SystemVerilog Assertions (SVA) Introduction

Introduction to SystemVerilog Assertions (SVA) Lecture Overview Introduction to SystemVerilog Assertions (SVA) In this lecture, you will. . .  Learn the structure of the SVA language  Learn how to construct sequence Harry D. Foster  Learn how to construct properties Chief Scientist Verification IC Verification Solutions Division  Apply SVA on real examples February 2020  Exercises  Summary 2 2 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation HF, UT Austin, Feb 2020 SystemVerilog Assertions  SVA is based on linear temporal logic (LTL) built over sublanguages of regular expressions.  Most engineers will find SVA sufficient to express most LINEAR FORMALISM common assertions required for hardware design. Brief Review of LTL and Introduction of Regular Expressions © Mentor Graphics Corporation 4 4 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 1 HF, UT Austin, Feb 2019 © Mentor Graphics Corporation Introduction to SystemVerilog Assertions (SVA) What We can Express in LTL What We can Express in LTL  F p – sometimes (i.e., eventually) p holds.  All Boolean logic propositions - p “eventually process 2 will enter the critical section” “Process 2 is in the critical section” Fp p  X p – p holds in the next state. “Process 2 will be in the critical section in the next state” Xp • G p – always (i.e., globally) p holds. “process 1 and 2 are always mutually exclusive” p Gp 5 5 © Mentor Graphics Corporation H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 6 6 What We can Express in LTL p p p p p p p p H Foster, EE 382M, Verification of Digital Systems, Spring 2018 p p © Mentor Graphics Corporation  Weak operators – X, G, W Used to express safety properties, i.e. “something bad never happens”  Strong operators – F, U Used to express liveness properties, i.e. “something good eventually happens” q  [p W q] – “p holds from now until q holds” (weak) pWq p HF, UT Austin, Feb 2020 and p holds from now until q holds” (strong) p p What We can Express in LTL  [p U q] – “q holds now or sometime in the future pUq p p p Safety properties put no obligation on the future, liveness properties do! 7 7 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 8 8 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 2 HF, UT Austin, Feb 2019 © Mentor Graphics Corporation Introduction to SystemVerilog Assertions (SVA) What We can Express in LTL What We can Express in LTL  LTL formulas can be combined using the ¬, ∧, ∨, →  LTL formulas can be combined using the ¬, ∧, ∨, → logic connectors (negation, conjunction, disjunction, implication) logic connectors (negation, conjunction, disjunction, implication) For example…. For example…. G ( request → F grant ) p p Temporal operators can be combined too… grant request p G ( request → F grant ) p p p FG p p 9 9 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation HF, UT Austin, Feb 2020 10 10 What We Cannot Express in LTL H Foster, EE 382M, Verification of Digital Systems, Spring 2018 p p © Mentor Graphics Corporation HF, UT Austin, Feb 2020 Regular Expressions  Regular expressions describe sets of finite words  Counting example: w=a1,a2,…,an . “p is asserted in every even cycle” — a1,a2,… are letters in an alphabet. All the following traces satisfy this property !p,p,!p,p,… p,p, p,p…. p,p,!p,p,p,p…  Regular expressions can express counting modulo n.  The * operator – enables counting modulo n. — (ab)* - a regular expression describing the set of words:  No LTL formula can express this property 11 11 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 12 12 – ε - (the empty word) – ab – abab – ababab….. H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 3 HF, UT Austin, Feb 2019 © Mentor Graphics Corporation Introduction to SystemVerilog Assertions (SVA) Regular Expressions What Regular Expressions Cannot Express  For reactive systems a letter in the alphabet is a Boolean expression  The behavior, “eventually p holds forever”  The set of computations satisfying “p is asserted in every even cannot be expressed by a regular expression cycle” is described by the SVA regular expression (1`b1 ## p)[*]  It can be expressed in LTL as : F G p  A regular expression by itself is not a property — Later: building properties from regular expressions in SVA 13 13 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation HF, UT Austin, Feb 2020 14 14 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation