Coverage

Coverage is used to measure tested and untested portions of the design. Coverage is defined as the percentage of verification objectives that have been met.

There are two types of coverage metrics,

• Code Coverage
• Functional Coverage

Code Coverage

• Code coverage measures how much of the “design Code” is exercised.
• This includes the execution of design blocks, Number of Lines, Conditions, FSM, Toggle and Path.
• The simulator tool will automatically extract the code coverage from the design code.

Functional Coverage

Functional coverage is a user-defined metric that measures how much of the design specification has been exercised in verification.

There are two types of functional coverage,

• Data-oriented Coverage – Checks combinations of data values have occurred. We can get Data-oriented coverage by writing Coverage groups, coverage points and also by cross coverage
• Control-oriented Coverage – Checks whether sequences of behaviors have occurred. We can get assertion coverage by writing SystemVerilog Assertions

Defining functional coverage is covered in the next chapters.
❮ Previous Next ❯

• Coverage
• Functional Coverage
• Cross Coverage
• Coverage Options

❮ Previous Next ❯

Static Delay

a ##2 b;

If signal “a” is high on any given positive edge of the clock, the signal “b” should be high 2 clock cycles after that.

Variable Delay

int v_delay;
v_delay = 4;
a ##v_delay b;

Using ##v_delay leads to compilation error because it is Illegal to use a variable in an assertion.

module asertion_variable_delay;
  bit clk,a,b;
  int cfg_delay;
  
  always #5 clk = ~clk; //clock generation
  
  //generating 'a'
  initial begin 
    cfg_delay = 4;
        a=1; b = 0;
    #15 a=0; b = 1;
    #10 a=1; 
    #10 a=0; b = 1;
    #10 a=1; b = 0;
    #10;
    $finish;
  end
  
  //calling assert property
  a_1: assert property(@(posedge clk) a ##cfg_delay b);

endmodule

Simulator Output

Error-[SVA-INCE] Illegal use of non-constant expression
testbench.sv, 23
asertion_variable_delay, "cfg_delay"
The use of a non-constant expression is not allowed in properties, sequences
and assertions for cases such as delay and repetition ranges.
Please replace the offending expression by an elaboration-time constant.

1 error

Click to execute on   

Below is one of the ways to implement the variable delay

module asertion_variable_delay;
  bit clk,a,b;
  int cfg_delay;
  
  always #5 clk = ~clk; //clock generation
  
  //generating 'a'
  initial begin 
    cfg_delay  = 4;
        a=1; b = 0;
    #15 a=0; b = 1;
    #10 a=1; 
    #10 a=0; b = 1;
    #10 a=1; b = 0;
    #10;
    $finish;
  end
  
  //delay sequence
  sequence delay_seq(v_delay);
    int delay;
    (1,delay=v_delay) ##0 first_match((1,delay=delay-1) [*0:$] ##0 delay <=0);
  endsequence
  
  //calling assert property
  a_1: assert property(@(posedge clk) a |-> delay_seq(cfg_delay) |-> b);
    
endmodule 

a |-> delay_seq(cfg_delay) |-> b;
sequence delay_seq(v_delay);
  int delay;
  (1,delay=v_delay) ##0 first_match((1,delay=delay-1) [*0:$] ##0 delay <=0);
endsequence

Instead of ##v_delay, sequence ‘delay_seq‘ is used for variable delay.
delay_seq works like while loop, variable value will be decremented on each clk cycle and checks for the value of ‘delay’ equals to ‘0’. The sequence will get ended once the value of ‘delay‘ equals ‘0’.

• (1,delay=v_delay)                                    -> Copy variable value to local variable.
• (1,delay=delay-1) [*0:$] ##0 delay <=0 -> Decrements the value of local variable and checks for value of ‘delay’ equals to ‘0’.
• first_match((1,delay=delay-1) [*0:$] ##0 delay <=0) -> waits for value of ‘delay’ equals to ‘0’

Click to execute on   

❮ Previous Next ❯

disable iff

In certain design conditions, we don’t want to proceed with the check if some condition is true. this can be achieved by using disable iff.

