2016 International Conference on Micro-Electronics and Telecommunication Engineering

SystemVerilog Assertion Based Verification of

AMBA-AHB
Prince Gurha1 R. R. Khandelwal2
Dept. of Electronics Dept. of Electronics
R.C.O.E.M, Nagpur R.C.O.E.M, Nagpur
princegurha.ecb@gmail.com richar.khandelwal@yahoo.com

Abstract—Assertion Based Verification (ABV) is one of the system-on-chip designs[2]. ABV is a technique in which
widely used verification technique to enhance the verification assertions are used to detect specific design behavior either
quality and reduce the debugging time of complex system-on-chip through simulation, formal verification or emulation of these
(SOC) designs in order to speedup the verification process. A assertions[1]. In today’s scenario, ABV plays an important
verification environment to verify an AMBA-AHB (Advanced role in the detection phase and has been well accepted among
High Performance Bus) by using SystemVerilog Assertion (SVA) the design and verification team. Assertions helps to detect the
is presented in this paper as it can easily be turned ON or OFF at failure and thus reduce the effort to establish the exact reason
any instant during simulation as needed. First the AMBA-AHB is of the failure[3]. Using AHB with assertions implemented on
modeled using 3 masters and 4 slaves in verilog language. This
the design can speed up the verification process. In
design is then verified using SVA binding construct in ModelSim.
Binding allows verification engineers to add assertions to design
verification process, debugging is categorized into three stages
without touching the design files. The different properties of i.e. error detection, error diagnosis and error correction.
AMBA-AHB and its corner cases properties are verified using SystemVerilog Assertion (SVA) is a type of ABV.
ModelSim and the total coverage report of the design is SystemVerilog Assertion is a formal specification and
calculated. In this paper, we define the assertions in separate verification language. It is also an integral part of
modules and use the BIND SystemVerilog feature to bind the SystemVerilog. SVA is a declarative language which has
assertion modules to the Verilog RTL modules. Here, we have
enormous control over time[4]. It is used to describe design
clear separation between the RTL modules and the assertion
properties unambiguously and precisely. SVA provides
modules.
several in-built functions to analyse certain design behavior
and also provides temporal domain functional coverage[5].
Keywords- Verification, AMBA-AHB, SVA, Bind, Assertion. SVA can’t be written directly into HDLs (Hardware
Description Languages) other than SystemVerilog, but tool
support for the use of SVA with other HDLs is possible
I. INTRODUCTION through binding directives and comment pragmas[4].
Verification is a very challenging task for the designer in Deploying assertions has several advantages which can
the whole design and verification cycle, because bugs which be summarized as below: SVA can easily be turned ON or
are uncovered in the earlier stages of the design carry on in the OFF at any instant during simulation, as needed. SVA is not
next stages of the design and later it is too complex to only used to debug pre-silicon violations, but is also extended
diagnose it[1]. Verification is a task of verifying whether our to debug post-silicon violations. SVA provides the capability
implementation matches with the micro-architectural to write assertions that ranges from system level to RTL level.
specifications or not. Any design is incomplete without proper It helps to detect bugs not easily observed at primary outputs.
verification of that design. Improve observability[2]. SVA supports multi-clock domain
crossing logic. Uses only concurrent assertion. The Concurrent
The time required for verifying the design is becoming assertions describe behaviour that spans over time. In a
monotonous as the complicacy of the chip design is increasing concurrent assertion evaluation is performed only at the
exponentially. Nowadays, about 70% of the design time is occurrence of a clock tick[6]. It is also used for the creation of
needed for developing the verification environment. Hence in complex properties[2].
this condition, it is important to reduce the verification time in
order to speed up the whole development process. But, on the The paper is presented as follow: Section II and III
other hand, the complicacy of the design makes it difficult to introduces the overall architecture of AMBA-AHB and its
cover all the corner cases in minimum time[1]. applications, Section IV gives detail about SVA building
block, its binding properties and also gives detail about
Therefore, to improve the design observability and to property description of AMBA-AHB using SVA properties,
detect and interpret its faults, Assertion Based Verification Section V gives Simulation results of AMBA-AHB and also
(ABV) is introduced. Assertion Based Verification is one of gives report of coverage analysis while Section VI concludes
the recommended verification techniques to enhance the the paper.
verification quality and reduce the debugging time of complex

