# **Accellera Standard OVL V1**

# Library Reference Manual

Version 1.6

March 17, 2006



#### STATEMENT OF USE OF ACCELLERA STANDARDS

Accellera Standards documents are developed within Accellera and the Technical Committees of Accellera Organization, Inc. Accellera develops its standards through a consensus development process, approved by its members and board of directors, which brings together volunteers representing varied viewpoints and interests to achieve the final product. Volunteers are not necessarily members of Accellera and serve without compensation. While Accellera administers the process and establishes rules to promote fairness in the consensus development process, Accellera does not independently evaluate, test, or verify the accuracy of any of the information contained in its standards.

Use of an Accellera Standard is wholly voluntary. Accellera disclaims liability for any personal injury, property or other damage, of any nature whatsoever, whether special, indirect, consequential, or compensatory, directly or indirectly resulting from the publication, use of, or reliance upon this, or any other Accellera Standard document. By using an Accellera standard, you agree to defend, indemnify and hold harmless Accellera and their directors, officers, employees and agents from and against all claims and expenses, including attorneys' fees, arising out of your use of an Accellera Standard.

Accellera does not warrant or represent the accuracy or content of the material contained herein, and expressly disclaims any express or implied warranty, including any implied warranty of merchantability or suitability for a specific purpose, or that the use of the material contained herein is free from patent infringement. Accellera Standards documents are supplied ?AS IS.?

The existence of an Accellera Standard does not imply that there are no other ways to produce, test, measure, purchase, market, or provide other goods and services related to the scope of an Accellera Standard. Furthermore, the viewpoint expressed at the time a standard is approved and issued is subject to change due to developments in the state of the art and comments received from users of the standard. Every Accellera Standard is subjected to review periodically for revision and update. Users are cautioned to check to determine that they have the latest edition of any Accellera Standard.

In publishing and making this document available, Accellera is not suggesting or rendering professional or other services for, or on behalf of, any person or entity. Nor is Accellera undertaking to perform any duty owed by any other person or entity to another. Any person utilizing this, and any other Accellera Standards document, should rely upon the advice of a competent professional in determining the exercise of reasonable care in any given circumstances.

Accellera may change the terms and conditions of this Statement of Use from time to time as we see fit and in our sole discretion. Such changes will be effective immediately upon posting, and you agree to the posted changes by continuing your access to or use of an Accellera Standard or any of its content in whatever form.

Interpretations: Occasionally questions may arise regarding the meaning of portions of standards as they relate to specific applications. When the need for interpretations is brought to the attention of Accellera, Accellera will initiate action to prepare appropriate responses. Since Accellera Standards represent a consensus of concerned interests, it is important to ensure that any interpretation has also received the concurrence of a balance of interests. For this reason, Accellera and the members of its Technical Committees are not able to provide an instant response to interpretation requests except in those cases where the matter has previously received formal consideration.

Comments for revision of Accellera Standards are welcome from any interested party, regardless of membership affiliation with Accellera. Suggestions for changes in documents should be in the form of a proposed change of text, together with appropriate supporting comments. Comments on standards and requests for interpretations should be addressed to:

Accellera Organization, 1370 Trancas Street #163, Napa, CA 94558 USA E-mail: interpret-request@lists.accellera.org

Note: Attention is called to the possibility that implementation of this standard may require use of subject matter covered by patent rights. By publication of this standard, no position is taken with respect to the existence or validity of any patent rights in connection therewith. Accellera shall not be responsible for identifying patents for which a license may be required by an Accellera standard or for conducting inquiries into the legal validity or scope of those patents that are brought to its attention.

Accellera is the sole entity that may authorize the use of Accellera-owned certification marks and/or trademarks to indicate compliance with the materials set forth herein.

Authorization to photocopy, redistribute, publish, create derivative works from, sub-license or charge others to access or use, participate in the transfer or sale of, or directly or indirectly commercially exploit in whole or part of any Accellera standard for internal or personal use must be granted by Accellera Organization, Inc., provided that permission is obtained from and any required fee is paid to Accellera. To arrange for authorization please contact Lynn Horobin, Accellera, 1370 Trancas Street #163, Napa, CA 94558, phone (707) 251-9977, e-mail lynnh@accellera.org. Permission to photocopy portions of any individual standard for educational classroom use can also be obtained from Accellera.



#### Overview of this standard

This section describes the purpose and organization of this standard, the Accellera Standard V1 Open Verification Library (Std. OVL) libraries implemented in IEEE Std. 1364-1995 Verilog and SystemVerilog 3.1a, Accellera's extensions to IEEE Std. 1364-2001 Verilog Hardware Description Language and Library Reference Manual (LRM)

#### Intent and scope of this document

The intent of this standard is to define Std. OVL accurately. Its primary audience is designers, integrators and verification engineers to check for good/bad behavior, and provides a single and vendor-independent interface for design validation using simulation, semi-formal and formal verification techniques. By using a single well-defined interface, the OVL bridges the gap between the different types of verification, making more advanced verification tools and techniques available for non-expert users.

From time to time, it may become necessary to correct and/or clarify portions of this standard. Such corrections and clarifications may be published in separate documents. Such documents modify this standard at the time of their publication and remain in effect until superseded by subsequent documents or until the standard is officially revised.

#### **ACKNOWLEDGEMENTS**

These Accellera Standard OVL Libraries and Library Reference Manual (LRM) were specified and developed by experts from many different fields, including design and verification engineers, Electronic Design Automation companies and members of the OVL VSVA technical committee.

The following contributors were involved in the creation of previous versions of the OVL: Shalom Bresticker, Bryan Bullis, Ben Cohen, Harry Foster, Himanshu Goel, Vijay Gupta, Brent Hayhoe, Richard Ho, Narayanan Krishnamurthy, David Lacey, Jim Lewis, Andrew MacCormack, Erich Marschner, Paul Menchini, Torkil Oelgaard, Joseph Richards, Vinaya Singh, Sean Smith, Andy Tsay and others.

The OVL VSVA technical committee and chair reports to Accellera TCC Chairman:

TCC Chairman Johny Srouji / IBM

The following individuals contributed to the creation, editing and review of the Accellera Standard OVL V1 Libraries and LRM

Eduard Cerny/Synopsys

Harry Foster/Jasper Design Automation

Dmitry Korchemny/Intel

Kenneth Elmkjær Larsen/Mentor Graphics (OVL-VSVA Chair)

David Lacey/Hewlett Packard

Uma Polisetti/Agilent

Ramesh Sathianathan/Mentor Graphics

Chris Shaw/Mentor Graphics

Sundaram Subramanian/Mentor Graphics

Manoj Kumar Thottasseri/Synopsys

Mike Turpin/ARM

Minor version 1.1 released June 2005 Minor version 1.1a released August 2005 Minor version 1.1b released August 2005 Minor version 1.1c released September 2005 Minor version 1.5 released December 2005 Minor version 1.6 released February 2006



# **CONTENTS**

| INTRODUCTION                                                                           | 6  |
|----------------------------------------------------------------------------------------|----|
| About this Manual  Notational Conventions  Verilog Assertion Syntax Format  References |    |
| OVL BASICS                                                                             | 9  |
| OVL Assertion Checker Implementation                                                   |    |
| OVL Assertion Checker Characteristics                                                  |    |
| Checker Class                                                                          |    |
| Clock and Reset                                                                        |    |
| Checker Parameters                                                                     |    |
| Assertion Checks                                                                       |    |
| Cover Points                                                                           |    |
| OVL Use Model                                                                          |    |
| Setting the Implementation Language                                                    |    |
| Enabling Assertion and Coverage Logic                                                  |    |
| Reporting Assertion Information                                                        |    |
| Generating Synthesizable Logic                                                         |    |
| Checking of X and Z Values                                                             |    |
| Backward CompatibilityOVL Verilog/SVA Library                                          |    |
| Library Characteristics                                                                |    |
| Library Layout                                                                         |    |
| Examples                                                                               |    |
| OVL Assertion Data Sheets                                                              | 25 |
|                                                                                        |    |
| assert_always                                                                          |    |
| assert_always_on_edge                                                                  |    |
| assert_change                                                                          |    |
| assert_cycle_sequence                                                                  |    |
|                                                                                        |    |
| assert_delta                                                                           |    |
| assert_even_parity                                                                     |    |
| assert_fifo_index                                                                      |    |
| accort framo                                                                           |    |
| assen_name                                                                             |    |
| assert_handshake                                                                       |    |
| <del>-</del>                                                                           |    |
| assert_handshake                                                                       |    |

|     | assert_never_unknown             |  |
|-----|----------------------------------|--|
|     | assert_never_unknown_async 64    |  |
|     | assert_next                      |  |
|     | assert_no_overflow               |  |
|     | assert_no_transition             |  |
|     | assert_no_underflow              |  |
|     | assert_odd_parity                |  |
|     | assert_one_cold                  |  |
|     | assert_one_hot                   |  |
|     | assert_proposition               |  |
|     | assert_quiescent_state           |  |
|     | assert_range                     |  |
|     | assert_time                      |  |
|     | assert_transition                |  |
|     | assert_unchange                  |  |
|     | assert_width                     |  |
|     | assert_win_change                |  |
|     | assert_win_unchange              |  |
|     |                                  |  |
|     | assert_window                    |  |
|     | assert_zero_one_not              |  |
| OVL | DEFINES 108                      |  |
|     | Clobal Defines                   |  |
|     | Global Defines                   |  |
|     | Defines Common to All Assertions |  |
|     |                                  |  |
|     | Defines for Specific Assertions  |  |

# Introduction

Welcome to the Accellera standard Open Verification Library V1 (OVL). The OVL V1 is composed of a set of assertion checkers that verify specific properties of a design. These assertion checkers are instantiated in the design establishing a single interface for design validation.

The OVL provides designers, integrators and verification engineers with a single, vendor-independent interface for design validation using simulation, hardware acceleration or emulation, formal verification and semi-/hybrid-/dynamic-formal verification tools. By using a single, well defined, interface, the OVL bridges the gap between different types of verification, making more advanced verification tools and techniques available for non-expert users.

This document provides the reader with a set of data sheets that describe the functionality of each assertion checker in the OVL V1, as well as examples that show how to embed these assertion checkers into a design.

# **About this Manual**

It is assumed the reader is familiar with hardware description languages and conventional simulation environments.

This document targets designers, integrators and verification engineers who intend to use the OVL in their verification flow and to tool developers interested in integrating the OVL in their products.

This document has the following chapters:
 □ OVL Basics
 Fundamental information about the OVL library, including usage and examples.
 □ OVL Assertion Data Sheets
 □ Data sheet for each type of OVL assertion checker.
 □ OVL Defines
 Information about the define values used in general and for configuring the checkers.

## **Notational Conventions**

The following textual conventions are used in this manual:

emphasis Italics in plain text are used for two purposes: (1) titles of manual chapters and appendixes, and (2) terminology used inside defining sentences.
 variable Italics in sans-serif text indicate a meta-variable. You must replace the

meta-variable with a literal value when you use the associated statement.

literal Regular sans-serif text indicates literal words used in syntax statements or in

output.

Syntax statements appear in sans-serif typeface as shown here. In syntax statements, words in italics are meta-variables. You must replace them with relevant literal values. Words in regular (non-italic) sans-serif type are literals. Type them as they appear. Except for the following meta-characters, regular characters in syntax statements are literals. The following meta-characters have the given syntactical meanings. **You do not type these characters.** 

[ ] Square brackets indicate an optional entry.

# **Verilog Assertion Syntax Format**

All Verilog assertion checkers defined by the Open Verification Library initiative observe the following BNF format, defined in compliance with Verilog Module instantiation of the IEEE Standard 1364-1995 *Verilog Hardware Description Language*.

Introduction References

# References

The following is a list of resources related to design verification and assertion checkers.

Bening, L. and Foster, H., <u>Principles of Verifiable RTL Design</u>, a <u>Functional Coding Style Supporting Verification Processes in Verilog</u>, 2nd Ed., Kluwer Academic Publishers, 2001.

Bergeron, J., *Writing Testbenches: Functional Verification of HDL Models*, Kluwer Academic Publishers, 2000.

CheckerWare Data Book, Release 2.3, 0-In Functional Verification Group, Mentor Graphics, 2005.

<u>Assertions in Simulation User Guide</u>, Release 2.3, 0-In Functional Verification Group, Mentor Graphics, 2005.

*Formal Verification User Guide*, Release 2.3, 0-In Functional Verification Group, Mentor Graphics, 2005.

# **OVL BASICS**

The OVL is composed of a set of assertion checkers that verify specific properties of a design. These assertion checkers are instantiated in the design establishing a single interface for design validation.

OVL assertion checkers are instances of modules whose purpose in the design is to guarantee that some conditions hold true. Assertion checkers are composed of one or more properties, a message, a severity and coverage.

| шо  | te properties, a message, a severity and coverage.                                                                                                                                                          |
|-----|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|     | Properties are design attributes that are being verified by an assertion. A property can be classified as a combinational or temporal property.                                                             |
|     | A combinational property defines relations between signals during the same clock cycle while a temporal property describes the relation between the signals over several (possibly infinitely many) cycles. |
|     | Message is the string that is displayed in the case of an assertion failure.                                                                                                                                |
|     | Severity represents whether the error captured by the assertion library is a major or minor problem.                                                                                                        |
|     | Coverage consists of one or more flags that indicate whether or not specific corner-case events occur.                                                                                                      |
| Ass | sertion checkers benefit users by:                                                                                                                                                                          |
|     | Testing internal points of the design, thus increasing observability of the design.                                                                                                                         |
|     | Simplifying the diagnosis and detection of bugs by constraining the occurrence of a bug to the assertion checker being checked.                                                                             |
|     | Allowing designers to use the same assertions for both simulation and formal verification.                                                                                                                  |

# **OVL Assertion Checker Implementation**

Assertion checkers address design verification concerns and can be used as follows to increase design confidence:

- ☐ Combine assertion checkers to increase the coverage of the design (for example, in interface circuits and corner cases).
- ☐ Include assertion checkers when a module has an external interface. In this case, assumptions on the correct input and output behavior should be guarded and verified.
- ☐ Include assertion checkers when interfacing with third party modules, since the designer may not be familiar with the module description (as in the case of IP cores), or may not completely understand the module. In these cases, guarding the module with assertion checkers may prevent incorrect use of the module.

Usually there is a specific assertion checker suited to cover a potential problem. In other cases, even though a specific assertion checker might not exist, a combination of two or three assertion checkers can provide the desired coverage. The number of actual assertions that must be added to a specific design may vary from a few to thousands, depending on the complexity of the design and the complexity of the properties that must be checked.

Writing assertion checkers for a given design requires careful analysis and planning for maximum efficiency. While writing too few assertions might not increase the coverage on a design, writing too many assertions may increase verification time, sometimes without increasing the coverage. In most cases, however, the runtime penalty incurred by adding assertion checkers is relatively small.

# **OVL Assertion Checker Characteristics**

#### Checker Class

| OVI.                               | assertion | checkers a | are partitioned | into the     | following | checker clas | ses. |
|------------------------------------|-----------|------------|-----------------|--------------|-----------|--------------|------|
| $\mathbf{O} \mathbf{V} \mathbf{L}$ | assertion | CHECKEIS   | are narminioneu | i iiiio iiic | TOHOWIHE  | CHECKEI CIAS | ,    |

- ☐ Combinational assertions behavior checked with combinational logic.
- ☐ Single-cycle assertions behavior checked in the current cycle.
- □ 2-cycle assertions behavior checked for transitions from the current cycle to the next.
- □ n-cycle assertions behavior checked for transitions over a fixed number of cycles.
- ☐ Event-bounded assertions behavior is checked between two events.

#### Clock and Reset

All edge-triggered assertion checkers have a clock port named clk. All sampling and assertion checking of these checkers is performed on the rising-edge of clk. All checkers have an active-low reset port named reset\_n. Reset on all edge-triggered assertion checkers is active-low, and is synchronous to clk. The reset assignments of all assertion checkers can be overridden and controlled by the following global variable:

'OVL\_GLOBAL\_RESET= reset\_signal

Overrides the *reset\_n* port assignments of all assertion checkers with the specified global reset signal. Default: each checker's reset

is specified by the *reset\_n* port.

## **Checker Parameters**

Each OVL assertion checker has its own set of parameters as described in its corresponding data sheet. The following parameters are common to all checkers.

#### severity\_level

The severity level determines how to handle an assertion violation. Possible values are:

'OVL\_FATAL Runtime fatal error.

'OVL\_ERROR (default) Runtime error.

'OVL\_WARNING Runtime warning.

'OVL\_INFO No improper design functionality.

If *severity\_level* is not one of these values, the checker issues the following message:

Illegal option used in parameter 'severity\_level'

### property\_type

The property type determines whether to use the assertion as an assert property or an assume property (for example, a property that a formal tool uses to determine legal stimulii). Possible values are:

'OVL\_ASSERT (default) Assert property.
'OVL\_ASSUME Assume property.

If *property\_type* is not one of these values, an assertion violation occurs and the checker issues the following message:

Illegal option used in parameter 'property\_type'

#### msg

The default message issued when an assertion fails is "VIOLATION". The *msg* parameter changes the message for the checker.

#### coverage level

The coverage level is whether or not to enable coverage monitoring for the checker. Possible values are:

'OVL\_COVER\_NONE Disable coverage monitoring.

'OVL\_COVER\_ALL (default) Enable coverage monitoring.

If *coverage\_level* is not one of these values, an assertion violation occurs and the checker issues the following message:

Illegal option used in parameter 'coverage\_level'

For future enhancement, the following coverage levels are reserved:

'OVL\_COVER\_SANITY 1
'OVL\_COVER\_BASIC 2
'OVL\_COVER\_CORNER 4
'OVL\_COVER\_STATISTIC 8

#### **Assertion Checks**

Each assertion checker verifies that its parameter values are legal. If an illegal option is specified, the assertion fails. The assertion checker also checks at least one assertion. Violation of any of these assertions is an assertion failure. The data sheet for the assertion shows the various failure types for the assertion checker (except for incorrect option values for severity\_level, property\_type and coverage\_level).

For example, the assert\_frame checker data sheet shows the following types of assertion failures:

ASSERT\_FRAME The value of test\_expr was TRUE before min\_cks cycles after start\_event

was sampled TRUE or its value was not TRUE before max\_cks cycles

transpired after the rising edge of start\_event.

illegal start event The action\_on\_new\_start parameter is set to

'OVL\_ERROR\_ON\_NEW\_START and start\_event expression evaluated to

TRUE while the checker was monitoring test\_expr.

min\_cks > max\_cks The min\_cks parameter is greater than the max\_cks parameter (and

max\_cks >0). Unless the violation is fatal, either the minimum or maximum

check will fail.

#### **Cover Points**

Each assertion checker data sheet shows the coverage behaviors monitored by the checker (and their corresponding messages) when coverage is enabled ('OVL\_COVER\_ON) and *coverage\_level* for the checker is 'OVL\_COVER\_ALL. For example the data sheet for the assert\_window shows the following cover points:

cover\_window\_open

covered

An event window opened (start\_event was TRUE).

cover\_window\_close

covered

An event window closed (end\_event was TRUE in an open event window).

OVL Basics OVL Use Model

# **OVL Use Model**

An Accellera Standard OVL library user specifies preferred control settings with standard global variables defined in the following:

☐ A Verilog file loaded in before the libraries.

Specifies settings using the standard +define options in Verilog verification engines (via a setup file or at the command line).

# **Setting the Implementation Language**

The Accellera Standard OVL is implemented in the following HDL languages: Verilog 95, SVA 3.1a and PSL 1.1. The following global variables select the implementation language:

'OVL\_VERILOG (default) Creates assertion checkers defined in Verilog.

'OVL\_SVA Creates assertion checkers defined in System Verilog.

'OVL\_PSL Creates assertion checkers defined in PSL (Verilog flavor).

In the case a user of the library does not specify a language, by default the library is automatically set to 'OVL\_VERILOG.

**Note:** Only one library can be selected. If the user specifies both 'OVL\_VERILOG and 'OVL\_SVA (or 'OVL\_PSL), the 'OVL\_VERILOG is undefined in the header file. Editing the header file to disable this behavior will result in compile errors.

#### Instantiation in an SVA Interface Construct

If an OVL checker is instantiated in a System Verilog interface construct, the user should define the following global variable:

'OVL\_SVA\_INTERFACE Ensures OVL assertion checkers can be instantiated in a System

Verilog interface construct. Default: not defined.

