Check that the output from both AES operations are equal.
The output check is implemented as an immediate assertion. In this way, its
results could be analyzed using the normal assertion reports.
5.4 Assertions
This section is about the implementation of the assertions. The assertions are
planned in Section B.9 in Appendix B. The assertions are implemented during phase
4.
The external assertions are placed in a separate module connected to the inter-
face. In this way, they are able to monitor the wishbone signals directly. There
are three assertions implemented in this module. The fourth external assertion, the
one that compares the outputs of the DUT and scoreboard, is a special case and is
implemented inside the testbench: In the Checker transactor.
• ACK is never set high without a preceding STB. This assertion uses the $rose
keyword to be evaluated every time the wb_ack signal rises. The indication
arrow requires wb_stb to be high when this happened.
• Wishbone bus never has any X or Z bits when reading is allowed. This assertion
uses $isunknown to look for unknown values on the wb_dat_o signal. The
expression contains AND operators to express that no bits should be X or Y
when wb_we (write enable) and wb_ack is high.
• Request from testbench results in ACK from DUT within 10 clock cycles. This
is checked using an assertion from the OVL library, assert_handshake. A sub-
assertion of this library assertion is used to also check that the length in the
ACK signal is not more than 3 clock cycles.
• DUT output value is the same as the scoreboard value at the end of each run.
This one is implemented in the Checker transactor, as an immediate assertion
that compares the data_out and data_c_out of the transaction object.
The internal assertions are placed directly in the DUT code. Due to limited time,
only one internal assertion was implemented: The one that checks that number of
rounds of AES operation does not exceed 10. It is placed in the aes.v ﬁle, inside the
module called aes. The code for this assertion is placed in Figure 5.2
5.5 Functional Coverage
Functional Coverage groups were to planned be implemented in phase 6. The work
began with the implementation of the ﬁrst cover group in Table ??. The cover group
44 5. Testbench Implementation
Figure 5.2: Source code for a_rounds assertion
was implemented inside the BFM transactor. The cover group deﬁnition is shown in
Figure 5.3. It consists of one cover point, monitoring the Wishbone in data signal
(wb_dat_i). The sampling of coverage data is done using the covWbDatIn.sample()
expression, which is placed in the writecycle task of the BFM. In this way, coverage
data is sampled from the Wishbone bus every time something is written to it.
Figure 5.3: Source code for covWbDatIn cover group
As mentioned earlier, the plan was to analyze the functional coverage using URG.
However, because of licencing problems, older analysis tools had to be used. None
of them could analyze cover groups. Some eﬀorts were done to try to implement the
planned functional cover groups as cover properties. Cover properties are much sim-
pler than cover groups, and are normally only used to monitor visited signal, not the
values of those. For instance, they don't have any functionality comparable to bins.
More details about cover groups and cover properties could be found in Section 2.2.2.
As a test, a cover property based on the assertion in Figure 5.2 was created. It
is speciﬁed in the last line of the source code in the same ﬁgure.
45
Chapter 6
Simulation
T
his chapter describes the setup of the software tools and the compilation and
simulation of the testbench.
6.1 Synopsys VCS Setup
The testbench was compiled, simulated and debugged using Synopsys VCS 2005.06-
SP2. The Synopsys VCS software was installed by the system administrator, but
some minor adjustments of the settings were made to make simulation easier. The
software had been installed at the central Linux system running Red Hat Linux.
Communication with this system was carried out using partially a SSH client, and
partially an X-Windows client (to enable use of graphical tools).
In order to make VCS work at my Linux account, the environment variables
VCS_HOME and PATH i .bash_proﬁle were edited. Some editing was also necessary
to connect the system to the right license server.
6.2 Testbench Compilation
To compile the testbench, the vcs command was used. Switches were applied to
make the settings needed for the operation. The compile time switches are listed
and explained in Table 6.1.
The ﬁnal testbench was compiled using the following command:
vcs +define+ASSERT_ON -debug -cm assert+cond+tgl+line+fsm+branch+path \
-sverilog -PP -assert enable_diag *.v *.sv aes.c -l compile.log \
-y ~/sva-lib +libext+.sv +vc +sysvcs \
+verilog2001ext+.v+incdir+$~/sva-lib
46 6. Simulation
Name Description
-debug Compile for debug in DVE
-debug_all Compile for debug in DVE with linestepping features
-cm assert+path Enable collection of code coverage
-sverilog Enable SystemVerilog compilation
+deﬁne+ASSERT_ON Assertion calculation
-PP Enable debugging
-assert enable_diag Extended SVA reporting
-l compile.log Save compilation log ﬁle
+vc Enables DirectC
-y Specify Library Directory
+verilog2001ext Specify Verilog ﬁlename ext.
+incdir Specify include directory
Table 6.1: Compile-time switches
The compilation results in an executable ﬁle to be run to start the simulation.
The name of the ﬁle could be deﬁned using a switch. The default name of the ﬁle is
simv.
6.3 Simulation
Simulation is started using the executable ﬁle that was created during compilation.
Like in compilation, switches are applied to change settings. Some of the available
switches for the simulation are listed and explained in Table 6.2.
Name Description
-cm assert+path Collect code coverage
-assert Assertion settings
-l run.log Save simulation log ﬁle
+ntb_solver_mode=1 Randomization preprocessing mode
Table 6.2: Runtime switches
The ﬁnal testbench was simulated using the following command:
simv +ntb_solver_mode=1 -cm assert+cond+tgl+line+fsm+branch+path \
-l run.log -assert filter
Testbench Debug 47
6.4 Testbench Debug
In order to be sure that the ﬁnal testbench would be functionally correct, every
part of the testbench code was tested and debugged during implementation. This
was done using normal simulations and the debugging tool in VCS, DVE. DVE was
used to show waveforms for signal debugging. There is more about DVE in Section
3.3. DVE is started by applying the -gui switch to the simulation executable. For
instance: simv -gui.
6.5 Assertion and Coverage Reporting
URG, described in Section 3.3, was the tool that was planned to be used for gener-
ating reports: Both code coverage, functional coverage and assertion reports. Un-
fortunately, URG was not included in the VCS licence held by the university. The
system administrator was in contact with the licencing organization to try to add
access to URG to the licence, but this was not possible.
Instead, older tools had to be used. To generate and view code coverage, cmView
was used. For assertion reports: assertCovReport. For functional coverage proper-
ties: fcovReport. The tools are described in Section 3.3. No tool capable of creating
reports from the functional coverage groups was available with the licence held by
the university.
AssertCovReport and fcovReport were executed by calling the assertCovReport
and fcovReport commands, respectively. They placed a HTML based report in the
simv.vdb/reports/ folder. The full reports for the ﬁnal simulations are shown in
Appendix D.8, and the results are discussed in Chapter 7.
cmView was used, both in GUI and batch mode, to generate reports about code
coverage. cmView in batch mode puts out text-based reports like the reports in
appendix D. The reports from the diﬀerent runs are analyzed and compared in
Chapter 7.

49
Chapter 7
Discussion
T
his chapter will discuss the coverage results achieved during the simulations.
Unfortunately, because of software licence problems, the functional coverage re-
sults are very limited. The code coverage results, however, will be presented and
discussed. The last section of the chapter contains a discussion on the testbench
design and possible future work.
7.1 Coverage Progress
For the ﬁnal testbench 5 diﬀerent simulation sessions were carried out. The sessions
were done using the same testbench, but with diﬀerent number of simulation rounds:
Respectively 10, 100, 1000, 10 000 and 200 000 encryptions/decryptions, by changing
the ROUNDS constant in the testbench between each run. This was done to track
the coverage progress. Table 7.1 contains the progress of the most important metrics.
10 100 1000 10 000 200 000
Line Coverage (Lines) 99.57 99.57 99.57 99.57 99.57
Condition Coverage 87.72 87.72 87.72 87.72 87.72
FSM Coverage (States) 100.00 100.00 100.00 100.00 100.00
Branch Coverage 94.51 94.51 94.51 94.51 94.51
Path Coverage 37.58 37.58 37.58 37.58 37.58
Toggle Coverage (Nets) 84.85 87.88 87.88 87.88 87.88
Table 7.1: Code coverage progress (percentage)
As the table shows, the numbers for the code coverage is already high at very
few simulations, already at the 10 simulations case. They do not increase when more
simulations are carried out. The reason is probably that a large part of the AES
design is invoked at each simulation. The module also has few scenarios to cover, so
50 7. Discussion
they are all covered relatively quick.
Unfortunately, since the functional coverage groups could not be analyzed, there
is no progress data available for functional coverage. Probably we would have seen
much of the same progress as with the code coverage, at least with the cover groups
planned in the veriﬁcation plan. They have relatively few bins, and are hit by every
simulation.
7.2 Code Coverage
The following sections analyzes the code coverage achieved in the run with 200 000
simulations. However, the results are also quite relevant to the shorter runs, since
high code coverage was already achieved at a very low number of runs.
7.2.1 Line Coverage
The line coverage summary from the short report is shown in Table 7.2. The line
coverage short report is placed in Appendix D.1. Only the following lines of code
are reported not covered:
• Lines 153-154 in wb_aescontroller.v. Contains an data address not used by the
testbench during the Wishbone communication. The functionality not covered
returns the operation mode carried out (decryption or encryption). Whether
this code is redundant or it should have been covered depends on the (non-
existing) speciﬁcation.
Total Covered Percent
Lines 462 460 99.57
Statements 511 509 99.61
Blocks 122 121 99.18
Table 7.2: Line coverage summary
7.2.2 Condition Coverage
The condition coverage summary is shown in Table 7.3. The condition coverage short
report is placed in Appendix D.2. The uncovered conditions were:
• Line 104 in wb_aescontroller.v: 0-1-1-1 and 1-0-1-1 not covered. The line con-
tains a statement that returns true if wb_stb_i, wb_cyc_i and wb_we_i are
Code Coverage 51
high while wb_ack_o is low. It indicates a request for data from the testbench.
Since Single Read mode is used by the testbench (which is the only read mode
supported by the Wishbone slave), wb_stb_i and wb_cyc_i will always have
the same value.
• Line 147 in wb_aescontroller.v: 0-1-1-1, 1-0-1-1 and 1-1-0-1 not covered. Al-
most same expression as above, except for the wb_we_i which now should be
low to make the statement return true. The same reason as above applies to
the ﬁrst two non-covered combinations. Since this is an elseif statement of the
expression above, the 1-1-0-1 combination will be fetched by the if sentence,
and never get to the elseif.
• Line 327 in aes.sv: 1 - 0 not covered. Impossible to cover, since it is placed in
an elseif statement where the condition is fetched by the if condition.
• Line 345 in aes.sv: 0 - 1 not covered. Same as the previous one.
Total Covered Percent
Conditions 57 50 87.72
Logical 57 50 87.72
Table 7.3: Condition coverage summary
7.2.3 FSM Coverage
The FSM coverage summary is shown in Table 7.4. The FSM coverage short report
is placed in Appendix D.3. States are 100%, which means that all states have been
covered.
Transition coverage is low. Comparing the FSM coverage report with the FSMs,
it appears that all the transitions not covered are transitions from each state and
back to the start state. This means that reset has not been done when the FSM was
in any other state than the start state. Which is correct, since the testbench does
not run resets in the middle of the encryption/decryption operations.
Sequence coverage and FSM coverage are low since they both rely on the transi-
tion coverage.
7.2.4 Branch Coverage
The branch coverage summary is shown in Table 7.5. The branch coverage short
report is placed in Appendix D.4. The uncovered conditions were:
52 7. Discussion
Total Covered Percent
FSMs 3 1 33.33
States 17 17 100.00
Transitions 18 13 72.22
Sequences 78 44 56.41
Table 7.4: FSM coverage summary
• In subbytes.v near line 244. A missing default is reported not covered. The
case is only checking values 0 and 1 of a 4-state signal. No X or Z values have
been inserted, so the missing default clause is not covered.
• In mixcolum.v near line 190. The state machine in MixColumns has an empty
default state which is not covered.
• In wb_aescontroller.v near line 107. Missing default of the Wishbone address
case selection not covered.
• In wb_aescontroller.v near line 150. Same as the previous, now for write
address selection instead of read address selection.
• In wb_aescontroller.v near line 153. Wishbone address 8'h0 not covered. Same
as reported in the line coverage reports.
Total Covered Percent
Branches 91 86 94.51
Table 7.5: Branch coverage summary
7.2.5 Path Coverage
The path coverage summary is shown in Table 7.6. The path coverage short report
is placed in Appendix D.5. Path coverage was reported to be low, but most of the
paths reported as not covered seems to be paths that are impossible, because of an
illegal combination of branches.