HF, UT Austin, Feb 2020 Linear Formalisms  LTL and regular expressions are linear formalisms – Linear formalisms can be used to express mainly properties that are intended to hold on all computations (i.e., executions of a design model). – Most properties required for the specification of digital designs can SVA LANGUAGE STRUCTURE be expressed using linear formalism  What cannot express in linear formalisms: “There exists a computation in which eventually p holds forever” – 15 15 LTL implicitly quantifies universally over paths H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation © Mentor Graphics Corporation HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 4 HF, UT Austin, Feb 2019 Introduction to SystemVerilog Assertions (SVA) SVA Language Structure Assertion Units SVA Language Structure assert property (@(posedge clk) disable iff (~rst_n) !(grant0 & grant1)); • Checker packaging Directives (assert, cover) • assert, assume, cover Properties Sequences (Sequential Expressions) Boolean Expressions • Specification of behavior; desired or undesired • How Boolean events are related over time Assertion Units clk Directives (assert, cover) rst_n Properties Sequences (Sequential Expressions) • True or false !(grant0 & grant1) error Boolean Expressions Note: rst_n is an active low reset in this example 17 17 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation HF, UT Austin, Feb 2020 18 18 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation HF, UT Austin, Feb 2020 SVA Language Structure  SVA provides a mechanism to asynchronously disable a property during a reset using the SVA disable iff clause MAPPING SVA INTO LTL assert property (@(posedge clk) disable iff (~rst_n) !(grant0 & grant1)); Note: rst_n is an active low reset in this example 19 19 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation © Mentor Graphics Corporation HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 5 HF, UT Austin, Feb 2019 Introduction to SystemVerilog Assertions (SVA) LTL Operators in SVA LTL Operators in SVA  All Boolean logic propositions - p  LTL: F p – eventually p holds. “Process 2 is in the critical section”  SVA: eventually p – eventually p holds (weak). “eventually process 2 will enter the critical section”  LTL: X p – p holds in the next state.  SVA: nexttime [n] p – p holds in the next state. eventually p “Process 2 will be in the critical section in the next state” nexttime p p p Note: s_eventually is a strong version of this operator in SVA. 21 21 © Mentor Graphics Corporation H Foster, EE 382M, Verification of Digital Systems, Spring 2018 22 HF, UT Austin, Feb 2020 22 LTL Operators in SVA © Mentor Graphics Corporation H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 LTL Operators in SVA  LTL: [p U q] – “q holds now or sometime in the future and • LTL: G p – always (i.e., globally) p holds. • SVA: always p – always (i.e., globally) p holds. p holds from now until q holds” (strong)  SVA: p s_until q “process 1 and 2 are always mutually exclusive” always p p p p p p p s_until q p p p p p q  LTL: [p W q] – “p holds from now until q holds” (weak)  SVA: p until q Note: there is an implicit always when asserting a property: p until q p p p p p assert property(p); 23 23 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 24 24 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 6 HF, UT Austin, Feb 2019 © Mentor Graphics Corporation p Introduction to SystemVerilog Assertions (SVA) SVA with LTL Operator Example assert property (@posedge clk disable iff (reset) $rose(req) implies !done s_until grnt); 25 25 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 SEQUENCES © Mentor Graphics Corporation © Mentor Graphics Corporation HF, UT Austin, Feb 2020 SVA Language Structure SVA Language Structure  Sequence Sequences — Temporal delay ##n with an integer n.  