# If Chained Implications in Properties Weren't So Hard, They'd be Easy

Don MIIIS Microchip Technology Inc. Chandler, AZ, USA

don.mills@microchip.com mills@lcdm-eng.com

www.microchip.com





#### Introductions: Who is Don Mills anyway



- Over 20 Years in the Industry
- Over 30 ASICS/Designs
- Consultant/Trainer for 10 years with
  - Sutherland HDL
  - Sunburst Design
- Experience with the "big" three simulators
- Member of the IEEE 1800 SystemVerilog BC and EC committees
- Member of the IEEE 1801 UPF committee
- Presented numerous papers at various conference
  - Go to www.lcdm-eng.com to access papers
- Co-author of "Verilog and SystemVerilog Gotchas"

USERZUSE

# Mentor and SV Stuff



- Questa Advanced Support for SV
  - SystemVerilog for Design
  - Verification the best in the industry (in my opinion)
    - Constrained Random / OOP based test environment

USERZUSER

- Verification Environments
- Coverage
  - Reports, tables, charts
  - UCDB driving the standard
- Assertions
  - ATV Assertion Thread Viewer

#### One of MENTORS Best Kept Secret!!!







You know basically what sequences are

USERZUSER

You know what range repetition is

#### What is an Implication? Quick review



- Implication operators in property expressions only
- Provide a conditional test for a sequence
  - If the condition is true, the sequence is evaluated
  - If the condition is false, the sequence is not evaluated
- |-> overlapped implication: sequence evaluation starts immediately
- I => non-overlapped implication: sequence evaluation starts at the next clock If req is f

lf req is false, I don't care about grant

property bus\_req\_prop6; @(posedge clk) req |-> ##[1:5] grant; endproperty:bus req prop6

Only test for grant if req tests true

USERZUSE

2009

If Chained Implications in Properties Weren't So Hard, They'd be Easy, Oct 2009

# **Implication Terminology**



- Antecedent the condition or expression before the implication operator
- Consequent the expression following the implication operator
- Vacuous success Name for the don't-care condition when the antecedent is false

USERZUSE



# Why use chained implications?



2009

- Chained implications
  - Allow for multi-level (or hierarchical) conditioning
    - Like nested if-then



Don't care about mem unless <u>all</u> conditions are true

USER ZUSER

```
property p_chain;
@(posedge clk) chip_en |-> bank_en |-> mem_en |-> mem;
endproperty:p_chain;
```

- Can share local variables between the different levels

If Chained Implications in Properties Weren't So Hard, They'd be Easy, Oct 2009

# The Spec and the Code



- Monitor number of cycles between a start and an end point
  - Verify the number of cycles between the start and the end points is less than the max allowed

```
`define TRUE 1
property p_max_cycles;
int v_cnt;
@(posedge clk) ($rose(start), v_cnt = 0) |->
        (`TRUE, v_cnt++)[*0:$] ##1 done |->
                (v_cnt <= MAX);
endproperty:p_max_cycles
ap_max_cycles: assert property (p_max_cycles);</pre>
```



# Simpler Version of the Code



```
property p_chain;
 @(posedge clk) $rose(a) |-> b[*0:$] ##1 c |-> d;
endproperty:p chain;
```

ap chain: assert property (p chain);

- With a chained implication
  - What is the antecedent?
  - What is the consequent?



# The Results, failure condition





If Chained Implications in Properties Weren't So Hard, They'd be Easy, Oct 2009

## Pass attempt 1





### Pass attempt 2











# Assertion Thread Viewer (ATV)





# Concurrent Assertions Use Special Event Scheduling



Concurrent assertions use special event scheduling queues:
 Prevents race conditions with events in the design modules



# Why Use the ATV



- Concurrent Assertions are sampled at the beginning of a time step
  - If data is changing during the time step
    - Must look at the data prior to the time step
    - Like a D-FF must look at the value of D prior the clk edge
  - ATV doesn't show the value, it shows the pass/fail for each time step



File Edit View Add Format Tools Window





- In order to sort this out, let's look at
   <u>sequences</u> and properties containing ranges
- Start with a single level implication with a
  - Range in consequent
  - Range in antecedent



