ASSERTIONS

Page 1 of 2

Copyright 2010., Kacper Technologies Pvt Ltd. All Rights Reserved

WHAT IS ASSERTION?
An Assertion in the context of a programming language is a statement that validates assumptions or checks conditions in a program. A piece of verification code to validate behaviour, coverage goals and

constraints of a design.
EXAMPLES:
Write will follow read after 6 clock cycles. FIFO must never overflow. Read and Write should not happen at same clock cycle. Checking Reset condition in SONET when data is valid. A signal must never become unknown.

Benefits of Assertions?
In traditional verification approach we will inject random stimulus into the DUT and checks result at output. For complex designs coverage and debugging is harder.

Assertions

comes

here

to

improve

the

verification process.

Benefits of Assertions Cont

Supports Multi-Clock domain crossing logic.
Assertions can be written to check clock domain crossing logic. Great check while data crossing clock domains

Increases bug detection possibility at RTL level. Reduces time to develop. Great help in debug for large nightmare design random tests. Open verification libraries Instantiate libraries in your design, connect the signals and verify your design.

Why not Verilog? Why SystemVerilog?

Consider the following bus protocol specification: When FRAME is asserted LDF i.e last data face must go low with

in 2 clock cycles.
FRAME LDF CLK

SV Assertion

Why not Verilog? Why SystemVerilog? Cont

Verilog Assertion

Why not Verilog? Why SystemVerilog? Cont

Verilog
SystemVerilog

Procedural : Dont have good control over time. Difficult to test for parallel events in the same time period. Verbose - If Assertions increases it becomes difficult to handle No Functional coverage - No built-in mechanism for coverage.

Declarative language - Gives excellent control over time. More built-in functions. Provides constructs to collect functional coverage.

Who writes Assertions? And Where?

Both design engineer and verification engineers writes Assertions in their respective domains. THE DESIGNER!! At micro architectural level design to check correctness of the designers intent. Rule of thumb and every assumption is an assertion. Added as facts about the design as they are recognized.

THE VERIFICARTION ENGINEER!!

At macro architectural level. Verification engineers may need to tutor the designer early in the project.

Who writes Assertions? And Where? Cont

RTL level Assertions. Example: One hot encoding in FSM. FIFO overflow. Capture designers concept of critical corner cases for verification.

Interface level Assertions.

Chip interface level Assertions. Performance level based Assertions

LANGUAGE HIERARCHY

DIRECTIVES (assert, assert property, assume property, cover property)

PROPERTIES (property, not, implication), disable iff)

SEQUENCES (Sequence, and, or, intersect, throughout, within,cycle delay, repetition, ended, first_match)

BOOLEAN EXPRESSIONS (<logical, arithmetic expression>,$past, $countones, $rose, $fell)

Assertion based Verification Flow

Capture Assertions FEATURE LIST

Verify Assertions / Design FAIL Debug DUT Specification

PASS

ASSERTION Coverage

Fix RTL Bug

Fix Stimulus: (Constraint, Test bench, Assertions)

Types of Assertions
Two types of assertions defined in the SVA.

Immediate Assertions
Concurrent Assertions

Immediate Assertions:
These are event driven and procedural in nature Mainly used in simulation block Based on clock cycles Evaluated in Observed region

Immediate Assertions
An assertion is basically a statement that something must be true, similar to if statement. Expression is non temporal.

If assert evaluates to X, Z or 0, then the assertion fails and the simulator

writes an error message.

If an expression is not true and it does not have an associated else part,

verification tools automatically register that as an error.

Immediate Assertions (Cont..)

Assertion severity level system tasks. $fatal - Run time fatal (quit Simulation) $error - Run time error. Default according to LRM 3.1a. Vendor specific line commands can change this behavior $warning Run time warning

$info Means this assertion carries no specific severity.

When we set property and if we wont specify failure case of the property, then by default language dictates simulator should give

error as $error severity level.

Uniformity through out the project, if once you decide certain rules what kind of error messages if should give. Easier to debug!!!

Immediate Assertions (Cont..)

Immediate assertion Example:

Concurrent Assertions
Immediate assertion describes a logic behaviour at an instant of time, where a concurrent assertion detects a behaviour over time to be specified. The variables used in a concurrent assertion are sampled in the Preponed region of a time slot and the assertions are evaluated during the Observe region. Both these regions occur immediately before a clock edge. Concurrent assertions are checked throughout simulation. They usually appear inside procedural block or with in a module.