So far we have examined LTL-based assertions  We now we introduce SVA sequences start ##1 transfer — Multiple Boolean expressions are evaluated in a linear order of increasing time Assertion Units clk Directives (assert, cover) start Properties transfer Sequences (Sequential Expressions) Boolean Expressions 27 27 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 28 28 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 7 HF, UT Austin, Feb 2019 © Mentor Graphics Corporation Introduction to SystemVerilog Assertions (SVA) SVA Language Structure SVA Language Structure  Sequence  Sequence — Temporal delay ##n with an integer n. — Temporal delay ##[m:n] with range [m:n] start ##2 transfer 29 29 start ##[0:2] transfer clk clk start start transfer transfer H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation HF, UT Austin, Feb 2020 30 30 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 SVA Language Structure SVA Language Structure • Sequence • Consecutive repetition [*m] or range [*m:n] • Sequence • Consecutive repetition [*m] or range [*m:n] - Use $ to represent infinity - Use $ to represent infinity start[*2] ##1 transfer 31 31 start[*1:2] ##1 transfer clk clk start start transfer transfer H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 32 32 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 8 © Mentor Graphics Corporation HF, UT Austin, Feb 2020 HF, UT Austin, Feb 2019 © Mentor Graphics Corporation Introduction to SystemVerilog Assertions (SVA) SVA Language Structure SVA Language Structure • Sequence • Consecutive repetition [*m] or range [*m:n] • Sequence • Consecutive repetition [*m] or range [*m:n] - Use $ to represent infinity - Use $ to represent infinity start[*1:2] ##1 transfer start[*1:2] ##1 transfer clk clk start start transfer transfer Note: This also matches the sequence specification!!!! 33 33 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 34 HF, UT Austin, Feb 2020 34 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 SVA Language Structure SVA Language Structure • Sequence • Sequence • Non-consecutive repetition [=m] or [=m:n] • Goto non-consecutive repetition [->m] or [->m:n] start[=2] ##1 transfer start[->2] ##1 transfer clk clk start start [*] represents zero to infinity transfer 35 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation start[->2]  !start[*] ##1 start ##1 !start[*] ##1 start 36 36 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 9 HF, UT Austin, Feb 2019 [*] represents zero to infinity transfer start[=2]  !start[*] ##1 start ##1 !start[*] ##1 start ##1 !start[*] 35 © Mentor Graphics Corporation HF, UT Austin, Feb 2020 © Mentor Graphics Corporation Introduction to SystemVerilog Assertions (SVA) SVA Language Structure SVA Language Structure  Properties  Properties — Overlapping sequence implication operator |-> Assertion Units ready ##1 start |-> go ##1 done Directives (assert, cover) clk Properties ready start Sequences (Sequential Expressions) go done Boolean Expressions assertion property ( @(posedge clk) ready ##1 start |-> go ##1 done ); 37 37 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation HF, UT Austin, Feb 2020 38 38 SVA Language Structure © Mentor Graphics Corporation H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 Fair Arbitration Scheme Example  Asserting that an arbiter is fair  Properties — Non-overlapping sequence implication operator |=> — To be fair, a pending request for a particular client should ready ##1 start |=> go ##1 done — Otherwise, the arbiter unfairly issued multiple grants to a never have to wait more than two arbitration cycles different client clk ready start req[0] go req[1] done gnt[0] Arbiter gnt[1] NOTE: A |=> B is the same as A |-> ##1 B 39 39 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 40 40 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 10 HF, UT Austin, Feb 2019 © Mentor Graphics Corporation Introduction to SystemVerilog Assertions (SVA) Fair Arbitration Scheme Example Fair Arbitration Scheme Example a_0_fair: a_0_fair: assert property (@(posedge clk) disable iff (reset) req[0] |-> not (!gnt[0] throughout (gnt[1])[->2])); assert property (@(posedge clk) disable iff (reset) $rose(req[0]) |-> not (!gnt[0] throughout (gnt[1])[->2])); clk clk req[0] req[0] req[0] gnt[0] Arbiter req[1] gnt[1] req[0] gnt[0] gnt[0] Arbiter req[1] gnt[1] gnt[1] 41 41 gnt[1] © Mentor Graphics Corporation H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 42 42 Fair Arbitration Scheme Example © Mentor Graphics Corporation H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 Fair Arbitration Scheme Example a_0_fair: a_1_fair: assert property (@(posedge clk) disable iff (reset) $rose(req[0]) |-> not (!gnt[0] throughout (gnt[1])[->2])); assert property (@(posedge clk) disable iff (reset) $rose(req[1] |-> not (!gnt[1] throughout (gnt[0])[->2])); clk clk req[0] req[0] req[1] req[1] gnt[0] Arbiter gnt[1] req[0] gnt[0] req[1] gnt[0] Arbiter gnt[1] 43 43 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 