### **Limitations for PSL**

The PSL implementation does not support modifying the *severity\_level* and *msg* parameters. These parameters are ignored and the default values are used:

severity\_level 'OVL\_ERROR msq "VIOLATION"

# **Enabling Assertion and Coverage Logic**

The Accellera Standard OVL consists of two types of logic: assertion logic and coverage logic. These capabilities are controlled via the following standard global variables:

'OVL\_ASSERT\_ON Activates assertion logic. Default: not defined. 'OVL\_COVER\_ON Activates coverage logic. Default: not defined.

If neither of these variables is defined, the assertion checkers are not activated. The instantiations of these checkers will have no influence on the verification performed.

OVL Basics OVL Use Model

## **Asserting, Assuming and Ignoring Properties**

The OVL checkers' assertion logic—if activated (by the 'OVL\_ASSERT\_ON global variable)—identifies a design's legal properties. Each particular checker instance can verify one or more assertion checks (depending on the checker type and the checker's configuration).

Whether all of a checker's properties are asserts (i.e., checks) or assumes (i.e., constraints) is controlled by the checker's *property\_type* parameter:

'OVL\_ASSERT (default) All the assertion checker's checks are asserts.

'OVL\_ASSUME All the assertion checker's checks are assumes.

'OVL\_IGNORE All the assertion checker's checks are ignored.

A single assertion checker cannot have some checks asserts and other checks assumes. However, you often can implement this behavior by specifying two checkers.

## **Monitoring Coverage**

The 'OVL\_COVER\_ON define activates coverage logic in the checkers. This is a global switch that turns coverage monitoring on. In addition, each individual checker definition has a *coverage\_level* parameter:

'OVL\_COVER\_ALL (default) Activates coverage logic for the checker if

'OVL\_COVER\_ON is defined.

'OVL\_COVER\_NONE De-activates coverage logic for the checker, even if

'OVL\_COVER\_ON is defined.

# **Reporting Assertion Information**

By default, (if the assertion logic is active) every assertion violation is reported and (if the coverage logic is active) every captured coverage point is reported. The user can limit this reporting and can also initiate special reporting at the start and end of simulation.

## Limiting a Checker's Reporting

Limits on the number of times assertion violations and captured coverage points are reported are controlled by the following global variables:

'OVL\_MAX\_REPORT\_ERROR Discontinues reporting a checker's assertion violations if the number

of times the checker has reported one or more violations reaches

this limit. Default: unlimited reporting.

'OVL\_MAX\_REPORT\_COVER\_

**POINT** 

Discontinues reporting a checker's cover points if the number of

times the checker has reported one or more cover points reaches

this limit.Default: unlimited reporting.

These maximum limits are for the number of times a checker instance issues a message. If a checker issues multiple violation messages in a cycle, each message is counted as a single error report. Similarly, if a checker issues multiple coverage messages in a cycle, each message is counted as a single cover report.

OVL Basics OVL Use Model

## **Reporting Initialization Messages**

The checkers' configuration information is reported at initialization time if the following global variable is defined:

'OVL\_INIT\_MSG Report

Reports configuration information for each checker when it is instantiated at the start of simulation. Default: no initialization

messages reported.

For each assertion checker instance, the following message is reported:

OVL\_NOTE: V1.6: instance\_name initialized @ hierarchy Severity: severity\_level, Message: msg

## End-of-simulation Signal to assert\_quiescent\_state Checkers

The assert\_quiescent\_state assertion checker checks that the value of a state expression equals a check value when a sample event occurs. These checkers also can perform this check at the end of simulation by setting the following global variable:

'OVL\_END\_OF\_SIMULATION=

Performs quiescent state checking at end of simulation when the

eos\_signal

eos\_signal asserts. Default: not defined.

# **Generating Synthesizable Logic**

The following global variable ensures all generated OVL logic is synthesizable:

'OVL\_SYNTHESIS\_OFF

Ensures OVL logic is synthesizable. Default: not defined.

# Checking of X and Z Values

Some assertion checkers have checks whose semantics vary when X and Z bit values are recognized. The user can switch to 0/1 semantics for these assertions by defining the following global variable:

'OVL\_XCHECK\_OFF

Turns off checking of values with X and Z bits. Turns off all

 $assert\_never\_unknown\ checkers.\ Default:\ 0/1/X/Z\ semantics\ assumed$ 

on assert\_never, assert\_never\_unknown, assert\_one\_cold, assert\_one\_hot and assert\_zero\_one\_hot checkers.

# **Backward Compatibility**

V1.6

In V1.6, aside from bug fixes, all functionality is backward compatible.

V1.5

In V1.5, PSL versions of checkers were added. Aside from bug fixes, all functionality is backward compatible.

#### V1.1

In V1.1, a typo was corrected in the port list of the assert\_implication checker type. The port name *antecendent\_expr* was changed to *antecedent\_expr*.

#### V1.0

Backward compatibility with the non-standard OVL library is important and no changes were made for the V1.0 release in the following areas: naming of module names, naming of port names and to the extent possible the existing Verilog use model.

The name of the *options* parameter was changed to *property\_type*. The only checker type that is not backward compatible in this respect is the assert\_fifo\_index checker.

#### assert\_fifo\_index

In previous OVL versions, the assert\_fifo\_index checker used the second bit of the *option* parameter to prohibit simultaneous pushes-pops in the same cycle. In V1.0, the *property\_type* parameter is compatible with the first bit of previous *options* parameter. But, the second bit (if defined) is ignored. To enable the check for simultaneous pushes-pops, use the *simultaneous\_push\_pop* parameter (at the end of the parameter list).

# **OVL Verilog/SVA Library**

# **Library Characteristics**

| The | e OVL library has the following characteristics:                                                                                            |
|-----|---------------------------------------------------------------------------------------------------------------------------------------------|
|     | All Verilog assertion checkers conform to Verilog IEEE Standard 1364-1995.                                                                  |
|     | All System Verilog assertion checkers conform to Accellera SVA 3.1a.                                                                        |
|     | Header files use file extension .h.                                                                                                         |
|     | Verilog files with assertion module/interfaces use extension .vlib and include assertion logic files in the language specified by the user. |
|     | Verilog files with assertion logic use file extension _logic.v.                                                                             |
|     | System Verilog files with assertion logic use file extension _logic.sv.                                                                     |
|     | The name of an OVL assertion checker is assert_name, where the name is a descriptive identifier.                                            |
|     | Parameter settings are passed via literals to make configuration of assertion checkers consistent and simple to use by end users.           |
|     | Parameters passed to assertion checkers are checked for legal values                                                                        |
|     | Each assertion checker includes std_ovl_defines.h defining all global variables and std_ovl_task.h defining all OVL system tasks.           |
|     | Global variables are named OVL_name.                                                                                                        |
|     | System tasks are named ovl_taskname_t.                                                                                                      |
|     | Assertion checkers are initialized explicitly so that they work in a deterministic way without reset.                                       |

Assertion checkers are backward compatible in behavior with existing OVL Verilog libraries (to the extent it is possible).

# **Library Layout**

The Accellera OVL standard library has the following structure:

\$STD\_OVL\_DIR Installation directory of Accellera OVL library.

\$STD\_OVL\_DIR/vlog95 Directory with assertion logic described in Verilog 95.

\$STD\_OVL\_DIR/sva31a Directory with assertion logic described in SVA 3.1a.

\$STD\_OVL\_DIR/psl11 Directory with assertion logic described in PSL 1.1.

\$STD\_OVL\_DIR/psl11/vunits/ Directory with PSL1.1 vunits for binding with the assertion

logic.

### For example:

```
shell prompt> Is -I $STD_OVL_DIR
std_ovl/assert_always.vlib
std_ovI/assert_always_on_edge.vlib
std_ovl/std_ovl_defines.h
std_ovI/std_ovI_task.h
. . .
std_ovl/psl11:
std_ovl/psl11/assert_always_logic.vlib
std_ovI/psl11/assert_always_on_edge_logic.vlib
std_ovI/psI11/vunits:
std_ovI/psl11/vunits/assert_always.psl
std_ovI/psl11/vunits/assert_always_on_edge.psl
std_ovI/sva31a:
std_ovl/sva31a/assert_always_logic.vlib
std_ovl/sva31a/assert_always_on_edge_logic.vlib
std_ovI/vlog95:
std_ovI/vlog95/assert_always_logic.v
std_ovI/vlog95/assert_always_on_edge_logic.v
```

# **Examples**

#### **Header File**

Figure 1: \$STD\_OVL\_DIR/std\_ovl\_defines.h

```
// Accellera Standard V1.6 Open Verification Library (OVL).
// Accellera Copyright (c) 2005-2006. All rights reserved.
'ifdef OVL_STD_DEFINES_H
// do nothing
'else
'define OVL_STD_DEFINES_H
'define OVL_VERSION "V1.6"
'ifdef OVL_ASSERT_ON
    'ifdef OVL_PSL
       'ifdef OVL_VERILOG
           'undef OVL_PSL
       'endif
       'ifdef OVL_SVA
           'ifdef OVL_PSL
               'undef OVL_PSL
           'endif
       'endif
   'else
       'ifdef OVL_VERILOG
       ʻelse
           'define OVL_VERILOG
       'endif
       'ifdef OVL_SVA
           'undef OVL_VERILOG
       'endif
    'endif
'endif
'ifdef OVL_COVER_ON
   'ifdef OVL_PSL
       'ifdef OVL_VERILOG
           'undef OVL_PSL
       'ifdef OVL_SVA
           'ifdef OVL_PSL
               `undef\ OVL\_PSL
           'endif
       'endif
   'else
       'ifdef OVL_VERILOG
       ʻelse
           'define OVL_VERILOG
       'endif
       'ifdef OVL_SVA
           'undef OVL_VERILOG
       'endif
    'endif
'endif
```

```
'ifdef OVL_ASSERT_ON
   'ifdef OVL_SHARED_CODE
       'define OVL_SHARED_CODE
   'endif
'else
   'ifdef OVL_COVER_ON
       'ifdef OVL_SHARED_CODE
           'define OVL_SHARED_CODE
       'endif
   'endif
'endif
// specifying interface for System Verilog
'ifdef OVL_SVA_INTERFACE
   'define module interface
   'define endmodule endinterface
    'define module module
   'define endmodule endmodule
'endif
// Selecting global reset or local reset for the checker reset signal
'ifdef OVL_GLOBAL_RESET
   'define OVL_RESET_SIGNAL 'OVL_GLOBAL_RESET
   'define OVL_RESET_SIGNAL reset_n
'endif
// active edges
'define OVL_NOEDGE 0
'define OVL_POSEDGE\ 1
'define OVL_NEGEDGE 2
'define OVL_ANYEDGE 3
// severity levels
'define OVL_FATAL 0
'define OVL_ERROR 1
'define OVL_WARNING 2
'define OVL_INFO
// coverage levels
'define OVL_COVER_NONE
'define OVL_COVER_SANITY
'define OVL_COVER_BASIC
'define OVL_COVER_CORNER 4
'define OVL_COVER_STATISTIC 8
'define OVL_COVER_ALL
                          {32{1'b1}}
// property type
'define OVL_ASSERT 0
'define OVL\_ASSUME~1
'define OVL_IGNORE 2
```

```
// necessary condition
'define OVL\_TRIGGER\_ON\_MOST\_PIPE
'define OVL_TRIGGER_ON_FIRST_PIPE 1
'define OVL_TRIGGER_ON_FIRST_NOPIPE 2
// action on new start
'define OVL_IGNORE_NEW_START 0
'define OVL_RESET_ON_NEW_START 1
'define OVL_ERROR_ON_NEW_START 2
// inactive levels
'define OVL_ALL_ZEROS 0
'define OVL_ALL_ONES 1
'define OVL\_ONE\_COLD 2
// Functions for logarithmic calculation
'define log(n) ((n) <= (1<<0) ? 1 :\
        (n) <= (1<<1) ? 1 :\
        (n) <= (1 << 2) ? 2 : \
        (n) <= (1 << 3) ? 3 : \
        (n) <= (1 << 4) ? 4 : \
        (n) <= (1 << 5) ? 5 : \
        (n) <= (1 << 6) ? 6 : \
        (n) <= (1 << 7) ? 7 : \
        (n) <= (1 << 8) ? 8 : \
        (n) <= (1 << 9) ? 9 : \
        (n) <= (1 << 10) ? 10 :
        (n) <= (1<<11) ? 11 :\
        (n) <= (1<<12) ? 12 :\
        (n) <= (1<<13) ? 13 :\
        (n) <= (1 << 14) ? 14 :
        (n) <= (1<<15) ? 15 :\
        (n) <= (1 << 16) ? 16 :
        (n) <= (1 << 17) ? 17 :
        (n) <= (1<<18) ? 18:\
        (n) <= (1 << 19) ? 19 :
        (n) <= (1 << 20) ? 20 :
        (n) <= (1<<21) ? 21 :\
        (n) <= (1<<22) ? 22 :\
        (n) <= (1<<23) ? 23 :\
        (n) <= (1 << 24) ? 24 : \
        (n) <= (1<<25) ? 25 :\
        (n) <= (1<<26) ? 26 :\
        (n) <= (1 << 27) ? 27 : \
        (n) <= (1<<28) ? 28 :\
        (n) <= (1<<29) ? 29 :\
        (n) <= (1 << 30) ? 30 : \
        (n) <= (1 << 31) ? 31 : 32)
'endif // OVL_STD_DEFINES_H
```

#### **Assertion Checker Interface Files**

#### Figure 2: \$STD\_OVL\_DIR/assert\_implication.vlib

```
// Accellera Standard V1.6 Open Verification Library (OVL).
// Accellera Copyright (c) 2005=2006. All rights reserved.
'include "std_ovl_defines.h"
\verb|`module assert_implication (clk, reset_n, antecedent_expr, consequent_expr)|;\\
   input clk, reset_n, antecedent_expr, consequent_expr;
   parameter severity_level = 'OVL_ERROR;
   parameter property_type = 'OVL_ASSERT;
   parameter msg="VIOLATION";
   parameter coverage_level = 'OVL_COVER_ALL;
'ifdef OVL_VERILOG
   'include "./vlog95/assert_implication_logic.v"
'endif // OVL_VERILOG
'ifdef OVL SVA
   'include "./sva31a/assert_implication_logic.sv"
'endif // OVL_SVA
'ifdef OVL_PSL
   'include "./psl11/assert_implication_psl_logic.v"
'else
    'endmodule
'endif
```

## **Assertion Checker Logic Files (Verilog 95)**

#### Figure 3: \$STD\_OVL\_DIR/vlog95/assert\_implication\_logic.v

```
// Accellera Standard V1.6 Open Verification Library (OVL).
// Accellera Copyright (c) 2005-2006. All rights reserved.
parameter assert_name = "ASSERT_IMPLICATION";
'include "std_ovl_task.h"
'ifdef OVL_INIT_MSG
   initial
       ovl_init_msg_t; // Call the User Defined Init Message Routine
'endif
'ifdef OVL_ASSERT_ON
   always @(posedge clk) begin
       if ('OVL_RESET_SIGNAL != 1'b0) begin
           if (antecedent_expr == 1'b1 && consequent_expr == 1'b0) begin
               ovl_error_t("");
           end
       end
   end
'endif // OVL_ASSERT_ON
'ifdef OVL_COVER_ON
   always @(posedge clk) begin
       if ('OVL_RESET_SIGNAL != 1'b0 && coverage_level != 'OVL_COVER_NONE)
           if (antecedent_expr == 1'b1) begin
               \verb"ovl_cover_t("cover_antecedent covered")";\\
           end
       end
   end
'endif // OVL_COVER_ON
```

## Assertion Checker Logic Files (System Verilog 3.1a)

## Figure 4: \$STD\_OVL\_DIR/sva31a/assert\_implication\_logic.sv

```
// Accellera Standard V1.6 Open Verification Library (OVL).
// Accellera Copyright (c) 2005-2006. All rights reserved.
parameter assert_name = "ASSERT_IMPLICATION";
`include "std_ovl_task.h"
`ifdef OVL_INIT_MSG
   initial
       ovl_init_msg_t; // Call the User Defined Init Message Routine
`endif
`ifdef OVL_ASSERT_ON
   property ASSERT_IMPLICATION_P;
       @(posedge clk)
          disable iff (`OVL_RESET_SIGNAL != 1'b1)
          antecedent_expr |-> consequent_expr;
   endproperty
   generate
       case (property_type)
          `OVL_ASSERT : begin : ovl_assert
              A_ASSERT_IMPLICATION_P:
                 assert property (ASSERT_IMPLICATION_P)
                     else ovl_error_t("Antecedent does not have consequent");
          `OVL_ASSUME : begin : ovl_assume
              M_ASSERT_IMPLICATION_P:
                 assume property (ASSERT_IMPLICATION_P);
          end
          `OVL_IGNORE: begin: ovl_ignore
              // do nothing;
          end
          default
                  : initial ovl_error_t("");
       endcase
   endgenerate
`endif // OVL_ASSERT_ON
`ifdef OVL_COVER_ON
   generate
       if (coverage_level != `OVL_COVER_NONE) begin
          cover_antecedent:
          ovl_cover_t("antecedent covered");
       end
   endgenerate
`endif // OVL_COVER_ON
```

## **Assertion Checker Logic Files (PSL 1.1)**

Figure 5: \$STD\_OVL\_DIR/psl1.1/assert\_implication\_logic.v

```
// Accellera Standard V1.6 Open Verification Library (OVL).
// Accellera Copyright (c) 2005-2006. All rights reserved.
//This file is included in assert_implication.vlib
`include "std_ovl_task.h"
 parameter assert_name = "ASSERT_IMPLICATION";
`ifdef OVL_INIT_MSG
 initial
  ovl_init_msg_t; // Call the User Defined Init Message Routine
`endif
`ifdef OVL_ASSERT_ON
generate
  case (property_type)
   `OVL_ASSERT: begin: assert_checks
              assert_implication_assert
              assert_implication_assert (
                .clk(clk),
                .reset_n(`OVL_RESET_SIGNAL),
                .antecedent_expr(antecedent_expr),
                .consequent_expr(consequent_expr));
             end
   `OVL_ASSUME: begin: assume_checks
              assert_implication_assume
              assert\_implication\_assume~(
                .clk(clk),
                .reset_n(`OVL_RESET_SIGNAL),
                .antecedent_expr(antecedent_expr),
                .consequent_expr(consequent_expr));
             end
   `OVL_IGNORE: begin: ovl_ignore
              //do nothing
             end
   default: initial ovl_error_t("");
  endcase
endgenerate
`endif
`ifdef OVL_COVER_ON
generate
 if (coverage_level != `OVL_COVER_NONE)
  begin: cover_checks
       assert\_implication\_cover
       assert_implication_cover (
                .clk(clk),
                .reset_n(`OVL_RESET_SIGNAL),
                .antecedent_expr(antecedent_expr));
  end
endgenerate
`endif
`endmodule //Required to pair up with already used "`module" in file assert_implication.vlib
```

```
//Module to be replicated for assert checks
//This module is bound to a PSL vunits with assert checks
module assert_implication_assert (clk, reset_n, antecedent_expr, consequent_expr);
    input clk, reset_n, antecedent_expr, consequent_expr;
endmodule

//Module to be replicated for assume checks
//This module is bound to a PSL vunits with assume checks
module assert_implication_assume (clk, reset_n, antecedent_expr, consequent_expr);
    input clk, reset_n, antecedent_expr, consequent_expr;
endmodule

//Module to be replicated for cover properties
//This module is bound to a PSL vunit with cover properties
module assert_implication_cover (clk, reset_n, antecedent_expr);
    input clk, reset_n, antecedent_expr;
endmodule
```

## **Assertion Checker vunit Files (PSL 1.1)**

#### Figure 6: \$STD OVL DIR/psl1.1/vunits/assert implication.psl

```
// Accellera Standard V1.6 Open Verification Library (OVL).
// Accellera Copyright (c) 2005-2006. All rights reserved.
vunit assert_implication_assert_vunit (assert_implication_assert)
 default clock = (posedge clk);
 property ASSERT_IMPLICATION_P = always (
       reset_n && antecedent_expr -> consequent_expr);
 A ASSERT IMPLICATION P:
 assert ASSERT_IMPLICATION_P
 report "VIOLATION: ASSERT_IMPLICATION Checker Fires:
           Antecedent does not have consequent";
}
vunit assert_implication_assume_vunit (assert_implication_assume)
 default clock = (posedge clk);
 property ASSERT_IMPLICATION_P = always (
   reset_n && antecedent_expr -> consequent_expr);
 M_ASSERT_IMPLICATION_P:
 assume ASSERT_IMPLICATION_P;
vunit assert_implication_cover_vunit (assert_implication_cover)
 default clock = (posedge clk);
 cover_antecedent:
 cover {reset_n && antecedent_expr};
```

# **OVL ASSERTION DATA SHEETS**

| che | ch OVL assertion checker type has a data sheet that provides the specification for eckers of that type. This chapter lists the checker data sheets in alphabetical order by ecker type. Data sheets contain the following information: |
|-----|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|     | Syntax                                                                                                                                                                                                                                 |
|     | Syntax statement for specifying a checker of the type, with:                                                                                                                                                                           |
|     | <ul> <li>Parameters — parameters that configure the checker.</li> </ul>                                                                                                                                                                |
|     | <ul> <li>Ports — checker ports.</li> </ul>                                                                                                                                                                                             |
|     | Description                                                                                                                                                                                                                            |
|     | Description of the functionality and usage of checkers of the type, with:                                                                                                                                                              |
|     | • Assertion Checks — violation types (or messages) with descriptions of failures.                                                                                                                                                      |
|     | <ul> <li>Cover Points — cover messages with descriptions.</li> </ul>                                                                                                                                                                   |
|     | <ul> <li>Errors* — possible errors that are not assertion failures.</li> </ul>                                                                                                                                                         |
|     | Notes*                                                                                                                                                                                                                                 |
|     | Notes describing any special features or requirements.                                                                                                                                                                                 |
|     | See also                                                                                                                                                                                                                               |
|     | List of other similar checker types.                                                                                                                                                                                                   |
|     | Examples                                                                                                                                                                                                                               |
|     | Examples of directives and checker applications.                                                                                                                                                                                       |
| * n | ot applicable to all checker types.                                                                                                                                                                                                    |
|     |                                                                                                                                                                                                                                        |

# assert\_always

Ensures that the value of a specified expression is TRUE.