• In wb_aescontroller.v near lines 86-177. Multiple paths not covered due to
two if blocks that are never activated at the same time. The AES module will
never ﬁnish while the Wishbone bus is being used.
Assertions 53
Total Covered Percent
Paths 157 59 37.58
Table 7.6: Path coverage summary
7.2.6 Toggle Coverage
The toggle coverage summary is shown in Table 7.7. The toggle coverage short re-
port is placed in Appendix D.6. Many of the signals not toggled turns out to be
unused signals, or unused bits ranges of signals. These are almost exclusively from
the Wishbone module, as shown in the toggle coverage module report in Appendix
D.7.
Total Covered Percent
Regs 156 136 87.18
Reg bits 5104 4568 89.50
Reg bits(0->1) 5104 4568 89.50
Reg bits(1->0) 5104 4568 89.50
Nets 66 58 87.88
Net bits 1496 1331 88.97
Net bits(0->1) 1496 1331 88.97
Net bits(1->0) 1496 1331 88.97
Table 7.7: Toggle coverage summary
7.3 Assertions
The assertion reports were analysed to see if any of the assertions had failed during
the simulations. No errors were reported in any of the assertion reports.
In the 200 000 run simulation report, all the concurrent assertions report 92 941
707 attempts. This corresponds to the total number of clock cycles.
The assertion in the Checker, which controls that Scoreboard and DUT results
are equal, reports 200 000 hits. This is correct, since the assertion is implemented
as an immediate assertion triggered once for each round.
The two assertions monitoring the randomization of data in each of the scenarios,
the a_randomize_d and a_randomize_e, reports 132549 and 133097 hits, respec-
tively. This is about the double of expected hits, since they both have probability
set to 33%, and the total number should be 200 000. An error with the deﬁnition is
54 7. Discussion
suspected, since their sums added equals more than the total number.
The two handshake assertions both reports a real success number of 1 727 245.
This corresponds to the total number of handshakes. It gives an average of about
8.63 handshakes per round. The number needed for a full encryption/decryption
round is 13 handshakes. However, the reset operations (representing 33% of the
operations) does not require any handshakes. Therefore, the real success number is
very close to the expected 66% of 13 * 200 000 (which is about 1 733 000).
The one incomplete attempt of the assertion checking the max length of the ACK
signal has probably happened because the testbench terminates before the last ack
signal is lowered.
7.4 Functional Coverage
Due to the lack of tools for analysis, the only functional coverage data available is the
cover property based on the rounds assertion. This cover property, called c_rounds,
reports 92941707 matches. The number only tells that the assertion has been trig-
gered every clock cycle.
7.5 Testbench Discussion and Future Work
The code coverage analysis shows that the testbench covers the DUT well. However,
some lacks of functionality were discovered.
First of all, a more sophisticated reset behavior should have been implemented.
Now, reset is only run between the simulation rounds, never in the middle of an en-
cryption or decryption operation. A more realistic reset behavior would also include
mid-operation resets, which is more relevant to how a real-life user probably would
use the reset. This is required to achieve a higher FSM transition coverage. Such a
reset functionality could be implemented as callbacks (providing resets in the middle
of the communication only), or even better as its own thread (providing resets at
random times).
A bathtub-shaped data distribution, as introduced in the theory, was planned.
However, it was not implemented, due to diﬃculties with data types and a lack of
time. With a further detail study of SystemVerilog data types this would probably
be possible to implement.
An error reporting mechanism was described in the theory. It would record a
sliding window of simulation data, and report it when an assertion fails. This func-
Testbench Discussion and Future Work 55
tionality was not implemented due to time limitations. The implementation of such
a feature would require a memory recording data and testbench status, as well as a
report functionality trigged by the action clause of each assertion.
It could be useful to be able to stop, and afterwards restart a simulation. New
seeding of the testbench would be required to make the random generator create
new values. In order to achieve this, it would be necessary to implement a seeding
functionality.
More functional coverage groups should have been implemented to enable a more
complete coverage analysis. The implementation of coverage groups was stopped
when it became clear that the analysis software did not support functional coverage
analysis based on cover groups.

57
Chapter 8
Conclusion
T
he main tasks of this thesis was to study literature about modern veriﬁcation
to create a veriﬁcation plan for an AES RTL model, and to implement and sim-
ulate the planned veriﬁcation system using SystemVerilog and Synopsys VCS.
The veriﬁcation planning was done according to the recommended literature, and
follows the main guidelines given in the Veriﬁcation Methodology Manual (VMM).
The planned veriﬁcation process builds on modern veriﬁcation techniques like con-
strained randomization, functional coverage, object orientation and assertions.
A testbench was implemented with the requirements and features planned in the
veriﬁcation plan. It has a layered architecture to ensure high maintainability and
reusability. It exploits the advanced randomization functionalities of SystemVerilog.
It uses assertions to check the RTL model for errors. The testbench was used to
simulate the AES model using the Synopsys VCS software.
Due to some problems with the Synopsys VCS licence held by the university,
some features of VCS was not available. Unfortunately, functional coverage analysis
was almost non-supported in the available software. Therefore, the functional cov-
erage analysis carried out is limited.
Code coverage metrics were used to track the progress and quality of the simu-
lations. Many of the metrics reached the planned goals of 100% explained coverage.
This means that all functionality of the DUT was tested. Most problems that arised
were due to three factors: Bad coding style in the Wishbone controller of the DUT,
misunderstandings due to the lack of documentation, and a limited reset behavior in
the testbench.
Since no relevant functional coverage data was available for analysis it is not
possible to draw any conclusions about the adequacy of the random data generated,
and the completeness of the DUT implementation. However, since all 200,000+ en-
58 8. Conclusion
cryption and decryption results from the DUT were correct in the simulation, there
is reason to believe that the functionality of the model is correct and adequate in
most situations.
Some topics for possible improvement of the veriﬁcation system were given in the
discussion chapter. The most important ones would be a more sophisticated reset
functionality, as well as a more advanced functionality for random data distribution.
In conclusion, the veriﬁcation plan has been created and the veriﬁcation process
has been carried out, both satisfying the requirements given.
BIBLIOGRAPHY 59
Bibliography
[1] J. Bergeron,Writing Testbenches Using SystemVerilog. Springer Science + Busi-
ness Media, Inc., 2006.
[2] C. Spear, SystemVerilog for Veriﬁcation. Springer Science + Business Media,
Inc., 2006.
[3] Federal Information Standards Publication, Speciﬁcation for the Advanced En-
cryption Standard, November 2001.
[4] Synopsys, Inc., VCS / VCS MX Coverage Metrics User Guide, April 2006.
[5] P. James, Veriﬁcation Plans. Kluwer Academic Publishers, 2004.
[6] J. Bergeron, E. Cerny, A. Hunter, and A. Nightingale, Veriﬁcation Methodology
Manual for SystemVerilog. Springer Science + Business Media, 2006.
[7] Synopsys, Inc., SystemVerilog Assertions Checker Library Quick Reference,
April 2006.
[8] S. Vijayaraghavan and M. Ramanathan, A Practical Guide for SystemVerilog
Assertions. Springer Science + Business Media, Inc., 2005.
[9] D. Mills and S. Sutherland, Systemverilog assertions are for design engineers
too!, SNUG, 2006.
[10] J. Cooley, The dvcon'05 veriﬁcation census, October 2005.
[11] Synopsys, Inc., VCS DirectC Interface User Guide, April 2006.
[12] Synopsys, Inc., VCS/VCSi User Guide, April 2006.
[13] Opencores website. http://www.opencores.org/.
[14] J. Castillo, 128 aes verilog module. http://www.opencores.org/projects.cgi/systemcaes/.
[15] B. Gladman, A speciﬁcation for rijndael, the aes algorithm, September 2003.
[16] J. Daemen and V. Rijmen, The Design of Rijndael. Springer-Verlag, 2002.
60 . BIBLIOGRAPHY
[17] Speciﬁcation for the: Wishbone system-on-chip (soc) interconnection architec-
ture for portable ip cores, September 2002.
[18] M. Turpin, The dangers of living with an x (bugs hidden in your verilog),
ARM Ltd., 2003.
[19] Synopsys, Inc., SystemVerilog Testbench Constructs, April 2006.
[20] B. Gladman, Brian gladman's home page. http://fp.gladman.plus.com/.
[21] L. Hancock, M. Krieger, and S. Zamir, The C Primer. McGraw-Hill, Inc.,
3rd ed., 1990.
[22] S. Sutherland, The Verilog PLI Handbook. Kluwer Academic Publishers, 2nd ed.,
2002.
61
Appendix A
Day-in-the-Life Document
A.1 General Information
The 128 AES module by Castillo is a module that encrypts and decrypts data accord-
ing to the AES speciﬁcation. In this implementation, key size is 128 bits. According
to the AES speciﬁcation, data block size is also 128 bits. Other properties:
• The module is optimized for low area.
• The S-box is implemented as logic, not as a table stored in memory.
• There are 3 FSMs in the design. They are situated in the subbytes, keysched
and mixcolum modules.
The operation in AES is not pipelined, one data block must be processed com-
pletely before the module is ready for a new data block.
62 A. Day-in-the-Life Document
A.2 Module Blocks
Blocks and signals for the AES module are shown in ﬁgure A.1.
Figure A.1: AES module blocks
A.3 Communication Bus
Communication with the module is done via a Wishbone bus interface. Unfortu-
nately, theWishBone Interface implementation is not documented or code-commented.
The Wishbone feature is delivered as a stand-alone module, so a top module con-
necting the AES and Wishbone modules has to be developed in order to make the
system able to communicate using the Wishbone bus. The signals of the Wishbone
bus block are shown in ﬁgure A.2 and table A.1.
Figure A.2: Wishbone module
From the code it appears that the module only supports the absolute minimum
of features to be Wishbone compliant. The module can only act as a slave module.
It also only supports the simplest form of WishBone data transfer: Single Transfer.
Communication Bus 63
The wb_sel_i signal is not used by the module in any operation mode. Valid
addresses for the wb_adr_i signal are shown in table A.2.
Signal Direction Width Description
clk Input 1 System clock
reset Input 1 System reset
wb_stb_i Input 1 Slave selection indicator
wb_dat_o Output 32 Data output
wb_dat_i Input 32 Data input
wb_ack_o Output 1 Acknowledge signal
wb_adr_i Input 32 Address input
wb_we Input 1 Write enable
wb_cyc_i Input 1 Valid bus cycle indicator
wb_sel_i Input 4 (Not in use)
Table A.1: Signals of the Wishbone module
Address Bus data description
8'h0 Encryption/decryption Conﬁguration
8'h4 Input data, bit range [127:96]
8'h8 Input data, bit range [95:64]
8'hC Input data, bit range [63:32]
8'h10 Input data, bit range [31:0]
8'h14 Input key, bit range [127:96]
8'h18 Input key, bit range [95:64]
8'h1C Input key, bit range [63:32]
8'h20 Input key, bit range [31:0]
8'h24 Output data, bit range [127:96]
8'h28 Output data, bit range [95:64]
8'h2C Output data, bit range [63:32]
8'h30 Output data, bit range [31:0]
Table A.2: Valid addresses of wb_adr_i
64 A. Day-in-the-Life Document
A.4 AES Operation Flow
A ﬂow diagram of the AES encryption is shown in ﬁgure A.3.
Figure A.3: AES ﬂow
AES Internal Operations 65
A.5 AES Internal Operations
SubBytes is a non-linear transformation that applies the S-box to each element of
the State table, as shown in ﬁgure A.4.
Figure A.4: SubBytes operation [3]
S-box could be viewed as the lookup table for the substitution in SubBytes. Byte
value xy is changed with the corresponding value in ﬁgure A.5.
Figure A.5: S-box table [3]
66 A. Day-in-the-Life Document
ShiftRows shifts every byte in State after a predeﬁned pattern: First row is shifted
0 positions to the left, second row is shifted 1 position to the left, and so on. Shown
in ﬁgure A.6.
Figure A.6: Shiftrows operation [3]
MixColumns, in ﬁgure A.7, operates on each column using a multiplication op-
eration.
Figure A.7: MixColumns operation [3]
AddRoundKey combines State with a round-speciﬁc key using bitwise XOR,
shown in ﬁgure A.8.
AES Internal Operations 67
Figure A.8: AddRoundKey operation [3]

69
Appendix B
Veriﬁcation Plan
B.1 Typical Operation
Input: Randomize key, data and operation (encryption or decryption)
Input: Send inputs to the module
Output: Receive outputs from the module
Output: Compare outputs with expected results
Output: Measure coverage to track progress
Table B.1: Typical operation
B.2 Tools and Technologies
Languages: SystemVerilog
Technology: Simulation
Tools: Synosys VCS ver. 2005.06-SP2
Table B.2: Tools, language and technologies
70 B. Verification Plan
B.3 Implementation Phases
See table B.3.