978-1-5090-3411-6/16 $31.00 © 2016 IEEE 644

641
DOI 10.1109/ICMETE.2016.67
 II. ARCHITECTURE OF AMBA AHB A. AHB Master
The Advanced Microcontroller Bus Architecture (AMBA) It is used to initiate read and write operations by giving
is an open-standard, on Chip communication protocol for address and control information. At one time only single
designing high performance buses on low power devices. The master can access the bus. To initiate a transfer, it drives its
AHB is a pipelined bus, designed for high performance and bus request signal to high[7].
high bandwidth operations. It can support upto 16 bus masters
B. AHB Slave
and slaves. It consist of AHB-masters, AHB-slaves, an AHB-
arbiter and an AHB-decoder. The address bus can be upto 32 It is used for performing read and write operations. Slave
bit wide and the data bus can be upto 128 bit wide. There is a determines how the transfer should process after master has
single global clock[1]. started a transfer. Whenever the slave is accessed it must
provide a response which denotes the status of the transfer[7].
C. AHB Arbiter
Arbiter is the main controlling component in the design. It
is used to grant access to a particular master for the bus at a
time. In round robin arbitrations mechanism, the accesses to
the Bus is given to the masters as per there sequence. Round
robin arbiter gives 1st priority to the 1st master, 2nd to the 2nd
masters and so on. If two or more master is ready at a time it
always gives the priority to the first one. It likes first come
first serve basic [8].
D. AHB Decoder

The AMBA-AHB needs a single centralized decoder for

implementation of the bus. The decoder decodes the address
given by the master and selects the slave for the data transfer
process. The AHB decoder simply perform a direct decode of
the address bus[7].

• Transfer of signals from master to slave involves:

Fig. 1. Architecture of AMBA-AHB 1) HCLK: global clock signal.
Fig. 2. shows high-performance bus which nourish the 2) HWDATA: write data from Master to Slave.
external memory bandwidth, on which the high bandwidth 3) HRDATA: read data from Slave to Master.
external memory, on chip Memory and Direct Memory Access
(DMA) devices situated. It also provides a high bandwidth 4) HREADY: Ack signal from Slave to Master.
interface between the different components that are intricated 5) HADDR: target address for transfer[9].
in the bulk of transfers[1].

Fig. 3. Basic transfer

With respect to posedge of the clock, Master ‘X’ is putting
Fig. 2. Typical AMBA based microcontroller its address and control information. If it is write operation,
then data corresponds to first address comes to second clock
cycle. Simultaneously,the address for next location is coming.
III. COMPONENTS OF AMBA AHB This is a pipelining operation. Instead of wasting the address
bus we are utilizing the address bus. Therefore, data for the
The main components of AMBA-AHB are:
second address comes in next clock cycle. The HREADY is a

642
645
“ack” signal from the slave. If it is ready to receive data it CHECK #1:
makes ready signal high. If it is not ready to receive data it property DMA_INVALID_DMA_STATE; @(posedge clk)
makes ready signal low, so master will hold the same address disable iff ( ! reset)
and data. For read operation, data corresponds to first address (dma_disable==1'b1); endproperty
comes to second clock cycle and read data from slave to assert property(not DMA_INVALID_DMA_STATE);
master whenever HREADY is high[9].
CHECK #2:
IV. IMPLEMENTATION PROCESS property DMA_INVALID_DMA_REQUEST;
Verification is the process of reviewing, inspecting, @(posedge clk) disable iff ( ! reset)
testing, and documenting that the product behaves in a manner (ahb_slv_dmareq==1'b0); endproperty
as defined by the product requirement specification. assert property(not DMA_INVALID_DMA_REQUEST);
The process of implementation follows these steps: CHECK #3:
1) Design of RTL Module: Here, AMBA-AHB is modeled property DMA_INVALID_DMA_ACCESS;
using 3 masters and 4 slaves in verilog language. @(posedge clk) disable iff ( ! reset)
(slv1_en == 1'b0 && slv2_en == 1'b0 && slv3_en ==
2) Formation of SVA Properties: In any design model, the 1'b0 && slv4_en == 1'b0); endproperty
functionality is represented by the combination of multiple assert property(not DMA_INVALID_DMA_ACCESS);
logical events. These logical events are simple boolean
expressions which is assessed on the same clock edge or CHECK #4:
events that get assessed over a period of time involving property DMA_SUCCESS_PROPER_DMA;
@(posedge clk) disable iff ( ! reset)
multiple clock cycles[10]. SVA provides a key word to define
(slv1_grant==1'b1 || slv2_grant==1'b1 ||
these events called "sequence". A number of sequences can be
slv3_grant==1'b1 || slv4_grant==1'b1); endproperty
joined logically or sequentially to produce more complex
assert property(DMA_SUCCESS_PROPER_DMA);
sequences. SVA provides a keyword to define these complex
sequential behavior called "property". The property is verified
• Properties using Sequences:
during a simulation. SVA provides a keyword called "assert" CHECK #5:
to check the property[11]. property DMA_INVALID_GRANTS;
@(posedge clk) disable iff ( ! reset)
property_name: assert property ( @(sample_signal) disable sx |=> sy endproperty
iff ( expression) sequence sx; (hmaster==8'b00000000) ; endsequence
// optional disable condition sequence sy; (slv1_grant == 1'b0 && slv2_grant==1'b0
property_expression_or_sequence ); && slv3_grant == 1'b0 && slv4_grant==1'b0); endsequence
assert property(DMA_INVALID_GRANTS);
The steps involved in the creation of a SVA are:
• Controlling Assertions:
`ifdef ASSERT_ON
assert property(@(posedge clk) disable iff (! reset)
!(dma_disable==1'b1));
`endif;