Below property checks that, if the signal “a” is high on given posedge of the clock, the signal “b” should be high for 3 clock cycles followed by “c” should be high after ”b” is high for the third time. During this entire sequence, if reset is detected high at any point, the checker will stop.

property p;
  @(posedge clk)
  disable iff (reset) a |-> ##1 b[->3] ##1 c;
endproperty
a: assert property(p);

Click to execute on   

ended

while concatenating the sequences, the ending point of the sequence can be used as a synchronization point.

This is expressed by attaching the keyword “ended” to a sequence name.

sequence seq_1;
 (a && b) ##1 c;
endsequence

sequence seq_2;
  d ##[4:6] e;
endsequence

property p;
  @(posedge clk) seq_1.ended |-> ##2 seq_2.ended;
endpeoperty
a: assert property(p);

Above property checks that, sequence seq_1 and SEQ_2 match with a delay of 2 clock cycles in between them. the end point of the sequences does the synchronization.

❮ Previous Next ❯

SVA Methods

$rose

$rose(boolean expression or signal name)

returns true if the least significant bit of the expression changed to 1. Otherwise, it returns false.

sequence seq_rose;
  @(posedge clk) $rose(a);
endsequence

Sequence seq_rose checks that the signal “a” transitions to a value of 1 on every positive edge of the clock. If the transition does not occur, the assertion will fail.

$fell

$fell(boolean expression or signal name)

returns true if the least significant bit of the expression changed to 0. Otherwise, it returns false.

sequence seq_fell;
  @(posedge clk) $fell(a);
endsequence

Sequence seq_fell checks that the signal “a” transitions to a value of 0 on every positive edge of the clock. If the transition does not occur, the assertion will fail.

$stable

$stable(boolean expression or signal name)

returns true if the value of the expression did not change. Otherwise, it returns false.

sequence seq_stable;
  @(posedge clk) $stable(a);
endsequence

Sequence seq_stable checks that the signal “a” is stable on every positive edge of the clock. If there is any transition occurs, the assertion will fail.

$past

$past(signal_name, number of clock cycles)

provides the value of the signal from the previous clock cycle.

Below Property checks that, in the given positive clock edge, if the “b” is high, then 2 cycles before that, a was high.

property p;
  @(posedge clk) b |-> ($past(a,2) == 1);
endproperty
a: assert property(p);

Click to execute on   

$past construct with clock gating

The $past construct can be used with a gating signal. on a given clock edge, the gating signal has to be true even before checking for the consequent condition.

$past (signal_name, number of clock cycles, gating signal)

Below Property checks that, in the given positive clock edge, if the “b” is high, then 2 cycles before that, a was high only if the gating signal “c’ is valid on any given positive edge of the clock.

Property p;
  @(posedge clk) b |-> ($past(a,2,c) == 1);
endproperty
a: assert property(p);

Click to execute on   

Built-in system functions

• $onehot(expression)
  • checks that only one bit of the expression can be high on any given clock edge.
• $onehot0(expression)
  • checks only one bit of the expression can be high or none of the bits can be high on any given clock edge.
• $isunknown(expression)
  • checks if any bit of the expression is X or Z.
• $countones(expression)
  • counts the number of bits that are high in a vector.

a_1: assert property( @(posedge clk) $onehot(state) );
a_2: assert property( @(posedge clk) $onehot0(state) );
a_3: assert property( @(posedge clk) $isunknown(bus) ) ;
a_4: assert property( @(posedge clk) $countones(bus)> 1 );

Assert statement a_1 checks that the bit vector “state” is one-hot.
Assert statement a_2 checks that the bit vector “state” is zero one-hot.
Assert statement a_3 checks if any bit of the vector “bus” is X or Z.
Assert statement a_4 checks that the number of ones in the vector “bus” is greater than one.
❮ Previous Next ❯

SVA Sequence

Boolean expression events that evaluate over a period of time involving single/multiple clock cycles. SVA provides a keyword to represent these events called “sequence”.