HF, UT Austin, Feb 2019 gnt[1] gnt[0] gnt[1] © Mentor Graphics Corporation 44 44 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 11 gnt[0] © Mentor Graphics Corporation Introduction to SystemVerilog Assertions (SVA) SVA Language Structure SVA Language Structure  Named sequences and properties  Named properties and sequences — To facilitate reuse, properties and sequences can be declared and then referenced by name — Can be declared with or without parameters sequence s_op_retry; (req ##1 retry); endsequence sequence s_op_retry; (req ##1 retry); endsequence sequence s_cache_fill(req, done, fill); (req ##1 done [=1] ##1 fill); endsequence 45 45 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation HF, UT Austin, Feb 2020 sequence s_cache_fill(rdy, done, fill); (rdy ##1 done [=1] ##1 fill); endsequence assert property ( @(posedge clk) disable iff (reset) s_op_retry |=> s_cache_fill (my_rdy,my_done,my_fill)); 46 46 SVA Language Structure SVA Language Structure  Named properties and sequences  Action blocks assert property ( @(posedge clk) disable iff (reset) !(grant0 & grant1) ) else begin // action block fail statement $error(“Mutex violation with grants.”); end assert property (p_en_mutex(bus_en0, bus_en1)); 47 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 48 48 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 12 HF, UT Austin, Feb 2019 © Mentor Graphics Corporation — An SVA action block specifies the actions that are taken upon success or failure of the assertion — The action block, if specified, is executed immediately after the evaluation of the assert expression property p_en_mutex(en0, en1); @(posedge clk) disable iff (reset) ~(en0 & en1); endproperty 47 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation Introduction to SystemVerilog Assertions (SVA) SVA Language Structure The need for $rose system function  You must be precise when specifying!  System functions assertion property ( @(posedge clk) start |-> ##2 Transfer); • $rose( expression ) • $fell( expression ) clk • $stable( expression ) start • $past( expression [, number_of_ticks] ) transfer 49 49 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation HF, UT Austin, Feb 2020 50 50 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 Eliminates multiple matches SVA Language Structure  You must be precise when specifying!  System functions assertion property ( @(posedge clk) $rose(start) |-> ##2 Transfer); © Mentor Graphics Corporation HF, UT Austin, Feb 2020 • $onehot (<expression>) - Returns true if only one bit of the expression is high • $onehot0 (<expression>) clk - Returns true if at most one bit of the expression is high start • $isunknown (<expression>) - Returns true if any bit of the expression is X or Z - This is equivalent to ^<expression> === ’bx transfer $rose(start) is a short cut for the sequence !start ##1 start 51 51 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 52 52 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 13 HF, UT Austin, Feb 2019 © Mentor Graphics Corporation Introduction to SystemVerilog Assertions (SVA) Introduction to SVA Introduction to SVA  Some assertions require additional modeling code — In addition to the assertion constructs // assertion modeling code – not part of the design ìfdef ASSERT_ON int cnt = 0; always @(posedge clk) if (!rst_n) cnt <= 0; else cnt <= cnt + put – get; LIFO clk clk rst_n rst_n Controller put A data_out data_in full get A // assert no LIFO overflow empty assert property (@posedge clk disable iff (~rst_n) !((cnt + put – get) > `DEPTH)); // assert no LIFO underflow assert property (@posedge clk disable iff (!rst_n) !((cnt + put) < get)); èndif // Assert that the LIFO controller cannot overflow nor underflow Note: rst_n is an active low reset in this example 53 53 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation HF, UT Austin, Feb 2020 54 54 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation HF, UT Austin, Feb 2020 SVA Does and Don’ts  Never assert a sequence! assert property (@posedge clk) (req ##1 grnt ##1 done)); — This says every clock we see req, followed by gnt, followed by done — — The correct way to do this is with an implication operator: assert property (@posedge clk) (req |=> grnt ##1 done));  It’s ok to cover a sequence  It’s ok to assert a forbidden sequence using not BUS-BASED DESIGN EXAMPLE assert property (@posedge clk) not (req ##1 done ##1 grant)); 55 55 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation © Mentor Graphics Corporation HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 14 HF, UT Austin, Feb 2019 Introduction to SystemVerilog Assertions (SVA) Bus-Based Design Example Nonpipelined Bus Interface clk rst_n sel[0] en CPU 1 Bridge CPU 2 Bus A Arbiter Control UART Datapath LIFO I/F I/F addr I/F I/F write Bus B rdata Datapath Memory Controller Graphics Controller LIFO wdata Master Timer Slave 0 Note: rst_n is an active low reset in this example 57 57 © Mentor Graphics Corporation H Foster, EE 382M, Verification of Digital Systems, Spring 2018 58 HF, UT Austin, Feb 2020 58 Non-Burst Write Transaction 0 1 Non-Burst Read Transaction 2 3 0 4 Addr 1 addr write sel[0] sel[0] en 59 3 4 Addr 1 INACTIVE H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 START Data 1 rdata ACTIVE INACTIVE © Mentor Graphics Corporation BUS STATE 60 60 INACTIVE H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 15 2 en Data 1 wdata 59 1 addr write BUS STATE © Mentor Graphics Corporation H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 HF, UT Austin, Feb 2019 START ACTIVE INACTIVE © Mentor Graphics Corporation Introduction to SystemVerilog Assertions (SVA) Conceptual Bus States INACTIVE Interface Requirements Property Name no transfer Description Bus legal treansitions sel[0] == 0 en == 0 setup INACTIVE p_state_reset_inactive Initial state after reset is INACTIVE p_valid_inactive_transition INACTIVE is followed by INACTIVE or START p_valid_start_transition START is followed by ACTIVE sel[0] == 0 en == 0 setup START no transfer sel[0] == 1 en == 0 p_valid_active_transition ACTIVE is followed by INACTIVE or START START p_no_error_state Bus state must be valid: sel[0] == 1 en == 0 Bus stable signals transfer no transfer transfer setup ACTIVE !(se==0 & en==1) p_sel_stable Slave select signals remain stable from START to ACTIVE p_addr_stable Address remains stable from START to ACTIVE p_write_stable Control remains stable from START to ACTIVE p_wdata_stable Data remains stable from START to ACTIVE setup ACTIVE sel[0] == 1 en == 1 sel[0] == 1 en == 1 61 61 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation 62 HF, UT Austin, Feb 2020 62 Use Modeling Code to Simplify Coding H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation HF, UT Austin, Feb 2020 SVA Examples ìfdef ASSERTION_ON //Map bus control values to conceptual states if (~rst_n) begin bus_reset = 1; bus_inactive = 1; bus_start = 0; bus_active = 0; bus_error = 0; end else begin bus_reset = 0; bus_inactive = ~sel & ~en; bus_start = sel & ~en; bus_active = sel & en; bus_error = ~sel & en; end èndif 63 63 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 property p_valid_inactive_transition; @(posedge clk) disable iff (bus_reset) ( bus_inactive) |=> ((bus_inactive) || (bus_start)); endproperty a_valid_inactive_transition: INACTIVE sel[0] == 0 en == 0 no transfer HF, UT Austin, Feb 2019 sel[0] == 0 en == 0 setup property p_valid_start_transition; START no transfer sel[0] == 1 en == 0 transfer @(posedge clk) disable iff (bus_reset) (bus_start) |=> (bus_active); setup sel[0] == 1 en == 1 sel[0] == 1 en == 1 a_valid_start_transition: 64 64 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 sel[0] == 1 en == 0 ACTIVE assert property (p_valid_start_transition); © Mentor Graphics Corporation START transfer endproperty ACTIVE © Mentor Graphics Corporation 16 INACTIVE assert property (p_valid_inactive_transition); setup © Mentor Graphics Corporation setup Introduction to SystemVerilog Assertions (SVA) Instantiating Assertions within Modules module bus_controller (. . .); ... always (@posedge clk) begin .... end CHECKER PACKAGING always (@posedge clk) begin .... Implicit always end assert property (p_valid_start_transition); endmodule 65 65 © Mentor Graphics Corporation © Mentor Graphics Corporation H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 SVA Language Structure Assertion Units SVA Checker • Checker packaging Directives (assert, cover) • assert, assume, cover Properties Sequences (Sequential Expressions) Boolean Expressions • Specification of behavior; desired or undesired • How Boolean events are related over time • True or false Source: Dmitry Korchemny, “SystemVerilog Assertions for Formal Verification,” HVC2013 67 67 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 68 68 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 17 HF, UT Austin, Feb 2019 © Mentor Graphics Corporation Introduction to SystemVerilog Assertions (SVA) Binding Checkers EXERCISES Source: Dmitry Korchemny, “SystemVerilog Assertions for Formal Verification,” HVC2013 69 69 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation © Mentor Graphics Corporation HF, UT Austin, Feb 2020 Ex.1: Simple Shift Buffer Example Ex.1: Signal is Valid After Reset  After reset, the input d_in should never be unknown.  