course assertion-based verification session3 introduction to systemverilog assertions hfoster

[email protected] | www.verificationacademy.com

Assertion-Based Verification Introduction to SVA

Harry Foster Chief Scientist Verification

Session Overview

After completing this session you will. . .

• Learn the structure of the SVA language • Lean how to construct sequence • Lean how to construct properties

© 2014 Mentor Graphics Corporation, all rights reserved.

Specifying Design Intent

Assertions allow us to specify design intent in a way that lends itself to automation

// Assert that the grants for our simple arbiter are mutually exclusive

Arbiter req0 req1

clk reset_n grant0

grant1


(grant0 & grant1) // error condition

Arbiter req0 req1

clk reset_n grant0

grant1

For our arbiter example, we can write a Boolean expression for the error condition, as follows:

Identifying the Error Condition


Checking the Error Condition before Assertions

• Doesn’t lend itself to automation. module arbiter (clk, rst_n, req0, req1, grant0, grant1); . . . always @(posedge clk or negedge rst_n) begin if (rst_n != 1’b0) if (grant0 & grant1) $display (“ERROR: Grants not mutex”); . . .

endmodule

Error Condition Boolean

Expression


error

assert property ( @(posedge clk) disable iff (rst_n) !(grant0 & grant1));

grant0 and grant1 must be mutually exclusive

IEEE 1800 SystemVerilog Mutex Example

grant0

clk

grant1


SVA Language Structure

• Checker packaging • assert, assume, cover

• Specification of behavior;

desired or undesired • How Boolean events are

related over time

• True or false Boolean Expressions

Sequences (Sequential Expressions)

Properties

Directives (assert, cover)

Assertion Units


Boolean Expressions


Properties


Assertion Units


rst_n

!(grant0 & grant1)

clk

error

assert property (@(posedge clk) disable iff (~rst_n) !(grant0 & grant1));



assert property (@(posedge clk) disable iff (~rst_n) !(grant0 & grant1));

• SVA provides a mechanism to asynchronously disable a property during a reset using the SVA disable iff clause



Sequences

• So far we have examined simple assertions • A Boolean expression must hold at every clock

• We now we introduce SVA sequences • Multiple Boolean expressions are evaluated

in a linear order of increasing time

Boolean Expressions


Properties


Assertion Units



start

clk

transfer

start ##1 transfer

• Sequence • Temporal delay ## with integer



start

clk

transfer

start ##2 transfer

• Sequence • Temporal delay ## with integer



start

clk

transfer

start ##[0:2] transfer

• Sequence • Temporal delay ## with range [m:n]



start

clk

transfer

start[*2] ##1 transfer

• Sequence • Consecutive repetition [*m] or range [*m:n] • Use $ to represent infinity




start

clk

transfer

start[*1:2] ##1 transfer



start

clk

transfer

start[*1:2] ##1 transfer

Note: This also matches the sequence specification!!!!




start

clk

transfer

start[=2] ##1 transfer

• Sequence • Non-consecutive repetition [=m] or [=m:n]

[*0:$] represents zero to infinity

start[=2] !start[*0:$] ##1 start ##1 !start[*0:$] ##1 start ##1 !start[*0:$]



start

clk

transfer

start[->2] ##1 transfer

start[->2] !start[*0:$] ##1 start ##1 !start[*0:$] ##1 start

[*0:$] represents zero to infinity

• Sequence • Goto non-consecutive repetition [->m] or [->m:n]



Boolean Expressions


Properties


Assertion Units

• Properties



ready ##1 start |-> go ##1 done

ready clk

start go

done

assertion property ( @(posedge clk) ready ##1 start |-> go ##1 done );

• Properties • Overlapping sequence implication operator |->


• Properties • Non-overlapping sequence implication operator |=>


ready ##1 start |=> go ##1 done

ready clk

start go

done

NOTE: A |=> B is the same as A |-> ##1 B © 2014 Mentor Graphics Corporation, all rights reserved.