SVA Sequence example

In the below example the sequence seq_1 checks that the signal “a” is high on every positive edge of the clock. If the signal “a” is not high on any positive clock edge, the assertion will fail.

sequence seq_1;
  @(posedge clk) a==1;
endsequence

Click to execute on   

A sequence with a logical relationship

Below sequence, seq_2 checks that on every positive edge of the clock, either signal “a” or signal “b” is high. If both the signals are low, the assertion will fail.

sequence seq_2;
  @(posedge clk) a || b;
endsequence

Click to execute on   

Sequence Expressions

By defining arguments in a sequence definition, the same sequence can be re-used for similar behavior.

For example, we can define a sequence as below.

sequence seq_lib (a, b)
  a || b ;
endsequence

this seq can be used as,

sequence s_lib_inst
  seq_lib(req1,req2);
endsequence

Sequences with timing relationship

In SVA, clock cycle delays are represented by a “##” sign. For example, ##2 means 2 clock cycles.

Below sequence checks for the signal “a” being high on a given positive edge of the clock. If the signal “a” is not high, then the sequence fails. If signal “a” is high on any given positive edge of the clock, the signal “b” should be high 2 clock cycles after that. If signal “b” is not asserted after 2 clock cycles, the assertion fails.

sequence seq;
  @(posedge clk) a ##2 b;
endsequence

Click to execute on   

Note:: sequence begins when signal “a” is high on a positive edge of the clock.

Clock usage in SVA

A clock can be specified in a sequence, in a property or even in an assert statement.

Clock defined in the sequence definition

The previous example shows the usage of a clock inside the sequence definition.

sequence seq;
  @(posedge clk) a ##2 b;
endsequence

Clock defined in the property definition

sequence seq;
  a ##2 b;
endsequence

property p;
  @(posedge clk) seq;
endproperty
a_1 : assert property(p);

Click to execute on   

In general, it is a good idea to define the clocks in property definitions and keep the sequences independent of the clocks. This will help increase the re-use of the basic sequence definitions.

Forbidding a property

A separate property definition is not needed to assert a sequence. the expression to be checked can be called from the assert statement directly as shown below.

In all the examples shown so far, the property is checking for a true condition. we expect the property to be false always. If the property is true, the assertion fails.

  sequence seq;
    a ##2 b;
  endsequence
  a_2: assert property(@(posedge clk) seq);

Calling a property with a clock definition from within the assert statement is not allowed.

a_3: assert property(@(posedge clk) p) ; //Not allowed

Below sequence checks that if signal “a” is high on a given positive edge of the clock, then after 2 clock cycles, signal “b” shall not be high. The keyword “not” is used to specify that the property should never be true.

sequence seq;
  @(posedge clk) a ##2 b;
endsequence

property p;
  not seq;
endproperty
a_1: assert property(p);

Click to execute on   

❮ Previous Next ❯

Implication Operator

sequence seq;
  @(posedge clk) a ##2 b;
endsequence

In the above sequence, we can observe that sequence starts on every positive edge of the clock and it looks for “a” to be high on every positive clock edge. If the signal “a” is not high on any given positive clock edge, an error is issued by the checker.

If we want the sequence to be checked only after “a” is high, this can be achieved by using the implication operator.

The implication is equivalent to an if-then structure. The left-hand side of the implication is called the “antecedent” and the right-hand side is called the “consequent.” The antecedent is the gating condition. If the antecedent succeeds, then the consequent is evaluated.

The implication construct can be used only with property definitions. It cannot be used in sequences.

There are 2 types of implication:

• Overlapped implication
• Non-overlapped implication

Overlapped implication

The overlapped implication is denoted by the symbol |->.

If there is a match on the antecedent, then the consequent expression is evaluated in the same clock cycle.

Below property checks that, if signal “a” is high on a given positive clock edge, then signal “b” should also be high on the same clock edge.

property p;
  @(posedge clk) a |-> b;
endproperty
a: assert property(p);

Click to execute on   

Non-overlapped implication

The non-overlapped implication is denoted by the symbol |=>.

If there is a match on the antecedent, then the consequent expression is evaluated in the next clock cycle.

