Scribd
Upload
14 views

6-2

Uploaded by

sandeshgnaik25
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views

6-2

Uploaded by

sandeshgnaik25
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

Introduction to SystemVerilog Assertions (SVA)

Lecture Overview
Introduction to In this lecture, you will. . .
SystemVerilog
 Learn the structure of the SVA language
Assertions (SVA)
 Learn how to construct sequence
Harry D. Foster
 Learn how to construct properties
Chief Scientist Verification
IC Verification Solutions Division  Apply SVA on real examples

February 2020  Exercises


 Summary

2 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
2 HF, UT Austin, Feb 2020

SystemVerilog Assertions

 SVA is based on linear temporal logic (LTL) built over


sublanguages of regular expressions.

Most engineers will find SVA sufficient to express most


LINEAR FORMALISM 
common assertions required for hardware design.
Brief Review of LTL and Introduction of Regular Expressions

© Mentor Graphics Corporation 4 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
4 HF, UT Austin, Feb 2020

© Mentor Graphics Corporation

1 HF, UT Austin, Feb 2019


Introduction to SystemVerilog Assertions (SVA)

What We can Express in LTL What We can Express in LTL

 All Boolean logic propositions - p


 F p – sometimes (i.e., eventually) p holds.

“Process 2 is in the critical section” “eventually process 2 will enter the critical section”

Fp p
 X p – p holds in the next state.
“Process 2 will be in the critical section in the next state” • G p – always (i.e., globally) p holds.
“process 1 and 2 are always mutually exclusive”
Xp p

Gp p p p p p p

5 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 6 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
5 HF, UT Austin, Feb 2020 6 HF, UT Austin, Feb 2020

What We can Express in LTL What We can Express in LTL

 [p U q] – “q holds now or sometime in the future  Weak operators – X, G, W


and p holds from now until q holds” (strong) Used to express safety properties,
i.e. “something bad never happens”
pUq p p p p q

 Strong operators – F, U
 [p W q] – “p holds from now until q holds” (weak) Used to express liveness properties,
i.e. “something good eventually happens”
pWq p p p p p p

Safety properties put no obligation on the future, liveness properties do!

7 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 8 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
7 HF, UT Austin, Feb 2020 8 HF, UT Austin, Feb 2020

© Mentor Graphics Corporation

2 HF, UT Austin, Feb 2019


Introduction to SystemVerilog Assertions (SVA)

What We can Express in LTL What We can Express in LTL


 LTL formulas can be combined using the ¬, ∧, ∨, →  LTL formulas can be combined using the ¬, ∧, ∨, →
logic connectors (negation, conjunction, disjunction, implication) logic connectors (negation, conjunction, disjunction, implication)

For example…. For example….

G ( request → F grant ) G ( request → F grant )

request grant Temporal operators can be combined too…


p p p p p p FG p

p p p

9 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 10 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
9 HF, UT Austin, Feb 2020 10 HF, UT Austin, Feb 2020

What We Cannot Express in LTL Regular Expressions

 Regular expressions describe sets of finite words


 Counting example:
w=a1,a2,…,an .
“p is asserted in every even cycle”
— a1,a2,… are letters in an alphabet.
All the following traces satisfy this property
!p,p,!p,p,…  Regular expressions can express counting modulo n.
p,p, p,p….
 The * operator – enables counting modulo n.
p,p,!p,p,p,p…
— (ab)* - a regular expression describing the set of words:
 No LTL formula can express this property – ε - (the empty word)
– ab
– abab
– ababab…..

