Course Assertion-based Verification Session3 Introduction to Systemverilog Assertions Hfoster
description
Transcript of Course Assertion-based Verification Session3 Introduction to Systemverilog Assertions Hfoster
[email protected] | www.verificationacademy.com
Assertion-Based Verification Introduction to SVA
Harry Foster Chief Scientist Verification
Session Overview
After completing this session you will. . .
• Learn the structure of the SVA language • Lean how to construct sequence • Lean how to construct properties
© 2014 Mentor Graphics Corporation, all rights reserved.
Specifying Design Intent
Assertions allow us to specify design intent in a way that lends itself to automation
// Assert that the grants for our simple arbiter are mutually exclusive
Arbiter req0 req1
clk reset_n grant0
grant1
© 2014 Mentor Graphics Corporation, all rights reserved.
(grant0 & grant1) // error condition
Arbiter req0 req1
clk reset_n grant0
grant1
For our arbiter example, we can write a Boolean expression for the error condition, as follows:
Identifying the Error Condition
© 2014 Mentor Graphics Corporation, all rights reserved.
Checking the Error Condition before Assertions
• Doesn’t lend itself to automation. module arbiter (clk, rst_n, req0, req1, grant0, grant1); . . . always @(posedge clk or negedge rst_n) begin if (rst_n != 1’b0) if (grant0 & grant1) $display (“ERROR: Grants not mutex”); . . .
endmodule
Error Condition Boolean
Expression
© 2014 Mentor Graphics Corporation, all rights reserved.
error
assert property ( @(posedge clk) disable iff (rst_n) !(grant0 & grant1));
grant0 and grant1 must be mutually exclusive
IEEE 1800 SystemVerilog Mutex Example
grant0
clk
grant1
© 2014 Mentor Graphics Corporation, all rights reserved.
SVA Language Structure
• Checker packaging • assert, assume, cover
• Specification of behavior;
desired or undesired • How Boolean events are
related over time
• True or false Boolean Expressions
Sequences (Sequential Expressions)
Properties
Directives (assert, cover)
Assertion Units
© 2014 Mentor Graphics Corporation, all rights reserved.
Boolean Expressions
Sequences (Sequential Expressions)
Properties
Directives (assert, cover)
Assertion Units
SVA Language Structure
rst_n
!(grant0 & grant1)
clk
error
assert property (@(posedge clk) disable iff (~rst_n) !(grant0 & grant1));
© 2014 Mentor Graphics Corporation, all rights reserved.
Boolean Expressions
Sequences (Sequential Expressions)
Properties
Directives (assert, cover)
Assertion Units
SVA Language Structure
rst_n
!(grant0 & grant1)
clk
error
assert property (@(posedge clk) disable iff (~rst_n) !(grant0 & grant1));
© 2014 Mentor Graphics Corporation, all rights reserved.
Boolean Expressions
Sequences (Sequential Expressions)
Properties
Directives (assert, cover)
Assertion Units
SVA Language Structure
rst_n
!(grant0 & grant1)
clk
error
assert property (@(posedge clk) disable iff (~rst_n) !(grant0 & grant1));
© 2014 Mentor Graphics Corporation, all rights reserved.
SVA Language Structure
assert property (@(posedge clk) disable iff (~rst_n) !(grant0 & grant1));
• SVA provides a mechanism to asynchronously disable a property during a reset using the SVA disable iff clause
© 2014 Mentor Graphics Corporation, all rights reserved.
SVA Language Structure
Sequences
• So far we have examined simple assertions • A Boolean expression must hold at every clock
• We now we introduce SVA sequences • Multiple Boolean expressions are evaluated
in a linear order of increasing time
Boolean Expressions
Sequences (Sequential Expressions)
Properties
Directives (assert, cover)
Assertion Units
© 2014 Mentor Graphics Corporation, all rights reserved.
SVA Language Structure
start
clk
transfer
start ##1 transfer
• Sequence • Temporal delay ## with integer
© 2014 Mentor Graphics Corporation, all rights reserved.
SVA Language Structure
start
clk
transfer
start ##2 transfer
• Sequence • Temporal delay ## with integer
© 2014 Mentor Graphics Corporation, all rights reserved.
SVA Language Structure
start
clk
transfer
start ##[0:2] transfer
• Sequence • Temporal delay ## with range [m:n]
© 2014 Mentor Graphics Corporation, all rights reserved.