## Parameters: severity\_level property\_type msg coverage\_level

#### Class:

single-cycle assertion

## **Syntax**

assert\_always

[#(severity\_level, property\_type, msg, coverage\_level)] instance\_name (clk, reset\_n, test\_expr);

#### **Parameters**

severity\_levelSeverity of the failure. Default: 'OVL\_ERROR.property\_typeProperty type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_nActive low synchronous reset signal indicating completed initialization.test\_exprExpression that should evaluate to TRUE on the rising clock edge.

## **Description**

The assert\_always assertion checker checks the single-bit expression *test\_expr* at each rising edge of *clk* to verify the expression evaluates to TRUE.

Assertion Check

ASSERT\_ALWAYS Expression did not evaluate to TRUE.

**Cover Points** 

none

#### See also

 $assert\_always\_on\_edge,\ assert\_implication,\ assert\_never,\ assert\_proposition$ 

# **Example**

```
assert_always #(
    'OVL_ERROR,
                                                         // severity_level
    'OVL_ASSERT,
                                                         // property_type
    "Error: reg_a < reg_b is not TRUE",
                                                         // msg
    'OVL_COVER_ALL)
                                                         // coverage_level
    reg_a_lt_reg_b (
                                                         // clock
         clk,
         reset_n,
                                                         // reset
         reg_a < reg_b );
                                                         // test_expr
Ensures that (reg_a < reg_b) is TRUE at each rising edge of clk.
       reset_n
  reg_a < reg_b
                  ASSERT_ALWAYS Error: reg_a < reg_b is not TRUE
```

# assert\_always\_on\_edge

Ensures that the value of a specified expression is TRUE when a sampling event undergoes a specified transition.



# **Syntax**

assert\_always\_on\_edge
[#(severity\_level, edge\_type, property\_type, msg, coverage\_level)]
instance\_name (clk, reset\_n, sampling\_event, test\_expr);

#### **Parameters**

severity\_level Severity of the failure. Default: 'OVL\_ERROR.

edge\_type Transition type for sampling event: 'OVL\_NOEDGE, 'OVL\_POSEDGE,

'OVL\_NEGEDGE or 'OVL\_ANYEDGE. Default: 'OVL\_NOEDGE.

property\_type Property type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

Ports

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_nActive low synchronous reset signal indicating completed initialization.sampling\_eventExpression that (along with edge\_type) identifies when to evaluate and test

test\_expr.

test\_expr Expression that should evaluate to TRUE on the rising clock edge.

## Description

The assert\_always\_on\_edge assertion checker checks the single-bit expression *sampling\_event* for a particular type of transition. If the specified transition of the sampling event occurs, the single-bit expression *test\_expr* is evaluated at the rising edge of *clk* to verify the expression does not evaluate to FALSE.

The edge\_type parameter determines which type of transition of sampling\_event initiates the check:

- □ 'OVL\_POSEDGE performs the check if *sampling\_event* transitions from FALSE to TRUE.
- □ 'OVL\_NEGEDGE performs the check if *sampling\_event* transitions from TRUE to FALSE.
- □ 'OVL\_ANYEDGE performs the check if *sampling\_event* transitions from TRUE to FALSE or from FALSE to TRUE.
- OVL\_NOEDGE always initiates the check. This is the default value of *edge\_type*. In this case, *sampling\_event* is never sampled and the checker has the same functionality as assert\_always.

The checker is a variant of assert\_always, with the added capability of qualifying the assertion with a sampling event transition. This checker is useful when events are identified by their transition in addition to their logical state.

#### Assertion Check

ASSERT\_ALWAYS\_ON\_EDGE Expression evaluated to FALSE when the sampling event transitioned as specified by *edge\_type*.

**Cover Points** 

none

#### See also

assert\_always, assert\_implication, assert\_never, assert\_proposition

## **Examples**

```
assert_always_on_edge #(
    'OVL_ERROR,
                                                          // severity_level
    'OVL_POSEDGE,
                                                          // edge_type
                                                          // property_type
    'OVL_ASSERT,
     "Error: new req when FSM not ready",
                                                          // msg
     'OVL COVER ALL)
                                                          // coverage_level
     request_when_FSM_idle (
         clk,
                                                          // clock
                                                          // reset
         reset_n,
                                                          // sampling_event
         req,
         state == 'IDLE);
                                                          // test_expr
```

Ensures that (state == 'IDLE) is TRUE at each rising edge of clk when req transitions from FALSE to TRUE.



ASSERT\_ALWAYS\_ON\_EDGE Error: new req when FSM not ready

```
assert_always_on_edge #(
    'OVL_ERROR,
                                                           // severity_level
    'OVL_ANYEDGE,
                                                           // edge_type
    'OVL_ASSERT,
                                                           // property_type
    "Error: req transition when FSM not idle",
                                                           // msg
     'OVL_COVER_ALL)
                                                          // coverage_level
    req_transition_when_FSM_idle (
                                                          // clock
         clk,
          reset_n,
                                                           // reset
                                                           // sampling_event
         req,
         state == 'IDLE);
                                                           // test_expr
```

Ensures that (state == 'IDLE) is TRUE at each rising edge of clk when req transitions from TRUE to FALSE or from FALSE to TRUE.

ASSERT\_ALWAYS\_ON\_EDGE Error: req transition when FSM not idle

```
assert_always_on_edge #(
    'OVL_ERROR,
                                                           // severity_level
    'OVL_NOEDGE,
                                                           // edge_type
                                                           // property_type
    'OVL_ASSERT,
    "Error: req when FSM not idle",
                                                           // msg
                                                           // coverage_level
    'OVL_COVER_ALL)
    req_when_FSM_idle (
                                                           // clock
         clk,
          reset_n,
                                                           // reset
          1'b0,
                                                           // sampling_event
         !req || (state == 'IDLE) );
                                                           // test_expr
```

Ensures that (!req || (state == 'IDLE)) is TRUE at each rising edge of clk.



# assert\_change

Ensures that the value of a specified expression changes within a specified number of cycles after a start event initiates checking.



Parameters: severity\_level width num\_cks

action\_on\_new\_start
property\_type
msg
coverage\_level

#### Class:

*n*-cycle assertion

## **Syntax**

```
assert_change
```

```
[#(severity_level, width, num_cks, action_on_new_start, property_type, msg, coverage_level)]
instance_name (clk, reset_n, start_event, test_expr);
```

#### **Parameters**

severity\_levelSeverity of the failure. Default: 'OVL\_ERROR.widthWidth of the test\_expr argument. Default: 1.

property\_type Property type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_nActive low synchronous reset signal indicating completed initialization.start\_eventExpression that (along with action\_on\_new\_start) identifies when to start

checking test\_expr.

test\_expr [ width - 1 : 0 ] Expression that should change value within num\_cks cycles from the start

event unless the check is interrupted by a valid new start event.

#### **Description**

The assert\_change assertion checker checks the expression *start\_event* at each rising edge of *clk* to determine if it should check for a change in the value of *test\_expr*. If *start\_event* is sampled TRUE, the checker evaluates *test\_expr* and re-evaluates *test\_expr* at each of the subsequent *num\_cks* rising edges of *clk*. If the value of *test\_expr* has not been sampled changed from its start value by the last of the *num\_cks* cycles, the assertion fails.

The method used to determine how to handle a new start event, when the checker is in the state of checking for a change in *test\_expr*, is controlled by the *action\_on\_new\_start* parameter. The checker has the following actions:

#### ☐ 'OVL\_IGNORE\_NEW\_START

The checker does not sample *start\_event* for the next *num\_cks* cycles after a start event.

#### ☐ 'OVL RESET ON NEW START

The checker samples *start\_event* every cycle. If a check is pending and the value of *start\_event* is TRUE, the checker terminates the check and initiates a new check with the current value of *test\_expr* (even on the last cycle of a check).

#### ☐ 'OVL\_ERROR\_ON\_NEW\_START

The checker samples *start\_event* every cycle. If a check is pending and the value of *start\_event* is TRUE, the assertion fails with an illegal start event violation. In this case, the checker does not initiate a new check and does not terminate a pending check.

The checker is useful for ensuring proper changes in structures after various events, such as verifying synchronization circuits respond after initial stimuli. For example, it can be used to check the protocol that an "acknowledge" occurs within a certain number of cycles after a "request". It also can be used to check that a finite-state machine changes state after an initial stimulus.

#### Assertion Check

ASSERT\_CHANGE The test\_expr expression did not change value for num\_cks cycles after

start\_event was sampled TRUE.

illegal start event The action\_on\_new\_start parameter is set to

'OVL\_ERROR\_ON\_NEW\_START and *start\_event* expression evaluated to TRUE while the checker was in the state of checking for a change in the value

of test\_expr.

#### **Cover Points**

cover\_window\_open A change check was initiated.

cover\_window\_close A change check lasted the full *num\_cks* cycles. If no assertion failure

occurred, the value of *test\_expr* changed in the last cycle.

cover\_window\_resets The action\_on\_new\_start parameter is 'OVL\_RESET\_ON\_NEW\_START,

and start\_event was sampled TRUE while the checker was monitoring

test\_expr, but it had not changed value.

#### See also

 $assert\_time,\ assert\_unchange,\ assert\_win\_change,\ assert\_win\_unchange,\ assert\_window$ 

## **Examples**

```
assert change #(
    'OVL_ERROR,
                                                           // severity_level
                                                           // width
    1,
                                                           // num_cks
    3,
    'OVL_IGNORE_NEW_START,
                                                           // action_on_new_start
     'OVL_ASSERT,
                                                           // property_type
    "Error: invalid synchronization",
                                                           // msg
    'OVL_COVER_ALL)
                                                           // coverage_level
    valid_sync_out (
         clk,
                                                           // clock
                                                           // reset
         reset_n,
         sync == 1,
                                                           // start_event
         out);
                                                           // test_expr
```

Ensures that out changes within 3 cycles after sync asserts. New starts are ignored.



```
assert_change #(
    'OVL_ERROR,
                                                           // severity_level
                                                           // width
    1,
    3,
                                                          // num cks
    'OVL_RESET_ON_NEW_START,
                                                          // action_on_new_start
     'OVL_ASSERT,
                                                          // property_type
    "Error: invalid synchronization",
                                                           // msg
     'OVL COVER ALL)
                                                           // coverage_level
    valid_sync_out (
                                                           // clock
         clk,
                                                           // reset
         reset_n,
         sync == 1,
                                                          // start_event
         out);
                                                          // test_expr
```

Ensures that out changes within 3 cycles after sync asserts. A new start terminates the pending check and initiates a new check.



```
assert_change #(
    'OVL_ERROR,
                                                          // severity_level
    1,
                                                          // width
                                                          // num_cks
    3,
    'OVL_ERROR_ON_NEW_START,
                                                          // action_on_new_start
    'OVL_ASSERT,
                                                          // property_type
    "Error: invalid synchronization",
                                                          // msg
    'OVL_COVER_ALL)
                                                          // coverage_level
    valid_sync_out (
                                                          // clock
         clk,
                                                          // reset
         reset_n,
                                                          // start_event
         sync == 1,
         out);
                                                          // test_expr
```

Ensures that out changes within 3 cycles after sync asserts. A new start reports an illegal start event violation (without initiating a new check) but any pending check is retained (even on the last check cycle).



# assert\_cycle\_sequence

Ensures that if a specified necessary condition occurs, it is followed by a specified sequence of events.



Parameters: severity\_level num\_cks

necessary\_condition property\_type msg coverage\_level Class:

*n*-cycle assertion

# **Syntax**

assert\_cycle\_sequence

[#(severity\_level, num\_cks, necessary\_condition, property\_type, msg, coverage\_level)]
instance\_name (clk, reset\_n, event\_sequence);

#### **Parameters**

severity\_level Severity of the failure. Default: 'OVL\_ERROR.

num\_cks Width of the event\_sequence argument. This parameter must not be less

than 2. Default: 2.

necessary\_condition Method for determining the necessary condition that initiates the sequence

check and whether or not to pipeline checking. Values are:

'OVL\_TRIGGER\_ON\_MOST\_PIPE, 'OVL\_TRIGGER\_ON\_FIRST\_PIPE and

'OVL\_TRIGGER\_ON\_FIRST\_NOPIPE. Default:

'OVL\_TRIGGER\_ON\_MOST\_PIPE.

property\_type Property type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_nActive low synchronous reset signal indicating completed initialization.event\_sequence [ num\_cks - 1: 0 ]Expression that is a concatenation where each bit represents an event.

## **Description**

The assert\_cycle\_sequence assertion checker checks the expression *event\_sequence* at the rising edges of *clk* to identify whether or not the bits in *event\_sequence* assert sequentially on successive rising edges of *clk*. For example, the following series of 4-bit values (where *b* is any bit value) is a valid sequence:

```
1 bbb --> b1 bb --> bb1 b --> bbb1
```

This series corresponds to the following series of events on successive rising edges of clk:

cycle 1 event\_sequence[3] == 1 cycle 2 event\_sequence[2] == 1

```
cycle 3 event_sequence[1] == 1
cycle 4 event_sequence[0] == 1
```

The checker also has the ability to pipeline its analysis. Here, one or more new sequences can be initiated and recognized while a sequence is in progress. For example, the following series of 4-bit values (where *b* is any bit value) constitutes two overlapping valid sequences:

```
1bbb --> b1bb --> 1b1b --> b1b1 --> bb1b --> bbb1
```

This series corresponds to the following sequences of events on successive rising edges of clk:

```
cycle 1 event_sequence[3] == 1

cycle 2 event_sequence[2] == 1

cycle 3 event_sequence[1] == 1 event_sequence[3] == 1

cycle 4 event_sequence[0] == 1 event_sequence[2] == 1

cycle 5 event_sequence[1] == 1

cycle 6 event_sequence[0] == 1
```

When the checker determines that a specified necessary condition has occurred, it subsequently verifies that a specified event or event sequence occurs and if not, the assertion fails.

The method used to determine what constitutes the necessary condition and the resulting trigger event or event sequence is controlled by the *necessary\_condition* parameter. The checker has the following actions:

#### ☐ 'OVL TRIGGER ON MOST PIPE

The necessary condition is that the bits:

```
event_sequence [ num_cks -1], . . . , event_sequence [1]
```

are sampled equal to 1 sequentially on successive rising edges of *clk*. When this condition occurs, the checker verifies that the value of *event\_sequence*[0] is 1 at the next rising edge of *clk*. If not, the assertion fails.

The checking is pipelined, which means that if <code>event\_sequence[num\_cks-1]</code> is sampled equal to 1 while a sequence (including <code>event\_sequence[0]</code>) is in progress and subsequently the necessary condition is satisfied, the check of <code>event\_sequence[0]</code> is performed (unless the first sequence resulted in a fatal assertion violation).

#### ☐ 'OVL TRIGGER ON FIRST PIPE

The necessary condition is that the *event\_sequence* [num\_cks-1] bit is sampled equal to 1 on a rising edge of clk. When this condition occurs, the checker verifies that the bits:

```
event_sequence [ num_cks -2], . . . , event_sequence [0]
```

are sampled equal to 1 sequentially on successive rising edges of clk. If not, the assertion fails.

The checking is pipelined, which means that if <code>event\_sequence[num\_cks-1]</code> is sampled equal to 1 while a check is in progress, an additional check is initiated.

#### ☐ 'OVL\_TRIGGER\_ON\_FIRST\_NOPIPE

The necessary condition is that the *event\_sequence* [num\_cks -1] bit is sampled equal to 1 on a rising edge of clk. When this condition occurs, the checker verifies that the bits:

```
event_sequence [ num_cks -2], . . . , event_sequence [0]
```

are sampled equal to 1 sequentially on successive rising edges of clk. If not, the assertion fails.

The checking is not pipelined, which means that if event\_sequence[num\_cks -1] is sampled equal to 1 while a check is in progress, it is ignored, even if the check is verifying the last bit of the sequence (event\_sequence [0]).

Assertion Check

ASSERT\_CYCLE\_SEQUENCE The necessary condition occurred, but it was not followed by the event or

event sequence.

illegal num\_cks parameter The num\_cks parameter is less than 2.

Cover Point

cover\_sequence\_trigger The trigger sequence occurred.

#### See also

assert\_change, assert\_unchange

#### **Examples**

```
assert_cycle_sequence #(
   'OVL_ERROR,
                                                        // severity_level
                                                        // num_cks
   'OVL_TRIGGER_ON_MOST_PIPE,
                                                        // necessary_condition
   'OVL_ASSERT,
                                                        // property_type
   "Error: invalid WR sequence",
                                                        // msg
   'OVL_COVER_ALL)
                                                        // coverage_level
   valid_write_sequence (
                                                        // clock
       clk,
        reset_n,
                                                        // reset
       { r_opcode == 'WR,
                                                        // event_sequence
       r opcode == 'WAIT,
       (r\_opcode == 'WR) \mid\mid (r\_opcode == 'DONE)));
```

Ensures that a 'WR, 'WAIT sequence in consecutive cycles is followed by a 'DONE or 'WR. The sequence checking is pipelined.



```
assert_cycle_sequence #(
   'OVL_ERROR,
                                                        // severity_level
                                                        // num_cks
   3,
   'OVL_TRIGGER_ON_FIRST_PIPE,
                                                        // necessary_condition
   'OVL_ASSERT,
                                                        // property_type
   "Error: invalid WR sequence",
                                                        // msg
   'OVL_COVER_ALL)
                                                        // coverage_level
   valid_write_sequence (
       clk,
                                                        // clock
                                                        // reset
       reset_n,
       { r_opcode == 'WR,
                                                        // event_sequence
       (r_opcode == 'WAIT) || (r_opcode == 'WR),
        (r\_opcode == 'WAIT) || (r\_opcode == 'DONE) );
```

Ensures that a 'WR is followed by a 'WAIT or another 'WR, which is then followed by a 'WAIT or a 'DONE (in consecutive cycles). The sequence checking is pipelined: a new 'WR during a sequence check initiates an additional check.



```
assert_cycle_sequence #(
   'OVL ERROR,
                                                        // severity level
   3,
                                                        // num_cks
   'OVL_TRIGGER_ON_FIRST_NOPIPE,
                                                        // necessary_condition
   'OVL_ASSERT,
                                                        // property_type
   "Error: invalid WR sequence",
                                                        // msg
   'OVL_COVER_ALL)
                                                        // coverage_level
   valid_write_sequence (
                                                        // clock
       clk,
                                                        // reset
        reset_n,
       { r_opcode == 'WR,
                                                        // event_sequence
       (r_opcode == 'WAIT) || (r_opcode == 'WR),
        (r_opcode == 'DONE)} );
```

Ensures that a 'WR is followed by a 'WAIT or another 'WR, which is then followed by a 'DONE (in consecutive cycles). The sequence checking is not pipelined: a new 'WR during a sequence check does not initiate an additional check.