11 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 12 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
11 HF, UT Austin, Feb 2020 12 HF, UT Austin, Feb 2020

© Mentor Graphics Corporation

3 HF, UT Austin, Feb 2019


Introduction to SystemVerilog Assertions (SVA)

Regular Expressions What Regular Expressions Cannot Express

 For reactive systems a letter in the alphabet is a Boolean


expression
 The behavior, “eventually p holds forever”
 The set of computations satisfying “p is asserted in every even
cannot be expressed by a regular expression
cycle” is described by the SVA regular expression
(1`b1 ## p)[*]
 It can be expressed in LTL as : F G p
 A regular expression by itself is not a property

— Later: building properties from regular expressions in SVA

13 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 14 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
13 HF, UT Austin, Feb 2020 14 HF, UT Austin, Feb 2020

Linear Formalisms

 LTL and regular expressions are linear formalisms


– Linear formalisms can be used to express mainly properties that are
intended to hold on all computations (i.e., executions of a design
model).
– Most properties required for the specification of digital designs can SVA LANGUAGE STRUCTURE
be expressed using linear formalism

 What cannot express in linear formalisms:


“There exists a computation in which eventually p holds forever”
– LTL implicitly quantifies universally over paths

15 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation © Mentor Graphics Corporation
15 HF, UT Austin, Feb 2020

© Mentor Graphics Corporation

4 HF, UT Austin, Feb 2019


Introduction to SystemVerilog Assertions (SVA)

SVA Language Structure SVA Language Structure

• Checker packaging
assert property (@(posedge clk) disable iff (~rst_n)
Assertion
Units !(grant0 & grant1));
Directives
(assert, cover) • assert, assume, cover

Properties • Specification of behavior; Assertion


clk
desired or undesired Units

Directives
Sequences (assert, cover) rst_n
(Sequential Expressions) • How Boolean events
are related over time Properties

!(grant0 & grant1)


Sequences
(Sequential Expressions)
Boolean Expressions error
• True or false
Boolean Expressions

Note: rst_n is an active low reset in this example


17 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 18 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
17 HF, UT Austin, Feb 2020 18 HF, UT Austin, Feb 2020

SVA Language Structure

 SVA provides a mechanism to asynchronously


disable a property during a reset using the SVA
disable iff clause

MAPPING SVA INTO LTL


assert property (@(posedge clk) disable iff (~rst_n)
!(grant0 & grant1));

Note: rst_n is an active low reset in this example


19 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation © Mentor Graphics Corporation
19 HF, UT Austin, Feb 2020

© Mentor Graphics Corporation

5 HF, UT Austin, Feb 2019


Introduction to SystemVerilog Assertions (SVA)

LTL Operators in SVA LTL Operators in SVA

 All Boolean logic propositions - p  LTL: F p – eventually p holds.


“Process 2 is in the critical section”
 SVA: eventually p – eventually p holds (weak).
“eventually process 2 will enter the critical section”
 LTL: X p – p holds in the next state.
 SVA: nexttime [n] p – p holds in the next state.
eventually p p
“Process 2 will be in the critical section in the next state”

nexttime p p
Note: s_eventually is a strong version of this operator in SVA.

21 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 22 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
21 HF, UT Austin, Feb 2020 22 HF, UT Austin, Feb 2020

LTL Operators in SVA LTL Operators in SVA

 LTL: [p U q] – “q holds now or sometime in the future and


• LTL: G p – always (i.e., globally) p holds.
p holds from now until q holds” (strong)
• SVA: always p – always (i.e., globally) p holds.
 SVA: p s_until q
“process 1 and 2 are always mutually exclusive”
p s_until q p p p p q

always p p p p p p p  LTL: [p W q] – “p holds from now until q holds” (weak)

 SVA: p until q
Note: there is an implicit always when asserting a property: p until q p p p p p p
assert property(p);

23 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 24 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
23 HF, UT Austin, Feb 2020 24 HF, UT Austin, Feb 2020

© Mentor Graphics Corporation

6 HF, UT Austin, Feb 2019


Introduction to SystemVerilog Assertions (SVA)

SVA with LTL Operator Example

assert property (@posedge clk disable iff (reset)


SEQUENCES
$rose(req) implies !done s_until grnt);

25 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation © Mentor Graphics Corporation
25 HF, UT Austin, Feb 2020

