How to write SVA assumption

dplumb_amd · August 22, 2023, 7:55pm

I am trying to write an SVA assumption that essentially says that if the audio_enable signal gets deasserted, then there are three signals that should not change for 10 cycles.

This was my attempt:

assume_audio_stream_control_stable_after_audio_enable_deasserted: assume property(@(posedge isocclk) disable iff (isocclk_rst !== 0)
        $fell(HDA_audio_stream_data.audio_enable) |=> ($stable(HDA_audio_stream_control.codec_dto_base) &&
                                                       $stable(HDA_audio_stream_control.codec_dto_multi) &&
                                                       $stable(HDA_audio_stream_control.codec_dto_div)) [*10]);

It didn’t work as I expected. The codec_dto_base signal gets asserted about 2 clock cycles after the audio_enable signal gets deasserted. Any suggestions?

ben2 · August 22, 2023, 8:10pm

In reply to dplumb_amd:

The assume assertion looks OK. What is wrong? the formal?

kddholak · August 22, 2023, 8:13pm

In reply to dplumb_amd:


Updated as local is reserved word. 
create the common property 
property drive_const(sig) ;
bit local_val ;
@(posedge clk) //
($fell(HDA_audio_stream_data.audio_enable), local_val = sig) |=> (sig == local_val)[*10]
endproperty 

assume property(drive_const((HDA_audio_stream_control.codec_dto_base))
assume property(drive_const((HDA_audio_stream_control.codec_dto_multi))
assume property(drive_const((HDA_audio_stream_control.codec_dto_div))

ben2 · August 22, 2023, 9:00pm

In reply to kddholak:

“local” is a SVG reserved word. Try changing “local” to “lcl” or to “local1”.
Whether the compiler accepts it or not, it si not a good idea to use reserved words for variable names; it’s confusing.

kddholak · August 22, 2023, 9:16pm

In reply to ben@SystemVerilog.us:
Thanks Ben

dplumb_amd · August 22, 2023, 9:29pm

In reply to ben@SystemVerilog.us:

In reply to dplumb_amd:
The assume assertion looks OK. What is wrong? the formal?

Yes. Formal is generating a counter example that seems to be violating my constraint.

ben2 · August 22, 2023, 9:43pm

In reply to dplumb_amd:

t didn’t work as I expected. …

Why are you flagging the constraint as an error? Formal is saying that the design cannot be satisfied with this constraint; loosen the constraint or update the design.
??

dplumb_amd · August 22, 2023, 11:21pm

In reply to ben@SystemVerilog.us:

Sorry Ben. I don’t get what you are saying. The assume directive says to formal that the inputs are constrained. It says nothing about the design cannot be satisfied with the constraint. The counter example shows an input sequence that I have constrained so that it doesn’t happen. The assertion failure is relative to the outputs doing something that I do not expect but the case is not valid because of the illegal input sequence.

ben2 · August 23, 2023, 3:40pm

In reply to dplumb_amd:

Does the entire model only transition on posedge socclk? Maybe you’re seeing glitches on a negedge between posedges in the assume? An SVA assume only controls the specified edges;
if I have an assume like *fell(x) then y[10] there could be a an assertion failure with a sequence shorter than the assumed constraint. For example,
(fell(x) |-> y[*3] ##1 c). Having an assumption of y repeated 10 times does not stop a sequence like
fell(x) to be true, y repeated 3 times, and c==0.

??
Ben

dplumb_amd · August 23, 2023, 4:10pm

In reply to ben@SystemVerilog.us:

There are multiple clocks and they are asynchronous. But I don’t think I am seeing glitches. The codec_dto_base signal is different at the clock edge.

I think I get what you’re saying about the sequence length.

It would be a lot easier if I could share a waveform snapshot here. Any ideas on how to do that?

dplumb_amd · August 23, 2023, 4:12pm

In reply to kddholak:

Thanks for the suggestion. I did try it but I’m still seeing the same illegal behavior that I thought I had constrained out.

ben2 · August 23, 2023, 7:34pm

In reply to dplumb_amd:

share a waveform snapshot here. Any ideas on how to do that?

Put the image on a site, like google photos, In google click on the image and SHARE the image. Google provides a link to the sharable photo.

dplumb_amd · August 23, 2023, 7:59pm

In reply to ben@SystemVerilog.us:

ben2 · August 23, 2023, 10:22pm

In reply to dplumb_amd:
I saw that after the fall of audio_enable the signal codec_dto_base was not repeated.
I consulted with a colleague who is an expert in FV. His take:

I guess that confirms my hypothesis. If stuff can happen between edges of the designated clock, he should modify the assume to act on both edges of the fastest clock : @(fastclk) instead of @(posedge slowclk). Alternatively, SVA also offers the asynchronous reject_on operator if you want to catch such things… but I’m not sure how well tools support this rarely used op.

Ben

peter1 · August 24, 2023, 11:51am

In reply to dplumb_amd:

Hi all,
the waveform is generated by the formal tool.
and the formal tool say this waveform is violated with constraint?
Am I correct?

dplumb_amd · August 24, 2023, 1:54pm

In reply to peter:

Hi peter,
The waveform is generated by the formal tool as a counter example for an assertion that I have not shown. But the reason why I am mystified is because the input signals seem to be violating the constraint that I coded in my original question.

peter1 · August 24, 2023, 2:16pm

In reply to dplumb_amd:

Hi dplumb,
what is your input signal of the dut in the waveform?

dplumb_amd · August 24, 2023, 2:28pm

In reply to peter:

All of the signals I have shown in the waveform are input signals for the DUT.

dplumb_amd · August 24, 2023, 8:34pm

In reply to ben@SystemVerilog.us:

Thanks for your reply. I tried using both edges of the fastest clock but I get exactly the same counter-example waveform.