Introduction to System Verilog Assertions Erik Seligman CS

Agenda § § § Introduction: What Is An Assertion? SVA Overview Boolean Layer Sequence

What is an Assertion? § Statement about your RTL § “Executable Comment” § Usable

Who Creates Assertions? § RTL Authors • Recommend: enable/teach to all designers • Write

Other Assertion Statements § Assumptions • = Assertion used as FPV constraint • In

SVA Assertion Language § Part of p 1800 System. Verilog Standard • SVA popular

Types of SVA Assertions § Immediate assertions A 1: assert (foo && bar ||

Clocks and Resets § Feature of concurrent assertions § Clocks can be explicit, or

Assumes and Covers § Only for concurrent assertions • Immediate assume/cover added in 2009

Comments on Layers § § Booleans: simple expressions Sequences: set of booleans over time

Boolean Expressions in Assertions § Just use directly § Immediate Assertion a 1: assert

Examples in context always @(*) begin // watch out for glitches! a 1: assert

Sequences § Usable only in concurrent assertion § Inherit clock from usage • Default

Sequence Examples foo ##1 bar ##1 baz (foo ##1 bar) or (foo ##1 baz)

Sequence Examples foo ##1 bar ##1 baz § foo, then bar, then baz (foo

Other Useful Building Blocks § In bounds, ‘$’ = infinity foo[*3: $] ##1 bar

Named Sequences sequence s 1(a); a ##1 foo; endsequence § Then the following are

Asserting a Sequence § What does this mean? assert property (foo ##1 bar); §

Creating Properties § Basic operation: triggered implication seq |-> prop // overlapping seq |=>

Property Examples foo |=> bar foo ##1 bar |-> baz foo [*5] |-> not

Property Examples foo |=> bar § If we see foo, we see bar the

Named Properties § Similar to named sequences property p 1(e 1, e 2); e

Property operators § AND, OR, NOT available • Don’t confuse with boolean &&, ||,

Other Useful Building Blocks § $onehot ( expr ) • true if exactly one

Immediate Assertions Are Glitchy! always @(a or b) a 1: assert (a==b); always @(a)

Watch Those Parentheses § SVA syntax is fussy • Legal: assert property (foo |=>

AND vs INTERSECT § Two similar sequence ops § AND = same start seq

Sequences vs Properties § A sequence is a property… BUT • The property is

Be Careful With $stable, etc § $stable, $changed, $past see previous values § But

Triggered Implication § How to read a |-> b? • “a implies b”? Not

Negating Properties § What does not (a |-> b) mean? • Doesn’t mean: b

Make Assertions Part of the Design Process § Define standard assertion note // Assertion

References / Further Reading • http: //www. chipdesignmag. com/display. php? article. Id=1448&issue. Id=23 •

Slides: 46

Download presentation

Introduction to System Verilog Assertions Erik Seligman CS 510, Lecture 8, January 2009

Agenda § § § Introduction: What Is An Assertion? SVA Overview Boolean Layer Sequence Layer Property Layer Gotchas

What is an Assertion? § Statement about your RTL § “Executable Comment” § Usable both in simulation and formal • Simulation: check if vectors obey • Formal: mathematically prove

Who Creates Assertions? § RTL Authors • Recommend: enable/teach to all designers • Write assertions during RTL creation • Part of design process, like comments § Validators • Include assertions in testplans § FEV • Create assertions for FEV constraints

Other Assertion Statements § Assumptions • = Assertion used as FPV constraint • In simulation treated like regular assert § Cover point (“Anti-Assertion”) • Condition you want to see in some test • Useful for checking completeness of env – Simulation: monitor cumulative coverage of tests – Formal: make sure covers reachable under constraints § General term “assertion statement” includes assumes and covers • To avoid long-windedness in discussions

Agenda § § § Introduction: What Is An Assertion? SVA Overview Boolean Layer Sequence Layer Property Layer Gotchas

SVA Assertion Language § Part of p 1800 System. Verilog Standard • SVA popular even if SV not used for design § This lecture covers 2005 syntax • Currently implemented in most tools • 2009 syntax improves, but not official yet! § SVA assertions are part of language • May include in design, or ‘bind’ external file • Assertions appear within module

Types of SVA Assertions § Immediate assertions A 1: assert (foo && bar || baz); • Boolean only, no clocks or reset • Usable in arbitrary procedures, functions § Concurrent assertions A 2: assert property (@(posedge clk) disable iff (rst) (foo ##1 bar |=> baz)); • Full use of sequences & properties • Limited legal locations in procedural code • Usable outside procedures

Clocks and Resets § Feature of concurrent assertions § Clocks can be explicit, or • May inherit from default clocking statement default clocking @(posedge clk) endlocking; • May inherit from enclosing always @(posedge clk …) § Reset (‘disable iff’) explicitly, or • May inherit from enclosing always @(posedge clk or posedge rst) … • No default for reset, but added in SVA 2009