SVA Language Structure SVA Language Structure

Sequences  Sequence
— Temporal delay ##n with an integer n.
 So far we have examined LTL-based assertions
 We now we introduce SVA sequences
— Multiple Boolean expressions are evaluated start ##1 transfer
in a linear order of increasing time
Assertion
Units clk
Directives
(assert, cover)
start
Properties

Sequences transfer
(Sequential Expressions)

Boolean Expressions

27 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 28 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
27 HF, UT Austin, Feb 2020 28 HF, UT Austin, Feb 2020

© Mentor Graphics Corporation

7 HF, UT Austin, Feb 2019


Introduction to SystemVerilog Assertions (SVA)

SVA Language Structure SVA Language Structure


 Sequence  Sequence
— Temporal delay ##n with an integer n. — Temporal delay ##[m:n] with range [m:n]

start ##2 transfer start ##[0:2] transfer

clk clk

start start

transfer transfer

29 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 30 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
29 HF, UT Austin, Feb 2020 30 HF, UT Austin, Feb 2020

SVA Language Structure SVA Language Structure

• Sequence • Sequence
• Consecutive repetition [*m] or range [*m:n] • Consecutive repetition [*m] or range [*m:n]
- Use $ to represent infinity - Use $ to represent infinity

start[*2] ##1 transfer start[*1:2] ##1 transfer

clk clk

start start

transfer transfer

31 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 32 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
31 HF, UT Austin, Feb 2020 32 HF, UT Austin, Feb 2020

© Mentor Graphics Corporation

8 HF, UT Austin, Feb 2019


Introduction to SystemVerilog Assertions (SVA)

SVA Language Structure SVA Language Structure

• Sequence • Sequence
• Consecutive repetition [*m] or range [*m:n] • Consecutive repetition [*m] or range [*m:n]
- Use $ to represent infinity - Use $ to represent infinity

start[*1:2] ##1 transfer start[*1:2] ##1 transfer

clk clk

start start

transfer transfer

Note: This also matches the sequence specification!!!!


33 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 34 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
33 HF, UT Austin, Feb 2020 34 HF, UT Austin, Feb 2020

SVA Language Structure SVA Language Structure


• Sequence • Sequence
• Non-consecutive repetition [=m] or [=m:n] • Goto non-consecutive repetition [->m] or [->m:n]

start[=2] ##1 transfer start[->2] ##1 transfer

clk clk

start start
[*] represents [*] represents
zero to infinity zero to infinity
transfer transfer

start[=2]  !start[*] ##1 start ##1 !start[*] ##1 start ##1 !start[*] start[->2]  !start[*] ##1 start ##1 !start[*] ##1 start

35 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 36 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
35 HF, UT Austin, Feb 2020 36 HF, UT Austin, Feb 2020

© Mentor Graphics Corporation

9 HF, UT Austin, Feb 2019


Introduction to SystemVerilog Assertions (SVA)

SVA Language Structure SVA Language Structure


 Properties
 Properties
— Overlapping sequence implication operator |->

Assertion
Units
ready ##1 start |-> go ##1 done
Directives
(assert, cover) clk
Properties ready

Sequences
start
(Sequential Expressions) go

Boolean Expressions done

assertion property ( @(posedge clk) ready ##1 start |-> go ##1 done );

37 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 38 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
37 HF, UT Austin, Feb 2020 38 HF, UT Austin, Feb 2020

SVA Language Structure Fair Arbitration Scheme Example

 Properties  Asserting that an arbiter is fair


— Non-overlapping sequence implication operator |=> — To be fair, a pending request for a particular client should
never have to wait more than two arbitration cycles
— Otherwise, the arbiter unfairly issued multiple grants to a
ready ##1 start |=> go ##1 done different client
clk
ready
start
req[0] gnt[0]
go
req[1]
Arbiter gnt[1]
done

