# Accellera Standard OVL V2 Library Reference Manual

Software Version 2.8.1

March 2014



#### License and Statement of Use of Accellera System Initiative's Open Verification Library

This product is licensed under the Apache Software Foundation's Apache License, Version 2.0, January 2004. The full license is available at: http://www.apache.org/licenses/. This Agreement governs the terms and conditions of use that apply to Accellera Systems Initiative's Open Verification Library ("OVL")

Accellera Systems Initiative standards documents are developed within Accellera Systems Initiative and the Technical Committee of Accellera Systems Initiative Inc. Accellera Systems Initiative develops its standards through a consensus development process, approved by its members and board of directors, which brings together volunteers representing varied viewpoints and interests to achieve the final product. Volunteers are not necessarily members of Accellera Systems Initiative and serve without compensation. While Accellera Systems Initiative administers the process and establishes rules to promote fairness in the consensus development process, Accellera Systems Initiative does not independently evaluate, test, or verify the accuracy of any of the information contained in its standards.

Use of an Accellera Systems Initiative standard is wholly voluntary. Accellera Systems Initiative disclaims liability for any personal injury, property or other damage, of any nature whatsoever, whether special, indirect, consequential, or compensatory, directly or indirectly resulting from the publication, use of, or reliance upon this, or any other Accellera Systems Initiative standard document. By using an Accellera Systems Initiative standard, you agree to defend, indemnify and hold harmless Accellera Systems Initiative and their directors, officers, employees and agents from and against all claims and expenses, including attorneys' fees, arising out of your use of an Accellera Systems Initiative standard.

Accellera Systems Initiative does not warrant or represent the accuracy or content of the material contained herein, and expressly disclaims any express or implied warranty, including any implied warranty of merchantability or suitability for a specific purpose, or that the use of the material contained herein is free from patent infringement. Accellera Systems Initiative standards documents are supplied "AS IS."

The existence of an Accellera Systems Initiative standard does not imply that there are no other ways to produce, test, measure, purchase, market, or provide other goods and services related to the scope of an Accellera Systems Initiative standard. Furthermore, the viewpoint expressed at the time a standard is approved and issued is subject to change due to developments in the state of the art and comments received from users of the standard. Every Accellera Systems Initiative standard is subjected to review periodically for revision and update. Users are cautioned to check to determine that they have the latest edition of any Accellera Systems Initiative standard.

In publishing and making this document available, Accellera Systems Initiative is not suggesting or rendering professional or other services for, or on behalf of, any person or entity. Nor is Accellera Systems Initiative undertaking to perform any duty owed by any other person or entity to another. Any person utilizing this, and any other Accellera Systems Initiative standards document, should rely upon the advice of a competent professional in determining the exercise of reasonable care in any given circumstances.

Accellera Systems Initiative may change the terms and conditions of this Statement of Use from time to time as we see fit and in our sole discretion. Such changes will be effective immediately upon posting, and you agree to the posted changes by continuing your access to or use of an Accellera Systems Initiative standard or any of its content in whatever form.

Interpretations: Occasionally questions may arise regarding the meaning of portions of standards as they relate to specific applications. When the need for interpretations is brought to the attention of Accellera Systems Initiative, Accellera Systems Initiative will initiate action to prepare appropriate responses. Since Accellera Systems Initiative standards represent a consensus of concerned interests, it is important to ensure that any interpretation has also received the concurrence of a balance of interests. For this reason, Accellera Systems Initiative and the members of its Technical Committee are not able to provide an instant response to interpretation requests except in those cases where the matter has previously received formal consideration.

Comments for revision of Accellera Systems Initiative standards are welcome from any interested party, regardless of membership affiliation with Accellera Systems Initiative. Suggestions for changes in documents should be in the form of a proposed change of text, together with appropriate supporting comments. Comments on standards and requests for interpretations should be addressed to:

Accellera Systems Initiative Inc. 1370 Trancas Street #163, Napa, CA 94558, USA E-mail: info@accellera.org



#### Note.

Attention is called to the possibility that implementation of this standard may require use of subject matter covered by patent rights. By publication of this standard, no position is taken with respect to the existence or validity of any patent rights in connection therewith. Accellera Systems Initiative shall not be responsible for identifying patents for which a license may be required by an Accellera Systems Initiative standard or for conducting inquiries into the legal validity or scope of those patents that are brought to its attention.

Accellera Systems Initiative is the sole entity that may authorize the use of Accellera Systems Initiative-owned certification marks and/or trademarks to indicate compliance with the materials set forth herein.

Authorization to photocopy, redistribute, publish, create derivative works from, sub-license or charge others to access or use, participate in the transfer or sale of, or directly or indirectly commercially exploit in whole or part of any Accellera Systems Initiative standard for internal or personal use must be granted by Accellera Systems Initiative Inc., provided that permission is obtained from and any required fee is paid to Accellera Systems Initiative. To arrange for authorization please contact Lynn Bannister, Accellera Systems Initiative, 1370 Trancas Street #163, Napa, CA 94558, 707-251-9977, lynn@accellera.org.

Permission to photocopy portions of any individual standard for educational classroom use can also be obtained from Accellera Systems Initiative.

#### Overview of this standard

This section describes the purpose and organization of this standard, the Accellera Standard Open Verification Library (Std. OVL) libraries implemented in IEEE Std. 1364-1995 Verilog and SystemVerilog 3.1a, Accellera's extensions to IEEE Std. 1364-2001 Verilog Hardware Description Language and Library Reference Manual (LRM)

#### Intent and scope of this document

The intent of this standard is to define Std. OVL accurately. Its primary audience is designers, integrators and verification engineers to check for good/bad behavior, and provides a single and vendor-independent interface for design validation using simulation, semiformal and formal verification techniques. By using a single well-defined interface, the OVL bridges the gap between the different types of verification, making more advanced verification tools and techniques available for non-expert users.

From time to time, it may become necessary to correct and/or clarify portions of this standard. Such corrections and clarifications may be published in separate documents. Such documents modify this standard at the time of their publication and remain in effect until superseded by subsequent documents or until the standard is officially revised.

#### **ACKNOWLEDGEMENTS**

These Accellera Systems Initiative OVL Libraries and Library Reference Manual (LRM) were specified and developed by experts from many different fields, including design and verification engineers, Electronic Design Automation companies and members of the OVL VSVA technical committee. The following contributors were involved in the creation of previous versions of the OVL: Bryan Bullis, Ben Cohen, Himanshu Goel, Vijay Gupta, Brent Hayhoe, Richard Ho, Dmitry Korchemny, Narayanan Krishnamurthy, David Lacey, Jim Lewis, Andrew MacCormack, Erich Marschner, Paul Menchini, Torkil Oelgaard, Uma Polisetti, Joseph Richards, Erik Seligman, Vinaya Singh, Sean Smith, Andy Tsay, Mike Turpin, Bipul Talukdar, and others.

The OVL technical committee and chair reports to Accellera TC Chairman:

#### TC Chairman Karen Pieper

The following individuals contributed to the creation, editing and review of the Accellera Systems Initiative OVL Libraries and LRM: Alan Becker/ARM, Shalom Bresticker/Intel, Eduard Cerny/Synopsys, Harry Foster/Mentor Graphics, Vijay Shanker Gottimukkula/Synchronicity, Jerry Kaczinsky/Aldec, David Lacey/Hewlett Packard, Kenneth Elmkjær Larsen/Mentor Graphics (OVL Chair), Ramesh Sathianathan/Mentor Graphics, Chris Shaw/Mentor Graphics, Manoj Kumar Thottasseri/Synopsys.

Major version 2.0 released June 2007

Minor version 2.1 released September 2007

Minor version 2.2 released January 2008

Minor version 2.3 released June 2008

Minor version 2.4 released March 2009

Minor version 2.5 released July 2010

Minor version 2.6 released November 2011

Minor version 2.7 released January 2013

Minor version 2.8 released September 2013

Minor version 2.8.1 released March 2014



# **Table of Contents**

| Chapter 1                   |            |
|-----------------------------|------------|
| Introduction                | 7          |
| About this Manual           | 7          |
| Notational Conventions      | 8          |
| Assertion Syntax Format     | 8          |
| References                  | 9          |
| Chapter 2                   |            |
| OVL Basics                  | 11         |
| OVL Assertion Checkers      | 12         |
| HDL Implementations         | 12         |
| OVL Checker Characteristics | 17         |
| Verilog OVL                 | 26         |
| Library Directory Structure | 26         |
| Use Model                   | 27         |
| Header Files                | 32         |
| VHDL OVL                    | 43         |
| Library Directory Structure | 43         |
| Use Model                   | 44         |
| Primary VHDL Packages       | 53         |
| Chapter 3                   |            |
| OVL Checkers                | <b>7</b> 1 |
| ovl_always                  | 72         |
| ovl_always_on_edge          | 75         |
| ovl_arbiter                 | 80         |
| ovl_bits                    | 86         |
| ovl_change                  | 90         |
| ovl_code_distance           | 96         |
| ovl_coverage                | 99         |
|                             | 102        |
| $=$ $\downarrow$ $=$ 1      | 113        |
| ovl_decrement               |            |
| ovl_delta                   |            |
|                             | 127        |
|                             | 130        |
|                             | 137        |
|                             | 142        |
| ovl_handshake               | 149        |
| ovl_hold_value              | 156        |
| ovl_implication             | 160        |
| ovl increment               | 163        |

| ovl_memory_async                       | 166 |
|----------------------------------------|-----|
| ovl_memory_sync                        | 172 |
| ovl_multiport_fifo                     | 179 |
| ovl_mutex                              | 188 |
| ovl_never                              | 191 |
| ovl_never_unknown                      | 194 |
| ovl_never_unknown_async                | 197 |
| ovl_next                               | 200 |
| ovl_next_state                         | 206 |
| ovl_no_contention                      | 210 |
| ovl_no_overflow                        | 214 |
| ovl_no_transition                      | 217 |
| ovl_no_underflow                       | 221 |
| ovl_odd_parity                         | 224 |
| ovl_one_cold                           | 227 |
| ovl_one_hot                            | 232 |
| ovl_proposition                        | 235 |
| ovl_quiescent_state                    | 238 |
| ovl_range                              | 242 |
| ovl_reg_loaded                         | 245 |
| ovl_req_ack_unique                     | 249 |
| ovl_req_requires                       | 253 |
| ovl_stack                              | 258 |
| ovl_time                               | 263 |
| ovl_transition                         | 269 |
| ovl_unchange                           | 273 |
| ovl_valid_id                           | 279 |
| ovl_value                              | 284 |
| ovl_value_coverage                     | 287 |
| ovl_width                              | 290 |
| ovl_win_change                         | 294 |
| ovl_win_unchange                       | 297 |
| ovl_window                             | 300 |
| ovl_xproduct_bit_coverage              | 303 |
| ovl_xproduct_value_coverage            |     |
| ovl_zero_one_hot.                      | 317 |
|                                        |     |
| Appendix A                             |     |
| OVL Macros                             | 321 |
| Global Macros                          | 321 |
| Macros Common to All Assertions        |     |
| Macros for Specific Assertions         |     |
| 2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2. | 220 |
| Appendix B                             |     |
| OVL Backward Compatibility             | 329 |
| VO 2                                   | 220 |

# **Chapter 1 Introduction**

Welcome to the Accellera standard Open Verification Library V2 (OVL). The OVL is composed of a set of assertion checkers that verify specific properties of a design. These assertion checkers are instantiated in the design establishing a unifying methodology for dynamic and formal verification.

OVL V2 is a superset of OVL V1 that includes all V1 checkers. The OVL V2 augments the structure of the V1 original checkers by adding parameters, ports and control logic. These new checker versions are similar, but not completely identical to their V1 counterparts. The V1 checker types were named with an "assert\_" prefix and their V2 counterparts are named with an "ovl\_" prefix, with the same base names. For backward compatibility, all OVL V1 checkers (assert\_\* checkers) are available and supported in OVL V2. So, all existing code utilizing OVL V1 will function the same with OVL V2 (except for bug fixes and enhancements).

The OVL provides designers, integrators and verification engineers with a single, vendor-independent interface for design validation using simulation, hardware acceleration or emulation, formal verification and semi-/hybrid-/dynamic-formal verification tools. By using a single, well defined, interface, the OVL bridges the gap between different types of verification, making more advanced verification tools and techniques available for non-expert users.

This document provides the reader with a set of data sheets that describe the functionality of each assertion checker in the OVL V2, as well as examples that show how to embed these assertion checkers into a design.

## **About this Manual**

It is assumed the reader is familiar with hardware description languages and conventional simulation environments. This document targets designers, integrators and verification engineers who intend to use the OVL in their verification flow and to tool developers interested in integrating the OVL in their products. This document has the following chapters:

OVL Basics

Fundamental information about the OVL library, including usage and examples.

• OVL Assertion Data Sheets

Data sheet for each type of OVL assertion checker.

OVL Defines

Information about the define values used in general and for configuring the checkers.

# **Notational Conventions**

The following textual conventions are used in this manual:

| emphasis | Italics in plain text are used for two purposes: (1) titles of manual chapters and |
|----------|------------------------------------------------------------------------------------|
|          | appendixes, and (2) terminology used inside defining sentences.                    |

- variable Italics in courier text indicate a meta-variable. You must replace the meta-variable with a literal value when you use the associated statement.
- Regular courier text indicates literal words used in syntax statements, code or in output.

Syntax statements appear in sans-serif typeface as shown here. In syntax statements, words in italics are meta-variables. You must replace them with relevant literal values. Words in regular (non-italic) sans-serif type are literals. Type them as they appear. Except for the following meta-characters, regular characters in syntax statements are literals. The following meta-characters have the given syntactical meanings. **You do not type these characters.** 

[ ] Square brackets indicate an optional entry.

# **Assertion Syntax Format**

OVL V2 checker types are named ovl\_checker. OVL V2 checkers are instantiated in Verilog and VHDL modules/entities with specified parameters/generics and connections to checker ports. Each checker type's data sheet shows a model of its checker's instance statement in a language-neutral mnemonic syntax statement. A checker type has parameters/generics common to all checkers and parameters/generics specific to its own type. The parameter/generic identifiers in a checker type's syntax statement are shown in this order:

```
severity_level, [checker specific parameter/generic identifiers], property_type, msg, coverage_level, clock_edge, reset_polarity, gating_type
```

A checker type has port identifiers common to all checkers and ports specific to its own type. The port identifiers in a checker type's syntax statement are declared in this order:

```
clock*, reset, enable, [checker specific ports], fire
```

except (\*) that asynchronous checker types have no *clock* port and multiclock checker types have multiple clock ports.

# References

The following is a list of resources related to design verification and assertion checkers.

- Bening, L. and Foster, H., *Principles of Verifiable RTL Design, a Functional Coding Style Supporting Verification Processes in Verilog*, 2nd Ed., Kluwer Academic Publishers, 2001.
- Bergeron, J., Writing Testbenches: Functional Verification of HDL Models, Kluwer Academic Publishers, 2000.
- Bergeron, J., Cerny, E., Hunter, A., and Nightingale, A., *Verification Methodology Manual for SystemVerilog*, Springer, 2005, ISBN 978-0-387-25538-5.
- Foster, H., Krolnik, A., Lacey, D. *Assertion-Based Design*, Kluwer Academic Publishers, 2003.

# Chapter 2 OVL Basics

The OVL is composed of a set of assertion checkers that verify specific properties of a design. These assertion checkers are instantiated in the design establishing a unifying methodology for dynamic and formal verification.

OVL assertion checkers are instances of modules whose purpose in the design is to guarantee that some conditions hold true. Assertion checkers are composed of one or more properties, a message, a severity and coverage.

- Properties are design attributes that are being verified by an assertion. A property can be classified as a combinational or temporal property.
  - A combinational property defines relations between signals during the same clock cycle while a temporal property describes the relation between the signals over several (possibly infinitely many) cycles.
- Message is a string that is displayed in the case of an assertion failure.
- Severity indicates whether the error captured by the assertion library is a major or minor problem.
- Coverage indicates whether or not specific corner-case events occur and counts the occurrences of specific events.

Assertion checkers benefit users by:

- Testing internal points of the design, thus increasing observability of the design.
- Simplifying the diagnosis and detection of bugs by constraining the occurrence of a bug to the assertion checker being checked.
- Allowing designers to reuse the same assertions for different methodologies, typically simulation and formal verification.

# **OVL Assertion Checkers**

Assertion checkers address design verification concerns and can be used as follows to increase design confidence:

- Combine assertion checkers to increase the coverage of the design (for example, in corner-case behavior or interface protocols).
- Include assertion checkers when a module has an external interface. In this case, assumptions on the correct input and output behavior should be guarded and verified.
- Include assertion checkers when interfacing with third party modules, since the designer
  may not be familiar with the module description (as in the case of IP cores), or may not
  completely understand the module. In these cases, guarding the module with assertion
  checkers may prevent incorrect use of the module.
- Some IP providers embed assertions with their designs, so they can be turned on for integration checking.

Usually there is a specific assertion checker suited to cover a potential problem. In other cases, even though a specific assertion checker might not exist, a combination of two or three assertion checkers can provide the desired verification checks. It is also possible to combine an OVL assertion with additional HDL logic to check for the desired behavior. The number of actual assertions that must be added to a specific design may vary from a few to thousands, depending on the complexity of the design and the complexity of the properties that must be checked.

Writing assertion checkers for a given design requires careful analysis and planning for maximum efficiency. While writing too few assertions might not achieve the desired level of checking in a design, writing too many assertions may increase verification time, sometimes without increasing the coverage. In most cases, however, the runtime penalty incurred by adding assertion checkers is relatively small.

# **HDL Implementations**

Designers instantiate OVL assertion checkers as logic components in design code. Two variations are available, corresponding to the two "base" HDL language families: Verilog and VHDL. Checker assertion and coverage logic can be instantiated in several different standard implementations. The current implementations are in five IEEE languages:

- Verilog Family
  - Verilog 1995 (IEEE 1364),
  - SVA 2005 (IEEE 1800),
  - PSL 2005 (IEEE 1850).

VHDL

#### VHDL

• VHDL 1993 (IEEE 1076),

Verilog

• PSL 2005 (IEEE 1850).

Not all checker types have been implemented in all HDLs. Table 2-1 shows the currently implemented checker types with  $\sqrt{}$  marks. The table shows the checker types that have full *fire* output ports implemented with  $\Rightarrow$  marks. *Fire* outputs of the other types of checkers are currently tied low. Green ( ) indicates the checker type is implemented in all languages; red ( ) indicates the checker type is implemented only in SVA; and wheat ( ) indicates the checker type is implemented in some other combination.

Checker implementations that are synthesizable are indicated with *synth*. You must specify OVL\_SYNTHESIS (see "Generating Synthesizable Logic" on page 27) to disable unsynthesizable logic for these checkers. "Synthesizing the VHDL OVL Library" on page 51 shows how to instantiate synthesizable VHDL checker logic.

Table 2-1. OVL Library

|                    | vernog                     |                      |           | VIIDL                      |              |
|--------------------|----------------------------|----------------------|-----------|----------------------------|--------------|
| checker type       | Verilog-95                 | <b>SVA-05</b>        | PSL-05    | VHDL-93                    | PSL-05       |
| ovl_always         | $\sqrt{\Rightarrow}$ synth | $\sqrt{\Rightarrow}$ | V         | $\sqrt{\Rightarrow}$ synth | $\sqrt{}$    |
| ovl_always_on_edge | $\sqrt{}$                  | $\sqrt{}$            | $\sqrt{}$ |                            | $\sqrt{}$    |
| ovl_arbiter        |                            | $\sqrt{}$            |           |                            |              |
| ovl_bits           |                            | $\sqrt{}$            |           |                            |              |
| ovl_crc            |                            | $\sqrt{}$            |           |                            |              |
| ovl_change         | $\sqrt{}$                  | V                    | V         |                            | V            |
| ovl_code_distance  |                            | $\sqrt{}$            |           |                            |              |
| ovl_coverage       |                            | $\sqrt{}$            |           |                            |              |
| ovl_cycle_sequence | $\sqrt{\Rightarrow}$ synth | $\sqrt{\Rightarrow}$ | $\sqrt{}$ | $\sqrt{\Rightarrow}$ synth | $\sqrt{}$    |
| ovl_decrement      | $\sqrt{}$                  | $\sqrt{}$            | $\sqrt{}$ |                            | $\sqrt{}$    |
| ovl_delta          | $\sqrt{}$                  | $\sqrt{}$            | $\sqrt{}$ |                            | $\checkmark$ |
| ovl_even_parity    | $\sqrt{}$                  | $\sqrt{}$            | $\sqrt{}$ |                            | $\sqrt{}$    |
| ovl_fifo           |                            | $\sqrt{}$            |           |                            |              |
| ovl_fifo_index     | $\sqrt{}$                  | V                    | V         |                            | $\sqrt{}$    |
| ovl_frame          | $\sqrt{}$                  | $\sqrt{}$            | $\sqrt{}$ |                            | $\sqrt{}$    |
| ovl_handshake      | $\sqrt{}$                  | $\sqrt{}$            | $\sqrt{}$ |                            | $\sqrt{}$    |
| ovl_hold_value     |                            | $\sqrt{}$            |           |                            |              |

Table 2-1. OVL Library

Verilog **VHDL** checker type Verilog-95 **SVA-05** PSL-05 VHDL-93 PSL-05  $\sqrt{}$  $\sqrt{}$  $\sqrt{\Rightarrow}$ ovl\_implication  $\sqrt{\Rightarrow}$  synth  $\sqrt{\Rightarrow}$  synth  $\sqrt{}$  $\sqrt{}$  $\sqrt{}$ ovl\_increment ovl\_memory\_async ovl\_memory\_sync ovl\_multiport\_fifo ovl\_mutex ovl never  $\sqrt{\Rightarrow}$  synth  $\sqrt{\Rightarrow}$  synth  $\sqrt{\Rightarrow}$  synth  $\sqrt{\Rightarrow}$  $\sqrt{\Rightarrow}$  synth ovl\_never\_unknown  $\sqrt{\Rightarrow}$  synth ovl\_never\_unknown\_async  $\sqrt{\Rightarrow}$  synth  $\sqrt{\Rightarrow}$  synth ovl\_next  $\sqrt{\Rightarrow}$  $\sqrt{}$ ovl\_next\_state  $\sqrt{}$ ovl no contention ovl\_no\_overflow ovl\_no\_transition ovl\_no\_underflow ovl\_odd\_parity ovl\_one\_cold  $\sqrt{\Rightarrow}$  $\sqrt{\Rightarrow}$  synth ovl one hot  $\sqrt{\Rightarrow}$  synth  $\sqrt{}$  $\sqrt{}$ ovl\_proposition  $\sqrt{}$ ovl\_quiescent\_state  $\sqrt{\Rightarrow}$  synth  $\sqrt{\Rightarrow}$  $\sqrt{\Rightarrow}$  synth ovl\_range ovl\_reg\_loaded ovl\_req\_ack\_unique ovl\_req\_requires ovl\_stack ovl time ovl\_transition ovl\_unchange  $\sqrt{}$ ovl\_valid\_id

Table 2-1. OVL Library

|                           | Verilog                    |                          |           | VHDL                       |              |
|---------------------------|----------------------------|--------------------------|-----------|----------------------------|--------------|
| checker type              | Verilog-95                 | SVA-05                   | PSL-05    | VHDL-93                    | PSL-05       |
| ovl_value                 |                            | V                        |           |                            |              |
| ovl_value_coverage        |                            | $\sqrt{}$                |           |                            |              |
| ovl_width                 | V                          | $\sqrt{}$                | $\sqrt{}$ |                            | $\sqrt{}$    |
| ovl_win_change            | $\sqrt{}$                  | $\sqrt{}$                | $\sqrt{}$ |                            | $\sqrt{}$    |
| ovl_win_unchange          | $\sqrt{\Rightarrow}$ synth | $\sqrt{\Rightarrow}$     | $\sqrt{}$ |                            | $\checkmark$ |
| ovl_window                | $\sqrt{}$                  | $\sqrt{}$                | $\sqrt{}$ |                            | $\checkmark$ |
| ovl_xproduct_bit_coverage |                            | $\sqrt{}$                |           |                            |              |
| ovl_xproduct_value_covera |                            | $\sqrt{}$                |           |                            |              |
| ge                        |                            |                          |           |                            |              |
| ovl_zero_one_hot          | $\sqrt{\Rightarrow} synth$ | $\checkmark \Rightarrow$ |           | $\sqrt{\Rightarrow} synth$ | $\sqrt{}$    |

## **OVL V1-Style Checkers**

For backward-compatibility with designs that use OVL V1 checkers, the OVL V2 library includes copies of the checkers from the V1 library (updated with code fixes, but having the same "footprints" as the V1 library checkers). These checker types are recognized by their "assert\_" prefixes. Table 2-2 shows the V1-style OVL library's checker types' implementations. None of these checker types have *fire* outputs because the *fire* ports were new on the ovl\_\* checkers. The V1-style checkers have no outputs, so their logic is optimized out by synthesis tools (i.e., no V1-style checkers are synthesizable).

Table 2-2. OVL V1-Style Checkers
Verilog

| checker type          | Verilog-95   | SVA-05       | PSL-05       |
|-----------------------|--------------|--------------|--------------|
| assert_always         | $\sqrt{}$    | $\sqrt{}$    | $\sqrt{}$    |
| assert_always_on_edge | $\sqrt{}$    | $\sqrt{}$    | $\sqrt{}$    |
| assert_change         | $\checkmark$ | $\checkmark$ | $\checkmark$ |
| assert_cycle_sequence | $\checkmark$ | $\checkmark$ | $\checkmark$ |
| assert_decrement      | $\checkmark$ | $\checkmark$ | $\checkmark$ |
| assert_delta          | $\checkmark$ | $\checkmark$ | $\checkmark$ |
| assert_even_parity    | $\checkmark$ | $\sqrt{}$    | $\checkmark$ |
| assert_fifo_index     | $\checkmark$ | $\checkmark$ | $\checkmark$ |
| assert_frame          | $\sqrt{}$    | $\sqrt{}$    | $\sqrt{}$    |

Table 2-2. OVL V1-Style Checkers

# Verilog

| checker type               | Verilog-95   | SVA-05       | PSL-05       |
|----------------------------|--------------|--------------|--------------|
| assert_handshake           | $\sqrt{}$    | $\sqrt{}$    | $\sqrt{}$    |
| assert_implication         | $\sqrt{}$    | $\checkmark$ | $\sqrt{}$    |
| assert_increment           | $\sqrt{}$    | $\checkmark$ | $\sqrt{}$    |
| assert_never               | $\sqrt{}$    | $\checkmark$ | $\sqrt{}$    |
| assert_never_unknown       | $\checkmark$ | $\sqrt{}$    | $\sqrt{}$    |
| assert_never_unknown_async | $\sqrt{}$    | $\checkmark$ | $\sqrt{}$    |
| assert_next                | $\sqrt{}$    | $\checkmark$ | $\sqrt{}$    |
| assert_no_overflow         | $\sqrt{}$    | $\checkmark$ | $\sqrt{}$    |
| assert_no_transition       | $\checkmark$ | $\checkmark$ | $\sqrt{}$    |
| assert_no_underflow        | $\checkmark$ | $\checkmark$ | $\sqrt{}$    |
| assert_odd_parity          | $\checkmark$ | $\checkmark$ | $\sqrt{}$    |
| assert_one_cold            | $\checkmark$ | $\checkmark$ | $\sqrt{}$    |
| assert_one_hot             | $\checkmark$ | $\checkmark$ | $\sqrt{}$    |
| assert_proposition         | $\sqrt{}$    | $\checkmark$ | $\sqrt{}$    |
| assert_quiescent_state     | $\checkmark$ | $\checkmark$ | $\sqrt{}$    |
| assert_range               | $\sqrt{}$    | $\checkmark$ | $\sqrt{}$    |
| assert_time                | $\sqrt{}$    | $\checkmark$ | $\sqrt{}$    |
| assert_transition          | $\sqrt{}$    | $\checkmark$ | $\sqrt{}$    |
| assert_unchange            | $\sqrt{}$    | $\checkmark$ | $\sqrt{}$    |
| assert_width               | $\sqrt{}$    | $\checkmark$ | $\sqrt{}$    |
| assert_win_change          | $\sqrt{}$    | $\checkmark$ | $\sqrt{}$    |
| assert_win_unchange        | $\checkmark$ | $\checkmark$ | $\sqrt{}$    |
| assert_window              | $\checkmark$ | $\checkmark$ | $\sqrt{}$    |
| assert_zero_one_hot        | $\sqrt{}$    | $\checkmark$ | $\checkmark$ |

## **OVL Checker Characteristics**

#### **Checker Class**

OVL assertion checkers are partitioned into the following checker classes:

- Combinational assertions behavior checked with combinational logic.
- 1-cycle assertions behavior checked in the current cycle.
- 2-cycle assertions behavior checked for transitions from the current cycle to the next.
- *n*-cycle assertions behavior checked for transitions over a fixed number of cycles.
- Event-bounded assertions behavior is checked between two events.

## **Checker Parameters/Generics**

Each OVL assertion checker has its own set of parameters as described in its corresponding data sheet ("OVL Checkers" on page 71). The following parameters are (typically) common to all checkers: severity\_level, property\_type, msg, coverage\_level, clock\_edge, reset\_polarity and gating\_type. Each of these types of parameters has a default value used when the corresponding checker parameter is unspecified in the checker instance specification. These defaults are set by the following global Verilog macros (which can be modified): OVL\_SEVERITY\_DEFAULT, OVL\_PROPERTY\_DEFAULT, OVL\_MSG\_DEFAULT, OVL\_COVER\_DEFAULT, OVL\_CLOCK\_EDGE\_DEFAULT, OVL\_RESET\_POLARITY\_DEFAULT and OVL\_GATING\_TYPE\_DEFAULT (see "Setting Checker Parameter Defaults" on page 28). VHDL OVL\_CTRL\_DEFAULTS are set in the ovl\_ctrl\_record record (see "ovl\_ctrl\_record Record" on page 45).

The checker parameters/generics can be assigned instance-specific values using the appropriate Verilog macros or VHDL constants defined in the *std\_ovl\_defines.h* and *std\_ovl.vhd* files respectively. The macro and constant identifier names are the same in both HDLs.

## severity\_level

A checker's "severity level" determines how to handle an assertion violation. The *severity\_level* parameter sets the checker's severity level and can have one of the following values:

OVL\_FATAL Runtime fatal error (simulation stops).

OVL\_ERROR Runtime error.

OVL\_WARNING Runtime warning (e.g., software warning).

OVL\_INFO Information only (no improper design functionality).

If severity\_level is not one of these values, the checker issues the following message:

Illegal option used in parameter 'severity\_level'

#### property\_type

A checker's "property type" determines whether to use the assertion as an assert property or an assume property (for example, a property that a formal tool uses to determine legal stimulus). The property type also selects whether to assert/assume X/Z value checks or not. The *property\_type* parameter sets the checker's property type and can have one of the following values:

| OVL_ASSERT        | Assert assertion check and X/Z check properties.                                                                                                                                                                                              |
|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| OVL_ASSUME        | Assume assertion check and X/Z check properties.                                                                                                                                                                                              |
| OVL_ASSERT_2STATE | Assert assertion check properties. Ignore X/Z check properties.                                                                                                                                                                               |
| OVL_ASSUME_2STATE | Assume assertion check properties. Ignore X/Z check properties.                                                                                                                                                                               |
| OVL_IGNORE        | Ignore assertion check and X/Z check properties. Used to turn off checking while maintaining coverage collection. To switch off sets of assertions, define macros for the property types, for example: 'define MY_OVL_CHECKS_OFF 'OVL_IGNORE. |

If *property\_type* is not one of these values, an assertion violation occurs and the checker issues the following message:

```
Illegal option used in parameter 'property_type'
```

#### msg

The default value of OVL\_MSG\_DEFAULT is "VIOLATION". Changing this define provides a default message printed when a checker assertion is violated. To override this default message for an individual checker, set the checker's *msg* parameter.

## coverage\_level

A checker's "coverage level" determines the cover point information reported by the individual checker. The *coverage\_level* parameter sets the checker's coverage level. This parameter can be any bitwise-OR of the defined cover point type values ("Cover Points" on page 24 and "Monitoring Coverage" on page 28):

| OVL_COVER_SANITY    | Report SANITY cover points.    |
|---------------------|--------------------------------|
| OVL_COVER_BASIC     | Report BASIC cover points.     |
| OVL_COVER_CORNER    | Report CORNER cover points.    |
| OVL_COVER_STATISTIC | Report STATISTIC cover points. |

For example, if the *coverage level* parameter for an instance of the assert range checker is:

```
OVL COVER BASIC + OVL COVER CORNER
```

then the checker reports all three assert\_range cover points (*cover\_test\_expr\_change*, *cover\_test\_expr\_at\_min* and *cover\_test\_expr\_at\_max*). To simplify instance specifications, two additional cover point values are defined:

OVL\_COVER\_NONE Disable coverage reporting.

OVL\_COVER\_ALL Report information for all cover points.

#### clock\_edge

A checker's "clock edge" selects the active edges for the *clock* input to the checker. Edgetriggered checkers perform their analyses—which include evaluating inputs, checking assertions and updating counters—at the active edges of their clocks. The elapsed time from one active clock edge to the next is referred to as a *clock cycle* (or simply *cycle*). The *clock\_edge* parameter specifies the checker's active clock edges and can have one of the following values:

OVL\_POSEDGE Rising edges are active clock edges.

OVL\_NEGEDGE Falling edges are active clock edges.

#### reset\_polarity

A checker's "reset polarity" selects the *active level* of the checker *reset* input. When reset becomes active, the checker clears pending properties and internal values (coverage point values remain unchanged). A subsequent edge of the *reset* signal makes *reset* inactive, which initializes and activates the checker. The *reset\_polarity* parameter sets the checker's reset polarity and can have one of the following values:

OVL\_ACTIVE\_LOW Reset is active when FALSE.

OVL\_ACTIVE\_HIGH Reset is active when TRUE.

## gating\_type

A checker's "gating type" selects the signal gated by the *enable* input. The *gating\_type* parameter can be set to one of the following values:

| OVL_GATE_NONE  | Checker ignores the <i>enable</i> input.                                                                                                          |
|----------------|---------------------------------------------------------------------------------------------------------------------------------------------------|
| OVL_GATE_CLOCK | Checker pauses when <i>enable</i> is FALSE. The checker treats the current cycle as a NOP. Checks, counters and internal values remain unchanged. |
| OVL_GATE_RESET | Checker resets (as if the <i>reset</i> input became active) when <i>enable</i> is FALSE.                                                          |

#### **Checker Ports**

Each OVL assertion checker has its own set of ports as described in its corresponding data sheet. The following ports are (typically) common to all checkers.

#### clock

Each "edge-triggered" assertion checker has a clocking input port named *clock*. All of the checker's sampling, assertion checking and coverage collection tasks are performed at "active" edges of the checker's *clock* input. The active clock edges are set by the checker's *clock\_edge* parameter (page 18): OVL\_POSEDGE (rising edges) or OVL\_NEGEDGE (falling edges). The default *clock\_edge* parameter is set by the following global variable:

```
OVL_CLOCK_EDGE_DEFAULT Sets the default clock_edge parameter value for checkers. Default: OVL_POSEDGE.
```

#### Gating clock

If a checker's *gating\_type* parameter (page 18) is set to OVL\_GATE\_CLOCK, the checker's *enable* signal gates the *clock* input to the checker. Here the actual clock signal used internally by the checker is the gated clock formed combinationally from *clock* and *enable*. Deasserting *enable* in effect pauses the checker at the current state. No data ports are sampled; no checking is performed; no counters are incremented; and no coverage data are collected. When *enable* asserts again, the checker continues from the state it was "paused" by *enable*.

The internal clock for a checker (called *clk*) is formed combinationally from *clock* and possibly *enable* (based on the gating type and active clock edge for the checker) using the following logic:

Note that setting the OVL\_GATING\_OFF define disables clock (and reset) gating for all checkers.

#### reset

Each assertion checker has a reset input port named *reset*. Associated with the *reset* port is the checker's *reset\_polarity* parameter: OVL\_ACTIVE\_LOW (*reset* active when FALSE) or OVL\_ACTIVE\_HIGH (*reset* active when TRUE). The default *reset\_polarity* parameter is set by the following global variable:

```
OVL_RESET_POLARITY_
DEFAULT

Sets the default reset_polarity parameter value for checkers.
Default: OVL_ACTIVE_LOW.
```

When a checker that is not in reset mode samples an active *reset*, the checker enters reset mode. The checker cancels pending assertion checks and freezes coverage data at their current values. At the next active clock edge that *reset* is not active, the checker exits reset mode. The checker initializes assertion properties and the checker behaves as it started from its initialized state—except coverage data continues from the values frozen during the reset interval.

#### Gating reset

If a checker's *gating\_type* parameter is set to OVL\_GATE\_RESET, its *enable* signal 'gates' the *reset* input to the checker. Here the reset signal used internally by the checker is the gated input formed combinationally from *reset* and *enable* (and inverted if *reset* is active high). The *enable* input acts as a second, active-low reset.

The internal reset for a checker (called *reset\_n*) is formed combinationally from *reset* and possibly *enable* using the following logic:

#### **Global Reset**

The *reset* port assignments of all assertion checkers can be overridden and controlled by the following global variable:

```
OVL_GLOBAL_RESET= reset_signal
```

Overrides the *reset* port assignments of all assertion checkers with the specified global *reset\_signal*. Checkers ignore their *reset\_polarity* parameters and treat the global reset as an active-low reset. Default: each checker's reset is specified by the *reset* port and *reset\_polarity* parameters.

Internally, each checker uses the reset signal defined by OVL\_RESET\_SIGNAL:

```
// Selecting global reset or local reset for the checker reset signal
```

```
'ifdef OVL_GLOBAL_RESET
   'define OVL_RESET_SIGNAL 'OVL_GLOBAL_RESET
'else
   'define OVL_RESET_SIGNAL reset_n
'endif
```

#### enable

Each assertion checker has an enabling input port named *enable*. This input is used to gate either the *clock* or *reset* signals for the checker (effectively pausing or resetting the checker). The effect of the enable port on the checker is determined by the checker's *gating\_type* parameter (page 18):

- OVL\_GATE\_NONE (no effect),
- OVL\_GATE\_CLOCK (gate *clock*, see "Gating clock" on page 19) or
- OVL\_GATE\_RESET (gate *reset*, see "Gating reset" on page 20).

The default *gating\_type* parameter is set by the following global variable: OVL\_GATING\_TYPE\_DEFAULT (default: OVL\_GATE\_CLOCK).

#### fire

Each assertion checker has a fire signal output port named *fire*. Future OVL releases might extend this output, so extra bits are reserved for future use. For the V2.8 release of OVL, this is a 3-bit port:

```
'define OVL_FIRE_WIDTH 3
```

The *fire* output port has the following bits:

| fire[0] | Assertion fired in 2-state mode (an assertion check violation). |
|---------|-----------------------------------------------------------------|
| fire[1] | X/Z check fired in non-2-state mode.                            |
| fire[2] | Coverage fired.                                                 |

A fire bit is set to '1' in the cycle in which the violation occurs and reset to '0' in the next cycle by a clocked process. The following macros are defined for accessing individual *fire* bits:

```
'define OVL_FIRE_2STATE 0
'define OVL_FIRE_XCHECK 1
'define OVL_FIRE_COVER 2
```

## **Assertion Checks**

Each assertion checker verifies that its parameter values are legal. If an illegal option is specified, the assertion fails. The assertion checker also checks at least one assertion. Violation of any of these assertions is an *assertion failure*. The data sheet for the assertion shows the

various failure types for the assertion checker (except for incorrect option values for *severity\_level*, *property\_type*, *coverage\_level*, *clock\_edge*, *reset\_polarity* and *gating\_type*).

For example, the ovl\_frame checker data sheet shows the following types of assertion failures:

Value of test\_expr was TRUE before min\_cks cycles after start\_event was sampled TRUE or its value was not TRUE before max\_cks cycles transpired after the rising edge of start\_event.

illegal start event The action\_on\_new\_start parameter is set to OVL\_ERROR\_ON\_NEW\_START and start\_event expression evaluated to TRUE while the checker was monitoring test\_expr.

min\_cks > max\_cks

The min\_cks parameter is greater than the max\_cks parameter (and max\_cks > 0). Unless the violation is fatal, either the

minimum or maximum check will fail.

## X/Z Checks

Assertion checkers can produce indeterminate results if a checker port value contains an X or Z bit when the checker samples the port. (Note that a checker does not necessarily sample every port at every active clock edge.) To assure determinate results, assertion checkers have special assertions for X/Z checks. These assertions fall into two groups: explicit X/Z checks and implicit X/Z checks (see "Checking X and Z Values" on page 29). (Note that OVL does not differentiate between X and Z values.)