Phase Goal
1 Simple communication with module (without Wishbone interface)
2 Communication using Wishbone interface
3 Output checking using reference model
4 Assertions for checking properties
5 Constrained random stimuli
6 Coverage calculation
7 Veriﬁcation of decryption functionality
Table B.3: Phases
B.4 System Architecture
Some changes from the layer ﬁgure: Monitor and driver is merged in the BFM block.
Agent is removed. This gives the architecture in ﬁgure B.1.
Figure B.1: Testbench data ﬂow
• Test instantiates Environment
• Environment instantiates Generator, Scoreboard, BFM, Checker
• Communication in the system is done using mailboxes
Layer Implementation 71
Figure B.2 shows the ﬂow of data through the components of the testbench. The
ﬂowing data will be contained in transaction objects, created in the Generator.
Figure B.2: Testbench data ﬂow
B.5 Layer Implementation
See tables B.4 and B.5.
Component Layer Phase
BFM Command 2
Scoreboard Functional 3
Checker Functional 3
Generator Scenario 5
Table B.4: Component Implementation
72 B. Verification Plan
Command Functional Scenario
Phase 1
Phase 2 BFM
Phase 3 Scoreboard, Checker
Phase 4
Phase 5 Generator
Phase 6
Phase 7
Table B.5: XY-grid phases/layers
B.6 Scenarios
• Encryption (Probability: 33.3%)
• Decryption (Probability: 33.3%)
• System Reset (Probability: 33.3%)
B.7 Block Descriptions
The properties of the Scoreboard, Checker, BFM and Generator blocks are shown in
Tables B.6, B.7, B.8 and B.9, respectively.
Component: Scoreboard
Operation: Block containing reference model in C language.
Inputs: 128 bit key, 128 bit data to be en-
crypted/decrypted, 1 bit to select encryp-
tion/decryption
Output: encrypted/decrypted data
Table B.6: Scoreboard description
Component: Checker
Operation: Compare outputs from DUT and scoreboard.
Inputs: 128 bit outputs received from BFM and score-
board
Output: Status
Table B.7: Checker description
Randomization 73
Component: BFM
Operation: Communicate with DUT via the Wishbone bus
Inputs: 128 bit key, 128 bit data, 1 bit to select encryp-
tion/decryption
Output: encrypted/decrypted data
Table B.8: BFM description
Component: Generator
Operation: Generate constrained-random values. Contains
scenarios.
Inputs: Constraints
Output: 128 bit key, 128 bit data, 1 bit to select encryp-
tion/decryption
Table B.9: Generator description
B.8 Randomization
• Randomize key
• Randomize input
• Randomize operation: Encryption, decryption or reset
• Random delays in Wishbone communication (0 to 10 clock cycles)
Input and key data should have a bathtub distribution to provoke overﬂow errors.
74 B. Verification Plan
B.9 Assertions
Functionality to verify Placement Type Assigned to
ACK is never set high without a preceding
STB
External Concurrent Veriﬁer
Wishbone bus never has any X or Z bits
when reading is allowed
External Concurrent Veriﬁer
Request from testbench results in ACK
from DUT within 10 clock cycles
External Concurrent Veriﬁer
FSM in AES control module follows the
right sequence
Internal Concurrent Veriﬁer
Number of rounds of AES operation does
not exceed 10
Internal Concurrent Veriﬁer
AES block inputs does not have any X or
Z bits when load_i is high
Internal Concurrent Veriﬁer
DUT output value is the same as the score-
board value at the end of each run
External Immediate Veriﬁer
Table B.10: Assertions
B.10 Code Coverage
Code Coverage Goal
Line Coverage 100% explained
Condition Coverage 100% explained
FSM Coverage 100% explained
Branch Coverage 100% explained
Path Coverage 100% explained
Toggle Coverage 100% explained
Table B.11: Code Coverage Analysis Plan
Functional coverage 75
B.11 Functional coverage
Cover group Bins Placement Coverage Goal
DAT_I signal of Wishbone bus (Check in-
put data distribution of Wishbone cycles)
10 External 100%
DAT_O signal of Wishbone bus (Check
output data distribution of Wishbone cy-
cles)
10 External 100%
Key in signal on AES module (Check key
data distribution)
20 Internal 100%
Data in signal on AES module (Check in-
put data distribution)
20 Internal 100%
Inputs to the SubBytes module (Check
that S-Box is fully veriﬁed) (Cross cover-
age)
16 x 16 Internal 100%
Table B.12: Cover groups

77
Appendix C
Testbench Source Code
78 C. Testbench Source Code
A
p
p
e
n
di
x 
C.
1:
 t
op
.s
v
1
`
in
cl
ud
e
"
t
im
es
ca
le
.v
"
2 3
m
o
du
le
t
o
p
;
4
bi
t
c
lk
=0
;
5
a
lw
ay
s
#5
c
lk
=
~
c
lk
;
6 7
w
b_
if
w
bi
f
(c
lk
);
8
t
e
s
t
t
s
t
(w
bi
f)
;
9
a
e
s
t
o
p
du
t
(w
bi
f)
;
10
s
v
a
e
x
t
e
r
n
a
l
s
v
a
(w
bi
f)
;
11 12
e
n
dm
od
ul
e
80 C. Testbench Source Code
A
p
p
e
n
di
x 
C.
2:
 w
b_
if
.s
v
1 2
in
te
rf
ac
e
w
b_
if
(i
np
ut
bi
t
c
lk
);
3 4
lo
gi
c
r
e
s
e
t
,
w
b_
st
b,
w
b_
ac
k,
w
b_
we
,
w
b_
cy
c;
5
lo
gi
c
[3
1:
0]
w
b_
da
t_
o,
w
b_
da
t_
i,
w
b_
ad
r;
6
lo
gi
c
[3
:0
]
w
b_
se
l;
7 8
m
o
dp
or
t
T
S
T
(o
ut
pu
t
r
e
s
e
t
,
w
b_
st
b,
w
b_
we
,
w
b_
cy
c,
w
b_
ad
r,
w
b_
da
t_
i,
w
b_
se
l,
9
in
pu
t
c
lk
,
w
b_
da
t_
o,
w
b_
ac
k)
;
10 11
m
o
dp
or
t
D
U
T
(o
ut
pu
t
w
b_
da
t_
o,
w
b_
ac
k,
12
in
pu
t
r
e
s
e
t
,
w
b_
st
b,
w
b_
we
,
w
b_
cy
c,
w
b_
ad
r,
w
b_
da
t_
i,
w
b_
se
l,
c
lk
);
13 14
m
o
dp
or
t
S
V
A
(i
np
ut
w
b_
da
t_
o,
w
b_
ac
k,
r
e
s
e
t
,
w
b_
st
b,
w
b_
we
,
w
b_
cy
c,
w
b_
ad
r,
w
b_
da
t_
i,
w
b_
se
l,
c
lk
);
15 16
e
n
di
nt
er
fa
ce
17 18 19 20
82 C. Testbench Source Code
A
p
p
e
n
di
x 
C.
3:
 t
es
t.
sv
1 2
//
R
e
fe
re
nc
e
t
o
A
E
S
c
-
m
o
de
l
3
e
x
t
e
r
n
v
o
id
a
e
s
c
m
o
de
l(
in
pu
t
bi
t
[1
27
:0
],
in
pu
t
bi
t
[1
27
:0
],
in
pu
t
bi
t,
o
u
t
p
u
t
bi
t
[1
27
:0
])
;
4 5 6
p
r
o
g
r
a
m
a
u
t
o
m
a
t
ic
t
e
s
t
(w
b_
if
.T
ST
w
bi
f)
;
7 8
e
v
e
n
t
ha
nd
sh
ak
e;
//
H
a
n
ds
ha
ke
e
v
e
n
t
fo
r
B
F
M
a
n
d
G
e
n
e
r
a
t
o
r
in
te
ra
ct
io
n
9
c
o
n
s
t
in
t
R
O
U
N
D
S
=
10
;
//
N
u
m
be
r
o
f
t
e
s
t
s
10 11 12 13 14 15
//
*
*
*
T
R
A
N
S
A
C
T
I
O
N
C
L
A
S
S
16
//
*
*
*
O
bj
ec
ts
fo
r
da
ta
e
x
c
ha
ng
e
be
tw
ee
n
t
r
a
n
s
a
c
t
o
r
s
17
//
*
*
*
18
c
la
ss
T
r
a
n
s
a
c
t
io
n;
19
r
a
n
d
bi
t
[1
27
:0
]
da
ta
_i
n;
20
r
a
n
d
bi
t
[1
27
:0
]
ke
y;
21
bi
t
[1
27
:0
]
da
ta
_o
ut
;
22
bi
t
[1
27
:0
]
da
ta
_c
_o
ut
;
23
bi
t
de
cr
yp
t;
24
bi
t
r
e
s
e
t
=
0;
25
e
n
dc
la
ss
26 27 28 29
//
*
*
*
G
E
N
E
R
A
T
O
R
C
L
A
S
S
30
//
*
*
*
31
c
la
ss
G
e
n
e
r
a
t
o
r
;
32 33 34
m
a
il
bo
x
g
e
n
2b
fm
;
//
M
a
il
bo
x
t
o
B
F
M
35
m
a
il
bo
x
g
e
n
2s
cb
;
//
M
a
il
bo
x
t
o
S
c
o
r
e
bo
ar
d
36 37
fu
nc
ti
on
n
e
w
(m
ai
lb
ox
g
e
n
2b
fm
,
g
e
n
2s
cb
);
38
t
hi
s.
ge
n2
bf
m
=
g
e
n
2b
fm
;
39
t
hi
s.
ge
n2
sc
b
=
g
e
n
2s
cb
;
40
e
n
df
un
ct
io
n
41 42
t
a
s
k
r
u
n
;
43
be
gi
n
44
//
S
t
a
r
t
w
it
h
o
n
e
r
e
s
e
t
t
o
m
a
ke
t
he
A
E
S
m
o
du
le
w
o
r
k
45
r
e
s
e
t
_
t
a
s
k(
);
46 47 48
fo
r
(i
nt
i=
0;
i<
RO
UN
DS
;
i+
+)
be
gi
n
49 50
//
S
t
a
r
t
n
e
w
e
n
c
r
y
p
t
io
n,
de
cr
yp
ti
on
o
r
r
e
s
e
t
A
p
p
e
n
di
x 
C.
3:
 t
es
t.
sv
51
r
a
n
ds
eq
ue
nc
e
(s
tr
ea
m)
52
s
t
r
e
a
m
:
e
n
c
r
y
p
t
:
=
5
|
53
de
cr
yp
t
:
=
5
|
54
r
e
s
e
t
:
=
5;
55
e
n
c
r
y
p
t
:
{
e
n
c
r
y
p
t
_
t
a
s
k;
}
|
56
{
e
n
c
r
y
p
t
_
t
a
s
k;
}
e
n
c
r
y
p
t
;
57
de
cr
yp
t
:
{
de
cr
yp
t_
ta
sk
;
}
|
58
{
de
cr
yp
t_
ta
sk
;
}
de
cr
yp
t;
59
r
e
s
e
t
:
{
r
e
s
e
t
_
t
a
s
k;
}
|
60
{
r
e
s
e
t
_
t
a
s
k;
}
r
e
s
e
t
;
61
e
n
ds
eq
ue
nc
e
62 63
//
wa
it
fo
r
B
F
M
t
o
fe
tc
h
o
bj
ec
t
64
@h
an
ds
ha
ke
;
65
e
n
d
66
e
n
d
67
e
n
dt
as
k
68 69 70
//
C
r
e
a
t
e
t
r
o
bj
ec
t
fo
r
e
n
c
r
y
p
t
io
n
71
t
a
s
k
e
n
c
r
y
p
t
_
t
a
s
k;
72
be
gi
n
73
//
n
e
w
t
r
o
bj
ec
t
fo
r
da
ta
s
t
o
r
a
g
e
74
T
r
a
n
s
a
c
t
io
n
t
r
=
n
e
w
()
;
75 76
//
r
a
n
do
mi
ze
ke
y
a
n
d
in
da
ta
77
a
_
r
a
n
do
mi
ze
_e
:
a
s
s
e
r
t
(t
r.
ra
nd
om
iz
e(
))
;
78
t
r
.
de
cr
yp
t
=
0;
79 80
//
s
e
n
d
t
r
o
bj
ec
t
t
o
B
F
M
a
n
d
S
c
o
r
e
bo
ar
d
m
a
il
bo
xe
s
81
g
e
n
2b
fm
.p
ut
(t
r)
;
82
g
e
n
2s
cb
.p
ut
(t
r)
;
83
e
n
d
84
e
n
dt
as
k
85 86
//
C
r
e
a
t
e
t
r
o
bj
ec
t
fo
r
de
cr
yp
ti
on
87
t
a
s
k
de
cr
yp
t_
ta
sk
;
88
be
gi
n
89
//
n
e
w
t
r
o
bj
ec
t
fo
r
da
ta
s
t
o
r
a
g
e
90
T
r
a
n
s
a
c
t
io
n
t
r
=
n
e
w
()
;
91 92
//
r
a
n
do
mi
ze
ke
y
a
n
d
in
da
ta
93
a
_
r
a
n
do
mi
ze
_d
:
a
s
s
e
r
t
(t
r.
ra
nd
om
iz
e(
))
;
94
t
r
.
de
cr
yp
t
=
1;
95 96
//
s
e
n
d
t
r
o
bj
ec
t
t
o
B
F
M
a
n
d
S
c
o
r
e
bo
ar
d
m
a
il
bo
xe
s
97
g
e
n
2b
fm
.p
ut
(t
r)
;
98
g
e
n
2s
cb
.p
ut
(t
r)
;
99
e
n
d
10
0
e
n
dt
as
k
A
p
p
e
n
di
x 
C.
