13 Assertions PDF

SystemVerilog Verification
Lecture 12
Assertions
2/5/2013
Krispan Inc. Confidential
Assertions
What is an assertion?
In Simple English, it is just a statement or a declaration.
A bowler, says Howzzzaaat? When he bowls an inswinger that hits the batsmans pad. The Howzzzaat is
an assertion. When, the umpire raises his finger, the
assertion is Validated, based on a property.
That property is that If a batsman blocks a ball that was
heading to the wicket with his Legs, then he is OUT.
Properties can be quite complicated in Cricket, There are
multiple ways a batsman can be out! What are some
other simple properties?
2/5/2013
SystemVerilog Assertions
Assertions are used to check the behavior of a system.

Assertions are used for description of property of a design
If the property you are checking fails then the assertion fails
If the property that is forbidden from happening in the
design, happens during simulation then the assertion fails.
A list of properties can be inferred from the functional
specification of the design
These properties can be converted to assertions and
monitored continuously during simulations.
Assertions have been used since a very long time in the
design verification process and have been written in verilog
2/5/2013
SVA
Assertions are like monitors and checkers
You can also use a high level language like C C++ to write
assertions
vcs provides two constructs assert and expect to check the
behavior of the DUT from within the TestBench
assert construct is used to check the behavior of the property you are
checking during the current simulation time
expect construct is used to check the behavior of the property you are
checking over many clock cycles.
Syntax is
[label:] assert (expression) [action block] [else statement]
[label:] expect (property spec) [action block] [else statement]
2/5/2013
SVA example
Check SVA (SystemVerilog assertions)
program automatic test (arbiter_if.TEST arbif);
//synchronosly drive request
initial begin
arbif.cb.req <= 1;
//dont forget to use cb in signal reference
repeat (2) @arbif.cb;
arb1 : assert (arbif.cb.gnt == 1); //SystemVerilog assertion
end
endprogram
If SVA succeeds, then the clause after the assert keyword is executed
If it fails then it checks for else clause and executes it if it exists. If
there is no else clause it prints an error. In the example above since
there is no else clause it will print an error .
2/5/2013
SVA example
We can add the optional else clause if we want to add some custom
messages
You can use $info, $warn, $error and $failure for reporting messages
program automatic test (arbiter_if.TEST arbif);
initial begin
arbif.cb.req <= 1;
repeat (2) @arbif.cb;
arb1 : assert (arbif.cb.gnt == 1); //SystemVerilog assertion
else
$error ( grant failed)
end
.
endprogram
2/5/2013
SystemVerilog scheduling
2/5/2013
SystemVerilog Scheduling
There are 3 regions which are involved in the
evaluation and execution of the assertions
Preponed
Assertion variable values are sampled in this region. Since we are
sampling variables they cannot change state and must be stable.
Observed
All the property expressions are evaluated in this region. For e.g.
assert (arbif.cb.gnt == 1); property is evaluated here
Reactive
The property evaluation results are scheduled in this region. For
e.g. the pass fail results of the evaluation of arb.cb.gnt ==1 are
scheduled in this region.
2/5/2013
SVA
2 types of SystemVerilog Assertions Concurrent and
Immediate assertions
Concurrent Assertions
Based on clock cycles
Variables are sampled in the preponed region
Test Expressions are evaluated in the observed region based on
the value of the variables
Can be placed in procedural blocks, modules, interface or program
definition
Can be used with both static(formal verification) and dynamic
verification simulation tools
2/5/2013
SVA
e.g. of concurrent assertions
y_xor_z: assert property ( (@posedge clk) (y ^ z));
Important point to note is that the property is being evaluated on
every positive edge of clock irrespective of whether y or z changes.
In the waveform all successes are shown with an up arrow and all
failures are shown with a down arrow.
Immediate Assertions
Based on Simulation event schematics
Should be placed in a procedural block
Test expression is evaluated immediately in the procedural
block. Useful for checking combinatorial expressions
2/5/2013
10
Immediate Assertions
Immediate Assertions continued
Used only in dynamic simulations.
Keyword that differentiates Immediate from concurrent is
the keyword property
always_comb
begin
y_xor_z: assert (y ^ z);
end
Immediate assertion is written as part of a procedural block

and executes whenever there is a change in x or y.
2/5/2013
11
Building blocks for SVA

sequence name_of_sequence;
<test expression>;
endsequence
Logical events which are expressed as test expressions can be

evaluated every clock cycle or they could be evaluated over a
period of time involving multiple clocks. These events in SVA
are represented using the keyword sequence.
sequence s1;
@(posedge clk) x;
endsequence
sequence s1 checks if x is high on every posedge clock. If not

assertion fails
2/5/2013
12

Sequences can be combined logically to create more
complex sequences
SVA uses the keyword property to represent these
complex sequences
property name_of_property;
<test expression>;
endproperty
Property has to asserted to be verified during simulation