## **Explicit X/Z Checks**

Two assertion checker types are specifically designed to verify that their associated expressions have known and driven values: ovl\_never\_unknown and ovl\_never\_unknown\_async. Each has a single assertion check:

 $\begin{array}{ll} \text{test\_expr contains X/Z} & \text{Expression evaluated to a value with an X or Z bit, and} \\ \text{value} & \text{OVL\_XCHECK\_OFF is not set.} \end{array}$ 

Explicit X/Z checking is implemented when instances of these checkers are added explicitly to verify relevant expressions. Setting OVL\_XCHECK\_OFF turns off all X/Z checks, both explicit and implicit (in particular, all ovl\_never\_unknown and ovl\_never\_unknown\_async checkers are excluded).

## Implicit X/Z Checks

All assertion checker types — except ovl\_never\_unknown and ovl\_never\_unknown\_async — have implicit X/Z checks. These are assertions that specific checker ports have known and

driven values when the checker samples the ports. For example, the ovl\_frame checker type has the following implicit X/Z checks:

```
\begin{array}{ll} \text{test\_expr contains X} & \text{Expression value was X or Z.} \\ \text{or Z} & \text{Start\_event contains X} & \text{Start event value was X or Z.} \\ \text{or Z} & \end{array}
```

Implicit checking is implemented inside the checker logic itself. For many checkers, implicit X/Z-check violations are not triggered for every occurrence of a sampled X/Z value for the associated checker port. For example, consider the ovl\_implication checker, which has X/Z checks for *antecedent\_expr* and *consequent\_expr*:

|   | antecedent_expr | consequent_expr | Assertion fails?                                        |
|---|-----------------|-----------------|---------------------------------------------------------|
| a | True            | X/Z             | if consequent_expr is False                             |
| b | False           | X/Z             | no                                                      |
| c | X/Z             | True            | no                                                      |
| d | X/Z             | False           | if antecedent_expr is True                              |
| e | X/Z             | X/Z             | if antecedent_expr is True and consequent_expr is False |

Cases b and c are not reported as X/Z-check violations, because in both cases the assertion is not violated—regardless of which 0/1 value the X/Z-valued expression takes in 2-state semantics. Such intelligent handling of X/Z checks eliminates many "false" violations that would be reported when a pessimistic view of X/Z values is assumed.

Setting OVL\_IMPLICIT\_XCHECK\_OFF turns off the implicit X/Z checks, but not the explicit X/Z checks.

#### **Cover Points**

Each assertion type (typically) has a set of cover points and each cover point is categorized by its cover point type. For example, the ovl\_range assertion type has the following cover points:

```
cover_test_expr_change BASIC — Expression changed value.

cover_test_expr_at_min CORNER — Expression evaluated to min.

cover_test_expr_at_max CORNER — Expression evaluated to max.
```

The various cover point types are:

Event that indicates that the logic monitored by the assertion checker was activated at least at a minimal level.

BASIC (Default) Event that indicates that the logic monitored by the

assertion checker assumed a state where assertion checking can

occur.

CORNER Event that indicates that the logic monitored by the assertion

checker assumed a state that represents a corner-case behavior.

STATISTIC Counts of relevant states assumed by the logic monitored by the

assertion checker.

## **Cover Groups**

Some assertion types have one or more defined cover groups. Each cover group consists of one or more bin registers that accumulate coverage counts for corresponding coverage points. Some bin registers are two-dimensional, where the bin indexes represent the various cover cases being tracked and the bin values represent the associated coverage counts. For example, the ovl\_valid\_id assertion type has the two following cover groups:

observed latency

Number of returned IDs with the specified turnaround time. Bins

- *observed\_latency\_good[min\_cks:max\_cks]* bin index is the observed turnaround time in clock cycles.
- *observed\_latency\_bad* default.

outstanding\_ids

Number of cycles with the specified number of outstanding ids. Bins are:

• *observed\_outstanding\_ids*[0:*max\_instances*] — bin index is the instance ID.

# **Verilog OVL**

The Verilog HDL Family OVL library has the following characteristics:

- All Verilog assertion checkers conform to Verilog IEEE Standard 1364-1995. Top-level files are either called assert\_checker.vlib or ovl\_checker.v (new in V2), and include the relevant logic (Verilog, SVA or PSL).
- All System Verilog assertion checkers conform to Accellera SVA 2005 (IEEE 1800).
- Header files use file extension .h.
- Verilog files with assertion module/interfaces use extension .vlib and include assertion logic files in the language specified by the user.
- Verilog files with assertion logic use file extension \_logic.v.
- System Verilog files with assertion logic use file extension \_logic.sv.
- Parameter settings are assigned with macros to make configuration of assertion checkers consistent and simple to use by end users.
- Parameters passed to assertion checkers are checked for legal values
- Each assertion checker includes std\_ovl\_defines.h defining all global variables and std\_ovl\_task.h defining all OVL system tasks.
- Global variables are named OVL *name*.
- System tasks are named ovl\_taskname\_t.
- OVL V2 is backward compatible in behavior with existing OVL V1 libraries, because OVL V2 includes the assert\_*checker* modules.

# **Library Directory Structure**

The Accellera OVL standard Verilog library has the following structure:

| \$STD_OVL_DIR              | Installation directory of Accellera OVL library.                      |
|----------------------------|-----------------------------------------------------------------------|
| \$STD_OVL_DIR/vlog95       | Directory with assertion logic described in Verilog 2005 (IEEE 1364). |
| \$STD_OVL_DIR/sva05        | Directory with assertion logic described in SVA 2005 (IEEE 1800).     |
| \$STD_OVL_DIR/ps105        | Directory with assertion logic described in PSL 2005 (IEEE 1850).     |
| \$STD_OVL_DIR/psl05/vunits | Directory with PSL1.1 vunits for binding with the assertion logic.    |

#### For example:

```
shell prompt> ls -1 $STD_OVL_DIR
std_ovl/assert_always.vlib
std_ovl/assert_always_on_edge.vlib
std_ovl/std_ovl_defines.h
std_ovl/std_ovl_task.h
std ovl/psl05:
std_ovl/ps105/assert_always_logic.vlib
std_ovl/ps105/assert_always_on_edge_logic.vlib
std_ovl/ps105/vunits:
std_ov1/ps105/vunits/assert_always.ps1
std_ovl/ps105/vunits/assert_always_on_edge.ps1
std_ov1/sva05:
std_ovl/sva05/assert_always_logic.vlib
std_ovl/sva05/assert_always_on_edge_logic.vlib
std ovl/vlog95:
std ovl/vlog95/assert_always_logic.v
std_ovl/vlog95/assert_always_on_edge_logic.v
```

## **Use Model**

An Accellera Standard OVL Verilog library user specifies preferred control settings with standard global variables defined in the following:

- A Verilog file loaded in before the libraries.
- Specifies settings using the standard + define options in Verilog verification engines (via a setup file or at the command line).

## **Setting the Verilog Implementation Language**

The Accellera Standard OVL is implemented in the following Verilog HDL languages: Verilog 1995(IEEE 1364), SVA 2005 (IEEE 1800) and PSL 2005 (IEEE 1850). The following Verilog macros select the implementation language:

| OVL_VERILOG | (default) Creates assertion checkers defined in Verilog-95. |
|-------------|-------------------------------------------------------------|
| OVL_SVA     | Creates assertion checkers defined in System Verilog.       |
| OVL_PSL     | Creates assertion checkers defined in PSL (Verilog flavor). |

In the case a user of the library does not specify a language, by default the library is automatically set to OVL\_VERILOG.

# $\overline{\Box}$

#### Note

Only one library can be selected. If the user specifies both OVL\_VERILOG and OVL\_SVA (or OVL\_PSL), the OVL\_VERILOG is undefined in the header file. Editing the header file to disable this behavior will result in compile errors.

#### Instantiation in an SVA Interface Construct

If an OVL checker is instantiated in a System Verilog interface construct, the user should define the following global variable:

OVL\_SVA\_INTERFACE Ensures OVL assertion checkers can be instantiated in a System

Verilog interface construct. Default: not defined.

## **Limitations for Verilog-flavor PSL**

The PSL implementation does not support modifying the *severity\_level* and *msg* parameters. These parameters are ignored and the default values are used:

severity\_level OVL\_ERROR

msg "VIOLATION"

## **Generating Synthesizable Logic**

The following global variable removes initialization logic from OVL assertions:

OVL\_SYNTHESIS Removes initialization logic from the OVL assertion logic.

Default: logic inside the else branch of *ifdef OVL SYNTHESIS* 

blocks is enabled.

Setting OVL\_SYNTHESIS removes the unsynthesizable logic from Verilog-95 checkers, making them synthesizable.

# **Enabling Assertion and Coverage Logic**

The Accellera Standard OVL consists of two types of logic: assertion logic and coverage logic. These capabilities are controlled via the following standard global variables:

OVL\_ASSERT\_ON Activates assertion logic. Default: not defined.

OVL\_COVER\_ON Activates coverage logic. Default: not defined.

If both of these variables are undefined, the assertion checkers are not activated. The instantiations of these checkers will have no influence on the verification performed.

By default, coverage logic (activated with OVL\_COVER\_ON) monitors cover points and cover groups. To exclude logic that monitors cover groups define the following standard global variable:

OVL\_COVERGROUP\_OFF Excludes cover group logic from the coverage logic if OVL COVER ON is defined. Default: not defined.

#### **Asserting, Assuming and Ignoring Properties**

The OVL checkers' assertion logic—if activated (by the OVL\_ASSERT\_ON global variable)—identifies a design's legal properties. Each particular checker instance can verify one or more assertion checks (depending on the checker type and the checker's configuration). Whether a checker's properties are asserts (i.e., checks) or assumes (i.e., constraints) is controlled by the checker's *property\_type* parameter. In addition, property\_type can turn on and off X/Z checks.

A single assertion checker cannot have some checks asserts and other checks assumes. However, you often can implement this behavior by specifying two checkers.

#### **Monitoring Coverage**

The OVL\_COVER\_ON define activates coverage logic in the checkers. This is a global switch that turns coverage monitoring on.

# **Setting Checker Parameter Defaults**

All common parameters for checkers and some parameters common to specific checker types have default parameter values. These are the parameter values assumed by the checker when the parameter is not specified. The std\_ovl\_defines.h sets the values of these defaults (i.e., to default default values), but the default values can be overridden by redefining them. The following Verilog defines set the values of these default parameter values for the common checker parameters:

| OVL_SEVERITY_DEFAULT   | Value of <i>severity_level</i> to use when it is not specified. The value defined in std_ovl_defines.h is OVL_ERROR.       |
|------------------------|----------------------------------------------------------------------------------------------------------------------------|
| OVL_PROPERTY_DEFAULT   | Value of <i>property_type</i> to use when it is not specified. The value defined in std_ovl_defines.h is OVL_ASSERT.       |
| OVL_MSG_DEFAULT        | Value of <i>msg</i> to use when it is not specified. The value defined in std_ovl_defines.h is "VIOLATION".                |
| OVL_COVER_DEFAULT      | Value of <i>coverage_level</i> to use when it is not specified. The value defined in std_ovl_defines.h is OVL_COVER_BASIC. |
| OVL_CLOCK_EDGE_DEFAULT | Value of <i>clock_edge</i> to use when it is not specified. The value defined in std_ovl_defines.h is OVL_POSEDGE.         |

OVL\_RESET\_POLARITY\_ DEFAULT Value of *reset\_polarity* to use when it is not specified. The value defined in std\_ovl\_defines.h is OVL\_ACTIVE\_LOW.

OVL\_GATING\_TYPE\_ DEFAULT Value of *gating\_type* to use when it is not specified. The value defined in std\_ovl\_defines.h is OVL\_GATE\_CLOCK.

## **Disabling Clock/Reset Gating**

By default, if a checker's *gating\_type* parameter is OVL\_GATE\_CLOCK, the checker's internal clock logic is gated by the checker's *enable* input. Similarly, by default, if a checker's *gating\_type* parameter is OVL\_GATE\_RESET, the checker's internal reset logic is gated by the checker *enable* input. Setting the following define, overrides this behavior:

OVL GATING OFF

Turns off clock/reset gating, effectively setting all gating\_type parameters to OVL\_GATE\_NONE, so checkers ignore their enable inputs. Default: gating type specified by each checker's gating\_type parameter.

## **Using a Global Reset**

The *reset* port assignments of all assertion checkers can be overridden and controlled by the following global variable:

OVL\_GLOBAL\_RESET= reset signal

Overrides the *reset* port assignments of all assertion checkers with the specified global *reset\_signal*. Checkers ignore their *reset\_polarity* parameters and treat the global reset as an active-low reset. Default: each checker's reset is specified by the *reset* port and *reset\_polarity* parameters.

## **Checking X and Z Values**

By default, OVL assertion checker logic includes logic implementing assertion checks for X and Z bits in the values of checker ports when they are sampled. To exclude part or all of this X/Z checking logic, specify one of the following global variables:

OVL\_IMPLICIT\_XCHECK\_ Turns off implicit X/Z checks. OFF

OVL\_XCHECK\_OFF Turns off all X/Z checks (implicit and explicit).

## **Reporting Assertion Information**

By default, (if the assertion logic is active) every assertion violation is reported and (if the coverage logic is active) every captured coverage point is reported. The user can limit this reporting and can also initiate special reporting at the start and end of simulation.

## Limiting a Checker's Reporting

Limits on the number of times assertion violations and captured coverage points are reported are controlled by the following global variables:

| OVL_MAX_REPORT_ERROR           | Discontinues reporting a checker's assertion violations if the number of times the checker has reported one or more violations reaches this limit. Default: unlimited reporting. |
|--------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| OVL_MAX_REPORT_COVER_<br>POINT | Discontinues reporting a checker's cover points if the number of times the checker has reported one or more cover points reaches this limit. Default: unlimited reporting.       |

These maximum limits are for the number of times a checker instance issues a message. If a checker issues multiple violation messages in a cycle, each message is counted as a single error report. Similarly, if a checker issues multiple coverage messages in a cycle, each message is counted as a single cover report.

## **Reporting Initialization Messages**

The checkers' configuration information is reported at initialization time if the following global variable is defined:

OVL\_INIT\_MSG Reports configuration information for each checker when it is

instantiated at the start of simulation. Default: no initialization

messages reported.

For each assertion checker instance, the following message is reported:

```
OVL_NOTE: V2.8: instance_name initialized @ hierarchy Severity: severity_level, Message: msg
```

## End-of-simulation Signal to ovl\_quiescent\_state Checkers

The ovl\_quiescent\_state assertion checker checks that the value of a state expression equals a check value when a sample event occurs. These checkers also can perform this check at the end of simulation by setting the following global variable:

OVL\_END\_OF\_SIMULATION Performs quiescent state checking at end of simulation when the eos\_signal asserts. Default: not defined.

## **Fatal Error Processing**

When a checker reports a runtime fatal error (*severity\_level* is OVL\_FATAL), simulation typically continues for a certain amount of time and then the simulation ends. However, the OVL logic can be configured so that runtime fatal errors do not end simulation. These behaviors are controlled by the following global variables:

OVL\_RUNTIME\_AFTER\_ Number of time units from a fatal error to end of simulation.

Default: 100.

OVL\_FINISH\_OFF Fatal errors do not stop simulation. Default: fatal error ends simulation after OVL RUNTIME AFTER FATAL time units.

#### **Header Files**

#### std\_ovl\_defines.h

```
// Accellera Standard V2.8 Open Verification Library (OVL).
// Accellera Copyright (c) 2005-2012. All rights reserved.
`ifdef OVL_STD_DEFINES_H
// do nothing
`else
`define OVL_STD_DEFINES_H
`define OVL_VERSION "V2.8"
`ifdef OVL_ASSERT_ON
  `ifdef OVL PSL
     `ifdef OVL_VERILOG
        `undef OVL_PSL
     `endif
     `ifdef OVL_SVA
        `ifdef OVL_PSL
          `undef OVL PSL
        `endif
     `endif
  `else
    `ifdef OVL_VERILOG
    `else
      `define OVL VERILOG
    `endif
    `ifdef OVL_SVA
       `undef OVL_VERILOG
    `endif
  `endif
`endif
```

```
`ifdef OVL_COVER_ON
  `ifdef OVL PSL
     `ifdef OVL_VERILOG
        `undef OVL_PSL
     `endif
     `ifdef OVL_SVA
        `ifdef OVL PSL
          `undef OVL_PSL
        `endif
     `endif
  `else
    `ifdef OVL VERILOG
    `else
      `define OVL_VERILOG
    `endif
    `ifdef OVL_SVA
       `undef OVL_VERILOG
  `endif
`endif
`ifdef OVL_ASSERT_ON
  `ifdef OVL_SHARED_CODE
  `else
    `define OVL SHARED CODE
  `endif
`else
  `ifdef OVL_COVER_ON
    `ifdef OVL_SHARED_CODE
      `define OVL SHARED CODE
    `endif
  `endif
`endif
// specifying interface for System Verilog
`ifdef OVL SVA INTERFACE
  `define module interface
  `define endmodule endinterface
`else
  `define module module
  `define endmodule endmodule
// Selecting global reset or local reset for the checker reset signal
`ifdef OVL_GLOBAL_RESET
  `define OVL_RESET_SIGNAL `OVL_GLOBAL_RESET
`else
  `define OVL_RESET_SIGNAL reset_n
`endif
// active edges
`define OVL_NOEDGE 0
`define OVL POSEDGE 1
`define OVL NEGEDGE 2
`define OVL ANYEDGE 3
```

#### **Verilog OVL**

```
// default edge_type (ovl_always_on_edge)
`ifdef OVL_EDGE_TYPE_DEFAULT
 // do nothing
`else
  `define OVL_EDGE_TYPE_DEFAULT `OVL_NOEDGE
`endif
// severity levels
`define OVL_FATAL
`define OVL_ERROR
`define OVL WARNING 2
`define OVL INFO
// default severity level
`ifdef OVL_SEVERITY_DEFAULT
 // do nothing
`else
  `define OVL_SEVERITY_DEFAULT `OVL_ERROR
`endif
// coverage levels (note that 3 would set both SANITY & BASIC)
`define OVL_COVER_NONE
                            0
`define OVL COVER SANITY
                            1
`define OVL_COVER_BASIC
`define OVL_COVER_CORNER
`define OVL_COVER_STATISTIC 8
`define OVL_COVER_ALL
// default coverage level
`ifdef OVL COVER DEFAULT
 // do nothing
`else
  `define OVL_COVER_DEFAULT `OVL_COVER_BASIC
`endif
// property type
`define OVL_ASSERT
                          0
`define OVL_ASSUME
`define OVL_IGNORE
`define OVL_ASSERT_2STATE 3
`define OVL ASSUME 2STATE 4
// fire bit positions (first two also used for xcheck input to error_t)
`define OVL_FIRE_2STATE 0
`define OVL_FIRE_XCHECK 1
`define OVL_FIRE_COVER 2
// default property type
`ifdef OVL_PROPERTY_DEFAULT
 // do nothing
`else
  `define OVL_PROPERTY_DEFAULT `OVL_ASSERT
`endif
```

```
// default message
`ifdef OVL_MSG_DEFAULT
 // do nothing
else
  `define OVL_MSG_DEFAULT "VIOLATION"
`endif
// necessary condition
`define OVL TRIGGER ON MOST PIPE
`define OVL_TRIGGER_ON_FIRST_PIPE
`define OVL_TRIGGER_ON_FIRST_NOPIPE 2
// default necessary_condition (ovl_cycle_sequence)
`ifdef OVL NECESSARY CONDITION DEFAULT
 // do nothing
`else
  `define OVL_NECESSARY_CONDITION_DEFAULT `OVL_TRIGGER_ON_MOST_PIPE
`endif
// action on new start
`define OVL IGNORE NEW START
`define OVL_RESET_ON_NEW_START 1
`define OVL_ERROR_ON_NEW_START 2
// default action_on_new_start (e.g. ovl_change)
`ifdef OVL_ACTION_ON_NEW_START_DEFAULT
 // do nothing
`else
  `define OVL_ACTION_ON_NEW_START_DEFAULT `OVL_IGNORE_NEW_START
`endif
// inactive levels
`define OVL ALL ZEROS 0
`define OVL_ALL_ONES 1
`define OVL_ONE_COLD 2
// default inactive (ovl_one_cold)
`ifdef OVL_INACTIVE_DEFAULT
// do nothing
`else
  `define OVL_INACTIVE_DEFAULT `OVL_ONE_COLD
`endif
// ovl 2.4 new interface
`define OVL_ACTIVE_LOW 0
`define OVL_ACTIVE_HIGH 1
`define OVL GATE NONE 0
`define OVL_GATE_CLOCK 1
`define OVL GATE RESET 2
`define OVL_FIRE_WIDTH 3
`ifdef OVL CLOCK EDGE DEFAULT
 // do nothing
`else
  `define OVL CLOCK EDGE DEFAULT `OVL POSEDGE
`endif
```

```
`ifdef OVL_RESET_POLARITY_DEFAULT
      // do nothing
    `else
    `define OVL_RESET_POLARITY_DEFAULT `OVL_ACTIVE_LOW
    `endif
    `ifdef OVL_GATING_TYPE_DEFAULT
      // do nothing
    `else
    `define OVL_GATING_TYPE_DEFAULT `OVL_GATE_CLOCK
    `endif
    // ovl runtime after fatal error
    `define OVL RUNTIME AFTER FATAL 100
    // Covergroup define
    `ifdef OVL COVER ON
      `ifdef OVL COVERGROUP OFF
      `else
         `define OVL COVERGROUP ON
      `endif // OVL_COVERGROUP_OFF
    `endif // OVL_COVER_ON
    // Ensure x-checking logic disabled if ASSERTs are off
     `ifdef OVL_ASSERT_ON
     `else
      `define OVL_XCHECK_OFF
      `define OVL_IMPLICIT_XCHECK_OFF
    `endif
    `endif // OVL_STD_DEFINES_H
std ovl init.h
    // Accellera Standard V2.8 Open Verification Library (OVL).
    // Accellera Copyright (c) 2005-2012. All rights reserved.
     `ifdef OVL SHARED CODE
       `ifdef OVL SYNTHESIS
       `else
         `ifdef OVL INIT MSG
          initial
            ovl_init_msg_t; // Call the User Defined Init Message Routine
        `endif // OVL INIT MSG
      `endif // OVL_SYNTHESIS
    `endif // OVL_SHARED_CODE
```

### std\_ovl\_clock.h

```
// Accellera Standard V2.8 Open Verification Library (OVL).
    // Accellera Copyright (c) 2005-2012. All rights reserved.
    wire clk;
    `ifdef OVL SHARED CODE
      wire qclk;
      `ifdef OVL_GATING_OFF
        assign gclk = clock; // Globally disabled gating
      `else
        // LATCH based gated clock
        reg clken;
        always @ (clock or enable) begin
          if (clock == 1'b0)
            clken <= enable;</pre>
        end
        assign gclk = (gating_type == `OVL_GATE_CLOCK) ? clock & clken
                       : clock; // Locally disabled gating
      `endif // OVL_GATING_OFF
      // clk (programmable edge & optional gating)
      assign clk = (clock edge == `OVL POSEDGE) ? gclk : ~gclk;
    `else
      assign clk = clock;
    `endif // OVL SHARED CODE
std_ovl_reset.h
    // Accellera Standard V2.8 Open Verification Library (OVL).
    // Accellera Copyright (c) 2005-2012. All rights reserved.
    wire reset_n;
    `ifdef OVL SHARED CODE
      wire greset;
      `ifdef OVL_GATING_OFF
        assign greset = reset; // Globally disabled gating
        assign greset = (gating_type == `OVL_GATE_RESET) ? reset & enable
                         : reset; // Locally disabled gating
      `endif // OVL GATING OFF
      // reset_n (programmable polarity & optional gating)
      assign reset_n = (reset_polarity == `OVL_ACTIVE_LOW) ? greset : ~greset;
    `else
```

assign reset\_n = reset;
`endif // OVL SHARED CODE

#### std ovl count.h

```
// Accellera Standard V2.8 Open Verification Library (OVL).
    // Accellera Copyright (c) 2005-2012. All rights reserved.
    // Support for printing of count of OVL assertions
     `ifdef OVL INIT MSG
    `ifdef OVL_INIT_COUNT
      integer ovl_init_count;
      initial begin
        // Reset, prior to counting
        ovl init count = 0;
        // Display total number of OVL instances, just after initialization
        $monitor("\nOVL_METRICS: %d OVL assertions initialized\n"\
                                    ,ovl_init_count);
      end
    `endif
     `endif
std ovl cover.h
    // Accellera Standard V2.8 Open Verification Library (OVL).
    // Accellera Copyright (c) 2005-2012. All rights reserved.
    // Parameters that should not be edited
      parameter OVL_COVER_SANITY_ON = (coverage_level & `OVL_COVER_SANITY);
                                     = (coverage_level & `OVL_COVER_BASIC);
= (coverage_level & `OVL_COVER_CORNER);
      parameter OVL_COVER_BASIC_ON
      parameter OVL_COVER_CORNER_ON
      parameter OVL_COVER_STATISTIC_ON =
                                    (coverage_level & `OVL_COVER_STATISTIC);
std ovl task.h
    // Accellera Standard V2.8 Open Verification Library (OVL).
    // Accellera Copyright (c) 2005-2012. All rights reserved.
    'ifdef OVL_SYNTHESIS
    `else
      integer error_count;
      integer cover_count;
      initial error_count = 0;
      initial cover count = 0;
    'endif // OVL_SYNTHESIS
```

```
task ovl_error_t;
  input
                   xcheck;
  input [8*128-1:0] err_msg;
  reg [8*16-1:0] err_typ;
begin
'ifdef OVL SYNTHESIS
`else
  case (severity_level)
    'OVL_FATAL : err_typ = "OVL_FATAL";
    `OVL_ERROR : err_typ = "OVL_ERROR";
    'OVL_WARNING : err_typ = "OVL_WARNING";
    'OVL_INFO : err_typ = "OVL_INFO";
    default
      begin
        err_typ = "OVL_ERROR";
        $display("OVL_ERROR: Illegal option used in parameter
          severity_level, setting message type to OVL_ERROR : time %0t :
          %m", $time);
      end
  endcase
  'ifdef OVL_MAX_REPORT_ERROR
   if (error_count < 'OVL_MAX_REPORT_ERROR)</pre>
  `endif
      case (property_type)
        'OVL_ASSERT,
                            : begin
        'OVL_ASSUME
          $display("%s : %s : %s : %0s : severity %0d : time %0t : %m",
             err_typ, assert_name, msg, err_msg, severity_level, $time);
        'OVL ASSERT 2STATE,
        'OVL_ASSUME_2STATE : begin
          if (xcheck == 'OVL_FIRE_2STATE) begin
           $display("%s: %s: %s: %0s: severity %0d: time %0t: %m",
             err_typ, assert_name, msg, err_msg, severity_level, $time);
          end
        end
        'OVL_IGNORE
                            : begin end
                            : begin end
        default
      endcase
  'ifdef OVL FINISH OFF
     if (severity_level == 'OVL_FATAL) begin
      case (property_type)
        'OVL_ASSERT,
        'OVL_ASSUME
                            : begin ovl_finish_t; end
        'OVL ASSERT 2STATE,
        'OVL_ASSUME_2STATE : begin
           if (xcheck == 'OVL_FIRE_2STATE) begin; ovl_finish_t; end end
        'OVL IGNORE
                         : begin end
        default
                            : begin end
      endcase
    end
'endif // OVL FINISH OFF
'endif // OVL_SYNTHESIS
end
endtask // ovl_error_t
```

#### **Verilog OVL**

```
task ovl_finish_t;
 begin
    `ifdef OVL_SYNTHESIS
    `else
      #'OVL_RUNTIME_AFTER_FATAL $finish;
    'endif // OVL SYNTHESIS
 endtask // ovl_finish_t
 task ovl_init_msg_t;
 begin
    'ifdef OVL_SYNTHESIS
    `else
      case (property_type)
        'OVL_ASSERT,
        'OVL_ASSUME,
        'OVL ASSERT 2STATE,
        'OVL_ASSUME_2STATE : begin
          'ifdef OVL_SYNTHESIS
          'else
            'ifdef OVL_INIT_COUNT
              #0.1 'OVL_INIT_COUNT = 'OVL_INIT_COUNT + 1;
              $display("OVL_NOTE: %s: %s initialized @ %m Severity: %0d,
               Message: %s", 'OVL_VERSION, assert_name,
               severity_level, msg);
            `endif
          'endif // OVL_SYNTHESIS
         'OVL IGNORE : begin
            // do nothing
         end
       default : $display("OVL_ERROR: Illegal option used in parameter
                  property_type : %m");
      endcase
    'endif // OVL_SYNTHESIS
 end
 endtask // ovl_init_msg_t
```

```
task ovl_cover_t;
   input [8*64-1:0] cvr_msg;
 begin
   'ifdef OVL_SYNTHESIS
   `else
     cover count = cover count + 1;
     'ifdef OVL_MAX_REPORT_COVER_POINT
       if (cover_count <= 'OVL_MAX_REPORT_COVER_POINT) begin
     `endif
        if (coverage_level > 'OVL_COVER_ALL)
          $display("OVL_ERROR: Illegal option used in parameter
            coverage_level : time %0t : %m", $time);
        else
          $display("OVL_COVER_POINT : %s : %0s : time %0t : %m",
           assert_name, cvr_msg, $time);
     'ifdef OVL_MAX_REPORT_COVER_POINT
       end
     `endif
   'endif // OVL_SYNTHESIS
 endtask // ovl_cover_t
'ifdef OVL SVA
'else
  // FUNCTION THAT CALCULATES THE LOG BASE 2 OF A NUMBER
 // ======
 // NOTE: only used in sva05
 function integer log2;
   input integer x;
   integer i;
   integer result;
 begin
   result = 1;
   if (x \ll 0) result = -1;
      for (i = 0; (1 << i) <= x; i=i+1) result = i+1;
   log2 = result;
 end
 endfunction
'endif // OVL_SVA
```

```
function ovl_fire_2state_f;
 input property_type;
 integer property_type;
begin
 case (property_type)
   'OVL ASSERT,
   'OVL ASSUME
                     : ovl_fire_2state_f = 1'b1;
   'OVL_ASSERT_2STATE,
    `OVL_ASSUME_2STATE : ovl_fire_2state_f = 1'b1;
    'OVL_IGNORE : ovl_fire_2state_f = 1'b0;
                     : ovl_fire_2state_f = 1'b0;
   default
 endcase
end
endfunction // ovl_fire_2state_f
function ovl_fire_xcheck_f;
 input property_type;
 integer property_type;
begin
'ifdef OVL_SYNTHESIS
 // fire_xcheck is not synthesizable
 ovl_fire_xcheck_f = 1'b0;
`else
 case (property_type)
    'OVL_ASSERT,
   'OVL_ASSUME
                  : ovl_fire_xcheck_f = 1'b1;
   'OVL_ASSERT_2STATE,
   'OVL_ASSUME_2STATE : ovl_fire_xcheck_f = 1'b0;
   'OVL IGNORE : ovl fire xcheck f = 1'b0;
   default
                     : ovl_fire_xcheck_f = 1'b0;
 endcase
'endif // OVL_SYNTHESIS
endfunction // ovl_fire_xcheck_f
```

## **VHDL OVL**

The OVL library includes VHDL implementations of OVL checkers. The pure-VHDL implementation of OVL contains only 10 checkers and the VHDL-flavor PSL implementation contains 33 checkers. The pure-VHDL OVL checkers are the ovl\_checker\_type versions of the components (which include the *enable* and *fire* ports). VHDL wrappers are provided for the missing checkers that allow the Verilog checkers to be instantiated from VHDL.

The VHDL OVL components are compatible with the Verilog OVL versions, except the VHDL components include an additional generic called *controls* that provides global configuration of the library. The VHDL implementation has the following additional characteristics:

- VHDL OVL is synthesizable (see "Synthesizing the VHDL OVL Library" on page 53).
- VHDL OVL components support both *std\_logic* and *std\_ulogic* port types.
- VHDL OVL implementation contains constants that are equivalent to (have the same name and values) the corresponding Verilog macro defines. However some macros are not present in the VHDL implementation because they are implemented by an *ovl\_ctrl\_record* constant (see "ovl\_ctrl\_record Record" on page 45) or are not needed.

# **Library Directory Structure**

In the OVL installation, the following files are used for the VHDL implementation.

#### std\_ov1/

| $ovl\_checker\_type.vhd$    | Checker entity declarations.                                                                                                                                            |
|-----------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| std_ovl.vhd                 | Type/constant declarations package.                                                                                                                                     |
| std_ovl_procs.vhd           | Procedures package.                                                                                                                                                     |
| std_ovl_components.vhd      | std_ovl_components package containing checker component declarations for the checkers in pure-VHDL OVL.                                                                 |
| std_ovl_vhdl_components.vhd | Checker component declarations for all PSL VHDL-flavor checkers.                                                                                                        |
| std_ovl_u_components.vhd    | <pre>std_ovl_u_components package and std_ulogic wrapper components.</pre>                                                                                              |
| std_ovl_components_vlog.vhd | Alternative <i>std_ovl_components</i> package containing wrappers to allow Verilog checkers to be used for checkers that are missing from the pure-VHDL implementation. |

| std ovl | u components | vlog.vhd | Alternative <i>std</i> | ovl | и | components package | e |
|---------|--------------|----------|------------------------|-----|---|--------------------|---|
|---------|--------------|----------|------------------------|-----|---|--------------------|---|

containing *std\_ulogic* wrappers to allow Verilog checkers to be used for checkers that are missing

from the pure-VHDL implementation

std ovl/vhd193/

ovl checker type rtl.vhd Checker architecture bodies.

std\_ovl/vhd193/syn\_src

std ovl procs syn.vhd Synthesizable version of *std ovl procs.vhd*.

ovl\_*checker\_type\_*rtl.vhd Synthesizable versions of architecture bodies.

std\_ov1/vhd193/legacy/

std ovl.vhd Component declarations to allow V1

assert\_checker Verilog checkers to be used in

VHDL.

std\_ovl/ps105/

assert\_\*\_psl\_logic.vhd Entity declarations for PSL assertions and

architecture definitions for ovl\_checker.vhd

std\_ov1/ps105/vunits\_vhd1/

assert\_\*.psl Declarations and definitions of all properties in

PSL files

## **Use Model**

## Compiling the VHDL OVL

All the VHDL files (except <code>std\_ovl\_u\_components.vhd</code> and <code>std\_ovl\_vhdl\_components.vhd</code>) should be compiled into the logical library name <code>accellera\_ovl\_vhdl</code> (standardized for portability) for implementation of the 10 pure-VHDL checkers. The <code>accellera\_ovl\_vhdl</code> library can be compiled into a central location that can be shared by designers. The library is configured using a project-specific <code>ovl\_ctrl\_record</code> record as shown in "Configuring the Library" on page 45, so modifying the default configuration values in the <code>std\_ovl</code> package is not necessary. The library must be compiled using the EDA tools' VHDL-93 option.

The pure-VHDL OVL implementation does not contain all of the OVL checkers. Therefore, wrapper components are provided that allow Verilog implementations of the missing checkers to be used in VHDL. These wrapper components are found in the  $std\_ovl\_componets\_vlog.vhd$  file (which also contains a  $std\_ovl\_components$  package). This package name is the same as the package in the  $std\_ovl\_components.vhd$  file, but it includes component declarations for the

missing checkers. The same package name is used in both files, so only one *std\_ovl\_components* file should be compiled into the library.

For the VHDL-flavor PSL implementation of OVL, the VHDL components can be directly used wherever required.  $std\_ovl\_vhdl\_components.vhd$  is an updated file that contains a package  $std\_ovl\_vhdl\_components$  that needs to be compiled. This package has component declarations of all the checkers for VHDL-flavor PSL and has to be included for the checker implementation.

The following section shows how to compile the pure-VHDL OVL checkers and the VHDL OVL with PSL checkers.



#### Note\_

std\_ovl\_vhdl\_components is a new package in addition to std\_ovl\_components. This needs to be compiled for VHDL-flavor PSL implementation of checkers. If it is not required to use the PSL checkers, std\_ovl\_components package is sufficient.

## **OVL Compile Order for pure-VHDL checkers**

The accellera\_ovl\_vhdl library's compile order is as follows:

- 1. std\_ovl/std\_ovl.vhd
- 2. std\_ovl/std\_ovl\_components.vhd
- 3. std\_ovl/std\_ovl\_procs.vhd
- 4. std\_ovl/std\_ovl\_clock\_gating.vhd
- 5. std\_ovl/std\_ovl\_reset\_gating.vhd
- 6. std\_ovl/ovl\_name.vhd
- 7. std\_ovl/vhd193/ovl\_\*\_rtl.vhd

ovl\_name.vhd refers to the 10 pure-VHDL OVL checkers (see the list in "OVL Library" on page 12).

## **OVL Compile order for VHDL-flavor PSL**

The *accellera\_ovl\_vhdl* library's compile order is as follows:

- 1. std ovl/std ovl.vhd
- 2. std\_ovl/std\_ovl\_procs.vhd
- 3. std\_ovl/std\_ovl\_clock\_gating.vhd
- 4. std\_ovl/std\_ovl\_reset\_gating.vhd
- 5. std\_ovl/ovl\_\*.vhd
- 6. std\_ovl/std\_ovl\_vhdl\_components.vhd

- 7. std\_ovl/ps105/ovl\_\*\_psl\_logic.vhd
- 8. std\_ovl/psl05/vunits\_vhdl/ovl\_\*.psl

Compilation of the PSL files might require a tool-specific switch/command. For pure-VHDL checkers, if *std\_ulogic*-based ports are required, then you must compile the *std\_ovl\_u\_components.vhd* file into a separate *accellera\_ovl\_vhdl\_u* library after the *accellera\_ovl\_vhdl* library files are compiled.

## **Configuring the Library**

VHDL OVL has all the global library configuration features of the Verilog implementation (which are provided by the Verilog macro defines). For example: globally enabling/disabling X/Z-checking on all checker instances.

An *ovl\_ctrl\_record* constant controls global library configuration. This record is declared in *std\_ovl.vhd* and is assigned to the *controls* generic on every checker instance. It should be defined in a design-specific work library package for use on all checker instances. With this implementation, the configuration of the checkers is controlled from one place.

In particular, changing constants in the central *std\_ovl.vhd* file is not necessary. In fact, the VHDL OVL files are read-only and modifying any of them is not recommended. Apart from the *ovl\_control\_record*, each OVL assertion checker has its own set of parameters as described in its corresponding data sheet (see page 71).

## ovl\_ctrl\_record Record

The *ovl\_ctrl\_record* record is divided into three groups:

- Elements that are of the *ovl\_ctrl* type and can be assigned OVL\_ON or OVL\_OFF values. These elements mainly control the generate statements used in the checkers.
- User-configurable values that control the message printing and how long the simulation should continue after a fatal assertion occurs.
- Default values of the generics that are common to all checkers.