# assert\_decrement

Ensures that the value of a specified expression changes only by the specified decrement value.



#### **Syntax**

assert\_decrement

[#(severity\_level, width, value, property\_type, msg, coverage\_level)]
instance\_name (clk, reset\_n, test\_expr);

#### **Parameters**

severity\_levelSeverity of the failure. Default: 'OVL\_ERROR.widthWidth of the test\_expr argument. Default: 1.valueDecrement value for test\_expr. Default: 1.property\_typeProperty type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_n Active low synchronous reset signal indicating completed initialization.

test\_expr [ width - 1: 0 ] Expression that should decrement by value whenever its value changes from

the rising edge of clk to the next rising edge of clk.

#### **Description**

The assert\_decrement assertion checker checks the expression *test\_expr* at each rising edge of *clk* to determine if its value has changed from its value at the previous rising edge of *clk*. If so, the checker verifies that the new value equals the previous value decremented by *value*. The checker allows the value of *test\_expr* to wrap, if the total change equals the decrement *value*. For example, if width is 5 and value is 4, then the following change in *test\_expr* is valid:

```
5'b00010 -> 5'b11110
```

The checker is useful for ensuring proper changes in structures such as counters and finite-state machines. For example, the checker is useful for circular queue structures with address counters that can wrap. Do not use this checker for variables or expressions that can increment. Instead consider using the assert\_delta checker.

#### Assertion Check

ASSERT\_DECREMENT Expression evaluated to a value that is not its previous value decremented by

value.

Cover Point

cover\_test\_expr\_change Expression changed value.

#### **Notes**

1. The assertion check compares the current value of *test\_expr* with its previous value. Therefore, checking does not start until the second rising clock edge of *clk* after *reset\_n* deasserts.

#### See also

```
assert_delta, assert_increment, assert_no_underflow
```

#### **Example**

```
assert_decrement #(
     'OVL_ERROR,
                                                            // severity_level
     4,
                                                            // width
                                                            // value
     'OVL_ASSERT,
                                                            // property_type
     "Error: invalid binary decrement",
                                                            // msg
     'OVL_COVER_ALL)
                                                            // coverage_level
     valid_count (
                                                            // clock
         clk,
                                                            // reset
          reset_n,
                                                            // test_expr
         count );
```

Ensures that the programmable counter's count variable only decrements by 1. If count wraps, the assertion fails, because the change is not a binary decrement.



# assert\_delta

Ensures that the value of a specified expression changes only by a value in the specified range.



# **Syntax**

assert delta

[#(severity\_level, width, min, max, property\_type, msg, coverage\_level)]
instance\_name (clk, reset\_n, test\_expr);

#### **Parameters**

severity\_levelSeverity of the failure. Default: 'OVL\_ERROR.widthWidth of the test\_expr argument. Default: 1.

minMinimum delta value allowed for test\_expr. Default: 1.maxMaximum delta value allowed for test\_expr. Default: 1.

property\_type Property type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_nActive low synchronous reset signal indicating completed initialization.test\_expr[ width - 1: 0 ]Expression that should only change by a delta value in the range min to max.

#### Description

The assert\_delta assertion checker checks the expression *test\_expr* at each rising edge of *clk* to determine if its value has changed from its value at the previous rising edge of *clk*. If so, the checker verifies that the difference between the new value and the previous value (i.e., the delta value) is in the range from *min* to *max*, inclusive. If the delta value is less than *min* or greater than *max*, the assertion fails.

The checker is useful for ensuring proper changes in control structures such as up-down counters. For these structures, assert\_delta can check for underflow and overflow. In datapath and arithmetic circuits, assert\_delta can check for "smooth" transitions of the values of various variables (for example, for a variable that controls a physical variable that cannot detect a severe change from its previous value).

#### Assertion Check

ASSERT\_DELTA Expression changed value by a delta value not in the range *min* to *max*.

Cover Point

Errors

The parameters *min* and *max* must be specified such that *min* is less than or equal to *max*. Otherwise, the assertion fails on each tested clock cycle.

#### **Notes**

- 1. The assertion check compares the current value of *test\_expr* with its previous value. Therefore, checking does not start until the second rising clock edge of *clk* after *reset\_n* deasserts.
- 2. The assertion check allows the value of *test\_expr* to wrap. The overflow or underflow amount is included in the delta value calculation.

#### See also

```
assert_decrement, assert_increment, assert_no_overflow, assert_no_underflow, assert_range
```

#### **Example**

```
assert delta #(
     'OVL_ERROR,
                                                             // severity_level
     16,
                                                             // width
     0,
                                                             // min
     8.
                                                            // max
     'OVL_ASSERT,
                                                            // property_type
     "Error: y values not smooth",
                                                            // msg
     'OVL_COVER_ALL)
                                                             // coverage_level
     valid_smooth (
         clk,
                                                             // clock
                                                             // reset
          reset_n,
                                                            // test_expr
         y );
```

Ensures that the y output only changes by a maximum of 8 units each cycle (min is 0).



# assert\_even\_parity

Ensures that the value of a specified expression has even parity.



#### Parameters: severity\_level width property\_type msg coverage\_level

#### Class:

single-cycle assertion

#### **Syntax**

assert\_even\_parity
 [#(severity\_level, width, property\_type, msg, coverage\_level)]
instance\_name (clk, reset\_n, test\_expr);

#### **Parameters**

severity\_levelSeverity of the failure. Default: 'OVL\_ERROR.widthWidth of the test\_expr argument. Default: 1.property\_typeProperty type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_n Active low synchronous reset signal indicating completed initialization.

test\_expr [ width - 1: 0 ] Expression that should evaluate to a value with even parity on the rising clock

edge.

#### **Description**

The assert\_even\_parity assertion checker checks the expression *test\_expr* at each rising edge of *clk* to verify the expression evaluates to a value that has even parity. A value has even parity if it is 0 or if the number of bits set to 1 is even.

The checker is useful for verifying control circuits, for example, it can be used to verify a finite-state machine with error detection. In a datapath circuit the checker can perform parity error checking of address and data buses.

Assertion Check

ASSERT\_EVEN\_PARITY Expression evaluated to a value whose parity is not even.

Cover Point

cover\_test\_expr\_change Expression has changed value.

#### See also

assert\_odd\_parity

# **Examples**

```
assert_even_parity #(
     'OVL_ERROR,
                                                              // severity_level
                                                              // width
     'OVL_ASSERT,
                                                              // property_type
     "Error: data has odd parity",
                                                              // msg
     'OVL_COVER_ALL)
                                                              // coverage_level
     valid_data_even_parity (
          clk,
                                                              // clock
                                                              // reset
          reset_n,
          data);
                                                              // test_expr
Ensures that data has even parity at each rising edge of clk.
                                                         ► ASSERT_EVEN_PARITY 
Error: data has odd parity
```

# assert\_fifo\_index

Ensures that a FIFO-type structure never overflows or underflows. This checker can be configured to support multiple pushes (FIFO writes) and pops (FIFO reads) during the same clock cycle.



# Parameters: Class severity\_level n-cy

depth
push\_width
pop\_width
property\_type
msg
coverage\_level

simultaneous\_push\_pop

#### Class:

n-cycle assertion

#### **Syntax**

```
assert_fifo_index
  [#(severity_level, depth, push_width, pop_width, property_type,
    msg, coverage_level, simultaneous_push_pop)]
  instance_name (clk, reset_n, push, pop);
```

#### **Parameters**

severity\_level Severity of the failure. Default: 'OVL\_ERROR.

depth Maximum number of elements in the FIFO or queue structure. This

parameter must be > 0. Default: 1.

push\_widthWidth of the push argument. Default: 1.pop\_widthWidth of the pop argument. Default: 1.property\_typeProperty type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

simultaneous\_push\_pop Whether or not to allow simultaneous push/pop operations in the same clock

cycle. When set to 0, if push and pop operations occur in the same cycle, the assertion fails. Default: 1 (simultaneous push/pop operations are allowed).

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_n Active low synchronous reset signal indicating completed initialization.

push [push\_width - 1: 0] Expression that indicates the number of push operations that will occur

during the current cycle.

pop [pop\_width - 1: 0] Expression that indicates the number of pop operations that will occur during

the current cycle.

#### **Description**

The assert\_fifo\_index assertion checker tracks the numbers of pushes (writes) and pops (reads) that occur for a FIFO or queue memory structure. This checker does permit simultaneous pushes/pops on the queue within the same clock cycle. It ensures the FIFO never overflows (i.e., too many pushes occur without enough pops) and never underflows (i.e., too many pops occur without enough pushes). This checker is more complex than the assert\_no\_overflow and

assert\_no\_underflow checkers, which check only the boundary conditions (overflow and underflow respectively).

#### Assertion Checks

OVERLOW Push operation overflowed the FIFO.
UNDERFLOW Pop operation underflowed the FIFO.

ILLEGAL PUSH AND POP Push and pop operations performed in the same clock cycle, but the

simultaneous\_push\_pop parameter is set to 0.

#### Cover Points

cover\_fifo\_push

cover\_fifo\_pop

cover\_fifo\_full

cover\_fifo\_empty

Push operation.

Pop operation.

FIFO full.

FIFO empty.

#### Errors

Depth parameter value must be > 0 Depth parameter is set to 0.

#### **Notes**

1. The checker checks the values of the *push* and *pop* expressions. By default, (i.e., simultaneous\_push\_pop is 1), "simultaneous" push/pop operations are allowed. In this case, the checker assumes the design properly handles simultaneous push/pop operations, so it only ensures that the FIFO buffer index at the *end of the cycle* has not overflowed or underflowed. The assertion cannot ensure the FIFO buffer index does not overflow between a push and pop performed in the same cycle. Similarly, the assertion cannot ensure the FIFO buffer index does not underflow between a pop and push performed in the same cycle.

#### See also

assert\_no\_overflow, assert\_no\_underflow

#### **Examples**

```
assert_fifo_index #(
     'OVL ERROR,
                                                  // severity level
     8,
                                                  // depth
     1,
                                                  // push_width
     1,
                                                  // pop_width
     'OVL_ASSERT,
                                                  // property_type
     "Error",
                                                  // msg
     'OVL_COVER_ALL,
                                                  // coverage_level
                                                  // simultaneous_push_pop
     no_over_underflow (
         clk.
                                                  // clock
          reset_n,
                                                  // reset
                                                  // push
          push,
          pop);
                                                  // pop
```

Ensures that an 8-element FIFO never overflows or underflows. Only single pushes and pops can occur in a clock cycle (*push\_width* and *pop\_width* values are 1). A push and pop operation in the same clock cycle is allowed (value of *simultaneous\_push\_pop* is 1).



```
assert_fifo_index #(
     'OVL_ERROR,
                                                 // severity_level
    8,
                                                 // depth
     1,
                                                 // push_width
                                                 // pop_width
     1,
     'OVL_ASSERT,
                                                 // property_type
     "violation",
                                                 // msg
     'OVL_COVER_ALL
                                                 // coverage_level
                                                 // simultaneous_push_pop
    no_over_underflow (
                                                 // clock
         clk,
                                                 // reset
          reset_n,
                                                 // push
         push,
         pop);
                                                 // pop
```

Ensures that an 8-element FIFO never overflows or underflows and that in no cycle do both push and pop operations occur.



# assert\_frame

Ensures that when a specified start event is TRUE, then a specified expression must not evaluate TRUE before a minimum number of clock cycles and must transition to TRUE no later than a maximum number of clock cycles.



# Parameters: Conserved the severity\_level of the severity\_level\_level\_level\_level\_level\_level\_level\_level\_level

# Class:

n-cycle assertion

#### **Syntax**

assert\_frame

[#(severity\_level, min\_cks, max\_cks, action\_on\_new\_start, property\_type, msg, coverage\_level)]
instance\_name (clk, reset\_n, start\_event, test\_expr);

msg

coverage\_level

#### **Parameters**

severity\_level Severity of the failure. Default: 'OVL\_ERROR.

min\_cks Number of cycles after the start event that test\_expr must not evaluate to

TRUE. The special case where *min\_cks* is 0 turns off minimum checking (i.e., *test\_expr* can be TRUE in the same clock cycle as the start event). Default: 0.

max\_cks Number of cycles after the start event that during which test\_expr must

transition to TRUE. The special case where *max\_cks* is 0 turns off maximum

checking (i.e., test\_expr does not need to transition to TRUE). Default: 0.

action\_on\_new\_start Method for handling a new start event that occurs while a check is pending.

 $\label{lem:values} \textit{Values are: 'OVL\_IGNORE\_NEW\_START, 'OVL\_RESET\_ON\_NEW\_START}$ 

and 'OVL\_ERROR\_ON\_NEW\_START. Default:

'OVL\_IGNORE\_NEW\_START.

property\_type Property type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

start\_event Expression that (along with action\_on\_new\_start) identifies when to initiate

checking of test\_expr.

test\_expr Expression that should not evaluate to TRUE for min\_cks -1 cycles after

start\_event initiates a check (unless min\_cks is 0) and that should evaluate to

TRUE before max\_cks cycles transpire (unless max\_cks is 0).

#### **Description**

The assert\_frame assertion checker checks for a start event at each rising edge of *clk*. A start event occurs if *start\_event* has transitioned to TRUE, either at the clock edge or in the previous cycle. A start event also occurs if *start\_event* is TRUE at the rising clock edge after a checker reset.

When a start event occurs, the checker performs the following steps:

- 1. Unless it is disabled by setting *min\_cks* to 0, a minimum check is initiated. The check evaluates *test\_expr* at each subsequent rising edge of *clk* for the next *min\_cks* cycles. However, if a sampled value of *test\_expr* is TRUE, the minimum check fails and the checker returns to the state of waiting for a start event.
- 2. Unless it is disabled by setting max\_cks to 0 (or a minimum violation has occurred), a maximum check is initiated. The check evaluates test\_expr at each subsequent rising edge of clk for the next (max\_cks min\_cks) cycles. However, if a sampled value of test\_expr is TRUE, the checker returns to the state of waiting for a start event. If its value does not transition to TRUE by the time max\_cks cycles transpire (from the start of checking), the maximum check fails at cycle max\_cks.
- 3. The checker returns to the state of waiting for a start event.

The method used to determine how to handle *start\_event* when the checker is in the state of checking *test\_expr* is controlled by the *action\_on\_new\_start* parameter. The checker has the following actions:

☐ 'OVL\_IGNORE\_NEW\_START

The checker does not sample start\_event until it returns to the state of waiting for a start event.

☐ 'OVL\_RESET\_ON\_NEW\_START

Each time the checker samples <code>test\_expr</code>, it also samples <code>start\_event</code>. If <code>start\_event</code> is TRUE, the checker first checks whether a pending minimum check is just failing. If so, the assertion failed. Then—unless the assertion failed and it was fatal—the checker terminates the current checks and initiates a new pair of checks.

☐ 'OVL ERROR ON NEW START

Each time the checker samples *test\_expr*, it also samples *start\_event*. If *start\_event* is TRUE, the assertion fails with an illegal start event error. If the error is not fatal, the checker returns to the state of waiting for a start event at the next rising clock edge.

#### Assertion Checks

ASSERT\_FRAME The value of test\_expr was TRUE before min\_cks cycles after start\_event

was sampled TRUE or its value was not TRUE before max\_cks cycles

transpired after the rising edge of start\_event.

illegal start event The action\_on\_new\_start parameter is set to

'OVL\_ERROR\_ON\_NEW\_START and start\_event expression evaluated to

TRUE while the checker was monitoring test\_expr.

min\_cks > max\_cks The min\_cks parameter is greater than the max\_cks parameter (and

max\_cks >0). Unless the violation is fatal, either the minimum or maximum

check will fail.

Cover Point

start\_event The value of start\_event was TRUE on a rising edge of clk.

#### **Notes**

1. The special case where *min\_cks* and *max\_cks* are both 0 is the default. Here, *test\_expr* must be TRUE every cycle there is a start event.

#### See also

```
assert_change, assert_next, assert_time, assert_unchange, assert_width
```

#### **Examples**

```
assert_frame #(
   'OVL_ERROR,
                                                          // severity_level
   2.
                                                          // min_cks
                                                          // max_cks
   'OVL_IGNORE_NEW_START,
                                                          // action_on_new_start
   'OVL_ASSERT,
                                                          // property_type
   "Error: invalid transaction",
                                                          // msg
   'OVL_COVER_ALL)
                                                          // coverage_level
   valid_transaction (
                                                          // clock
       clk,
        reset n.
                                                          // reset
                                                          // start_event
        req,
                                                          // test expr
        ack);
```

Ensures that after a rising edge of req, ack goes high between 2 and 4 cycles later. New start events during transactions are not considered to be new transactions and are ignored.



```
assert_frame #(
   'OVL_ERROR,
                                                          // severity_level
   2,
                                                          // min_cks
                                                          // max_cks
   'OVL_RESET_ON_NEW_START,
                                                         // action_on_new_start
   'OVL_ASSERT,
                                                          // property_type
   "Error: invalid transaction",
                                                          // msa
   'OVL_COVER_ALL)
                                                          // coverage_level
   valid_transaction (
       clk,
                                                          // clock
                                                          // reset
        reset_n,
                                                         // start_event
        req,
                                                          // test_expr
        ack);
```

Ensures that after a rising edge of req, ack goes high between 2 and 4 cycles later. A new start event during a transaction restarts the transaction.



```
assert_frame #(
   'OVL_ERROR,
                                                         // severity_level
   2,
                                                         // min_cks
   4,
                                                         // max_cks
   'OVL_ERROR_ON_NEW_START,
                                                         // action_on_new_start
   'OVL_ASSERT,
                                                         // property_type
   "Error: invalid transaction",
                                                         // msg
   'OVL_COVER_ALL)
                                                         // coverage_level
   valid_transaction (
                                                         // clock
        clk,
        reset_n,
                                                         // reset
        req,
                                                         // start_event
        ack);
                                                         // test_expr
```

Ensures that after a rising edge of req, ack goes high between 2 and 4 cycles later. Also ensures that a new transaction does not start before the previous transaction is acknowledged. If a start event occurs during a transaction, the checker does does not initiate a new check.



# assert\_handshake

Ensures that specified request and acknowledge signals follow a specified handshake protocol.



# Parameters: severity\_level min\_ack\_cycle max\_ack\_cycle req\_drop deassert\_count max\_ack\_length property\_type msg

coverage\_level

#### Class:

event-bounded assertion

#### **Syntax**

assert\_handshake

[#(severity\_level, min\_ack\_cycle, max\_ack\_cycle, req\_drop, deassert\_count, max\_ack\_length, property\_type, msg, coverage\_level)]
instance\_name (clk, reset\_n, req, ack);

#### **Parameters**

| severity_level | Severity of the failure. Default: 'OVL_ERROR.                                                                                                                                            |
|----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| min_ack_cycle  | Minimum number of clock cycles before acknowledge. A value of 0 turns off the ack min cycle check. Default: 0.                                                                           |
| max_ack_cycle  | Maximum number of clock cycles before acknowledge. A value of 0 turns off the ack max cycle check. Default: 0.                                                                           |
| req_drop       | If greater than 0, value of <i>req</i> must remain TRUE until acknowledge. A value of 0 turns off the req drop check. Default: 0.                                                        |
| deassert_count | Maximum number of clock cycles after acknowledge that <i>req</i> can remain TRUE (i.e., <i>req</i> must not be stuck active). A value of 0 turns off the req deassert check. Default: 0. |
| max_ack_length | Maximum number of clock cycles that <i>ack</i> can be TRUE. A value of 0 turns off the max ack length check. Default: 0.                                                                 |
| property_type  | Property type. Default: 'OVL_ASSERT.                                                                                                                                                     |
| msg            | Error message printed when assertion fails. Default: "VIOLATION".                                                                                                                        |
|                |                                                                                                                                                                                          |

#### Ports

| Clk     | Clock event for the assertion. The checker samples on the rising edge of the clock. |
|---------|-------------------------------------------------------------------------------------|
| reset_n | Active low synchronous reset signal indicating completed initialization.            |
| req     | Expression that starts a transaction.                                               |
| ack     | Expression that indicates the transaction is complete.                              |

Coverage level. Default: 'OVL\_COVER\_ALL.