SVA provides a keyword assert to check the property
2/5/2013
13

assertion_name: assert property (property_name);
For e.g. let us take the case of the arbiter where we have two
requests (req0 and req1) and two grants (gnt0 and gnt 1). We
should assert indicating an error when both gnt0 and gnt1 is 1
Illegal_gnt: assert property (gnt_property);
property gnt_property;
(@(posedge clk) !(gnt0 & gnt1));
endproperty
SVA provides a way to asynchronously disable an assertion

during reset using disable the keyword disable iff. You can use
this statement inside the property block
(@(posedge clk) disable iff (~rst_n)!(gnt0 & gnt1));
2/5/2013
14
Coverage for Assertions

A cover statement can be used along with the same syntax
for assert in order to get a coverage report of that assertion
at the end of the simulation. The simulation tool should
report the number of attempts and the number of Passes.
property p1;
< - Property of Assertion - >
endproperty
a1: cover assert property (p1);
a1: assert property (p1);
$display (assertion a1 passed \n);
else
$display (assertion a1 failed \n);
2/5/2013
15
Sequence with edge definitions

SVA has built in edge expressions lets you monitor
the transition of a signal from one clock to the next.
$rose (Boolean expression or signal name)
This is true if LSB of signal or expression changed to 1.
$fell (Boolean expression or signal name)

This is true if LSB of signal or expression changed to 0.
$stable (Boolean expression or signal name)

This is true if value of signal or expression did not change.
sequence s1;
@(posedge clk) $rose (x);
endsequence
Checks that x transitions to a value of 1 on every clock cycle.

2/5/2013
16
Sequences with timing

relationships
In SVA clock cycle delays are represented by ## sign. For e.g.
##5 means 5 clock cycle delay
sequence s1;
@(posedge clk) x ##5 y;
endsequence
If signal y is not asserted after 5 clock cycles of x then the

assertion fails. Note that the assertion starts at the
posedge of clock. If x is not high then the assertion fails
right there. If x is high then after 5 clock delays y should be
high.
2/5/2013
17
Implication operator
property p1;
@(posedge clk) x ##5 y;
endproperty
else
Property looks for a valid start of sequence on every clock cycle and in this
case, x to be high on every clock cycle. If x is not high then an error is
given by the checker which may not be of interest to us because that may
produce a lot of errors. We are only interested in the case where y is 1, 5
clock cycles after x is 1 and if x is 0 we are not interested. So we can use
an implication operator which is like an if else clause.
2/5/2013
18
There are two types overlapped and non overlapped
Overlapped implication operator |->
property p1;
@(posedge clk) x |-> y;
endproperty
else
In this case a real success is when x is high and y is high on the same clock
cycle.
A vacuous success is where x is not high and the assertion succeeded by
default
2/5/2013
19
Non overlapped implication |=>
property p1;
@(posedge clk) x |=> y;
endproperty
else
In this case a real success is when x is high and y is high one

clock cycle after that.
A vacuous success is where x is not high and the assertion
succeeded by default
2/5/2013
20
Implication with a fixed delay

property p1;
@(posedge clk) x |-> ##5 y;
endproperty
else
In this case a real success is when x is high and y is high 5 clock cycle later.
default
2/5/2013
21
Timing windows
property p1;
@(posedge clk) (x && z) |-> ##[1:3] y;
endproperty
else
In this case a real success is when the Boolean expression (x&&z) is 1 and
y is high 1 to 3 clock cycle later.
A vacuous success is where the Boolean expression is not high and the
assertion succeeded by default
2/5/2013
22
Indefinite time window

property p1;
@(posedge clk) x |-> [1:$] y;
endproperty
else
In this case a real success is when x is 1 and y is eventually high starting
from the next clock cycle.
A vacuous success is where the bole expression is not high and the
assertion succeeded by default
2/5/2013
23
Indefinite time window