Table 2-3 shows the *ovl\_ctrl\_record* record elements and how they map to the Verilog macro values that configure the Verilog implementation of the OVL.

| Table 2-3. ovl | ctrl | record | Elements |
|----------------|------|--------|----------|
|----------------|------|--------|----------|

| ovl_ctrl_record      | Description                             | Verilog Macro               | VHDL Value |
|----------------------|-----------------------------------------|-----------------------------|------------|
| xcheck_ctrl          | Enables/disables all X/Z checking code. | OVL_XCHECK_OFF              | OVL_OFF    |
| implicit_xcheck_ctrl | Enables/disables implicit X/Z checks.   | OVL_IMPLICIT_<br>XCHECK_OFF | OVL_OFF    |

| ovl_ctrl_record                    | <b>Description</b>                                                                                                  | Verilog Macro              | VHDL Value          |
|------------------------------------|---------------------------------------------------------------------------------------------------------------------|----------------------------|---------------------|
| init_msg_ctrl                      | Enables/disables code that prints checker initialization messages or a count of the number of checkers initialized. | OVL_INIT_MSG               | OVL_OFF             |
| init_count_ctrl                    | Enables/disables counting of number of checkers initialized when init_msg_ctrl is set to OVL_ON.                    | OVL_INIT_COUNT             | OVL_OFF             |
| assert_ctrl                        | Enables/disables all 2-state and X/Z check assertions.                                                              | OVL_ASSERT_ON              | OVL_ON              |
| cover_ctrl                         | Enables/disables converge code.                                                                                     | OVL_COVER_ON               | OVL_ON              |
| global_reset_ctrl                  | Enables/disables the use of a global reset signal.                                                                  | OVL_GLOBAL_RESET           | OVL_ON              |
| finish_ctrl                        | Enables/disables halting of simulation when a fatal assertion is detected.                                          | OVL_FINISH_OFF             | OVL_OFF             |
| gating_ctrl                        | Enables/disables clock or reset gating.                                                                             | OVL_GATING_OFF             | OVL_OFF             |
| max_report_error                   | Maximum number of assertion error messages that a checker should report.                                            | OVL_MAX_REPORT_<br>ERROR   | 15                  |
| <pre>max_report_cover_ point</pre> | Maximum number of coverage messages that a checker should report.                                                   | OVL_REPORT_<br>COVER_POINT | 15                  |
| runtime_after_fatal                | Time after a fatal assertion is detected that the simulation should be halted.                                      | OVL_RUNIME_<br>AFTER_FATAL | 100 ns              |
| severity_level_<br>default         | severity_level generic default value.                                                                               | OVL_SEVERITY_<br>DEFAULT   | OVL_ERROR           |
| <pre>property_type_ default</pre>  | <pre>property_type generic default value.</pre>                                                                     | OVL_PROPERTY_<br>DEFAULT   | OVL_ASSERT          |
| msg_default                        | msg generic default value.                                                                                          | OVL_MSG_DEFAULT            | "VIOLATION"         |
| coverage_level_<br>default         | coverage_level generic default value.                                                                               | OVL_COVER_<br>DEFAULT      | OVL_COVER_<br>BASIC |

Table 2-3. ovl\_ctrl\_record Elements (cont.)

| ovl_ctrl_record            | Description                              | Verilog Macro                  | VHDL Value         |
|----------------------------|------------------------------------------|--------------------------------|--------------------|
| clock_edge_default         | <i>clock_edge</i> generic default value. | OVL_CLOCK_<br>EDGE_DEFAULT     | OVL_POSEDGE        |
| reset_polarity_<br>default | reset_polarity generic default value.    | OVL_RESET_<br>POLARITY_DEFAULT | OVL_ACTIVE_<br>LOW |
| gating_type_default        | gating_type generic default value.       | OVL_GATING_<br>TYPE_DEFAULT    | OVL_GATE_<br>CLOCK |

The following example shows how to declare and use an *ovl\_ctrl\_record* record constant:

```
library accellera_ovl_vhdl;
use accellera_ovl_vhdl.std_ovl.all;
package proj_pkg is
 -- OVL configuration
 constant ovl_proj_controls : ovl_ctrl_record := (
   -- generate statement controls
   xcheck_ctrl
                          => OVL_ON,
   implicit_xcheck_ctrl
                          => OVL ON,
   init_msg_ctrl
                          => OVL_ON,
                          => OVL_OFF,
   init_count_ctrl
   assert_ctrl
                          => OVL_ON,
   cover_ctrl
                           => OVL_ON,
   global_reset_ctrl
                           => OVL_OFF,
   finish_ctrl
                           => OVL ON,
   gating_ctrl
                           => OVL_ON,
   -- user configurable library constants
   max_report_error => 4,
                        => 15,
   max_report_cover_point
   runtime_after_fatal
                          => "150 ns
   -- default values for common generics
   severity_level_default => OVL_SEVERITY_DEFAULT,
   property_type_default
                          => OVL_PROPERTY_DEFAULT,
   --msg_default
                           => OVL_MSG_DEFAULT,
   end package proj_pkg;
library accellera_ovl_vhdl;
use accellera_ovl_vhdl.std_ovl.all;
use accellera_ovl_vhdl.std_ovl_components.all; -- optional - not needed if
                                     -- using direct instantiation
use work.proj_pkg.all;
```

48

```
architecture rtl of design is
begin
   ---rtl code---
  ovl_gen : if (ovl_proj_controls.assert_ctrl = OVL_ON) generate
      ----user ovl signal conditioning code---
    ovl_u1 : ovl_next
     generic map (
                            => "Check 1",
        msg
        num cks
                            => 1,
        check_overlapping => OVL_CHK_OVERLAP OFF,
        check_missing_start => OVL_OFF,
        coverage_level => OVL_COVER_CORNER,
        controls
                           => ovl_proj_controls
     port map (
        clock
                           => clk,
                          => reset_n,
        reset
        enable
                           => enable 1,
                          => start_event_1
        start_event ,
                           => test_1,
        test_expr
        fire
                           => fire 1
     );
    ovl_u2 : ovl_next
     generic map (
                           => "Check 2",
        msg
        num cks
                           => 2,
        check_overlapping => OVL_CHK_OVERLAP_ON,
        check_missing_start => OVL_ON,
        coverage_level => OVL_COVER_ALL,
        severity_level
                          => OVL_FATAL,
                           => ovl_proj_controls
        controls
     port map (
        clock
                           => clk,
        reset
                           => reset_n,
        enable
                           => enable_2,
        start_event
                          => start_event_2,
        test expr
                          => test 2,
                           => fire 2
        fire
     );
  end generate ovl_gen;
end architecture rtl;
```

The  $ovl\_ctrl\_record$  is typically configured for various projects. For example, to enable assertion checks but no coverage, set  $assert\_ctrl$  to OVL\_ON and  $cover\_ctrl$  to OVL\_OFF where OVL\_ON and OVL\_OFF are of subtype  $ovl\_ctrl$  declared in  $std\_ovl.vhd$ .

## Checker example with PSL-VHDL flavor

The following example shows the implementation of a PSL-VHDL checker *ovl\_even\_parity*.

```
library ieee;
use ieee.std logic 1164.all;
use work.std_ovl.all;
use work.std_ovl_vhdl_components.all;
entity test is
   port(test_expr : in std_logic_vector(3 downto 0));
end test:
architecture test_architecture of test is
   signal clk: std_logic := '0';
   signal reset n : std logic := '0';
   signal temp : std_logic_vector (3 downto 0);
   signal en: std_logic := '1';
constant controls_param : ovl_ctrl_record
  (-- generate statement controls
    xcheck ctrl
                           => OVL_ON,
    => OVL_OFF,
    init_count_ctrl
                             => OVL_OFF,
    assert_ctr
                              => OVL ON,
    cover_ctr
                              => OVL_ON,
                            => OVL_OFF,
    global_reset_ctrl
    finish_ctrl
                              => OVL ON,
    gating_ctrl
                                => OVL ON,
    -- user configurable library constants
    max_report_error => 15,
    max_report_cover_point
                                 => 15,
    runtime_after_fatal
                                => "200 ns
    -- default values for common generics
    severity_level_default => OVL_SEVERITY_DEFAULT,
    property_type_default
                                 => OVL_PROPERTY_DEFAULT,
    msg_default => OVL_MSG_DEFAULT,
coverage_level_default => OVL_COVER_DEFAULT,
clock_edge_default => OVL_CLOCK_EDGE_DEFAULT,
reset_polarity_default => OVL_RESET_POLARITY_DEFAULT,
qating_type_default => OVL_GATING_TYPE_DEFAULT
  );
begin
   process
   begin
      wait for 5 ns;
      clk <= not clk;
   end process;
```

```
process
   begin
     wait for 25 ns;
     reset_n <= '1';
   end process;
   temp<= test_expr xor "0101"; --sample operation
   one_ep1: ovl_even_parity
   generic map(
      property_type => OVL_ASSERT,
      width => 4,
      controls => controls_param)
   port map(
      clock => clk,
      reset =>reset_n,
      enable =>en,
      test expr =>temp);
end architecture test_architecture;
```

This example shows you must include *work.std\_ovl\_vhdl\_components.all*, which has a package of declarations for all components. More than one checker can be included if needed.

# $\Box$

#### Note

Each checker requires its corresponding PSL code and architecture. So, include \*.psl and \*\_psl\_logic.vhd files when compiling and simulating each checker. In addition, compilers typically have a tool-specific switch for PSL files.

## std\_ulogic Wrappers

The  $std\_ovl\_u\_components.vhd$  file contains the  $std\_ovl\_u\_components$  package and ovl\\_checker\_type components that have  $std\_ulogic/std\_ulogic\_vector$  ports. These components are wrappers for the ovl\\_checker components in the  $accellera\_ovl\_vhdl$  library. As these  $std\_ulogic$  wrappers have the same entity names as the checkers in the  $accellera\_ovl\_vhdl$  library, the  $std\_ovl\_u\_components.vhd$  file should be compiled into the  $accellera\_ovl\_vhdl\_u$  library. To use these components, add the following declarations to the instantiating code:

```
library accellera_ovl_vhdl;
use accellera_ovl_vhdl.std_ovl.all;
library accellera_ovl_vhdl_u;
-- optional - not needed if using direct instantiation
use accellera_ovl_vhdl_u.std_ovl_u_components.all;
```

## **Number of Checkers in a Simulation**

To print the number of OVL checkers initialized in a simulation set *init\_msg\_ctrl* and *init\_count\_ctrl* items to OVL\_ON and include the following code:

```
library accellera_ovl_vhdl;
use accellera_ovl_vhdl.std_ovl.all;
use accellera_ovl_vhdl.std_ovl_procs.all;
use work.proj_pkg.all;
entity tb is
end entity tb;

architecture tb of tb is
...
begin
...
  ovl_print_init_count_p : process
begin
    wait for 0 ns;
    ovl_print_init_count_proc(ovl_proj_controls);
    wait; -- forever
  end process ovl_print_init_count_p;
end architecture tb;
```

## "2-state" and "X/Z-check" Assertions in VHDL

The OVL checker components contain separate sections of code that implement the "2-state" and "X/Z-check" assertion checks. These terms are derived from the use of the Verilog family of HDLs. However, the VHDL OVL implementation uses 9-state *std\_logic* values so 2-state assertion checks and X/Z checks have a slightly different meaning for the VHDL OVL checkers. Note that the VHDL implementation is fully compatible with the Verilog implementation.

Verilog OVL checkers' assertion checks are mapped to VHDL as follows:

- 2-state assertion checks:
  - Verilog 0 => VHDL '0'/'L'
  - Verilog 1 => VHDL '1'/'H'
- X/Z-checks:
  - Verilog X or Z => VHDL 'X', 'Z', 'W', 'U' or '-'.

## Synthesizing the VHDL OVL Library

All code in the pure-VHDL implementation is synthesizable—apart from the *path\_name* attribute in the architectures and the *std\_ovl\_procs.vhd* file. Until all the synthesis tool vendors support the use of the *path\_name* attribute, a synthesizable version of the architectures is provided in the *std\_ovl/vhdl93/syn\_src* directory. The order of analysis for the synthesis version of the library is as follows (ensure that the files are compiled into the *accellera\_ovl\_vhdl* library):

```
    std_ovl/std_ovl.vhd
    std_ovl/std_ovl_components.vhd
    std_ovl/vhd193/syn_src/std_ovl_procs_syn.vhd
    std_ovl/std_ovl_clock_gating.vhd
    std_ovl/std_ovl_reset_gating.vhd
    std_ovl/ovl_*.vhd
    std_ovl/vhd193/syn_src/ovl_*_rtl.vhd
```

# **Primary VHDL Packages**

## std ovl.vhd

```
-- Accellera Standard V2.8 Open Verification Library (OVL).
-- Accellera Copyright (c) 2009 - 2012. All rights reserved.
library ieee;
use ieee.std_logic_1164.all;
package std_ovl is
  -- subtypes for common generics
  subtype ovl_severity_level
                                    is integer
                                                          range -1 to 3;
  subtype ovl_severity_level_natural is ovl_severity_level range 0 to
                                                ovl_severity_level'high;
  subtype ovl_property_type
                                    is integer
                                                          range -1 to 4;
  subtype ovl_property_type_natural is ovl_property_type range 0 to
                                                 ovl_property_type'high;
  subtype ovl_coverage_level
                                    is integer
                                                          range -1 to 15;
  subtype ovl_coverage_level_natural is ovl_coverage_level range 0 to
                                                ovl_coverage_level'high;
  subtype ovl_active_edges
                                                          range -1 to 3;
                                    is integer
  subtype ovl_active_edges_natural is ovl_active_edges range 0 to
                                                  ovl_active_edges'high;
  subtype ovl_reset_polarity
                                    is integer
                                                          range -1 to 1;
  subtype ovl_reset_polarity_natural is ovl_reset_polarity range 0 to
                                                ovl_reset_polarity'high;
  subtype ovl_gating_type
                                    is integer
                                                          range -1 to 2;
  subtype ovl_gating_type_natural
                                    is ovl_gating_type
                                                        range 0 to
                                                   ovl_gating_type'high;
```

-- subtypes for checker specific generics

```
subtypeovl_necessary_conditionis integersubtypeovl_action_on_new_startis integersubtypeovl_inactiveis integer
                                                       range 0 to 2;
                                                        range 0 to 2;
                                                        range 0 to 2;
subtype ovl_positive_2
                                  is integer
                                                        range 2 to
                                                         integer'high;
subtype ovl chk overlap
                                  is integer
                                                        range 0 to 1;
-- subtypes for control constants
subtype ovl ctrl
                                   is integer
                                                        range 0 to 1;
                                  is string(1 to 50);
subtype ovl_msg_default_type
-- user modifiable library control items
type ovl_ctrl_record is record
  -- generate statement controls
 init_count_ctrl
                             : ovl ctrl;
  assert ctrl
                             : ovl ctrl;
  cover ctrl
                             : ovl ctrl;
  global_reset_ctrl
                            : ovl ctrl;
  finish_ctrl
                              : ovl_ctrl;
  gating_ctrl
                              : ovl_ctrl;
  -- user configurable library constants
                       : natural;
  max_report_error
                             : natural;
  max_report_cover_point
  runtime_after_fatal : string(1 to 10);
  -- default values for common generics
 property_type_default
  severity_level_default : ovl_severity_level_natural;
                             : ovl_property_type_natural;
                             : ovl_msg_default_type;
 coverage_level_default : ovl_coverage_level_natural; clock_edge_default : ovl_active_edges_natural; reset_polarity_default : ovl_reset_polarity_natural; gating_type_default : ovl_gating_type_natural;
  gating_type_default
                             : ovl_gating_type_natural;
end record ovl_ctrl_record;
-- global signals
-- global variable
shared variable ovl_init_count : natural := 0;
```

```
______
______
-- Hard-coded library constants
-- NOTE: These constants must not be changed by users. Users can
-- configure the library using the ovl_ctrl_record. Please see
-- "ovl ctrl record Record" on page 45.
______
______
                                       : string := "V2.8";
constant OVL VERSION
-- This constant may be changed in future releases of the library or
-- by EDA vendors.
constant OVL FIRE WIDTH
                                      : natural := 3;
constant OVL NOT SET
                                      : integer := -1;
-- generate statement control constants
constant OVL ON
                                      : ovl ctrl := 1;
constant OVL OFF
                                       : ov1 ctr1 := 0;
-- fire bit selection constants
constant OVL_FIRE_2STATE
                                      : integer := 0;
constant OVL_FIRE_XCHECK constant OVL_FIRE_COVER
                                      : integer := 1;
                                      : integer := 2;
-- severity level
constant OVL_SEVERITY_LEVEL_NOT_SET : ovl_severity_level
                                        := OVL_NOT_SET;
                                      : ovl_severity_level := 0;
constant OVL_FATAL
constant OVL ERROR
                                      : ovl severity level := 1;
constant OVL WARNING
                                      : ovl severity level := 2;
constant OVL_INFO
                                      : ovl_severity_level := 3;
-- coverage levels
constant OVL_COVERAGE_LEVEL_NOT_SET : ovl_coverage_level
                                := OVL_NOT_SET;
: ovl_coverage_level := 0;
: ovl_coverage_level := 1;
: ovl_coverage_level := 2;
: ovl_coverage_level := 4;
: ovl_coverage_level := 0;
constant OVL_COVER_NONE
constant OVL_COVER_SANITY
constant OVL_COVER_BASIC
constant OVL_COVER_CORNER
constant OVL_COVER_STATISTIC
constant OVL COVER ALL
                                      : ovl coverage level := 15;
-- property type
constant OVL_PROPERTY_TYPE_NOT_SET : ovl_property_type
                                        := OVL_NOT_SET;
constant OVL_ASSERT
                                      : ovl_property_type := 0;
constant OVL ASSUME
                                      : ovl property type := 1;
constant OVL_IGNORE
                                      : ovl_property_type := 2;
constant OVL_ASSERT_2STATE
                                     : ovl_property_type := 3;
constant OVL_ASSUME_2STATE
                                      : ovl_property_type := 4;
-- active edges
constant OVL ACTIVE EDGES NOT SET : ovl active edges
                                        := OVL NOT SET;
constant OVL_NOEDGE
                                      : ovl_active_edges := 0;
constant OVL POSEDGE
                                      : ovl active edges := 1;
constant OVL_NEGEDGE
                                      : ovl_active_edges := 2;
```

```
: ovl active edges := 3;
constant OVL ANYEDGE
-- necessary condition
constant OVL_TRIGGER_ON_MOST_PIPE : ovl_necessary_condition := 0;
constant OVL_TRIGGER_ON_FIRST_PIPE : ovl_necessary_condition := 1;
constant OVL_TRIGGER_ON_FIRST_PIPE : ovl_necessary_condition := 1;
constant OVL_TRIGGER_ON_FIRST_NOPIPE : ovl_necessary_condition := 2;
-- action on new start
constant OVL IGNORE NEW START
                                         : ovl_action_on_new_start := 0;
constant OVL_RESET_ON_NEW_START
                                          : ovl_action_on_new_start := 1;
constant OVL_ERROR_ON_NEW_START
                                         : ovl_action_on_new_start := 2;
-- inactive levels
constant OVL_ALL_ZEROS
                                          : ovl_inactive := 0;
                                          : ovl_inactive := 1;
constant OVL_ALL_ONES
constant OVL_ONE_COLD
                                          : ovl_inactive := 2;
-- reset polarity
constant OVL_RESET_POLARITY_NOT_SET : ovl_reset_polarity
                                            := OVL NOT SET;
constant OVL ACTIVE LOW
                                          : ovl reset polarity := 0;
constant OVL_ACTIVE_HIGH
                                          : ovl_reset_polarity := 1;
-- gating type
constant OVL_GATEING_TYPE_NOT_SET : ovl_gating_type
                                            := OVL_NOT_SET;
constant OVL_GATE_NONE
                                          : ovl_gating_type := 0;
constant OVL_GATE_CLOCK
                                         : ovl_gating_type := 1;
constant OVL_GATE_RESET
                                          : ovl_gating_type := 2;
-- ovl next check overlapping values
constant OVL_CHK_OVERLAP_OFF
                                         : ovl_chk_overlap := 1;
constant OVL_CHK_OVERLAP_ON
                                          : ovl_chk_overlap := 0;
-- checker xcheck type
constant OVL_IMPLICIT_XCHECK
                                          : boolean := false;
constant OVL EXPLICIT XCHECK
                                          : boolean := true;
-- default values
constant OVL_SEVERITY_DEFAULT : ovl_severity_level
                                       := OVL_ERROR;
constant OVL PROPERTY DEFAULT
                                   : ovl property type
                                       := OVL_ASSERT;
constant OVL_MSG_NUL : string(10 to ovl_msg_default_type'high)
                                       := (others => NUL);
constant OVL_MSG_DEFAULT
                                    : ovl_msg_default_type
                                       := "VIOLATION" & OVL_MSG_NUL;
constant OVL_MSG_NOT_SET
                                    : string
                                       := "";
constant OVL_COVER_DEFAULT
                                   : ovl_coverage_level
                                       := OVL_COVER_BASIC;
constant OVL_CLOCK_EDGE_DEFAULT : ovl_active_edges
                                      := OVL_POSEDGE;
constant OVL RESET POLARITY DEFAULT : ovl reset polarity
                                      := OVL ACTIVE LOW;
constant OVL_GATING_TYPE_DEFAULT
                                     : ovl_gating_type
                                       := OVL_GATE_CLOCK;
```

```
constant OVL CTRL DEFAULTS
                                        : ovl_ctrl_record := (
        -- generate statement controls
                              => OVL_ON,
        xcheck ctrl
        implicit_xcheck_ctrl
                                  => OVL_ON,
        init_msg_ctrl
                                  => OVL_OFF,
        init count ctrl
                                  => OVL OFF,
        assert ctrl
                                   => OVL ON,
        cover ctrl
                                   => OVL OFF,
        global_reset_ctrl
                                  => OVL_OFF,
                                  => OVL_ON,
        finish_ctrl
        gating_ctrl
                                    => OVL ON,
        -- user configurable library constants
                             => 15,
        max_report_error
                                => 15,
        max_report_cover_point
                                   => "100 ns ",
        runtime_after_fatal
        -- default values for common generics
        severity_level_default => OVL_SEVERITY_DEFAULT,
        property_type_default => OVL_PROPERTY_DEFAULT,
                                   => OVL_MSG_DEFAULT,
        msg_default
        coverage_level_default => OVL_COVER_DEFAULT,
clock edge default => OVL_CLOCK_EDGE_DEFAULT,
        clock_edge_default => OVL_CLOCK_EDGE_DEFAULT,
reset_polarity_default => OVL_RESET_POLARITY_DEFAULT,
gating_type_default => OVL_GATING_TYPE_DEFAULT
      );
    end package std_ovl;
std ovl procs.vhd
    -- Accellera Standard V2.8 Open Verification Library (OVL).
    -- Accellera Copyright (c) 2009 - 2012. All rights reserved.
    -- NOTE : This file not suitable for use with synthesis tools, use
              std_ovl_procs_syn.vhd instead.
    library ieee;
    use ieee.std_logic_1164.all;
    use work.std_ovl.all;
    use std.textio.all;
    package std_ovl_procs is
      -- Users must only use the ovl_set_msg and ovl_print_init_count_proc
      -- subprograms. All other subprograms are for internal use only.
      -- ovl_set_msg
      -- This allows the default message string to be set for a
      -- ovl_ctrl_record.msg_default constant.
      ______
      function ovl_set_msg (
        constant default
                                    : in string
```

```
) return string;
______
-- ovl_print_init_count_proc
-- This is used to print a message stating the number of checkers
-- that have been initialized.
_____
procedure ovl_print_init_count_proc (
 constant controls : in ovl_ctrl_record
______
-- ovl_error_proc
______
procedure ovl_error_proc (
 constant err_msg : in string;
constant severity_level : in ovl_severity_level;
constant property_type : in ovl_property_type;
constant assert_name : in string;
constant msg : in string;
constant path : in string;
constant controls : in ovl_ctrl_record;
signal fatal_sig : out std_logic;
variable error_count : inout natural
);
______
-- ovl_init_msg_proc
______
procedure ovl_init_msg_proc (
 constant severity_level : in ovl_severity_level; constant property_type : in ovl_property_type; constant assert_name : in string; constant msg : in string;
 constant msg constant path
 );
______
-- ovl_cover_proc
______
procedure ovl_cover_proc (
 constant cvr_msg : in string;
constant assert_name : in string;
constant path : in string;
constant controls : in ovl_ctrl_record;
variable cover_count : inout natural
);
```

```
.-----
-- ovl_finish_proc
______
procedure ovl_finish_proc (
constant assert_name : in string;
                  : in string;
 constant runtime_after_fatal : in string;
 signal fatal_sig
              : in std_logic
);
______
-- ovl 2state is on
______
function ovl_2state_is_on (
 constant controls : in ovl_ctrl_record;
constant property_type : in ovl_property_type
) return boolean;
______
-- ovl_xcheck_is_on
function ovl_xcheck_is_on (
constant controls : in ovl_ctrl_record;
constant property_type : in ovl_property_type;
constant explicit_x_check : in boolean
) return boolean;
______
-- ovl_get_ctrl_val
______
function ovl_get_ctrl_val (
 constant instance_val
                 : in integer;
 constant default_ctrl_val : in natural
) return natural;
______
-- ovl_get_ctrl_val
______
function ovl_get_ctrl_val (
 constant instance_val : in string;
constant default_ctrl_val : in string
) return string;
______
-- cover item set
_____
function cover_item_set (
                 : in ovl_coverage_level;
: in ovl_coverage_level
 constant level
 constant item
) return boolean;
```

```
.-----
-- ovl_is_x
function ovl_is_x (
                : in std_logic
) return boolean;
-- ovl_is_x
function ovl_is_x (
                : in std_logic_vector
) return boolean;
-- or_reduce
______
function or reduce (
                : in std_logic_vector
) return std_logic;
______
-- and_reduce
function and reduce (
                : in std_logic_vector
) return std_logic;
______
-- xor reduce
______
function xor_reduce (
                : in std_logic_vector
) return std_logic;
______
-- "sll"
        -----
function "sll" (
1
                : in std_logic_vector;
                : in integer
) return std_logic_vector;
         _____
function "srl" (
1
                : in std_logic_vector;
                : in integer
) return std_logic_vector;
______
-- unsigned comparison functions
-- Note: the width of 1 must be > 0.
```

```
______
 -- ">"
 ______
 function ">" (
  1
                      : in std_logic_vector;
  r
                      : in natural
 ) return boolean;
 ______
 -- "<"
 ______
 function "<" (
                      : in std_logic_vector;
  1
                            natural
  r
                      : in
 ) return boolean;
 ______
 type err_array is array (ovl_severity_level_natural) of string
                   (1 to 16);
 constant err_typ : err_array := (OVL_FATAL
                               => "
                                      OVL_FATAL",
                        OVL ERROR => "
                                        OVL ERROR",
                        OVL WARNING => "
                                        OVL_WARNING",
                        OVL_INFO => "
                                       OVL_INFO");
end package std_ovl_procs;
package body std_ovl_procs is
 -- Users must only use the ovl_set_msg and ovl_print_init_count_proc
 -- subprograms. All other subprograms are for internal use only.
 ______
 -- ovl_set_msg
 -- This allows the default message string to be set for a
 -- ovl ctrl record.msg default constant.
 function ovl_set_msg (
               : in string
  constant default
 ) return string is
  variable new_default : ovl_msg_default_type := (others => NUL);
   new_default(1 to default'high) := default;
   return new_default;
 end function ovl_set_msg;
```

```
-- ovl_print_init_count_proc
-- This is used to print a message stating the number of checkers that
-- have been initialized.
procedure ovl_print_init_count_proc (
 constant controls : in ovl_ctrl_record
 variable ln : line;
begin
 if ((controls.init msg ctrl = OVL ON) and
          (controls.init_count_ctrl = OVL_ON)) then
   writeline(output, ln);
   write(ln, "OVL_METRICS:
    " & integer'image(ovl_init_count) & " OVL assertions initialized");
   writeline(output, ln);
   writeline(output, ln);
end procedure ovl_print_init_count_proc;
______
-- ovl_error_proc
______
 procedure ovl_error_proc (
 constant path
                         : in string;
                         : in string;
                     : in ovl_ctrl_record;
: out std_logic;
: inout natural
 constant controls
 signal fatal_sig
 variable error_count
                         : inout natural
 variable ln : line;
 constant severity_level_ctrl : ovl_severity_level_natural :=
   ovl_get_ctrl_val(severity_level, controls.severity_level_default);
 constant property_type_ctrl : ovl_property_type_natural :=
   ovl_get_ctrl_val(property_type, controls.property_type_default);
 constant msg ctrl
                         : string
   ovl_get_ctrl_val(msg, controls.msg_default);
 error_count := error_count + 1;
 if (error count <= controls.max report error) then
   case (property_type_ctrl) is
     when OVL_ASSERT | OVL_ASSUME | OVL_ASSERT_2STATE
                   OVL_ASSUME_2STATE =>
      write(ln, err_typ(severity_level_ctrl) & " : "
               & assert_name & " : "
               & msg_ctrl & " : "
               & err msq
               & " : severity " &
                    ovl_severity_level'image(severity_level_ctrl)
               & " : time " & time'image(now)
```

```
& " " & path);
       writeline(output, ln);
     when OVL IGNORE => null;
   end case;
 end if;
 if ((severity_level_ctrl = OVL_FATAL) and
             (controls.finish_ctrl = OVL_ON)) then
   fatal_sig <= '1';</pre>
 end if;
end procedure ovl_error_proc;
-----
-- ovl_init_msg_proc
______
procedure ovl_init_msg_proc (
 constant severity_level : in ovl_severity_level;
constant property_type : in ovl_property_type;
constant assert name : in string;
 constant assert_name
                            : in string;
 constant msq
                            : in string;
 constant path
                            : in string;
                            : in ovl_ctrl_record
 constant controls
) is
 variable ln : line:
 constant severity_level_ctrl : ovl_severity_level_natural :=
   ovl_get_ctrl_val(severity_level, controls.severity_level_default);
 constant property_type_ctrl : ovl_property_type_natural :=
   ovl_get_ctrl_val(property_type, controls.property_type_default);
 constant msg_ctrl
                     : string
   ovl_get_ctrl_val(msg, controls.msg_default);
begin
 if (controls.init_count_ctrl = OVL_ON) then
   ovl_init_count := ovl_init_count + 1;
 else
   case (property_type_ctrl) is
     when OVL_ASSERT \mid OVL_ASSUME \mid OVL_ASSERT_2STATE
                     OVL_ASSUME_2STATE =>
       write(ln, "OVL_NOTE: " & OVL_VERSION & ": "
                 & assert name
                 & " initialized @ " & path
                 & "Severity: " &
                       ovl severity level'image(severity level ctrl)
                 & ", Message: " & msg_ctrl);
       writeline(output, ln);
     when OVL IGNORE => NULL;
   end case;
  end if;
end procedure ovl init msg proc;
```

```
______
-- ovl_cover_proc
______
procedure ovl_cover_proc (
 constant cvr_msg
constant assert_name
                       : in string;
                      : in string;
 constant path
                       : in string;
 constant controls
                       : in ovl_ctrl_record;
 variable cover_count
                     : inout natural
) is
 variable ln : line;
begin
 cover_count := cover_count + 1;
 if (cover_count <= controls.max_report_cover_point) then</pre>
    write(ln, "OVL_COVER_POINT : "
         & assert_name & " : "
         & cvr_msg & " : "
         & "time " & time'image(now)
         & " " & path);
   writeline(output, ln);
 end if;
end procedure ovl_cover_proc;
-----
-- ovl_finish_proc
______
procedure ovl_finish_proc (
 constant assert_name
                       : in string;
 constant path
                       : in string;
 constant runtime_after_fatal : in string;
                       : in std_logic
 signal fatal_sig
) is
 variable ln : line;
 variable runtime_after_fatal_time : time;
begin
 if (fatal_sig = '1') then
   -- convert string to time
   write(ln, runtime_after_fatal);
   read(ln, runtime_after_fatal_time);
   wait for runtime after fatal time;
               OVL : Simulation stopped due to a fatal error : " &
                      assert_name & " : " & "time " &
         time'image(now) & " " & path severity failure;
 end if;
end procedure ovl_finish_proc;
```

```
______
-- ovl_2state_is_on
______
function ovl_2state_is_on (
 constant controls : in ovl_ctrl_record;
constant property_type : in ovl_property_type
) return boolean is
 constant property_type_ctrl : ovl_property_type_natural :=
   ovl_get_ctrl_val(property_type, controls.property_type_default);
begin
 return (controls.assert_ctrl = OVL_ON) and
       (property_type_ctrl /= OVL_IGNORE);
end function ovl_2state_is_on;
______
-- ovl_xcheck_is_on
______
function ovl xcheck is on (
 constant controls : in ovl_ctrl_record;
constant property_type : in ovl_property_type;
constant explicit_x_check : in boolean
) return boolean is
 constant property_type_ctrl : ovl_property_type_natural :=
   ovl get ctrl val(property type, controls.property type default);
begin
 return (controls.assert_ctrl
                              = OVL_ON)
                                                and
                             /= OVL_IGNORE)
       (property_type_ctrl
                                               and
                              /= OVL_ASSERT_2STATE) and
       (property_type_ctrl
                         /= OVL_ASSUME_2STATE) and
       (property_type_ctrl
       (controls.xcheck ctrl
                              = OVL ON)
      ((controls.implicit_xcheck_ctrl = OVL_ON) or explicit_x_check);
end function ovl_xcheck_is_on;
______
-- ovl_get_ctrl_val
______
function ovl_get_ctrl_val (
 ) return natural is
begin
 if (instance val = OVL NOT SET) then
  return default ctrl val;
 else
   return instance val;
 end if;
end function ovl_get_ctrl_val;
```

```
______
-- ovl_get_ctrl_val
______
function ovl_get_ctrl_val (
 constant instance_val : in string;
constant default_ctrl_val : in string
) return string is
 variable msg_default_width : integer := ovl_msg_default_type'high;
begin
 if (instance_val = OVL_MSG_NOT_SET) then
   -- get width of msg_default value
  for i in 1 to ovl msg default type'high loop
    if (default_ctrl_val(i) = NUL) then
     msg_default_width := i - 1;
     exit:
    end if;
  end loop;
  return default_ctrl_val(1 to msg_default_width);
  return instance_val;
 end if;
end function ovl_get_ctrl_val;
______
-- cover_item_set
-- determines if a bit in the level integer is set or not.
______
function cover_item_set (
 constant level
                      : in ovl coverage level;
                      : in ovl_coverage_level
 constant item
) return boolean is
begin
 return ((level mod (item * 2)) >= item);
end function cover_item_set;
-----
-- ovl_is_x
function ovl_is_x (
                      : in std_logic
) return boolean is
 return is_x(s);
end function ovl_is_x;
______
-- ovl is x
function ovl_is_x (
                      : in std_logic_vector
) return boolean is
 return is x(s);
end function ovl_is_x;
```

```
______
-- or_reduce
______
function or_reduce (
                       : in std_logic_vector
) return std logic is
 variable result : std_logic;
begin
 for i in v'range loop
  if i = v' left then
    result := v(i);
   else
    result := result or v(i);
   end if;
   exit when result = '1';
 end loop;
 return result;
end function or reduce;
-- and reduce
______
function and_reduce (
                       : in std_logic_vector
) return std_logic is
 variable result : std_logic;
begin
 for i in v'range loop
  if i = v' left then
    result := v(i);
   else
    result := result and v(i);
   end if:
   exit when result = '0';
 end loop;
 return result;
end function and reduce;
-- xor_reduce
______
function xor reduce (
                       : in std_logic_vector
) return std_logic is
 variable result : std_logic;
begin
 for i in v'range loop
   if i = v' left then
    result := v(i);
   else
    result := result xor v(i);
   end if;
 end loop;
 return result;
end function xor_reduce;
```

```
______
-- "s11"
______
function "sll" (
 1
                       : in std_logic_vector;
 r
                       : in integer
) return std_logic_vector is
 return to_stdlogicvector(to_bitvector(1) sll r);
end function "sll";
-- "srl"
           ______
function "srl" (
 1
                       : in std_logic_vector;
                       : in integer
) return std_logic_vector is
 return to_stdlogicvector(to_bitvector(1) srl r);
end function "srl";
-- private functions used by "<" and ">" functions
-- unsigned_num_bits
______
function unsigned_num_bits (arg: natural) return natural is
 variable nbits: natural;
 variable n: natural;
begin
 n := arg;
 nbits := 1;
 while n > 1 loop
  nbits := nbits+1;
  n := n / 2;
 end loop;
 return nbits;
end unsigned num bits;
                -----
-- to_unsigned
function to_unsigned (arg, size: natural) return std_logic_vector is
 variable result: std_logic_vector(size-1 downto 0);
 variable i val: natural := arg;
begin
 for i in 0 to result'left loop
   if (i_val mod 2) = 0 then
    result(i) := '0';
   else result(i) := '1';
   end if;
   i_val := i_val/2;
 end loop;
 return result;
end to_unsigned;
```

```
-- unsigned comparison functions
-- Note: the width of 1 must be > 0.
function ">" (
 1
                           : in std_logic_vector;
                           : in natural
 r
) return boolean is
begin
 if is x(1) then return false; end if;
 if unsigned_num_bits(r) > 1'length then return false; end if;
 return not (1 <= to_unsigned(r, 1'length));</pre>
end function ">";
______
function "<" (
 1
                           : in std_logic_vector;
                           : in natural
) return boolean is
begin
 if is_x(1) then return false; end if;
 if unsigned_num_bits(r) > 1'length then return 0 < r; end if;</pre>
 return (1 < to_unsigned(r, 1'length));</pre>
end function "<";</pre>
```

end package body std\_ovl\_procs;

# Chapter 3 OVL Checkers

Each OVL assertion checker type has a data sheet that provides the specification for checkers of that type. This chapter lists the checker data sheets in alphabetical order by checker type. Data sheets contain the following information:

### Syntax

Syntax statement for specifying a checker of the type, with:

- Parameters/Generics parameters/generics that configure the checker.
- Ports checker ports.

### Description

Description of the functionality and usage of checkers of the type, with:

- Assertion Checks violation types (or messages) with descriptions of failures.
- Cover Points cover point messages with descriptions.
- Cover Groups cover group messages with descriptions.
- Errors\* possible errors that are not assertion failures.

#### Notes\*

Notes describing any special features or requirements.

#### See also

List of other similar checker types.

#### Examples

Examples of directives and checker applications.

<sup>\*</sup> not applicable to all checker types.

# ovl\_always

Checks that the value of an expression is TRUE.



## **Syntax**

#### ovl\_always

## **Parameters/Generics**

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |

### **Ports**

*clock* Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

Enable signal for *clock*, if *gating\_type* = OVL\_GATE\_CLOCK enable

(the default gating type) or reset (if gating\_type =

OVL GATE RESET). Ignored if gating type is OVL NONE.

test\_expr Expression that should evaluate to TRUE on the active clock

edge.

fire Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check [OVL\_FIRE\_WIDTH-1:0]

failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

## **Description**

The ovl\_always assertion checker checks the single-bit expression test\_expr at each active edge of *clock*. If *test\_expr* is not TRUE, an always check violation occurs.

#### **Assertion Checks**

ALWAYS Expression did not evaluate to TRUE.

Implicit X/Z Checks

test expr contains X or Z Expression value was X or Z.

## **Cover Points**

none

## **Cover Groups**

none

## See also

ovl always on edge ovl never ovl\_implication ovl\_proposition

## **Example**

```
ovl_always #(
                                                      // severity_level
   'OVL_ERROR,
   'OVL_ASSERT,
                                                      // property_type
   "Error: reg_a < reg_b is not TRUE",
                                                      // msg
   'OVL COVER NONE,
                                                      // coverage_level
   'OVL_POSEDGE,
                                                      // clock_edge
   'OVL_ACTIVE_LOW,
                                                      // reset_polarity
   'OVL_GATE_CLOCK)
                                                      // gating_type
   reg_a_lt_reg_b (
      clock,
                                                      // clock
      reset,
                                                      // reset
      enable,
                                                      // enable
      reg_a < reg_b,
      fire);
                                                      // test_expr
Checks that (reg\_a < reg\_b) is TRUE at each rising edge of clock.
                      clock
                      reset
                reg_a < reg_b
                               ALWAYS Error: reg_a < reg_b is not TRUE
```

# ovl\_always\_on\_edge

Checks that the value of an expression is TRUE when a sampling event undergoes a specified transition.



# **Syntax**

#### ovl\_always\_on\_edge

## **Parameters/Generics**

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| edge_type      | Transition type for sampling event: OVL_NOEDGE, OVL_POSEDGE, OVL_NEGEDGE or OVL_ANYEDGE. Default: OVL_NOEDGE.  |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |

#### **Ports**

| clock                                | Clock event for the assertion.                                                                                                                                                                         |
|--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| reset                                | Synchronous reset signal indicating completed initialization.                                                                                                                                          |
| enable                               | Enable signal for <i>clock</i> , if <i>gating_type</i> = OVL_GATE_CLOCK (the default gating type) or <i>reset</i> (if <i>gating_type</i> = OVL_GATE_RESET). Ignored if <i>gating_type</i> is OVL_NONE. |
| sampling_event                       | Expression that (along with <i>edge_type</i> ) identifies when to evaluate and test <i>test_expr</i> .                                                                                                 |
| test_expr                            | Expression that should evaluate to TRUE on the active clock edge.                                                                                                                                      |
| <pre>fire [OVL_FIRE_WIDTH-1:0]</pre> | Fire output. Assertion failure when <i>fire</i> [0] is TRUE. X/Z check failure when <i>fire</i> [1] is TRUE. Cover event when <i>fire</i> [2] is TRUE.                                                 |

## **Description**

The ovl\_always\_on\_edge assertion checker checks the single-bit expression *sampling\_event* for a particular type of transition. If the specified transition of the sampling event occurs, the single-bit expression *test\_expr* is evaluated at the active edge of *clock* to verify the expression does not evaluate to FALSE.

The *edge\_type* parameter determines which type of transition of *sampling\_event* initiates the check:

- OVL\_POSEDGE performs the check if *sampling\_event* transitions from FALSE to TRUE.
- OVL\_NEGEDGE performs the check if *sampling\_event* transitions from TRUE to FALSE.
- OVL\_ANYEDGE performs the check if *sampling\_event* transitions from TRUE to FALSE or from FALSE to TRUE.
- OVL\_NOEDGE always initiates the check. This is the default value of *edge\_type*. In this case, *sampling\_event* is never sampled and the checker has the same functionality as ovl\_always.