Below property checks that, if signal “a” is high on a given positive clock edge, then signal “b” should be high on the next clock edge.

property p;
  @(posedge clk) a |=> b;
endproperty
a: assert property(p);

Click to execute on   

The implication with a fixed delay on the consequent

Below property checks that, if signal “a” is high on a given positive clock edge, then signal “b” should be high after 2 clock cycles.

property p;
  @(posedge clk) a |-> ##2 b;
endproperty
a: assert property(p);

Click to execute on   

The implication with a sequence as an antecedent

Below property checks that, if the sequence seq_1 is true on a given positive edge of the clock, then start checking the seq_2 (“d” should be low, 2 clock cycles after seq_1 is true).

sequence seq_1;
 (a && b) ##1 c;
endsequence

sequence seq_2;
  ##2 !d;
endsequence

property p;
  @(posedge clk) seq_1 |-> seq_2;
endpeoperty
a: assert property(p);

Click to execute on   

Timing windows in SVA Checkers

Below property checks that, if signal “a” is high on a given positive clock edge, then within 1 to 4 clock cycles, the signal “b” should be high.

property p;
  @(posedge clk) a |-> ##[1:4] b;
endproperty
a: assert property(p);

Click to execute on   

Overlapping timing window

Below property checks that, if signal “a” is high on a given positive clock edge, then signal “b” should be high in the same clock cycle or within 4 clock cycles.

property p;
  @(posedge clk) a |-> ##[0:4] b;
endproperty
a: assert property(p);

Click to execute on   

Indefinite timing window

The upper limit of the timing window specified in the right-hand side can be defined with a “$” sign which implies that there is no upper bound for timing. This is called the “eventuality” operator. The checker will keep checking for a match until the end of the simulation.

Below property checks that, if signal “a” is high on a given positive clock edge, then signal “b” will be high eventually starting from the next clock cycle.

property p;
  @(posedge clk) a |-> ##[1:$] b;
endproperty
a: assert property(p);

Click to execute on   

❮ Previous Next ❯

Repetition Operators

property p;
  @(posedge clk) a |-> ##1 b ##1 b ##1 b;
endproperty
a: assert property(p);

The above property checks that, if the signal “a” is high on given posedge of the clock, the signal “b” should be high for 3 consecutive clock cycles.

The Consecutive repetition operator is used to specify that a signal or a sequence will match continuously for the number of clocks specified.

Syntax

signal [*n] or sequence [*n]

"n" is the number of repetitions.

with repetition operator above sequence can be re-written as,

property p;
  @(posedge clk) a |-> ##1 b[*3];
endproperty
a: assert property(p);

Click to execute on   

go to repetition

The go-to repetition operator is used to specify that a signal will match the number of times specified not necessarily on continuous clock cycles.

signal [->n]

property p;
  @(posedge clk) a |-> ##1 b[->3] ##1 c;
endproperty
a: assert property(p);

Click to execute on   

The above property checks that, if the signal “a” is high on given posedge of the clock, the signal “b” should be high for 3 clock cycles followed by “c” should be high after ”b” is high for the third time.

Nonconsecutive repetition

This is very similar to “go to” repetition except that it does not require that the last match on the signal repetition happens in the clock cycle before the end of the entire sequence matching.

signal [=n]

Only expressions are allowed to repeat in “go to” and “nonconsecutive” repetitions. Sequences are not allowed.

❮ Previous Next ❯

SVA

Below diagram shows the steps involved in the creation of an SVA checker,

Boolean expressions

The functionality is represented by the combination of multiple logical events. These events could be simple Boolean expressions.

Sequence

Boolean expression events that evaluate over a period of time involving single/multiple clock cycles. SVA provides a keyword to represent these events called “sequence.”

Syntax

sequence name_of_sequence;
  ……
endsequence

Property

A number of sequences can be combined logically or sequentially to create more complex sequences. SVA provides a keyword to represent these complex sequential behaviors called “property”.

Syntax

property name_of_property;
  test expression or
  complex sequence expressions
endproperty

Assert

The property is the one that is verified during a simulation. It has to be asserted to take effect during a simulation. SVA provides a keyword called “assert” to check the property.

Syntax

assertion_ name: assert_property( property_name );

❮ Previous Next ❯

Assertions in SystemVerilog

• SystemVerilog Assertions
• SVA Building Blocks
• SVA Sequence
• Implication Operator
• Repetition Operator
• SVA Built-In Methods
• Ended and Disable iff
• Variable delay in SVA

❮ Previous Next ❯