property p1;
@(posedge clk) x |-> ## [1:$] y ## [ 0:5] z;
endproperty
else
In this case a real success is when x is 1 and y is eventually high starting
from the next clock cycle and when y is high z is evaluated starting from
the same clock cycle.
default
2/5/2013
24
$past construct
Syntax is
$past(signal name, number of clock cycles)
property p1;
@(posedge clk) (x && y) |-> ($past((c && d), 2) == 1);
endproperty
else
Property p1 checks if the Boolean expression (x&&y) is true in the current

clock cycle. If the expression x&&y is true then 2 clocks before that was
the expression c&&d true.
2/5/2013
25
Repetition operators
SVA provides 3 types of repetition operators. Consecutive, go to and nonconsecutive repetition.
Consecutive repetition
Signal or sequence [*n] where n is the number of times the sequence
or signal should match repeatedly
go to operator
Signal [-> n] where n specifies the no of times the sequence or signal
should match not necessarily on consecutive clock cycles.
The last match for the go to should happen in the clock cycle before
the end of the entire sequence matching
Non-consecutive repetition
Signal or sequence [=n] similar to go to except that it does not require
that the last match happen in the clock cycle before the end of the
entire sequence matching
2/5/2013
26
property no_two_ads;
disable iff (~reset) @(posedge clk) not (ads[*2]) ;
endproperty
a1: assert property (no_two_ads);
else
Whenever there are 2 non consecutive address strobes then

assertion passes. If there are consecutive address strobes on
consecutive clocks then the assertion fails so this way we can
check for consecutive address strobes.
2/5/2013
27
property p1;
@(posedge clk) $rose (start) |-> ##5 (a[*2] ) ##1 (stop) ##1 (!stop);
endproperty
else
Property checks 5 clocks after start signal a remains high for 2

continuous clock cycles and 1 clock after that signal stop is high and 1
clock after that signal stop is low.
A vacuous success is where start is not high and the assertion succeeded
by default
2/5/2013
28
Go to example:
property p1;
@(posedge clk) $rose (start) |-> ##5 (a[->2] ) ##1 (stop) ;
endproperty
else
Property checks for start signal to be high on every posedge of clock. If

start is high 5 clock cycles later signal a will go high 2 times continuously
or intermittently before there is a valid stop signal
by default
2/5/2013
29
Example non consecutive repetition
property p1;
@(posedge clk) $rose (start) |-> ##5 (a[=2] ) ##1 (stop) ##1 (!stop) ;
endproperty
else
Property checks for start signal to be high on every posedge of clock. If

start is high 5 clock cycles later signal a will go high 2 times continuously
or intermittently before there is a valid stop signal
by default
2/5/2013
30
Throughout construct
The throughout construct is used to make sure certain condition holds true during
the evaluation of the entire sequence.
----------------------------------------------------------------------------------------------
property p1;
@(posedge clk) $rose (start) |-> (start) throughout ( ##5 (a[*2] ) ##1 (stop) ##1 (!stop) );
endproperty
Else
----------------------------------------------------------------------------------------------
Property checks 5 clocks after start signal a remains high for 2 continuous clock
cycles and 1 clock after that signal stop is high and 1 clock after that signal stop is
low. During the entire test expression start should remain high.
A vacuous success is where start is not high and the assertion succeeded by
default
2/5/2013
31
The and operator

sequence s1;
@(posedge clk) a ##5 b;
endsequence
sequence s2;
@(posedge clk) c ##5 d;
endsequence
property p1 ;
@(posedge clk) s1 and s2;
endsequence
Sequences s1 and s2 are two independent sequences. Property p1

combines them with the and operator and succeeds when both s1 and s2
succeed.
2/5/2013
32
The or operator
sequence s1;
endsequence
sequence s2;
endsequence
property p1 ;
@(posedge clk) s1 or s2;
endsequence

combines them with the or operator and succeeds when either s1 ors2
succeed.
2/5/2013
33
The intersect operator

sequence s1;
endsequence
sequence s2;
endsequence
property p1 ;
@(posedge clk) s1 intersect s2;
endsequence

combines them with the intersect operator. It is similar to the and
construct with one additional requirement. Both sequences need to start
and stop at the same time. Length of both sequences must be same.
2/5/2013
34
First match construct

sequence s1;
endsequence
sequence s2;
endsequence
property p1 ;
@(posedge clk) first_match (s1 or s2);
endsequence