The checker is a variant of ovl\_always, with the added capability of qualifying the assertion with a sampling event transition. This checker is useful when events are identified by their transition in addition to their logical state.

#### **Assertion Checks**

Expression evaluated to FALSE when the sampling event transitioned as specified by *edge\_type*.

## Implicit X/Z Checks

```
\begin{array}{ll} test\_expr\ contains\ X\ or\ Z & Expression\ value\ was\ X\ or\ Z. \\ sampling\_event\ contains\ X & Sampling\ event\ value\ was\ X\ or\ Z. \\ or\ Z & \end{array}
```

#### **Cover Points**

none

## **Cover Groups**

none

## See also

```
ovl_alwaysovl_neverovl_implicationovl_proposition
```

## **Examples**

## Example 1

```
ovl_always_on_edge #(
   'OVL_ERROR,
                                                   // severity_level
                                                   // edge_type
   'OVL_POSEDGE,
                                                   // property_type
   'OVL_ASSERT,
   "Error: new req when FSM not ready",
                                                   // msg
   'OVL_COVER_NONE,
                                                   // coverage_level
   'OVL_POSEDGE,
                                                   // clock_edge
   'OVL_ACTIVE_LOW,
                                                   // reset_polarity
   'OVL_GATE_CLOCK )
                                                   // gating_type
   request_when_FSM_idle (
                                                   // clock
// reset
      clock,
      reset,
      enable,
                                                   // enable
      req,
                                                   // sampling_event
      state == 'IDLE,
                                                   // test_expr
      fire_request_when_FSM_idle);
                                                   // fire
```

Checks that (*state* == 'IDLE) is TRUE at each rising edge of *clock* when *req* transitions from FALSE to TRUE.



ALWAYS\_ON\_EDGE Error: new req when FSM not ready

## Example 2

```
ovl_always_on_edge #(
   'OVL_ERROR,
                                                    // severity_level
   'OVL_ANYEDGE,
                                                    // edge_type
   'OVL_ASSERT,
                                                    // property_type
   "Error: req transition when FSM not idle",
                                                    // msg
                                                    // coverage_level
   'OVL_COVER_NONE,
   'OVL_POSEDGE,
                                                    // clock_edge
   'OVL_ACTIVE_LOW,
                                                    // reset_polarity
   'OVL_GATE_CLOCK )
                                                    // gating_type
   req_transition_when_FSM_idle (
      clock,
                                                    // clock
      reset,
                                                      reset
      enable,
                                                    // enable
      req,
                                                       sampling_event
      state == 'IDLE,
                                                    // test_expr
      fire_req_transition_when_FSM_idle);
                                                    // fire
```

Checks that (*state* == '*IDLE*) is TRUE at each rising edge of *clock* when *req* transitions from TRUE to FALSE or from FALSE to TRUE.



ALWAYS\_ON\_EDGE Error: req transition when FSM not idle

## Example 3

```
ovl_always_on_edge #(
                                                        // severity_level
// edge_type
   'OVL_ERROR,
   'OVL_NOEDGE,
   'OVL_ASSERT,
                                                        // property_type
   "Error: req when FSM not idle",
                                                        // msg
   'OVL_COVER_NONE,
                                                        // coverage_level
   'OVL_POSEDGE,
                                                        // clock_edge
   'OVL_ACTIVE_LOW,
                                                        // reset_polarity
   'OVL_GATE_CLOCK )
                                                        // gating_type
   req_when_FSM_idle (
                                                        // clock
// reset
       clock,
       reset,
       enable,
                                                        // enable
       1'b0,
                                                        // sampling_event
       !req || (state == 'IDLE),
                                                       // test_expr
       fire_req_when_FSM_idle);
                                                        // fire
Checks that (!req || (state == `IDLE)) is TRUE at each rising edge of clock.
                   clock
                   reset
                    req
                   state
                                             'IDLE
                                                               WAIT
                           ALWAYS_ON_EDGE Error: req when FSM not idle
```

# ovl\_arbiter

Checks that a resource arbiter provides grants to corresponding requests according to a specified arbitration scheme and within a specified time window.

#### **Parameters/Generics:**

priority\_check

severity\_levelone\_cycle\_gnt\_checkwidthproperty\_typepriority\_widthmsgmin\_ckscoverage\_levelmax\_cksclock\_edgearbitration\_rulereset\_polarity

gating\_type

Class: event-bounded assertion

## **Syntax**

#### ovl\_arbiter

#### Parameters/Generics

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                            |
|----------------|------------------------------------------------------------------------------------------------|
| width          | Width of reqs and gnts ports (number of channels). Default: 2.                                 |
| priority_width | Number of bits to encode a priority value in <i>priorities</i> . Default: 1.                   |
| min_cks        | Minimum number of clock cycles after a request that its grant can be issued. If <i>min cks</i> |

arbitration\_rule Arbitration scheme used by the arbiter. This parameter turns on

the corresponding check for the arbitration scheme.

arbitration\_rule = 0 (Default) no scheme

arbitration rule = 1 fair (round robin)

arbitration\_rule = 2 FIFO

arbitration\_rule = 3 least-recently used

priority\_check Whether or not to perform priority checks.

priority\_check = 0 (Default)
Turns off the priority check.

 $priority\_check = 1$ 

Turns on the priority check. The  $min\_cks$  parameter must be 0

or 1.

property\_type Property type. Default: OVL\_PROPERTY\_DEFAULT

(OVL\_ASSERT).

msg Error message printed when assertion fails. Default:

OVL MSG DEFAULT ("VIOLATION").

coverage\_level Coverage level. Default: OVL\_COVER\_DEFAULT

(OVL\_COVER\_BASIC).

clock\_edge Active edge of the clock input. Default:

OVL CLOCK EDGE DEFAULT (OVL POSEDGE).

reset\_polarity Polarity (active level) of the reset input. Default:

OVL\_RESET\_POLARITY\_DEFAULT

(OVL\_ACTIVE\_LOW).

gating\_type Gating behavior of the checker when enable is FALSE. Default:

OVL\_GATING\_TYPE\_DEFAULT (OVL\_GATE\_CLOCK).

#### **Ports**

*clock* Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

enable Enable signal for *clock*, if *gating\_type* = OVL\_GATE\_CLOCK

(the default gating type) or reset (if gating\_type =

OVL\_GATE\_RESET). Ignored if *gating\_type* is OVL\_NONE.

reqs[width-1:0] Concatenation of request signals to the arbiter. Each bit in the

vector is a request from the corresponding channel.

priorities

[priority\_width\*width

-1:0]

Concatenation of non-negative integer values corresponding to the request priorities of the corresponding *req* channels (0 is the lowest priority). If the priority check is on, *priorities* must not change while any channel is waiting for a grant (otherwise certain checks might produce incorrect results). If the priority check is off, this port is ignored (however, the port must be configured with the specified width).

| gnts[width-1:0]                      | Concatenation of grant signals from the arbiter. Each bit in the vector is a grant to the corresponding channel.                                       |
|--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------|
| <pre>fire [OVL_FIRE_WIDTH-1:0]</pre> | Fire output. Assertion failure when <i>fire</i> [0] is TRUE. X/Z check failure when <i>fire</i> [1] is TRUE. Cover event when <i>fire</i> [2] is TRUE. |

## **Description**

The ovl\_arbiter checker checks that an arbiter follows a specified arbitration process. The checker checks *reqs* and *gnts* at each active edge of *clock*. These are two bit vectors representing respectively requests from the channels and grants from the arbiter. Both vectors have the same size (width), which is the same as the number of channels.

A request from a channel is signaled by asserting its corresponding *reqs* bit, which should be followed (according to the configured arbitration rules) by a responding assertion of the same bit in *gnts*. If a request deasserts before the arbiter issues the corresponding grant, all checks for that request are cancelled. If a request remains asserted in the cycle its grant is issued, a new request is assumed.

The ovl\_arbiter checker checks the following rules:

- A grant should not be issued to a channel without a request.
- A grant asserts for one cycle (unless the grant is for consecutive requests).
- A grant should be issued in the time window specified by [min\_cks:max\_cks] after its request.

The ovl\_arbiter checker can be configured to check that at most one grant is issued each cycle (i.e., a single grant at a time).

The ovl\_arbiter checker also can be configured to check a specific arbitration scheme by turning the priority check on or off and selecting a value for *arbitration\_rule*. The combination of the two selections determines the expected arbitration scheme.

• Primary rule.

If the priority check is on, priority arbitration is the primary rule. When a request is made, the values in *priorities* are the priorities of the corresponding channels in ascending priority order (a value of 0 is the lowest priority). If multiple requests are pending, the grant should be issued to the channel with the highest priority. If more than one channel has the highest priority, the grant is made according to the secondary rule (applied to the channels with that priority).

If the priority check is off, only the secondary rule is used to arbitrate the grant.

### • Secondary rule.

The secondary rule is determined by the *arbitration\_rule* parameter. This rule applies to the channels with the highest priority if the priority check is on and to all channels if the priority check is off. If *arbitration\_rule* is 0, no secondary rule is assumed (if the priority check is on and multiple channels have the highest priority, any of them can receive the grant). If the priority check is off, no arbitration scheme checks are performed.

If *arbitration\_rule* is not 0, the secondary rule is one of the following:

• Fairness or round-robin rule (*arbitration\_rule* is 1).

Grant is not issued to a (high-priority) channel that has received a grant while another channel's request is pending.

• First-in first-out (FIFO) rule (*arbitration\_rule* is 2).

Grant is issued to a (high-priority) channel with the longest pending request.

• Least-recently used (LRU) rule (*arbitration\_rule* is 3).

Grant is issued to a (high-priority) channel whose previous grant was issued the longest time before the current cycle.

## **Assertion Checks**

| Grant was issued without a request.  Gnt bit was TRUE, but the corresponding req bit was not TRUE or transitioning from TRUE.                                                                                                      |
|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Grant was asserted for longer than 1 cycle. Grant was TRUE for 2 cycles in response to only one request.                                                                                                                           |
| Grant was not issued within the specified time window.  Grant was issued before <i>min_cks</i> cycles or no grant was issued by <i>max_cks</i> cycles.                                                                             |
| Grant was issued for a request other than the highest priority request.  priority_check = 1  Grant was issued, but another pending request had higher priority than all the requests that received grants.                         |
| Two grants were issued to the same channel while another channel's request was pending.  arbitration_rule = 1  Two grants were issued to a channel while a request from another channel was pending (violating the fairness rule). |
|                                                                                                                                                                                                                                    |

FIFO Grant was issued for a request that was not the

longest pending request.
 arbitration\_rule = 2

Grant was issued, but one or more other (high priority) requests were pending longer than the granted request

(violating the FIFO rule).

LRU Grant was issued to a channel that was more-recently

used than another channel with a pending request.

arbitration\_rule = 3

Grant was issued, but another channel with a pending (high priority) request received its previous grant before the granted channel received its previous grant (violating the fairness

rule).

SINGLE\_GRANT Multiple grants were issued in the same clock cycle.

one\_cycle\_gnt\_check = 1

More than one *gnts* bit was TRUE in the same clock cycle.

Implicit X/Z Checks

reqs contains X or Z Requests contained X or Z bits. Because this value is held

internally, the checker cannot operate correctly until reset.

grants contains X or Z Grants contained X or Z bits. Because this value is held

internally, the checker cannot operate correctly until reset.

priorities contains X or Z Priorities contained X or Z bits.

**Cover Points** 

cover\_req\_granted BASIC — Number of granted requests for each channel.

cover\_req\_aborted BASIC — Number of aborted requests for each channel.

cover\_req\_granted\_at\_ CORNER — Number of times grant was issued min\_cks cycles

min\_cks after its request was asserted.

cover\_req\_granted\_at\_ CORNER — Number of times grant was issued max\_cks cycles

max\_cks after its request was asserted.

time\_to\_grant STATISTIC — Reports the number of requests granted at each

cycle in the time window.

concurrent\_requests STATISTIC — Reports for each channel, the number of times

each other channel had requests concurrent with that channel.

## **Cover Groups**

time\_to\_grant

Number of grants with the specified request-to-grant latency. Bins are:

- *time\_to\_grant\_good[min\_cks:max\_cks]* bin index is the observed latency in clock cycles.
- *time\_to\_grant\_bad* default.

concurrent\_requests

Number of cycles with the specified number of concurrent requests. Bins are:

• observed\_reqs\_good[1:width] — bin index is the number of concurrent requests.

# ovl bits

Checks that the number of asserted (or deasserted) bits of the value of an expression is within a specified range.



# **Syntax**

```
ovl_bits
```

## **Parameters/Generics**

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                         |
|----------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| width          | Width of the <i>test_expr</i> argument. Default: 1.                                                                                                                         |
| asserted       | Whether to count asserted or deasserted bits.  asserted = 0 Counts FALSE (deasserted) bits.  asserted = 1 (Default) Counts TRUE (asserted) bits.                            |
| min            | Whether or not to perform min checks. Default: 1.  min = 0  Turns off the min check.  min ≥ 1  Minimum number of bits in test_expr that should be asserted (or deasserted). |
| max            | Maximum number of bits in $test\_expr$ that should be asserted (or deasserted). $Max$ must be $\ge min$ . Default: 1.                                                       |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                                                                                  |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                                                                                         |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                                                                               |

clock edge Active edge of the *clock* input. Default:

OVL CLOCK EDGE DEFAULT (OVL POSEDGE).

reset\_polarity Polarity (active level) of the *reset* input. Default:

OVL\_RESET\_POLARITY\_DEFAULT

(OVL ACTIVE LOW).

Gating behavior of the checker when *enable* is FALSE. Default: gating\_type

OVL GATING TYPE DEFAULT (OVL GATE CLOCK).

## **Ports**

clock Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

enable Enable signal for *clock*, if *gating type* = OVL GATE CLOCK

(the default gating type) or reset (if gating type =

OVL GATE RESET). Ignored if gating type is OVL NONE.

test\_expr[width-1:0] Variable or expression to check.

fire Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check [OVL\_FIRE\_WIDTH-1:0]

failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

## **Description**

The ovl\_bits checker checks the multiple-bit expression test\_expr at each active edge of clock and counts the number of TRUE bits (if asserted is 1) or FALSE bits (if asserted is 0). If the count is < min a min violation occurs and if the count is > max, a max violation occurs. X and Z bits are not included in the bit count.

## **Assertion Checks**

Fewer than 'min' bits were asserted. MIN

min > 0 and asserted = 1

The number of TRUE bits in the value of test expr was less

than the minimum specified by min. Fewer than 'min' bits were deasserted.

min > 0 and asserted = 0

The number of FALSE bits in the value of *test expr* was less

than the minimum specified by min.

More than 'max' bits were asserted. MAX

asserted = 1

The number of TRUE bits in the value of test expr was more

than the maximum specified by max.

More than 'max' bits were deasserted.

asserted = 0

The number of FALSE bits in the value of test expr was

more than the maximum specified by max.

# OVL Checkers ovl bits

Illegal parameter
values set where
min > max

Max is not 0, but max < min.

### Implicit X/Z Checks

test\_expr contains X or Z

Expression contained X or Z bits.

## **Cover Points**

cover\_values\_checked

SANITY — Number of cycles *test\_expr* changed value.

cover\_bits\_within\_

BASIC — Number of cycles the number of counted *test\_expr* 

limit

bits was in range.

cover\_bits\_at\_min

CORNER — Number of cycles the number of counted *test\_expr* 

bits was min.

cover\_bits\_at\_max

CORNER — Number of cycles the number of counted *test\_expr* 

bits was max.

## **Cover Groups**

none

## See also

ovl\_mutex ovl\_one\_cold

ovl\_one\_hot

## **Examples**

```
ovl_bits #(
   'OVL_ERROR,
                                                   // severity_level
                                                   // width
   4,
   1,
                                                   // asserted
   1,
                                                   // min
   2,
                                                   // max
   'OVL_ASSERT,
                                                   // property_type
   "Error: ID select bits out of range.",
                                                   // msg
   'OVL_COVER_NONE,
                                                   // coverage_level
   'OVL_POSEDGE,
                                                   // clock_edge
   'OVL ACTIVE LOW,
                                                   // reset polarity
   'OVL_GATE_CLOCK )
                                                   // gating_type
   ovl_id_sel_bits_in_range (
                                                   // clock
      clk,
                                                   // reset
      reset,
                                                   // enable
      id_ok,
      id sel,
                                                   // test_expr
      fire_id_sel_bits);
                                                   // fire
```

Checks that id\_sel has exactly 1 or 2 TRUE bits each clk cycle id\_ok is TRUE.



# ovl\_change

Checks that the value of an expression changes within a specified number of cycles after a start event initiates checking.



# **Syntax**

```
ovl_change
      [#(severity_level, width, num_cks, action_on_new_start,
         property_type, msg, coverage_level, clock_edge, reset_polarity,
         gating_type)]
   instance_name (clock, reset, enable, start_event, test_expr, fire);
```

## Parameters/Generics

| severity_level      | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                                                                                                                    |
|---------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| width               | Width of the <i>test_expr</i> argument. Default: 1.                                                                                                                                                                                                                    |
| num_cks             | Number of cycles to check for a change in the value of <i>test_expr</i> . Default: 1.                                                                                                                                                                                  |
| action_on_new_start | Method for handling a new start event that occurs before <i>test_expr</i> changes value or <i>num_cks</i> clock cycles transpire without a change. Values are: OVL_IGNORE_NEW_START, OVL_RESET_ON_NEW_START and OVL_ERROR_ON_NEW_START. Default: OVL_IGNORE_NEW_START. |
| property_type       | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                                                                                                                                                                             |
| msg                 | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                                                                                                                                                                                    |
| coverage_level      | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                                                                                                                                                                          |
| clock_edge          | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                                                                                                                                                                                  |

Polarity (active level) of the *reset* input. Default: reset\_polarity

OVL\_RESET\_POLARITY\_DEFAULT

(OVL ACTIVE LOW).

gating\_type Gating behavior of the checker when *enable* is FALSE. Default:

OVL GATING TYPE DEFAULT (OVL GATE CLOCK).

#### **Ports**

Clock event for the assertion. clock

reset Synchronous reset signal indicating completed initialization.

enable Enable signal for *clock*, if *gating\_type* = OVL\_GATE\_CLOCK

(the default gating type) or reset (if gating\_type =

OVL\_GATE\_RESET). Ignored if *gating\_type* is OVL\_NONE.

Expression that (along with action on new start) identifies start\_event

when to start checking test expr.

test\_expr[width-1:0] Expression that should change value within *num\_cks* cycles from

the start event unless the check is interrupted by a valid new start

event.

fire Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check [OVL\_FIRE\_WIDTH-1:0]

failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

## **Description**

The ovl change assertion checker checks the expression start event at each active edge of clock to determine if it should check for a change in the value of test\_expr. If start\_event is sampled TRUE, the checker evaluates test expr and re-evaluates test expr at each of the subsequent num\_cks active edges of clock. If the value of test\_expr has not changed from its start value by the last of the *num cks* cycles, the assertion fails.

The method used to determine how to handle a new start event, when the checker is in the state of checking for a change in *test\_expr*, is controlled by the *action\_on\_new\_start* parameter. The checker has the following actions:

OVL\_IGNORE\_NEW\_START

The checker does not sample *start\_event* for the next *num\_cks* cycles after a start event (even if *test\_expr* changed).

OVL RESET ON NEW START

The checker samples *start\_event* every cycle. If a check is pending and the value of start event is TRUE, the checker terminates the pending check (no violation occurs even if the current cycle is *num\_cks* cycles after the start event and *test\_expr* has not changed) and initiates a new check with the current value of test expr.

## OVL\_ERROR\_ON\_NEW\_START

The checker samples *start\_event* every cycle. If a check is pending and the value of *start\_event* is TRUE, the assertion fails with an illegal start event violation. In this case, the checker does not initiate a new check and does not terminate a pending check.

The checker is useful for ensuring proper changes in structures after various events, such as verifying synchronization circuits respond after initial stimuli. For example, it can be used to check the protocol that an "acknowledge" occurs within a certain number of cycles after a "request". It also can be used to check that a finite-state machine changes state after an initial stimulus.

## **Assertion Checks**

CHANGE The test expr expression did not change value for num cks

cycles after start\_event was sampled TRUE.

illegal start event The action\_on\_new\_start parameter is set to

OVL\_ERROR\_ON\_NEW\_START and *start\_event* expression evaluated to TRUE while the checker was in the state of checking

for a change in the value of test expr.

### Implicit X/Z Checks

test\_expr contains X or Z Expression value contained X or Z bits.

start\_event contains X or Z Start event value was X or Z.

#### **Cover Points**

cover\_window\_open BASIC — A change check was initiated.

cover\_window\_close BASIC — A change check lasted the full num cks cycles. If no

assertion failure occurred, the value of test\_expr changed in the

last cycle.

OVL\_RESET\_ON\_NEW\_START, and *start\_event* was sampled TRUE while the checker was monitoring *test\_expr*, but it had not

changed value.

## **Cover Groups**

none

## See also

```
ovl_timeovl_win_unchangeovl_unchangeovl_windowovl_win_changeovl_window
```

## **Examples**

## Example 1

```
ovl_change #(
                                                   // severity_level
   'OVL_ERROR,
   1,
                                                   // width
                                                   // num_cks
   3,
                                                   // action_on_new_start
   'OVL_IGNORE_NEW_START,
   'OVL_ASSERT,
                                                   // property_type
   "Error: invalid synchronization",
                                                   // msq
   'OVL_COVER_DEFAULT,
                                                   // coverage level
   'OVL_POSEDGE,
                                                   // clock_edge
   'OVL_ACTIVE_LOW,
                                                   // reset_polarity
   'OVL_GATE_CLOCK)
                                                   // gating_type
   valid_sync_out (
                                                   // clock
      clock,
                                                   // reset
      reset,
      enable,
                                                   // enable
      sync == 1,
                                                   // start_event
      out,
                                                   // test_expr
      fire_valid_sync_out);
                                                   // fire
```

Checks that *out* changes within 3 cycles after *sync* asserts. New starts are ignored.



## Example 2

```
ovl_change #(
                                                    // severity_level
// width
   'OVL_ERROR,
   1,
   3,
                                                    // num_cks
   'OVL_RESET_ON_NEW_START,
                                                    // action_on_new_start
   'OVL_ASSERT,
                                                    // property_type
   "Error: invalid synchronization",
                                                    // msg
   'OVL_COVER_DEFAULT,
                                                    // coverage_level
   'OVL_POSEDGE,
                                                    // clock_edge
   'OVL_ACTIVE_LOW,
                                                    // reset_polarity
   'OVL_GATE_CLOCK )
                                                    // gating_type
   valid_sync_out (
                                                    // clock
      clock,
                                                    // reset
      reset,
      enable,
                                                    // enable
      sync == 1,
                                                    // start_event
      out,
                                                    // test_expr
      fire_valid_sync_out);
                                                    // fire
```

Checks that *out* changes within 3 cycles after *sync* asserts. A new start terminates the pending check and initiates a new check.



## Example 3

```
ovl_change #(
                                                   // severity_level
// width
   'OVL_ERROR,
   1,
   3,
                                                   // num_cks
                                                   // action_on_new_start
   'OVL_ERROR_ON_NEW_START,
   'OVL_ASSERT,
                                                   // property_type
   "Error: invalid synchronization",
                                                   // msg
   'OVL_COVER_DEFAULT,
                                                   // coverage_level
   'OVL_POSEDGE,
                                                   // clock_edge
   'OVL_ACTIVE_LOW,
                                                   // reset_polarity
   'OVL_GATE_CLOCK )
                                                   // gating_type
   valid_sync_out (
                                                   // clock
      clock,
      reset,
                                                   // reset
      enable,
                                                   // enable
      sync == 1,
                                                   // start_event
      out,
                                                   // test_expr
      fire_valid_sync_out );
                                                   // fire
```

Checks that *out* changes within 3 cycles after *sync* asserts. A new start reports an *illegal start event* violation (without initiating a new check) but any pending check is retained (even on the last check cycle).



# ovl\_code\_distance

Checks that when an expression changes value, the number of bits in the new value that are different from the bits in the value of a second expression is within a specified range.



# **Syntax**

## **Parameters/Generics**

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| width          | Width of test_expr and test_expr2. Default: 1.                                                                 |
| min            | Minimum code distance. Default: 1.                                                                             |
| max            | Maximum code distance. Default: 1.                                                                             |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |

## **Ports**

| clock                                | Clock event for the assertion.                                                                                                                                                                         |
|--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| reset                                | Synchronous reset signal indicating completed initialization.                                                                                                                                          |
| enable                               | Enable signal for <i>clock</i> , if <i>gating_type</i> = OVL_GATE_CLOCK (the default gating type) or <i>reset</i> (if <i>gating_type</i> = OVL_GATE_RESET). Ignored if <i>gating_type</i> is OVL_NONE. |
| test_expr1[width-1:0]                | Variable or expression to check when its value changes.                                                                                                                                                |
| test_expr2[width-1:0]                | Variable or expression from which the code distance from <i>test_expr1</i> is calculated.                                                                                                              |
| <pre>fire [OVL_FIRE_WIDTH-1:0]</pre> | Fire output. Assertion failure when <i>fire</i> [0] is TRUE. X/Z check failure when <i>fire</i> [1] is TRUE. Cover event when <i>fire</i> [2] is TRUE.                                                 |

## **Description**

The ovl\_code\_distance assertion checker checks the expression *test\_expr1* at each active edge of *clock* to determine if *test\_expr1* has changed value. If so, the checker evaluates a second expression *test\_expr2* and calculates the absolute value of the difference between the two values (called the *code distance*). If the code distance is < *min* or > *max*, the assertion fails and a code\_distance violation occurs.

## **Assertion Checks**

| CODE_DISTANCE | Code distance was not within specified limits.               |
|---------------|--------------------------------------------------------------|
|               | Code distance from test_expr1 to test_expr2 is less than min |
|               | or greater than max.                                         |

## Implicit X/Z Checks

| test_expr1 contains X or Z | Expression contained X or Z bits.        |
|----------------------------|------------------------------------------|
| test_expr2 contains X or Z | Second expression contained X or Z bits. |

## **Cover Points**

| <pre>cover_test_expr_ changes</pre>          | SANITY — Number of cycles <i>test_expr1</i> changed value.                                                                                                |
|----------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------|
| <pre>cover_code_distance_ within_limit</pre> | BASIC — Number of cycles <i>test_expr1</i> changed to a value whose code distance from <i>test_expr2</i> was in the range from <i>min</i> to <i>max</i> . |
| observed_code_<br>distance                   | BASIC — Reports the code distances that occurred at least once.                                                                                           |
| <pre>cover_code_distance_<br/>at_min</pre>   | CORNER — Number of cycles <i>test_expr1</i> changed to a value whose code distance from <i>test_expr2</i> was <i>min</i> .                                |

cover\_code\_distance\_
at\_max

CORNER — Number of cycles *test\_expr1* changed to a value whose code distance from *test\_expr2* was *max*.

## **Cover Groups**

observed\_code\_distance

Number of cycles *test\_expr1* changed to a value having the specified code distance from *test\_expr2*. Bins are:

- *observed\_code\_distance\_good[min:max]* bin index is the code distance from *test\_expr2*.
- *observed\_code\_distance\_bad* default.

# ovl\_coverage

Ensures that an HDL statement is covered during simulation.



## **Syntax**

#### ovl\_coverage

### Parameters/Generics

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |
|                |                                                                                                                |

## **Ports**

| clock  | Clock event for the checker. The checker samples on the rising edge of the clock. |
|--------|-----------------------------------------------------------------------------------|
| reset  | Synchronous reset signal indicating completed initialization.                     |
| enable | Expression that indicates whether or not to check <i>test_expr</i> .              |

# OVL Checkers ovl\_coverage

fire [OVL\_FIRE\_WIDTH-1:0] Signal or expression to check.

Fire output. Assertion failure when fire[0] is TRUE. X/Z check failure when fire[1] is TRUE. Cover event when fire[2] is TRUE.

## **Description**

The *test\_expr* must not be 1 when the checker is enabled. The checker checks the single-bit expression *test\_expr* at each rising edge of *clock* whenever *enable* is TRUE. If *test\_expr* is 1, the assertion fails and *msg* is printed.

This checker is used to determine coverage of the *test\_expr* and to gather coverpoint data. As such, the sense of the assertion is reversed. Unlike other OVL checkers (which verify assertions that are not expected to fail), *ovl\_coverage* checkers' assertions are intended to fail. You can set *property\_type* to `OVL\_IGNORE to disable the OVL\_COVERED assertion check, but retain the collection of cover point data.

## **Assertion Checks**

COVERAGE The HDL statement was covered.

Expression evaluated to 1.

#### Implicit X/Z Checks

test expr contains X or Z Expression contained X or Z bits.

### **Cover Points**

cover\_values\_checked SANITY — Number of cycles test\_expr changed value.

cover\_computations\_ checked STATISTIC — Number of times test\_expr was 1 when enable was TRUE.

#### **Cover Groups**

None

## See also

ovl\_value\_coverage

# **Examples**

```
ovl_coverage #(
    .severity_level('OVL_INFO),
    .property_type('OVL_ASSERT),
    .msg("OVL_COVERAGE: queue full"),
    .coverage_level('OVL_COVER_ALL))
    ovl_cover_queue_state_full(
        .clock(clock),
        .reset(reset),
        .enable(accept_requests),
        .test_expr(cur_state == FULL),
.fire(fire));
```

Issues a coverage message when *accept\_requests* is TRUE and *cur\_state* is FULL at the rising edge of *clock*.



# ovl crc

Ensures that the CRC checksum values for a specified expression are calculated properly.



**Class:** event-bounded assertion

# **Syntax**

## **Parameters/Generics**

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                                                                                                                                                                                                                                                                                                                                 |  |  |
|----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|
| width          | Width of test_expr. Default: 1.                                                                                                                                                                                                                                                                                                                                                                                                                                                     |  |  |
| data_width     | Width of a data item in the message stream.  data_width = 0  Data item width is width bits (i.e., test_expr holds a complete data item).  data_width = n × width (n > 0)  Data item width is n times the width of test_expr. Each data item is the concatenation of the values of test_expr collected over n valid cycles. For example, if test_expr has the values 2'b11, 2'b10, 2'b01 and 2'b10 over 4 consecutive valid cycles, then the corresponding data item is 8'b11100110. |  |  |
| crc_width      | Degree of the CRC generator polynomial, width of the CRC checksum and width of the <i>crc</i> port (if <i>crc_enable</i> is 1). Default:                                                                                                                                                                                                                                                                                                                                            |  |  |

5.

crc enable

Which data port contains the input CRC value.

crc\_enable = 0 (Default)

Test\_expr contains the input CRC value. Crc\_width cannot be < width, or a CRC check violation occurs each compare cycle. The crc port is ignored.

 $crc\_enable = 1$ 

The *crc* port contains the complete input CRC value.

crc latch enable

Whether or not to latch the internal CRC register value.

crc\_latch\_enable = 0 (Default)

The current value of the CRC register is compared with the input CRC value when *compare* asserts. The *crc\_latch* port is ignored.

crc\_latch\_enable = 1

The current value of the CRC register is latched if *crc\_latch* is TRUE. The latched CRC value is compared with the input CRC value when *compare* asserts.

polynomial

Normal representation of the CRC generator polynomial. Equal to the concatenation of the polynomial coefficients in descending order, skipping the high-order coefficient. For example, the *polynomial* value representing:

$$x^{16} + x^{12} + x^5 + 1$$

is 4h'1021 (16'b0001 0000 0010 0001). Default: 5'b00101 ( $x^5 + x^2 + 1$ )

standard\_polynomial

Polynomial to use if *polynomial* is 0:

- 1 CRC-5-USB (2'h05)
- 2 CRC-7 (2'h09)
- 3 CRC-16-CCITT (4'h1021)
- 4 CRC-32-IEEE802.3 (8'h04C11DB7)
- 5 CRC-64-ISO (16'h000000000000001B)

initial\_value

Initial value of the internal CRC register.

initial\_value = 0 (Default)

All 0's, for example: 8'h00000000.

initial\_value = 1

All 1's, for example: 8'b11111111.

initial value = 2

Alternating 10's, for example: 8'b10101010.

initial value = 3

Alternating 01's, for example: 8'b01010101.

1sb first

Bit order in the CRC register.

1sb first = 0 (Default)

MSB first bit order.

 $lsb\_first = 1$ 

LSB first bit order (i.e., reflected).

big endian Byte order of a message data item.  $big\_endian = 0$  (Default) Little-endian byte order.  $big\_endian = 1$ Big-endian byte order. reverse endian Byte order in the CRC value. reverse\_endian = 0 (Default) Byte order is the same as the byte order of a message data item (i.e., same as the big\_endian parameter). reverse endian = 1 Byte order is the opposite of the byte order of a message data item (i.e., inverse of big endian parameter). invert Sense of the input CRC value. invert = 0 (Default) Input CRC value is the CRC checksum. invert = 1Input CRC value is the inverted CRC checksum. combinational Type of logic used to calculate CRC values. combinational = 0 (Default) CRC is calculated sequentially. The input CRC value is the CRC checksum for the previous cycle. combinational = 1CRC is calculated combinationally. The input CRC value is the CRC checksum for the current cycle. Property type. Default: OVL\_PROPERTY\_DEFAULT property\_type (OVL ASSERT). msg Error message printed when assertion fails. Default: OVL MSG DEFAULT ("VIOLATION"). Coverage level. Default: OVL\_COVER\_DEFAULT coverage\_level (OVL COVER BASIC). clock\_edge Active edge of the *clock* input. Default: OVL CLOCK EDGE DEFAULT (OVL POSEDGE). reset\_polarity Polarity (active level) of the *reset* input. Default: OVL RESET POLARITY DEFAULT (OVL ACTIVE LOW).

#### **Ports**

gating\_type

*clock* Clock event for the checker. The checker samples inputs on the

Gating behavior of the checker when *enable* is FALSE. Default:

OVL GATING TYPE DEFAULT (OVL GATE CLOCK).

rising edge of the clock.

reset Synchronous reset signal indicating completed initialization.

| enable                               | Expression that indicates whether or not to check the inputs.                                                                                                                                                                                                                                                    |  |  |
|--------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|
| test_expr[width-1:0]                 | Variable or expression containing the input data.                                                                                                                                                                                                                                                                |  |  |
| initialize                           | Initialization signal. If TRUE, the checker loads its internal CRC register with the initial value specified by the <i>initial_value</i> parameter (before reading <i>test_expr</i> ).                                                                                                                           |  |  |
| valid                                | Data valid signal. If TRUE, the checker loads the next group of bits from the message stream (or the input CRC value if <i>compare</i> is TRUE and the <i>crc_enable</i> parameter is 0) from <i>test_expr</i> .                                                                                                 |  |  |
| compare                              | CRC check signal. If TRUE, the checker initiates a crc assertion check in the current cycle.                                                                                                                                                                                                                     |  |  |
| crc[crc_width-1:0]                   | Variable or expression containing the input CRC value if the <i>crc_enable</i> parameter is 1. If <i>crc_enable</i> is 0, this port is ignored.                                                                                                                                                                  |  |  |
| crc_latch                            | Internal CRC register latch signal. If TRUE, the checker loads and processes the <i>test_expr</i> value (if valid) and latches the value of the internal CRC register for comparison with an input CRC value (the next cycle <i>compare</i> asserts). This input is ignored unless <i>crc_latch_enable</i> is 1. |  |  |
| <pre>fire [OVL_FIRE_WIDTH-1:0]</pre> | Fire output. Assertion failure when <i>fire</i> [0] is TRUE. X/Z check failure when <i>fire</i> [1] is TRUE. Cover event when <i>fire</i> [2] is TRUE.                                                                                                                                                           |  |  |

# **Description**

The *ovl\_crc* checker ensures CRC checksums are calculated properly. The checker evaluates the *initialize* signal at each rising edge of *clock* whenever *enable* is TRUE. If *initialize* is TRUE, the checker restarts its CRC calculation algorithm, which initializes the internal CRC register to the initial value specified by the *initial\_value* parameter. After that, in the current cycle and in each subsequent cycle, the checker checks the *valid* signal. If *valid* is TRUE and *compare* is FALSE, the value of *test\_expr* is taken as the next group of bits in the message stream. By default, this group is shifted into the internal CRC register, displacing the group at the opposite end and the internal CRC register is then updated with the CRC register value XORed with a value from a lookup table. This internal CRC value is the calculated CRC checksum for the message stream read from *test\_expr* since initialization.

After initialization, the checker also checks the *compare* signal each cycle. By default:

• width Š crc\_width

If *compare* and *valid* are both TRUE, the checker compares the value of *test\_expr* with the internal CRC value. If they do not match, a CRC check violation occurs.

## • width < crc\_width

If *compare* and *valid* are both TRUE, the checker compares the value of *test\_expr* with the first *width* bits of the internal CRC value. If they do not match, a CRC check violation occurs. Then, each successive cycle in which *compare* and *valid* are both TRUE, the checker compares the value of *test\_expr* with the corresponding bits of the internal CRC value. If they do not match, a CRC check violation occurs.

Because applications for CRC checking are so diverse, the ovl\_crc checker contains a generic CRC calculator adaptable to virtually any CRC scheme and implementation. The following information is required to configure the calculator properly:

## Data stream handling

The algorithm shifts data into the CRC register and generates the internal CRC value one data item at a time. By default, the <code>test\_expr</code> port contains an entire data item. However, the checker can support serial input and systems where data items are loaded in multibit pieces. In these cases, specify the width of a data item with the <code>data\_width</code> parameter. The checker will accumulate the data item from <code>test\_expr</code> over consecutive valid cycles and on the last cycle (i.e., when the data item is complete) shift the data item onto the CRC register.

## Algorithm controls

The standard variations on CRC computation are configured with checker parameters. The CRC generator polynomial is specified by setting the *polynomial* parameter to its normal representation. LSB first and big-endian data representation conventions are selected by setting the *lsb\_first* and *big\_endian* parameters respectively to 1.

## • CRC comparison

By default, the input CRC values are embedded in the data stream seen at the *test\_expr* port. Setting the *crc\_enable* parameter to 1 configures the checker to take the input CRC value from the *crc* port instead, so message data load and CRC compare operations can overlap.

Input CRC transformations that invert the sense and flip the endian nature of CRC values are controlled with the *invert* and *reverse\_endian* parameters respectively.

#### CRC computation timing

CRC comparison can be adjusted to handle the different time requirements for various implementations.

By default, the current internal CRC register value is used when comparing input and expected CRC values. Setting the  $crc\_latch\_enable$  parameter to 1 configures the checker to latch the current internal CRC register value each cycle  $crc\_latch$  is TRUE (and then initialize the register). In the next cycle compare is TRUE, the input CRC value is compared with the latched value (even as a new message is being accumulated and a new CRC is being calculated).

By default, the checker assumes the input CRC is calculated sequentially, so the input CRC value reflects the message accumulated up to the previous clock cycle. Setting the *combinational* parameter to 1 configures the checker to assume the computation is combinational. The input CRC value reflects the message accumulated up to the current clock cycle.

## Standard CRC polynomials:

| Name             | crc_width | Generator Polynomial                                           | polynomial              |
|------------------|-----------|----------------------------------------------------------------|-------------------------|
| CRC-5-USB        | 5         | $x^5 + x^2 + 1$                                                | 2'h05                   |
| CRC-7            | 7         | $x^7 + x^3 + 1$                                                | 2'h09                   |
| CRC-16-CCITT     | 16        | $x^{16} + x^{12} + x^5 + 1$                                    | 4'h1021                 |
| CRC-32-IEEE802.3 | 32        | $x^{32} + x^{26} + x^{23} + x^{22} + x^{16} + x^{12} + x^{11}$ | 8'h04C11DB7             |
|                  |           | $x^{10} + x^8 + x^7 + x^5 + x^4 + x^2 + x + 1$                 |                         |
| CRC-64-ISO       | 64        | $x^{64} + x^4 + x^3 + x + 1$                                   | 16'h00000000<br>000001B |

## **Assertion Checks**

CRC

Input CRC value did not match the expected CRC value.

 $crc\ enable = 0$ 

Compare was TRUE, but the value of test\_expr (or inverted value if invert is 1) does not match the internal CRC value calculated for the associated message stream.

 $crc\_enable = 1$ 

*Compare* was TRUE, but the value of *crc* (or inverted value if *invert* is 1) does not match the internal CRC value calculated for the associated message stream.

## Implicit X/Z Checks

test\_expr contains X or Z

valid contains X or Z

initialize contains X or Z

crc contains X or Z

Expression contained X or Z bits.