NOTE: A |=> B is the same as A |-> ##1 B

39 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 40 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
39 HF, UT Austin, Feb 2020 40 HF, UT Austin, Feb 2020

© Mentor Graphics Corporation

10 HF, UT Austin, Feb 2019


Introduction to SystemVerilog Assertions (SVA)

Fair Arbitration Scheme Example Fair Arbitration Scheme Example

a_0_fair: a_0_fair:
assert property (@(posedge clk) disable iff (reset) assert property (@(posedge clk) disable iff (reset)
$rose(req[0]) |-> not (!gnt[0] throughout (gnt[1])[->2])); req[0] |-> not (!gnt[0] throughout (gnt[1])[->2]));

clk clk

req[0] req[0]
req[0] gnt[0] req[0] gnt[0]

req[1]
Arbiter gnt[1]
gnt[0]
req[1]
Arbiter gnt[1]
gnt[0]

gnt[1] gnt[1]

41 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 42 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
41 HF, UT Austin, Feb 2020 42 HF, UT Austin, Feb 2020

Fair Arbitration Scheme Example Fair Arbitration Scheme Example

a_0_fair: a_1_fair:
assert property (@(posedge clk) disable iff (reset) assert property (@(posedge clk) disable iff (reset)
$rose(req[0]) |-> not (!gnt[0] throughout (gnt[1])[->2])); $rose(req[1] |-> not (!gnt[1] throughout (gnt[0])[->2]));

clk clk

req[0] req[1]
req[0] gnt[0] req[0] gnt[0]

req[1]
Arbiter gnt[1]
gnt[0]
req[1]
Arbiter gnt[1]
gnt[0]

gnt[1] gnt[1]

43 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 44 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
43 HF, UT Austin, Feb 2020 44 HF, UT Austin, Feb 2020

© Mentor Graphics Corporation

11 HF, UT Austin, Feb 2019


Introduction to SystemVerilog Assertions (SVA)

SVA Language Structure SVA Language Structure

 Named sequences and properties  Named properties and sequences


— To facilitate reuse, properties and sequences can be
declared and then referenced by name
— Can be declared with or without parameters sequence s_op_retry;
(req ##1 retry);
endsequence
sequence s_op_retry;
(req ##1 retry); sequence s_cache_fill(rdy, done, fill);
endsequence (rdy ##1 done [=1] ##1 fill);
endsequence
sequence s_cache_fill(req, done, fill);
(req ##1 done [=1] ##1 fill); assert property ( @(posedge clk) disable iff (reset)
endsequence s_op_retry |=> s_cache_fill (my_rdy,my_done,my_fill));

45 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 46 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
45 HF, UT Austin, Feb 2020 46 HF, UT Austin, Feb 2020

SVA Language Structure SVA Language Structure

 Named properties and sequences  Action blocks


— An SVA action block specifies the actions that are taken upon
success or failure of the assertion
property p_en_mutex(en0, en1); — The action block, if specified, is executed immediately after the
@(posedge clk) disable iff (reset) evaluation of the assert expression
~(en0 & en1);
endproperty
assert property ( @(posedge clk) disable iff (reset)
!(grant0 & grant1) )
assert property (p_en_mutex(bus_en0, bus_en1)); else begin // action block fail statement
$error(“Mutex violation with grants.”);
end

47 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 48 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
47 HF, UT Austin, Feb 2020 48 HF, UT Austin, Feb 2020

© Mentor Graphics Corporation

12 HF, UT Austin, Feb 2019


Introduction to SystemVerilog Assertions (SVA)

SVA Language Structure The need for $rose system function

 System functions  You must be precise when specifying!

assertion property ( @(posedge clk) start |-> ##2 Transfer);

• $rose( expression )
• $fell( expression )
clk
• $stable( expression )
start
• $past( expression [, number_of_ticks] )
transfer

49 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 50 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
49 HF, UT Austin, Feb 2020 50 HF, UT Austin, Feb 2020