SVA Language Structure
start
clk
transfer
start ##[0:2] transfer
• Sequence • Temporal delay ## with range [m:n]
© 2014 Mentor Graphics Corporation, all rights reserved.
SVA Language Structure
start
clk
transfer
start ##[0:2] transfer
• Sequence • Temporal delay ## with range [m:n]
© 2014 Mentor Graphics Corporation, all rights reserved.
SVA Language Structure
start
clk
transfer
start[*2] ##1 transfer
• Sequence • Consecutive repetition [*m] or range [*m:n] • Use $ to represent infinity
© 2014 Mentor Graphics Corporation, all rights reserved.
• Sequence • Consecutive repetition [*m] or range [*m:n] • Use $ to represent infinity
SVA Language Structure
start
clk
transfer
start[*1:2] ##1 transfer
© 2014 Mentor Graphics Corporation, all rights reserved.
• Sequence • Consecutive repetition [*m] or range [*m:n] • Use $ to represent infinity
SVA Language Structure
start
clk
transfer
start[*1:2] ##1 transfer
© 2014 Mentor Graphics Corporation, all rights reserved.
SVA Language Structure
start
clk
transfer
start[*1:2] ##1 transfer
Note: This also matches the sequence specification!!!!
• Sequence • Consecutive repetition [*m] or range [*m:n] • Use $ to represent infinity
© 2014 Mentor Graphics Corporation, all rights reserved.
SVA Language Structure
start
clk
transfer
start[=2] ##1 transfer
• Sequence • Non-consecutive repetition [=m] or [=m:n]
[*0:$] represents zero to infinity
start[=2] !start[*0:$] ##1 start ##1 !start[*0:$] ##1 start ##1 !start[*0:$]
© 2014 Mentor Graphics Corporation, all rights reserved.
SVA Language Structure
start
clk
transfer
start[->2] ##1 transfer
start[->2] !start[*0:$] ##1 start ##1 !start[*0:$] ##1 start
[*0:$] represents zero to infinity
• Sequence • Goto non-consecutive repetition [->m] or [->m:n]
© 2014 Mentor Graphics Corporation, all rights reserved.
SVA Language Structure
Boolean Expressions
Sequences (Sequential Expressions)
Properties
Directives (assert, cover)
Assertion Units
• Properties
© 2014 Mentor Graphics Corporation, all rights reserved.
SVA Language Structure
ready ##1 start |-> go ##1 done
ready clk
start go
done
assertion property ( @(posedge clk) ready ##1 start |-> go ##1 done );
• Properties • Overlapping sequence implication operator |->
© 2014 Mentor Graphics Corporation, all rights reserved.
• Properties • Non-overlapping sequence implication operator |=>
SVA Language Structure
ready ##1 start |=> go ##1 done
ready clk
start go
done
NOTE: A |=> B is the same as A |-> ##1 B © 2014 Mentor Graphics Corporation, all rights reserved.
• Asserting that an arbiter is fair • To be fair, a pending request for a particular client should never
have to wait more than two arbitration cycles
• Otherwise, the arbiter unfairly issued multiple grants to a different client
Fair Arbitration Scheme Example
Arbiter req[0]
req[1]
gnt[0]
gnt[1]
© 2014 Mentor Graphics Corporation, all rights reserved.
Fair Arbitration Scheme Example
gnt[0]
req[0]
clk
gnt[1]
Arbiter req[0] req[1]
gnt[0] gnt[1]
a_0_fair:
assert property (@(posedge clk) disable iff (reset_n) not ( $rose(req[0]) ##1 (!gnt[0] throughout (gnt[1])[->2])));
© 2014 Mentor Graphics Corporation, all rights reserved.
• Named properties and sequences • To facilitate reuse, properties and sequences can be
declared and then referenced by name • Can be declared with or without parameters
SVA Language Structure
sequence s_op_retry; (req ##1 retry); endsequence
sequence s_cache_fill(req, done, fill); (req ##1 done [=1] ##1 fill); endsequence
© 2014 Mentor Graphics Corporation, all rights reserved.
• Named properties and sequences
SVA Language Structure
sequence s_op_retry; (req ##1 retry); endsequence
sequence s_cache_fill(rdy, done, fill); (rdy ##1 done [=1] ##1 fill); endsequence
assert property ( @(posedge clk) disable iff (!reset_n) s_op_retry |=> s_cache_fill (my_rdy,my_done,my_fill));
© 2014 Mentor Graphics Corporation, all rights reserved.