## **Cover Points**

cover\_values\_checked

SANITY — Number of cycles test\_expr changed value.

```
cover_crc_ computations_checked STATISTIC — Number of cycles the internal CRC register was updated.

cover_cycles_checked CORNER — Number of cycles CRC checksum comparisons were performed.
```

### **Cover Groups**

None

## See also

none

## **Examples**

## Example 1

```
ovl crc #(
   .severity_level('OVL_ERROR),
   .width(8),
   .crc_width(4),
   .crc_enable(1),
   .polynomial(4'b0101),
   .initial_value(0),
   .property_type('OVL_ASSERT),
   .msg("OVL_VIOLATION : "))
   .coverage_level('OVL_COVER_NONE),
   CRC1 (
      .clock(clock),
      .reset(1'b1),
      .enable(1'b1),
      .test_expr(data_in),
      .initialize(start_crc),
      .valid(1'b1),
      .compare(1'b1),
      .crc(crc_out),
      .crc_latch(1'b0),
.fire(fire));
```

Checks that CRC checksums are calculated properly on all active edges of the clock. The CRC generator polynomial is  $x^4 + x^2 + 1$ .

#### Example 2

```
ovl_crc #(
   .severity_level('OVL_ERROR),
   .width(8),
   .crc_width(4),
   .crc_enable(1),
   .crc_latch_enable(1),
   .polynomial(4'b0101),
   .initial_value(0),
.property_type('OVL_ASSERT),
   .msg("OVL_VIOLATION : "),
   .coverage_level('OVL_COVER_NONE))
   CRC2 (
      .clock(clock),
      .reset(1'b1),
      .enable(1'b1),
      .test_expr(data_in),
      .initialize(start_crc),
      .valid(1'b1),
      .compare(!sel_data),
      .crc(crc_out),
      .crc_latch(data_block_rdy),
.fire(fire));
```

Checks that CRC checksums (latched when  $data\_block\_rdy$  asserts) are equal to the input CRC checksums on  $crc\_out$  when  $sel\_data$  deasserts. The CRC generator polynomial is  $x^4 + x^2 + 1$ .

#### Example 3

```
ovl_crc #(
   .severity_level('OVL_ERROR),
   .width(32),
   .crc_width(32),
   .polynomial(8'h04C11DB7),
   .initial_value(1)
   .reverse_endian(1),
   .property_type('OVL_ASSERT),
   .msg("OVL_VIOLATION : "),
   .coverage_level('OVL_COVER_NONE))
   CRC3 (
      .clock(clock),
      .reset(1'b1),
      .enable(1'b1),
      .test_expr(data_in),
      .initialize(start_crc),
      .valid(data_in_valid),
      .compare(crc_valid),
      .crc(32'b0),
      .crc_latch(1'b0),
.fire(fire));
```

Checks that reverse-endian transformations of the CRC checksums equal the values on *data\_in* when *data\_in\_valid* and *crc\_valid* both assert. The CRC generator polynomial is:

$$x^{32} + x^{26} + x^{23} + x^{22} + x^{16} + x^{12} + x^{11} + x^{10} + x^{8} + x^{7} + x^{5} + x^{4} + x^{2} + x + 1$$

#### Example 4

```
ovl_crc #(
   .severity_level('OVL_ERROR),
   .width(7),
   .crc_width(7),
   .crc_latch_enable(1),
   .polynomial(7'b0001001),
   .initial_value(1),
   .big_endian(1),
   .reverse_endian(1),
   .property_type('OVL_ASSERT),
   .msg("OVL_VIOLATION : "),
   .coverage_level('OVL_COVER_NONE))
   CRC4 (
      .clock(clock),
      .reset(1'b1),
      .enable(1'b1),
      .test_expr(data_in),
      .initialize(start_crc),
      .valid(data_in_valid),
      .compare(sel_crc),
      .crc(7'b0),
      .crc_latch(data_block_rdy),
.fire(fire));
```

Checks that CRC checksums (latched when  $data\_block\_rdy$  asserts) are equal to the input CRC checksums on  $data\_in$  when  $sel\_crc$  asserts. Data values of  $data\_in$  are big endian and CRC values of  $data\_in$  are little endian. The CRC generator polynomial is  $x^7 + x^3 + 1$ .

#### Example 5

```
ovl_crc #(
   .severity_level('OVL_ERROR),
   .width(4),
   .data_width(16),
   .crc_width(16),
   .polynomial(16'h1021),
   .initial_value(1),
   .property_type('OVL_ASSERT),
   .msg("OVL_VIOLATION : "),
   .coverage_level('OVL_COVER_NONE))
   CRC5 (
      .clock(clock),
      .reset(1'b1),
      .enable(1'b1),
      .test_expr(data_in),
      .initialize(start_crc),
      .valid(data_in_valid),
      .compare(compare),
      .crc(16'b0),
      .crc_latch(1'b0),
.fire(fire));
```

Checks that the associated bits of CRC checksums equal the values on  $data_in$  when  $data_in_valid$  and compare both assert. Each 16-bit data item is composed of 4-bit groups accumulated over 4 consecutive valid data cycles. Each cycle a data item is complete, its value is shifted onto the CRC register and the register is updated with the internal CRC value. The input CRC value is also accumulated from  $data_in$  in consecutive valid data cycles (i.e., when  $data_in_valid$  is TRUE) if compare is TRUE. However, since the internal CRC value is known, a CRC check violation occurs each cycle the current group of  $data_in$  bits does not match the corresponding bits in the internal CRC value. The CRC generator polynomial is  $x^{16} + x^{12} + x^5 + 1$ .

#### Example 6

```
ovl crc #(
   .severity_level('OVL_ERROR),
   .width(112),
   .crc_width(16),
   .crc_enable(1),
   .polynomial(16'h1021),
   .initial value(3),
   .combinational(1),
   .property_type('OVL_ASSERT),
   .msg("OVL_VIOLATION : "),
   .coverage_level('OVL_COVER_NONE))
   CRC5 (
      .clock(clock),
      .reset(1'b1),
      .enable(1'b1),
      .test_expr(data_in[127:16),
      .initialize(valid),
      .valid(valid),
      .compare(valid),
      .crc(data_in[15:0]),
      .crc_latch(1'b0),
.fire(fire));
```

Checks that every cycle *valid* is TRUE,  $data_in[15:0]$  equals the CRC checksum for the current value of  $data_in[127:16]$  with an initial value of 4'h5555. The CRC generator polynomial is  $x^{16} + x^{12} + x^{5} + 1$ .

#### Example 7

```
ovl_crc #(
   .severity_level('OVL_ERROR),
   .width(128),
   .crc_width(16),
   .crc_enable(1),
   .polynomial(16'h1021),
   .property_type('OVL_ASSERT),
   .msg("OVL_VIOLATION : "),
   .coverage_level('OVL_COVER_NONE))
   CRC5 (
      .clock(clock),
      .reset(1'b1),
      .enable(1'b1),
      .test_expr(data_in),
      .initialize(1'b1),
      .valid(1'b1),
      .compare(1'b1),
      .crc(crc),
      .crc_latch(1'b0),
.fire(fire));
```

Checks that every active clock cycle, the value of crc equals the CRC checksum of the value of  $data_in$  sampled in the previous cycle. The CRC generator polynomial is  $x^{16} + x^{12} + x^5 + 1$ .

# ovl\_cycle\_sequence

Checks that if a specified necessary condition occurs, it is followed by a specified sequence of events.



## **Syntax**

#### ovl\_cycle\_sequence

#### **Parameters/Generics**

| severity_level      | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                                                                                  |
|---------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| num_cks             | Width of the <i>event_sequence</i> argument. This parameter must not be less than 2. Default: 2.                                                                                                                                     |
| necessary_condition | Method for determining the necessary condition that initiates the sequence check and whether or not to pipeline checking. Values are: OVL_TRIGGER_ON_MOST_PIPE (default), OVL_TRIGGER_ON_FIRST_PIPE and OVL_TRIGGER_ON_FIRST_NOPIPE. |
| property_type       | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                                                                                                                                           |
| msg                 | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                                                                                                                                                  |
| coverage_level      | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                                                                                                                                        |
| clock_edge          | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                                                                                                                                                |
| reset_polarity      | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).                                                                                                                             |

| gating_type | Gating behavior of the checker when <i>enable</i> is FALSE. Default: |
|-------------|----------------------------------------------------------------------|
|             | OVL GATING TYPE DEFAULT (OVL GATE CLOCK).                            |

#### **Ports**

| clock                                   | Clock event for the assertion.                                                                                                                                                                         |
|-----------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| reset                                   | Synchronous reset signal indicating completed initialization.                                                                                                                                          |
| enable                                  | Enable signal for <i>clock</i> , if <i>gating_type</i> = OVL_GATE_CLOCK (the default gating type) or <i>reset</i> (if <i>gating_type</i> = OVL_GATE_RESET). Ignored if <i>gating_type</i> is OVL_NONE. |
| <pre>event_sequence [num_cks-1:0]</pre> | Expression that is a concatenation where each bit represents an event.                                                                                                                                 |
| <pre>fire [OVL_FIRE_WIDTH-1:0]</pre>    | Fire output. Assertion failure when <i>fire</i> [0] is TRUE. X/Z check failure when <i>fire</i> [1] is TRUE. Cover event when <i>fire</i> [2] is TRUE.                                                 |

## **Description**

The ovl\_cycle\_sequence assertion checker checks the expression *event\_sequence* at the active edge of *clock* to identify whether or not the bits in *event\_sequence* assert sequentially on successive active edges of *clock*. For example, the following series of 4-bit values (where *b* is any bit value) is a valid sequence:

```
1bbb -> b1bb -> bb1b -> bbb1
```

This series corresponds to the following series of events on successive active edges of *clock*:

```
cycle 1    event_sequence[3] == 1
cycle 2    event_sequence[2] == 1
cycle 3    event_sequence[1] == 1
cycle 4    event_sequence[0] == 1
```

The checker also has the ability to pipeline its analysis. Here, one or more new sequences can be initiated and recognized while a sequence is in progress. For example, the following series of 4-bit values (where *b* is any bit value) constitutes two overlapping valid sequences:

```
1bbb -> b1bb -> 1b1b -> b1b1 -> bb1b -> bbb1
```

This series corresponds to the following sequences of events on successive active edges of *clock*:

When the checker determines that a specified necessary condition has occurred, it subsequently verifies that a specified event or event sequence occurs and if not, the assertion fails.

The method used to determine what constitutes the necessary condition and the resulting trigger event or event sequence is controlled by the *necessary\_condition* parameter. The checker has the following actions:

#### OVL\_TRIGGER\_ON\_MOST\_PIPE

The necessary condition is that the bits:

```
event_sequence [num_cks -1], . . . , event_sequence [1]
```

are sampled equal to 1 sequentially on successive active edges of *clock*. When this condition occurs, the checker verifies that the value of *event\_sequence*[0] is 1 at the next active edge of *clock*. If not, the assertion fails.

The checking is pipelined, which means that if <code>event\_sequence[num\_cks-1]</code> is sampled equal to 1 while a sequence (including <code>event\_sequence[0]</code>) is in progress and subsequently the necessary condition is satisfied, the check of <code>event\_sequence[0]</code> is performed.

#### • OVL TRIGGER ON FIRST PIPE

The necessary condition is that the *event\_sequence* [num\_cks -1] bit is sampled equal to 1 on an active edge of *clock*. When this condition occurs, the checker verifies that the bits:

```
event_sequence [num_cks -2], . . . , event_sequence [0]
```

are sampled equal to 1 sequentially on successive active edges of *clock*. If not, the assertion fails and the checker cancels the current check of subsequent events in the sequence.

The checking is pipelined, which means that if *event\_sequence*[num\_cks -1] is sampled equal to 1 while a check is in progress, an additional check is initiated.

#### • OVL\_TRIGGER\_ON\_FIRST\_NOPIPE

The necessary condition is that the *event\_sequence* [num\_cks -1] bit is sampled equal to 1 on an active edge of *clock*. When this condition occurs, the checker verifies that the bits:

```
event_sequence [num_cks -2], . . . , event_sequence [0]
```

are sampled equal to 1 sequentially on successive active edges of *clock*. If not, the assertion fails and the checker cancels the current check of subsequent events in the sequence.

The checking is not pipelined, which means that if *event\_sequence*[num\_cks -1] is sampled equal to 1 while a check is in progress, it is ignored, even if the check is verifying the last bit of the sequence (*event\_sequence* [0]).

#### **Assertion Checks**

| CYCLE_SEQUENCE               | The necessary condition occurred, but it was not followed by the event or event sequence. |
|------------------------------|-------------------------------------------------------------------------------------------|
| illegal num_cks<br>parameter | The <i>num_cks</i> parameter is less than 2.                                              |

#### Implicit X/Z Checks

| First event in the sequence contains X or Z           | Value of the first event in the sequence was X or Z.                      |
|-------------------------------------------------------|---------------------------------------------------------------------------|
| Subsequent events in the sequence contain X or Z      | Value of a subsequent event in the sequence was X or Z.                   |
| First num_cks-1 events in the sequence contain X or Z | Values of the events in the sequence (except the last event) were X or Z. |
| Last event in the sequence contains X or Z            | Value of the last event in the sequence was X or Z.                       |

#### **Cover Points**

```
cover_sequence_trigger BASIC — The trigger sequence occurred.
```

#### **Cover Groups**

none

#### See also

ovl\_change

ovl\_unchange

## **Examples**

#### Example 1

```
ovl_cycle_sequence #(
   'OVL_ERROR,
                                                      // severity_level
                                                      // num_cks
// necessary_condition
// property_type
   3,
   'OVL_TRIGGER_ON_MOST_PIPE,
   'OVL_ASSERT,
   "Error: invalid WR sequence",
                                                      // msq
   'OVL_COVER_DEFAULT,
                                                      // coverage_level
   'OVL_POSEDGE,
                                                      // clock_edge
   'OVL_ACTIVE_LOW,
                                                      // reset_polarity
   'OVL_GATE_CLOCK )
                                                      // gating_type
   valid_write_sequence (
      clock,
                                                      // clock
      reset,
                                                      // reset
      enable,
                                                      // enable
      { r_opcode == `WR,
                                                      // event_sequence
      r_opcode == 'WAIT,
      (r_{opcode} == `WR)
       (r opcode == 'DONE) },
      fire_valid_write_sequence);
                                                      // fire
```

Checks that a 'WR, 'WAIT sequence in consecutive cycles is followed by a 'DONE or 'WR.

The sequence checking is pipelined.



#### Example 2

```
ovl_cycle_sequence #(
   'OVL_ERROR,
                                                  // severity_level
                                                  // num_cks
   3,
   'OVL TRIGGER ON FIRST PIPE,
                                                  // necessary_condition
   'OVL_ASSERT,
                                                  // property_type
                                                  // msg
   "Error: invalid WR sequence",
   'OVL_COVER_DEFAULT,
                                                  // coverage_level
   'OVL_POSEDGE,
                                                  // clock_edge
   'OVL_ACTIVE_LOW,
                                                  // reset_polarity
   'OVL_GATE_CLOCK )
                                                  // gating_type
   valid write sequence (
                                                  // clock
      clock,
      reset,
                                                  // reset
      enable,
                                                  // enable
      { r_opcode == 'WR.
                                                  // event_sequence
      (r_opcode == 'WAIT) ||
      (r_opcode == 'WR),
      (r_opcode == 'WAIT) ||
      (r_opcode == 'DONE) } ,
      fire_valid_write_sequence );
                                                  // fire
```

Checks that a 'WR is followed by a 'WAIT or another 'WR, which is then followed by a 'WAIT or a 'DONE (in consecutive cycles). The sequence checking is pipelined: a new 'WR during a sequence check initiates an additional check.



### Example 3

```
ovl_cycle_sequence #(
   'OVL_ERROR,
                                                  // severity_level
                                                   // num_cks
   3,
   'OVL_TRIGGER_ON_FIRST_NOPIPE,
                                                  // necessary_condition
   'OVL_ASSERT,
                                                  // property_type
                                                  // msg
   "Error: invalid WR sequence",
   'OVL_COVER_DEFAULT,
                                                  // coverage_level
   'OVL_POSEDGE,
                                                  // clock_edge
   'OVL_ACTIVE_LOW,
                                                  // reset_polarity
   'OVL_GATE_CLOCK)
                                                  // gating_type
   valid_write_sequence (
                                                   // clock
      clock,
      reset,
                                                   // reset
      enable,
                                                  // enable
      { r_opcode == 'WR,
                                                  // event_sequence
      (r_opcode == 'WAIT) ||
      (r_opcode == 'WR),
      (r_opcode == 'DONE)},
      fire_valid_write_sequence);
                                                   // fire
```

Checks that a 'WR is followed by a 'WAIT or another 'WR, which is then followed by a 'DONE (in consecutive cycles). The sequence checking is not pipelined: a new 'WR during a sequence check does not initiate an additional check.



## ovl\_decrement

Checks that the value of an expression changes only by the specified decrement value.



## **Syntax**

#### ovl\_decrement

Severity of the failure Default: OVI SEVERITY DEFAULT

#### Parameters/Generics

severity level

| Severity_lever | (OVL_ERROR).                                                                                                   |
|----------------|----------------------------------------------------------------------------------------------------------------|
| width          | Width of the <i>test_expr</i> argument. Default: 1.                                                            |
| value          | Decrement value for test_expr. Default: 1.                                                                     |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |
|                |                                                                                                                |

#### **Ports**

*clock* Clock event for the assertion.

| reset                                | Synchronous reset signal indicating completed initialization.                                                                                                                                          |
|--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| enable                               | Enable signal for <i>clock</i> , if <i>gating_type</i> = OVL_GATE_CLOCK (the default gating type) or <i>reset</i> (if <i>gating_type</i> = OVL_GATE_RESET). Ignored if <i>gating_type</i> is OVL_NONE. |
| test_expr[width-1:0]                 | Expression that should decrement by <i>value</i> whenever its value changes from the active edge of <i>clock</i> to the next active edge of <i>clock</i> .                                             |
| <pre>fire [OVL_FIRE_WIDTH-1:0]</pre> | Fire output. Assertion failure when <i>fire</i> [0] is TRUE. X/Z check failure when <i>fire</i> [1] is TRUE. Cover event when <i>fire</i> [2] is TRUE.                                                 |

## **Description**

The ovl\_decrement assertion checker checks the expression *test\_expr* at each active edge of *clock* to determine if its value has changed from its value at the previous active edge of *clock*. If so, the checker verifies that the new value equals the previous value decremented by *value*. The checker allows the value of *test\_expr* to wrap, if the total change equals the decrement *value*. For example, if width is 5 and value is 4, then the following change in *test\_expr* is valid:

```
5'b00010 -> 5'b11110
```

The checker is useful for ensuring proper changes in structures such as counters and finite-state machines. For example, the checker is useful for circular queue structures with address counters that can wrap. Do not use this checker for variables or expressions that can increment. Instead consider using the ovl\_delta checker.

#### **Assertion Checks**

DECREMENT Expression evaluated to a value that is not its previous value

decremented by value.

#### Implicit X/Z Checks

test\_expr contains X or Z Expression value contained X or Z bits.

#### **Cover Points**

cover\_test\_expr\_change BASIC — Expression changed value.

## **Cover Groups**

none

#### **Notes**

1. The assertion check compares the current value of *test\_expr* with its previous value. Therefore, checking does not start until the second rising edge of *clock* after *reset* deasserts.

#### See also

```
ovl_delta ovl_no_underflow ovl increment
```

## **Examples**

```
ovl_decrement #(
                                                   // severity level
   'OVL ERROR,
                                                   // width
   4,
   1,
                                                   // value
   'OVL_ASSERT,
                                                   // property_type
   "Error: invalid binary decrement",
                                                   // msg
   'OVL COVER DEFAULT,
                                                   // coverage_level
   'OVL_POSEDGE,
                                                   // clock_edge
   'OVL_ACTIVE_LOW,
                                                   // reset_polarity
   'OVL_GATE_CLOCK)
                                                   // gating_type
   valid_count (
                                                   // clock
      clock,
      reset,
                                                   // reset
      enable,
                                                   // enable
      count,
                                                   // test_expr
      fire_valid_count );
                                                   // fire
```

Checks that the programmable counter's *count* variable only decrements by 1. If *count* wraps, the assertion fails, because the change is not a binary decrement.



# ovl\_delta

Checks that the value of an expression changes only by a value in the specified range.



## **Syntax**

#### ovl\_delta

#### **Parameters/Generics**

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| width          | Width of the <i>test_expr</i> argument. Default: 1.                                                            |
| min            | Minimum delta value allowed for test_expr. Default: 1.                                                         |
| max            | Maximum delta value allowed for test_expr. Default: 1.                                                         |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |

#### **Ports**

## **Description**

The ovl\_delta assertion checker checks the expression *test\_expr* at each active edge of *clock* to determine if its value has changed from its value at the previous active edge of *clock*. If so, the checker verifies that the difference between the new value and the previous value (i.e., the delta value) is in the range from *min* to *max*, inclusive. If the delta value is less than *min* or greater than *max*, the assertion fails.

The checker is useful for ensuring proper changes in control structures such as up-down counters. For these structures, ovl\_delta can check for underflow and overflow. In datapath and

none

#### **Errors**

The parameters/generics *min* and *max* must be specified such that *min* is less than or equal to *max*. Otherwise, the assertion fails on each tested clock cycle.

#### **Notes**

- 1. The assertion check compares the current value of *test\_expr* with its previous value. Therefore, checking does not start until the second rising edge of *clock* after *reset* deasserts.
- 2. The assertion check allows the value of *test\_expr* to wrap. The overflow or underflow amount is included in the delta value calculation.

#### See also

```
ovl_decrementovl_no_underflowovl_incrementovl_rangeovl_no_overflow
```

## **Examples**

```
ovl_delta #(
   'OVL ERROR,
                                                  // severity_level
   16,
                                                  // width
                                                  // min
   Ο,
                                                  // max
   8,
   'OVL_ASSERT,
                                                  // property_type
   "Error: y values not smooth",
                                                  // msg
   'OVL_COVER_DEFAULT,
                                                  // coverage_level
   'OVL_POSEDGE,
                                                  // clock_edge
   'OVL_ACTIVE_LOW,
                                                  // reset_polarity
   'OVL GATE CLOCK)
                                                  // gating_type
   valid_smooth (
                                                  // clock
      clock,
      reset,
                                                  // reset
      enable,
                                                  // enable
                                                  // test_expr
      fire_valid_smooth );
                                                  // fire
```



# ovl\_even\_parity

Checks that the value of an expression has even parity.



## **Syntax**

#### ovl\_even\_parity

#### Parameters/Generics

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| width          | Width of the <i>test_expr</i> argument. Default: 1.                                                            |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |

#### **Ports**

*clock* Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

# OVL Checkers ovl\_even\_parity

| enable                    | Enable signal for <i>clock</i> , if <i>gating_type</i> = OVL_GATE_CLOCK (the default gating type) or <i>reset</i> (if <i>gating_type</i> = OVL_GATE_RESET). Ignored if <i>gating_type</i> is OVL_NONE. |
|---------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| test_expr[width-1:0]      | Expression that should evaluate to a value with even parity on the active clock edge.                                                                                                                  |
| fire [OVL_FIRE_WIDTH-1:0] | Fire output. Assertion failure when <i>fire</i> [0] is TRUE. X/Z check failure when <i>fire</i> [1] is TRUE. Cover event when <i>fire</i> [2] is TRUE.                                                 |

## **Description**

The ovl\_even\_parity assertion checker checks the expression *test\_expr* at each active edge of *clock* to verify the expression evaluates to a value that has even parity. A value has even parity if it is 0 or if the number of bits set to 1 is even.

The checker is useful for verifying control circuits, for example, it can be used to verify a finite-state machine with error detection. In a datapath circuit the checker can perform parity error checking of address and data buses.

#### **Assertion Checks**

| EVEN_PARITY | Expression | evaluated t | o a value | whose | parity | is not even. |
|-------------|------------|-------------|-----------|-------|--------|--------------|
|             |            |             |           |       |        |              |

#### Implicit X/Z Checks

test\_expr contains X or Z Expression value contained X or Z bits.

#### **Cover Points**

```
cover_test_expr_change SANITY — Expression has changed value.
```

### **Cover Groups**

none

#### See also

ovl\_odd\_parity

## **Examples**

```
ovl_even_parity #(
   'OVL_ERROR,
                                                      // severity_level
                                                      // width
   8,
   'OVL ASSERT,
                                                      // property_type
   "Error: data has odd parity",
                                                      // msq
   'OVL_COVER_DEFAULT,
                                                      // coverage level
   'OVL_POSEDGE,
                                                      // clock_edge
   'OVL_ACTIVE_LOW,
                                                      // reset_polarity
   'OVL_GATE_CLOCK)
                                                      // gating_type
   valid_data_even_parity (
                                                      // clock
      clock,
      reset,
                                                      // reset
      enable,
                                                      // enable
      data,
                                                      // test expr
      fire_valid_data_even_parity );
                                                      // fire
Checks that data has even parity at each rising edge of clock.
     clock
     reset
      data
                                                  EVEN PARITY
                                                  Error: data has odd parity
```

## ovl fifo

Checks the data integrity of a FIFO and checks that the FIFO does not overflow or underflow.



<sup>\*</sup>if preload\_count = 0: preload is width bits wide

**Class:** event-bounded assertion

## **Syntax**

```
ovl fifo
```

#### Parameters/Generics

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                                                                                                                                                                                                         |
|----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| width          | Width of a data item. Default: 1.                                                                                                                                                                                                                                                                                                                           |
| depth          | FIFO depth. The <i>depth</i> must be $> 0$ . Default: 2.                                                                                                                                                                                                                                                                                                    |
| pass_thru      | How the FIFO handles a dequeue and enqueue in the same cycle if the FIFO is empty.  pass_thru = 0 (Default)  No pass-through mode. Simultaneous dequeue/enqueue of an empty FIFO is an dequeue violation.  pass_thru = 1  Pass-through mode. Enqueue happens before the dequeue.  Simultaneous enqueue/dequeue of an empty FIFO is not a dequeue violation. |

How the FIFO handles an enqueue and dequeue in the same cycle registered if the FIFO is full. registered = 0 (Default) No registered mode. Simultaneous enqueue/dequeue of a full FIFO is an enqueue violation. registered = 1Registered mode. Dequeue happens before the enqueue. Simultaneous enqueue/dequeue of a full FIFO is not an enqueue violation. eng\_latency Latency for enqueue data. enq\_latency = 0 (Default) Checks and coverage assume enq data is valid and the enqueue operation is performed in the same cycle *enq* asserts. eng latency > 0 Checks and coverage assume *enq\_data* is valid and the enqueue operation is performed *enq\_latency* cycles after *enq* asserts. deq\_latency Latency for dequeued data. deg latency = 0 (Default) Checks and coverage assume deq data is valid and the dequeue operation is performed in the same cycle *deq* asserts. deg latency > 0 Checks and coverage assume deq data is valid and the dequeue operation is performed deg\_latency cycles after deg asserts. preload\_count Number of items to preload the FIFO on reset. The preload port is a concatenated list of items to be preloaded into the FIFO. Default: 0 (FIFO empty on reset). high water mark FIFO high-water mark. Must be < depth. A value of 0 disables the high-water mark cover point. Default: 0. value\_check Whether or not to perform value checks. value check = 0 (Default) Turns off the value check.  $value\ check = 1$ Turns on the value check. Property type. Default: OVL PROPERTY DEFAULT property\_type (OVL ASSERT). msa Error message printed when assertion fails. Default: OVL\_MSG\_DEFAULT ("VIOLATION"). coverage level Coverage level. Default: OVL COVER DEFAULT

(OVL COVER BASIC).

Active edge of the *clock* input. Default:

OVL\_CLOCK\_EDGE\_DEFAULT (OVL\_POSEDGE).

clock edge

reset\_polarity Polarity (active level) of the reset input. Default:

OVL\_RESET\_POLARITY\_DEFAULT

(OVL\_ACTIVE\_LOW).

gating\_type Gating behavior of the checker when enable is FALSE. Default:

OVL\_GATING\_TYPE\_DEFAULT (OVL\_GATE\_CLOCK).

**Ports** 

*clock* Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

enable Enable signal for *clock*, if *gating\_type* = OVL\_GATE\_CLOCK

(the default gating type) or reset (if gating\_type =

OVL\_GATE\_RESET). Ignored if *gating\_type* is OVL\_NONE.

enq FIFO enqueue input. When enq asserts, the FIFO performs an

enqueue operation. A data item is enqueued onto the FIFO and the FIFO counter increments by 1. If *enq\_latency* is 0, the enqueue is performed in the same cycle *enq* asserts. Otherwise, the enqueue and counter increment occur *enq\_latency* cycles

later.

enq\_data[width-1:0] Enqueue data input to the FIFO. Contains the data item to

enqueue in that cycle (if  $enq\_latency = 0$ ) or to enqueue in the

cycle *enq\_latency* cycles later (if *enq\_latency* > 0).

deq FIFO dequeue input. When deq asserts, the FIFO performs a

dequeue operation. A data item is dequeued from the FIFO and the FIFO counter decrements by 1. If *deq\_latency* is 0, the dequeue is performed in the same cycle *deq* asserts. Otherwise, the dequeue and counter decrement occur *deq\_latency* cycles

later.

deq\_data[width-1:0] Dequeue data output from the FIFO. Contains the dequeued data

item in that cycle (if  $deq\_latency = 0$ ) or in the cycle  $enq\_latency$ 

cycles later (if  $enq\_latency > 0$ ).

full Output status flag from the FIFO.

full = 0

FIFO not full.

full = 1

FIFO full.

empty Output status flag from the FIFO.

empty = 0

FIFO not empty.

empty = 1

FIFO empty.

preload
[preload\_count\*width-1
:0]

Concatenated preload data to enqueue on reset.

preload\_count = 0

No preload of the FIFO is assumed. The width of preload should be *width*, however no values from *preload* are used. The FIFO is assumed to be empty on reset.

preload\_count > 0

Checker assumes the value of *preload* is a concatenated list of items that were all enqueued on the FIFO on reset (or simulation start). The width of preload should be *preload\_count* \* *width* (preload items are the same width). Preload values are enqueued from the low order item to the high order item.

fire
[OVL\_FIRE\_WIDTH-1:0]

Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

## **Description**

The ovl\_fifo assertion checker checks that a FIFO functions legally. A FIFO is a memory structure that stores and retrieves data items based on a first-in first-out queueing protocol. The FIFO has configured properties specified as parameters/generics to the ovl\_fifo checker: width of the data items (width), capacity of the FIFO (depth), and the high-water mark that identifies the point at which the FIFO is almost full (high\_water\_mark). Control and data signals to and from the FIFO are connected to the ovl\_fifo checker.

The checker checks enq and deq at the active edge of clock each cycle the checker is active. If enq is TRUE, the FIFO is enqueuing a data item onto the FIFO. If deq is TRUE, the FIFO is in the process of dequeuing a data item. Both enqueue and dequeue operations can each take more than one cycle. If the enq\_latency parameter is defined > 0, then enq\_data is ready enq\_latency clock cycles after the enq signal asserts. Similarly, if the deq\_latency parameter is defined > 0, then deq\_data is ready deq\_latency clock cycles after the deq signal asserts. All assertion checks and coverage are based on enqueue/dequeue data after the latency periods.

The checker checks that the FIFO does not enqueue an item when it is supposed to be full (enqueue check) and the FIFO does not dequeue an item when it is supposed to be empty (dequeue check). The checker also checks that the FIFO's *full* and *empty* status flags operate correctly (full and empty checks). The checker also can verify the data integrity of dequeued FIFO data (value check).

The checker also can be configured to handle other FIFO characteristics such as preloading items on reset and allowing pass-through operations and registered enqueue/dequeues.

#### **Assertion Checks**

Enqueue occurred that would overflow the FIFO. **ENQUEUE** registered = 0Enq was TRUE, but enq\_latency cycles later, FIFO contained depth items. registered = 1Enq was TRUE, but enq\_latency cycles later, FIFO contained *depth* items and no item was to be dequeued that cycle. DEQUEUE Dequeue occurred that would underflow the FIFO.  $pass_thru = 0$ Deg was TRUE, but deg\_latency cycles later, FIFO contained no items. pass thru = 1Deq was TRUE, but enq\_latency cycles later, FIFO contained no items and no item was to be enqueued that cycle. FIFO 'full' signal asserted or deasserted in the FULL wrong cycle. FIFO contained fewer than *depth* items but *full* was TRUE or FIFO contained *depth* items but *full* was FALSE. FIFO 'empty' signal asserted or deasserted in the **EMPTY** wrong cycle. FIFO contained one or more items but *empty* was TRUE or FIFO contained no items but *empty* was FALSE. VALUE Dequeued FIFO value did not equal the corresponding enqueued value.  $deq_latency = 0$ Deq was TRUE, but deq\_data did not equal the corresponding enqueued item. deg\_latency > 0 Deq was TRUE, but deq\_latency cycles later deq\_data did not equal the corresponding enqueued item. This check automatically turns off if an enqueue or dequeue check violation occurs since it is no longer possible to correspond

the checker resets.

enqueued with dequeued values. The check turns back on when

## See also

ovl\_fifo\_index ovl\_no\_overflow  $ovl\_no\_underflow$ 

## ovl\_fifo\_index

Checks that a FIFO-type structure never overflows or underflows. This checker can be configured to support multiple pushes (FIFO writes) and pops (FIFO reads) during the same clock cycle.



## **Syntax**

#### ovl\_fifo\_index

#### **Parameters/Generics**

| severity_level        | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                                                                                  |
|-----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| depth                 | Maximum number of elements in the FIFO or queue structure. This parameter must be $> 0$ . Default: 1.                                                                                                                                |
| push_width            | Width of the <i>push</i> argument. Default: 1.                                                                                                                                                                                       |
| pop_width             | Width of the <i>pop</i> argument. Default: 1.                                                                                                                                                                                        |
| simultaneous_push_pop | Whether or not to allow simultaneous push/pop operations in the same clock cycle. When set to 0, if push and pop operations occur in the same cycle, the assertion fails. Default: 1 (simultaneous push/pop operations are allowed). |
| property_type         | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                                                                                                                                           |
| msg                   | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                                                                                                                                                  |
| coverage_level        | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                                                                                                                                        |
| clock_edge            | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                                                                                                                                                |

#### **OVL Checkers** ovl fifo index

Polarity (active level) of the *reset* input. Default: reset polarity

OVL\_RESET\_POLARITY\_DEFAULT

(OVL ACTIVE LOW).

gating\_type Gating behavior of the checker when *enable* is FALSE. Default:

OVL GATING TYPE DEFAULT (OVL GATE CLOCK).

#### **Ports**

clock Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

enable Enable signal for *clock*, if *gating\_type* = OVL\_GATE\_CLOCK

(the default gating type) or reset (if gating\_type =

OVL\_GATE\_RESET). Ignored if *gating\_type* is OVL\_NONE.

push[push\_width-1:0] Expression that indicates the number of push operations that will

occur during the current cycle.

pop[pop\_width-1:0] Expression that indicates the number of pop operations that will

occur during the current cycle.

fire Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check [OVL\_FIRE\_WIDTH-1:0]

failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

## **Description**

The ovl\_fifo\_index assertion checker tracks the numbers of pushes (writes) and pops (reads) that occur for a FIFO or queue memory structure. This checker does permit simultaneous pushes/pops on the queue within the same clock cycle. It checks that the FIFO never overflows (i.e., too many pushes occur without enough pops) and never underflows (i.e., too many pops occur without enough pushes). This checker is more complex than the ovl\_no\_overflow and ovl no underflow checkers, which check only the boundary conditions (overflow and underflow respectively).

#### **Assertion Checks**

OVERLOW Push operation overflowed the FIFO.

Pop operation underflowed the FIFO. UNDERFLOW

ILLEGAL PUSH AND POP Push and pop operations performed in the same clock cycle, but

the simultaneous\_push\_pop parameter is set to 0.

#### Implicit X/Z Checks

push contains X or Z

Push expression value contained X or Z bits.

pop contains X or Z

Pop expression value contained X or Z bits.

#### **Cover Points**

cover\_fifo\_push

cover\_fifo\_pop

BASIC — Push operation occurred.

BASIC — Pop operation occurred.

CORNER — FIFO was full.

CORNER — FIFO was empty.

CORNER — Push and pop operations occurred in the same clock cycle.

#### **Cover Groups**

none

#### **Errors**

Depth parameter value  $\frac{1}{1}$  Depth parameter is set to 0. must be > 0

#### **Notes**

1. The checker checks the values of the *push* and *pop* expressions. By default, (i.e., simultaneous\_push\_pop is 1), "simultaneous" push/pop operations are allowed. In this case, the checker assumes the design properly handles simultaneous push/pop operations, so it only checks that the FIFO buffer index *at the end of the cycle* has not overflowed or underflowed. The assertion cannot ensure the FIFO buffer index does not overflow between a push and pop performed in the same cycle. Similarly, the assertion cannot ensure the FIFO buffer index does not underflow between a pop and push performed in the same cycle.

#### See also

ovl\_fifo ovl\_no\_underflow ovl\_no overflow

## **Examples**

#### Example 1

```
ovl_fifo_index #(
                                                    // severity level
   'OVL_ERROR,
   8,
                                                    // depth
   1,
                                                    // push width
   1,
                                                    // pop_width
   1,
                                                    // simultaneous_push_pop
   'OVL ASSERT,
   "Error",
'OVL_COVER_DEFAULT,
                                                    // property_type
                                                    // msg
   'OVL_POSEDGE,
                                                    // coverage_level
   'OVL_ACTIVE_LOW,
                                                    // clock_edge
   'OVL_GATE_CLOCK)
                                                    // reset_polarity
                                                    // gating_type
   no_over_underflow (
                                                    // clock
      clock,
      reset,
                                                    // reset
      enable,
                                                    // enable
      push,
                                                    // push
      pop,
                                                    // pop
      fire_fifo_no_over_underflow );
                                                    // fire
```

Checks that an 8-element FIFO never overflows or underflows. Only single pushes and pops can occur in a clock cycle (*push\_width* and *pop\_width* values are 1). A push and pop operation in the same clock cycle is allowed (value of *simultaneous\_push\_pop* is 1).



#### Example 2

```
ovl_fifo_index #(
                                                     // severity_level
// depth
   'OVL_ERROR,
   8,
   1,
                                                      // push_width
   1,
                                                     // pop_width
   0,
                                                     // simultaneous_push_pop
   'OVL_ASSERT,
                                                      // property_type
   "violation",
'OVL_COVER_DEFAULT,
                                                      // msg
                                                      // coverage_level
   'OVL_POSEDGE,
                                                     // clock_edge
   'OVL_ACTIVE_LOW,
                                                      // reset_polarity
   'OVL_GATE_CLOCK)
                                                      // gating_type
   no_over_underflow (
                                                      // clock
      clock,
      reset,
                                                      // reset
      enable,
                                                      // enable
      push,
                                                      // push
      pop,
                                                      // pop
      fire_fifo_no_over_underflow );
                                                     // fire
```

Checks that an 8-element FIFO never overflows or underflows and that in no cycle do both push and pop operations occur.



## ovl\_frame

Checks that when a specified start event is TRUE, then an expression must not evaluate TRUE before a minimum number of clock cycles and must transition to TRUE no later than a maximum number of clock cycles.



## **Syntax**

```
ovl_frame
```

#### **Parameters/Generics**

| severity_level      | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                                                                                                    |
|---------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| min_cks             | Number of cycles after the start event that <i>test_expr</i> must not evaluate to TRUE. The special case where <i>min_cks</i> is 0 turns off minimum checking (i.e., <i>test_expr</i> can be TRUE in the cycle following the start event). Default: 0. |
| max_cks             | Number of cycles after the start event that during which <i>test_expr</i> must transition to TRUE. The special case where <i>max_cks</i> is 0 turns off maximum checking (i.e., <i>test_expr</i> does not need to transition to TRUE). Default: 0.     |
| action_on_new_start | Method for handling a new start event that occurs while a check is pending. Values are: OVL_IGNORE_NEW_START, OVL_RESET_ON_NEW_START and OVL_ERROR_ON_NEW_START. Default: OVL_IGNORE_NEW_START.                                                        |
| property_type       | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                                                                                                                                                             |
| msg                 | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                                                                                                                                                                    |

Coverage level. Default: OVL COVER DEFAULT coverage level

(OVL\_COVER\_BASIC).

clock\_edge Active edge of the *clock* input. Default:

OVL\_CLOCK\_EDGE\_DEFAULT (OVL\_POSEDGE).

Polarity (active level) of the *reset* input. Default: reset polarity

OVL\_RESET\_POLARITY\_DEFAULT

(OVL ACTIVE LOW).

gating\_type Gating behavior of the checker when *enable* is FALSE. Default:

OVL GATING TYPE DEFAULT (OVL GATE CLOCK).

#### **Ports**

clock Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

Enable signal for *clock*, if *gating\_type* = OVL\_GATE\_CLOCK enable

(the default gating type) or reset (if gating\_type =

OVL\_GATE\_RESET). Ignored if *gating\_type* is OVL\_NONE.