`ifdef ASSERT_OFF
assert property(@(posedge clk) disable iff (! reset)
!(dma_disable==1'b1));
`endif;
3) Binding of RTL Module to the Property Module: To
facilitate verification separate from design, it is possible to
specify properties and bind them to specific modules or
Fig. 4. SVA building block instances. It permits verification engineers to verify with
minimum changes to the design files. No semantic changes to
• Property Description of AMBA using SVA Properties: the assertions are introduces due to this feature. Other
Based on the protocol description of the AMBA-AHB, the advantage of keeping assertions in a separate file is that they
following SVA checks can be extracted. These properties can be independently verified without the need to have control
checks basic transfer of signals from master to slave and of RTL files. A big advantage when you want to make sure
vice-versa. Creating such intermediate expressions makes that both the design and verification progress in parallel[12].
the SVA checkers more readable.

643
646
Binding of two different modules: 2) Corner Cases of AMBA-AHB using SVA: Assertion can
also be used to verify the corner cases of the design. Corner
module dma ( a, b, c) // module containing the design cases are those cases that are hard to find, which occurred very
rarely. E.g. for arbiter corner cases are arbiter generating
< RTL Code > grants when there is no request to the arbiter. The following
endmodule table describes some of the SVA properties that are used to
verify the corner cases for AMBA-AHB using assertion based
module dma_property ( a, b, c) //module containing properties verification.
< Assertion Properties >
TABLE II. CORNER CASES
endmodule
Bind dma dma_property dma_inst_1(a, b, c); //module that S.No. Property Description Status
binds design module to property module
1. Arbiter does not gives grant to any master even if FAIL
• dma and dma_property are the module name. it is free.
2. Master_1 does not send a request to arbiter but FAIL
• dma_inst_1 is dma_property instance name. arbiter sends a grant to master_1
3. Slave_1 never inform the arbiter that it is now able FAIL
• Ports (a, b, c) gets bound to the signals (a, b, c) of the to service master_1
4. Even after Slave_1 has informed its ability to FAIL
module dma[12]. service Master_1, the arbiter ignores the bus
1) Assertion Based Verification of AMBA-AHB using request from Master_1 forever.
Different SVA Properties: The different properties of AMBA-
AHB are verified by writing assertion for the properties and
verified it using ModelSim. The following table describes V. SIMULATION RESULTS OF AMBA AHB
some of the SVA properties that are verified for the AMBA- Here the dma1, dma2 and dma3 acts as the 3 masters and
AHB design. The AMBA-AHB is verified by 8 properties slv1, slv2, slv3 and slv4 acts as the 4 slaves of the design. Fig.
which are described below: 5 (a) shows the read and write operation of the bus, and the
data transfer between the master and slave. It shows that at
TABLE I. VERIFICATION OF AMBA AHB any one clock cycle any one master can transfer the data. The
data is first written into the memory by making the signal
S.No. Property Description Status data-in high for that master and then memory read the data by
making the data-out signal high, the destination slave read the
1. Master is in valid state. PASS data from the memory. The data is written into the address bus
(!dma_disable==1'b1)
Fault: Master is in invalid state.
and data is read from the data bus of the design. Here in our
FAIL
2. Arbiter gives grant signal to master_2 and PASS case we take a 8 bit data.
master_2 sends the data to the destination.
Fault: Arbiter gives the grant signal to master_2,
but it fail to transfer the data to the destination. FAIL
3. Arbiter gives grant signal to master_3 and PASS
master_3 sends the data to the destination.
Fault: Arbiter gives the grant signal to master_3,
but it fail to transfer the data to the destination. FAIL
4. Slave_1 request for bus master while other slaves PASS
are idle.
Fault: Slave_1 does not respond to the read/write FAIL
operation of its master.
5. Slave_2 request for bus master while other slaves PASS
are idle.
Fault: Slave_2 does not respond to the read/write FAIL
operation of its master.
6. Slave_3 request for bus master while other slaves PASS
are idle.
Fault: Slave_3 does not respond to the read/write FAIL
operation of its master.
7. Slave_4 request for bus master while other slaves PASS
are idle.
Fault: Slave_4 does not respond to the read/write FAIL
operation of its master.
8. Master_1 makes its bus request signal high and PASS
drives the address and control information to the
bus.
Fault: Master_1 does not response to the signal FAIL Fig. 5(a). Simulation of AMBA-AHB
from slave_1