• Named properties and sequences SVA Language Structure
property p_en_mutex(en0, en1); @(posedge clk) disable iff (~reset_n) ~(en0 & en1); endproperty assert property (p_en_mutex(en[0], en[1]));
© 2014 Mentor Graphics Corporation, all rights reserved.
• Action blocks • An SVA action block specifies the actions that are
taken upon success or failure of the assertion • The action block, if specified, is executed immediately
after the evaluation of the assert expression
SVA Language Structure
assert property ( @(posedge clk) disable iff (reset) !(grant0 & grant1) ) else begin // action block fail statement $error(“Mutex violation with grants.”); end
© 2014 Mentor Graphics Corporation, all rights reserved.
• System functions SVA Language Structure
• $onehot (<expression>) - Returns true if only one bit of the expression is high
• $onehot0 (<expression>) - Returns true if at most one bit of the expression is high
• $isunknown (<expression>) - Returns true if any bit of the expression is X or Z - This is equivalent to ^<expression> === ’bx
© 2014 Mentor Graphics Corporation, all rights reserved.
• System functions SVA Language Structure
• $rose( expression )
• $fell( expression )
• $stable( expression )
• $past( expression [, number_of_ticks] )
© 2014 Mentor Graphics Corporation, all rights reserved.
• You must be precise when specifying!
The need for $rose system function
start
clk
transfer
assertion property ( @(posedge clk) start |-> ##2 Transfer);
© 2014 Mentor Graphics Corporation, all rights reserved.
• You must be precise when specifying!
Eliminates multiple matches
start
clk
transfer
assertion property ( @(posedge clk) $rose(start) |-> ##2 Transfer);
$rose(start) is a short cut for the sequence !start ##1 start © 2014 Mentor Graphics Corporation, all rights reserved.
• Some assertions require additional modeling code • In addition to the assertion constructs
Introduction to SVA
// Assert that the FIFO controller cannot overflow nor underflow
put get
data_in
clk rst_n
data_out
FIFO
full empty
Controller
clk rst_n
© 2014 Mentor Graphics Corporation, all rights reserved.
// assertion modeling code – not part of the design `ifdef ASSERT_ON int cnt = 0; always @(posedge clk) if (!rst_n) cnt <= 0; else cnt <= cnt + put – get; // assert no overflow assert property (@posedge clk disable iff (!rst_n) !((cnt + put – get) > `DEPTH)); // assert no underflow assert property (@posedge clk disable iff (!rst_n) !((cnt + put) < get)); `endif
Introduction to SVA
© 2014 Mentor Graphics Corporation, all rights reserved.
SVA Does and Don’ts • Never assert a sequence!
assert property (@posedge clk) (req ##1 grnt ##1 done));
• This says every clock we see req, followed by gnt, followed by done •
• The correct way to do this is with an implication operator:
assert property (@posedge clk) (req |=> grnt ##1 done));
• It’s ok to cover a sequence • It’s ok to assert a forbidden sequence using not
assert property (@posedge clk) not (req ##1 grnt ##1 done)); © 2014 Mentor Graphics Corporation, all rights reserved.
Session Recap
In this session we discussed. . .
• The structure of the SVA language • How to construct sequences • How to construct properties
© 2014 Mentor Graphics Corporation, all rights reserved.
Training and Consulting Resources • Mentor Graphics Training
• Scalable Verification Courses - A wide range of instructor led classes - Located in public training centers in major cities or onsite at your workplace - Web-based events with live instructors are also available.
• Mentor Graphics Consulting • Questa® Verification Methodology JumpStart • Knowledge-Sourcing Model
- Infuse knowledge into your organization while addressing your immediate product development challenges
© 2014 Mentor Graphics Corporation, all rights reserved.
Other Resources
• Assertion-Based Design • Harry Foster, Adam Krolnik, David Lacey • Springer, 2004
• Creating Assertion-Based IP • Harry Foster, Adam Krolnik • Springer, 2008
© 2014 Mentor Graphics Corporation, all rights reserved.
[email protected] | www.verificationacademy.com
Assertion-Based Verification Introduction to SVA
Harry Foster Chief Scientist Verification