Expression that (along with action on new start) identifies start\_event

when to initiate checking of test expr.

test\_expr Expression that should not evaluate to TRUE for min cks -1

> cycles after start event initiates a check (unless min cks is 0) and that should evaluate to TRUE before *max\_cks* cycles transpire

(unless  $max\_cks$  is 0).

Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check fire [OVL\_FIRE\_WIDTH-1:0]

failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

## **Description**

The ovl\_frame assertion checker checks for a start event at each active edge of *clock*. A start event occurs if start event is a rising signal (i.e., has transitioned from FALSE to TRUE, either at the clock edge or in the previous cycle). A start event also occurs if start event is TRUE at the active clock edge after a checker reset.

When a new start event occurs, the checker performs the following steps:

- 1. A frame violation occurs if test expr is not TRUE at the start event.
- 2. Unless it is disabled by setting min\_cks to 0, a minimum check is initiated. The check evaluates test expr at each subsequent active edge of clock for the next min cks cycles. However, if a sampled value of test\_expr is TRUE, the minimum check fails and the checker returns to the state of waiting for a start event.

- 3. Unless it is disabled by setting *max\_cks* to 0 (or a minimum violation has occurred), a maximum check is initiated. The check evaluates *test\_expr* at each subsequent active edge of *clock* for the next (*max\_cks min\_cks*) cycles. However, if a sampled value of *test\_expr* is TRUE, the checker returns to the state of waiting for a start event. If its value does not transition to TRUE by the time *max\_cks* cycles transpire (from the start of checking), the maximum check fails at cycle *max\_cks*.
- 4. The checker returns to the state of waiting for a start event.

The method used to determine how to handle *start\_event* when the checker is in the state of checking *test\_expr* is controlled by the *action\_on\_new\_start* parameter. The checker has the following actions:

#### • OVL\_IGNORE\_NEW\_START

The checker does not sample *start\_event* until it returns to the state of waiting for a start event.

#### OVL RESET ON NEW START

Each time the checker samples *test\_expr*, it also samples *start\_event*. If *start\_event* is rising, then:

- If *test\_expr* is TRUE, a frame violation occurs and all pending checks are terminated.
- If test\_expr is not TRUE, pending checks are terminated (no violation occurs even if the current cycle is the last cycle of a max\_cks check or a cycle with a pending min\_cks check). If min\_cks and max\_cks are not both 0, new frame checks are initiated.

#### OVL ERROR ON NEW START

Each time the checker samples *test\_expr*, it also samples *start\_event*. If *start\_event* is TRUE, the assertion fails with an illegal start event error. If the error is not fatal, the checker returns to the state of waiting for a start event at the next active clock edge.

#### **Assertion Checks**

| FRAME_MIN        | Value of <i>test_expr</i> was TRUE at a rising <i>start_event</i> or before <i>min_cks</i> cycles after a rising <i>start_event</i> .                                                      |
|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| FRAME_MAX        | Value of <i>test_expr</i> was not TRUE at a cycle starting <i>min_cks</i> cycles after a rising <i>start_event</i> and ending <i>max_cks</i> after the rising edge of <i>start_event</i> . |
| FRAME_MINO_MAX_0 | Both <i>min_cks</i> and <i>max_cks</i> are 0, but the value of <i>test_expr</i> was not TRUE at the rising edge of <i>start_event</i> .                                                    |

illegal start event The action\_on\_new\_start parameter is set to

OVL\_ERROR\_ON\_NEW\_START and a rising start\_event

occurred while a check was pending.

min\_cks > max\_cks The min\_cks parameter is greater than the max\_cks parameter

(and  $max \ cks > 0$ ). Unless the violation is fatal, either the

minimum or maximum check will fail.

#### Implicit X/Z Checks

test\_expr contains X or Z Expression value was X or Z. start\_event contains X or Z Start event value was X or Z.

### **Cover Points**

start\_event BASIC — The value of start\_event was TRUE on an active edge

of clock.

### **Cover Groups**

none

### **Notes**

1. The special case where *min\_cks* and *max\_cks* are both 0 is the default. Here, *test\_expr* must be TRUE every cycle there is a start event.

### See also

| ovl_change | ovl_unchange |
|------------|--------------|
| ovl_next   | ovl_width    |
| ovl_time   |              |

### Example 1

```
ovl_frame #(
                                                   // severity_level
   'OVL_ERROR,
   2,
                                                   // min_cks
                                                   // max_cks
   4,
   'OVL_IGNORE_NEW_START,
                                                   // action_on_new_start
   'OVL_ASSERT,
                                                   // property_type
   "Error: invalid transaction",
                                                   // msg
   'OVL_COVER_DEFAULT,
                                                   // coverage_level
   'OVL_POSEDGE,
                                                   // clock_edge
   'OVL_ACTIVE_LOW,
                                                   // reset polarity
   'OVL_GATE_CLOCK)
                                                   // gating_type
   valid_transaction (
      clock,
                                                   // clock
      reset,
                                                   // reset
      enable,
                                                   // enable
      req,
                                                   // start_event
      ack,
                                                   // test_expr
      fire_valid_transaction );
                                                   // fire
```

Checks that after a rising edge of *req*, *ack* goes high between 2 and 4 cycles later. New start events during transactions are not considered to be new transactions and are ignored.



```
ovl_frame #(
                                                    // severity_level
// min_cks
   'OVL_ERROR,
   2,
                                                    // max_cks
   4,
                                                    // action_on_new_start
   'OVL_RESET_ON_NEW_START,
   'OVL_ASSERT,
                                                    // property_type
   "Error: invalid transaction",
                                                    // msg
   'OVL_COVER_DEFAULT,
                                                    // coverage_level
   'OVL_POSEDGE,
                                                    // clock_edge
   'OVL_ACTIVE_LOW,
                                                    // reset_polarity
   'OVL_GATE_CLOCK )
                                                    // gating_type
   valid_transaction (
                                                    // clock
      clock,
      reset,
                                                    // reset
      enable,
                                                    // enable
      req,
                                                    // start_event
      ack,
                                                    // test_expr
      fire_valid_transaction );
                                                    // fire
```

Checks that after a rising edge of *req*, *ack* goes high between 2 and 4 cycles later. A new start event during a transaction restarts the transaction.



```
ovl_frame #(
   'OVL_ERROR,
                                                   // severity_level
                                                   // min_cks
   2,
                                                   // max_cks
   4,
   'OVL_ERROR_ON_NEW_START,
                                                   // action_on_new_start
   'OVL_ASSERT,
                                                   // property_type
   "Error: invalid transaction",
                                                  // msg
   'OVL_COVER_DEFAULT,
                                                  // coverage_level
   'OVL_POSEDGE,
                                                  // clock_edge
   'OVL_ACTIVE_LOW,
                                                  // reset_polarity
   'OVL_GATE_CLOCK)
                                                  // gating_type
   valid_transaction (
                                                  // clock
      clock,
      reset,
                                                  // reset
      enable,
                                                  // enable
      req,
                                                  // start_event
      ack,
                                                  // test_expr
      fire_valid_transaction );
                                                  // fire
```

Checks that after a rising edge of *req*, *ack* goes high between 2 and 4 cycles later. Also checks that a new transaction does not start before the previous transaction is acknowledged. If a start event occurs during a transaction, the checker does does not initiate a new check.



# ovl\_handshake

Checks that specified request and acknowledge signals follow a specified handshake protocol.



## **Syntax**

#### ovl handshake

#### **Parameters/Generics**

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                                      |
|----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| min_ack_cycle  | Minimum number of clock cycles before acknowledge. A value of 0 turns off the ack min cycle check. Default: 0.                                                                           |
| max_ack_cycle  | Maximum number of clock cycles before acknowledge. A value of 0 turns off the ack max cycle check. Default: 0.                                                                           |
| req_drop       | If greater than 0, value of <i>req</i> must remain TRUE until acknowledge. A value of 0 turns off the req drop check. Default: 0.                                                        |
| deassert_count | Maximum number of clock cycles after acknowledge that <i>req</i> can remain TRUE (i.e., <i>req</i> must not be stuck active). A value of 0 turns off the req deassert check. Default: 0. |
| max_ack_length | Maximum number of clock cycles that <i>ack</i> can be TRUE. A value of 0 turns off the max ack length check. Default: 0.                                                                 |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                                                                                               |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                                                                                                      |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                                                                                            |

# OVL Checkers ovl handshake

clock\_edge Active edge of the clock input. Default:

OVL\_CLOCK\_EDGE\_DEFAULT (OVL\_POSEDGE).

reset\_polarity Polarity (active level) of the reset input. Default:

OVL\_RESET\_POLARITY\_DEFAULT

(OVL\_ACTIVE\_LOW).

gating\_type Gating behavior of the checker when enable is FALSE. Default:

OVL\_GATING\_TYPE\_DEFAULT (OVL\_GATE\_CLOCK).

### **Ports**

*clock* Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

enable Enable signal for *clock*, if *gating type* = OVL GATE CLOCK

(the default gating type) or reset (if gating type =

OVL\_GATE\_RESET). Ignored if *gating\_type* is OVL\_NONE.

req Expression that starts a transaction.

ack Expression that indicates the transaction is complete.

Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

## **Description**

The ovl\_handshake assertion checker checks the single-bit expressions req and ack at each active edge of clock to verify their values conform to the request-acknowledge handshake protocol specified by the checker parameters/generics. A request event (where req transitions to TRUE) initiates a transaction on the active edge of clock and an acknowledge event (where ack transitions to TRUE) signals the transaction is complete on the active edge of clock. The transaction must not include multiple request events and every acknowledge must have a pending request. Other checks—to ensure the acknowledge is received in a specified window, the request is held active until the acknowledge, the requests and acknowledges are not stuck active and the pulse length is not too long—are enabled and controlled by the checker's parameters/generics.

When a violation occurs, the checker discards any pending request. Checking is restarted the next cycle that *ack* is sampled FALSE.

#### **Assertion Checks**

MULTIPLE\_REQ\_VIOLATION The value of req transitioned to TRUE while waiting for an

acknowledge or while acknowledge was asserted. Extra requests

do not initiate new transactions.

ACK\_WITHOUT\_REQ The value of ack transitioned to TRUE without a pending

VIOLATION request.

The value of ack transitioned to TRUE before min ack cycle ACK\_MIN\_CYCLE\_ VIOLATION

clock cycles transpired after the request.

The value of ack did not transition to TRUE before ACK MAX CYCLE VIOLATION

max\_ack\_cycle clock cycles transpired after the request.

REQ\_DROP\_VIOLATION The value of *req* transitioned from TRUE before an

acknowledge.

The value of req did not transition from TRUE before REQ\_DEASSERT\_VIOLATION

deassert\_count clock cycles transpired after an acknowledge.

The value of ack did not transition from TRUE before ACK\_MAX\_LENGTH\_

VIOLATION max\_ack\_length clock cycles transpired after an acknowledge.

Implicit X/Z Checks

req contains X or Z Req expression value was X or Z.

ack contains X or Z Ack expression value was X or Z.

**Cover Points** 

BASIC — A transaction initiated. cover\_req\_asserted

cover\_ack\_asserted BASIC — A transaction completed.

**Cover Groups** 

none

See also

ovl\_win\_change ovl\_window

ovl\_win\_unchange

### Example 1

```
ovl_handshake #(
   'OVL_ERROR,
                                                   // severity_level
   0,
                                                   // min_ack_cycle
   0,
                                                   // max_ack_cycle
   0,
                                                   // req_drop
   0,
                                                   // deassert_count
                                                   // max_ack_length
   0,
   'OVL_ASSERT,
                                                   // property_type
   "hold-holda handshake error",
                                                   // msg
   'OVL_COVER_DEFAULT,
                                                   // coverage_level
   'OVL_POSEDGE,
                                                   // clock_edge
   'OVL_ACTIVE_LOW,
                                                   // reset_polarity
   'OVL_GATE_CLOCK)
                                                   // gating_type
   valid hold holda (
      clock,
                                                   // clock
      reset,
                                                   // reset
      enable,
                                                   // enable
      hold,
                                                   // req
      holda,
                                                   // ack
      fire_valid_holda );
                                                   // fire
```

Checks that multiple *hold* requests are not made while waiting for a *holda* acknowledge and that every *holda* acknowledge is in response to a unique *hold* request.





```
ovl_handshake #(
   'OVL_ERROR,
                                                  // severity_level
   2,
                                                  // min_ack_cycle
   3,
                                                  // max_ack_cycle
   0,
                                                  // req_drop
   0,
                                                  // deassert_count
   0,
                                                  // max_ack_length
   'OVL_ASSERT,
                                                  // property_type
   "hold-holda handshake error",
                                                  // msg
   'OVL_COVER_DEFAULT,
                                                  // coverage_level
   'OVL_POSEDGE,
                                                  // clock_edge
   'OVL_ACTIVE_LOW,
                                                  // reset_polarity
   'OVL_GATE_CLOCK)
                                                  // gating_type
   valid_hold_holda (
                                                  // clock
      clock,
      reset,
                                                  // reset
      enable,
                                                  // enable
      hold,
                                                  // req
      holda,
                                                  // ack
      fire_valid_holda );
                                                  // fire
```

Checks that multiple *hold* requests are not made while waiting for a *holda* acknowledge and that every *holda* acknowledge is in response to a unique *hold* request. Checks that *holda* acknowledge asserts 2 to 3 cycles after each hold request.



```
ovl_handshake #(
                                                  // severity_level
   'OVL_ERROR,
   0,
                                                  // min_ack_cycle
   0,
                                                  // max_ack_cycle
   0,
                                                  // req_drop
   0,
                                                  // deassert_count
   2,
                                                  // max_ack_length
   'OVL_ASSERT,
                                                  // property_type
   "hold-holda handshake error",
                                                  // msg
   'OVL_COVER_DEFAULT,
                                                  // coverage_level
   'OVL_POSEDGE,
                                                  // clock_edge
   'OVL_ACTIVE_LOW,
                                                  // reset_polarity
   'OVL_GATE_CLOCK)
                                                  // gating_type
   valid_hold_holda (
                                                  // clock
      clock,
      reset,
                                                  // reset
      enable,
                                                  // enable
      hold,
                                                  // req
      holda,
                                                  // ack
      fire_valid_holda );
                                                  // fire
```

Checks that multiple *hold* requests are not made while waiting for a *holda* acknowledge and that every *holda* acknowledge is in response to a unique *hold* request. Checks that *holda* acknowledge asserts for 2 cycles.



```
ovl_handshake #(
                                                  // severity_level
   'OVL_ERROR,
   0,
                                                  // min_ack_cycle
   0,
                                                  // max_ack_cycle
   1,
                                                  // req_drop
   1,
                                                  // deassert_count
   0,
                                                  // max_ack_length
   'OVL_ASSERT,
                                                  // property_type
   "hold-holda handshake error",
                                                  // msg
   'OVL_COVER_DEFAULT,
                                                  // coverage_level
   'OVL_POSEDGE,
                                                  // clock_edge
   'OVL_ACTIVE_LOW,
                                                  // reset_polarity
   'OVL_GATE_CLOCK)
                                                  // gating_type
   valid_hold_holda (
                                                  // clock
      clock,
      reset,
                                                  // reset
      enable,
                                                  // enable
      hold,
                                                  // req
      holda,
                                                  // ack
      fire_valid_holda );
                                                  // fire
```

Checks that multiple *hold* requests are not made while waiting for a *holda* acknowledge and that every *holda* acknowledge is in response to a unique *hold* request. Checks that *hold* request remains asserted until its *holda* acknowledge and then deasserts in the next cycle.



# ovl\_hold\_value

Checks that once an expression matches the value of a second expression, the first expression does not change value until a specified event window arrives and then changes value some time in that window.



# **Syntax**

```
ovl_hold_value
```

### Parameters/Generics

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                                                                                                                                                                                                                                        |
|----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| width          | Width of test_expr and value. Default: 2.                                                                                                                                                                                                                                                                                                                                                  |
| min            | Number of cycles after the value match that the event window opens. Default: 0 ( <i>test_expr</i> can change value in any cycle).                                                                                                                                                                                                                                                          |
| max            | Number of cycles after the value match that the event window closes. But if $max = 0$ , no event window opens and there are the following special cases:  min = 0 and max = 0  When test_expr and value match, test_expr must change value in the next cycle.  min > 0 and max = 0  When test_expr and value match, test_expr must not change value in the next min-1 cycles.  Default: 0. |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                                                                                                                                                                                                                                                                                                 |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                                                                                                                                                                                                                                                                                                        |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                                                                                                                                                                                                                                                                                              |

Active edge of the *clock* input. Default: clock edge

OVL\_CLOCK\_EDGE\_DEFAULT (OVL\_POSEDGE).

Polarity (active level) of the *reset* input. Default: reset\_polarity

OVL\_RESET\_POLARITY\_DEFAULT

(OVL ACTIVE LOW).

gating\_type Gating behavior of the checker when *enable* is FALSE. Default:

OVL GATING TYPE DEFAULT (OVL GATE CLOCK).

### **Ports**

clock Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

enable Enable signal for *clock*, if *gating type* = OVL GATE CLOCK

(the default gating type) or reset (if gating type =

OVL\_GATE\_RESET). Ignored if *gating\_type* is OVL\_NONE.

test\_expr[width-1:0] Variable or expression to check.

value[width-1:0] Value to match with test expr.

Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check [OVL\_FIRE\_WIDTH-1:0]

failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

## **Description**

The ovl hold value assertion checker checks test expr and value at the active edge of clock. If test expr has changed value and the values of test expr and value match, the checker verifies that the value of *test expr* holds as follows:

• 0 = min = max(default)

If the value of *test\_expr* does not change in the next cycle, a hold\_value violation occurs.

0 = min < max

If the value of test\_expr has not changed within the next max cycles, a hold\_value violation occurs.

 $0 < min \leq max$ 

If the value of test expr changes before an event window opens min cycles later, a hold\_value violation occurs. Then, if the value of test\_expr changes, the event window closes. However if test expr still has not changed value max cycles after the value match, the event window closes and a hold value violation occurs.

• 0 = max < min

If the value of *test\_expr* changes within the next *min-*1 cycles a hold\_value violation occurs.

The checker returns to the state of checking *test\_expr* and *value* in the next cycle.

#### **Assertion Checks**

HOLD\_VALUE

A match occurred and the expression had the same value in the next cycle.

0 = min = max

After matching *value*, *test\_expr* held the same value in the next cycle.

A match occurred and the expression held the same value for the next 'max' cycles.

0 = min < max

After matching *value*, *test\_expr* held the same value for the next *max* cycles.

A match occurred and the expression changed value before the event window or held the same value through the event window.

 $0 < min \le max$ 

After matching *value*, *test\_expr* did not hold the same value for the next *min*-1 cycles or *test\_expr* held the same value for the next *max* cycles.

A match occurred and the expression changed value before the event window opened.

0 = max < min

After matching *value*, *test\_expr* did not hold the same value for the next *min*-1 cycles.

#### Implicit X/Z Checks

test expr contains X or Z

Expression contained X or Z bits.

value contains X or Z

Value contained X or Z bits.

### **Cover Points**

cover\_test\_expr\_
changes

SANITY — Number of cycles *test\_expr* changed value.

cover\_hold\_value\_for\_
min cks

CORNER — Number of times *test\_expr* held value for exactly *min* cycles.

cover\_hold\_value\_for\_
max\_cks

CORNER — Number of times *test\_expr* held value for exactly *max*+1 cycles.

cover\_hold\_value\_for\_
max\_cks

CORNER — Indicates that the  $test\_expr$  was held exactly equal to *value* for specified max clocks. Not reported if max = 0 and min > 0.

observed\_hold\_time

STATISTIC — Reports the hold times (in cycles) that occurred at least once.

### **Cover Groups**

observed\_hold\_time

Number of times the *test\_expr* value was held for the specified number of hold cycles. Bins are:

- *observed\_hold\_time\_good[min+1:maximum]* bin index is the observed hold time in clock cycles. The value of *maximum* is:
  - 1 (if min = max = 0),
  - min + 4095 (if min > max = 0), or
  - max + 1 (if max > 0).
- *observed\_hold\_time\_bad* default.

# ovl\_implication

Checks that a specified consequent expression is TRUE if the specified antecedent expression is TRUE.



# **Syntax**

#### ovl\_implication

### **Parameters/Generics**

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |

#### **Ports**

*clock* Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

| enable                               | Enable signal for <i>clock</i> , if <i>gating_type</i> = OVL_GATE_CLOCK (the default gating type) or <i>reset</i> (if <i>gating_type</i> = OVL_GATE_RESET). Ignored if <i>gating_type</i> is OVL_NONE. |
|--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| antecedent_expr                      | Antecedent expression that is tested at the clock event.                                                                                                                                               |
| consequent_expr                      | Consequent expression that should evaluate to TRUE if antecedent_expr evaluates to TRUE when tested.                                                                                                   |
| <pre>fire [OVL_FIRE_WIDTH-1:0]</pre> | Fire output. Assertion failure when <i>fire</i> [0] is TRUE. X/Z check failure when <i>fire</i> [1] is TRUE. Cover event when <i>fire</i> [2] is TRUE.                                                 |

# **Description**

The ovl\_implication assertion checker checks the single-bit expression *antecedent\_expr* at each active edge of *clock*. If *antecedent\_expr* is TRUE, then the checker verifies that the value of *consequent\_expr* is also TRUE. If *antecedent\_expr* is not TRUE, then the assertion is valid regardless of the value of *consequent\_expr*.

### **Assertion Checks**

IMPLICATION Expression evaluated to FALSE.

#### Implicit X/Z Checks

 $\begin{array}{ll} \text{antecedent\_expr contains } X & \text{Antecedent expression value was } X \text{ or } Z. \\ \text{consequent\_expr contains} & \text{Consequent expression value was } X \text{ or } Z. \\ \text{X or } Z. \end{array}$ 

#### **Cover Points**

cover\_antecedent BASIC — The antecedent expr evaluated to TRUE.

# **Cover Groups**

none

### **Notes**

1. This assertion checker is equivalent to:

### See also

```
ovl_alwaysovl_neverovl_always_on_edgeovl_proposition
```

## **Examples**

```
ovl_implication #(
   'OVL_ERROR,
                                                  // severity_level
   'OVL_ASSERT,
                                                  // property_type
   "Error: q valid but q full",
                                                  // msg
   'OVL_COVER_DEFAULT,
                                                  // coverage_level
   'OVL_POSEDGE,
                                                  // clock_edge
   'OVL_ACTIVE_LOW,
                                                  // reset_polarity
   'OVL_GATE_CLOCK)
                                                  // gating_type
   not_full (
                                                  // clock
      clock,
      reset,
                                                  // reset
      enable,
                                                  // enable
      q_valid,
                                                  // antecedent_expr
      q_not_full,
                                                  // consequent_expr
      fire_not_full );
                                                  // fire
```

Checks that  $q\_not\_full$  is TRUE at each rising edge of clock for which  $q\_valid$  is TRUE.



# ovl\_increment

Checks that the value of an expression changes only by the specified increment value.



# **Syntax**

#### ovl increment

Severity of the failure Default: OVI SEVERITY DEFAULT

### Parameters/Generics

severity level

| Severity_lever | (OVL_ERROR).                                                                                                   |
|----------------|----------------------------------------------------------------------------------------------------------------|
| width          | Width of the <i>test_expr</i> argument. Default: 1.                                                            |
| value          | Increment value for test_expr. Default: 1.                                                                     |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |
|                |                                                                                                                |

### **Ports**

*clock* Clock event for the assertion.

| reset                                | Synchronous reset signal indicating completed initialization.                                                                                                                                          |
|--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| enable                               | Enable signal for <i>clock</i> , if <i>gating_type</i> = OVL_GATE_CLOCK (the default gating type) or <i>reset</i> (if <i>gating_type</i> = OVL_GATE_RESET). Ignored if <i>gating_type</i> is OVL_NONE. |
| test_expr[width-1:0]                 | Expression that should increment by <i>value</i> whenever its value changes from the active edge of <i>clock</i> to the next active edge of <i>clock</i> .                                             |
| <pre>fire [OVL_FIRE_WIDTH-1:0]</pre> | Fire output. Assertion failure when <i>fire</i> [0] is TRUE. X/Z check failure when <i>fire</i> [1] is TRUE. Cover event when <i>fire</i> [2] is TRUE.                                                 |

# **Description**

The ovl\_increment assertion checker checks the expression *test\_expr* at each active edge of *clock* to determine if its value has changed from its value at the previous active edge of *clock*. If so, the checker verifies that the new value equals the previous value incremented by *value*. The checker allows the value of *test\_expr* to wrap, if the total change equals the increment *value*. For example, if *width* is 5 and *value* is 4, then the following change in *test\_expr* is valid:

```
5'b11110 -> 5'b00010
```

The checker is useful for ensuring proper changes in structures such as counters and finite-state machines. For example, the checker is useful for circular queue structures with address counters that can wrap. Do not use this checker for variables or expressions that can decrement. Instead consider using the ovl\_delta checker.

### **Assertion Checks**

| INCREMENT | Expression | on evalu | ated to a | value that | is not its | previous value |
|-----------|------------|----------|-----------|------------|------------|----------------|
|           |            |          | •         |            |            |                |

incremented by value.

#### Implicit X/Z Checks

test\_expr contains X or Z Expression value contained X or Z bits.

#### **Cover Points**

```
cover_test_expr_change BASIC — Expression changed value.
```

### **Cover Groups**

none

### **Notes**

1. The assertion check compares the current value of *test\_expr* with its previous value. Therefore, checking does not start until the second rising edge of *clock* after *reset* deasserts.

### See also

```
ovl_decrement ovl_no_overflow ovl delta
```

# **Examples**

```
ovl_increment #(
                                                   // severity_level
   'OVL ERROR,
                                                   // width
   4,
   1,
                                                   // value
   'OVL_ASSERT,
                                                   // property_type
   "Error: invalid binary increment",
                                                   // msg
   'OVL COVER DEFAULT,
                                                   // coverage_level
   'OVL_POSEDGE,
                                                   // clock_edge
   'OVL_ACTIVE_LOW,
                                                   // reset_polarity
   'OVL_GATE_CLOCK)
                                                   // gating_type
   valid_count (
                                                   // clock
      clock,
      reset,
                                                   // reset
      enable,
                                                   // enable
      count,
                                                   // test_expr
      fire_valid_count );
                                                   // fire
```

Checks that the programmable counter's *count* variable only increments by 1. If *count* wraps, the assertion fails, because the change is not a binary increment.



# ovl\_memory\_async

Checks the integrity of accesses to an asynchronous memory.



# **Syntax**

#### ovl\_memory\_async

#### Parameters/Generics

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                 |
|----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| data_width     | Number of bits in a data item. Default: 1                                                                                                                           |
| addr_width     | Number of bits in an address. Default: 1                                                                                                                            |
| mem_size       | Number of data items in the memory. Default: 2                                                                                                                      |
| addr_check     | Whether or not to perform address checks.  addr_check = 0  Turns off the address check.  addr_check = 1 (Default)  Turns on the address check.                      |
| init_check     | Whether or not to perform initialization checks.  init_check = 0  Turns off the initialization check.  init_check = 1 (Default)  Turns on the initialization check. |

one\_read\_check Whether or not to perform one\_read checks.

one\_read\_check = 0 (Default)
Turns off the one read check

one\_read\_check = 1

Turns on the one\_read check.

one\_write\_check Whether or not to perform one\_write checks.

one\_write\_check = 0 (Default)
Turns off the one\_write check.

 $one\_write\_check = 1$ 

Turns on the one\_write check.

value\_check Whether or not to perform value checks.

value\_check = 0 (Default)
Turns off the value check.

 $value\_check = 1$ 

Turns on the value check.

property\_type Property type. Default: OVL\_PROPERTY\_DEFAULT

(OVL\_ASSERT).

msg Error message printed when assertion fails. Default:

OVL\_MSG\_DEFAULT ("VIOLATION").

(OVL\_COVER\_BASIC).

ren\_edge Active edge of the ren input. Default:

OVL\_CLOCK\_EDGE\_DEFAULT (OVL\_POSEDGE).

wen\_edge Active edge of the wen input. Default:

OVL\_CLOCK\_EDGE\_DEFAULT (OVL\_POSEDGE).

reset\_polarity Polarity (active level) of the reset input. Default:

OVL\_RESET\_POLARITY\_DEFAULT

(OVL ACTIVE LOW).

gating\_type Gating behavior of the checker when enable is FALSE. Default:

OVL\_GATING\_TYPE\_DEFAULT (OVL\_GATE\_CLOCK).

### **Ports**

reset Synchronous reset signal indicating completed initialization.

enable Enable signal for ren and wen, if gating\_type =

OVL\_GATE\_CLOCK (the default gating type) or *reset* (if *gating\_type* = OVL\_GATE\_RESET). Ignored if *gating\_type* is

OVL\_NONE.

start\_addr First address of the memory.

end\_addr Last address of the memory.

| ren | Read | enab | le | input, | whose | active | edge | initiates | a read | operation |  |
|-----|------|------|----|--------|-------|--------|------|-----------|--------|-----------|--|
|     |      |      |    |        |       |        |      |           |        |           |  |

from the memory location specified by raddr.

raddr Read address input.

Read data input that holds the data item read from memory.

wen Write enable input, whose active edge initiates a write operation

of the data item in wdata to the memory location specified by

waddr.

waddr Write address input.

wdata Write data input.

Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

# **Description**

The ovl\_memory\_async checker checks the two memory access enable signals wen and ren combinationally. The active edges of these signals are specified the wen\_edge and ren\_edge parameters/generics (and by enable if gating\_type is OVL\_GATE\_CLOCK). At the active edge of wen, the values of waddr, start\_addr and end\_addr are checked. If waddr is not in the range [start\_addr:end\_addr], an address check violation occurs. Otherwise, a write operation to the location specified by waddr is assumed. Similarly, at the active edge of ren, the values of raddr, start\_addr and end\_addr are checked. If raddr is not in the range [start\_addr:end\_addr], an address check violation occurs. Otherwise, a read operation from the location specified by raddr is assumed. Also, if raddr is uninitialized (i.e., has not been written to previously or at the current time), then an initialization check violation occurs.

By default, the address and init checks are on, but can be turned off by setting the *addr\_check* and *init\_check* parameters/generics to 0. Note that other checks are valid only if the addresses are valid, so it is recommended that *addr\_check* be left at 1. The checker can be configured to perform the following additional checks:

• one\_write\_check = 1

At the active edge of *wen*, if the previous access to the data at the address specified by *waddr* was a write or a simultaneous read/write to that address, a one\_write check violation occurs, unless the current operation is a simultaneous read/write to that location.

• one read check = 1

At the active edge of *ren*, if the previous access to the data at the address specified by *raddr* was a read (but not a simultaneous read/write to that address), a one\_read check violation occurs.

•  $value\ check = 1$ 

At the active edge of *wen*, the current value of *wdata* is the value assumed to be written to the memory location specified by *waddr*. At the active edge of *ren*, if the value of *rdata* does not match the expected value last written to the address specified by *raddr*, a value check violation occurs.

Note that when active edges of wen and ren occur together, a simultaneous read/write operation is assumed. Here, the read is performed first (for example, if raddr = waddr).

### **Assertion Checks**

ADDRESS

Write address was out of range.

At an active edge of wen, waddr < start\_addr or waddr > end addr.

Read address was out of range.

At an active edge of *ren*, *raddr* < *start\_addr* or *raddr* > *end addr*.

INITIALIZATION

Read location was not initialized.

At an active edge of *ren*, the memory location pointed to by *raddr* had not had data written to it since the last reset.

ONE\_READ

Memory location had two read accesses without an intervening write access.

 $one\_read\_check = 1$ 

At an active edge of *ren*, the previous access to the memory location pointed to by *raddr* was another read.

ONE\_WRITE

Memory location had two write accesses without an intervening read access.

 $one\_read\_check = 1$ 

At an active edge of *wen*, the previous access to the memory location pointed to by *waddr* was another write (and the current memory access is not a simultaneous read/write to that location).

VALUE

Data item read from a location did not match the data last written to that location.

 $value\ check = 1$ 

At an active edge of *ren*, the value of *rdata* did not equal the expected value, which was the value of *wdata* when a write access to the memory location pointed to by the current value of *raddr* last occurred.

#### Implicit X/Z Checks

start\_addr contains X or Z
end\_addr contains X or Z
End address contained X or Z bits.

End address contained X or Z bits.

Read address contained X or Z bits.

Read address contained X or Z bits.

Read data contained X or Z bits.

Write address contained X or Z bits.

Write address contained X or Z bits.

Write address contained X or Z bits.

Write data contained X or Z bits.

### **Cover Points**

SANITY — Number of read accesses. cover\_reads SANITY — Number of write accesses. cover\_writes cover write then read BASIC — Number of times a write access was followed by a from\_same\_addr read from the same address. STATISTIC — Reports which addresses were read at least once. cover read addr cover\_write\_addr STATISTIC — Reports which addresses were written at least once. cover\_two\_writes\_ STATISTIC — Number of times a memory location had two without\_read write accesses but no read access of the data item stored by the first write. cover two reads STATISTIC — Number of times a memory location had two without\_write read accesses but no write access overwriting the data item read by the first read. CORNER — Number of read accesses to the location specified cover\_read\_from\_start\_ addr by start addr. CORNER — Number of write accesses to the location specified cover\_write\_to\_start\_ addr by *start\_addr*. cover\_read\_from\_end\_ CORNER — Number of read accesses to the location specified addr by end addr. CORNER — Number of write accesses to the location specified cover\_write\_to\_end\_ addr by *end\_addr*. CORNER — Number of times a write access to start addr was cover\_write\_then\_read\_ from\_start\_addr followed by a read from start addr. cover\_write\_then\_read\_ CORNER — Number of times a write access to end addr was from\_end\_addr followed by a read from *end\_addr*.

## **Cover Groups**

observed\_read\_addr

Number of read operations made from the specified address. Bins are:

• observed\_read\_addr[0:addr\_width - 1] — bin index is the memory address.

observed\_write\_addr

Number of write operations made to the specified address. Bins are:

• observed\_write\_addr[0:addr\_width - 1] — bin index is the memory address.

# ovl\_memory\_sync

Checks the integrity of accesses to a synchronous memory.



## **Syntax**

```
ovl_memory_sync
   [#(severity_level, data_width, addr_width, mem_size, addr_check,
```

init\_check, conflict\_check, pass\_thru, one\_read\_check,
 one\_write\_check, value\_check, property\_type, msg,
 coverage\_level, wen\_edge, ren\_edge, reset\_polarity,
 gating\_type)]
instance\_name (reset, enable, start\_addr, end\_addr, r\_clock, ren,
 raddr, rdata, w\_clock, wen, waddr, wdata, fire);

#### **Parameters/Generics**

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
|----------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| data_width     | Number of bits in a data item. Default: 1                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| addr_width     | Number of bits in an address. Default: 1                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
| mem_size       | Number of data items in the memory. Default: 2                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
| pass_thru      | How the memory handles a simultaneous read and write access to the same address. This parameter applies to the initialization and value checks. <code>pass_thru = 0</code> (Default)  No pass-through mode (i.e., read before write). Simultaneous read/write access to the same location should return the current data item as the read data. <code>pass_thru = 1</code> Pass-through mode (i.e., write before read). Simultaneous read/write access to the same location should return the new data item as the read data. Only specify pass-through mode if |

 $r\_clock === w\_clock$  and  $conflict\_check = 0$ .

addr check Whether or not to perform address checks.

 $addr\_check = 0$ 

Turns off the address check.  $addr \ check = 1 \ (Default)$ Turns on the address check.

init check Whether or not to perform initialization checks.

 $init\_check = 0$ 

Turns off the initialization check.

init check = 1 (Default)

Turns on the initialization check.

Whether or not to perform conflict checks. conflict\_check

> conflict\_check = 0 (Default) Turns off the conflict check.

conflict check = 1

Turns on the conflict check. Only select the conflict check if

 $r \ clock === w \ clock.$ 

one\_read\_check Whether or not to perform one\_read checks.

> one\_read\_check = 0 (Default) Turns off the one read check.

one read check = 1

Turns on the one read check.

one\_write\_check Whether or not to perform one\_write checks.

> one write check = 0 (Default) Turns off the one write check.

one write check = 1

Turns on the one\_write check.

value\_check Whether or not to perform value checks.

> value check = 0 (Default) Turns off the value check. value check = 1

Turns on the value check.

Property type. Default: OVL\_PROPERTY\_DEFAULT property\_type

(OVL ASSERT).

msg Error message printed when assertion fails. Default:

OVL MSG DEFAULT ("VIOLATION").

coverage\_level Coverage level. Default: OVL\_COVER\_DEFAULT

(OVL COVER BASIC).

ren\_edge Active edge of the  $r\_clock$  input. Default:

OVL CLOCK EDGE DEFAULT (OVL POSEDGE).

Active edge of the *w\_clock* input. Default: wen\_edge

OVL CLOCK EDGE DEFAULT (OVL POSEDGE).

### **OVL Checkers** ovl memory sync

reset polarity Polarity (active level) of the *reset* input. Default:

OVL\_RESET\_POLARITY\_DEFAULT

(OVL ACTIVE LOW).

gating\_type Gating behavior of the checker when *enable* is FALSE. Default:

OVL GATING TYPE DEFAULT (OVL GATE CLOCK).

**Ports** 

reset Synchronous reset signal indicating completed initialization.

enable Enable signal for r clock and w clock, if gating type =

> OVL GATE CLOCK (the default gating type) or reset (if gating\_type = OVL\_GATE\_RESET). Ignored if gating\_type is

OVL\_NONE.

First address of the memory. start\_addr end addr Last address of the memory.

r\_clock Clock event for read operations.

Read enable input that initiates a read operation from the memory ren

location specified by raddr.

raddr Read address input.

rdata Read data input that holds the data item read from memory.

w clock Clock event for write operations.

Write enable input that initiates a write operation of the data item wen

in wdata to the memory location specified by waddr.

waddr Write address input.

wdata Write data input.

fire Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check [OVL\_FIRE\_WIDTH-1:0]

failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

# **Description**

The ovl\_memory\_async checker checks wen at the active edge of w\_clock. If wen is TRUE, the checker checks the values of waddr, start\_addr and end\_addr. If waddr is not in the range [start addr:end addr], an address check violation occurs. Otherwise, a write operation to the location specified by waddr is assumed. Similarly, the checker checks ren at the active edge of r\_clock. If ren is TRUE, the checker checks the values of raddr, start\_addr and end\_addr. If raddr is not in the range [start addr:end addr], an address check violation occurs. Otherwise, a read operation from the location specified by raddr is assumed. Also, if raddr is uninitialized (i.e., has not been written to previously or at the current time), then an initialization check violation occurs.

By default, the address and init checks are on, but can be turned off by setting the *addr\_check* and *init\_check* parameters/generics to 0. Note that other checks are valid only if the addresses are valid, so it is recommended that *addr\_check* be left at 1.

The checker can be configured to perform the following additional checks:

• conflict check = 1

At the active edges of  $w\_clock/r\_clock$ , if wen = ren = TRUE and waddr = raddr, then a conflict check violation occurs ( $w\_clock$  and  $r\_clock$  must be the same signal).

one\_write\_check = 1
pass\_thru = 0

At the active edge of  $w\_clock$ , if wen is TRUE and the previous access to the data at the address specified by waddr was a write or a simultaneous read/write to that address, a one\_write check violation occurs, unless the current operation is a simultaneous read/write to that location.

```
pass_thru = 1
```

At the active edge of  $w\_clock$ , if wen is TRUE and the previous access to the data at the address specified by waddr was a write (but not a simultaneous read/write to that address), a one\_write check violation occurs.

one\_read\_check = 1
pass\_thru = 0

At the active edge of  $r\_clock$ , if ren is TRUE and the previous access to the data at the address specified by raddr was a read (but not a simultaneous read/write to that address), a one\_read check violation occurs.

```
pass_thru = 1
```

At the active edge of  $r\_clock$ , if ren is TRUE and the previous access to the data at the address specified by raddr was a read or a simultaneous read/write to that address, a one\_read check violation occurs, unless the current operation is a simultaneous read/write to that location.

• value check = 1

At the active edge of  $w\_clock$ , if wen is TRUE, the current value of wdata is the value assumed to be written to the memory location specified by waddr. At the active edge of  $r\_clock$ , if ren is TRUE and the value of rdata does not match the expected value last written to the address specified by raddr, a value check violation occurs.

### **Assertion Checks**

**ADDRESS** 

Write address was out of range.

At an active edge of w\_clock, wen was TRUE but waddr <

 $start\_addr$  or  $waddr > end\_addr$ .

Read address was out of range.

At an active edge of *r\_clock*, *ren* was TRUE but *raddr* < *start\_addr* or *raddr* > *end\_addr*.

INITIALIZATION

Read location was not initialized.

At an active edge of *r\_clock*, *ren* was TRUE but the memory location pointed to by *raddr* had not had data written to it since the last reset.

CONFLICT

Simultaneous read/write accesses to same address.