3:
 t
es
t.
sv
10
1
10
2
//
C
r
e
a
t
e
t
r
o
bj
ec
t
fo
r
r
e
s
e
t
10
3
t
a
s
k
r
e
s
e
t
_
t
a
s
k;
10
4
be
gi
n
10
5
//
n
e
w
t
r
o
bj
ec
t
fo
r
da
ta
s
t
o
r
a
g
e
10
6
T
r
a
n
s
a
c
t
io
n
t
r
=
n
e
w
()
;
10
7
10
8
t
r
.
r
e
s
e
t
=
1;
10
9
11
0
//
s
e
n
d
t
r
o
bj
ec
t
t
o
B
F
M
a
n
d
S
c
o
r
e
bo
ar
d
m
a
il
bo
xe
s
11
1
g
e
n
2b
fm
.p
ut
(t
r)
;
11
2
g
e
n
2s
cb
.p
ut
(t
r)
;
11
3
e
n
d
11
4
e
n
dt
as
k
11
5
11
6
11
7
e
n
dc
la
ss
11
8
11
9
12
0
12
1
//
*
*
*
S
C
O
R
E
B
O
A
R
D
C
L
A
S
S
12
2
//
*
*
*
12
3
c
la
ss
S
c
o
r
e
bo
ar
d;
12
4
12
5
T
r
a
n
s
a
c
t
io
n
t
r
;
12
6
12
7
m
a
il
bo
x
g
e
n
2s
cb
,
s
c
b2
ch
k;
12
8
12
9
fu
nc
ti
on
n
e
w
(m
ai
lb
ox
g
e
n
2s
cb
,
s
c
b2
ch
k)
;
13
0
t
hi
s.
ge
n2
sc
b
=
g
e
n
2s
cb
;
13
1
t
hi
s.
sc
b2
ch
k
=
s
c
b2
ch
k;
13
2
e
n
df
un
ct
io
n
13
3
13
4
t
a
s
k
r
u
n
;
13
5
r
e
p
e
a
t
(R
OU
ND
S)
be
gi
n
13
6
g
e
n
2s
cb
.g
et
(t
r)
;
13
7
13
8
if
(!
tr
.r
es
et
)
a
e
s
c
m
o
de
l(
tr
.d
at
a_
in
,t
r.
ke
y,
tr
.d
ec
ry
pt
,t
r.
da
ta
_c
_o
ut
);
13
9
s
c
b2
ch
k.
pu
t(
tr
);
14
0
e
n
d
14
1
e
n
dt
as
k
14
2
e
n
dc
la
ss
14
3
14
4
14
5
//
*
*
*
B
F
M
C
A
L
L
B
A
C
K
C
L
A
S
S
14
6
//
*
*
*
14
7
c
la
ss
B
F
M
_
c
bs
;
14
8
t
a
s
k
p
r
e
_
t
x
()
;
14
9
r
e
p
e
a
t
($
ur
an
do
m_
ra
ng
e(
0,
9)
)
be
gi
n
15
0
@(
po
se
dg
e
w
bi
f.
cl
k)
;
A
p
p
e
n
di
x 
C.
3:
 t
es
t.
sv
15
1
e
n
d
15
2
e
n
dt
as
k
15
3
15
4
t
a
s
k
p
o
s
t
_
t
x
()
;
15
5
//
do
n
o
t
hi
ng
fo
r
n
o
w
15
6
e
n
dt
as
k
15
7
e
n
dc
la
ss
15
8
15
9
16
0
16
1
//
*
*
*
B
U
S
F
U
N
C
T
I
O
N
A
L
M
O
D
E
L
C
L
A
S
S
16
2
//
*
*
*
W
is
hb
on
e
bu
s
c
o
m
m
u
n
ic
at
io
n
w
it
h
de
vi
ce
-u
nd
er
-t
es
t
16
3
//
*
*
*
16
4
c
la
ss
B
F
M
;
16
5
in
t
da
ta
_c
yc
le
_o
ut
[4
];
//
Ou
td
at
a
fr
om
W
is
hb
on
e
c
y
c
le
s
16
6
in
t
da
ta
_c
yc
le
_i
n[
9]
;
//
In
da
ta
fo
r
W
B
c
y
c
le
s
16
7
16
8
B
F
M
_
c
bs
c
bs
;
16
9
T
r
a
n
s
a
c
t
io
n
t
r
;
17
0
17
1
17
2
//
D
e
fi
ne
c
o
v
e
r
g
r
o
u
p
fo
r
W
B
in
da
ta
17
3
c
o
v
e
r
g
r
o
u
p
c
o
v
W
bD
at
In
;
17
4
c
o
v
e
r
p
o
in
t
w
b_
if
.w
b_
da
t_
i;
17
5
e
n
dg
ro
up
17
6
17
7
17
8
m
a
il
bo
x
g
e
n
2b
fm
;
//
Ma
il
bo
x
fr
om
G
e
n
e
r
a
t
o
r
17
9
m
a
il
bo
x
bf
m2
ch
k;
//
Ma
il
bo
x
t
o
C
he
ck
er
18
0
18
1
fu
nc
ti
on
n
e
w
(m
ai
lb
ox
g
e
n
2b
fm
,
bf
m2
ch
k)
;
18
2
t
hi
s.
ge
n2
bf
m
=
g
e
n
2b
fm
;
18
3
t
hi
s.
bf
m2
ch
k
=
bf
m2
ch
k;
18
4
c
o
v
W
bD
at
In
=
n
e
w
;
18
5
e
n
df
un
ct
io
n
18
6
18
7
18
8
t
a
s
k
r
u
n
;
18
9
r
e
p
e
a
t
(R
OU
ND
S)
be
gi
n
19
0
//
G
e
t
da
ta
fr
om
G
e
n
e
r
a
t
o
r
19
1
g
e
n
2b
fm
.g
et
(t
r)
;
19
2
19
3
//
T
e
ll
G
e
n
e
r
a
t
o
r
t
o
c
o
n
t
in
ue
19
4
-
>
ha
nd
sh
ak
e;
19
5
19
6
19
7
//
F
il
l
a
r
r
a
y
w
it
h
da
ta
fr
om
r
e
c
e
iv
ed
t
r
o
bj
ec
t
19
8
da
ta
_c
yc
le
_i
n[
8]
=
t
r
.
ke
y[
31
:0
];
19
9
da
ta
_c
yc
le
_i
n[
7]
=
t
r
.
ke
y[
63
:3
2]
;
20
0
da
ta
_c
yc
le
_i
n[
6]
=
t
r
.
ke
y[
95
:6
4]
;
A
p
p
e
n
di
x 
C.
3:
 t
es
t.
sv
20
1
da
ta
_c
yc
le
_i
n[
5]
=
t
r
.
ke
y[
12
7:
96
];
20
2
da
ta
_c
yc
le
_i
n[
4]
=
t
r
.
da
ta
_i
n[
31
:0
];
20
3
da
ta
_c
yc
le
_i
n[
3]
=
t
r
.
da
ta
_i
n[
63
:3
2]
;
20
4
da
ta
_c
yc
le
_i
n[
2]
=
t
r
.
da
ta
_i
n[
95
:6
4]
;
20
5
da
ta
_c
yc
le
_i
n[
1]
=
t
r
.
da
ta
_i
n[
12
7:
96
];
20
6
da
ta
_c
yc
le
_i
n[
0]
=
(t
r.
de
cr
yp
t*
4)
+1
;
//
de
cr
yp
t:
s
e
n
d
3'
b1
01
20
7
//
en
cr
yp
t:
s
e
n
d
3'
b0
01
20
8
20
9
21
0
21
1
if
(t
r.
re
se
t
=
=
1)
be
gi
n
21
2
//
R
e
s
e
t
de
vi
ce
21
3
@(
po
se
dg
e
w
bi
f.
cl
k)
;
21
4
s
e
n
dr
es
et
()
;
21
5
$d
is
pl
ay
("
RE
SE
T!
")
;
21
6
e
n
d
21
7
e
ls
e
be
gi
n
21
8
21
9
//
S
e
n
d
9
c
y
c
le
s
o
f
da
ta
22
0
fo
r
(i
nt
i=
8;
i>
=0
;
i-
-)
be
gi
n
22
1
22
2
@(
po
se
dg
e
w
bi
f.
cl
k)
;
22
3
w
r
it
ec
yc
le
((
i*
4)
,d
at
a_
cy
cl
e_
in
[i
])
;
22
4
22
5
e
n
d
//
fo
r
22
6
22
7
22
8
//
W
a
it
fo
r
A
E
S
c
a
lc
ul
at
io
n
t
o
c
o
m
p
le
te
22
9
r
e
p
e
a
t
(6
00
)
@(
po
se
dg
e
w
bi
f.
cl
k)
;
23
0
23
1
23
2
//
R
e
a
d
o
u
t
da
ta
u
s
in
g
4
c
y
c
le
s
23
3
fo
r
(i
nt
i=
3;
i>
=0
;
i-
-)
be
gi
n
23
4
23
5
@(
po
se
dg
e
w
bi
f.
cl
k)
;
23
6
r
e
a
dc
yc
le
((
i*
4)
+3
6)
;
23
7
23
8
e
n
d
//
fo
r
23
9
24
0
24
1
//
A
dd
o
u
t
da
ta
t
o
t
r
o
bj
ec
t
24
2
t
r
.
da
ta
_o
ut
[3
1:
0]
=
da
ta
_c
yc
le
_o
ut
[3
];
24
3
t
r
.
da
ta
_o
ut
[6
3:
32
]
=
da
ta
_c
yc
le
_o
ut
[2
];
24
4
t
r
.
da
ta
_o
ut
[9
5:
64
]
=
da
ta
_c
yc
le
_o
ut
[1
];
24
5
t
r
.
da
ta
_o
ut
[1
27
:9
6]
=
da
ta
_c
yc
le
_o
ut
[0
];
24
6
e
n
d
24
7
24
8
//
S
e
n
d
t
r
o
bj
ec
t
t
o
C
he
ck
er
m
a
il
bo
x
24
9
bf
m2
ch
k.
pu
t(
tr
);
25
0
A
p
p
e
n
di
x 
C.