Eliminates multiple matches SVA Language Structure

 You must be precise when specifying!  System functions

assertion property ( @(posedge clk) $rose(start) |-> ##2 Transfer);


• $onehot (<expression>)
- Returns true if only one bit of the expression is high

• $onehot0 (<expression>)
clk
- Returns true if at most one bit of the expression is high

start
• $isunknown (<expression>)
transfer - Returns true if any bit of the expression is X or Z
- This is equivalent to ^<expression> === ’bx
$rose(start) is a short cut for the sequence !start ##1 start

51 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 52 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
51 HF, UT Austin, Feb 2020 52 HF, UT Austin, Feb 2020

© Mentor Graphics Corporation

13 HF, UT Austin, Feb 2019


Introduction to SystemVerilog Assertions (SVA)

Introduction to SVA Introduction to SVA

 Some assertions require additional modeling code // assertion modeling code – not part of the design
— In addition to the assertion constructs `ifdef ASSERT_ON
int cnt = 0;
LIFO always @(posedge clk)
clk
if (!rst_n)
clk
rst_n rst_n
cnt <= 0;
A
else
Controller data_in data_out
put full cnt <= cnt + put – get;
get // assert no LIFO overflow
A empty
assert property (@posedge clk disable iff (~rst_n)
!((cnt + put – get) > `DEPTH));
// assert no LIFO underflow
assert property (@posedge clk disable iff (!rst_n) !((cnt + put) < get));
`endif
// Assert that the LIFO controller cannot overflow nor underflow

Note: rst_n is an active low reset in this example


53 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 54 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
53 HF, UT Austin, Feb 2020 54 HF, UT Austin, Feb 2020

SVA Does and Don’ts

 Never assert a sequence!


assert property (@posedge clk) (req ##1 grnt ##1 done));
— This says every clock we see req, followed by gnt, followed by done
BUS-BASED DESIGN

— The correct way to do this is with an implication operator:


assert property (@posedge clk) (req |=> grnt ##1 done));
EXAMPLE
 It’s ok to cover a sequence
 It’s ok to assert a forbidden sequence using not
assert property (@posedge clk) not (req ##1 done ##1 grant));

55 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation © Mentor Graphics Corporation
55 HF, UT Austin, Feb 2020

© Mentor Graphics Corporation

14 HF, UT Austin, Feb 2019


Introduction to SystemVerilog Assertions (SVA)

Bus-Based Design Example Nonpipelined Bus Interface

clk

rst_n

sel[0]
en
Control
Bridge
CPU 1 CPU 2 Datapath UART
I/F addr
I/F
LIFO
write
Bus A Bus B
Arbiter I/F I/F
rdata
Datapath
Memory Graphics wdata
Controller Controller LIFO Timer Master Slave 0

Note: rst_n is an active low reset in this example


57 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 58 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
57 HF, UT Austin, Feb 2020 58 HF, UT Austin, Feb 2020

Non-Burst Write Transaction Non-Burst Read Transaction

0 1 2 3 4 0 1 2 3 4

addr Addr 1 addr Addr 1

write write
sel[0] sel[0]
en en

wdata Data 1 rdata Data 1

BUS STATE INACTIVE START ACTIVE INACTIVE BUS STATE INACTIVE START ACTIVE INACTIVE

59 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 60 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
59 HF, UT Austin, Feb 2020 60 HF, UT Austin, Feb 2020

© Mentor Graphics Corporation

15 HF, UT Austin, Feb 2019


Introduction to SystemVerilog Assertions (SVA)