 $conflict\_check = 1$ 

At an active edge of  $r\_clock$ , ren was TRUE but wen was also TRUE and raddr = waddr. This check assumes  $r\_clock$  and w clock are the same signal.

ONE\_READ

Memory location had two read accesses without an intervening write access.

one\_read\_check = 1

At an active edge of *r\_clock*, *ren* was TRUE but the previous access to the memory location pointed to by *raddr* was another read.

ONE WRITE

Memory location had two write accesses without an intervening read access.

one\_read\_check = 1

At an active edge of *w\_clock*, *wen* was TRUE but the previous access to the memory location pointed to by *waddr* was another write.

VALUE

Data item read from a location did not match the data last written to that location.

 $value\_check = 1$ 

At an active edge of  $r\_clock$ , ren was TRUE but the value of rdata did not equal the expected value, which was the value of wdata when a write access to the memory location pointed to by the current value of raddr last occurred.

#### Implicit X/Z Checks

start\_addr contains X or Z
end\_addr contains X or Z
End address contained X or Z bits.

End address contained X or Z bits.

Read enable was X or Z.

Read address contained X or Z bits.

Read address contained X or Z bits.

Read address contained X or Z bits.

Read data contained X or Z bits.

Write enable was X or Z.

Write enable was X or Z.

Write address contained X or Z bits.

### **Cover Points**

wdata contains X or Z

cover reads SANITY — Number of read accesses. cover\_writes SANITY — Number of write accesses. BASIC — Number of times a write access was followed by a cover\_write\_then\_read\_ from\_same\_addr read from the same address. cover same addr CORNER — Number of times a simultaneous read/write access simultaneous\_ to the same address occurred. Not meaningful unless *pass\_thru* is read write cover\_different\_addr\_ CORNER — Number of times a simultaneous read/write access simultaneous\_ to different addresses occurred. Not meaningful unless pass thru read\_write is 1. cover read from start CORNER — Number of read accesses to the location specified by start addr. cover\_write\_to\_start\_ CORNER — Number of write accesses to the location specified addr by *start\_addr*. cover read from end CORNER — Number of read accesses to the location specified addr by *end\_addr*. cover\_write\_to\_end\_ CORNER — Number of write accesses to the location specified addr by *end\_addr*. cover write then read CORNER — Number of times a write access to start addr was from\_start\_addr followed by a read from *start\_addr*. cover write then read CORNER — Number of times a write access to end addr was from\_end\_addr followed by a read from end\_addr. cover read addr STATISTIC — Reports which addresses were read at least once. STATISTIC — Reports which addresses were written at least cover\_write\_addr once.

Write data contained X or Z bits.

STATISTIC — Reports which delays (in numbers of active cover read to write delays w\_clock edges) from a read to the next write (to any address) occurred at least once. cover\_write\_to\_read\_ STATISTIC — Reports which delays (in numbers of active delays r clock edges) from a write to the next read (to any address) occurred at least once. STATISTIC — Number of times a memory location had two cover\_two\_writes\_ without\_read write accesses but no read access of the data item stored by the first write. STATISTIC — Number of times a memory location had two cover\_two\_reads\_

by the first read.

**Cover Groups** 

without\_write

Number of read operations made from the specified address. Bins are:

read accesses but no write access overwriting the data item read

• *observed\_read\_addr*[0:*addr\_width* - 1] — bin index is the memory address.

Number of write operations made to the specified address. Bins are:

• *observed\_write\_addr*[0:*addr\_width* - 1] — bin index is the memory address.

Number of times the delay (in cycles) between a read from a memory location and a write to that location matched the specified latency value. Bins are:

• *observed\_delay\_from\_read\_to\_write*[0:31] — bin index is the observed latency.

Number of times the delay (in cycles) between a write to a memory location and a read from that location matched the specified latency value. Bins are:

• *observed\_delay\_from\_write\_to\_read*[0:31] — bin index is the observed latency.

observed read addr

observed\_write\_addr

observed\_delay\_from\_ read\_to\_write

observed\_delay\_from\_ write to read

# ovl\_multiport\_fifo

Checks the data integrity of a FIFO with multiple enqueue and dequeue ports, and checks that the FIFO does not overflow or underflow.



# Syntax

### ovl multiport fifo

### **Parameters/Generics**

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR). |
|----------------|---------------------------------------------------------------------|
| width          | Width of a data item in the FIFO. Default: 1.                       |
| depth          | FIFO depth. The $depth$ must be $> 0$ . Default: 2.                 |
| enq_count      | Number of FIFO enqueue ports. Must be $\leq depth$ . Default: 2.    |
| deq_count      | Number of FIFO dequeue ports. Must be $\leq depth$ . Default: 2.    |

How the FIFO handles dequeues and enqueues in the same cycle pass thru if the FIFO count is such that a dequeue violation might occur. pass thru = 0 (Default) No pass-through mode means dequeue before enqueue. A dequeue violation occurs if the number of scheduled dequeues > the current FIFO count. pass = 1Pass-through mode means enqueue before dequeue. A dequeue violation occurs if the number of scheduled dequeues – the number of scheduled enqueues > the current FIFO count. How the FIFO handles dequeues and enqueues in the same cycle registered if the FIFO count is such that an enqueue violation might occur. registered = 0 (Default) No registered mode means enqueue before dequeue. An enqueue violation occurs if the current FIFO count + the number of scheduled enqueues > depth. registered = 1Registered mode means dequeue before enqueue. An enqueue violation occurs if the current FIFO count + the number of scheduled enqueues – the number scheduled dequeues > depth. enq\_latency Latency for enqueue data. eng\_latency = 0 (Default) Checks and coverage assume *enq data* is valid and the enqueue operation is performed in the same cycle *enq* asserts. enq\_latency > 0 Checks and coverage assume enq data is valid and the enqueue operation is performed *enq\_latency* cycles after *enq* asserts. Latency for dequeued data. It is used for the value check. deq\_latency deq\_latency = 0 (Default) Checks and coverage assume deq data is valid and the dequeue operation is performed in the same cycle *deq* asserts.  $deq_1atency > 0$ Checks and coverage assume deq data is valid and the dequeue operation is performed deg latency cycles after deg asserts. preload\_count Number of items to preload the FIFO on reset. The preload port is a concatenated list of items to be preloaded into the FIFO. Default: 0 (FIFO empty on reset). FIFO high-water mark. Must be < depth. A value of 0 disables high\_water\_mark

the high water mark cover point. Default: 0.

full\_check Whether or not to perform full checks.

full\_check = 0 (Default)
Turns off the full check.

 $full\ check = 1$ 

Turns on the full check.

empty\_check Whether or not to perform empty checks.

empty\_check = 0 (Default)
Turns off the empty check.

 $empty\_check = 1$ 

Turns on the empty check.

value\_check Whether or not to perform value checks.

value\_check = 0 (Default)
Turns off the value check.

 $value\_check = 1$ 

Turns on the value check.

property\_type Property type. Default: OVL\_PROPERTY\_DEFAULT

(OVL\_ASSERT).

msg Error message printed when assertion fails. Default:

OVL\_MSG\_DEFAULT ("VIOLATION").

(OVL\_COVER\_BASIC).

clock\_edge Active edge of the clock input. Default:

OVL CLOCK EDGE DEFAULT (OVL POSEDGE).

reset\_polarity Polarity (active level) of the reset input. Default:

OVL RESET POLARITY DEFAULT

(OVL ACTIVE LOW).

gating\_type Gating behavior of the checker when enable is FALSE. Default:

OVL GATING TYPE DEFAULT (OVL GATE CLOCK).

#### **Ports**

*clock* Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

enable Enable signal for clock, if gating type = OVL GATE CLOCK

(the default gating type) or reset (if gating\_type =

OVL GATE RESET). Ignored if gating type is OVL NONE.

eng[enq\_count-1:0] Concatenation of FIFO enqueue inputs. When one or more enq

bits are sampled TRUE, the FIFO performs an enqueue operation

from the asserted bits' corresponding enqueue data ports

(eng\_latency cycles later). Data items are enqueued in order from

the least to most-significant bits and the FIFO counter is

incremented by the number of TRUE eng bits

Concatenation of FIFO dequeue inputs. When one or more deg deg[deg\_count-1:0] bits are sampled TRUE, the FIFO performs a dequeue operation from the asserted bits' corresponding dequeue data ports (deg latency cycles later). Data items are dequeued in order from the least to most-significant bits and the FIFO counter is decremented by the number of TRUE deg bits ful1 Output status flag from the FIFO. full = 0FIFO not full. full = 1FIFO full. empty Output status flag from the FIFO. empty = 0FIFO not empty. empty = 1FIFO empty. eng\_data Concatenation of enqueue data inputs. If the value check is on, [eng count\*width-1:0] this port contains the data items to enqueue *enq latency* cycles after the *eng* bits assert. deq\_data Concatenation of dequeue data inputs. If the value check is on, [deq\_count\*width-1:0] this port contains the dequeued data items *deg latency* cycles after the deq bits assert. preload Concatenated preload data to enqueue on reset. [preload\_count\*width-1 preload\_count = 0 :0] No preload of the FIFO is assumed. The width of preload should be width, however no values from preload are used. The FIFO is assumed to be empty on reset. preload count > 0 Checker assumes the value of *preload* is a concatenated list of items that were all enqueued on the FIFO on reset (or simulation start). The width of preload should be *preload count* \* *width* (preload items are the same width). Preload values are enqueued from the low order item to the high order item. fire Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check [OVL\_FIRE\_WIDTH-1:0]

failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

## **Description**

The ovl\_multiport\_fifo assertion checker checks that a multiport FIFO functions legally. A multiport FIFO is a memory structure that stores and retrieves data items based on a first-in first-out queueing protocol. The FIFO can have multiple enqueue data ports and multiple dequeue data ports (the number of each does need to match). Each enqueue data port has a corresponding enqueue signal that indicates the data port's value should be enqueued. Similarly, each dequeue data port has a corresponding dequeue signal that indicates a data item from the FIFO should be dequeued to that port.

A FIFO with multiple enqueue ports can signal an enqueue from any combination of the ports each enqueue clock cycle. Similarly, a FIFO with multiple dequeue ports can signal a dequeue to any combination of the ports each dequeue clock cycle. When multiple ports are enqueued (dequeued) in a cycle, the order their contents are enqueued (dequeued) is always the same. A FIFO can also have enqueue and dequeue latency constants. Enqueue latency is the number of clock cycles after an enqueue signal asserts that the corresponding enqueue data value is valid at the corresponding enqueue data port. Dequeue latency is the number of clock cycles it takes for a dequeue to produce a data value at its corresponding dequeue port.

To connect the ovl\_multiport\_fifo checker to the FIFO logic:

- Concatenate the enqueue signals—arranged in order from first-in (least-significant bit) to last-in (most-significant bit)—and connect to the *enq* port. Concatenate the dequeue signals—arranged in order from first-out (least-significant bit) to last-out (most-significant bit)—and connect to the *deq* port.
- If the checker will perform value checks, concatenate the enqueue data ports in the same order as the *enq* bits and connect to the *enq\_data* port. Concatenate the dequeue data ports in the same order as the *deq* bits and connect to the *deq\_data* port. Otherwise, connect *enq\_data* and *deq\_data* to 0.
- If the checker will perform full checks, connect the FIFO-full status flag to the *full* port. Otherwise, connect *full* to 1'b0. If the checker will perform empty checks, connect the FIFO-full status flag to the *empty* port. Otherwise, connect *empty* to 1'b0.

The checker checks *enq* and *deq* at the active edge of *clock*. If an *enq* bit is TRUE, an enqueue operation is scheduled for the corresponding enqueue data port *enq\_latency* cycles later (or in the current cycle if *enq\_latency* is 0). Similarly, if a *deq* bit is TRUE, a dequeue operation is scheduled to the corresponding dequeue data port *deq\_latency* cycles later (or in the current cycle if *deq\_latency* is 0).

At each active edge of *clock*, the checker does the following:

- 1. Updates its FIFO counter with the results of enqueues and dequeues from the previous cycle.
- 2. Checks the *full* flag if *full\_check* is 1. If *full* is FALSE and the FIF0 count = *depth* or if *full* is TRUE and the FIFO count < *depth*, a full check violation occurs.

- 3. Checks the *empty* flag if *empty\_check* is 1. If *empty* is FALSE and the FIF0 count = 0 or if *empty* is TRUE and the FIFO count > 0, an empty check violation occurs.
- 4. Checks for a potential overflow. If the number of enqueues scheduled for the current cycle exceeds the current number of unused FIFO locations, an enqueue check violation occurs. In this case, since the FIFO state is unknown, value checks are turned off until the next checker reset.
- 5. Checks for a potential underflow. If the number of dequeues scheduled for the current cycle exceeds the current number of FIFO entries, a dequeue check violation occurs. In this case, since the FIFO state is unknown, value checks are turned off until the next checker reset.
- 6. If *value\_check* is 1 (and no enqueue or dequeue violations have occurred), the checker maintains an internal copy of what it expects the FIFO entries to be. The checker issues a value check violation for each internal dequeued data item that does not match the corresponding value of *deq\_data*.

A corner-case situation occurs when both enqueues and dequeues are scheduled simultaneously in the same cycle. By default, the checker enforces the best-case (i.e., most restrictive) scenarios. For the enqueue check, enqueues are "performed" before dequeues. For the dequeue check, dequeues are "performed" before enqueues. However, the checker can be configured to allow worse-case (i.e., less restrictive) scenarios by setting the *registered* and *pass\_thru* parameters/generics:

- In registered mode, the enqueue check calculates the FIFO count by subtracting the number of dequeues before adding the number of enqueues, resulting in a less restrictive check.
- In pass-through mode, the dequeue check calculates the FIFO count by adding the number of enqueues before subtracting the number of dequeues, resulting in a less restrictive check.

By default, the FIFO is empty at the start of the first cycle after a reset (or the start of simulation). However, the checker can be configured to match a FIFO that contains data items at these initial points. To do this, the checker "preloads" these data items. The *preload\_count* parameter specifies the number of data items to preload.

If *value\_check* is 1, at the start of any cycle in which reset has transitioned from active to inactive, the checker reads the *preload* port. This is a port containing a concatenated value equal to *preload\_count* data items. The checker enqueues these data items onto the internal FIFO in order from the low-order item to the high-order item.

Uses: FIFO, queue, buffer, ring buffer, elasticity buffer.

#### **Assertion Checks**

ENQUEUE Enqueue occurred that would overflow the FIFO.

registered = 0

One or more *enq* bits were TRUE, but *enq\_latency* cycles later, FIFO count + number of enqueued items > *depth*.

registered = 1

One or more *enq* bits were TRUE, but *enq\_latency* cycles later, FIFO count + number of enqueued items – number of dequeued items.

Dequeue occurred that would underflow the FIFO. pass\_thru = 0

One or more *deq* bits were TRUE, but *deq\_latency* cycles later, FIFO count < number of dequeued items.

 $pass_thru = 1$ 

One or more *deq* bits were TRUE, but *deq\_latency* cycles later, FIFO count < number of dequeued items – number of enqueued items.

The FIFO was not full when the full signal was asserted

Full was TRUE, but the FIFO contained fewer than depth items.

The full signal was not asserted when the FIFO was full.

*Full* was FALSE, but the FIFO \contained *depth* items.

FIFO 'full' signal was asserted, but the FIFO was not full

FIFO contained fewer than *depth* items but *full* was TRUE.

FIFO 'full' signal was not asserted, but the FIFO was full.

FIFO contained *depth* items and *full* was FALSE.

FIFO 'empty' signal was asserted, but the FIFO was not empty.

FIFO contained one or more items but *empty* was TRUE.

FIFO 'empty' signal was not asserted, but the FIFO was empty.

FIFO contained no items but *empty* was FALSE.

FULL

**DEQUEUE** 

FULL

EMPTY

| VALUE | Dequeued | FIFO  | value | did | not | equal | the | corresponding |
|-------|----------|-------|-------|-----|-----|-------|-----|---------------|
|       | enqueued | value | e.    |     |     |       |     |               |

 $deq_latency = 0$ 

A deq bit was TRUE, but the corresponding data item in *deq\_data* did not equal the item originally enqueued.

deg latency > 0

A deq bit was TRUE, but deq\_latency cycles later the corresponding data item in *deq\_data* did not equal the item originally enqueued.

This check automatically turns off if an enqueue or dequeue check violation occurs since it is no longer possible to correspond enqueued with dequeued values. The check turns back on when the checker resets.

#### Implicit X/Z Checks

Enqueue contained X or Z bits. enq contains X or Z deq contains X or Z Dequeue contained X or Z bits. full contains X or Z FIFO full signal was X or Z. Check is off if *full\_check* is 0.

empty contains X or Z FIFO empty signal was X or Z. Check is off if *empty\_check* is 0.

enq\_data contains X or Z Enqueue data item in the *enq\_data* expression contained X or Z bits when it was scheduled to be enqueued onto the FIFO.

Dequeue data item in the *deq\_data* expression contained X or Z deq\_data contains X or Z bits when it was scheduled to be dequeued from the FIFO.

#### **Cover Points**

SANITY — Number of data items enqueued on the FIFO. cover\_enqueues

cover dequeues SANITY — Number of data items dequeued from the FIFO.

cover\_simultaneous\_ BASIC — Number of cycles both an enqueue and a dequeue enq\_deq

(to/from the same port??) were scheduled to occur.

cover\_high\_water\_mark CORNER — Number of times the FIFO count transitioned from

 $< high\_water\_mark$  to  $\ge high\_water\_mark$ . Not reported if

*high\_water\_mark* is 0.

cover simultaneous CORNER — Number of cycles the FIFO was enqueued and deq\_enq\_when\_empty

dequeued simultaneously when it was empty.

cover simultaneous CORNER — Number of cycles the FIFO was enqueued and deq\_enq\_when\_full

dequeued simultaneously when it was full.

cover fifo empty CORNER — Number of cycles FIFO was empty after processing

enqueues and dequeues for the cycle.

cover\_fifo\_full CORNER — Number of cycles FIFO was full after processing

enqueues and dequeues for the cycle.

cover\_observed\_counts

STATISTIC — Reports the FIFO counts that occurred at least once.

### **Cover Groups**

multiport\_fifo\_corner

Number of cycles the number of entries in the FIFO changed to a value with the specified characteristic. Bins are:

- *cov\_fifo\_full\_count* FIFO is full.
- *cov\_fifo\_empty\_count* FIFO is empty.
- cov\_fifo\_full\_count number of entries is ≥ high\_water\_mark.

multiport\_fifo\_
statistic

Current number of entries in the FIFO. Bin is:

• *cov\_observed\_fifo\_contents* 

# ovl\_mutex

Checks that the bits of an expression are mutually exclusive.



# **Syntax**

#### ovl\_mutex

#### **Parameters/Generics**

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                                                        |
|----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| width          | Width of test_expr. Default: 2.                                                                                                                                                                            |
| invert_mode    | Sense of the active bits for the mutex check.  invert_mode = 0 (Default)  Expression value must not have more than one TRUE bit.  invert_mode = 1  Expression value must not have more than one FALSE bit. |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                                                                                                                 |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                                                                                                                        |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                                                                                                              |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                                                                                                                      |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).                                                                                                   |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK).                                                                                             |

#### **Ports**

Clock event for the assertion.

Synchronous reset signal indicating completed initialization.

Enable signal for clock, if gating\_type = OVL\_GATE\_CLOCK (the default gating type) or reset (if gating\_type = OVL\_GATE\_RESET). Ignored if gating\_type is OVL\_NONE.

test\_expr[width-1:0] Variable or expression to check.

fire Fire output. Assertion failure when fire[0] is TRUE. X/Z check

## **Description**

[OVL FIRE WIDTH-1:0]

The ovl\_mutex assertion checker checks *test\_expr* at each active edge of *clock*. By default, if more than one bit of *test\_expr* is TRUE, a mutex violation occurs. Setting *invert\_mode* to 1 reverses the sense of the bits. A mutex violation occurs if more than one bit of *test\_expr* is FALSE.

### **Assertion Checks**

MUTEX Expression's bits are not mutually exclusive.

invert\_mode = 0

Expression had more than one TRUE bit.

invert mode = 1

Expression had more than one FALSE bit.

#### Implicit X/Z Checks

test expr contains X or Z Expression contained X or Z bits.

#### **Cover Points**

cover\_no\_mutex\_bits

cover\_values\_checked SANITY — Number of cycles test\_expr loaded a new value.

CORNER — Number of cycles all bits in *test\_expr* were TRUE and *invert\_mode* = 0 or all bits in *test\_expr* were FALSE and

failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

 $invert \ mode = 1.$ 

covered

cover\_mutex\_bitmap STATISTIC — Number of cycles a new mutex bit was covered

legally. The TRUE bits of the *mutex\_bitmap* variable indicate the

covered mutex bits.

# **Cover Groups**

| OVL | _ Checkers |
|-----|------------|
| ovl | mutex      |

none

# ovl\_never

Checks that the value of an expression is not TRUE.



## **Syntax**

```
ovl_never
```

#### Parameters/Generics

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |
|                |                                                                                                                |

#### **Ports**

*clock* Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

#### **OVL Checkers** ovl never

Enable signal for *clock*, if *gating\_type* = OVL\_GATE\_CLOCK enable

(the default gating type) or reset (if gating\_type =

OVL GATE RESET). Ignored if gating type is OVL NONE.

test\_expr Expression that should not evaluate to TRUE on the active clock

edge.

fire Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check [OVL FIRE WIDTH-1:0]

failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

## **Description**

The ovl\_never assertion checker checks the single-bit expression *test\_expr* at each active edge of *clock* to verify the expression does not evaluate to TRUE.

#### **Assertion Checks**

NEVER Expression evaluated to TRUE.

Implicit X/Z Checks

test expr contains X or Z Expression value contained X or Z bits.

#### **Cover Points**

none

### **Cover Groups**

none

#### **Notes**

1. By default, the ovl\_never assertion is pessimistic and the assertion fails if test\_expr is not 0 (i.e.equals 1, X, Z, etc.). However, if OVL\_XCHECK\_OFF is set, the assertion fails if and only if *test\_expr* is 1.

### See also

ovl implication ovl always ovl\_always\_on\_edge ovl\_proposition

# **Examples**

```
ovl_never #(
                                                      // severity_level
   'OVL_ERROR,
   'OVL_ASSERT,
                                                      // property_type
                                                      // msg
   'OVL_COVER_DEFAULT,
                                                      // coverage_level
   'OVL_POSEDGE,
                                                      // clock_edge
   'OVL_ACTIVE_LOW,
                                                      // reset_polarity
   'OVL_GATE_CLOCK)
                                                      // gating_type
   valid_count (
                                                      // clock
      clock,
      reset,
                                                      // reset
      enable,
                                                      // enable
      reg_a < reg_b,
                                                      // test_expr
      fire_valid_count );
                                                      // fire
Checks that (reg\_a < reg\_b) is FALSE at each rising edge of clock.
       clock
       reset
 reg_a < reg_b
                       ➤ test_expr contains X/Z value
                                                   → NEVER
```

# ovl\_never\_unknown

Checks that the value of an expression contains only 0 and 1 bits when a qualifying expression is TRUE.



# **Syntax**

#### ovl\_never\_unknown

#### Parameters/Generics

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| width          | Width of the <i>test_expr</i> argument. Default: 1.                                                            |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |

#### **Ports**

*clock* Clock event for the assertion.

Synchronous reset signal indicating completed initialization.

Enable

Enable signal for clock, if gating\_type = OVL\_GATE\_CLOCK

(the default gating type) or reset (if gating\_type =

OVL\_GATE\_RESET). Ignored if gating\_type is OVL\_NONE.

Expression that indicates whether or not to check test\_expr.

Expression that should contain only 0 or 1 bits when qualifier is TRUE.

fire

[OVL\_FIRE\_WIDTH-1:0]

Fire output. Assertion failure when fire[0] is TRUE. X/Z check failure when fire[1] is TRUE. Cover event when fire[2] is TRUE.

# **Description**

The ovl\_never\_unknown assertion checker checks the expression *qualifier* at each active edge of *clock* to determine if it should check *test\_expr*. If *qualifier* is sampled TRUE, the checker evaluates *test\_expr* and if the value of *test\_expr* contains a bit that is not 0 or 1, the assertion fails.

The checker is useful for ensuring certain data have only known values following a reset sequence. It also can be used to verify tristate input ports are driven and tristate output ports drive known values when necessary.

### **Assertion Checks**

test\_expr contains X/Z
value

The *test\_expr* expression contained at least one bit that was not 0 or 1; *qualifier* was sampled TRUE; and OVL\_XCHECK\_OFF is not set.

#### **Cover Points**

cover\_qualifier BASIC — A never\_unknown check was initiated.

cover\_test\_expr\_change SANITY — Expression changed value.

## **Cover Groups**

none

### **Notes**

1. If OVL\_XCHECK\_OFF is set, all ovl\_never\_unknown checkers are turned off.

### See also

```
ovl_neverovl_one_hotovl_never_unknown_asyncovl_zero_one_hotovl one cold
```

## **Examples**

```
ovl_never_unknown #(
  'OVL_ERROR,
                                                  // severity_level
                                                  // width
  'OVL ASSERT,
                                                 // property_type
  "Error: data unknown or undriven",
                                                 // msg
  'OVL_COVER_DEFAULT,
                                                 // coverage_level
  'OVL_POSEDGE,
                                                 // clock edge
  'OVL_ACTIVE_LOW,
                                                 // reset_polarity
  'OVL_GATE_CLOCK)
                                                 // gating_type
  valid_data (
                                                  // clock
     clock,
     reset,
                                                  // reset
     enable,
                                                  // enable
     rd data,
                                                  // qualifier
     data,
                                                  // test_expr
     fire_valid_data );
                                                 // fire
```

#### Checks that values of data are known and driven when rd data is TRUE.



# ovl\_never\_unknown\_async

Checks that the value of an expression combinationally contains only 0 and 1 bits.



# **Syntax**

```
ovl_never_unknown_async
```

#### Parameters/Generics

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                              |
|----------------|------------------------------------------------------------------------------------------------------------------|
| width          | Width of the test_expr argument. Default: 1.                                                                     |
| property_type  | Property type. Cannot be OVL_ASSUME for SVA and PSL implementations. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT). |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                              |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                    |
| clock_edge     | Ignored parameter.                                                                                               |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).         |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK).   |

#### **Ports**

reset Synchronous reset signal indicating completed initialization.

| enable                               | Enable signal for <i>clock</i> , if <i>gating_type</i> = OVL_GATE_CLOCK (the default gating type) or <i>reset</i> (if <i>gating_type</i> = OVL_GATE_RESET). Ignored if <i>gating_type</i> is OVL_NONE. |
|--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| test_expr[width-1:0]                 | Expression that should contain only 0 or 1 bits when qualifier is TRUE.                                                                                                                                |
| <pre>fire [OVL_FIRE_WIDTH-1:0]</pre> | Fire output. Assertion failure when <i>fire</i> [0] is TRUE. X/Z check failure when <i>fire</i> [1] is TRUE. Cover event when <i>fire</i> [2] is TRUE.                                                 |

## **Description**

The ovl\_never\_unknown\_async assertion checker combinationally evaluates *test\_expr* and if the value of *test\_expr* contains a bit that is not 0 or 1, the assertion fails.

The checker is useful for ensuring certain data have only known values following a reset sequence. It also can be used to verify tristate input ports are driven and tristate output ports drive known values when necessary.

#### **Assertion Checks**

test\_expr contains X/Z
value

The *test\_expr* expression contained at least one bit that was not 0 or 1 and OVL XCHECK OFF is not set.

#### **Cover Points**

none

## **Cover Groups**

none

### **Notes**

- 1. If OVL\_XCHECK\_OFF is set, all ovl\_never\_unknown\_async checkers are turned off.
- 2. The Verilog-95 version of this asynchronous checker handles 'OVL\_ASSERT, 'OVL\_ASSUME and 'OVL\_IGNORE. The SVA and PSL versions of this checker do not implement *property\_type* 'OVL\_ASSUME. The SVA version uses immediate assertions and in IEEE 1800-2005 SystemVerilog immediate assertions cannot be assumptions. Assume is only available in a concurrent (clocked) form of an assertion statement. The SVA version treats 'OVL\_ASSUME as an 'OVL\_ASSERT. The PSL version generates an error if *property\_type* is 'OVL\_ASSUME.

### See also

ovl never

# **Examples**

```
ovl_never_unknown_async #(
   'OVL_ERROR,
                                                   // severity_level
                                                   // width
   8,
   'OVL ASSERT,
                                                   // property_type
   "Error: data unknown or undriven",
                                                   // msq
   'OVL_COVER_DEFAULT,
                                                   // coverage_level
   'OVL_POSEDGE,
                                                   // clock_edge
   'OVL_ACTIVE_LOW,
                                                   // reset_polarity
   'OVL_GATE_CLOCK)
                                                   // gating_type
   valid_data (
      bus_gnt,
                                                   // reset
      enable,
                                                   // enable
      data,
                                                   // test_expr
      fire_valid_data );
                                                   // fire
Checks that values of data are known and driven while bus_gnt is TRUE.
    bus_gnt
```



NEVER\_UNKNOWN\_ASYNC Error: data unknown or undriven

# ovl next

Checks that the value of an expression is TRUE a specified number of cycles after a start event.



# **Syntax**

#### ovl\_next

#### **Parameters/Generics**

severity\_level

Severity of the failure. Default: OVL\_SEVERITY\_DEFAULT (OVL ERROR).

num\_cks

Number of cycles after *start\_event* is TRUE to wait to check that the value of *test\_expr* is TRUE. Default: 1.

check overlapping

Whether or not to perform overlap checking. Default: 1 (overlap checking off).

- If set to 0, overlap checking is performed. From the active edge of *clock* after *start\_event* is sampled TRUE to the active edge of *clock* of the cycle before *test\_expr* is sampled for the current next check, the checker performs an overlap check. During this interval, if *start\_event* is TRUE at an active edge of *clock*, then the overlap check fails (illegal overlapping condition).
- If set to 1, overlap checking is not performed.

check\_missing\_start

Whether or not to perform missing-start checking. Default: 0 (missing-start checking off).

- If set to 0, missing start checks are not performed.
- If set to 1, missing start checks are performed. The checker samples *test\_expr* every active edge of *clock*. If the value of *test\_expr* is TRUE, then *num\_cks* active edges of *clock* prior to the current time, *start\_event* must have been TRUE (initiating a next check). If not, the missing-start check fails (*start\_event* without *test\_expr*).

Property type. Default: OVL PROPERTY DEFAULT property\_type

(OVL\_ASSERT).

Error message printed when assertion fails. Default: msg

OVL\_MSG\_DEFAULT ("VIOLATION").

Coverage level. Default: OVL COVER DEFAULT coverage level

(OVL\_COVER\_BASIC).

clock\_edge Active edge of the *clock* input. Default:

OVL\_CLOCK\_EDGE\_DEFAULT (OVL\_POSEDGE).

Polarity (active level) of the *reset* input. Default: reset polarity

OVL\_RESET\_POLARITY\_DEFAULT

(OVL ACTIVE LOW).

gating\_type Gating behavior of the checker when *enable* is FALSE. Default:

OVL GATING TYPE DEFAULT (OVL GATE CLOCK).

#### **Ports**

clock Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

enable Enable signal for *clock*, if *gating\_type* = OVL\_GATE\_CLOCK

(the default gating type) or reset (if gating\_type =

OVL\_GATE\_RESET). Ignored if *gating\_type* is OVL\_NONE.

Expression that (along with *num\_cks*) identifies when to check start\_event

test expr.

Expression that should evaluate to TRUE *num\_cks* cycles after test\_expr

start event initiates a next check.

fire Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check [OVL\_FIRE\_WIDTH-1:0]

failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

# **Description**

The ovl\_next assertion checker checks the expression *start\_event* at each active edge of *clock*. If start\_event is TRUE, a check is initiated. The check waits for num\_cks cycles (i.e., for num\_cks additional active edges of *clock*) and evaluates *test\_expr*. If *test\_expr* is not TRUE, the assertion fails. These checks are pipelined, that is, a check is initiated each cycle start event is TRUE (even if overlap checking is on and even if an overlap violation occurs).

If overlap checking is off (check\_overlapping is 1), additional checks can start while a current check is pending. If overlap checking is on, the assertion fails if start event is sampled TRUE while a check is pending (except on the last clock).

If missing-start checking is off (check\_missing\_start is 0), test\_expr can be TRUE any time. If missing-start checking is on, the assertion fails if test expr is TRUE without a corresponding

start event (*num\_cks* cycles previously). However, if *test\_expr* is TRUE in the interval of *num\_cks* - 1 cycles after a reset and has no corresponding start event, the result is indeterminate (i.e., the missing-start check might or might not fail).

### **Assertion Checks**

| start_event without<br>test_expr                   | The value of <i>start_event</i> was TRUE on an active edge of <i>clock</i> , but <i>num_cks</i> cycles later the value of <i>test_expr</i> was not TRUE.                                 |
|----------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| illegal overlapping condition detected             | The <i>check_overlapping</i> parameter is set to 0 and <i>start_event</i> was TRUE on the active edge of <i>clock</i> , but a previous check was pending.                                |
| test_expr without start_event                      | The <i>check_missing_start</i> parameter is set to 1 and <i>start_event</i> was not TRUE on the active edge of <i>clock</i> , but <i>num_cks</i> cycles later <i>test_expr</i> was TRUE. |
| num_cks <= 0                                       | The <i>num_cks</i> parameter is less than 1.                                                                                                                                             |
| <pre>num_cks == 1 and check_overlapping == 0</pre> | The <i>num_cks</i> parameter is 1 and check_overlapping is 0, which turns on overlap checking even though overlaps are not relevant.                                                     |

### Implicit X/Z Checks

| test_expr contains X or Z   | Expression value was X or Z.  |
|-----------------------------|-------------------------------|
| start_event contains X or Z | Start event value was X or Z. |

### **Cover Points**

| cover_start_event                          | BASIC — The value of <i>start_event</i> was TRUE on an active edge of <i>clock</i> .                                                                              |
|--------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| <pre>cover_overlapping_ start_events</pre> | CORNER — The <i>check_overlapping</i> parameter is TRUE and the value of <i>start_event</i> was TRUE on an active edge of <i>clock</i> while a check was pending. |

### **Cover Groups**

none

### See also

| ovl_change | ovl_time     |
|------------|--------------|
| ovl frame  | ovl unchange |

# **Examples**

### Example 1

```
ovl_next #(
                                                    // severity_level
   'OVL_ERROR,
   4,
                                                    // num_cks
   1,
                                                    // check_overlapping (off)
   0,
                                                    // check_missing_start (off)
                                                    // property_type
// msg
   'OVL_ASSERT,
   "error:",
   'OVL_COVER_DEFAULT,
                                                    // coverage_level
   'OVL_POSEDGE,
                                                    // clock_edge
   'OVL_ACTIVE_LOW,
                                                    // reset_polarity
   'OVL_GATE_CLOCK)
                                                    // gating_type
   valid_next_a_b (
                                                    // clock
      clock,
      reset,
                                                    // reset
      enable,
                                                    // enable
      a,
                                                    // start_event
      b,
                                                    // test_expr
      fire_valid_next_a_b );
                                                    // fire
Checks that b is TRUE 4 cycles after a is TRUE.
      clock
       reset
```

start\_event without test\_expr error -

### Example 2

```
ovl_next #(
                                                       // severity_level
// num_cks
   'OVL_ERROR,
   4,
   0,
                                                       // check_overlapping (on)
   0,
                                                       // check_missing_start (off)
   'OVL_ASSERT,
                                                       // property_type
   "error:",
                                                       // msg
   'OVL_COVER_DEFAULT,
                                                       // coverage_level
   'OVL_POSEDGE,
                                                       // clock_edge
   'OVL_ACTIVE_LOW,
                                                       // reset_polarity
   'OVL_GATE_CLOCK)
                                                       // gating_type
   valid_next_a_b (
       clock,
                                                       // clock
       reset,
                                                       // reset
       enable,
                                                       // enable
      a,
                                                       // start_event
      b,
                                                       // test_expr
       fire_valid_next_a_b );
                                                       // fire
Checks that b is TRUE 4 cycles after a is TRUE. Overlaps are not allowed
      clock
                                    not an overlap
       reset
                                      on last cyc<u>le</u>
         а
```

illegal overlapping condition detected error

### Example 3

```
ovl_next #(
                                                    // severity_level
// num_cks
   'OVL_ERROR,
   4,
   1,
                                                    // check_overlapping (off)
   1,
                                                    // check_missing_start (on)
   'OVL_ASSERT,
                                                    // property_type
   "error:",
                                                    // msg
   'OVL_COVER_DEFAULT,
                                                    // coverage_level
   'OVL_POSEDGE,
                                                    // clock_edge
   'OVL_ACTIVE_LOW,
                                                    // reset_polarity
   'OVL_GATE_CLOCK)
                                                    // gating_type
   valid_next_a_b (
                                                    // clock
      clock,
      reset,
                                                    // reset
      enable,
                                                    // enable
      a,
                                                    // start_event
      b,
                                                    // test_expr
      fire_valid_next_a_b );
                                                    // fire
```

### Checks that b is TRUE 4 cycles after a is TRUE. Missing-start check is on.



# ovl\_next\_state

Checks that an expression transitions only to specified values.



## **Syntax**

#### ovl next state

#### Parameters/Generics

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                                                                                           |
|----------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| width          | Width of test_expr. Default: 1                                                                                                                                                                                                                |
| next_count     | Number of next state values. The <i>next_state</i> port is a concatenated list of next state values. Default: 1.                                                                                                                              |
| min_hold       | Minimum number of cycles $test\_expr$ must not change value when it matches the value of $curr\_state$ . Must be $> 0$ . Default: 1                                                                                                           |
| max_hold       | Maximum number of cycles <i>test_expr</i> can remain unchanged when it matches the value of <i>curr_state</i> . A value of 0 turns off checking for a maximum hold time. Must be 0 or > <i>min_hold</i> . Default: 1                          |
| disallow       | Sense of the comparison of test_expr with next_state.  disallow = 0 (Default)  Next value of test_expr should match one of the values in next_state.  disallow = 1  Next value of test_expr should not match one of the values in next_state. |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                                                                                                                                                    |

Error message printed when assertion fails. Default: msa

OVL\_MSG\_DEFAULT ("VIOLATION").

Coverage level. Default: OVL COVER DEFAULT coverage\_level

(OVL\_COVER\_BASIC).

clock edge Active edge of the *clock* input. Default:

OVL\_CLOCK\_EDGE\_DEFAULT (OVL\_POSEDGE).

reset\_polarity Polarity (active level) of the *reset* input. Default:

OVL\_RESET\_POLARITY\_DEFAULT

(OVL ACTIVE LOW).

gating\_type Gating behavior of the checker when *enable* is FALSE. Default:

OVL GATING TYPE DEFAULT (OVL GATE CLOCK).

#### **Ports**

clock Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

enable Enable signal for *clock*, if *gating\_type* = OVL\_GATE\_CLOCK

(the default gating type) or reset (if gating\_type =

OVL\_GATE\_RESET). Ignored if *gating\_type* is OVL\_NONE.

test\_expr[width-1:0] State variable or expression to check.

Value to compare with *test\_expr*. If no event window is open and curr\_state[width-1:0]

the value of test expr matches the value curr state, an event

window opens.

next\_state Concatenated list of next values.

[next\_count\*width-1:0] disallow = 0

Next values are valid values for test expr when an event

window closes.

disallow = 1

Next values are not valid values for test\_expr when an event

window closes.

fire Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check [OVL\_FIRE\_WIDTH-1:0]

failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

# **Description**

The ovl\_next\_state assertion checker evaluates test\_expr and curr\_state at each active edge of clock. If the value of test expr matches the value of curr state, the checker verifies that the value of *test expr* behaves as follows:

If min\_hold > 0 and test\_expr changes value before min\_hold cycles (including the match cycle) transpire, a next\_state violation occurs.

- Otherwise, when test expr transitions, the checker evaluates next state. If the new value of test expr is not a value in next state, a next state violation occurs.
- However, if *max\_hold* > 0 and *test\_expr* does not change value before *max\_hold* cycles (including the match cycle) transpire, a next state violation occurs.

A next\_state check is initiated each cycle *test\_expr* and *curr\_state* match.

Setting the disallow parameter to 1, changes the sense of the matching of test expr and next state values. A next state violation occurs if test expr transitions to a value in next state.

Uses: FSM, state machine, controller, coverage, line coverage, path coverage, branch coverage, state coverage, arc coverage.

#### **Assertion Checks**

NEXT STATE

Match occurred but expression value was not a next value, or expression changed too soon. disallow = 0 and max\_hold = 0

After matching *curr\_state*, *test\_expr* changed value before *min hold* cycles (including the match cycle) or transitioned to a value not in *next* state when it transitioned.