Assumes and Covers § Only for concurrent assertions • Immediate assume/cover added in 2009 § Change ‘assert’ keyword § Examples AS 1: assume property (@(posedge clk) disable iff (rst) (foo ##1 bar |=> baz)); C 1: cover property (@(posedge clk) disable iff (rst) (foo ##1 bar ##1 baz));

SVA assertion layers

Comments on Layers § § Booleans: simple expressions Sequences: set of booleans over time Properties: implications of sequences Assertion statements: actual usage in code • Bool, seq, prop does nothing unless in an assertion statement – Immediate: assert <bool> – Concurrent: assert property…, assume property…, cover property…

Agenda § § § Introduction: What Is An Assertion? SVA Overview Boolean Layer Sequence Layer Property Layer Gotchas

SVA assertion layers

Boolean Expressions in Assertions § Just use directly § Immediate Assertion a 1: assert (foo && bar || baz); • Checked when reached in code § Concurrent assertion a 2: assert property (foo && bar || baz); • Checked at each clock

Examples in context always @(*) begin // watch out for glitches! a 1: assert (foo && bar || baz); end always @(posedge clk) begin a 2: assert property (foo && bar || baz); end default clocking @(posedge clk 2); endclocking; // Is a 3 equivalent to a 2? a 3: assert property (foo && bar || baz);

Agenda § § § Introduction: What Is An Assertion? SVA Overview Boolean Layer Sequence Layer Property Layer Gotchas

SVA assertion layers

Sequences § Usable only in concurrent assertion § Inherit clock from usage • Default clocking / procedure clock • Or clock of property that uses § Basic sequence operations • s 1 ##[m: n] s 2: delay <m>to<n> cycles (0 = overlap) • s 1[*m: n]: repeat from <m> to <n> times • s 1 or s 2: one sequence is true • s 1 and s 2: same start, both eventually true – s 1 intersect s 2: must both end on same cycle • bool throughout s 1: bool true for all of s 1

Sequence Examples foo ##1 bar ##1 baz (foo ##1 bar) or (foo ##1 baz) (foo ##1 bar)[*5] ##1 baz foo throughout (bar[*5] ##1 baz)

Sequence Examples foo ##1 bar ##1 baz § foo, then bar, then baz (foo ##1 bar) or (foo ##1 baz) § foo, then either bar or baz (foo ##1 bar)[*5] ##1 baz § foo bar 5 times, then baz foo throughout (bar[*5] ##1 baz) § foo = 1 during (bar 5 times and then baz)

Other Useful Building Blocks § In bounds, ‘$’ = infinity foo[*3: $] ##1 bar § Special system functions $past(sig) $rose(sig) $fell(sig) $stable(sig)

Named Sequences sequence s 1(a); a ##1 foo; endsequence § Then the following are equivalent a 1: assert property (s 1(bar) |-> baz) a 2: assert property ((bar ##1 foo) |-> baz));

Asserting a Sequence § What does this mean? assert property (foo ##1 bar); § Checks the sequence *every cycle* • Usually not useful! • Also expensive in simulation • Sequences mainly to help build properties § Negated sequence is very useful assert property (not(foo ##1 bar));

Agenda § § § Introduction: What Is An Assertion? SVA Overview Boolean Layer Sequence Layer Property Layer Gotchas

SVA assertion layers

Creating Properties § Basic operation: triggered implication seq |-> prop // overlapping seq |=> prop // non-overlapping § Trigger must be a sequence • Corresponds to intuition • Easy to check in simulation

Property Examples foo |=> bar foo ##1 bar |-> baz foo [*5] |-> not (bar ##1 baz) foo ##0 bar |-> $rose(baz)

Property Examples foo |=> bar § If we see foo, we see bar the next cycle foo ##1 bar |-> baz § If we see foo and then bar, we also see baz (same cycle as bar) foo [*5] |-> not (bar ##1 baz) § If we see foo 5 times, then if bar is true during the 5 th, baz will be false next cycle foo ##0 bar |-> $rose(baz) § If foo and bar are true at the same time, baz must have just risen

Named Properties § Similar to named sequences property p 1(e 1, e 2); e 1 |=> e 2; endproperty § The following are equivalent: • assert property (p 1(foo, bar)); • assert property (foo |=> bar);

Property operators § AND, OR, NOT available • Don’t confuse with boolean &&, ||, ! § Some examples: assert property (a |-> b) AND (a |-> c); assert property (NOT (a ##1 b)); assert property (p 1(a, b) OR (a |-> b));

Other Useful Building Blocks § $onehot ( expr ) • true if exactly one bit of the expression is high § $onehot 0 ( expr ) • true if at most one bit of the expression is high. § $isunknown (expr ) • true if any bit of expression is (4 state logic) X or Z. § $countones ( expr ) • counts the number of bits set in a bit vector

Agenda § § § Introduction: What Is An Assertion? SVA Overview Boolean Layer Sequence Layer Property Layer Gotchas

Immediate Assertions Are Glitchy! always @(a or b) a 1: assert (a==b); always @(a) b = a; § What is order of always blocks? • Can a 1 be evaluated twice?