Concurrent assertions may also be used as statements in initial or always blocks. A

concurrent assertion in an initial block is only tested on the first clock tick.

Concurrent Assertions cont...

The first assertion example shown below does not contain a clock. Therefore it is checked at every point in the simulation. The second assertion is only checked when a rising clock edge has occurred, the values of Req and Ack are sampled on the rising edge of Clock.

In concurrent assertion there are three main components. Sequence Property Assert - property

Concurrent Assertions cont...

Sequence :
In any design, functionality is represented by the combination of

multiple logical events.

These events could be simple Boolean expressions that get evaluated on the same clock edge or could be events that evaluate over a period of time involving multiple clock cycles. SVA provides a key word to represent these events called "sequence." The basic syntax of a sequence is as follows.

Concurrent Assertions cont...

Sequences (cont..):
Sequence s1 checks that the data signal is high on every positive edge of the clock. If data signal is not high on any positive clock edge, the assertion will fail. Concurrent assertions use the values sampled in the "preponed" region of the scheduler. For example , 5th clock cycle positive edge data goes low here, 6th clock cycle positive edge captures this as shown below.

Concurrent Assertions cont...

Sequence with edge :
Sequence s2 checks that the data signal transitions to a value of 1 on every

positive edge of the clock. If the transition does not occur, the assertion will fail.
At clock cycle 2, the sampled value of data signal within the sequence is 1. A transition of value from 0 to 1 is a rising edge and hence, the sequence s2

succeeds in clock cycle 2. Another succeed is shown at 7th clock cycle.

cont... Concurrent Assertions (Cont..)

Sequence with logical relationship Sequence with logical relationship
Sequence seq checks that on every positive edge of the clock, either signal sig1" or signal sig2" is high. If both are low, the assertion will fail.

Sequence Expressions
Define formal arguments in a sequence definition and re-use the same sequence for other signals in design that have similar behavior. For example,

Concurrent Assertions cont...

Sequence Expressions (Cont..)
Sequences of Boolean expressions can be described with a specified time step in-

between.
Consider the following example at pose edge of clock a should be high, after two clock cycles b should be high, after four clock cycles c should be high and

z should be high with in one to five clock cycles.

Concurrent Assertions cont... Concurrent Assertions (Cont..)

Sequence Replication operators: Sequence with logical relationship
Consecutive Repetition Operator [* ] To specify that a signal or a sequence will match continuously for the number of specified clocks. A hidden delay of one clock cycle is assumed between each match of the signal. Syntax: signal or sequence [* n] "n" is the number of times the expression should match repeatedly.

a ##2 b [*5] ##6 c

s1 [*4] (s1 ##1 s2) [*3] a [*3] s1[*2:$]

a ##2 b ##1 b ##1 b ##1 b ##1 b ##6 c

s1##1 s1##1 s1 ## 1 s1 (s1 ##1 s2) ##1 (s1 ##1 s2) ##1 (s1 ##1 s2) a ##1 a ##1 a means s1 occurs at least 2 times

Concurrent Assertions cont...

Sequence Replication operators Cont..
Goto Repetition Operator [-> ]

This operator specify that an expression will match the number of times
specified not necessarily on continuous clock cycles. Syntax: signal [->] The Boolean expression y has been true 4 times, but not necessarily on successive clocks x has been true 4, 5, 6 or 7 times, not necessarily on consecutive clocks The Boolean expression y has been true thrice, not necessarily on consecutive clocks, 1st occurrence of y happens after 3 clocks cycles of x. The last one occurs 6 clock cycles before z.

y [->4] x [->4:7] x ##3 y [->3] ##6 z

Concurrent Assertions cont...

Sequence Replication operators Cont..
Non-consecutive Repetition Operator [= ]

This is very similar to "go to" repetition except that it does not require that the
last match on the signal repetition happen in the clock cycle before the end the

entire sequence matching. Only expressions are allowed to repeat in "go to" and "nonconsecutive repetitions. Sequences are not allowed. Syntax: Signal [= n] The Boolean expression y has been true 4 times, but not necessarily on successive clocks and there may be additional clock cycles after the last true y before the sequence completes. x has been true 4,5,6 or 7 times, once again not necessarily on consecutive clocks, and with possible additional clocks after words when x is not true. y [=4]

x [=4:7]

Concurrent Assertions cont...

Sequence Match Operators
The "and" construct

The binary operator "and" can be used to combine two sequences logically. The final property succeeds when both the sequences succeed. The result of and operation is a match, if Both sequences must start at the same time. Sequences may end at different times. The end time of the match i.e. when the match is recognized is the end time of the longer sequence.
A B t1 t1 t5 t7

A,B Match at t7

CLK

Concurrent Assertions cont...

Sequence Match Operators (Cont..)
The INTERSECT operator The result of intersect operation is a match, if They satisfy all the criteria of a match with and operator. Additionally, the sequences must have the same ending time. Both sequences A and C start and end at the same times (t1 and t5). So, (A intersect B) is a match at time t5.

D
C B A t1

t2 t7

t8

t1
t1

t5
t5

A,B Match at t5

CLK

Concurrent Assertions cont...

Sequence Match Operators (Cont..)
The OR operator The binary operator "or" can be used to combine two sequences logically. The final property succeeds when any one of the sequence succeeds. The sequence B matches (or, it ends) at time t7. The sequence A matches at time t5. So the sequence A or B has a match at times t5 and t7.

B A CLK

t1

t7 A,B Matches at t5,t7

t1

t5

Concurrent Assertions cont...

Sequence Match Operators (Cont..)
The FIRST_MATCH operator The construct "first_match" ensures that only the first sequence match is used and the others are discarded. This becomes very help fill when combining multiple sequences together wherein only the first match in the timing window is required to evaluate the remaining part of the property. first_match(A or B) produces a match only at time t4. A,B Matches at t4

B A CLK

t1

t6

t1

t4

Concurrent Assertions cont...

Sequence Match Operators (Cont..)
The THROUGHOUT operator Throughout operator is used to make sure that certain condition holds true during the evaluation of the entire sequence. The simple syntax of a throughout operator is shown below. Syntax: (expression) throughout (sequence definition) Here the signal sig1 goes low for the duration of the sequence A. So, (~sig1) throughout A is a match is this case. However, the signal sig2 is high only after the sequence A starts. So, there is no match for the sequence sig2 throughout A.

Concurrent Assertions cont...

Sequence Match Operators (Cont..)
The WITHIN operator The "within" construct allows the definition of a sequence contained within another sequence. Syntax: seql within seq2 This means that seql happens within the start and completion of seq2. The starting matching point of seq2 must happen before the starting matching point of seql. The ending matching point of seql must happen before the ending matching point of seq2.. In the above figure B within A is a match during the time when B is a match, but A within B is never a match.

Concurrent Assertions cont...

Sequence Match Operators (Cont..)
The .ended method

The ended is a method on a sequence that returns a true value, if the

sequence ends on that clock tick, or false, if the sequence still matches. If seq is a sequence, seq.ended denotes the end of the sequence seq. If

seq has formal arguments, say, a, b and c, the end of seq is denoted by
s1(a, b, c).ended.

Concurrent Assertions cont...

Property:
Number of sequences can be combined logically or sequentially to create more complex sequences. SVA provides a key word to represent these complex sequential behaviors called "property." The basic syntax of a property is as follows.

Concurrent Assertions cont...

Assert Property:

The property is the one that is verified during a simulation. It has

to be asserted to take effect during a simulation. SVA provides a key word called "assert" to check the property.

Assert statements produce results that are visible externally.

The basic syntax of an assert is as follows.

Concurrent Assertions cont...

Assert property (cont..)
An assert either succeeds, fails or remain incomplete. A property can also be forbidden from happening. We expect the property to be false always. If the property is true, the assertion fails.

Assertion used as check

Assertion used as forbid

Concurrent Assertions cont...

Assert property (cont..)
An assertion can have action blocks. But action blocks can not have assert statement.
Example:

Concurrent Assertions cont...

Assertion Clocking
Concurrent assertions (assert property and cover property statements) use a generalized model of a clock and are only evaluated when a clock tick occurs. Everything in between clock ticks is ignored. This model of execution corresponds to the way a RTL description of a design is interpreted after synthesis. The clock for a property can be specified in several ways: Explicitly specified in a sequence:

Concurrent Assertions cont...

Assertion Clocking (Cont..)
Explicitly specified in the property:

Explicitly specified in the concurrent assertion:

Inferred from a procedural block:

Concurrent Assertions cont...

Assertion Clocking (Cont..)
Handling Asynchronous Resets: In the following example, the disable iff clause allows an asynchronous reset to be specified. This assertion means that if Reset becomes true at any time during the evaluation of the sequence, then the attempt for p1 is a success. Otherwise, the sequence b ##1 c must never evaluate to true.

Concurrent Assertions cont...

Example :
At any positive edge of clock, If enable is High, write is high and read is High 2 clocks later.

Concurrent Assertions cont...

Example :
With formal arguments:

Concurrent Assertions cont...

Binding Properties :

Concurrent Assertions cont...

Binding Properties (Cont..) :

Delays
Fixed time window ## n - n clock cycles delay n can be zero (no delay) Must be a positive integer a ## 1 b - This means b starts one clock after a ends. a ##2 b.ended - This means b completes 2 clock ticks after a completes Fixed Time interval ## [m : n] With in m to n clock cycles delay ## [1:3] With in 1 to 3 clock cycles delay n must be greater than m Indefinite timing window ## [1 : $] Between one clock cycle and end of the simulation This is called the "eventuality" operator.

SVA Checker using parameters

This gives great flexibility in creating re-usable properties. For example, the delay information between 2 signals can be parameterized within the checker and then the checker can be re-used in a similar situation elsewhere in the design with different timing relationships.

Implication operators
Implication operators only used inside the property. Two types of operators Overlapping ( Non overlapping ( ) )

Overlapping If enable is high at posedge of clock write should be high at same positive edge of clock and read must be high 2 clock cycles later.

Level Sensitive

Implication operators (Cont..)

Non-Overlapping :

For non-overlapped implication, the first element of the consequent

sequence expression is evaluated on the next clock tick. If enable is high at posedge of clock write should be high at next positive

edge of clock and read must be high 2 clock cycles later.

Implication operators (Cont..)

Implication with a sequence as an antecedent
Property prp1 has a signal in the antecedent position. If signal "a" and signal "b" are

detected to be high, then two clock cycle later, signal "c" should be high. Sequence seqb
checks that, After 1 clock cycles from the current positive edge of the clock, signal "d should be low.

The final property checks that, if sequence seqa succeeds, then a check for sequence
seqb is performed.

Clock definitions in SVA

A clock can be specified in a sequence, in a property or even in an assert statement.

Clock in Sequence

Clock in Property

Clock definitions in SVA (Cont..)

The assert statement calls a property, Separate property definition is not needed to assert a sequence. Since the expression to be checked can be called from the assert statement directly.

Clock in Assert

Assertions - Variables
Variables can be used in sequences and properties. A common use for this occurs in pipelines: In this example, the variable v is assigned the value of DataIn unconditionally on each clock. Five clocks later, DataOut is expected to equal the assigned value. Each invocation of the property (here there is one invocation on every clock) has its own copy of v.

Coverage Statements
Cover property statements can be used to monitor sequences and other behavioral aspects of a design for functional coverage.

The simulator keeps a count of the number of times the property in the cover
property statement holds or fails. This can be used to determine whether or not certain aspects of the designs

functionality have been exercised.

Assertion System Functions

SystemVerilog provides a number of system functions, which can be used in assertions. $rose, $fell and $stable indicate whether or not the value of an expression has changed between two adjacent clock ticks. For example, Asserts that if in changes from 0 to 1 between one rising clock and the next, detect must be 1 on the following clock.

States that data shouldnt change whilst enable is 0.

Assertion System Functions cont..

The system function $past returns the value of an expression in a previous clock cycle. States that q increments, provided reset is low and enable is high.

The system functions $onehot and $onehot0 are used for checking one-hot encoded signals. $onehot(expr) returns true if exactly one bit of expr is high;

$onehot0(expr) returns true if at most one bit of expr is high.

SVA Functional Coverage

Assertion Coverage:
For each assertion count the number of times the assertion Attempted, failed, succeeded, real success, vacuous success during simulation.

Sequence Coverage:
For each sequence count the number of times the sequences Attempted, matched, real match and not attempted.

Summary
Assertions are great way to verify complex designs . Assertions only can be used to completely authenticate a design as robust By creating testbench with functional coverage we can understand which all functionalities of the design are covered in test Creation of testbench with functional coverage requires detailed verification plan