Conceptual Bus States Interface Requirements

Property Name Description


no transfer
INACTIVE Bus legal treansitions
sel[0] == 0 INACTIVE
p_state_reset_inactive Initial state after reset is INACTIVE
en == 0 sel[0] == 0
en == 0

p_valid_inactive_transition INACTIVE is followed by INACTIVE or START setup

setup
p_valid_start_transition START is followed by ACTIVE no transfer START
sel[0] == 1
en == 0

p_valid_active_transition ACTIVE is followed by INACTIVE or START


transfer setup

no transfer START p_no_error_state Bus state must be valid: !(se==0 & en==1) ACTIVE
sel[0] == 1
en == 1

sel[0] == 1 Bus stable signals


en == 0
p_sel_stable Slave select signals remain stable from START to ACTIVE

transfer setup p_addr_stable Address remains stable from START to ACTIVE

p_write_stable Control remains stable from START to ACTIVE

ACTIVE p_wdata_stable Data remains stable from START to ACTIVE


sel[0] == 1
en == 1

61 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 62 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
61 HF, UT Austin, Feb 2020 62 HF, UT Austin, Feb 2020

Use Modeling Code to Simplify Coding SVA Examples

`ifdef ASSERTION_ON
//Map bus control values to conceptual states property p_valid_inactive_transition;
if (~rst_n) begin @(posedge clk) disable iff (bus_reset)
bus_reset = 1; ( bus_inactive) |=>
bus_inactive = 1; ((bus_inactive) || (bus_start));
bus_start = 0; endproperty
bus_active = 0; INACTIVE a_valid_inactive_transition: INACTIVE
sel[0] == 0 sel[0] == 0
bus_error = 0; en == 0
assert property (p_valid_inactive_transition); en == 0

end setup setup

else begin
property p_valid_start_transition;
bus_reset = 0; no transfer
START
sel[0] == 1
no transfer
START
sel[0] == 1
@(posedge clk) disable iff (bus_reset)
bus_inactive = ~sel & ~en; en == 0 en == 0

bus_start = sel & ~en; transfer


setup (bus_start) |=> (bus_active); transfer
setup

bus_active = sel & en; ACTIVE


endproperty ACTIVE
bus_error = ~sel & en; sel[0] == 1
en == 1 a_valid_start_transition: sel[0] == 1
en == 1

end assert property (p_valid_start_transition);


`endif

63 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 64 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
63 HF, UT Austin, Feb 2020 64 HF, UT Austin, Feb 2020

© Mentor Graphics Corporation

16 HF, UT Austin, Feb 2019


Introduction to SystemVerilog Assertions (SVA)

Instantiating Assertions within Modules

module bus_controller (. . .);


...
always (@posedge clk) begin
....
end
CHECKER PACKAGING
always (@posedge clk) begin
.... Implicit always
end

assert property (p_valid_start_transition);


endmodule

65 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation © Mentor Graphics Corporation
65 HF, UT Austin, Feb 2020

SVA Language Structure SVA Checker

Assertion • Checker packaging


Units

Directives
(assert, cover) • assert, assume, cover

Properties • Specification of behavior;


desired or undesired
Sequences
(Sequential Expressions) • How Boolean events
are related over time

Boolean Expressions • True or false

Source: Dmitry Korchemny, “SystemVerilog Assertions for Formal Verification,” HVC2013


67 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 68 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation
67 HF, UT Austin, Feb 2020 68 HF, UT Austin, Feb 2020

© Mentor Graphics Corporation

17 HF, UT Austin, Feb 2019


Introduction to SystemVerilog Assertions (SVA)

Binding Checkers

EXERCISES

Source: Dmitry Korchemny, “SystemVerilog Assertions for Formal Verification,” HVC2013


69 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation © Mentor Graphics Corporation
69 HF, UT Austin, Feb 2020

Ex.1: Simple Shift Buffer Example Ex.1: Signal is Valid After Reset

 After reset, the input d_in should never be unknown.  After reset, the input d_in should never be unknown.

a_d_in_never_x: assert property (@(posedge clk) disable iff (reset)


(d_in !== 1’bx));

© Mentor Graphics Corporation © Mentor Graphics Corporation


71 HF, UT Austin, Feb 2020 72 HF, UT Austin, Feb 2020

© Mentor Graphics Corporation

18 HF, UT Austin, Feb 2019


Introduction to SystemVerilog Assertions (SVA)