644
647
If a design has been compiled with assertion, we can view the VI. CONCLUSION
assertion waveform in wave window. As shown in the fig. SystemVerilog Assertion (SVA) ensure true assertion based
5(b). and fig. 5(c). The left column of the figure shows the verification integrated into Verilog/SV language. Assertion
name of assertion directive and the name of each directive have full visibility to all design code, do not hide in comments
comes from assertion code. as in PSL. Binding permits verification engineers to add
assertions to design without touching the design files. SVA are
a team effort some assertions are written by the design team
and some are written by the verification team. We design the
AMBA-AHB in Verilog language and obtained coverage of
80.3% using 20 number of assertions written in SVA and
verified in ModelSim. First the AMBA-AHB bus is designed
using 3 masters and 4 slaves in verilog language. This design
is then verified using SVA bind construct. The different
properties of AMBA-AHB and its corner cases properties are
verified using ModelSim and the total coverage report of the
design is calculated.
Fig. 5(b). Simulation of Assertions
REFERENCES
[1] Akshay Mann, Ashwani Kumar,” Assertion Based Verification of
AMBA-AHB Using Synopsys VCS®”International Journal of Scientific
& Engineering Research, Volume 4, Issue 11, November-2013 ISSN
2229-5518).
[2] Mostafa, Moaz, Mona Safar, M. Watheq El-Kharashi, and Mohamed
Dessouky. "System Verilog Assertion Debugging Based on
Visualization, Simulation Results, and Mutation", 2014 15th
International Microprocessor Test and Verification Workshop, 2014.
[3] P.P. Chakrabarti. "H-DBUG: A High-level Debugging Framework for
Protocol Verification using Assertions", 2005 Annual IEEE India
Conference - Indicon, 2005.
[4] PSL AND SVA: TWO STANDARD ASSERTION LANGUAGES
ADDRESSING COMPLEMENTARY ENGINEERING NEEDS John
Fig. 5(c). Simulation of Assertions Havlicek, Freescale Semiconductor, Inc., Austin, TX Yaron Wolfsthal,
IBM Haifa Research Lab, Haifa, Israel.
[5] SystemVerilog Assertions and Functional Coverage,2014.
TABLE III. ASSERTIONS REPORT [6] Sonny, Ashley T, and S. Lakshmiprabha. "OVL, PSL, SVA: ABV using
checkers and standard assertion languages" 2013, International
Conference on Advanced Computing and Communication Systems,
2013.
[7] Divekar, Shraddha, and Archana Tiwari. "Interconnect matrix for
multichannel AMBA AHB with multiple arbitration technique", 2014
International Conference on Green Computing Communication and
Electrical Engineering (ICGCCEE), 2014.
[8] M. Conti, M. Caldari, G.B. Vece, S. Orcioni, C. Turchetti, “Performance
Analysis of Different Arbitration Algorithms of the AMBA AHB Bus”,
in Proc. of IEEE Conference on Design Automation , 2004, San Diego,
USA, pp. 618 – 621.
TABLE IV. shows coverage analysis of AMBA-AHB using [9] M.J. Dougherty. "A SEM-E module avionics computer with PI-Bus
backplane communication", IEEE Conference on Aerospace and
different number of assertions. As the number of assertions Electronics, 1990.
increases, the overall coverage increases. Four assertions are
[10] Sonny, Ashley T, and S. Lakshmiprabha. "OVL, PSL, SVA: Assertion
used initially giving the coverage of 27.5%. As the number of based verification using checkers and standard assertion languages",
assertions increments to twenty, the coverage report increased 2013 International Conference on Advanced Computing and
to 80.3%. Communication Systems, 2013.
[11] Ashok B. Mehta Los Gatos, CA USASystemVerilog Assertions and
TABLE IV. COVERAGE REPORT Functional Coverage, Guide to Language, Methodology and
Applications, ISBN 978-1-4614-7323-7 ,DOI 10.1007/978-1-4614-
7324-4 Springer New York Heidelberg Dordrecht London
[12] "Introduction to SVA", A Practical Guide for SystemVerilog Assertions,
2005, Microprocessor Systems, 1995 & Understanding Behavioral
Synthesis, 1999 & ARM Ltd., AMBA specification (rev. 2) 1999.

645
648