3:
 t
es
t.
sv
25
1
e
n
d
25
2
e
n
dt
as
k
25
3
25
4
25
5
//
R
e
s
e
t
de
vi
ce
25
6
t
a
s
k
s
e
n
dr
es
et
()
;
25
7
be
gi
n
25
8
@(
po
se
dg
e
w
bi
f.
cl
k)
;
25
9
w
bi
f.
re
se
t
=
1'
b0
;
26
0
@(
po
se
dg
e
w
bi
f.
cl
k)
;
26
1
w
bi
f.
re
se
t
=
1'
b1
;
26
2
@(
po
se
dg
e
w
bi
f.
cl
k)
;
26
3
w
bi
f.
re
se
t
=
1'
b0
;
26
4
w
bi
f.
wb
_c
yc
=
1'
b0
;
26
5
e
n
d
26
6
e
n
dt
as
k
26
7
26
8
26
9
//
S
e
t
s
ig
na
ls
o
n
W
is
hb
on
e
bu
s
27
0
t
a
s
k
s
e
t
s
ig
na
ls
(b
it
w
e
,
bi
t
[3
1:
0]
a
dr
,
da
t_
i)
;
27
1
be
gi
n
27
2
c
bs
.p
re
_t
x(
);
//
P
r
e
-
t
r
a
n
s
fe
r
c
a
ll
ba
ck
27
3
27
4
w
bi
f.
wb
_a
dr
=
a
dr
;
//
da
ta
a
dd
re
ss
27
5
w
bi
f.
wb
_d
at
_i
=
da
t_
i;
//
da
ta
in
27
6
w
bi
f.
wb
_c
yc
=
1'
b1
;
//
c
y
c
le
in
di
ca
to
r
27
7
w
bi
f.
wb
_s
tb
=
1'
b1
;
//
s
t
r
o
be
27
8
w
bi
f.
wb
_w
e
=
w
e
;
//
w
r
it
e
e
n
a
bl
e
27
9
28
0
c
bs
.p
os
t_
tx
()
;
//
P
o
s
t
-
t
r
a
n
s
fe
r
c
a
ll
ba
ck
28
1
e
n
d
28
2
e
n
dt
as
k
28
3
28
4
28
5
//
w
r
it
e
da
ta
t
o
W
B
bu
s
28
6
t
a
s
k
w
r
it
ec
yc
le
(b
it
[3
1:
0]
a
dr
,
da
t_
i)
;
28
7
be
gi
n
28
8
//
S
e
t
s
ig
na
ls
o
n
W
B
bu
s
28
9
s
e
t
s
ig
na
ls
(1
'b
1,
ad
r,
da
t_
i)
;
29
0
29
1
@(
po
se
dg
e
w
bi
f.
cl
k)
;
29
2
29
3
//
S
a
m
p
le
fu
nc
ti
on
al
c
o
v
e
r
a
g
e
da
ta
29
4
c
o
v
W
bD
at
In
.s
am
pl
e(
);
29
5
29
6
//
W
a
it
fo
r
a
c
k
fr
om
de
vi
ce
29
7
w
hi
le
(~
wb
if
.w
b_
ac
k)
@(
po
se
dg
e
w
bi
f.
cl
k)
;
29
8
29
9
//
E
n
d
w
r
it
e
c
y
c
le
30
0
w
bi
f.
wb
_c
yc
=
1'
b0
;
A
p
p
e
n
di
x 
C.
3:
 t
es
t.
sv
30
1
w
bi
f.
wb
_s
tb
=
1'
b0
;
30
2
30
3
e
n
d
30
4
e
n
dt
as
k
30
5
30
6
30
7
//
r
e
a
d
da
ta
fr
om
W
B
bu
s
30
8
t
a
s
k
r
e
a
dc
yc
le
(b
it
[3
1:
0]
a
dr
);
30
9
be
gi
n
31
0
//
S
e
t
s
ig
na
ls
o
n
W
B
bu
s
31
1
s
e
t
s
ig
na
ls
(1
'b
0,
ad
r,
32
'b
0)
;
31
2
31
3
@(
po
se
dg
e
w
bi
f.
cl
k)
;
31
4
31
5
//
W
a
it
fo
r
a
c
k
fr
om
de
vi
ce
31
6
w
hi
le
(~
wb
if
.w
b_
ac
k)
@(
po
se
dg
e
w
bi
f.
cl
k)
;
31
7
31
8
//
F
e
t
c
h
da
ta
fr
om
W
B
bu
s
31
9
da
ta
_c
yc
le
_o
ut
[(
(a
dr
-3
6)
/4
)]
=
w
bi
f.
wb
_d
at
_o
;
32
0
32
1
//
E
n
d
r
e
a
d
c
y
c
le
32
2
w
bi
f.
wb
_c
yc
=
1'
b0
;
32
3
w
bi
f.
wb
_s
tb
=
1'
b0
;
32
4
32
5
e
n
d
32
6
e
n
dt
as
k
32
7
32
8
32
9
33
0
e
n
dc
la
ss
33
1
33
2
33
3
33
4
33
5
//
*
*
*
C
H
E
C
K
E
R
C
L
A
S
S
33
6
//
*
*
*
33
7
c
la
ss
C
he
ck
er
;
33
8
T
r
a
n
s
a
c
t
io
n
t
r
;
33
9
34
0
m
a
il
bo
x
bf
m2
ch
k,
s
c
b2
ch
k;
34
1
34
2
fu
nc
ti
on
n
e
w
(m
ai
lb
ox
bf
m2
ch
k,
s
c
b2
ch
k)
;
34
3
t
hi
s.
bf
m2
ch
k
=
bf
m2
ch
k;
34
4
t
hi
s.
sc
b2
ch
k
=
s
c
b2
ch
k;
34
5
e
n
df
un
ct
io
n
34
6
34
7
t
a
s
k
r
u
n
;
34
8
r
e
p
e
a
t
(R
OU
ND
S)
be
gi
n
34
9
35
0
//
R
e
c
e
iv
e
t
r
a
n
s
a
c
t
io
n
o
bj
ec
t
fr
om
B
F
M
.
W
a
it
fo
r
S
c
o
r
e
bo
ar
d
t
o
o
A
p
p
e
n
di
x 
C.
3:
 t
es
t.
sv
35
1
bf
m2
ch
k.
ge
t(
tr
);
35
2
s
c
b2
ch
k.
ge
t(
tr
);
35
3
35
4
a
_
o
u
t
p
u
t
:
a
s
s
e
r
t
(t
r.
da
ta
_o
ut
=
=
t
r
.
da
ta
_c
_o
ut
);
35
5
35
6
$d
is
pl
ay
("
")
;
35
7
$d
is
pl
ay
("
Da
ta
in
:
%h
",
tr
.d
at
a_
in
);
35
8
$d
is
pl
ay
("
Ke
y
in
:
%h
",
tr
.k
ey
);
35
9
$d
is
pl
ay
("
De
cr
yp
t:
%h
",
tr
.d
ec
ry
pt
);
36
0
$d
is
pl
ay
("
Re
se
t:
%h
",
tr
.r
es
et
);
36
1
$d
is
pl
ay
("
BF
M
da
ta
o
u
t
:
%h
",
tr
.d
at
a_
ou
t)
;
36
2
$d
is
pl
ay
("
SC
B
da
ta
o
u
t
:
%h
",
tr
.d
at
a_
c_
ou
t)
;
36
3
$d
is
pl
ay
("
")
;
36
4
36
5
e
n
d
36
6
e
n
dt
as
k
36
7
e
n
dc
la
ss
36
8
36
9
37
0
37
1
37
2
37
3
c
la
ss
E
n
v
ir
on
me
nt
;
37
4
37
5
m
a
il
bo
x
g
e
n
2b
fm
;
37
6
m
a
il
bo
x
g
e
n
2s
cb
;
37
7
m
a
il
bo
x
bf
m2
ch
k;
37
8
m
a
il
bo
x
s
c
b2
ch
k;
37
9
38
0
38
1
B
F
M
bf
m;
38
2
G
e
n
e
r
a
t
o
r
g
e
n
;
38
3
S
c
o
r
e
bo
ar
d
s
c
b;
38
4
C
he
ck
er
c
hk
;
38
5
38
6
t
a
s
k
r
u
n
;
38
7
be
gi
n
38
8
g
e
n
2b
fm
=
n
e
w
;
38
9
bf
m2
ch
k
=
n
e
w
;
39
0
g
e
n
2s
cb
=
n
e
w
;
39
1
s
c
b2
ch
k
=
n
e
w
;
39
2
39
3
g
e
n
=
n
e
w
(g
en
2b
fm
,g
en
2s
cb
);
39
4
bf
m
=
n
e
w
(g
en
2b
fm
,b
fm
2c
hk
);
39
5
s
c
b
=
n
e
w
(g
en
2s
cb
,s
cb
2c
hk
);
39
6
c
hk
=
n
e
w
(b
fm
2c
hk
,s
cb
2c
hk
);
39
7
39
8
$d
is
pl
ay
("
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
*"
);
39
9
$d
is
pl
ay
("
*
A
E
S
W
B
T
e
s
t
.
.
.
*
"
);
40
0
$d
is
pl
ay
("
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
*"
);
A
p
p
e
n
di
x 
C.
3:
 t
es
t.
sv
40
1
40
2
fo
rk
40
3
bf
m.
ru
n(
);
40
4
g
e
n
.
r
u
n
()
;
40
5
s
c
b.
ru
n(
);
40
6
c
hk
.r
un
()
;
40
7
jo
in
40
8
40
9
$d
is
pl
ay
("
**
*
F
in
is
he
d
*
*
*
"
);
41
0
e
n
d
41
1
e
n
dt
as
k
41
2
41
3
e
n
dc
la
ss
41
4
41
5
41
6
41
7
41
8
//
D
e
fi
ne
e
n
v
ir
on
me
nt
41
9
E
n
v
ir
on
me
nt
e
n
v
;
42
0
42
1
//
S
t
a
r
t
e
n
v
ir
on
me
nt
o
n
p
r
o
g
r
a
m
s
t
a
r
t
42
2
in
it
ia
l
be
gi
n
42
3
e
n
v
=
n
e
w
;
42
4
e
n
v
.
r
u
n
()
;
42
5
e
n
d
42
6
42
7
42
8
42
9
43
0
43
1
43
2
e
n
dp
ro
gr
am
92 C. Testbench Source Code
A
p
p
e
n
di
x 
C.
4:
 s
va
ex
te
rn
al
.s
v
1 2 3
//
*
*
*
S
V
A
E
X
T
E
R
N
A
L
m
o
du
le
4
//
*
*
*
M
o
du
le
w
it
h
e
x
t
e
r
n
a
l
a
s
s
e
r
t
io
ns
5
//
*
*
*
6
m
o
du
le
s
v
a
e
x
t
e
r
n
a
l(
wb
_i
f.
SV
A
w
bi
f)
;
7 8 9 10
//
C
he
ck
fo
r
a
c
ks
w
it
ho
ut
s
t
r
o
be
11
p
r
o
p
e
r
t
y
p
_
s
t
b_
ac
k;
12
@(
po
se
dg
e
w
b_
if
.c
lk
)
($
ro
se
(w
b_
if
.w
b_
ac
k)
|-
>
w
b_
if
.w
b_
st
b)
;
13
e
n
dp
ro
pe
rt
y
14 15
//
C
he
ck
fo
r
u
n
kn
ow
n
da
ta
o
n
bu
s
w
hi
le
bu
s
r
e
a
di
ng
is
a
ll
ow
ed
16
p
r
o
p
e
r
t
y
p
_
da
ta
_r
ea
d;
17
@(
po
se
dg
e
w
b_
if
.c
lk
)
n
o
t
($
is
un
kn
ow
n(
wb
_i
f.
wb
_d
at
_o
)
&
&
(~
wb
_i
f.
wb
_w
e)
&
&
(w
b_
if
.w
b_
ac
k)
);
18
e
n
dp
ro
pe
rt
y
19 20 21
//
C
he
ck
fo
r
p
r
o
p
e
r
ha
nd
sh
ak
e
(l
ib
ra
ry
a
s
s
e
r
t
io
n)
22
a
s
s
e
r
t
_
ha
nd
sh
ak
e
#(
0,
0,
10
,
0,
0,
3,
0,
"E
RR
OR
:
ha
nd
sh
ak
e
in
co
rr
ec
t"
)
23
in
va
li
d_
ha
nd
sh
ak
e
(w
b_
if
.c
lk
,
~
w
b_
if
.r
es
et
,
w
b_
if
.w
b_
cy
c,
w
b_
if
.w
b_
ac
k)
;
24 25 26 27
a
_
s
t
b_
ac
k:
a
s
s
e
r
t
p
r
o
p
e
r
t
y
(p
_s
tb
_a
ck
);
28
a
_
da
ta
_r
ea
d:
a
s
s
e
r
t
p
r
o
p
e
r
t
y
(p
_d
at
a_
re
ad
);
29 30
e
n
dm
od
ul
e
94 C. Testbench Source Code
A
p
p
e
n
di
x 
C.
5:
 a
es
to
p.
sv
1
`
in
cl
ud
e
"
t
im
es
ca
le
.v
"
2 3
m
o
du
le
a
e
s
t
o
p
(w
b_
if
.D
UT
w
bi
f)
;
4 5
lo
gi
c
r
e
s
e
t
w
b,
r
e
s
e
t
a
e
s
,
lo
ad
,
de
cr
yp
t,
r
e
a
dy
;
6
lo
gi
c
[1
27
:0
]
ke
y,
da
ta
_i
,
da
ta
_o
;
7 8
a
lw
ay
s
@(
wb
if
.r
es
et
)
9
be
gi
n
10
r
e
s
e
t
w
b
=
w
bi
f.
re
se
t;
11
r
e
s
e
t
a
e
s
=
~
(w
bi
f.
re
se
t)
;
12
e
n
d
13 14
a
e
s
a
e
s
(w
bi
f.
cl
k,
re
se
ta
es
,l
oa
d,
de
cr
yp
t,
da
ta
_i
,k
ey
,r
ea
dy
,d
at
a_
o)
;
15
w
b_
ae
s_
co
nt
ro
ll
er
w
bc
(w
bi
f.
cl
k,
re
se
tw
b,
wb
if
.w
b_
st
b,
wb
if
.w
b_
da
t_
o,
wb
if
.w
b_
da
t_
i,
wb
if
.w
b_
ac
k,
wb
if
.w
b_
ad
r,
wb
if
.w
b_
we
,w
bi
f.
wb
_c
yc
,
w
bi
f.
wb
_s
el
,l
oa
d,
de
cr
yp
t,
re
ad
y,
da
ta
_i
,k
ey
,d
at
a_
o)
;
16 17
e
n
dm
od
ul
e
96 C. Testbench Source Code
A
p
p
e
n
di
x 
C.
6:
 C
 c
om
mu
ni
ca
ti
on
 f
un
ct
io
n 
(p
la
ce
d 
in
 a
es
.c
)
1
v
o
id
a
e
s
c
m
o
de
l(
U
B
*
r
e
v
_
t
e
s
t
_
in
,
U
B
*
r
e
v
_
t
e
s
t
_
ke
y,
s
c
a
la
r
de
cr
yp
t,
U
B
*
r
e
v
_
t
e
s
t
_
o
u
t
)
2
{
3 4
in
t
i;
5
u
n
s
ig
ne
d
c
ha
r
t
e
s
t
_
in
[N
_
B
L
O
C
K
];
6
u
n
s
ig
ne
d
c
ha
r
t
e
s
t
_
o
u
t
[N
_
B
L
O
C
K
];
7
u
n
s
ig
ne
d
c
ha
r
t
e
s
t
_
ke
y[
N
_
B
L
O
C
K
];
8
u
n
s
ig
ne
d
c
ha
r
t
e
s
t
_
o
_
ke
y[
N
_
B
L
O
C
K
];
9 10 11
//
R
e
v
e
r
s
e
in
da
ta
12
fo
r
(i
=
0;
i<
N
_
B
L
O
C
K
;
i+
+
)
{
13
t
e
s
t
_
in
[N
_
B
L
O
C
K
-
1-
i]
=
r
e
v
_
t
e
s
t
_
in
[i
];
14
t
e
s
t
_
ke
y[
N
_
B
L
O
C
K
-
1-
i]
=
r
e
v
_
t
e
s
t
_
ke
y[
i]
;
15
}
16 17 18
//
E
n
c
r
y
p
t
o
r
de
cr
yp
t
19
if
(d
ec
ry
pt
=
=
1)
{
20
a
e
s
_
e
n
c
r
y
p
t
_
12
8(
t
e
s
t
_
in
,
t
e
s
t
_
o
u
t
,
t
e
s
t
_
ke
y,
t
e
s
t
_
o
_
ke
y)
;
21
a
e
s
_
de
cr
yp
t_
12
8(
t
e
s
t
_
in
,
t
e
s
t
_
o
u
t
,
t
e
s
t
_
o
_
ke
y,
t
e
s
t
_
ke
y)
;
22
}
23
e
ls
e
{
24
a
e
s
_
e
n
c
r
y
p
t
_
12
8(
t
e
s
t
_
in
,
t
e
s
t
_
o
u
t
,
t
e
s
t
_
ke
y,
t
e
s
t
_
o
_
ke
y)
;
25
}
26 27 28
//
R
e
v
e
r
s
e
o
u
t
da
ta
29
fo
r
(i
=
0;
i<
N
_
B
L
O
C
K
;
i+
+
)
{
30
r
e
v
_
t
e
s
t
_
o
u
t
[N
_
B
L
O
C
K
-
1-
i]
=
t
e
s
t
_
o
u
t
[i
];
31
}
32 33
}
34 35 36
98 C. Testbench Source Code
C Language Communication Function 99

101
Appendix D
Coverage Reports
D.1 cmView.short_ld File
// Synopsys, Inc.
//
// Generated by: cmView X-2005.06-SP2
// User: henrikru
// Date: Sat Dec 30 21:58:19 2006
SHORT SOURCE LINE COVERAGE REPORT
//*****************************************************************
// MODULE DEFINITION COVERAGE
// This section contains coverage for module definitions.
// The coverage is cumulative over all the instances of the module
Test Coverage Result: Total Coverage
MODULE wb_aes_controller
FILE /home/henrikru/oo2/wb_aescontroller.v
Line No Coverage Block Type
144.1 0 MISSING_DEFAULT
102 D. Coverage Reports
153 0 CASEITEM
154 0
171.1 0 MISSING_DEFAULT
//-----------------------------------------------------------------
//*****************************************************************
// Total Module Definition Coverage Summary
TOTAL COVERED PERCENT
lines 462 460 99.57
statements 511 509 99.61
blocks 122 121 99.18
ALWAYS 29 29 100.00
CASEITEM 47 46 97.87
IF 28 28 100.00
ELSE 17 17 100.00
MISSING_ELSE 11 11 100.00
ROUTINE 1 1 100.00
MISSING_DEFAULT 3 0 0.00
cmView.short_cd File 103
D.2 cmView.short_cd File
// Synopsys, Inc.
//
// Generated by: cmView X-2005.06-SP2
// User: henrikru
// Date: Sat Dec 30 21:58:19 2006
SHORT CONDITION COVERAGE REPORT
//*****************************************************************
// MODULE DEFINITION COVERAGE
// This section contains coverage for module definitions.
// The coverage is cumulative over all the instances of the module
Test Coverage Result: Total Coverage
MODULE aes
LINE 327
STATEMENT if ((addroundkey_start_i && (round != 4'b0)))
---------1--------- -------2-------
EXPRESSION -1- -2-
1 0 | Not Covered
LINE 345
STATEMENT if (((addroundkey_round == round) && keysched_ready_o))
-------------1-------------- -------2--------
EXPRESSION -1- -2-
0 1 | Not Covered
//-----------------------------------------------------------------
MODULE wb_aes_controller
FILE /home/henrikru/oo2/wb_aescontroller.v
104 D. Coverage Reports
-------------------------------------------
LINE 104
STATEMENT if ((wb_stb_i && wb_cyc_i && wb_we_i && ((~wb_ack_o))))
---1---- ---2---- ---3--- ------4------
EXPRESSION -1- -2- -3- -4-
0 1 1 1 | Not Covered
1 0 1 1 | Not Covered
LINE 147
STATEMENT if ((wb_stb_i && wb_cyc_i && ((~wb_we_i)) && ((~wb_ack_o))))
---1---- ---2---- -----3------ ------4------
EXPRESSION -1- -2- -3- -4-
0 1 1 1 | Not Covered
1 0 1 1 | Not Covered
1 1 0 1 | Not Covered
//-----------------------------------------------------------------
//*****************************************************************
// Total Module Definition Coverage Summary
// TOTAL COVERED PERCENT
// conditions 57 50 87.72
// logical 57 50 87.72
cmView.short_fd File 105
D.3 cmView.short_fd File
// Synopsys, Inc.
//
// Generated by: cmView X-2005.06-SP2
// User: henrikru
// Date: Sat Dec 30 21:58:19 2006
SHORT FSM COVERAGE REPORT
//*****************************************************************
// MODULE DEFINITION COVERAGE
// This section contains coverage for module definitions.
// The coverage is cumulative over all the instances of the module
Test Coverage Result: Total Coverage
MODULE subbytes
FILE subbytes.v
FSM state
// state coverage results
// state transition coverage results
// sequence coverage results
106 D. Coverage Reports
'h1->'h0 | Not Covered
'h10->'h0 | Not Covered
'h10->'h0->'h1 | Not Covered
'h0->'h1->'h0 | Not Covered Loop
'h1->'h0->'h1 | Not Covered Loop
//-------------------------------------------------------------------
// Single FSM Coverage Summmary
TOTAL NOT COVERED PERCENT
States 8 0 0.00
Transitions 4 0 0.00
Sequences 8 5 62.50
//-------------------------------------------------------------------
//-------------------------------------------------------------------
// Module Coverage Summary
TOTAL COVERED PERCENT
Fsms 1 1 100.00
States 8 8 100.00
Transitions 4 4 100.00
Sequences 9 3 33.33
//-----------------------------------------------------------------
MODULE mixcolum
FILE mixcolum.v
FSM state
// state coverage results
// state transition coverage results
'h1->'h0 | Not Covered
'h2->'h0 | Not Covered
cmView.short_fd File 107
// sequence coverage results
'h1->'h0 | Not Covered
'h2->'h0 | Not Covered
'h1->'h2->'h0 | Not Covered
'h2->'h0->'h1 | Not Covered
'h0->'h1->'h0 | Not Covered Loop
'h1->'h0->'h1 | Not Covered Loop
'h0->'h1->'h2->'h0 | Not Covered Loop
'h1->'h2->'h0->'h1 | Not Covered Loop
'h2->'h0->'h1->'h2 | Not Covered Loop
//-------------------------------------------------------------------
// Single FSM Coverage Summmary
TOTAL NOT COVERED PERCENT
States 4 0 0.00
Transitions 6 2 33.33
Sequences 25 9 36.00
//-------------------------------------------------------------------
//-------------------------------------------------------------------
// Module Coverage Summary
TOTAL COVERED PERCENT
Fsms 1 0 0.00
States 4 4 100.00
Transitions 6 4 66.67
Sequences 25 16 64.00
//-----------------------------------------------------------------
MODULE keysched
FILE keysched.v
FSM state
// state coverage results
108 D. Coverage Reports
// state transition coverage results
'h1->'h0 | Not Covered
'h2->'h0 | Not Covered
'h3->'h0 | Not Covered
// sequence coverage results
'h1->'h0 | Not Covered
'h2->'h0 | Not Covered
'h3->'h0 | Not Covered
'h1->'h2->'h0 | Not Covered
'h2->'h0->'h1 | Not Covered
'h2->'h3->'h0 | Not Covered
'h3->'h0->'h1 | Not Covered
'h1->'h2->'h3->'h0 | Not Covered
'h2->'h3->'h0->'h1 | Not Covered
'h3->'h0->'h1->'h2 | Not Covered
'h0->'h1->'h0 | Not Covered Loop
'h1->'h0->'h1 | Not Covered Loop
'h0->'h1->'h2->'h0 | Not Covered Loop
'h1->'h2->'h0->'h1 | Not Covered Loop
'h2->'h0->'h1->'h2 | Not Covered Loop
'h0->'h1->'h2->'h3->'h0 | Not Covered Loop
'h1->'h2->'h3->'h0->'h1 | Not Covered Loop
'h2->'h3->'h0->'h1->'h2 | Not Covered Loop
'h3->'h0->'h1->'h2->'h3 | Not Covered Loop
//-------------------------------------------------------------------
// Single FSM Coverage Summmary
TOTAL NOT COVERED PERCENT
States 5 0 0.00
Transitions 8 3 37.50
Sequences 44 19 43.18
//-------------------------------------------------------------------
//-------------------------------------------------------------------
// Module Coverage Summary
TOTAL COVERED PERCENT
cmView.short_fd File 109
Fsms 1 0 0.00
States 5 5 100.00
Transitions 8 5 62.50
Sequences 44 25 56.82
//-----------------------------------------------------------------
//*****************************************************************
// Total Module Definition Coverage Summary
TOTAL COVERED PERCENT
Fsms 3 1 33.33
States 17 17 100.00
Transitions 18 13 72.22
Sequences 78 44 56.41
110 D. Coverage Reports
D.4 cmView.short_bd File
// Synopsys, Inc.
//
// Generated by: cmView X-2005.06-SP2
// User: henrikru
// Date: Sat Dec 30 21:58:19 2006
SHORT BRANCH COVERAGE REPORT
//*****************************************************************
// MODULE DEFINITION COVERAGE
// This section contains coverage for module definitions.
