SVA: throughout corner case | sig1 must be stable throughout sig2

SystemVerilog
, ,
1

Hello,

I want to write an assertion that says ‘sig1 must be stable when sig2 is asserted’.

Here is my solution:

property sig1_stable_throughout_sig2 (logic sig1, sig2);
     $rose(sig2) |=> $stable(sig1) throughout !sig2[->1];
endproperty //sig1_stable_throughout_sig2

This assertion works very well, except for the case when sig1 exactly follows sig2 and deasserts in the same clock cycle as sig2.

783×166 15.3 KB

My understanding is that the assertion requires that sig1 be stable even at the clock which deasserts sig1 (i.e at the negedge of sig1).

Is there a way to make the assertion run until one clock before sig2 deasserts? Or, any other way I could take care of this failure?

Thanks,
Ankit

2 
property sig1_stable_throughout_sig2 (logic sig1, sig2);
     disable iff (!sig2)
     $rose(sig2) |=> $stable(sig1) throughout !sig2[->1];
endproperty //sig1_stable_throughout_sig2

Disabling the assertion when sig2 goes down seems to do the trick. Is this approach correct?

Thanks
-Ankit

3

In reply to Ankit Bhange:

Disabling the assertion when sig2 goes down seems to do the trick. Is this approach correct?

NO!


// The throughout operator specifies that a signal (expression) must hold throughout a sequence.
 ( b throughout R )[/b] is equivalent to [b]( b [*0:$] intersect R ) 
// Use the 
sequenc1 interesect sequence2 // and sequence1 is 
 ($stable(sig1)[*1:$] ##1 !sig2) // Thus, if sig2==0 after 4 cycles, 
//                          the consequent thread that will match will be 
 ($stable(sig1)[*3] ##1 !sig2 // sig2==0 at cycle 4 

property sig1_stable_throughout_sig2 (logic sig1, sig2);
     $rose(sig2) |-> ##1 ($stable(sig1)[*1:$] ##1 !sig2) intersect !sig2[->1];
endproperty 
// As mentioned in a previous post, I prefer to use |-> ##1 instead |=> 
// See my next post

Ben Cohen
http://www.systemverilog.us/ ben@systemverilog.us
For training, consulting, services: contact http://cvcblr.com/home.html
** SVA Handbook 4th Edition, 2016 ISBN 978-1518681448

  1. SVA Package: Dynamic and range delays and repeats SVA: Package for dynamic and range delays and repeats - SystemVerilog - Verification Academy
  2. Free books: Component Design by Example https://rb.gy/9tcbhl
    Real Chip Design and Verification Using Verilog and VHDL($3) https://rb.gy/cwy7nb
  3. Papers:
4

In reply to ben@SystemVerilog.us:

Another option is to use the until
An until property of the non-overlapping form (i.e., until, s_until) evaluates to true if property_expr1 evaluates to true at every clock tick beginning with the starting clock tick of the evaluation attempt and continuing until at least one tick before a clock tick where property_expr2 (called the terminating property) evaluates to true.


property_expr1 until property_expr2
property sig1_stable_throughout_sig2 (logic sig1, sig2);
     $rose(sig2) |=> $stable(sig1) until !sig2; // Need the |=> because the until is a property
endproperty 
// same as 
$rose(sig2) |=> $stable(sig1)[*0:$] ##1 !sig2; // also OK.
5

Thanks, Ben. The assertion seems to be working now.

