Localization of Bugs in Processor Designs Using zamiaCAD Framework Anton Tˇ sepurov 1 , Valentin Tihhomirov 1 , Maksim Jenihhin 1 , Jaan Raik 1 , G¨ unter Bartsch 2 , Jorge Hernan Meza Escobar 3 , Heinz-Dietrich Wuttke 3 1 Dept. of Computer Engineering, Tallinn UT, Tallinn, Estonia, Email: {anchep | valentin | maksim | jaan} @ati.ttu.ee 2 zamiaCAD project founder, Stuttgart, Germany, Email: guenter@zamia.org 3 ICS Group, Ilmenau UT, Ilmenau, Germany, Email: {jorge-hernan.meza-escobar | dieter.wuttke}@tu-ilmenau.de Abstract—This paper proposes an approach to automatic localization of design errors (bugs) in processor designs based on combining statistical analysis of dynamically covered VHDL code items and static slicing. The approach considers coverage of different VHDL code items including statements, branches and conditions during processor simulation which together contribute to accurate localization of bugs. The accuracy of analysis is further improved by applying a static slicing based filter calculated by means of reference graph generation using a through-signal-assignment search from the semantically re- solved elaborated models of processor designs. The localization approach has been integrated to highly scalable zamiaCAD RTL design framework. The efficiency of the proposed ap- proach is demonstrated by applying it to debugging of an industrial processor ROBSY designed for FPGA-based test systems. The experimental results evaluate the approach for a set of real documented bug cases and the original functional test. Keywords-automated debug; design error localization; pro- cessor design; VHDL; electronic design automation I. I NTRODUCTION Growing complexity of VLSI System-on-a-Chip (SoC) and processor designs leads to increasing design costs. The ITRS Roadmap [1] lists design error verification as one of the most expensive tasks in the design process. There exist several verification approaches that are mostly concentrated on identifying the occurrences of bugs. They provide feed- back to the designers in form of counter-examples. On one hand, as the design complexity grows, the designer is faced with too much information contained in the large counter- examples. On the other hand, there is not enough information in order to unambiguously locate the bug. Therefore, the manual bug localization activity is very time consuming and there is a need for automated localization approaches. For automated design error localization, simulation-based [2–9] and formal approaches [10–13] are known. It is widely acknowledged that simulation-based techniques scale well with the design sizes, but are not exhaustive, while formal techniques provide a high grade of confidence in the results, but are susceptible to the design complexity. In this paper, we rely on a simulation-based approach supported by static analysis. Most of the works on automated error localization propose solutions for software development domain [2–7]. The error localization approaches proposed for hardware designs, e.g. [9], [13] and its extension [14], are mostly considering unrolling sequential circuits at the gate-level. Thus they support and provide empirical results for small designs only (medium and small size iscas85 and iscas89 benchmarks). These approaches also asume existence of a reference golden model. Similar to the approach presented in this paper, in [8] bugs at the Register-Transfer Level (RTL) are localized based on a statistical approach combined with dynamic slicing [15]. However, the method proposed in this paper is Hardware Description Language (HDL) centric, whereas [8] is performing localization on a High-Level Decision Di- agram (HLDD) model created from VHDL, therefore losing direct correspondence to the HDL code. Furthermore, we have developed a localization approach that takes advantage of different code coverage items, which significantly refine the localization, in particular for bugs in the conditions. To the best of our knowledge this is the first approach that applies code coverage metrics for refining the bug locations. Several approaches to statistical simulation based bug localization in software and hardware are refined with dy- namic slicing [15] allowing to increase the resolution of the localization. The basis of dynamic slicing is static slicing [16]. The presence of concurrent constructs such as the ones found in HDLs makes static slice considerably more complicated [17] and exploits computed design models such as control flow graphs and others. In the proposed approach we rely on static slice computation based on reference graph generation using a through-signal-assignment search from the zamiaCAD semantically elaborated models of processor designs. This allows applying static slicing in a practical and scalable manner for realistic-size industrial designs. The main contribution of this paper is a new approach for automated localization of design errors (bugs) in processor designs at RTL. It is based on statistical analysis of HDL code items (statements, branches and conditions) of the design from a corresponding dynamic slice. The core advantages of the approach are: • Support for very large industrial designs due to the scalability of zamiaCAD elaboration. • The approach is fault-model free. There is no need to explicitly enumerate the bug types. • Accurate localization due to slicing and use of different 2012 13th International Workshop on Microprocessor Test and Verification 1550-4093/12 $26.00 © 2012 IEEE DOI 10.1109/MTV.2012.20 41