// The coverage is cumulative over all the instances of the module
Test Coverage Result: Total Coverage
MODULE subbytes
145 if(!reset)
-1-
146 begin
147
148 data_reg = (0);
149 state = (0);
150 ready_o = (0);
151
152 end
153 else
154 begin
155
156 data_reg = (next_data_reg);
157 state = (next_state);
158 ready_o = (next_ready_o);
159
160 end
161
162 end
cmView.short_bd File 111
163
164
165 //sub:
166 reg[127:0] data_i_var,data_reg_128;
167 reg[7:0] data_array[15:0],data_reg_var[15:0];
168
FILE /home/henrikru/oo2/subbytes.v
-----------------------------------
217 case(state)
-1-
218
219 0:
220 begin
221 if(start_i)
-2-
222 begin
223
224 sbox_data_o = (data_array[0]);
225 next_state = (1);
226
227 end
228 end
229
230 16:
231 begin
232
233 data_reg_var[15]=sbox_data_i;
234 //Make shift rows stage
235 case(decrypt_i)
-3-
236 0:
237 begin
238 `shift_array_to_128
239 end
240 1:
241 begin
242 `invert_shift_array_to_128
243 end
244 endcase
245
246 next_data_reg = (data_reg_128);
112 D. Coverage Reports
247 next_ready_o = (1);
248 next_state = (0);
249
250 end
251 default:
252 begin
253
254 sbox_data_o = (data_array[state]);
255 data_reg_var[state-1]=sbox_data_i;
256 `assign_array_to_128
257 next_data_reg = (data_reg_128);
258 next_state = (state+1);
BRANCH -1- -2- -3-
16 - MISSING_DEFAULT | Not Covered
//***********
//-----------------------------------------------------------------
MODULE mixcolum
104 outmux = (decrypt_i?outy:outx);
-1-
105
106 end
107
108
109 //registers:
113 if(!reset)
-1-
114 begin
115
116 data_reg = (0);
117 state = (0);
118 ready_o = (0);
119 data_o_reg = (0);
120 end
121 else
122 begin
cmView.short_bd File 113
123
124 data_reg = (next_data_reg);
125 state = (next_state);
126 ready_o = (next_ready_o);
127 data_o_reg = (next_data_o);
128
129 end
130
131 end
132
133
134 //mixcol:
135 reg[127:0] data_i_var;
136 reg[31:0] aux;
137 reg[127:0] data_reg_var;
138
FILE /home/henrikru/oo2/mixcolum.v
-----------------------------------
152 case(state)
-1-
153
154 0:
155 begin
156 if(start_i)
-2-
157 begin
158 aux=data_i_var[127:96];
159 mix_word = (aux);
160 data_reg_var[127:96]=outmux;
161 next_data_reg = (data_reg_var);
162 next_state = (1);
163 end
164 end
165 1:
166 begin
167 aux=data_i_var[95:64];
168 mix_word = (aux);
169 data_reg_var[95:64]=outmux;
170 next_data_reg = (data_reg_var);
171 next_state = (2);
172 end
114 D. Coverage Reports
173 2:
174 begin
175 aux=data_i_var[63:32];
176 mix_word = (aux);
177 data_reg_var[63:32]=outmux;
178 next_data_reg = (data_reg_var);
179 next_state = (3);
180 end
181 3:
182 begin
183 aux=data_i_var[31:0];
184 mix_word = (aux);
185 data_reg_var[31:0]=outmux;
186 next_data_o = (data_reg_var);
187 next_ready_o = (1);
188 next_state = (0);
189 end
190 default:
191 begin
BRANCH -1- -2-
default - | Not Covered
//***********
//-----------------------------------------------------------------
MODULE wb_aes_controller
FILE /home/henrikru/oo2/wb_aescontroller.v
-------------------------------------------
87 if(reset==1)
-1-
88 begin
89 wb_ack_o<=#1 0;
90 wb_dat_o<=#1 0;
91 control_reg <= #1 32'h0;
92 cypher_data_reg <= #1 127'h0;
93 key_o <= #1 127'h0;
94 data_o <= #1 127'h0;
95 end
96 else
cmView.short_bd File 115
97 begin
98 if(ready_i)
-2-
99 begin
100 control_reg[1] <= #1 1'b1;
101 cypher_data_reg <= #1 data_i;
102 end
103
104 if(wb_stb_i && wb_cyc_i && wb_we_i && ~wb_ack_o)
-3-
105 begin
106 wb_ack_o<=#1 1;
107 case(wb_adr_i[7:0])
-4-
108 8'h0:
109 begin
110 //Writing control register
111 control_reg<= #1 wb_dat_i;
112 end
113 8'h4:
114 begin
115 data_o[127:96]<= #1 wb_dat_i;
116 end
117 8'h8:
118 begin
119 data_o[95:64]<= #1 wb_dat_i;
120 end
121 8'hC:
122 begin
123 data_o[63:32]<= #1 wb_dat_i;
124 end
125 8'h10:
126 begin
127 data_o[31:0]<= #1 wb_dat_i;
128 end
129 8'h14:
130 begin
131 key_o[127:96]<= #1 wb_dat_i;
132 end
133 8'h18:
134 begin
135 key_o[95:64]<= #1 wb_dat_i;
136 end
137 8'h1C:
116 D. Coverage Reports
138 begin
139 key_o[63:32]<= #1 wb_dat_i;
140 end
141 8'h20:
142 begin
143 key_o[31:0]<= #1 wb_dat_i;
144 end
145 endcase
146 end
147 else if(wb_stb_i && wb_cyc_i && ~wb_we_i && ~wb_ack_o)
-5-
148 begin
149 wb_ack_o<=#1 1;
150 case(wb_adr_i[7:0])
-6-
151 8'h0:
152 begin
153 wb_dat_o<= #1 control_reg;
154 control_reg[1]<=1'b0;
155 end
156 8'h24:
157 begin
158 wb_dat_o<= #1 cypher_data_reg[127:96];
159 end
160 8'h28:
161 begin
162 wb_dat_o<= #1 cypher_data_reg[95:64];
163 end
164 8'h2C:
165 begin
166 wb_dat_o<= #1 cypher_data_reg[63:32];
167 end
168 8'h30:
169 begin
170 wb_dat_o<= #1 cypher_data_reg[31:0];
171 end
172 endcase
173 end
174 else
175 begin
176 wb_ack_o<=#1 0;
177 control_reg[0]<= #1 1'b0;
cmView.short_bd File 117
BRANCH -1- -2- -3- -4- -5- -6-
0 - 1 MISSING_DEFAULT - - | Not Covered
0 - 0 - 1 8'h00 | Not Covered
0 - 0 - 1 MISSING_DEFAULT | Not Covered
//***********
//-----------------------------------------------------------------
//*****************************************************************
// Total Module Definition Coverage Summary
// TOTAL COVERED PERCENT
// branches 91 86 94.51
118 D. Coverage Reports
D.5 cmView.short_pd File
// Synopsys, Inc.
//
// Generated by: cmView X-2005.06-SP2
// User: henrikru
// Date: Sat Dec 30 21:58:19 2006
SHORT PATH COVERAGE REPORT
//*****************************************************************
// MODULE DEFINITION COVERAGE
// This section contains coverage for module definitions.
// The coverage is cumulative over all the instances of the module
Test Coverage Result: Total Coverage
MODULE aes
179
180 if(decrypt_i&&round!=10)
-1-
181 begin
182
183 addroundkey_data_i = (subbytes_data_o);
184 subbytes_data_i = (mixcol_data_o);
185 mixcol_data_i = (addroundkey_data_o);
186
187 end
188 else if(!decrypt_i&&round!=0)
-2-
189 begin
190
191 addroundkey_data_i = (mixcol_data_o);
192 subbytes_data_i = (addroundkey_data_o);
193 mixcol_data_i = (subbytes_data_o);
194
cmView.short_pd File 119
195 end
196 else
197 begin
198
199 mixcol_data_i = (subbytes_data_o);
200 subbytes_data_i = (addroundkey_data_o);
201 addroundkey_data_i = (data_i);
202
203 end
204
205
206 case(state)
-3-
207
208 0:
209 begin
210 if(load_i)
-4-
211 begin
212
213 next_state = (1);
214
215 if(decrypt_i)
-5-
216 next_round = (10);
217 else
218 next_round = (0);
219
220 next_first_round_reg = (1);
221
222 end
223 end
224
225 1:
226 begin
227
228 //Counter
229 if(!decrypt_i&&mixcol_ready_o)
-6-
230 begin
231
232 next_addroundkey_start_i = (1);
233 addroundkey_data_i = (mixcol_data_o);
234 next_round = (round+1);
120 D. Coverage Reports
235
236 end
237 else if(decrypt_i&&subbytes_ready_o)
-7-
238 begin
239
240 next_addroundkey_start_i = (1);
241 addroundkey_data_i = (subbytes_data_o);
242 next_round = (round-1);
243
244 end
245
246 //Output
247 if((round==9&&!decrypt_i)||(round==0&&decrypt_i))
-8-
248 begin
249
250 next_addroundkey_start_i = (0);
251 mixcol_start_i = (0);
252
253 if(subbytes_ready_o)
-9-
254 begin
255
256 addroundkey_data_i = (subbytes_data_o);
257 next_addroundkey_start_i = (1);
258 next_round = (round+1);
259
260 end
261
262 end
263
264 if((round==10&&!decrypt_i)||(round==0&&decrypt_i))
-10-
265 begin
266
267 addroundkey_data_i = (subbytes_data_o);
268 subbytes_start_i = (0);
269
270 if(addroundkey_ready_o)
-11-
271 begin
272
273 next_ready_o = (1);
cmView.short_pd File 121
274 next_state = (0);
275 next_addroundkey_start_i = (0);
276 next_round = (0);
277
278 end
279
280 end
281
282 end
283
284 default:
285 begin
286
287 next_state = (0);
288
289 end
290
291 endcase
292
293 end
294
295
296 //addroundkey:
297 reg[127:0] data_var,round_data_var,round_key_var;
FILE /home/henrikru/oo2/aes.sv
-------------------------------
306
307 if(addroundkey_round==1||addroundkey_round==0)
-1-
308 keysched_last_key_i = (key_i);
309 else
310 keysched_last_key_i = (keysched_new_key_o);
311
312 keysched_start_i = (0);
313
314 keysched_round_i = (addroundkey_round);
315
316 if(round==0&&addroundkey_start_i)
-2-
317 begin
318
122 D. Coverage Reports
319 //Take the input and xor them with data if round==0;
320 data_var=addroundkey_data_i;
321 round_key_var=key_i;
322 round_data_var=round_key_var^data_var;
323 next_addroundkey_data_reg = (round_data_var);
324 next_addroundkey_ready_o = (1);
325
326 end
327 else if(addroundkey_start_i&&round!=0)
-3-
328 begin
329
330 keysched_last_key_i = (key_i);
331 keysched_start_i = (1);
332 keysched_round_i = (1);
333 next_addroundkey_round = (1);
334
335 end
336 else if(addroundkey_round!=round&&keysched_ready_o)
-4-
337 begin
338
339 next_addroundkey_round = (addroundkey_round+1);
340 keysched_last_key_i = (keysched_new_key_o);
341 keysched_start_i = (1);
342 keysched_round_i = (addroundkey_round+1);
343
344 end
345 else if(addroundkey_round==round&&keysched_ready_o)
-5-
346 begin
347
348 data_var=addroundkey_data_i;
349 round_key_var=keysched_new_key_o;
350 round_data_var=round_key_var^data_var;
351 next_addroundkey_data_reg = (round_data_var);
352 next_addroundkey_ready_o = (1);
353 next_addroundkey_round = (0);
354
355 end
356
357 end
358
359 //sbox_muxes:
cmView.short_pd File 123
PATH -1- -2- -3- -4- -5-
0 1 - - - | Not Covered
0 0 1 - - | Not Covered
//***********
//-----------------------------------------------------------------
MODULE subbytes
FILE /home/henrikru/oo2/subbytes.v
-----------------------------------
216
217 case(state)
-1-
218
219 0:
220 begin
221 if(start_i)
-2-
222 begin
223
224 sbox_data_o = (data_array[0]);
225 next_state = (1);
226
227 end
228 end
229
230 16:
231 begin
232
233 data_reg_var[15]=sbox_data_i;
234 //Make shift rows stage
235 case(decrypt_i)
-3-
236 0:
237 begin
238 `shift_array_to_128
239 end
240 1:
241 begin
124 D. Coverage Reports
242 `invert_shift_array_to_128
243 end
244 endcase
245
246 next_data_reg = (data_reg_128);
247 next_ready_o = (1);
248 next_state = (0);
249
250 end
251 default:
252 begin
253
254 sbox_data_o = (data_array[state]);
255 data_reg_var[state-1]=sbox_data_i;
256 `assign_array_to_128
257 next_data_reg = (data_reg_128);
258 next_state = (state+1);
PATH -1- -2- -3-
16 - MISSING_DEFAULT | Not Covered
//***********