• Asserting that an arbiter is fair • To be fair, a pending request for a particular client should never

have to wait more than two arbitration cycles

• Otherwise, the arbiter unfairly issued multiple grants to a different client

Fair Arbitration Scheme Example

Arbiter req[0]

req[1]

gnt[0]

gnt[1]


Fair Arbitration Scheme Example

gnt[0]

req[0]

clk

gnt[1]

Arbiter req[0] req[1]

gnt[0] gnt[1]

a_0_fair:

assert property (@(posedge clk) disable iff (reset_n) not ( $rose(req[0]) ##1 (!gnt[0] throughout (gnt[1])[->2])));


• Named properties and sequences • To facilitate reuse, properties and sequences can be

declared and then referenced by name • Can be declared with or without parameters


sequence s_op_retry; (req ##1 retry); endsequence

sequence s_cache_fill(req, done, fill); (req ##1 done [=1] ##1 fill); endsequence


• Named properties and sequences


sequence s_op_retry; (req ##1 retry); endsequence

sequence s_cache_fill(rdy, done, fill); (rdy ##1 done [=1] ##1 fill); endsequence

assert property ( @(posedge clk) disable iff (!reset_n) s_op_retry |=> s_cache_fill (my_rdy,my_done,my_fill));


• Named properties and sequences SVA Language Structure

property p_en_mutex(en0, en1); @(posedge clk) disable iff (~reset_n) ~(en0 & en1); endproperty assert property (p_en_mutex(en[0], en[1]));


• Action blocks • An SVA action block specifies the actions that are

taken upon success or failure of the assertion • The action block, if specified, is executed immediately

after the evaluation of the assert expression


assert property ( @(posedge clk) disable iff (reset) !(grant0 & grant1) ) else begin // action block fail statement $error(“Mutex violation with grants.”); end


• System functions SVA Language Structure

• $onehot (<expression>) - Returns true if only one bit of the expression is high

• $onehot0 (<expression>) - Returns true if at most one bit of the expression is high

• $isunknown (<expression>) - Returns true if any bit of the expression is X or Z - This is equivalent to ^<expression> === ’bx


• System functions SVA Language Structure

• $rose( expression )

• $fell( expression )

• $stable( expression )

• $past( expression [, number_of_ticks] )


• You must be precise when specifying!

The need for $rose system function

start

clk

transfer

assertion property ( @(posedge clk) start |-> ##2 Transfer);


• You must be precise when specifying!

Eliminates multiple matches

start

clk

transfer

assertion property ( @(posedge clk) $rose(start) |-> ##2 Transfer);

$rose(start) is a short cut for the sequence !start ##1 start © 2014 Mentor Graphics Corporation, all rights reserved.

• Some assertions require additional modeling code • In addition to the assertion constructs

Introduction to SVA

// Assert that the FIFO controller cannot overflow nor underflow

put get

data_in

clk rst_n

data_out

FIFO

full empty

Controller

clk rst_n


// assertion modeling code – not part of the design `ifdef ASSERT_ON int cnt = 0; always @(posedge clk) if (!rst_n) cnt <= 0; else cnt <= cnt + put – get; // assert no overflow assert property (@posedge clk disable iff (!rst_n) !((cnt + put – get) > `DEPTH)); // assert no underflow assert property (@posedge clk disable iff (!rst_n) !((cnt + put) < get)); `endif

Introduction to SVA


SVA Does and Don’ts • Never assert a sequence!

assert property (@posedge clk) (req ##1 grnt ##1 done));

• This says every clock we see req, followed by gnt, followed by done •

• The correct way to do this is with an implication operator:

assert property (@posedge clk) (req |=> grnt ##1 done));

• It’s ok to cover a sequence • It’s ok to assert a forbidden sequence using not

assert property (@posedge clk) not (req ##1 grnt ##1 done)); © 2014 Mentor Graphics Corporation, all rights reserved.

Session Recap

In this session we discussed. . .

• The structure of the SVA language • How to construct sequences • How to construct properties


Training and Consulting Resources • Mentor Graphics Training

• Scalable Verification Courses - A wide range of instructor led classes - Located in public training centers in major cities or onsite at your workplace - Web-based events with live instructors are also available.

• Mentor Graphics Consulting • Questa® Verification Methodology JumpStart • Knowledge-Sourcing Model

- Infuse knowledge into your organization while addressing your immediate product development challenges


Other Resources

• Assertion-Based Design • Harry Foster, Adam Krolnik, David Lacey • Springer, 2004

• Creating Assertion-Based IP • Harry Foster, Adam Krolnik • Springer, 2008


[email protected] | www.verificationacademy.com

Assertion-Based Verification Introduction to SVA

Harry Foster Chief Scientist Verification

course assertion-based verification session3 introduction to systemverilog assertions hfoster

Documents