# Sequence vs. Property





#### Range in Consequent – maintains the first match rule



consequent ends the expression

in the consequent

USERZUSER

2009

#### What about a range in the antecedent?



If Chained Implications in Properties Weren't So Hard, They'd be Easy, Oct 2009

### Range in antecedent again



**Don Mills** 



If Chained Implications in Properties Weren't So Hard, They'd be Easy, Oct 2009

#### The Problem is... The Solution is...



- For antecedents with ranges
  - Every passing condition

And

23

Every possible future passing condition

#### <u>must have a passing consequent for the</u> property expression to PASS

- In other words no "first match" is applied to the antecedent
- No "first match" is applied to the whole implication expression

USERZUSE

#### Range in the antecedent again... Why does this fail...







#### The FIX Use first match on antecedent

**Don Mills** 

# Infinite upper bound range in antecedent



```
property p chain1;
 @(posedge clk) $rose(a) |-> b[*0:$] ##1 c |-> d;
endproperty:p chain1;
property p chain2;
 @(posedge clk) $rose(a) |-> first_match( b[*0:$] ##1 c)
                                                          |->
                                                              d;
endproperty:p chain2;
```



If Chained Implications in Properties Weren't So Hard, They'd be Easy, Oct 2009



If Chained Implications in Properties Weren't So Hard, They'd be Easy, Oct 2009

# **Firstmatch Graphics**





# What about vacuous results?



2009

USERZUSER



A1 fails = vacuous success A1 passes, a2 fails = vacuous success

**Both A1 and a2 must pass for a non-vacuous success to be possible** 

If Chained Implications in Properties Weren't So Hard, They'd be Easy, Oct 2009

#### How do I model a vacuous success from A1 only?







If Chained Implications in Properties Weren't So Hard, They'd be Easy, Oct 2009

# What if the upper bound was fixed and not Mills infinity?







# Variable upper range limit



**Don Mills** 



#### Variation – only test when the variable upper limit is reached



```
module foo;
 bit a, c, d, clk;
  int upper;
 property prop 18(cnt);
    int v cnt;
   @(posedge clk) (\ (\ cnt > 0), v cnt = 0) |->
       ((v cnt < cnt), v cnt++)[*0:$] ##1
       (v_cnt == cnt) ##0 c |-> d;
  endproperty:prop 18
  ap18: assert property (prop_18(upper));
  initial begin
   upper = 8;
              Only test c/d when (v_cnt == cnt)
                                      USERZUSER
```

#### **Don Mills** Another way to model chained implication is using fusion (##0) MICROCHIP

```
property prop_13a;
  int v cnt;
  @(posedge clk) $rose(a) ##0 (b[*0:$] ##1 c) |-> d;
endproperty:prop 13a
property prop 13b;
  int v cnt;
  @(posedge clk) $rose(a) ##0 first_match(b[*0:$] ##1 c) |-> d;
endproperty:prop_13b
```



**Replacing the first** implication operator with a fusion gives identical results

2009

If Chained Implications in Properties Weren't So Hard, They'd be Easy, Oct 2009

# Implication vs. Fusion – same results



USERZUSER



If Chained Implications in Properties Weren't So Hard, They'd be Easy, Oct 2009

# Summary



- An implication will not end until all possible antecedent "passes" have tested with a passing consequent
- An implication with a range in the antecedent ends when
  - A passing antecedent has a failing consequent
  - The end of the range occurs
  - first\_match is used on the antecedent and the consequent passes.

```
`de Range - can be either a repetition range or timing range period
property p_max_cycles;
int v_cnt;
@(posedge clk) ($rose(start), v_cnt = 0) |->
first_match((`TRUE, v_cnt++)[*0:$] ##1 done) |->
(v_cnt <= MAX);
endproperty:p_max_cycles
ap_max_cycles: assert property (p_max_cycles);
```





# QUESTIONS and GUESSES



If Chained Implications in Properties Weren't So Hard, They'd be Easy, Oct 2009