#### **Description**

The assert\_handshake assertion checker checks the single-bit expressions *req* and *ack* at each rising edge of *clk* to verify their values conform to the request-acknowledge handshake protocol specified by the checker parameters. A request event (where *req* transitions to TRUE) initiates a

coverage\_level

transaction on the rising edge of the clock and an acknowledge event (where *ack* transitions to TRUE) signals the transaction is complete on the rising edge of the clock. The transaction must not include multiple request events and every acknowledge must have a pending request. Other checks—to ensure the acknowledge is received in a specified window, the request is held active until the acknowledge, the requests and acknowledges are not stuck active and the pulse length is not too long—are enabled and controlled by the checker's parameters.

When a violation occurs, the checker discards any pending request. Checking is restarted the next cycle that ack is sampled FALSE.

#### Assertion Checks

| multiple req violation | The value of <i>req</i> transitioned to TRUE while waiting for an acknowledge or while acknowledge was asserted. Extra requests do not initiate new transactions. |
|------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                        | T                                                                                                                                                                 |

ack without req violation

The value of *ack* transitioned to TRUE without a pending request.

ack min cycle violation

The value of ack transitioned to TRUE before min\_ack\_cycle clock cycles

transpired after the request.

ack max cycle violation The value of ack did not transition to TRUE before max\_ack\_cycle clock

cycles transpired after the request.

req drop violation The value of req transitioned from TRUE before an acknowledge.

req deassert violation The value of req did not transition from TRUE before deassert\_count clock

cycles transpired after an acknowledge.

ack max length violation The value of ack did not transition from TRUE before max\_ack\_length clock

cycles transpired after an acknowledge.

#### **Cover Points**

cover\_req\_asserted A transaction initiated.

cover\_ack\_asserted A transaction completed.

#### See also

assert\_window, assert\_win\_change, assert\_win\_unchange

#### **Examples**

```
assert handshake #(
     'OVL_ERROR,
                                                             // severity_level
                                                             // min_ack_cycle
     0,
     0,
                                                             // max_ack_cycle
     0,
                                                             // req_drop
     0,
                                                             // deassert_count
     0.
                                                             // max_ack_length
     'OVL_ASSERT,
                                                             // property_type
     "hold-holda handshake error",
                                                             // msg
     'OVL_COVER_ALL)
                                                             // coverage_level
     valid_hold_holda (
                                                             // clock
          clk,
          reset_n,
                                                             // reset
                                                             // req
          hold.
          holda);
                                                             // ack
```

Ensures that multiple hold requests are not made while waiting for a holda acknowledge and that every holda acknowledge is in response to a unique hold request.



After a violation, checking is turned off until holda acknowledge is sampled deasserted.



```
assert handshake #(
     'OVL_ERROR,
                                                             // severity_level
     2,
                                                             // min_ack_cycle
     3,
                                                             // max_ack_cycle
     0,
                                                             // req_drop
     0,
                                                             // deassert_count
                                                             // max_ack_length
     0.
     'OVL_ASSERT,
                                                             // property_type
     "hold-holda handshake error",
                                                             // msg
     'OVL_COVER_ALL)
                                                             // coverage_level
     valid_hold_holda (
                                                             // clock
         clk,
                                                             // reset
          reset_n,
         hold,
                                                             // req
         holda);
                                                             // ack
```

Ensures that multiple hold requests are not made while waiting for a holda acknowledge and that every holda acknowledge is in response to a unique hold request. Ensures holda acknowledge asserts 2 to 3 cycles after each hold request.



```
assert handshake #(
     'OVL_ERROR,
                                                             // severity_level
     0,
                                                             // min_ack_cycle
     0,
                                                             // max_ack_cycle
     0,
                                                             // req_drop
     0,
                                                             // deassert_count
                                                             // max_ack_length
     2,
     'OVL_ASSERT,
                                                             // property_type
                                                             // msg
     "hold-holda handshake error",
     'OVL_COVER_ALL)
                                                             // coverage_level
     valid_hold_holda (
                                                             // clock
         clk,
                                                             // reset
          reset_n,
          hold,
                                                             // req
                                                             // ack
         holda);
```

Ensures that multiple hold requests are not made while waiting for a holda acknowledge and that every holda acknowledge is in response to a unique hold request. Ensures holda acknowledge asserts for 2 cycles.



```
assert_handshake #(
     'OVL_ERROR,
                                                             // severity_level
     0,
                                                             // min_ack_cycle
     0,
                                                             // max_ack_cycle
     1,
                                                             // req_drop
                                                             // deassert_count
     1,
     0,
                                                             // max_ack_length
     'OVL_ASSERT,
                                                             // property_type
     "hold-holda handshake error",
                                                             // msg
     'OVL_COVER_ALL)
                                                             // coverage_level
     valid_hold_holda (
                                                             // clock
         clk,
                                                             // reset
          reset_n,
          hold,
                                                             // req
         holda);
                                                             // ack
```

Ensures that multiple hold requests are not made while waiting for a holda acknowledge and that every holda acknowledge is in response to a unique hold request. Ensures hold request remains asserted until its holda acknowledge and then deasserts in the next cycle.



# assert\_implication

Ensures that a specified consequent expression is TRUE if the specified antecedent expression is TRUE.



Parameters: severity\_level property\_type msg coverage\_level Class:

single-cycle assertion

#### **Syntax**

assert\_implication

[#(severity\_level, property\_type, msg, coverage\_level)]
instance\_name (clk, reset\_n, antecedent\_expr, consequent\_expr);

**Parameters** 

severity\_level Severity of the failure. Default: 'OVL\_ERROR.

property\_type Property type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_n Active low synchronous reset signal indicating completed initialization.

antecedent\_expr Antecedent expression that is tested at the clock event.

consequent\_expr Consequent expression that should evaluate to TRUE if antecedent\_expr

evaluates to TRUE when tested.

#### Description

The assert\_implication assertion checker checks the single-bit expression <code>antecedent\_expr</code> at each rising edge of <code>clk</code>. If <code>antecedent\_expr</code> is TRUE, then the checker verifies that the value of <code>consequent\_expr</code> is also TRUE. If <code>antecedent\_expr</code> is not TRUE, then the assertion is valid regardless of the value of <code>consequent\_expr</code>.

Assertion Check

ASSERT\_IMPLICATION Expression evaluated to FALSE.

Cover Point

#### **Notes**

1. This assertion checker is equivalent to:

```
assert_always
[#(severity_level, property_type, msg, coverage_level)]
instance_name (clk, reset_n, (antecedent_expr ? consequent_expr : 1'b1));
```

#### See also

```
assert_always, assert_always_on_edge, assert_never, assert_proposition
```

#### **Example**

```
assert_implication #(
    'OVL_ERROR,
                                                            // severity_level
                                                            // property_type
     'OVL_ASSERT,
    "Error: q valid but q full",
                                                            // msg
     'OVL_COVER_ALL)
                                                            // coverage_level
     not_full (
                                                            // clock
         clk,
          reset_n,
                                                            // reset
                                                            // antecedent_expr
         q_valid,
         q_not_full );
                                                            // consequent_expr
```

Ensures that q\_not\_full is TRUE at each rising edge of clk for which q\_valid is TRUE.



# assert\_increment

Ensures that the value of a specified expression changes only by the specified increment value.



#### **Syntax**

assert\_increment

[#(severity\_level, width, value, property\_type, msg, coverage\_level)] instance\_name (clk, reset\_n, test\_expr);

#### **Parameters**

 severity\_level
 Severity of the failure. Default: 'OVL\_ERROR.

 width
 Width of the test\_expr argument. Default: 1.

 value
 Increment value for test\_expr. Default: 1.

 property\_type
 Property type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_n Active low synchronous reset signal indicating completed initialization.

test\_expr [ width - 1: 0 ] Expression that should increment by value whenever its value changes from

the rising edge of clk to the next rising edge of clk.

#### **Description**

The assert\_increment assertion checker checks the expression *test\_expr* at each rising edge of *clk* to determine if its value has changed from its value at the previous rising edge of *clk*. If so, the checker verifies that the new value equals the previous value incremented by *value*. The checker allows the value of *test\_expr* to wrap, if the total change equals the increment *value*. For example, if *width* is 5 and *value* is 4, then the following change in *test\_expr* is valid:

5'b11110 -> 5'b00010

The checker is useful for ensuring proper changes in structures such as counters and finite-state machines. For example, the checker is useful for circular queue structures with address counters that can wrap. Do not use this checker for variables or expressions that can decrement. Instead consider using the assert\_delta checker.

#### Assertion Check

ASSERT\_INCREMENT Expression evaluated to a value that is not its previous value incremented by

value.

Cover Point

cover\_test\_expr\_change Expression changed value.

#### **Notes**

1. The assertion check compares the current value of *test\_expr* with its previous value. Therefore, checking does not start until the second rising clock edge of *clk* after *reset\_n* deasserts.

#### See also

```
assert_decrement, assert_delta, assert_no_overflow
```

#### **Example**

```
assert_increment #(
     'OVL_ERROR,
                                                             // severity_level
     4,
                                                             // width
                                                             // value
     'OVL_ASSERT,
                                                             // property_type
     "Error: invalid binary increment",
                                                             // msg
     'OVL_COVER_ALL)
                                                             // coverage_level
     valid_count (
                                                             // clock
          clk,
                                                             // reset
          reset_n,
                                                             // test_expr
          count );
```

Ensures that the programmable counter's count variable only increments by 1. If count wraps, the assertion fails, because the change is not a binary increment.



# assert\_never

Ensures that the value of a specified expression is not TRUE.



# Parameters: severity\_level property\_type msg coverage\_level

#### Class:

single-cycle assertion

#### **Syntax**

assert\_never

[#(severity\_level, property\_type, msg, coverage\_level)] instance\_name (clk, reset\_n, test\_expr);

**Parameters** 

severity\_level Severity of the failure. Default: 'OVL\_ERROR.

property\_type Property type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_nActive low synchronous reset signal indicating completed initialization.test\_exprExpression that should not evaluate to TRUE on the rising clock edge.

#### Description

The assert\_never assertion checker checks the single-bit expression *test\_expr* at each rising edge of *clk* to verify the expression does not evaluate to TRUE.

**Assertion Checks** 

ASSERT\_NEVER Expression evaluated to TRUE.

test\_expr contains X/Z value Expression evaluated to X or Z, and 'OVL\_XCHECK\_OFF is not set.

**Cover Points** 

none

#### **Notes**

1. By default, the assert\_never assertion is pessimistic and the assertion fails if *test\_expr* is not 0 (i.e.equals 1, X, Z, etc.). However, if 'OVL\_XCHECK\_OFF is set, the assertion fails if and only if *test\_expr* is 1.

#### See also

```
assert\_always,\ assert\_always\_on\_edge,\ assert\_implication,\\ assert\_proposition
```

# **Example**

Ensures that (reg\_a < reg\_b) is FALSE at each rising edge of clk.



# assert\_never\_unknown

Ensures that the value of a specified expression contains only 0 and 1 bits when a qualifying expression is TRUE.



#### Class:

single-cycle assertion

#### **Syntax**

assert\_never\_unknown

[#(severity\_level, width, property\_type, msg, coverage\_level)] instance\_name (clk, reset\_n, qualifier, test\_expr);

#### **Parameters**

severity\_levelSeverity of the failure. Default: 'OVL\_ERROR.widthWidth of the test\_expr argument. Default: 1.property\_typeProperty type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_n Active low synchronous reset signal indicating completed initialization.

qualifier Expression that indicates whether or not to check test\_expr.

test\_expr [width - 1: 0] Expression that should contain only 0 or 1 bits when qualifier is TRUE.

#### **Description**

The assert\_never\_unknown assertion checker checks the expression *qualifier* at each rising edge of *clk* to determine if it should check *test\_expr*. If *qualifier* is sampled TRUE, the checker evaluates *test\_expr* and if the value of *test\_expr* contains a bit that is not 0 or 1, the assertion fails.

The checker is useful for ensuring certain data have only known values following a reset sequence. It also can be used to verify tristate input ports are driven and tristate output ports drive known values when necessary.

#### **Assertion Checks**

test\_expr contains X/Z value The test\_expr expression contained at least one bit that was not 0 or 1;

qualifier was sampled TRUE; and 'OVL\_XCHECK\_OFF is not set.

**Cover Points** 

cover\_qualifier A never\_unknown check was initiated.

cover\_test\_expr\_change Expression changed value.

#### **Notes**

1. If 'OVL\_XCHECK\_OFF is set, all assert\_never\_unknown checkers are turned off.

#### See also

```
assert_never, assert_never_unknown_async, assert_one_cold, assert_one_hot, assert_zero_one_hot
```

#### **Example**

```
assert_never_unknown #(
    'OVL_ERROR,
                                                           // severity_level
                                                            // width
    'OVL_ASSERT,
                                                           // property_type
    "Error: data unknown or undriven",
                                                           // msg
    'OVL_COVER_ALL)
                                                            // coverage_level
    valid_data (
         clk,
                                                            // clock
         reset_n,
                                                            // reset
         rd_data,
                                                           // qualifier
         data);
                                                           // test_expr
```

Ensures that values of data are known and driven when rd\_data is TRUE.



# assert\_never\_unknown\_async

Ensures that the value of a specified expression combinationally contains only 0 and 1 bits.



Parameters: severity\_level width property\_type msg coverage\_level Class:

combinational assertion

#### **Syntax**

assert\_never\_unknown

[#(severity\_level, width, property\_type, msg, coverage\_level)]
instance\_name (reset\_n, test\_expr);

#### **Parameters**

severity\_levelSeverity of the failure. Default: 'OVL\_ERROR.widthWidth of the test\_expr argument. Default: 1.property\_typeProperty type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

reset\_nActive low synchronous reset signal indicating completed initialization.test\_expr[ width - 1: 0 ]Expression that should contain only 0 or 1 bits when qualifier is TRUE.

#### Description

The assert\_never\_unknown\_async assertion checker combinationally evaluates *test\_expr* and if the value of *test\_expr* contains a bit that is not 0 or 1, the assertion fails.

The checker is useful for ensuring certain data have only known values following a reset sequence. It also can be used to verify tristate input ports are driven and tristate output ports drive known values when necessary.

#### **Assertion Checks**

test\_expr contains X/Z value The test\_expr expression contained at least one bit that was not 0 or 1 and

'OVL\_XCHECK\_OFF is not set.

**Cover Points** 

none

#### **Notes**

1. If 'OVL\_XCHECK\_OFF is set, all assert\_never\_unknown\_async checkers are turned off.

#### See also

 $assert\_never$ 

#### **Example**

```
assert_never_unknown_async #(
    'OVL_ERROR,
                                                         // severity_level
    8,
                                                         // width
    'OVL_ASSERT,
                                                         // property_type
    "Error: data unknown or undriven",
                                                         // msg
    'OVL_COVER_ALL)
                                                         // coverage_level
    valid_data (
         bus_gnt,
                                                         // reset
         data);
                                                         // test_expr
```

Ensures that values of data are known and driven while bus\_gnt is TRUE.



# assert\_next

Ensures that the value of a specified expression is TRUE a specified number of cycles after a start



Parameters: severity\_level num\_cks check\_overlapping check\_missing\_start property\_type msg coverage\_level

Class:

n-cycle assertion

#### **Syntax**

assert next

[#(severity\_level, num\_cks, check\_overlapping, check\_missing\_start, property\_type, msg, coverage\_level)] instance\_name ( clk, reset\_n, start\_event, test\_expr );

Severity of the failure. Default: 'OVL\_ERROR.

#### **Parameters**

severity\_level num\_cks

Number of cycles after start\_event is TRUE to wait to check that the value of test\_expr is TRUE. Default: 1.

check\_overlapping

Whether or not to perform overlap checking. Default: 1 (overlap checking off).

- If set to 0, overlap checking is performed. From the rising edge of *clk* after start event is sampled TRUE to the rising edge of clk of the cycle before test\_expr is sampled for the current next check, the checker performs an overlap check. During this interval, if start\_event is TRUE at a rising edge of clk, then the overlap check fails (illegal overlapping condition). The current next check continues but a new next check is not initiated.
- If set to 1, overlap checking is not performed. A separate next check is initiated each time start\_event is sampled TRUE (overlapping start events are allowed).

check\_missing\_start

Whether or not to perform missing-start checking. Default: 0 (missing-start checking off).

- If set to 0, missing start checks are not performed.
- If set to 1, missing start checks are performed. The checker samples test\_expr every rising edge of clk. If the value of test\_expr is TRUE, then num\_cks rising edges of clk prior to the current time, start\_event must have been TRUE (initiating a next check). If not, the missing-start check fails (start\_event without test\_expr).

property\_type

Property type. Default: 'OVL\_ASSERT.

msg

Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level

Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk

Clock event for the assertion. The checker samples on the rising edge of the clock.

reset n

Active low synchronous reset signal indicating completed initialization.

| start_event | Expression that (along with <i>num_cks</i> ) identifies when to check <i>test_expr</i> . |
|-------------|------------------------------------------------------------------------------------------|
| test_expr   | Expression that should evaluate to TRUE num_cks cycles after start_event                 |
|             | initiates a next check.                                                                  |

# Description

The assert\_next assertion checker checks the expression *start\_event* at each rising edge of *clk*. If *start\_event* is TRUE, a check is initiated. The check waits for *num\_cks* cycles (i.e., for *num\_cks* additional rising edges of *clk*) and evaluates *test\_expr*. If *test\_expr* is not TRUE, the assertion fails.

If overlap checking is off (*check\_overlapping* is 1), additional checks can start while a current check is pending. If overlap checking is on, the assertion fails if *start\_event* is sampled TRUE while a check is pending (except on the last clock).

If missing-start checking is off (*check\_missing\_start* is 0), *test\_expr* can be TRUE any time. If missing-start checking is on, the assertion fails if *test\_expr* is TRUE without a corresponding start event (*num\_cks* cycles previously). However, if *test\_expr* is TRUE in the interval of *num\_cks* - 1 cycles after a reset and has no corresponding start event, the result is indeterminate (i.e., the missing-start check might or might not fail).

#### Assertion Checks

| start_event without test_expr          | The value of <i>start_event</i> was TRUE on a rising edge of <i>clk</i> , but <i>num_cks</i> cycles later the value of <i>test_expr</i> was not TRUE.                                  |
|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| illegal overlapping condition detected | The <i>check_overlapping</i> parameter is set to 0 and <i>start_event</i> was TRUE on the rising edge of <i>clk</i> , but a previous check was pending.                                |
| test_expr without start_event          | The <i>check_missing_start</i> parameter is set to 1 and <i>start_event</i> was not TRUE on the rising edge of <i>clk</i> , but <i>num_cks</i> cycles later <i>test_expr</i> was TRUE. |
| num_cks parameter<=0                   | The <i>num_cks</i> parameter is less than 2.                                                                                                                                           |

#### **Cover Points**

```
cover_start_event The value of start_event was TRUE on a rising edge of clk.

cover_overlapping_start_events The value of start_event was TRUE on a rising edge of clk while a check was pending.
```

#### See also

```
assert\_change,\ assert\_frame,\ assert\_time,\ assert\_unchange
```

#### **Examples**

```
assert_next #(
     'OVL_ERROR,
                                                              // severity_level
                                                              // num_cks
     4,
                                                              // check overlapping (off)
     1,
     0.
                                                              // check_missing_start (off)
     'OVL ASSERT,
                                                              // property_type
     "error:",
                                                              // msg
     'OVL_COVER_ALL)
                                                              // coverage_level
     valid_next_a_b (
                                                              // clock
          clk,
                                                              // reset
          reset n.
          a,
                                                              // start_event
          b);
                                                              // test_expr
```

Ensures that b is TRUE 4 cycles after a is TRUE.



```
assert_next #(
     'OVL_ERROR,
                                                             // severity_level
                                                             // num_cks
     4,
     0,
                                                             // check_overlapping (on)
     0,
                                                             // check_missing_start (off)
     'OVL_ASSERT,
                                                             // property_type
     "error:",
                                                             // msg
     'OVL_COVER_ALL)
                                                             // coverage_level
     valid_next_a_b (
                                                             // clock
          clk,
                                                             // reset
          reset_n,
          a,
                                                             // start_event
          b);
                                                             // test_expr
```

#### Ensures that b is TRUE 4 cycles after a is TRUE. Overlaps are not allowed



```
assert_next #(
     'OVL_ERROR,
                                                             // severity_level
                                                             // num_cks
                                                             // check_overlapping (off)
     1,
                                                             // check_missing_start (on)
     1,
     'OVL_ASSERT,
                                                             // property_type
     "error:",
                                                             // msg
     'OVL_COVER_ALL)
                                                             // coverage_level
     valid_next_a_b (
                                                             // clock
          clk,
          reset_n,
                                                             // reset
          a,
                                                             // start_event
          b);
                                                             // test_expr
```

#### Ensures that b is TRUE 4 cycles after a is TRUE. Missing-start check is on.



# assert\_no\_overflow

Ensures that the value of a specified expression does not overflow.