6

In reply to Ankit Bhange:
Consider the following model where all 3 assertions are different. The annotated assertion thread viewer address cases that demonstrate why they are different. It is always preferable to test the assertions in a small model using constrained-random tests.


module top;
  timeunit 1ns;  timeprecision 100ps;    
  `include "uvm_macros.svh"
  import uvm_pkg::*;
  bit clk, sig1, sig2;
  
  initial forever #10 clk = !clk; 
  ap_sig1_stable_throughout_sig2 : assert property(@(posedge clk)  
     $rose(sig2) |=> ($stable(sig1)[*1:$] ##1 !sig2) intersect !sig2[->1]);    

 
  ap_until_sig1_stable_throughout_sig2: assert property(@(posedge clk)       
     $rose(sig2) |=> $stable(sig1) until !sig2); // Need the |=> because the until is a property 

  ap_sig1_stable_throughout_sig2_B : assert property(@(posedge clk) 
    $rose(sig2) |=>  $stable(sig1) throughout (sig2[*1:$] ##1 $fell(sig2)) ); 

  initial begin
    repeat (200) begin
      @(posedge clk);
      if (!randomize(sig1, sig2) with {
        sig1 dist {1'b1 := 10, 1'b0 := 1};
        sig2 dist {1'b1 := 6,  1'b0 := 1};
      })
        `uvm_error("MYERR", "This is a randomize error");
    end
    $finish;
  end
endmodule

2148×900 156 KB

2148×900 156 KB

ap_sig1_stable_throughout_sig2 : assert property(@(posedge clk)
$rose(sig2) |=> (stable(sig1)[*1:] ##1 !sig2) intersect !sig2[->1]);

1638×903 136 KB

1638×903 136 KB

ap_until_sig1_stable_throughout_sig2: assert property(@(posedge clk)
$rose(sig2) |=> $stable(sig1) until !sig2);

1920×1080 360 KB

1920×1080 360 KB

ap_sig1_stable_throughout_sig2_B : assert property(@(posedge clk)
$rose(sig2) |=> stable(sig1) throughout (sig2[*1:] ##1 $fell(sig2)) );

Ben Cohen
http://www.systemverilog.us/ ben@systemverilog.us
For training, consulting, services: contact http://cvcblr.com/home.html
** SVA Handbook 4th Edition, 2016 ISBN 978-1518681448

  1. SVA Package: Dynamic and range delays and repeats SVA: Package for dynamic and range delays and repeats - SystemVerilog - Verification Academy
  2. Free books: Component Design by Example https://rb.gy/9tcbhl
    Real Chip Design and Verification Using Verilog and VHDL($3) https://rb.gy/cwy7nb
  3. Papers:
7

In reply to ben@SystemVerilog.us:

Oops on comment for the last assertion
Google Photos

8

In reply to ben@SystemVerilog.us:

Hi
We usually use $stable(signa_name) to see a signal must be stable in from previous clk cycle. How to check that a signal must be stable within clk cycle

9

In reply to ben@SystemVerilog.us:

Thank you for the thorough explanation, Ben. It seems like

ap_until_sig1_stable_throughout_sig2: assert property(@(posedge clk)       
     $rose(sig2) |=> $stable(sig1) until !sig2); // Need the |=> because the until is a property

is what meets my requirements. However, for some reason I am getting a syntax error when trying to use the ‘until’ property. I think it is a tool issue.
Could you share any alternatives for until?

Thanks,
Ankit

10

In reply to Ankit Bhange:
An until property of the non-overlapping form (i.e., until, s_until) evaluates to true if property_expr1 evaluates to true at every clock tick beginning with the starting clock tick of the evaluation attempt and continuing until at least one tick before a clock tick where property_expr2 (called the terminating property) evaluates to true. The until, s_until operators have an implicit repetition until the terminating condition (i.e., property_expr2) occurs. Specifically, with a strong until (e.g., s_until), if the simulation completes but the terminating condition is pending, the assertion fails, unlike the weak until where the assertion is evaluated as vacuously true.

$rose(req) |=> busy until ready); // Enhanced readability, and Identical to
// $rose(req) |=> busy[*0:$] ##1 ready ; // equivalent property expression
// Thus, 
ap_until_sig1_stable_throughout_sig2: assert property(@(posedge clk)       
     $rose(sig2) |=> $stable(sig1) until !sig2); 
// can be written as 
ap_until_sig1_stable_throughout_sig2: assert property(@(posedge clk)       
     $rose(sig2) |=> $stable(sig1)[*0:$] ##1 !sig2); 
// When sig2==0, sig1 need not be stable