Immediate Assertions Are Glitchy! always @(a or b) a 1: assert (a==b); always @(a) b = a; § What is order of always blocks? • Can a 1 be evaluated twice? Yes! • Order of blocks not defined in Verilog / SV • Solution in SVA 2009 (“deferred assertion”), but not there yet… Don’t use immediate assertions unless really needed! • If you have clock, why not use it: A 1: assert property (@(posedge clk) (a==b));

Watch Those Parentheses § SVA syntax is fussy • Legal: assert property (foo |=> bar); • Illegal: assert property foo |=> bar; § Good idea to group anyway • Extra layer of () usually can’t hurt • Why depend on order of ops?

AND vs INTERSECT § Two similar sequence ops § AND = same start seq 1 seq 2 § INTERSECT = same start and end seq 1 seq 2

Sequences vs Properties § A sequence is a property… BUT • The property is “sequence matched starting every cycle” • Don’t confuse “a ##1 b” (continuously checked) with “a |=> b” (only checked when a is true) – Exception: initial block § assert property @(posedge clk) (foo ##1 bar); // Useful? == foo is always true, and so is bar starting on cycle 2 Negated Sequences are properties, not sequences “This sequence is never matched” Sometimes useful– but remember, it’s no longer a sequence

Sequences vs Properties § A sequence is a property… BUT • The property is “sequence matched starting every cycle” • Don’t confuse “a ##1 b” (continuously checked) with “a |=> b” (only checked when a is true) – Exception: initial block § assert property @(posedge clk) (foo ##1 bar); // Useful? == foo is always true, and so is bar starting on cycle 2 § Negated Sequences are properties, not sequences • “This sequence is never matched” • Sometimes useful– but remember, it’s no longer a sequence

Be Careful With $stable, etc § $stable, $changed, $past see previous values § But what is “previous” at start of sim? • Default value for type, often X § So what does this property do? wire foo; A 1: assert property ($stable(foo)) A 1 claims foo is always X! Rethink property, add delay or reset Safer version: A 2: assert property (##1 $stable(foo));

Be Careful With $stable, etc § $stable, $changed, $past see previous values § But what is “previous” at start of sim? • Default value for type, often X § So what does this property do? wire foo; A 1: assert property ($stable(foo)) • A 1 claims foo is always X! • Rethink property, add delay or reset § Safer version: A 2: assert property (##1 $stable(foo));

Triggered Implication § How to read a |-> b? • “a implies b”? Not exactly. • “a triggers b”: Better! § Some consequences of this definition • Left side must be a sequence, not a property • Negated sequence cannot be the left side – Negated sequence is property, not sequence! • If you want a negated sequence to trigger property, need to rethink – assert property (!s 1) |-> p 1; // illegal – assert property (p 1 or s 1); // OK… but different

Negating Properties § What does not (a |-> b) mean? • Doesn’t mean: b never happens when a does • Does mean: sometime, a happens and b doesn’t § Discuss using followed-by (#-#) operator • not(a |-> b) rewritten as a #-# not b • Read as “At some point, ‘a’ is followed by ‘!b’”. • #-# not in language yet– don’t use in code! – Another 2009 extension

Make Assertions Part of the Design Process § Define standard assertion note // Assertion a 123: Check for legal grants; § Designer adds: spec, testplans, RTL • Assertion idea != interrupt thought flow • OK to add note if no time to write assertion § Assertion expert role • Scripts to collect assertion notes • Help designer implement/focus § Assertions: casual & easy • Pitfall: Treat as “out-of-band” process • Pitfall: Avoid requirements seen as penalty – “Must eventually prove X% formally”

References / Further Reading • http: //www. chipdesignmag. com/display. php? article. Id=1448&issue. Id=23 • http: //www. doulos. com/knowhow/sysverilog/tutorial/assertions/ • http: //www. cadence. com/rl/Resources/application_briefs/Vhowto_SVA_E • • Z_Start. Guide. pdf http: //www. toomuchsemi. com/Docs 1/SVAOverview. pdf https: //www. syosil. com/files/publications/bsnug 04_ecker_esen_kruse_ste ininger_jensen. pdf? PHPSESSID=fdcf 823 af 22 a 7 c 9 f 4 bddfa 13 b 8646915