# **Syntax**

assert\_no\_overflow

[#(severity\_level, width, min, max, property\_type, msg, coverage\_level)] instance\_name (clk, reset\_n, test\_expr);

#### **Parameters**

severity\_level Severity of the failure. Default: 'OVL\_ERROR.

width Width of the test\_expr argument. Width must be less than or equal to 32.

Default: 1.

min Minimum value in the test range of test\_expr. Default: 0.

max Maximum value in the test range of test\_expr. Default: 2\*\* width - 1.

property\_type Property type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

CIOCK.

reset\_n Active low synchronous reset signal indicating completed initialization.

test\_expr [ width - 1: 0 ] Expression that should not change from a value of max to a value out of the

test range or to a value equal to min.

#### **Description**

The assert\_no\_overflow assertion checker checks the expression *test\_expr* at each rising edge of *clk* to determine if its value has changed from a value (at the previous rising edge of *clk*) that was equal to *max*. If so, the checker verifies that the new value has not overflowed *max*. That is, it verifies the value of *test\_expr* is not greater than *max* or less than or equal to *min* (in which case, the assertion fails).

The checker is useful for verifying counters, where it can ensure the counter does not wrap from the highest value to the lowest value in a specified range. For example, it can be used to check that memory structure pointers do not wrap around. For a more general test for overflow, use assert\_delta or assert\_fifo\_index.

#### Assertion Check

ASSERT\_NO\_OVERFLOW Expression changed value from *max* to a value not in the range *min* + 1 to

max - 1.

#### **Cover Points**

cover\_test\_expr\_change Expression changed value.

cover\_test\_expr\_at\_min Expression evaluated to *min*.

cover\_test\_expr\_at\_max Expression evaluated to *max*.

#### **Errors**

The parameters *min* and *max* must be specified such that *min* is less than or equal to *max*. Otherwise, the assertion fails on each tested clock cycle for which *test\_expr* changed from *max*.

#### **Notes**

1. The assertion check compares the current value of *test\_expr* with its previous value. Therefore, checking does not start until the second rising clock edge of *clk* after *reset\_n* deasserts.

#### See also

assert\_delta, assert\_fifo\_index, assert\_increment, assert\_no\_overflow

#### Example

```
assert_no_overflow #(
   'OVL_ERROR,
                                                           // severity_level
   3,
                                                           // width
   0,
                                                           // min
                                                           // max
   4,
   'OVL_ASSERT,
                                                           // property_type
   "Error: addr overflow",
                                                           // msg
   'OVL COVER ALL)
                                                           // coverage_level
   addr_with_overflow (
                                                           // clock
        clk,
        reset_n,
                                                           // reset
        addr );
                                                           // test_expr
```

Ensures that addr does not overflow (i.e., change from a value of 4 at the rising edge of clk to a value of 0 or a value greater than 4 at the next rising edge of clk).



# assert\_no\_transition

Ensures that the value of a specified expression does not transition from a start state to the specified next state.



## **Syntax**

assert\_no\_transition

[#(severity\_level, width, property\_type, msg, coverage\_level)]
instance\_name (clk, reset\_n, test\_expr, start\_state, next\_state);

#### **Parameters**

severity\_levelSeverity of the failure. Default: 'OVL\_ERROR.widthWidth of the test\_expr argument. Default: 1.property\_typeProperty type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

clk.

#### **Ports**

| clk         |                  | Clock event for the assertion. The checker samples on the rising edge of the clock.                                                                                                                         |
|-------------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| reset_n     |                  | Active low synchronous reset signal indicating completed initialization.                                                                                                                                    |
| test_expr   | [ width - 1: 0 ] | Expression that should not transition to <i>next_state</i> on the rising edge of <i>clk</i> if its value at the previous rising edge of <i>clk</i> is the same as the current value of <i>start_state</i> . |
| start_state | [ width - 1: 0 ] | Expression that indicates the start state for the assertion check. If the start state matches the value of <i>test_expr</i> on the previous rising edge of <i>clk</i> , the check is performed.             |
| next_state  | [ width - 1: 0 ] | Expression that indicates the invalid next state for the assertion check. If the value of test_expr was start_state at the previous rising edge of clk, then the                                            |

#### Description

The assert\_no\_transition assertion checker checks the expression *test\_expr* and *start\_state* at each rising edge of *clk* to see if they are the same. If so, the checker evaluates and stores the current value of *next\_state*. At the next rising edge of *clk*, the checker re-evaluates *test\_expr* to see if its value equals the stored value of *next\_state*. If so, the assertion fails. The checker returns to checking *start\_state* in the current cycle (unless a fatal failure occurred)

value of test\_expr should not equal next\_state on the current rising edge of

The *start\_state* and *next\_state* expressions are verification events that can change. In particular, the same assertion checker can be coded to verify multiple types of transitions of *test\_expr*.

The checker is useful for ensuring certain control structure values (such as counters and finite-state machine values) do not transition to invalid values.

#### Assertion Check

ASSERT\_no\_transition Expression transitioned from *start\_state* to a value equal to *next\_state*.

Cover Point

start\_state Expression assumed a start state value.

#### **Notes**

1. The assertion check compares the current value of *test\_expr* with its previous value. Therefore, checking does not start until the second rising clock edge of *clk* after *reset\_n* deasserts.

#### See also

assert\_transition

#### **Example**

```
assert_no_transition #(
     'OVL_ERROR,
                                                             // severity_level
     3,
                                                             // width
     'OVL_ASSERT,
                                                             // property_type
     "Error: bad state transition",
                                                             // msg
     'OVL_COVER_ALL)
                                                             // coverage_level
     valid_transition (
                                                             // clock
          clk.
          reset_n,
                                                             // reset
          current_state,
                                                             // test_expr
          requests > 2 ? 'FULL: 'ONE_IN_Q,
                                                             // start_state
          'EMPTY;
                                                             // next_state
```

Ensures that current\_state does not transition to 'EMPTY improperly. If requests is greater than 2 and the current\_state is 'FULL, current\_state should not transition to 'EMPTY in the next cycle. If requests is not greater than 2 and current\_state is 'ONE\_IN\_Q, current\_state should not transition to 'EMPTY in the next cycle.



# assert\_no\_underflow

Ensures that the value of a specified expression does not underflow.



## **Syntax**

assert\_no\_underflow

[#(severity\_level, width, min, max, property\_type, msg, coverage\_level)]
instance\_name (clk, reset\_n, test\_expr);

#### **Parameters**

severity\_level Severity of the failure. Default: 'OVL\_ERROR.

width Width of the test\_expr argument. Width must be less than or equal to 32.

Default: 1.

min Minimum value in the test range of test\_expr. Default: 0.

max Maximum value in the test range of test\_expr. Default: 2\*\* width - 1.

property\_type Property type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

CIOCK.

reset\_n Active low synchronous reset signal indicating completed initialization.

test\_expr [ width - 1: 0 ] Expression that should not change from a value of min to a value out of range

or to a value equal to max.

#### **Description**

The assert\_no\_underflow assertion checker checks the expression *test\_expr* at each rising edge of *clk* to determine if its value has changed from a value (at the previous rising edge of *clk*) that was equal to *min*. If so, the checker verifies that the new value has not underflowed *min*. That is, it verifies the value of *test\_expr* is not less than *min* or greater than or equal to *max* (in which case, the assertion fails).

The checker is useful for verifying counters, where it can ensure the counter does not wrap from the lowest value to the highest value in a specified range. For example, it can be used to check that memory structure pointers do not wrap around. For a more general test for underflow, use assert\_delta or assert\_fifo\_index.

#### Assertion Check

ASSERT\_NO\_UNDERFLOW Expression changed value from *min* to a value not in the range *min* + 1 to

max - 1.

#### **Cover Points**

cover\_test\_expr\_change Expression changed value.

cover\_test\_expr\_at\_min Expression evaluated to *min*.

cover\_test\_expr\_at\_max Expression evaluated to *max*.

#### **Errors**

The parameters *min* and *max* must be specified such that *min* is less than or equal to *max*. Otherwise, the assertion fails on each tested clock cycle for which *test\_expr* changed from *max*.

#### **Notes**

1. The assertion check compares the current value of *test\_expr* with its previous value. Therefore, checking does not start until the second rising clock edge of *clk* after *reset\_n* deasserts.

#### See also

assert\_delta, assert\_fifo\_index, assert\_decrement, assert\_no\_overflow

#### **Example**

```
assert_no_underflow #(
     'OVL_ERROR,
                                                             // severity_level
     3,
                                                             // width
     3,
                                                             // min
     7,
                                                             // max
     'OVL_ASSERT,
                                                            // property_type
     "Error: addr underflow",
                                                             // msg
     'OVL COVER ALL)
                                                             // coverage_level
     addr_with_underflow (
                                                             // clock
         clk,
          reset_n,
                                                             // reset
          addr );
                                                             // test_expr
```

Ensures that addr does not underflow (i.e., change from a value of 3 at the rising edge of clk to a value of 7 or a value less than 3 at the next rising edge of clk).



## assert\_odd\_parity

Ensures that the value of a specified expression has odd parity.



## **Syntax**

assert\_odd\_parity
 [#(severity\_level, width, property\_type, msg, coverage\_level)]
instance\_name (clk, reset\_n, test\_expr);

#### **Parameters**

severity\_levelSeverity of the failure. Default: 'OVL\_ERROR.widthWidth of the test\_expr argument. Default: 1.property\_typeProperty type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_n Active low synchronous reset signal indicating completed initialization.

test\_expr [ width - 1: 0 ] Expression that should evaluate to a value with odd parity on the rising clock

edge.

#### **Description**

The assert\_odd\_parity assertion checker checks the expression *test\_expr* at each rising edge of *clk* to verify the expression evaluates to a value that has odd parity. A value has odd parity if the number of bits set to 1 is odd.

The checker is useful for verifying control circuits, for example, it can be used to verify a finite-state machine with error detection. In a datapath circuit the checker can perform parity error checking of address and data buses.

Assertion Check

ASSERT\_ODD\_PARITY Expression evaluated to a value whose parity is not odd.

Cover Point

cover\_test\_expr\_change Expression has changed value.

#### See also

assert\_even\_parity

## **Example**

```
assert_odd_parity #(
    'OVL_ERROR,
                                                              // severity_level
                                                              // width
     'OVL_ASSERT,
                                                              // property_type
    "Error: data has even parity",
                                                              // msg
     'OVL_COVER_ALL)
                                                              // coverage_level
     valid_data_odd_parity (
          clk,
                                                              // clock
                                                              // reset
          reset_n,
          data);
                                                              // test_expr
Ensures that data has odd parity at each rising edge of clk.
           В
                                                         ► ASSERT_ODD_PARITY
Error: data has even parity
```

## assert\_one\_cold

Ensures that the value of a specified expression is one-cold (or equals an inactive state value, if specified).



## **Syntax**

assert\_one\_cold

[#(severity\_level, width, inactive, property\_type, msg, coverage\_level)]
instance\_name (clk, reset\_n, test\_expr);

#### **Parameters**

severity\_levelSeverity of the failure. Default: 'OVL\_ERROR.widthWidth of the test\_expr argument. Default: 32.

inactive Inactive state of test\_expr: 'OVL\_ALL\_ZEROS, 'OVL\_ALL\_ONES or

'OVL\_ONE\_COLD. Default: 'OVL\_ONE\_COLD.

property\_type Property type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_n Active low synchronous reset signal indicating completed initialization.

test\_expr [ width - 1: 0 ] Expression that should evaluate to a one-cold or inactive value on the rising

clock edge.

#### **Description**

The assert\_one\_cold assertion checker checks the expression *test\_expr* at each rising edge of *clk* to verify the expression evaluates to a one-cold or inactive state value. A one-cold value has exactly one bit set to 0. The inactive state value for the checker is set by the *inactive* parameter. Choices are: 'OVL\_ALL\_ZEROS (e.g., 4'b0000), 'OVL\_ALL\_ONES (e.g., 4'b1111) or 'OVL\_ONE\_COLD. The default *inactive* parameter value is 'OVL\_ONE\_COLD, which indicates *test\_expr* has no inactive state (so only a one-cold value is valid for each check).

The checker is useful for verifying control circuits, for example, it can ensure that a finite-state machine with one-cold encoding operates properly and has exactly one bit asserted low. In a datapath circuit the checker can ensure that the enabling conditions for a bus do not result in bus contention.

#### **Assertion Checks**

ASSERT\_ONE\_COLD Expression assumed an active state with multiple bits set to 0.

test\_expr contains X/Z value Expression evaluated to a value with an X or Z bit, and 'OVL\_XCHECK\_OFF

is not set.

#### **Cover Points**

cover\_all\_one\_colds\_checked Expression evaluated to all possible combinations of one-cold values.

cover\_test\_expr\_all\_zeros Expression evaluated to the inactive state and the *inactive* parameter was set

to 'OVL\_ALL\_ZEROS.

cover\_test\_expr\_all\_ones Expression evaluated to the inactive state and the inactive parameter was set

to 'OVL\_ALL\_ONES.

cover\_test\_expr\_change Expression has changed value.

#### **Notes**

1. By default, the assert\_one\_cold assertion is pessimistic and the assertion fails if *test\_expr* is active and multiple bits are not 1 (i.e.equals 0, X, Z, etc.). However, if 'OVL\_XCHECK\_OFF is set, the assertion fails if and only if *test\_expr* is active and multiple bits are 0.

#### See also

```
assert_one_hot, assert_zero_one_hot
```

## **Examples**

```
assert_one_cold #(
     'OVL_ERROR,
                                                            // severity_level
                                                            // width
     4,
     'OVL_ONE_COLD,
                                                            // inactive (no inactive state)
     'OVL_ASSERT,
                                                            // property_type
     "Error: sel_n not one-cold",
                                                            // msg
     'OVL_COVER_ALL)
                                                            // coverage_level
     valid_sel_n_one_cold (
          clk,
                                                            // clock
         reset_n,
                                                            // reset
          sel_n);
                                                            // test_expr
```

Ensures that sel\_n is one-cold at each rising edge of clk.



```
assert_one_cold #(
    'OVL_ERROR,
                                                         // severity_level
    4,
                                                         // width
    'OVL_ALL_ONES,
                                                         // inactive
    'OVL_ASSERT,
                                                         // property_type
    "Error: sel_n not one-cold or inactive",
                                                         // msg
    'OVL_COVER_ALL)
                                                         // coverage_level
    valid_sel_n_one_cold (
                                                         // clock
         clk,
         reset_n,
                                                         // reset
         sel_n);
                                                         // test_expr
Ensures that sel_n is one-cold or inactive (4'b1111) at each rising edge of clk.
 reset n
        XXXX
                                    1101 | 1100 | 1110
                                                                          0111
                                                                                  1011
                    ASSERT_ONE_COLD
                                                      Error: sel_n not one-cold or inactive
assert_one_cold #(
    'OVL_ERROR,
                                                         // severity_level
                                                         // width
    'OVL_ALL_ZEROS,
                                                         // inactive
    'OVL ASSERT.
                                                         // property_type
    "Error: sel_n not one-cold",
                                                         // msg
    'OVL COVER ALL)
                                                         // coverage_level
    valid_sel_n_one_cold (
                                                         // clock
         clk,
         reset_n,
                                                         // reset
                                                         // test_expr
         sel_n);
Ensures that sel_n is one-cold or inactive (4'b0000) at each rising edge of clk.
        XXXX 0000
                           1011
                                                                          0111 | 1011
  sel n
                                   1 1101 | 0111 | 1110
                                                             1111
                    ► test_expr contains X/Z value
                            ASSERT_ONE_COLD Error: sel_n not one-cold or inactive
```

## assert\_one\_hot

Ensures that the value of a specified expression is one-hot.



## **Syntax**

assert\_one\_hot
 [#(severity\_level, width, property\_type, msg, coverage\_level)]
instance\_name (clk, reset\_n, test\_expr);

#### **Parameters**

severity\_levelSeverity of the failure. Default: 'OVL\_ERROR.widthWidth of the test\_expr argument. Default: 32.property\_typeProperty type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_n Active low synchronous reset signal indicating completed initialization.

test\_expr [width - 1: 0] Expression that should evaluate to a one-hot value on the rising clock edge.

#### **Description**

The assert\_one\_hot assertion checker checks the expression *test\_expr* at each rising edge of *clk* to verify the expression evaluates to a one-hot value. A one-hot value has exactly one bit set to 1.

The checker is useful for verifying control circuits, for example, it can ensure that a finite-state machine with one-hot encoding operates properly and has exactly one bit asserted high. In a datapath circuit the checker can ensure that the enabling conditions for a bus do not result in bus contention.

#### Assertion Checks

ASSERT\_ONE\_HOT Expression evaluated to zero or to a value with multiple bits set to 1.

test\_expr contains X/Z value Expression evaluated to a value with an X or Z bit, and 'OVL\_XCHECK\_OFF

is not set.

**Cover Points** 

cover\_all\_one\_hots\_checked Expression evaluated to all possible combinations of one-hot values.

cover\_test\_expr\_change Expression has changed value.

#### **Notes**

1. By default, the assert\_one\_hot assertion is optimistic and the assertion fails if *test\_expr* is zero or has multiple bits not set to 0 (i.e.equals 1, X, Z, etc.). However, if 'OVL\_XCHECK\_OFF is set, the ASSERT\_ONE\_HOT assertion fails if and only if *test\_expr* is zero or has multiple bits that are 1.

#### See also

```
assert_one_cold, assert_zero_one_hot
```

#### **Example**

```
assert_one_hot #(
     'OVL_ERROR,
                                                            // severity_level
                                                            // width
     4,
                                                            // property_type
     'OVL_ASSERT,
     "Error: sel not one-hot",
                                                            // msg
     'OVL_COVER_ALL)
                                                            // coverage_level
     valid_sel_one_hot (
                                                            // clock
         clk,
         reset_n,
                                                            // reset
                                                            // test_expr
         sel);
```

Ensures that sel is one-hot at each rising edge of clk.



## assert\_proposition

Ensures that the value of a specified expression is always combinationally TRUE.



## **Syntax**

```
assert_proposition
  [#(severity_level, property_type, msg, coverage_level)]
  instance_name (reset_n, test_expr);
```

#### **Parameters**

severity\_level Severity of the failure. Default: 'OVL\_ERROR.

property\_type Property type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

reset\_n Active low synchronous reset signal indicating completed initialization.

test\_expr Expression that should always evaluate to TRUE.

#### **Description**

The assert\_proposition assertion checker checks the single-bit expression *test\_expr* when it changes value to verify the expression evaluates to TRUE.

#### Assertion Check

ASSERT\_PROPOSITION Expression evaluated to FALSE.

**Cover Points** 

none

#### **Notes**

1. Formal verification tools and hardware emulation/acceleration systems might ignore this checker. To verify propositional properties with these tools, consider using assert\_always.

#### See also

assert\_always, assert\_always\_on\_edge, assert\_implication, assert\_never

## **Example**

```
assert_proposition #(
    'OVL_ERROR,
                                                          // severity_level
    'OVL_ASSERT,
                                                         // property_type
    "Error: current_addr changed while bus granted",
                                                         // msg
    'OVL_COVER_ALL)
                                                         // coverage_level
    valid_current_addr (
         bus_gnt,
                                                          // reset
         current_addr == addr );
                                                         // test_expr
Ensures that current_addr equals addr while bus_gnt is TRUE.
   bus_gnt
      addr
current_addr
                                                                 AA00
                                                                                     AAF0
                ASSERT_PROPOSITION Error: current_addr changed while bus granted ◀
```

## assert\_quiescent\_state

Ensures that the value of a specified state expression equals a corresponding check value if a specified sample event has transitioned to TRUE.



## **Syntax**

assert\_quiescent\_state

[#(severity\_level, width, property\_type, msg, coverage\_level)]
instance\_name (clk, reset\_n, state\_expr, check\_value, sample\_event);

#### **Parameters**

severity\_level Severity of the failure. Default: 'OVL\_ERROR.

width Width of the state\_expr and check\_value arguments. Default: 1.

property\_type Property type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_n Active low synchronous reset signal indicating completed initialization.

state\_expr [width - 1:0] Expression that should have the same value as check\_value on the rising

edge of clk if sample\_event transitioned to TRUE in the previous clock cycle

(or is currently transitioning to TRUE).

check\_value [ width - 1: 0 ] Expression that indicates the value state\_expr should have on the rising edge

of clk if sample\_event transitioned to TRUE in the previous clock cycle (or is

currently transitioning to TRUE).

sample\_event Expression that initiates the quiescent state check when its value transitions

to TRUE.