After reset, the input d_in should never be unknown. a_d_in_never_x: assert property (@(posedge clk) disable iff (reset) (d_in !== 1’bx)); © Mentor Graphics Corporation 71 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 72 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 18 HF, UT Austin, Feb 2019 Introduction to SystemVerilog Assertions (SVA) Ex.2: One-Cold State Machine Ex.2: One-Cold FSM  After reset, state[7:0] must have only a single bit low.  After reset, state[7:0] must have only a single bit low. state: 11101111, 1011111, 0111111, 11111110, … state: 11101111, 1011111, 0111111, 11111110, … a_one_cold_fsm: assert property (@(posedge clk) disable iff (reset) $onehot(~state)); © Mentor Graphics Corporation 73 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 74 HF, UT Austin, Feb 2020 Ex.3: Simple Handshaking Protocol Ex.3: Simple Handshaking Protocol  Whenever start is high, then start must be low in the next  Whenever start is high, then start must be low in the next cycle and remain low until after the next strictly subsequent cycle in which complete is high. cycle and remain low until after the next strictly subsequent cycle in which complete is high.  complete may not be high unless start was high in a  complete may not be high unless start was high in a preceding cycle and complete was not high in any of the intervening cycles. preceding cycle and complete was not high in any of the intervening cycles. a_no_start: assert property (@(posedge clk) disable iff (reset) start |=> !start throughout complete[->1] ); a_no_complete: assert property (@(posedge clk) disable iff (reset) complete |=> !complete throughout start[->1] ); © Mentor Graphics Corporation 75 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 76 HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 19 HF, UT Austin, Feb 2019 Introduction to SystemVerilog Assertions (SVA) Ex.4 Stack (LIFO) Ex.4 Stack (LIFO)  A LIFO contains the following controls:  A LIFO contains the following controls: — put : add data to LIFO — get : remove data from LIFO — cnt counter that points to the next available location in the LIFO (4’b1000 represents full) — put : add data to LIFO — get : remove data from LIFO — cnt counter that points to the next available location in the LIFO (4’b1000 represents full) 7 cnt  6 5  It is not possible to overflow the LIFO 4 (@(posedge clk) disable iff (reset) 3 3 !(cnt == 4’b1000 & put & !get) 2 2 ); 1 1 0 0 © Mentor Graphics Corporation 77 © Mentor Graphics Corporation HF, UT Austin, Feb 2020 78 HF, UT Austin, Feb 2020 Ex.4 Stack (LIFO)  A LIFO contains the following controls: — put : add data to LIFO — get : remove data from LIFO — cnt counter that points to the next available location in the LIFO (4’b1000 represents full) 7 cnt  6 SUMMARY 5 a_no_underflow: assert property 4 (@(posedge clk) disable iff (reset) 3 !(cnt == 4’b0000 & !put & get) 2 ); 1 0 © Mentor Graphics Corporation 79 © Mentor Graphics Corporation HF, UT Austin, Feb 2020 © Mentor Graphics Corporation 20 HF, UT Austin, Feb 2019 6 5 a_no_overflow: assert property 4  It is not possible to underflow the LIFO 7 cnt  Introduction to SystemVerilog Assertions (SVA) Lecture Recap More Info on Industry Verification Trends In this lecture, I discussed. . .  http://go.mentor.com/55d6T  Discussed the structure of the SVA language  Discussed how to construct sequence  Discussed how to construct properties  Demonstrate SVA on real examples  Discussed Checkers and Bind  Exercises  Summary 81 81 H Foster, EE 382M, Verification of Digital Systems, Spring 2018 © Mentor Graphics Corporation © Mentor Graphics Corporation HF, UT Austin, Feb 2020 82 HF, UT Austin, Feb 2020 www.mentor.com © Mentor Graphics Corporation © Mentor Graphics Corporation 21 HF, UT Austin, Feb 2019

SystemVerilog Assertions (SVA) Introduction

Products

Support

SystemVerilog Assertions (SVA) Introduction

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib