1 / 19

System Verilog Assertions

IEP on Design Verification and Hardware Security NIT, Rourkela. System Verilog Assertions. OUTLINE. Importance of Assertions and formal verification. Difference between FV and Simulation Immediate Assertions and Concurrent Assertions Sequences and Properties Assert, Assume and Cover.

billybuck
Télécharger la présentation

System Verilog Assertions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IEP on Design Verification and Hardware Security NIT, Rourkela System Verilog Assertions

  2. OUTLINE • Importance of Assertions and formal verification. • Difference between FV and Simulation • Immediate Assertions and Concurrent Assertions • Sequences and Properties • Assert, Assume and Cover

  3. Formal Verification • Solving the Right Problem. • Complete coverage. • Corner Cases • State-Driven and Output-Driven Analysis • Understanding Infinite Behaviours: With FV, the power of mathematical reasoning allows us to ask and answer questions about model behavior over unbounded time periods. • For ex: - We can ask questions about whether a model can be stuck forever without reaching a desired state, or whether it is guaranteed to eventually perform some behavior that cannot be guaranteed in a finite time limit. These questions cannot be effectively in simulation.

  4. Why FV • FV for Bug Hunting: - Full FV of a design will not always be possible. FV can still be valuable as a method to find potential bugs that might otherwise have been missed. • FV for Exploring Designs: - Another major usage of FV is as a tool for exploring RTL design behaviours. FV tools are able to analyse the potential simulation space and figure out a way to produce particular behaviours, based on specifications of the state or output. This can be seen as a form of reverse engineering. • For example, you can provide a query like “Is there any set of inputs that will give a value of 32’ffffffff from my adder?”, and FV can find out if there is some theoretically possible sequence of inputs that will get you there.

  5. Applying the power of FV • State Matching: Equivalence Checking • Bounded Proofs: Instead of proving that your design is guaranteed to have correct behaviours for all time, you can prove that all behaviours are guaranteed correct for behavior traces up to some defined length. • Proof Decomposition: We can often improve our FV capacity significantly by making every property as simple as possible. For example, a property in the form “(A OR B) implies C” can be divided into two independent properties “A implies C” and “B implies C.” • Targeted Verification: some small set of risky cases. • Size Reductions: Often we can just represent a small portion of a large memory or cache, reduce datapath width to just a few bits and analyse designs in a way that will catch the vast majority of bugs. • Case Splitting: We can often split the job into a number of simple verification tasks, each checking a subset of the possible behaviours.

  6. Assertions • In order to leverage the power of formal verification (FV) to prove correctness of your design, you must first have a way to express what it means for your design to be correct. • The most popular way to do this is through properties, specified in assertions, using the SystemVerilog Assertions (SVA) language. • Although there are numerous specification methods in the industry and academia, such as the Property Specification Language (PSL) language and the Open Verification Library (OVL).

  7. Types of Assertions • Immediate Assertions : Follow simulation event semantics, like code in always block. • Concurrent Assertions : Based on clock semantics, like always block with clock. • The immediate assertion statement is a test of an expression performed when the statement is executed in the procedural code. • If the expression evaluates to X, Z or 0, then it is interpreted as being false and the assertion is said to fail. Otherwise, it is said to be pass. source: - www.verificationguide.com

  8. Concurrent Assertions • Concurrent assertions check the sequence of events spread over multiple clock cycles. The concurrent assertion is evaluated only at the occurrence of a clock tick • The test expression is evaluated at clock edges based on the sampled values of the variables involved • It can be placed in a procedural block, a module, an interface or a program definition. • Ex: - c_assert:  assert property(@(posedge clk) not(a && b));

  9. Sequences • There are 2 types of implication:- 1. Overlapped implication • Non-overlapped implication • The overlapped implication is denoted by the symbol |->. • The non-overlapped implication is denoted by the symbol |=>. Implication Operator: - The implication is equivalent to an if-then structure. If the antecedent succeeds, then the consequent is evaluated. source: - www.verificationguide.com

  10. Sequences • Sequence Layer uses the Boolean layer to construct valid sequence of events. • A sequence can be declared in following places:- module, Interface, program clocking block, package. • Following are list of operators that sequence are build upon: - • ##: - req ##1 gnt : Means gnt happens one clock cycle later of req. • req ##[0:3] gnt : Means gnt will be asserted 0 to 3 clock cycles after req is asserted. • $ Operator is used when something needs to be checked till end of simulation. $ denoted till end of simulation. It like saying, something will happen eventually before end of simulation

  11. SVA Methods • SVA methods: SVA supports following methods: - • $rose: - returns true, when LSB gets logic 1. • $fell: - returns true, when LSB gets logic 0. • $stable: - returns true, when the value of a related variable not changed since last clock tick to current clock tick. • $past: - returns number of clock ticks (n). source: - www.verificationguide.com

  12. Match Operators • first_match: When we want to stop after first match of sequence, • we use first_match operator. • throughout: When we want to check if some condition is valid over • period of sequence, then throughout match operator is used. • within: When we want to check containment of one sequence in another • sequence, we use within match operator. source: - www.verificationguide.com

  13. Few topics with Sequences Clockscan be specified for a sequence to work in two ways: - • implied clock : In this method, clock is specified in property and sequence just uses that clock. • explicit clock : In this method, clock is specified inside the sequence block and sequence uses this clock. Local Variables: - One can have local variables inside a sequence or a property. This local variables can be assigned values and can be sampled later. Calling Subroutine: - Tasks, task methods, void functions, void function methods, and system tasks can be called at the end of a successful match of a sequence.

  14. Property • Property layer is built on top of sequence layer. It uses zero or more sequence to check a design assumption. • Zero assertions because, property layer can contain Boolean layer directly. • Properties can be declared in following places: - • module • interface • program • clocking block • package

  15. Disjunction and Conjunction Disjunction operator (or) looks for least one of the property evaluates to true, then disjunction property evaluates to true. Conjunction operator works like a logical and operator, where all of the properties should evaluate to true. source: - www.verificationguide.com

  16. Implication Property in Property • From a given start point, the antecedent sequence_expr can have zero, one, or more than one successful match. • If there is no match of the antecedent sequence_expr from a given start point, then evaluation of the implication from that start point succeeds vacuously and returns true. source: - www.verificationguide.com

  17. Multiple Clocks Sequence and Property Multi-clocked sequences are built by concatenating singly clocked sub-sequences using the single-delay concatenation operator ##1. This operator is non-overlapping and synchronizes between the clocks of the two sequences. source: - www.verificationguide.com

  18. Assert, Assume and Cover assert : This statement specifies if the property holds correct. assume : This statement specifies property as assumption for the verification environment. This is more useful with formal verification tools. cover : This statement monitors property for the sake of coverage. Coverage can be made to be reported at the end of simulation. req_gnt_assume : assume property (req_gnt_prop); req_gnt_assert2 : assert property (req_gnt_prop); req_gnt_cover : cover property (req_gnt_prop); addr_hit_cover : cover property (addr_hit_prop(1,5));

  19. Thank You

More Related