#### Description

The assert\_quiescent\_state assertion checker checks the expression <code>sample\_event</code> at each rising edge of <code>clk</code> to see if its value has transitioned to TRUE (i.e., its current value is TRUE and its value on the previous rising edge of <code>clk</code> is not TRUE). If so, the checker verifies that the current value of <code>state\_expr</code> equals the current value of <code>check\_value</code>. The assertion fails if <code>state\_expr</code> is not equal to <code>check\_value</code>.

The state\_expr and check\_value expressions are verification events that can change. In particular, the same assertion checker can be coded to compare different check values (if they are checked in different cycles).

The checker is useful for verifying the states of state machines when transactions complete.

#### Assertion Check

ASSERT\_QUIESCENT\_STATE

The *sample\_event* expression transitioned to TRUE, but the values of *state\_expr* and *check\_value* were not the same.

#### **Cover Points**

none

#### **Notes**

- 1. The assertion check compares the current value of *sample\_event* with its previous value. Therefore, checking does not start until the second rising clock edge of *clk* after *reset\_n* deasserts.
- 2. The checker recognizes the Verilog macro 'OVL\_END\_OF\_SIMULATION=*eos\_signal*. If set, the quiescent state check is also performed at the end of simulation, when *eos\_signal* asserts (regardless of the value of *sample\_event*).
- 3. Formal verification tools and hardware emulation/acceleration systems might ignore this checker.

#### See also

 $assert\_no\_transition,\ assert\_transition$ 

## Example

```
assert_quiescent_state #(
     'OVL_ERROR,
                                                            // severity_level
                                                            // width
     4.
     'OVL_ASSERT,
                                                            // property_type
     "Error: illegal end of transaction",
                                                            // msg
     'OVL_COVER_ALL)
                                                            // coverage_level
     valid_end_of_transaction_state (
         clk,
                                                            // clock
          reset_n,
                                                            // reset
                                                            // state expr
         transaction state.
          prev_tr == 'TR_READ ? 'TR_IDLE : 'TR_WAIT
                                                            // check_value
          end_of_transaction);
                                                            // sample_event
```

Ensures that whenever end\_of\_transaction asserts at the completion of each transaction, the value of transaction\_state is 'TR\_IDLE (if prev\_tr is 'TR\_READ) or 'TR\_WAIT (otherwise).



## assert\_range

Ensures that the value of a specified expression is in a specified range.



## **Syntax**

assert\_range

[#(severity\_level, width, min, max, property\_type, msg, coverage\_level)]
instance\_name (clk, reset\_n, test\_expr);

#### **Parameters**

 severity\_level
 Severity of the failure. Default: 'OVL\_ERROR.

 width
 Width of the test\_expr argument. Default: 1.

 min
 Minimum value allowed for test\_expr. Default: 0.

max Maximum value allowed for test\_expr. Default: 2\*\*width - 1.

property\_type Property type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

Ports

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_nActive low synchronous reset signal indicating completed initialization.test\_expr[ width - 1: 0 ]Expression that should evaluate to a value in the range from min to max

(inclusive) on the rising clock edge.

## **Description**

The assert\_range assertion checker checks the expression *test\_expr* at each rising edge of *clk* to verify the expression falls in the range from *min* to *max*, inclusive. The assertion fails if *test\_expr* < *min* or *max* < *test\_expr*.

The checker is useful for ensuring certain control structure values (such as counters and finite-state machine values) are within their proper ranges. The checker is also useful for ensuring datapath variables and expressions are in legal ranges.

#### Assertion Check

ASSERT\_RANGE Expression evaluated outside the range *min* to *max*.

#### **Cover Points**

```
      cover_cover_test_expr_change
      Expression changed value.

      cover_test_expr_at_min
      Expression evaluated to min.

      cover_test_expr_at_max
      Expression evaluated to max.
```

#### **Errors**

The parameters *min* and *max* must be specified such that *min* is less than or equal to *max*. Otherwise, the assertion fails on each tested clock cycle.

#### See also

```
assert_always, assert_implication, assert_never, assert_proposition
```

#### **Example**

```
assert_range #(
     'OVL_ERROR,
                                                              // severity_level
                                                              // width
     3,
                                                              // min
     2,
     5,
                                                              // max
     'OVL_ASSERT,
                                                              // property_type
     "Error: sel_high - sel_low not within 2 to 5",
                                                              // msg
     'OVL_COVER_ALL)
                                                              // coverage_level
     valid_sel (
          clk,
                                                              // clock
                                                              // reset
          reset_n,
          sel_high - sel_low );
                                                              // test_expr
```

Ensures that (sel\_high - sel\_low) is in the range 2 to 5 at each rising edge of clk.



## assert\_time

Ensures that the value of a specified expression remains TRUE for a specified number of cycles after a start event.



Parameters: severity\_level num\_cks

action\_on\_new\_start
property\_type
msg
coverage\_level

#### Class:

*n*-cycle assertion

## **Syntax**

assert\_time

[#(severity\_level, num\_cks, action\_on\_new\_start, property\_type, msg, coverage\_level)]
instance\_name (clk, reset\_n, start\_event, test\_expr);

#### **Parameters**

severity\_level Severity of the failure. Default: 'OVL\_ERROR.

num\_cks Number of cycles after start\_event is TRUE that test\_expr must be held

TRUE. Default: 1.

action\_on\_new\_start Method for handling a new start event that occurs while a check is pending.

Values are: 'OVL\_IGNORE\_NEW\_START, 'OVL\_RESET\_ON\_NEW\_START

and 'OVL\_ERROR\_ON\_NEW\_START. Default:

'OVL\_IGNORE\_NEW\_START.

property\_type Property type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

 reset\_n
 Active low synchronous reset signal indicating completed initialization.

 start\_event
 Expression that (along with num\_cks) identifies when to check test\_expr.

 test\_expr
 Expression that should evaluate to TRUE for num\_cks cycles after

start\_event initiates a check.

#### Description

The assert\_time assertion checker checks the expression *start\_event* at each rising edge of *clk* to determine whether or not to initiate a check. Once initiated, the check evaluates *test\_expr* each rising edge of *clk* for *num\_cks* cycles to verify that its value is TRUE. During that time, the assertion fails each cycle a sampled value of *test\_expr* is not TRUE.

The method used to determine what constitutes a start event for initiating a check is controlled by the *action\_on\_new\_start* parameter. If no check is in progress when *start\_event* is sampled TRUE, a new check is initiated. But, if a check is in progress when *start\_event* is sampled TRUE, the checker has the following actions:

#### ☐ 'OVL IGNORE NEW START

The checker does not sample *start\_event* for the next *num\_cks* cycles after a start event.

#### ☐ 'OVL RESET ON NEW START

The checker samples *start\_event* every cycle. If a check is pending and the value of *start\_event* is TRUE, the checker terminates the check and initiates a new check without sampling *test\_expr*.

## ☐ 'OVL\_ERROR\_ON\_NEW\_START

The checker samples *start\_event* every cycle. If a check is pending and the value of *start\_event* is TRUE, the assertion fails with an illegal start event violation. In this case, the checker does not initiate a new check, does not terminate a pending check and reports an additional assertion violation if *test\_expr* is FALSE.

#### **Assertion Checks**

ASSERT\_TIME The value of test\_expr was not TRUE within num\_cks cycles after start\_event

was sampled TRUE.

illegal start event The action\_on\_new\_start parameter is set to

'OVL\_ERROR\_ON\_NEW\_START and start\_event expression evaluated to

TRUE while the checker was monitoring test\_expr.

#### **Cover Points**

cover\_window\_open A time check was initiated.

cover\_window\_close A time check lasted the full *num\_cks* cycles.

cover\_window\_resets The action\_on\_new\_start parameter is 'OVL\_RESET\_ON\_NEW\_START,

and start\_event was sampled TRUE while the checker was monitoring

test\_expr.

#### See also

assert\_change, assert\_next, assert\_frame, assert\_unchange, assert\_win\_change, assert\_win\_unchange, assert\_window

#### **Examples**

```
assert time #(
     'OVL_ERROR,
                                                           // severity_level
                                                           // num_cks
     'OVL_IGNORE_NEW_START,
                                                           // action_on_new_start
     'OVL_ASSERT,
                                                           // property_type
    "Error: invalid transaction",
                                                           // msg
     'OVL_COVER_ALL)
                                                           // coverage_level
    valid_transaction (
                                                           // clock
         clk,
         reset n.
                                                           // reset
                                                           // start_event
         req == 1,
         ptr >= 1 \&\& ptr <= 3);
                                                           // test_expr
```

Ensures that ptr is sampled in the range 1 to 3 for three cycles after req is sampled equal to 1 at the rising edge of clk. If req is sampled equal to 1 when the checker samples ptr, a new check is not initiated (i.e., the new start is ignored).



```
assert_time #(
    'OVL_ERROR,
                                                           // severity_level
                                                           // num_cks
     'OVL_RESET_ON_NEW_START,
                                                           // action_on_new_start
     'OVL_ASSERT,
                                                           // property_type
    "Error: invalid transaction",
                                                           // msg
     'OVL_COVER_ALL)
                                                           // coverage_level
    valid_transaction (
                                                           // clock
         clk.
                                                           // reset
         reset_n,
                                                           // start_event
         req == 1,
         ptr >= 1 \&\& ptr <= 3);
                                                           // test_expr
```

Ensures that ptr is sampled in the range 1 to 3 for three cycles after req is sampled equal to 1 at the rising edge of clk. If req is sampled equal to 1 when the checker samples ptr, a new check is initiated (i.e., the new start restarts a check).



```
assert_time #(
    'OVL_ERROR,
                                                          // severity_level
                                                          // num_cks
    'OVL_ERROR_ON_NEW_START,
                                                          // action_on_new_start
    'OVL_ASSERT,
                                                          // property_type
    "Error: invalid transaction",
                                                          // msg
    'OVL_COVER_ALL)
                                                          // coverage_level
    valid_transaction (
         clk,
                                                          // clock
                                                          // reset
         reset_n,
                                                          // start_event
         req == 1,
                                                          // test_expr
         ptr >= 1 && ptr <= 3);
```

Ensures that ptr is sampled in the range 1 to 3 for three cycles after req is sampled equal to 1 at the rising edge of clk. If req is sampled equal to 1 when the checker samples ptr, the checker issues an illegal start event violation and does not start a new check.



## assert\_transition

Ensures that the value of a specified expression transitions properly from a start state to the specified next state.



## **Syntax**

assert\_transition

[#(severity\_level, width, property\_type, msg, coverage\_level)]
instance\_name (clk, reset\_n, test\_expr, start\_state, next\_state);

#### **Parameters**

severity\_levelSeverity of the failure. Default: 'OVL\_ERROR.widthWidth of the test\_expr argument. Default: 1.property\_typeProperty type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

clk.

#### **Ports**

clk Clock event for the assertion. The checker samples on the rising edge of the Active low synchronous reset signal indicating completed initialization. reset n test\_expr [ width - 1: 0 ] Expression that should transition to next\_state on the rising edge of clk if its value at the previous rising edge of clk is the same as the current value of start\_state. [ width - 1: 0 ] Expression that indicates the start state for the assertion check. If the start start state state matches the value of test\_expr on the previous rising edge of clk, the check is performed. next state [ width - 1: 0 ] Expression that indicates the only valid next state for the assertion check. If the value of test expr was start state at the previous rising edge of clk, then

the value of test\_expr should equal next\_state on the current rising edge of

Description

The assert\_transition assertion checker checks the expression *test\_expr* and *start\_state* at each rising edge of *clk* to see if they are the same. If so, the checker evaluates and stores the current value of *next\_state*. At the next rising edge of *clk*, the checker re-evaluates *test\_expr* to see if its value equals the stored value of *next\_state*. If not, the assertion fails. The checker returns to checking *start\_state* in the current cycle (unless a fatal failure occurred)

The *start\_state* and *next\_state* expressions are verification events that can change. In particular, the same assertion checker can be coded to verify multiple types of transitions of *test\_expr*.

The checker is useful for ensuring certain control structure values (such as counters and finite-state machine values) transition properly.

#### Assertion Check

ASSERT\_TRANSITION Expression transitioned from start\_state to a value different from next\_state.

Cover Point

start\_state Expression assumed a start state value.

#### **Notes**

1. The assertion check compares the current value of *test\_expr* with its previous value. Therefore, checking does not start until the second rising clock edge of *clk* after *reset\_n* deasserts.

#### See also

assert\_no\_transition

#### **Example**

```
assert_transition #(
     'OVL_ERROR,
                                                              // severity_level
                                                              // width
     3,
     'OVL_ASSERT,
                                                              // property_type
     "Error: bad count transition",
                                                              // msg
     'OVL_COVER_ALL)
                                                              // coverage_level
     valid_count (
                                                              // clock
          clk.
                                                              // reset
          reset_n,
          count,
                                                              // test_expr
          3'd3,
                                                              // start_state
          (sel_8 == 1'b0) ? 3'd0 : 3'd4);
                                                              // next_state
```

Ensures that count transitions from 3'd3 properly. If sel\_8 is 0, count should have transitioned to 3'd0. Otherwise, count should have transitioned to 3'd4.



## assert\_unchange

Ensures that the value of a specified expression does not change for a specified number of cycles after a start event initiates checking.



Parameters: Class: severity\_level n-cycle assertion

width num\_cks

action\_on\_new\_start property\_type msg coverage\_level

**Syntax** 

assert\_unchange

[#(severity\_level, width, num\_cks, action\_on\_new\_start, property\_type, msg, coverage\_level)]
instance\_name (clk, reset\_n, start\_event, test\_expr);

**Parameters** 

severity\_levelSeverity of the failure. Default: 'OVL\_ERROR.widthWidth of the test\_expr argument. Default: 1.

num\_cks Number of cycles test\_expr should remain unchanged after a start event.

Default: 1.

action\_on\_new\_start Method for handling a new start event that occurs before num\_cks clock

cycles transpire without a change in the value of *test\_expr.* Values are: 'OVL\_IGNORE\_NEW\_START, 'OVL\_RESET\_ON\_NEW\_START and 'OVL\_ERROR\_ON\_NEW\_START. Default: 'OVL\_IGNORE\_NEW\_START.

property\_type Property type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_nActive low synchronous reset signal indicating completed initialization.start\_eventExpression that (along with action\_on\_new\_start) identifies when to start

checking test\_expr.

test\_expr [width - 1: 0] Expression that should not change value for num\_cks cycles from the start

event unless the check is interrupted by a valid new start event.

#### **Description**

The assert\_unchange assertion checker checks the expression *start\_event* at each rising edge of *clk* to determine if it should check for a change in the value of *test\_expr*. If *start\_event* is sampled TRUE, the checker evaluates *test\_expr* and re-evaluates *test\_expr* at each of the subsequent *num\_cks* rising edges of *clk*. Each time the checker re-evaluates *test\_expr*, if its value has changed from its value in the previous cycle, the assertion fails.

The method used to determine how to handle a new start event, when the checker is in the state of checking for a change in *test\_expr*, is controlled by the *action\_on\_new\_start* parameter. The checker has the following actions:

☐ 'OVL\_IGNORE\_NEW\_START

The checker does not sample *start\_event* for the next *num\_cks* cycles after a start event.

☐ 'OVL\_RESET\_ON\_NEW\_START

The checker samples *start\_event* every cycle. If a check is pending and the value of *start\_event* is TRUE, the checker terminates the check and initiates a new check.

☐ 'OVL ERROR ON NEW START

The checker samples *start\_event* every cycle. If a check is pending and the value of *start\_event* is TRUE, the assertion fails with an illegal start event violation. In this case, the checker does not initiate a new check and does not terminate a pending check.

The checker is useful for ensuring proper changes in structures after various events. For example, it can be used to check that multiple-cycle operations with enabling conditions function properly with the same data. It can be used to check that single-cycle operations function correctly with data loaded at different cycles. It also can be used to verify synchronizing conditions that require date to be stable after an initial triggering event.

#### **Assertion Checks**

ASSERT\_UNCHANGE The test\_expr expression changed value within num\_cks cycles after

start\_event was sampled TRUE.

illegal start event The action\_on\_new\_start parameter is set to

'OVL\_ERROR\_ON\_NEW\_START and *start\_event* expression evaluated to TRUE while the checker was in the state of checking for a change in the value

of test\_expr.

#### **Cover Points**

cover\_window\_open A change check was initiated.

cover\_window\_close A change check lasted the full *num\_cks* cycles.

cover\_window\_resets The action\_on\_new\_start parameter is 'OVL\_RESET\_ON\_NEW\_START,

and start\_event was sampled TRUE while the checker was monitoring

test\_expr without detecting a changed value.

#### See also

assert\_change, assert\_time, assert\_win\_change, assert\_win\_unchange,
assert\_window

#### **Examples**

```
assert unchange #(
    'OVL_ERROR,
                                                          // severity_level
                                                          // width
    8,
                                                          // num_cks
    8,
    'OVL_IGNORE_NEW_START,
                                                          // action_on_new_start
    'OVL_ASSERT,
                                                          // property_type
    "Error: a changed during divide",
                                                          // msg
    'OVL_COVER_ALL)
                                                          // coverage_level
    valid_div_unchange_a (
         clk,
                                                          // clock
                                                          // reset
         reset_n,
         start == 1,
                                                          // start event
         a);
                                                          // test_expr
```

Ensures that a remains unchanged while a divide operation is performed (8 cycles). Restarts during divide operations are ignored.



```
assert_unchange #(
    'OVL_ERROR,
                                                          // severity_level
    8,
                                                          // width
    8,
                                                          // num_cks
    'OVL RESET ON NEW START,
                                                          // action_on_new_start
                                                          // property_type
    'OVL_ASSERT,
    "Error: a changed during divide",
                                                          // msg
    'OVL_COVER_ALL)
                                                          // coverage_level
    valid_div_unchange_a (
         clk,
                                                          // clock
                                                          // reset
         reset_n,
         start == 1,
                                                          // start_event
                                                          // test_expr
         a);
```

Ensures that a remains unchanged while a divide operation is performed (8 cycles). A restart during a divide operation starts the check over.



```
assert_unchange #(
    'OVL_ERROR,
                                                         // severity_level
    8,
                                                         // width
                                                         // num_cks
    8,
    'OVL_ERROR_ON_NEW_START,
                                                         // action_on_new_start
    'OVL_ASSERT,
                                                         // property_type
                                                         // msg
    "Error: a changed during divide",
    'OVL_COVER_ALL)
                                                         // coverage_level
    valid_div_unchange_a (
                                                         // clock
         clk,
                                                         // reset
         reset_n,
                                                         // start_event
         start == 1,
         a);
                                                         // test_expr
```

Ensures that a remains unchanged while a divide operation is performed (8 cycles). A restart during a divide operation is a violation.



## assert\_width

Ensures that when value of a specified expression is TRUE, it remains TRUE for a minimum number of clock cycles and transitions from TRUE no later than a maximum number of clock cycles.