combines them with the or operator first match construct. and succeeds
when either s1 ors2 succeed only the first time. All other matches are
discarded
2/5/2013
35
Within construct
Within construct.
If there are two sequences s1 and s2 and you have the
construct
s1 within s2
Starting matching point of s2 should happen before the

starting matching point of s1
Ending matching point of s1 should happen before ending
matching point of s2.
2/5/2013
36
Within Construct
sequence s1;
endsequence
sequence s2;
endsequence
property p1 ;
@(posedge clk) s1 within s2;
endsequence
Starting matching point of s2 which is c being 1 on posedge clock should happen before
the starting matching point of s1 which is a being 1 on posedge of clock
Ending matching point of s1 which is b being high should happen before ending
matching point of s2 which is d being high
2/5/2013
37
Built in system functions

$onehot(expression)
Checks to see if the expression is one hot i.e. only one bit in the
expression is high on any clock cycle
$onehot0(expression)
Checks to see if the expression is one hot zero i.e. only one bit in the
expression is high on any clock cycle or none of the bits are high on
any given clock edge
$isunknown(expression)
Checks to see if any bit in the expression is X or Z.
$countones(expression)
Count the no of bits that are high in an expression
2/5/2013
38
Built in System functions

a1: assert property
(@(posedge clk) $onehot(state) );
endproperty
a2: assert property
(@(posedge clk) $onehot0(state) );
endproperty
a3: assert property
(@(posedge clk) $isunknown(bus) );
endproperty
a4: assert property
(@(posedge clk) $countones(bus) > 1 );
endproperty
2/5/2013
39
Assertions Assignment
Add Assertions to Project 2 for the following
Assert when the 3 FIFOs overflow or underflow.
Catch the condition where a command of 11 is received
by the DUT.
How can you verify mutually exclusive statements? and
use it to check if the full and empty ever occur
simultaneously.
Create an assertions sequence to check that the busy
signal is asserted only when all the FIFOs are full, and later
when the FIFO is Not full, it is de-asserted.
Also, write an assertion to check, that the DUT does not
assert an output_valid, when the output_busy is asserted.
2/5/2013
40

13 Assertions PDF

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

13 Assertions PDF

Uploaded by

Copyright:

Available Formats

SystemVerilog Verification

Krispan Inc. Confidential

Krispan Inc. Confidential

Assertions are used to check the behavior of a system.

Krispan Inc. Confidential

Krispan Inc. Confidential

Krispan Inc. Confidential

Krispan Inc. Confidential

Krispan Inc. Confidential

Krispan Inc. Confidential

Krispan Inc. Confidential

Krispan Inc. Confidential

Immediate assertion is written as part of a procedural block

Krispan Inc. Confidential

Building blocks for SVA

Logical events which are expressed as test expressions can be

sequence s1 checks if x is high on every posedge clock. If not

Krispan Inc. Confidential

Building blocks for SVA

Property has to asserted to be verified during simulation

Krispan Inc. Confidential

Building blocks for SVA

SVA provides a way to asynchronously disable an assertion

(@(posedge clk) disable iff (~rst_n)!(gnt0 & gnt1));

Krispan Inc. Confidential

Coverage for Assertions

Krispan Inc. Confidential

Sequence with edge definitions

$fell (Boolean expression or signal name)

$stable (Boolean expression or signal name)

Checks that x transitions to a value of 1 on every clock cycle.

Krispan Inc. Confidential

Sequences with timing

If signal y is not asserted after 5 clock cycles of x then the

Krispan Inc. Confidential

Krispan Inc. Confidential

Krispan Inc. Confidential

In this case a real success is when x is high and y is high one

Krispan Inc. Confidential

Implication with a fixed delay

Krispan Inc. Confidential

Krispan Inc. Confidential

Indefinite time window

Krispan Inc. Confidential

Indefinite time window

Krispan Inc. Confidential

Property p1 checks if the Boolean expression (x&&y) is true in the current

Krispan Inc. Confidential

Krispan Inc. Confidential

Whenever there are 2 non consecutive address strobes then

Krispan Inc. Confidential

Property checks 5 clocks after start signal a remains high for 2

Krispan Inc. Confidential

Property checks for start signal to be high on every posedge of clock. If

Krispan Inc. Confidential

Property checks for start signal to be high on every posedge of clock. If

Krispan Inc. Confidential

Krispan Inc. Confidential

The and operator

Sequences s1 and s2 are two independent sequences. Property p1

Krispan Inc. Confidential

Sequences s1 and s2 are two independent sequences. Property p1