Ex.2: One-Cold State Machine Ex.2: One-Cold FSM

 After reset, state[7:0] must have only a single bit low.  After reset, state[7:0] must have only a single bit low.

state: 11101111, 1011111, 0111111, 11111110, … state: 11101111, 1011111, 0111111, 11111110, …

a_one_cold_fsm: assert property (@(posedge clk) disable iff (reset)


$onehot(~state));

© Mentor Graphics Corporation © Mentor Graphics Corporation


73 HF, UT Austin, Feb 2020 74 HF, UT Austin, Feb 2020

Ex.3: Simple Handshaking Protocol Ex.3: Simple Handshaking Protocol

 Whenever start is high, then start must be low in the next  Whenever start is high, then start must be low in the next
cycle and remain low until after the next strictly subsequent cycle and remain low until after the next strictly subsequent
cycle in which complete is high. cycle in which complete is high.
 complete may not be high unless start was high in a  complete may not be high unless start was high in a
preceding cycle and complete was not high in any of the preceding cycle and complete was not high in any of the
intervening cycles. intervening cycles.

a_no_start: assert property (@(posedge clk) disable iff (reset)


start |=> !start throughout complete[->1]
);
a_no_complete: assert property (@(posedge clk) disable iff (reset)
complete |=> !complete throughout start[->1]
);
© Mentor Graphics Corporation © Mentor Graphics Corporation
75 HF, UT Austin, Feb 2020 76 HF, UT Austin, Feb 2020

© Mentor Graphics Corporation

19 HF, UT Austin, Feb 2019


Introduction to SystemVerilog Assertions (SVA)

Ex.4 Stack (LIFO) Ex.4 Stack (LIFO)

 A LIFO contains the following controls:  A LIFO contains the following controls:
— put : add data to LIFO — put : add data to LIFO
— get : remove data from LIFO — get : remove data from LIFO
— cnt counter that points to the next available 7
— cnt counter that points to the next available 7
location in the LIFO (4’b1000 represents full) location in the LIFO (4’b1000 represents full)
cnt  6 cnt  6
5 5
 It is not possible to overflow the LIFO a_no_overflow: assert property
4 4
(@(posedge clk) disable iff (reset)
3 3
2 !(cnt == 4’b1000 & put & !get) 2
 It is not possible to underflow the LIFO
1 ); 1
0 0

© Mentor Graphics Corporation © Mentor Graphics Corporation


77 HF, UT Austin, Feb 2020 78 HF, UT Austin, Feb 2020

Ex.4 Stack (LIFO)

 A LIFO contains the following controls:


— put : add data to LIFO
— get : remove data from LIFO
— cnt counter that points to the next available 7
location in the LIFO (4’b1000 represents full)
cnt  6

a_no_underflow: assert property


5
4
SUMMARY
(@(posedge clk) disable iff (reset)
3
!(cnt == 4’b0000 & !put & get) 2
); 1
0

© Mentor Graphics Corporation © Mentor Graphics Corporation


79 HF, UT Austin, Feb 2020

© Mentor Graphics Corporation

20 HF, UT Austin, Feb 2019


Introduction to SystemVerilog Assertions (SVA)

Lecture Recap More Info on Industry Verification Trends

In this lecture, I discussed. . .  http://go.mentor.com/55d6T

 Discussed the structure of the SVA language


 Discussed how to construct sequence
 Discussed how to construct properties
 Demonstrate SVA on real examples
 Discussed Checkers and Bind
 Exercises
 Summary

81 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation © Mentor Graphics Corporation
81 HF, UT Austin, Feb 2020 82 HF, UT Austin, Feb 2020

www.mentor.com
© Mentor Graphics Corporation

© Mentor Graphics Corporation

21 HF, UT Austin, Feb 2019

You might also like