### **Syntax**

assert\_width

[#(severity\_level, min\_cks, max\_cks, property\_type, msg, coverage\_level)]
instance name (clk, reset n, test expr);

#### **Parameters**

| severity_level | Severity of the failure. Default: 'OVL_ERROR.                                                                                                                                                                                                                                                                                                   |  |  |
|----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|
| min_cks        | Minimum number of clock edges <code>test_expr</code> must remain TRUE once it is sampled TRUE. The special case where <code>min_cks</code> is 0 turns off minimum checking (i.e., <code>test_expr</code> can transition from TRUE in the next clock cycle). Default: 1 (i.e., same as 0).                                                       |  |  |
| max_cks        | Maximum number of clock edges <code>test_expr</code> can remain TRUE once it is sampled TRUE. The special case where <code>max_cks</code> is 0 turns off maximum checking (i.e., <code>test_expr</code> can remain TRUE for any number of cycles). Default: 1 (i.e., <code>test_expr</code> must transition from TRUE in the next clock cycle). |  |  |
| property_type  | Property type. Default: 'OVL_ASSERT.                                                                                                                                                                                                                                                                                                            |  |  |
| msg            | Error message printed when assertion fails. Default: "VIOLATION".                                                                                                                                                                                                                                                                               |  |  |
| coverage_level | Coverage level. Default: 'OVL_COVER_ALL.                                                                                                                                                                                                                                                                                                        |  |  |
|                |                                                                                                                                                                                                                                                                                                                                                 |  |  |
| clk            | Clock event for the assertion. The checker samples on the rising edge of the clock.                                                                                                                                                                                                                                                             |  |  |
| test_expr      | Expression that should evaluate to TRUE for at least <i>min_cks</i> cycles and at most <i>max_cks</i> cycles after it is sampled TRUE.                                                                                                                                                                                                          |  |  |

#### Description

**Ports** 

The assert\_width assertion checker checks the single-bit expression *test\_expr* at each rising edge of *clk*. If the value of *test\_expr* is TRUE, the checker performs the following steps:

- 1. Unless it is disabled by setting *min\_cks* to 0, a minimum check is initiated. The check evaluates *test\_expr* at each subsequent rising edge of *clk*. If its value is not TRUE, the minimum check fails. Otherwise, after *min\_cks* -1 cycles transpire, the minimum check terminates.
- 2. Unless it is disabled by setting max\_cks to 0, a maximum check is initiated. The check evaluates test\_expr at each subsequent rising edge of clk. If its value does not transition from TRUE by the time max\_cks cycles transpire (from the start of checking), the maximum check fails.

3. The checker returns to checking test\_expr in the next cycle. In particular if test\_expr is TRUE, a new set of checks is initiated.

#### Assertion Checks

MIN\_CHECK The value of test\_expr was held TRUE for less than min\_cks cycles. MAX\_CHECK The value of test\_expr was held TRUE for more than max\_cks cycles. The min\_cks parameter is greater than the max\_cks parameter (and min\_cks > max\_cks max\_cks >0). Unless the violation is fatal, either the minimum or maximum check will fail.

#### **Cover Points**

```
A check was initiated (i.e., test_expr was sampled TRUE).
cover_test_expr_asserts
                                       The expression test_expr was held TRUE for exactly min_cks cycles
cover_test_expr_asserted_for_
min_cks
                                       (min\_cks > 0).
cover_test_expr_asserted_for_
                                       The expression test_expr was held TRUE for exactly max_cks cycles
max_cks
                                       (max_cks > 0).
```

#### See also

```
assert_change, assert_time, assert_unchange
```

#### **Example**

```
assert_width #(
     'OVL_ERROR,
                                                             // severity_level
     2,
                                                             // min_cks
    3,
                                                             // max_cks
     'OVL ASSERT.
                                                             // property_type
     "Error: invalid request",
                                                             // msg
     'OVL_COVER_ALL)
                                                             // coverage_level
     valid_request (
                                                             // clock
          clk,
                                                             // reset
          reset_n,
          req == 1);
                                                             // test_expr
```

#### Ensures req asserts for 2 or 3 cycles.



## assert\_win\_change

Ensures that the value of a specified expression changes in a specified window between a start event and an end event.



## **Syntax**

```
assert_win_change
[#(severity_level, width, property_type, msg, coverage_level)]
instance_name (clk, reset_n, start_event, test_expr, end_event);
```

#### **Parameters**

severity\_levelSeverity of the failure. Default: 'OVL\_ERROR.widthWidth of the test\_expr argument. Default: 1.property\_typeProperty type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_n Active low synchronous reset signal indicating completed initialization.

start\_event Expression that opens an event window.

test\_expr [ width - 1: 0 ] Expression that should change value in the event window

end\_event Expression that closes an event window.

#### Description

The assert\_win\_change assertion checker checks the expression *start\_event* at each rising edge of *clk* to determine if it should open an event window at the start of the next cycle. If *start\_event* is sampled TRUE, the checker evaluates *test\_expr*. At each subsequent rising edge of *clk*, the checker evaluates *end\_event* and re-evaluates *test\_expr*. If *end\_event* is TRUE, the checker closes the event window and if all sampled values of *test\_expr* equal its value at the start of the window, then the assertion fails. The checker returns to the state of monitoring *start\_event* at the next rising edge of *clk* after the event window is closed.

The checker is useful for ensuring proper changes in structures in various event windows. A typical use is to verify that synchronization logic responds after a stimulus (for example, bus transactions occurs without interrupts or write commands are not issued during read cycles). Another typical use is verifying a finite-state machine responds correctly in event windows.

#### Assertion Check

ASSERT\_WIN\_CHANGE The test\_expr expression did not change value during an open event window.

#### **Cover Points**

cover\_window\_open An event window opened (start\_event was TRUE).

cover\_window\_close An event window closed (end\_event was TRUE in an open event window).

#### See also

```
assert_change, assert_time, assert_unchange, assert_win_unchange,
assert_window
```

#### **Example**

```
assert_win_change #(
     'OVL_ERROR,
                                                            // severity_level
                                                            // width
     'OVL_ASSERT,
                                                            // property_type
     "Error: read not synchronized",
                                                            // msg
     'OVL_COVER_ALL)
                                                            // coverage_level
     valid_sync_data_bus_rd (
         clk,
                                                            // clock
                                                            // reset
          reset_n,
          rd,
                                                            // start event
          data,
                                                            // test_expr
          rd_ack);
                                                            // end_event
```

Ensures that data changes value in every data read window.



## assert\_win\_unchange

Ensures that the value of a specified expression does not change in a specified window between a start event and an end event.



Parameters: severity\_level width property\_type msg coverage\_level Class:

event-bounded assertion

## **Syntax**

assert\_win\_unchange

[#(severity\_level, width, property\_type, msg, coverage\_level)] instance\_name (clk, reset\_n, start\_event, test\_expr, end\_event);

#### **Parameters**

severity\_levelSeverity of the failure. Default: 'OVL\_ERROR.widthWidth of the test\_expr argument. Default: 1.property\_typeProperty type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_n Active low synchronous reset signal indicating completed initialization.

start\_event Expression that opens an event window.

test\_expr [ width - 1: 0 ] Expression that should not change value in the event window

end\_event Expression that closes an event window.

#### Description

The assert\_win\_unchange assertion checker checks the expression *start\_event* at each rising edge of *clk* to determine if it should open an event window at the start of the next cycle. If *start\_event* is sampled TRUE, the checker evaluates *test\_expr*. At each subsequent rising edge of *clk*, the checker evaluates *end\_event* and re-evaluates *test\_expr*. If a sampled value of *test\_expr* is changed from its value in the previous cycle, then the assertion fails. If *end\_event* is TRUE, the checker closes the event window and returns to the state of monitoring *start\_event* at the next rising edge of *clk*.

The checker is useful for ensuring certain variables and expressions do not change in various event windows. A typical use is to verify that synchronization logic responds after a stimulus (for example, bus transactions occurs without interrupts or write commands are not issued during read cycles). Another typical use is to verify that non-deterministic multiple-cycle operations with enabling conditions function properly with the same data.

#### Assertion Check

ASSERT\_WIN\_UNCHANGE The test\_expr expression changed value during an open event window.

#### **Cover Points**

cover\_window\_open An event window opened (start\_event was TRUE).

cover\_window\_close An event window closed (end\_event was TRUE in an open event window).

#### See also

```
assert\_change,\ assert\_time,\ assert\_unchange,\ assert\_win\_change,\ assert\_window
```

#### **Example**

```
assert_win_unchange #(
     'OVL_ERROR,
                                                            // severity_level
                                                            // width
     'OVL_ASSERT,
                                                            // property_type
     "Error: a changed during divide",
                                                            // msg
     'OVL_COVER_ALL)
                                                            // coverage_level
     valid_div_win_unchange_a (
         clk,
                                                            // clock
                                                            // reset
          reset_n,
          start,
                                                            // start event
                                                            // test_expr
          a,
                                                            // end_event
          done);
```

Ensures that the a input to the divider remains unchanged while a divide operation is performed (i.e., in the window from start to done).



## assert\_window

Ensures that the value of a specified expression is TRUE in a specified window between a start event and an end event.



Parameters: severity\_level property\_type msg coverage\_level Class:

event-bounded assertion

## **Syntax**

assert\_window

[#(severity\_level, property\_type, msg, coverage\_level)]
instance\_name (clk, reset\_n, start\_event, test\_expr, end\_event);

#### **Parameters**

severity\_level Severity of the failure. Default: 'OVL\_ERROR.

property\_type Property type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

Ports

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_n Active low synchronous reset signal indicating completed initialization.

start\_event Expression that opens an event window.

test\_expr Expression that should be TRUE in the event window

end\_event Expression that closes an event window.

#### Description

The assert\_window assertion checker checks the expression *start\_event* at each rising edge of *clk* to determine if it should open an event window at the start of the next cycle. If *start\_event* is sampled TRUE, at each subsequent rising edge of *clk*, the checker evaluates *end\_event* and *test\_expr*. If a sampled value of *test\_expr* is not TRUE, then the assertion fails. If *end\_event* is TRUE, the checker closes the event window and returns to the state of monitoring *start\_event* at the next rising edge of *clk*.

The checker is useful for ensuring proper changes in structures after various events. For example, it can be used to check that multiple-cycle operations with enabling conditions function properly with the same data. It can be used to check that single-cycle operations function correctly with data loaded at different cycles. It also can be used to verify synchronizing conditions that require date to be stable after an initial triggering event.

#### Assertion Check

ASSERT\_WINDOW

The test\_expr expression changed value during an open event window.

#### **Cover Points**

cover\_window\_open A change check was initiated.

cover\_window\_close A change check lasted the full *num\_cks* cycles.

#### See also

```
assert\_change,\ assert\_time,\ assert\_unchange,\ assert\_win\_change,\\ assert\_win\_unchange
```

#### **Example**

```
assert_window #(
    'OVL_ERROR,
                                                           // severity_level
    'OVL_ASSERT,
                                                           // property_type
    "Error: write without grant",
                                                           // msg
    'OVL_COVER_ALL)
                                                           // coverage_level
    valid_sync_data_bus_write (
                                                           // clock
         clk,
         reset_n,
                                                           // reset
                                                           // start_event
         write,
                                                           // test_expr
         bus_gnt,
         write_ack);
                                                           // end_event
```

Ensures that the bus grant is not deasserted during a write cycle.



## assert\_zero\_one\_hot

Ensures that the value of a specified expression is zero or one-hot.



## **Syntax**

```
assert_zero_one_hot
   [#(severity_level, width, property_type, msg, coverage_level)]
instance_name (clk, reset_n, test_expr);
```

#### **Parameters**

severity\_levelSeverity of the failure. Default: 'OVL\_ERROR.widthWidth of the test\_expr argument. Default: 32.property\_typeProperty type. Default: 'OVL\_ASSERT.

msg Error message printed when assertion fails. Default: "VIOLATION".

coverage\_level Coverage level. Default: 'OVL\_COVER\_ALL.

**Ports** 

clk Clock event for the assertion. The checker samples on the rising edge of the

clock.

reset\_nActive low synchronous reset signal indicating completed initialization.test\_expr[ width - 1: 0 ]Expression that should evaluate to either 0 or a one-hot value on the rising

clock edge.

## **Description**

The assert\_zero\_one\_hot assertion checker checks the expression *test\_expr* at each rising edge of *clk* to verify the expression evaluates to a one-hot value or is zero. A one-hot value has exactly one bit set to 1.

The checker is useful for verifying control circuits, circuit enabling logic and arbitration logic. For example, it can ensure that a finite-state machine with zero-one-cold encoding operates properly and has exactly one bit asserted high—or else is zero. In a datapath circuit the checker can ensure that the enabling conditions for a bus do not result in bus contention.

#### Assertion Checks

ASSERT\_ZERO\_ONE\_HOT Expression evaluated to a value with multiple bits set to 1.

test\_expr contains X/Z value Expression evaluated to a value with an X or Z bit, and 'OVL\_XCHECK\_OFF

is not set.

#### **Cover Points**

cover\_all\_one\_hots\_checked Expression evaluated to all possible combinations of one-hot values.

cover\_test\_expr\_all\_zeros Expression evaluated to 0.

cover\_test\_expr\_change Expression has changed value.

#### **Notes**

1. By default, the assert\_zero\_one\_hot assertion is optimistic and the assertion fails if *test\_expr* has multiple bits not set to 0 (i.e.equals 1, X, Z, etc.). However, if 'OVL\_XCHECK\_OFF is set, the assertion fails if and only if *test\_expr* has multiple bits that are 1.

#### See also

```
assert_one_cold, assert_one_hot
```

#### **Example**

```
assert_zero_one_hot #(
     'OVL_ERROR,
                                                            // severity_level
                                                            // width
     'OVL_ASSERT,
                                                            // property_type
     "Error: sel not zero or one-hot",
                                                            // msg
     'OVL_COVER_ALL)
                                                            // coverage_level
     valid_sel_zero_one_hot (
                                                            // clock
         clk.
                                                            // reset
          reset_n,
          sel);
                                                            // test_expr
```

Ensures that sel is zero or one-hot at each rising edge of clk.



# **OVL DEFINES**

# **Global Defines**

| Туре                | DEFINE                                | Description                                                                                                                                                                                                                             |
|---------------------|---------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Language            | 'OVL_VERILOG                          | (default) Creates assertion checkers defined in Verilog.                                                                                                                                                                                |
|                     | 'OVL_SVA                              | Creates assertion checkers defined in System Verilog.                                                                                                                                                                                   |
|                     | 'OVL_SVA_INTERFACE                    | Ensures OVL assertion checkers can be instantiated in an SVA interface construct. Default: not defined.                                                                                                                                 |
|                     | 'OVL_PSL                              | Creates assertion checkers defined in PSL. Default: not defined.                                                                                                                                                                        |
| Synthesizable Logic | 'OVL_SYNTHESIS_OFF                    | Ensures OVL logic is synthesizable. Default: not defined.                                                                                                                                                                               |
| Function            | 'OVL_ASSERT_ON                        | Activates assertion logic. Default: not defined.                                                                                                                                                                                        |
|                     | 'OVL_COVER_ON                         | Activates coverage logic. Default: not defined.                                                                                                                                                                                         |
| Reset               | 'OVL_GLOBAL_RESET=reset_signal        | Overrides the <i>reset_n</i> port assignments of all assertion checkers with the specified global reset signal. Default: each checker's reset is specified by the <i>reset_n</i> port.                                                  |
| Reporting           | 'OVL_MAX_REPORT_ERROR                 | Discontinues reporting a checker's assertion violations if the number of times the checker has reported one or more violations reaches this limit. Default: unlimited reporting.                                                        |
|                     | 'OVL_MAX_REPORT_COVER_<br>POINT       | Discontinues reporting a checker's cover points if the number of times the checker has reported one or more cover points reaches this limit. Default: unlimited reporting.                                                              |
|                     | 'OVL_INIT_MSG                         | Reports configuration information for each checker when it is instantiated at the start of simulation. Default: no initialization messages reported.                                                                                    |
|                     | 'OVL_END_OF_SIMULATION=<br>eos_signal | Performs quiescent state checking at end of simulation when the<br>eos_signal asserts. Default: not defined.                                                                                                                            |
| X/Z Values          | 'OVL_XCHECK_OFF                       | Turns off checking of values with X and Z bits. Disables all assert_never_unknown checkers. Default: 0/1/X/Z semantics assumed on assert_never, assert_never_unknown, assert_one_cold, assert_one_hot and assert_zero_one_hot checkers. |

## **Internal Global Defines**

The following global variables are for internal use and the user should not redefine them:

'endmodule 'module

'OVL\_RESET\_SIGNAL 'OVL\_SHARED\_CODE 'OVL\_STD\_DEFINES\_H 'OVL\_VERSION

# **Defines Common to All Assertions**

| Parameter      | DEFINE                                                                   | Description                                                                     |
|----------------|--------------------------------------------------------------------------|---------------------------------------------------------------------------------|
| severity_level | 'OVL_FATAL                                                               | Runtime fatal error.                                                            |
|                | 'OVL_ERROR                                                               | (default) Runtime error.                                                        |
|                | 'OVL_WARNING                                                             | Runtime Warning.                                                                |
|                | 'OVL_INFO                                                                | Assertion failure has no specific severity.                                     |
|                |                                                                          |                                                                                 |
| property_type  | 'OVL_ASSERT                                                              | (default) All the assertion checker's checks are asserts.                       |
|                | 'OVL_ASSUME                                                              | All the assertion checker's checks are assumes.                                 |
|                | 'OVL_IGNORE                                                              | All the assertion checker's checks are ignored.                                 |
|                |                                                                          |                                                                                 |
| coverage_level | 'OVL_COVER_ALL                                                           | (default) Activates coverage logic for the checker if 'OVL_COVER_ON is defined. |
|                | 'OVL_COVER_NONE                                                          | De-activates coverage logic for the checker, even if 'OVL_COVER_ON is defined.  |
|                | OVL_COVER_SANITY, OVL_COVER_BASIC, OVL_COVER_CORNER, OVL_COVER_STATISTIC | Reserved for future use.                                                        |

# **Defines for Specific Assertions**

| Parameter           | Checkers                                                        | DEFINE                       | Description                                                         |
|---------------------|-----------------------------------------------------------------|------------------------------|---------------------------------------------------------------------|
| action_on_new_start | assert_change<br>assert_frame<br>assert_time<br>assert_unchange | 'OVL_IGNORE_NEW_START        | (default) Ignore new start events.                                  |
|                     |                                                                 | 'OVL_RESET_ON_NEW_START      | Restart check on new start events.                                  |
|                     |                                                                 | 'OVL_ERROR_ON_NEW_START      | Assert fail on new start events.                                    |
| edge_type           | assert_always_on_edge                                           | 'OVL_NOEDGE                  | (default) Always initiate check.                                    |
|                     |                                                                 | 'OVL_POSEDGE                 | Initiate check on rising edge of sampling event.                    |
|                     |                                                                 | 'OVL_NEGEDGE                 | Initiate check on falling edge of sampling event.                   |
|                     |                                                                 | 'OVL_ANYEDGE                 | Initiate check on both edges of sampling event.                     |
| necessary_condition | assert_cycle_sequence                                           | 'OVL_TRIGGER_ON_MOST_PIPE    | (default) Necessary condition is full sequence. Pipelining enabled. |
|                     |                                                                 | 'OVL_TRIGGER_ON_FIRST_PIPE   | Necessary condition is first in sequence. Pipelining enabled.       |
|                     |                                                                 | 'OVL_TRIGGER_ON_FIRST_NOPIPE | Necessary condition is first in sequence. Pipelining disabled.      |
| inactive            | assert_one_cold                                                 | 'OVL_ALL_ZEROS               | Inactive state is all 0's.                                          |

| Parameter | Checkers | DEFINE        | Description                  |
|-----------|----------|---------------|------------------------------|
|           |          | 'OVL_ALL_ONES | Inactive state is all 1's.   |
|           |          | 'OVL_ONE_COLD | (default) No inactive state. |

# **INDEX**

```
assert_always 26
assert_always_on_edge 28
assert_change 31
assert_cycle_sequence 35
assert_decrement 39
assert_delta 41
assert_even_parity 43
assert_fifo_index 45
assert frame 48
assert_handshake 52
assert_implication 56
assert_increment 58
assert_never 60
assert_never_unknown 62, 64
assert_next 66
assert_no_overflow 69
assert_no_transition 71
assert_no_underflow 73
assert_odd_parity 75
assert_one_cold 77
assert_one_hot 80
assert_proposition 82
assert_quiescent_state 84
assert_range 86
assert_time 88
assert_transition 92
assert unchange 94
assert_width 98
assert_win_change 100
assert_win_unchange 102
assert_window 104
assert_zero_one_hot 106
С
checkers
  assert_always 26
  assert_always_on_edge 28
  assert_change 31
  assert_cycle_sequence 35
  assert_decrement 39
  assert_delta 41
  assert_even_parity 43
  assert fifo index 45
  assert frame 48
  assert\_handshake \ 52
  assert_implication 56
  assert_increment 58
  assert_never 60
  assert_never_unknown 62, 64
  assert_next 66
  assert_no_overflow 69
  assert_no_transition 71
  assert no underflow 73
  assert_odd_parity 75
```

Α

assert\_one\_cold 77
assert\_one\_hot 80
assert\_proposition 82
assert\_quiescent\_state 84
assert\_range 86
assert\_time 88
assert\_transition 92
assert\_unchange 94
assert\_win\_change 100
assert\_win\_unchange 102
assert\_window 104
assert\_zero\_one\_hot 106

#### D

data sheets, checkers 25