//-----------------------------------------------------------------
MODULE mixcolum
FILE /home/henrikru/oo2/mixcolum.v
-----------------------------------
151
152 case(state)
-1-
153
154 0:
155 begin
156 if(start_i)
-2-
157 begin
158 aux=data_i_var[127:96];
159 mix_word = (aux);
160 data_reg_var[127:96]=outmux;
161 next_data_reg = (data_reg_var);
cmView.short_pd File 125
162 next_state = (1);
163 end
164 end
165 1:
166 begin
167 aux=data_i_var[95:64];
168 mix_word = (aux);
169 data_reg_var[95:64]=outmux;
170 next_data_reg = (data_reg_var);
171 next_state = (2);
172 end
173 2:
174 begin
175 aux=data_i_var[63:32];
176 mix_word = (aux);
177 data_reg_var[63:32]=outmux;
178 next_data_reg = (data_reg_var);
179 next_state = (3);
180 end
181 3:
182 begin
183 aux=data_i_var[31:0];
184 mix_word = (aux);
185 data_reg_var[31:0]=outmux;
186 next_data_o = (data_reg_var);
187 next_ready_o = (1);
188 next_state = (0);
189 end
190 default:
191 begin
PATH -1- -2-
default - | Not Covered
//***********
//-----------------------------------------------------------------
MODULE wb_aes_controller
FILE /home/henrikru/oo2/wb_aescontroller.v
-------------------------------------------
126 D. Coverage Reports
86 begin
87 if(reset==1)
-1-
88 begin
89 wb_ack_o<=#1 0;
90 wb_dat_o<=#1 0;
91 control_reg <= #1 32'h0;
92 cypher_data_reg <= #1 127'h0;
93 key_o <= #1 127'h0;
94 data_o <= #1 127'h0;
95 end
96 else
97 begin
98 if(ready_i)
-2-
99 begin
100 control_reg[1] <= #1 1'b1;
101 cypher_data_reg <= #1 data_i;
102 end
103
104 if(wb_stb_i && wb_cyc_i && wb_we_i && ~wb_ack_o)
-3-
105 begin
106 wb_ack_o<=#1 1;
107 case(wb_adr_i[7:0])
-4-
108 8'h0:
109 begin
110 //Writing control register
111 control_reg<= #1 wb_dat_i;
112 end
113 8'h4:
114 begin
115 data_o[127:96]<= #1 wb_dat_i;
116 end
117 8'h8:
118 begin
119 data_o[95:64]<= #1 wb_dat_i;
120 end
121 8'hC:
122 begin
123 data_o[63:32]<= #1 wb_dat_i;
124 end
125 8'h10:
cmView.short_pd File 127
126 begin
127 data_o[31:0]<= #1 wb_dat_i;
128 end
129 8'h14:
130 begin
131 key_o[127:96]<= #1 wb_dat_i;
132 end
133 8'h18:
134 begin
135 key_o[95:64]<= #1 wb_dat_i;
136 end
137 8'h1C:
138 begin
139 key_o[63:32]<= #1 wb_dat_i;
140 end
141 8'h20:
142 begin
143 key_o[31:0]<= #1 wb_dat_i;
144 end
145 endcase
146 end
147 else if(wb_stb_i && wb_cyc_i && ~wb_we_i && ~wb_ack_o)
-5-
148 begin
149 wb_ack_o<=#1 1;
150 case(wb_adr_i[7:0])
-6-
151 8'h0:
152 begin
153 wb_dat_o<= #1 control_reg;
154 control_reg[1]<=1'b0;
155 end
156 8'h24:
157 begin
158 wb_dat_o<= #1 cypher_data_reg[127:96];
159 end
160 8'h28:
161 begin
162 wb_dat_o<= #1 cypher_data_reg[95:64];
163 end
164 8'h2C:
165 begin
166 wb_dat_o<= #1 cypher_data_reg[63:32];
167 end
128 D. Coverage Reports
168 8'h30:
169 begin
170 wb_dat_o<= #1 cypher_data_reg[31:0];
171 end
172 endcase
173 end
174 else
175 begin
176 wb_ack_o<=#1 0;
177 control_reg[0]<= #1 1'b0;
PATH -1- -2- -3- -4- -5- -6-
0 0 0 - 1 8'b0 | Not Covered
0 0 0 - 1 MISSING_DEFAULT | Not Covered
0 0 1 MISSING_DEFAULT - - | Not Covered
0 1 0 - 1 8'h30 | Not Covered
0 1 0 - 1 8'h2c | Not Covered
0 1 0 - 1 8'h28 | Not Covered
0 1 0 - 1 8'h24 | Not Covered
0 1 0 - 1 8'b0 | Not Covered
0 1 0 - 1 MISSING_DEFAULT | Not Covered
0 1 1 MISSING_DEFAULT - - | Not Covered
0 1 1 8'b0 - - | Not Covered
0 1 1 8'h04 - - | Not Covered
0 1 1 8'h08 - - | Not Covered
0 1 1 8'h0c - - | Not Covered
0 1 1 8'h10 - - | Not Covered
0 1 1 8'h14 - - | Not Covered
0 1 1 8'h18 - - | Not Covered
0 1 1 8'h1c - - | Not Covered
0 1 1 8'h20 - - | Not Covered
//***********
//-----------------------------------------------------------------
//*****************************************************************
// Total Module Definition Coverage Summary
// TOTAL COVERED PERCENT
// paths 157 59 37.58
cmView.short_pd File 129
130 D. Coverage Reports
D.6 cmView.short_td File
// Synopsys, Inc.
//
// Generated by: cmView X-2005.06-SP2
// User: henrikru
// Date: Sat Dec 30 21:58:19 2006
// SHORT TOGGLE COVERAGE REPORT
//*****************************************************************
// MODULE DEFINITION COVERAGE
// This section contains coverage for module definitions.
// The coverage is cumulative over all the instances of the module
MODULE aes
// Net Coverage
// Name 1->0 0->1
keysched_sbox_decrypt_o No No
// Register Coverage
// Name 1->0 0->1
ready_o No No
data_o[127:0] No No
MODULE sbox
// Net Coverage
// Name 1->0 0->1
// Register Coverage
cmView.short_td File 131
// Name 1->0 0->1
aA[3:1] No No
aB[3:1] No No
mul1_aA[3:1] No No
mul1_a[3:1] No No
mul2_aA[3:1] No No
mul2_aB[3:1] No No
mul3_aA[3:1] No No
mul3_aB[3:1] No No
intermediate_aA[3:1] No No
intermediate_aB[3:1] No No
inversion_aA[3:1] No No
MODULE mixcolum
// Net Coverage
// Name 1->0 0->1
// Register Coverage
// Name 1->0 0->1
data_reg[31:0] No No
next_data_reg[31:0] No No
MODULE keysched
// Net Coverage
// Name 1->0 0->1
// Register Coverage
// Name 1->0 0->1
sbox_decrypt_o No No
zero[23:0] No No
MODULE wb_aes_controller
132 D. Coverage Reports
// Net Coverage
// Name 1->0 0->1
reset No No
wb_adr_i[1:0] No No
wb_adr_i[31:6] No No
wb_sel_i[3:0] No No
load_o No No
decrypt_o No No
data_i[127:0] No No
ready_i No No
// Register Coverage
// Name 1->0 0->1
data_o[127:0] No No
key_o[127:0] No No
control_reg[31:3] No No
//*****************************************************************
// Total Module Definition Coverage Summary
// TOTAL COVERED PERCENT
regs 156 136 87.18
reg bits 5104 4568 89.50
reg bits(0->1) 5104 4568 89.50
reg bits(1->0) 5104 4568 89.50
nets 66 58 87.88
net bits 1496 1331 88.97
net bits(0->1) 1496 1331 88.97
net bits(1->0) 1496 1331 88.97
cmView.mod_td File 133
D.7 cmView.mod_td File
// Synopsys, Inc.
//
// Generated by: cmView X-2005.06-SP2
// User: henrikru
// Date: Sat Dec 30 21:58:19 2006
//*****************************************************************
// MODULE DEFINITION COVERAGE SUMMARY
// This section summarizes coverage by providing statistics for each
// module definition. The coverage is cumulative over all the instances
// of the module
Test Coverage Result: Total Coverage
Module Name NetBits NetBits RegBits RegBits
(%) (%)
aes 99.85 673/674 91.10 1321/1450
sbox 100.00 11/11 85.27 191/224
subbytes 100.00 140/140 100.00 917/917
mixcolum 100.00 196/196 93.59 934/998
word_mixcolum 100.00 96/96 100.00 192/192
byte_mixcolum 100.00 32/32 100.00 88/88
keysched 100.00 143/143 96.82 761/786
wb_aes_controller 19.61 40/204 36.53 164/449
svaexternal -- 0/0 -- 0/0
assert_handshake -- 0/0 -- 0/0
//*****************************************************************
// Total Module Definition Coverage Summary
// TOTAL COVERED PERCENT
regs 156 136 87.18
reg bits 5104 4568 89.50
reg bits(0->1) 5104 4568 89.50
134 D. Coverage Reports
reg bits(1->0) 5104 4568 89.50
nets 66 58 87.88
net bits 1496 1331 88.97
net bits(0->1) 1496 1331 88.97
net bits(1->0) 1496 1331 88.97
Functional Coverage Report
For design with the following top-level modules:
top
Design
Total number
of Assertions
Assertions
Not Covered
Assertions with at
least 1 Real
Success
Assertions with
at least 1 Failure
Assertions with at
least 1 Incomplete
Assertions
without
Attempts
9 1 (11%) 8 (88%) 0 (0%) 1 (11%) 0 (0%)
Total number of Cover
Directives for Properties
Cover Directive for
Property Not Covered
Cover Directive for
Property with Matches
Cover Directive for Property
with Vacuous Matches
1 0 (0%) 1 (100%) 0 (0%)
Total number of Cover
Directives for Sequences
Cover Directive for
Sequence Not Covered
Cover Directive for
Sequence with All
Matches
Cover Directive for
Sequence with First
Matches
0 0 (0%) 0 (0%) 0 (0%)
Total
number of
Events
Events Not
Covered
Events with at
least 1 real
Match
Events without any
match or with only
vacuos match
Events without
any Attempts
0 0 (0%) 0 (0%) 0 (0%) 0 (0%)
List of Assertions Not Covered
Assertion Attempts RealSuccess Failure Incomplete
top.sva.invalid_
handshake.assert_multiple_
req_violation
92941707 0 0 0
List of Assertions with at least 1 Real Success
Assertion Attempts RealSuccess Failure Incomplete
top.dut.aes.a_rounds 92941707 92941707 0 0
top.sva.a_data_read 92941707 92941707 0 0
top.sva.a_stb_ack 92941707 1727245 0 0
top.sva.invalid_
handshake.handshake_max_
ack.assert_handshake_max_
ack_cycle
92941707 1727245 0 0
top.sva.invalid_
handshake.max_ack_length_
chk.assert_handshake_max_
ack_length
92941707 1727244 0 1
top.tst.\Checker::run.a_output 200000 200000 0 0
top.tst.\Generator::decrypt_
task.unnamed$$_0.a_
randomize_d
132549 132549 0 0
top.tst.\Generator::encrypt_
task.unnamed$$_0.a_
randomize_e
133097 133097 0 0
List of Assertions with at least 1 Failure
List of Assertions with at least 1 Incomplete
Assertion Attempts RealSuccess Failure Incomplete
top.sva.invalid_
handshake.max_ack_length_
chk.assert_handshake_max_
ack_length
92941707 1727244 0 1
List of Assertions without Attempts
List of Cover Directive for Sequence Not Covered
List of Cover Directive for Sequence with All Matches
List of Cover Directive for Sequence with First Matches
List of Cover Directive for Property Not Covered
List of Cover Directive for Property with Matches
Cover Directive for
Properties Attempts Matches
Vacuous
Matches Incomplete
top.dut.aes.c_rounds 92941707 92941707 0 0
List of Cover Directive for Property with Vacuous Matches
List of Events Not Covered
List of Events with at least 1 real Match
List of Events without any match or with only vacuos match
List of Events without any Attempts
More Detailed Reports
List of tests merged to generate this report
Hierarchical coverage report
Category based coverage report
 
Report Generation Info
Report generated by "henrikru" at Sat Dec 30 21:57:45 2006 , with following cmdline:
assertCovReport
VCS_HOME: /dak_install2/synopsys/2005.06-SP2
VCS Version: X-2005.06-SP2
Assertions Report 139
140 D. Coverage Reports
141
Appendix E
Signal Waves and Screenshots
E.1 Screenshots
Figure E.1: DVE screenshot
142 E. Signal Waves and Screenshots
Figure E.2: cmView screenshot
Signal Waves 143
E.2 Signal Waves
144 E. Signal Waves and Screenshots
Figure E.3: AES module signal waves
Signal Waves 145
Figure E.4: Wishbone write operation