Match occurred but expression value was not a next value, or expression did not change in event window. disallow = 0 and  $max\_hold > 0$ 

After matching *curr\_state*, *test\_expr* changed value before *min\_hold* cycles (including the match cycle), transitioned to a value not in *next* state when it transitioned, or did not change value for max hold cycles (including the match cycle).

Match occurred but expression value was a next value, or expression changed too soon. disallow = 1 and max\_hold = 0

After matching *curr\_state*, *test\_expr* changed value before *min hold* cycles (including the match cycle) or transitioned to a value in *next state* when it transitioned.

Match occurred but expression value was a next value, or expression did not change in event window. disallow = 1 and max\_hold > 0

After matching *curr\_state*, *test\_expr* changed value before *min\_hold* cycles (including the match cycle), transitioned to a value in *next state* when it transitioned, or did not change value for *max hold* cycles (including the match cycle).

#### Implicit X/Z Checks

test\_expr contains X or Z Expression contained X or Z bits.

curr\_state contains X or Z 
Current state expression contained X or Z bits.

next\_state contains X or Z Next state expression contained X or Z bits.

#### **Cover Points**

cover\_next\_state\_ SANITY — Number of times test\_expr matched curr\_state and then transitioned correctly to a value in next\_state (disallow=0)

or not in *next\_state* (*disallow*=1).

value found in the sampled *next\_state*. Not meaningful if

disallow is 1.

cover\_cycles\_checked STATISTIC — Number of cycles test\_expr matched curr\_state.

observed\_transition STATISTIC — Reports which values in *next\_state* that *test\_expr* transitioned to at least once. Not meaningful if *disallow* is 1.

### **Cover Groups**

next\_state\_corner Whether or not the specified corner case occurred. Bin is:

• *all\_transitions\_covered* — The *test\_expr* has transitioned to every next value found in the sampled *next\_state*. Not meaningful if *disallow* is 1.

next\_state\_statistic

Coverage statistics. Bins are:

- *number\_of\_transitions\_covered* number of transitions made.
- cycles\_checked number of cycles test\_expr and curr\_state matched.

# ovl\_no\_contention

Checks that a bus is driven according to specified contention rules.



## **Syntax**

#### ovl\_no\_contention

#### **Parameters/Generics**

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                                                                   |
|----------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| width          | Width of test_expr. Default: 2.                                                                                                                                                                                       |
| num_drivers    | Width of driver_enables. Default: 2.                                                                                                                                                                                  |
| min_quiet      | Minimum number of cycles the bus must be quiet (i.e., when all <i>driver_enables</i> bits are 0) between transactions. Default: 0 (quiet periods between transactions are not necessary).                             |
| max_quiet      | Maximum number of cycles the bus can be quiet (i.e., when all $driver\_enables$ bits are 0). The $min\_quiet$ parameter must be $\leq max\_quiet$ . Default: 0 (quiet periods between transactions should not occur). |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                                                                                                                            |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                                                                                                                                   |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                                                                                                                         |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                                                                                                                                 |

reset\_polarity Polarity (active level) of the reset input. Default:

OVL\_RESET\_POLARITY\_DEFAULT

(OVL\_ACTIVE\_LOW).

gating\_type Gating behavior of the checker when enable is FALSE. Default:

OVL\_GATING\_TYPE\_DEFAULT (OVL\_GATE\_CLOCK).

#### **Ports**

*clock* Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

enable Enable signal for clock, if gating\_type = OVL\_GATE\_CLOCK

(the default gating type) or reset (if gating\_type =

OVL\_GATE\_RESET). Ignored if *gating\_type* is OVL\_NONE.

test\_expr[width-1:0] Bus to be checked.

driver\_enables
[num\_drivers-1:0]

Enable bits for the drivers of *test\_expr*.

fire
[OVL FIRE WIDTH-1:0]

Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

# **Description**

The ovl\_no\_contention assertion checker checks the bus (*test\_expr*) and the driver enable signals (*driver\_enables*) at each active edge of *clock*. An implicit X/Z check violation occurs if any *driver\_enables* bit is X or Z.. Otherwise:

• Number of TRUE *driver enables* bits is > 1:

A single\_driver violation occurs and if *test\_expr* contains an X or Z bit, a no\_xz violation occurs.

• Number of TRUE *driver enables* bits is 1:

If *test\_expr* contains an X or Z bit, a no\_xz violation occurs.

In addition, the checker performs quiet-time checks. A quiet time consists of consecutive cycles or bus inactivity where no bus transactions are occurring (i.e., *driver\_enables* = 0). The checker verifies the specified configuration as follows:

• 0 = min\_quiet = max\_quiet (default)

A quiet violation occurs each cycle *driver\_enables* = 0.

• 0 = min\_quiet < max\_quiet

A quiet violation occurs if  $driver\_enables = 0$  for  $max\_quiet+1$  consecutive cycles.

• 0 < min\_quiet ≤ max\_quiet

A quiet violation occurs if either of the following occur:

- The *driver\_enables* expression transitions to 0 and then transitions from 0 less than *min\_quiet* cycles later.
- The *driver\_enables* expression = 0 for *max\_quiet*+1 cycles.
- 0 = max\_quiet < min\_quiet

A quiet violation occurs if *driver\_enables* transitions to 0 and then transitions from 0 less than *min\_quiet* cycles later.

#### **Assertion Checks**

SINGLE\_DRIVER Bus has multiple drivers.

Number of TDIJE bits in driver and

Number of TRUE bits in *driver\_enables* is > 1.

NO\_XZ Bus is driven, but has X or Z bits.

Number of TRUE bits in *driver\_enables* is > 0, but *test\_expr* 

has one or more X or Z bits.

QUIET Bus was quiet.

0 = min\_quiet = max\_quiet

Driver\_enables was 0.

Bus was quiet for too many cycles.

0 = min\_quiet < max\_quiet</pre>

*Driver\_enables* was 0 for more than *max\_quiet* consecutive cycles.

Bus was quiet for too few or too many cycles.

 $0 < min\_quiet \le max\_quiet$ 

*Driver\_enables* was not held 0 for at least *min\_quiet* consecutive cycles or was 0 for more than *max\_quiet* cycles.

Bus was quiet for too few cycles.

0 = max\_quiet < min\_quiet</pre>

Driver\_enables was not held 0 for at least min\_quiet

consecutive cycles.

#### Implicit X/Z Checks

driver\_enables contains X or Z.

Drivers enabled expression contained X or Z bits.

### **Cover Points**

cover\_driver\_bitmap

BASIC — Bit map of the *driver\_enables* signals that have been

TRUE at least once.

cover\_quiet\_equals\_
min\_quiet

CORNER — Number of quiet periods that were exactly  $min\_quiet$  cycles long  $(min\_quiet > 0)$  or number of times bus control transferred from one driver to another  $(min\_quiet = 0)$ .

cover\_quiet\_equals\_
max\_quiet

CORNER — Number of quiet periods that were exactly *max\_quiet* cycles long. Not meaningful if *max\_quiet* = 0.

observed\_quiet\_cycles

STATISTIC — Reports the quiet periods (in cycles) that have occurred at least once.

### **Cover Groups**

observed\_quiet\_cycles

Number of times the bus (*test\_expr*) was quiet (driver\_enables = 0) for the specified number of quiet cycles. Bins are:

- *observed\_quiet\_cycles\_good[min\_quiet+1:maximum]* bin index is the observed quiet time in clock cycles. The value of *maximum* is:
  - 0 (if  $min\_quiet = max\_quiet = 0$ ),
  - $min\_quiet + 4095$  (if  $min\_quiet > max\_quiet = 0$ ), or
  - $max\_quiet$  (if  $max\_quiet > 0$ ).
- *observed\_hold\_time\_bad* default.

# ovl\_no\_overflow

Checks that the value of an expression does not overflow.



# **Syntax**

#### ovl\_no\_overflow

#### Parameters/Generics

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| width          | Width of the <i>test_expr</i> argument. Width must be less than or equal to 32. Default: 1.                    |
| min            | Minimum value in the test range of test_expr. Default: 0.                                                      |
| max            | Maximum value in the test range of <i>test_expr</i> . Default: 2**width - 1.                                   |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |

#### **Ports**

| clock                                | Clock event for the assertion.                                                                                                                                                                         |
|--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| reset                                | Synchronous reset signal indicating completed initialization.                                                                                                                                          |
| enable                               | Enable signal for <i>clock</i> , if <i>gating_type</i> = OVL_GATE_CLOCK (the default gating type) or <i>reset</i> (if <i>gating_type</i> = OVL_GATE_RESET). Ignored if <i>gating_type</i> is OVL_NONE. |
| test_expr[width-1:0]                 | Expression that should not change from a value of <i>max</i> to a value out of the test range or to a value equal to <i>min</i> .                                                                      |
| <pre>fire [OVL_FIRE_WIDTH-1:0]</pre> | Fire output. Assertion failure when <i>fire</i> [0] is TRUE. X/Z check failure when <i>fire</i> [1] is TRUE. Cover event when <i>fire</i> [2] is TRUE.                                                 |

# **Description**

The ovl\_no\_overflow assertion checker checks the expression *test\_expr* at each active edge of *clock* to determine if its value has changed from a value (at the previous active edge of *clock*) that was equal to *max*. If so, the checker verifies that the new value has not overflowed *max*. That is, it verifies the value of *test\_expr* is not greater than *max* or less than or equal to *min* (in which case, the assertion fails).

The checker is useful for verifying counters, where it can ensure the counter does not wrap from the highest value to the lowest value in a specified range. For example, it can be used to check that memory structure pointers do not wrap around. For a more general test for overflow, use ovl\_delta or ovl\_fifo\_index.

### **Assertion Checks**

| NO_OVERFLOW | Expression changed value from max to a value not in the range |
|-------------|---------------------------------------------------------------|
|             | min + 1 to $max - 1$ .                                        |

#### Implicit X/Z Checks

test\_expr contains X or Z Expression value contained X or Z bits.

#### **Cover Points**

### **Cover Groups**

none

#### **Errors**

The parameters/generics *min* and *max* must be specified such that *min* is less than or equal to *max*. Otherwise, the assertion fails on each tested clock cycle for which *test\_expr* changed from *max*.

#### **Notes**

1. The assertion check compares the current value of *test\_expr* with its previous value. Therefore, checking does not start until the second rising edge of *clock* after *reset* deasserts.

### See also

```
ovl_deltaovl_incrementovl_fifo_indexovl_no_overflow
```

## **Examples**

```
ovl_no_overflow #(
   'OVL_ERROR,
                                                   // severity_level
   3,
                                                   // width
   0,
                                                   // min
                                                   // max
   4,
   'OVL_ASSERT,
                                                   // property_type
   "Error: addr overflow",
                                                   // msg
   'OVL COVER DEFAULT,
                                                   // coverage level
   'OVL_POSEDGE,
                                                   // clock_edge
   'OVL_ACTIVE_LOW,
                                                   // reset_polarity
   'OVL_GATE_CLOCK)
                                                   // gating_type
   addr with overflow (
      clock,
                                                   // clock
      reset,
                                                   // reset
      enable,
                                                   // enable
      addr,
                                                   // test_expr
      fire addr with overflow );
                                                   // fire
```

Checks that *addr* does not overflow (i.e., change from a value of 4 at the rising edge of *clock* to a value of 0 or a value greater than 4 at the next rising edge of *clock*).



# ovl\_no\_transition

Checks that the value of an expression does not transition from a start state to the specified next state.



# **Syntax**

#### ovl\_no\_transition

#### **Parameters/Generics**

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| width          | Width of the <i>test_expr</i> argument. Default: 1.                                                            |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |
|                |                                                                                                                |

#### **Ports**

| clock                                | Clock event for the assertion.                                                                                                                                                                                                                                                                     |
|--------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| reset                                | Synchronous reset signal indicating completed initialization.                                                                                                                                                                                                                                      |
| enable                               | Enable signal for <i>clock</i> , if <i>gating_type</i> = OVL_GATE_CLOCK (the default gating type) or <i>reset</i> (if <i>gating_type</i> = OVL_GATE_RESET). Ignored if <i>gating_type</i> is OVL_NONE.                                                                                             |
| test_expr[width-1:0]                 | Expression that should not transition to <i>next_state</i> on the active edge of <i>clock</i> if its value at the previous active edge of <i>clock</i> is the same as the current value of <i>start_state</i> .                                                                                    |
| start_state[width-1:0]               | Expression that indicates the start state for the assertion check. If the start state matches the value of <i>test_expr</i> on the previous active edge of <i>clock</i> , the check is performed.                                                                                                  |
| next_state[width-1:0]                | Expression that indicates the invalid next state for the assertion check. If the value of <i>test_expr</i> was <i>start_state</i> at the previous active edge of <i>clock</i> , then the value of <i>test_expr</i> should not equal <i>next_state</i> on the current active edge of <i>clock</i> . |
| <pre>fire [OVL_FIRE_WIDTH-1:0]</pre> | Fire output. Assertion failure when <i>fire</i> [0] is TRUE. X/Z check failure when <i>fire</i> [1] is TRUE. Cover event when <i>fire</i> [2] is TRUE.                                                                                                                                             |

## **Description**

The ovl\_no\_transition assertion checker checks the expression *test\_expr* and *start\_state* at each active edge of *clock* to see if they are the same. If so, the checker evaluates and stores the current value of *next\_state*. At the next active edge of *clock*, the checker re-evaluates *test\_expr* to see if its value equals the stored value of *next\_state*. If so, the assertion fails. The checker returns to checking *start\_state* in the current cycle (unless a fatal failure occurred)

The *start\_state* and *next\_state* expressions are verification events that can change. In particular, the same assertion checker can be coded to verify multiple types of transitions of *test\_expr*.

The checker is useful for ensuring certain control structure values (such as counters and finite-state machine values) do not transition to invalid values.

#### **Assertion Checks**

NO\_TRANSITION Expression transitioned from *start\_state* to a value equal to *next\_state*.

OVL Checkers ovl\_no\_transition

cycle. If *requests* is not greater than 2 and *current\_state* is 'ONE\_IN\_Q, *current\_state* should not transition to 'EMPTY in the next cycle.



# ovl\_no\_underflow

Checks that the value of an expression does not underflow.



## **Syntax**

#### ovl\_no\_underflow

Severity of the failure Default: OVI SEVERITY DEFAULT

#### Parameters/Generics

severity level

| severity_level | (OVL_ERROR).                                                                                                   |
|----------------|----------------------------------------------------------------------------------------------------------------|
| width          | Width of the <i>test_expr</i> argument. Width must be less than or equal to 32. Default: 1.                    |
| min            | Minimum value in the test range of test_expr. Default: 0.                                                      |
| max            | Maximum value in the test range of <i>test_expr</i> . Default: 2**width - 1.                                   |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |

#### **Ports**

| clock                                | Clock event for the assertion.                                                                                                                                                                         |
|--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| reset                                | Synchronous reset signal indicating completed initialization.                                                                                                                                          |
| enable                               | Enable signal for <i>clock</i> , if <i>gating_type</i> = OVL_GATE_CLOCK (the default gating type) or <i>reset</i> (if <i>gating_type</i> = OVL_GATE_RESET). Ignored if <i>gating_type</i> is OVL_NONE. |
| test_expr[width-1:0]                 | Expression that should not change from a value of <i>min</i> to a value out of range or to a value equal to <i>max</i> .                                                                               |
| <pre>fire [OVL_FIRE_WIDTH-1:0]</pre> | Fire output. Assertion failure when <i>fire</i> [0] is TRUE. X/Z check failure when <i>fire</i> [1] is TRUE. Cover event when <i>fire</i> [2] is TRUE.                                                 |

## **Description**

The ovl\_no\_underflow assertion checker checks the expression *test\_expr* at each active edge of *clock* to determine if its value has changed from a value (at the previous active edge of *clock*) that was equal to *min*. If so, the checker verifies that the new value has not underflowed *min*. That is, it verifies the value of *test\_expr* is not less than *min* or greater than or equal to *max* (in which case, the assertion fails).

The checker is useful for verifying counters, where it can ensure the counter does not wrap from the lowest value to the highest value in a specified range. For example, it can be used to check that memory structure pointers do not wrap around. For a more general test for underflow, use ovl\_delta or ovl\_fifo\_index.

#### **Assertion Checks**

| NO_UNDERFLOW | Expression changed value from <i>min</i> to a value not in the range |
|--------------|----------------------------------------------------------------------|
|              | min + 1 to $max - 1$ .                                               |

#### Implicit X/Z Checks

test\_expr contains X or Z Expression value contained X or Z bits.

#### **Cover Points**

```
cover_test_expr_at_min BASIC — Expression evaluated to min.

cover_test_expr_at_max CORNER — Expression evaluated to max.
```

## **Cover Groups**

none

#### **Errors**

The parameters/generics *min* and *max* must be specified such that *min* is less than or equal to *max*. Otherwise, the assertion fails on each tested clock cycle for which *test\_expr* changed from *max*.

#### **Notes**

1. The assertion check compares the current value of *test\_expr* with its previous value. Therefore, checking does not start until the second rising edge of *clock* after *reset* deasserts.

### See also

```
ovl_deltaovl_fifo_indexovl_decrementovl_no_overflow
```

## **Examples**

```
ovl_no_underflow #(
   'OVL_ERROR,
                                                   // severity_level
   3,
                                                   // width
   3,
                                                   // min
                                                   // max
   'OVL_ASSERT,
                                                   // property_type
   "Error: addr underflow",
                                                   // msg
   'OVL_COVER_DEFAULT,
                                                   // coverage_level
   'OVL_POSEDGE,
                                                   // clock_edge
   'OVL_ACTIVE_LOW,
                                                   // reset_polarity
   'OVL_GATE_CLOCK)
                                                   // gating_type
   addr with underflow (
      clock,
      resetr s
      'OVL_ACTI m thire_underflow (
```

Checks that *addr* does not underflow (i.e., change from a value of 3 at the rising edge of *clock* to a value of 7 or a value less than 3 at the next rising edge of *clock*).

# ovl\_odd\_parity

Checks that the value of an expression has odd parity.



## **Syntax**

#### ovl\_odd\_parity

#### Parameters/Generics

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| width          | Width of the <i>test_expr</i> argument. Default: 1.                                                            |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |

#### **Ports**

*clock* Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

| enable                               | Enable signal for <i>clock</i> , if <i>gating_type</i> = OVL_GATE_CLOCK (the default gating type) or <i>reset</i> (if <i>gating_type</i> = OVL_GATE_RESET). Ignored if <i>gating_type</i> is OVL_NONE. |
|--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| test_expr[width-1:0]                 | Expression that should evaluate to a value with odd parity on the active clock edge.                                                                                                                   |
| <pre>fire [OVL_FIRE_WIDTH-1:0]</pre> | Fire output. Assertion failure when <i>fire</i> [0] is TRUE. X/Z check failure when <i>fire</i> [1] is TRUE. Cover event when <i>fire</i> [2] is TRUE.                                                 |

## **Description**

The ovl\_odd\_parity assertion checker checks the expression *test\_expr* at each active edge of *clock* to verify the expression evaluates to a value that has odd parity. A value has odd parity if the number of bits set to 1 is odd.

The checker is useful for verifying control circuits, for example, it can be used to verify a finite-state machine with error detection. In a datapath circuit the checker can perform parity error checking of address and data buses.

#### **Assertion Checks**

ODD\_PARITY Expression evaluated to a value whose parity is not odd.

#### Implicit X/Z Checks

test\_expr contains X or Z Expression value contained X or Z bits.

#### **Cover Points**

cover\_test\_expr\_change SANITY — Expression has changed value.

## **Cover Groups**

none

### See also

ovl\_even\_parity

## **Examples**

```
ovl_odd_parity #(
   'OVL_ERROR,
                                                     // severity_level
                                                     // width
   8,
   'OVL ASSERT,
                                                     // property_type
   "Error: data has even parity",
                                                     // msq
   'OVL_COVER_DEFAULT,
                                                     // coverage_level
   'OVL_POSEDGE,
                                                     // clock_edge
   'OVL_ACTIVE_LOW,
                                                     // reset_polarity
   'OVL_GATE_CLOCK)
                                                     // gating_type
   valid_data_odd_parity (
                                                     // clock
      clock,
      reset,
                                                     // reset
      enable,
                                                     // enable
      data,
                                                     // test expr
      fire_valid_data_odd_parity );
                                                     // fire
Checks that data has odd parity at each rising edge of clock.
     clock
     reset
      data
                                                  ODD PARITY
                                                  Error: data has even parity
```

# ovl\_one\_cold

Checks that the value of an expression is one-cold (or equals an inactive state value, if specified).



# **Syntax**

```
ovl_one_cold
```

#### **Parameters/Generics**

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| width          | Width of the <i>test_expr</i> argument. Default: 32.                                                           |
| inactive       | Inactive state of <i>test_expr</i> : OVL_ALL_ZEROS, OVL_ALL_ONES or OVL_ONE_COLD. Default: OVL_ONE_COLD.       |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |

#### **Ports**

| clock                                | Clock event for the assertion.                                                                                                                                                                         |
|--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| reset                                | Synchronous reset signal indicating completed initialization.                                                                                                                                          |
| enable                               | Enable signal for <i>clock</i> , if <i>gating_type</i> = OVL_GATE_CLOCK (the default gating type) or <i>reset</i> (if <i>gating_type</i> = OVL_GATE_RESET). Ignored if <i>gating_type</i> is OVL_NONE. |
| test_expr[width-1:0]                 | Expression that should evaluate to a one-cold or inactive value on the active clock edge.                                                                                                              |
| <pre>fire [OVL_FIRE_WIDTH-1:0]</pre> | Fire output. Assertion failure when <i>fire</i> [0] is TRUE. X/Z check failure when <i>fire</i> [1] is TRUE. Cover event when <i>fire</i> [2] is TRUE.                                                 |

# **Description**

The ovl\_one\_cold assertion checker checks the expression *test\_expr* at each active edge of *clock* to verify the expression evaluates to a one-cold or inactive state value. A one-cold value has exactly one bit set to 0. The inactive state value for the checker is set by the *inactive* parameter. Choices are: OVL\_ALL\_ZEROS (e.g., 4'b0000), OVL\_ALL\_ONES (e.g., 4'b1111) or OVL\_ONE\_COLD. The default *inactive* parameter value is OVL\_ONE\_COLD, which indicates *test\_expr* has no inactive state (so only a one-cold value is valid for each check).

The checker is useful for verifying control circuits, for example, it can ensure that a finite-state machine with one-cold encoding operates properly and has exactly one bit asserted low. In a datapath circuit the checker can ensure that the enabling conditions for a bus do not result in bus contention.

#### **Assertion Checks**

| ONE_COLD | Expression assumed an active state with multiple bits set to 0. |
|----------|-----------------------------------------------------------------|
|          |                                                                 |

### Implicit X/Z Checks

test\_expr contains X or Z Expression value contained X or Z bits.

#### **Cover Points**

| cover_test_expr_change                | SANITY — Expression has changed value.                                                                          |
|---------------------------------------|-----------------------------------------------------------------------------------------------------------------|
| cover_all_one_colds_<br>checked       | CORNER — Expression evaluated to all possible combinations of one-cold values.                                  |
| <pre>cover_test_expr_all_ zeros</pre> | CORNER — Expression evaluated to the inactive state and the <i>inactive</i> parameter was set to OVL_ALL_ZEROS. |
| <pre>cover_test_expr_all_ ones</pre>  | CORNER — Expression evaluated to the inactive state and the <i>inactive</i> parameter was set to OVL_ALL_ONES.  |

### **Cover Groups**

none

### **Notes**

1. By default, the ovl\_one\_cold assertion is pessimistic and the assertion fails if *test\_expr* is active and multiple bits are not 1 (i.e.equals 0, X, Z, etc.). However, if OVL\_XCHECK\_OFF is set, the assertion fails if and only if *test\_expr* is active and multiple bits are 0.

### See also

ovl\_one\_hot

ovl\_zero\_one\_hot

## **Examples**

### Example 1

```
ovl_one_cold #(
   'OVL_ERROR,
                                              // severity_level
                                              // width
   'OVL_ONE_COLD,
                                              // inactive (no inactive state)
   'OVL_ASSERT,
                                              // property_type
   "Error: sel_n not one-cold",
                                              // msg
   'OVL_COVER_DEFAULT,
                                              // coverage_level
   'OVL_POSEDGE,
                                              // clock_edge
   'OVL_ACTIVE_LOW,
                                              // reset_polarity
   'OVL_GATE_CLOCK)
                                              // gating_type
   valid_sel_n_one_cold (
      clock,
                                              // clock
      reset,
                                              // reset
      enable,
                                              // enable
      sel n,
                                              // test_expr
      fire_valid_sel_n_one_cold );
                                              // fire
```

Checks that  $sel\ n$  is one-cold at each rising edge of clock.



#### Example 2

```
ovl_one_cold #(
   'OVL_ERROR,
                                                       // severity_level
                                                       // width
   4,
   'OVL ALL ONES,
                                                       // inactive
                                                       // property_type
   'OVL_ASSERT,
   "Error: sel_n not one-cold or inactive",
                                                       // msg
   'OVL_COVER_DEFAULT,
                                                       // coverage_level
   'OVL_POSEDGE,
                                                       // clock edge
   'OVL_ACTIVE_LOW,
                                                       // reset_polarity
   'OVL_GATE_CLOCK)
                                                       // gating_type
   valid_sel_n_one_cold (
                                                       // clock
      clock,
      reset,
                                                       // reset
      enable,
                                                       // enable
      sel_n,
                                                       // test expr
      fire valid sel n one cold );
                                                       // fire
Checks that sel_n is one-cold or inactive (4'b1111) at each rising edge of clock.
     clock
     reset
                                  | 1101 | 1100 | 1110 |
     sel_n XXXX 11111
                           1011
                                                                      0111
                                                                             1011
                                                   ONE_COLD
                     ➤ test_expr contains X/Z value
                                                   Error: sel_n not one-cold or inactive
```

#### Example 3

```
ovl_one_cold #(
   'OVL ERROR,
                                                    // severity_level
                                                   // width // inactive
   'OVL_ALL_ZEROS,
   'OVL_ASSERT,
                                                   // property_type
                                                   // msg
   "Error: sel_n not one-cold",
   'OVL_COVER_DEFAULT,
                                                   // coverage_level
   'OVL POSEDGE,
                                                   // clock edge
   'OVL_ACTIVE_LOW,
                                                   // reset_polarity
   'OVL_GATE_CLOCK)
                                                    // gating_type
   valid_sel_n_one_cold (
      clock,
                                                    // clock
      reset,
                                                   // reset
      enable,
                                                   // enable
      sel_n,
                                                   // test_expr
      fire_valid_sel_n_one_cold );
                                                   // fire
```



# ovl\_one\_hot

Checks that the value of an expression is one-hot.



## **Syntax**

#### ovl\_one\_hot

#### Parameters/Generics

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| width          | Width of the <i>test_expr</i> argument. Default: 32.                                                           |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |

#### **Ports**

*clock* Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

| enable                               | Enable signal for <i>clock</i> , if <i>gating_type</i> = OVL_GATE_CLOCK (the default gating type) or <i>reset</i> (if <i>gating_type</i> = OVL_GATE_RESET). Ignored if <i>gating_type</i> is OVL_NONE. |
|--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| test_expr[width-1:0]                 | Expression that should evaluate to a one-hot value on the active clock edge.                                                                                                                           |
| <pre>fire [OVL_FIRE_WIDTH-1:0]</pre> | Fire output. Assertion failure when <i>fire</i> [0] is TRUE. X/Z check failure when <i>fire</i> [1] is TRUE. Cover event when <i>fire</i> [2] is TRUE.                                                 |

## **Description**

The ovl\_one\_hot assertion checker checks the expression *test\_expr* at each active edge of *clock* to verify the expression evaluates to a one-hot value. A one-hot value has exactly one bit set to 1.

The checker is useful for verifying control circuits, for example, it can ensure that a finite-state machine with one-hot encoding operates properly and has exactly one bit asserted high. In a datapath circuit the checker can ensure that the enabling conditions for a bus do not result in bus contention.

#### **Assertion Checks**

| ONE_HOT | Expression evaluated to zero or to a value with multiple bits set |
|---------|-------------------------------------------------------------------|
|         | to 1                                                              |

#### Implicit X/Z Checks

test\_expr contains X or Z Expression value contained X or Z bits.

#### **Cover Points**

| cover_test_expr_change         | SANITY — Expression has changed value.                                        |
|--------------------------------|-------------------------------------------------------------------------------|
| cover_all_one_hots_<br>checked | CORNER — Expression evaluated to all possible combinations of one-hot values. |

### **Cover Groups**

none

#### **Notes**

1. By default, the ovl\_one\_hot assertion is optimistic and the assertion fails if *test\_expr* is zero or has multiple bits not set to 0 (i.e.equals 1, X, Z, etc.). However, if OVL\_XCHECK\_OFF is set, the ONE\_HOT assertion fails if and only if *test\_expr* is zero or has multiple bits that are 1.

### See also

ovl\_one\_cold ovl\_zero\_one\_hot

### **Examples**

```
ovl_one_hot #(
                                                  // severity_level
   'OVL_ERROR,
                                                  // width
   'OVL_ASSERT,
                                                  // property_type
                                                  // msg
   "Error: sel not one-hot",
   'OVL_COVER_DEFAULT,
                                                  // coverage_level
   'OVL_POSEDGE,
                                                  // clock_edge
   'OVL_ACTIVE_LOW,
                                                  // reset_polarity
   'OVL_GATE_CLOCK)
                                                  // gating_type
   valid_sel_one_hot (
                                                  // clock
      clock,
      reset,
                                                  // reset
      enable,
                                                  // enable
      sel,
                                                  // test_expr
      fire_valid_sel_one_hot );
                                                  // fire
```

Checks that *sel* is one-hot at each rising edge of *clock*.

# ovl\_proposition

Checks that the value of an expression is always combinationally TRUE.



### **Syntax**

#### ovl\_proposition

#### Parameters/Generics

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                              |
|----------------|------------------------------------------------------------------------------------------------------------------|
| property_type  | Property type. Cannot be OVL_ASSUME for SVA and PSL implementations. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT). |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                              |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                    |
| clock_edge     | Ignored parameter.                                                                                               |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).         |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK).   |

#### **Ports**

| reset  | Synchronous reset signal indicating completed initialization.                                                                              |
|--------|--------------------------------------------------------------------------------------------------------------------------------------------|
| enable | Enable signal for <i>clock</i> , if <i>gating_type</i> = OVL_GATE_CLOCK (the default gating type) or <i>reset</i> (if <i>gating_type</i> = |
|        | OVL_GATE_RESET). Ignored if <i>gating_type</i> is OVL_NONE.                                                                                |

# OVL Checkers ovl proposition

test\_expr Expression that should always evaluate to TRUE.

Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

## **Description**

The ovl\_proposition assertion checker checks the single-bit expression *test\_expr* when it changes value to verify the expression evaluates to TRUE.

#### **Assertion Checks**

PROPOSITION Expression evaluated to FALSE.

Implicit X/Z Checks

test\_expr contains X or Z Expression value was X or Z.

#### **Cover Points**

none

### **Cover Groups**

none

#### **Notes**

- 1. Formal verification tools and hardware emulation/acceleration systems might ignore this checker. To verify propositional properties with these tools, consider using ovl\_always.
- 2. The Verilog-95 version of this asynchronous checker handles 'OVL\_ASSERT, 'OVL\_ASSUME and 'OVL\_IGNORE. The SVA and PSL versions of this checker do not implement *property\_type* 'OVL\_ASSUME. The SVA version uses immediate assertions and in IEEE 1800-2005 SystemVerilog immediate assertions cannot be assumptions. Assume is only available in a concurrent (clocked) form of an assertion statement. The SVA version treats 'OVL\_ASSUME as an 'OVL\_ASSERT. The PSL version generates an error if *property\_type* is 'OVL\_ASSUME.

### See also

ovl\_always ovl\_implication ovl\_always\_on\_edge ovl\_never

AAF0

# **Examples**

current\_addr

```
ovl_proposition #(
   'OVL_ERROR,
                                                   // severity_level
   'OVL_ASSERT,
                                                   // property_type
                                                   // msg
   "Error: current_addr changed while bus
   granted",
                                                   // coverage_level
   'OVL_COVER_DEFAULT,
                                                   // clock_edge
   'OVL_POSEDGE,
                                                   // reset_polarity
   'OVL_ACTIVE_LOW,
                                                   // gating_type
   'OVL_GATE_CLOCK)
   valid_current_addr (
      bus_gnt,
                                                   // reset
      enable,
                                                   // enable
      current_addr == addr,
                                                   // test_expr
      fire_valid_current_addr );
                                                   // fire
Checks that current_addr equals addr while bus_gnt is TRUE.
     bus_gnt
       addr
                          FFFF
                                                        AA00
```

AA00

FFFF

PROPOSITION Error: current\_addr changed while bus granted

# ovl\_quiescent\_state

Checks that the value of a specified state expression equals a corresponding check value if a specified sample event has transitioned to TRUE.



# **Syntax**

```
ovl_quiescent_state
```

#### **Parameters/Generics**

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| width          | Width of the <i>state_expr</i> and <i>check_value</i> arguments. Default: 1.                                   |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |

#### **Ports**

| clock                                | Clock event for the assertion.                                                                                                                                                                         |
|--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| reset                                | Synchronous reset signal indicating completed initialization.                                                                                                                                          |
| enable                               | Enable signal for <i>clock</i> , if <i>gating_type</i> = OVL_GATE_CLOCK (the default gating type) or <i>reset</i> (if <i>gating_type</i> = OVL_GATE_RESET). Ignored if <i>gating_type</i> is OVL_NONE. |
| state_expr[width-1:0]                | Expression that should have the same value as <i>check_value</i> on the rising edge of <i>clock</i> if <i>sample_event</i> has just transitioned to TRUE (rising edge).                                |
| <pre>check_value[width-1:0]</pre>    | Expression that indicates the value <i>state_expr</i> should have on the active edge of <i>clock</i> if <i>sample_event</i> has just transitioned to TRUE (rising edge).                               |
| sample_event                         | Expression that initiates the quiescent state check when its value transitions to TRUE.                                                                                                                |
| <pre>fire [OVL_FIRE_WIDTH-1:0]</pre> | Fire output. Assertion failure when <i>fire</i> [0] is TRUE. X/Z check failure when <i>fire</i> [1] is TRUE. Cover event when <i>fire</i> [2] is TRUE.                                                 |

## **Description**

The ovl\_quiescent\_state assertion checker checks the expression <code>sample\_event</code> at each active edge of <code>clock</code> to see if its value has transitioned to TRUE (i.e., its current value is TRUE and its value on the previous active edge of <code>clock</code> is not TRUE). If so, the checker verifies that the current value of <code>state\_expr</code> equals the current value of <code>check\_value</code>. The assertion fails if <code>state\_expr</code> is not equal to <code>check\_value</code>.

The *state\_expr* and *check\_value* expressions are verification events that can change. In particular, the same assertion checker can be coded to compare different check values (if they are checked in different cycles).

The checker is useful for verifying the states of state machines when transactions complete.

#### **Assertion Checks**

QUIESCENT\_STATE The sample\_event expression transitioned to TRUE, but the values of state\_expr and check\_value were not the same.

#### Implicit X/Z Checks

| state_expr contains X or Z             | State expression value contained X or Z bits.                                                           |
|----------------------------------------|---------------------------------------------------------------------------------------------------------|
| <pre>check_value contains X or Z</pre> | Check vale expression value contained X or Z bits.                                                      |
| sample_event contains<br>X or Z        | Sample event value was X or Z.                                                                          |
| OVL_END_OF_SIMULATION contains X or Z  | State expression value contained X or Z bits at the end of simulation (OVL_END_OF_SIMULATION asserted). |

### **Cover Points**

none

### **Cover Groups**

none

### **Notes**

- 1. The assertion check compares the current value of *sample\_event* with its previous value. Therefore, checking does not start until the second rising edge of *clock* after *reset* deasserts.
- 2. Checker recognizes the Verilog macro OVL\_END\_OF\_SIMULATION=*eos\_signal*. If set, the quiescent state check is also performed at the end of simulation, when *eos\_signal* asserts (regardless of the value of sample\_event).
- 3. Formal verification tools and hardware emulation/acceleration systems might ignore this checker.

#### See also

ovl\_no\_transition

ovl\_transition

## **Examples**

```
ovl_quiescent_state #(
   'OVL_ERROR,
                                                   // severity_level
   4,
                                                   // width
   'OVL ASSERT,
                                                   // property_type
   "Error: illegal end of transaction",
                                                   // msq
   'OVL_COVER_DEFAULT,
                                                   // coverage level
   'OVL_POSEDGE,
                                                   // clock_edge
   'OVL_ACTIVE_LOW,
                                                   // reset_polarity
   'OVL_GATE_CLOCK)
                                                   // gating_type
   valid_end_of_transaction_state (
                                                   // clock
      clock,
      reset,
                                                   // reset
      enable,
                                                   // enable
      transaction_state,
                                                   // state_expr
      prev_tr == 'TR_READ ? 'TR_IDLE : 'TR_WAIT,
                                                   // check_value
      end_of_transaction,
                                                   // sample_event
      fire_valid_end_of_transaction_state );
                                                   // fire
```

Checks that whenever *end\_of\_transaction* asserts at the completion of each transaction, the value of *transaction\_state* is 'TR\_IDLE (if prev\_tr is 'TR\_READ) or 'TR\_WAIT (otherwise).



# ovl\_range

Checks that the value of an expression is in a specified range.



## **Syntax**

```
ovl range
```

#### Parameters/Generics

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| width          | Width of the <i>test_expr</i> argument. Default: 1.                                                            |
| min            | Minimum value allowed for test_expr. Default: 1.                                                               |
| max            | Maximum value allowed for <i>test_expr</i> . Default: 1.                                                       |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |

#### **Ports**

| clock                                | Clock event for the assertion.                                                                                                                                                                         |
|--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| reset                                | Synchronous reset signal indicating completed initialization.                                                                                                                                          |
| enable                               | Enable signal for <i>clock</i> , if <i>gating_type</i> = OVL_GATE_CLOCK (the default gating type) or <i>reset</i> (if <i>gating_type</i> = OVL_GATE_RESET). Ignored if <i>gating_type</i> is OVL_NONE. |
| test_expr[width-1:0]                 | Expression that should evaluate to a value in the range from <i>min</i> to <i>max</i> (inclusive) on the active clock edge.                                                                            |
| <pre>fire [OVL_FIRE_WIDTH-1:0]</pre> | Fire output. Assertion failure when <i>fire</i> [0] is TRUE. X/Z check failure when <i>fire</i> [1] is TRUE. Cover event when <i>fire</i> [2] is TRUE.                                                 |

# **Description**

The ovl\_range assertion checker checks the expression *test\_expr* at each active edge of *clock* to verify the expression falls in the range from *min* to *max*, inclusive. The assertion fails if *test\_expr* < *min* or *max* < *test\_expr*.

The checker is useful for ensuring certain control structure values (such as counters and finite-state machine values) are within their proper ranges. The checker is also useful for ensuring datapath variables and expressions are in legal ranges.

#### **Assertion Checks**

| RANGE    | Expression evaluat | ted outside the | range min to max  |
|----------|--------------------|-----------------|-------------------|
| IVIIVOLI | Lapicssion evaluat | ica ouisiae inc | range min to max. |

#### Implicit X/Z Checks

test\_expr contains X or Z Expression value contained X or Z bits.

#### **Cover Points**

```
cover_test_expr_change BASIC — Expression changed value.

cover_test_expr_at_min CORNER — Expression evaluated to min.

cover_test_expr_at_max CORNER — Expression evaluated to max.
```

### **Cover Groups**

none

#### **Errors**

The parameters/generics *min* and *max* must be specified such that *min* is less than or equal to *max*. Otherwise, the assertion fails on each tested clock cycle.

### See also

```
ovl_alwaysovl_neverovl_implicationovl_proposition
```

## **Examples**

```
ovl_range #(
   'OVL_ERROR,
                                                      // severity_level
   3,
                                                      // width
   2,
                                                      // min
                                                      // max
   'OVL_ASSERT,
                                                     // property_type
   "Error: sel_high - sel_low not within 2 to 5",
                                                     // msg
   'OVL_COVER_DEFAULT,
                                                      // coverage_level
   'OVL_POSEDGE,
                                                      // clock_edge
   'OVL_ACTIVE_LOW,
                                                      // reset_polarity
   'OVL_GATE_CLOCK)
                                                      // gating_type
   valid_sel (
      clock,
                                                      // clock
      reset,
                                                      // reset
      enable,
                                                      // enable
      sel_high - sel_low,
                                                      // test_expr
      fire_valid_sel );
                                                      // fire
```

Checks that (*sel\_high - sel\_low*) is in the range 2 to 5 at each rising edge of *clock*.



# ovl\_reg\_loaded

Checks that a register is loaded with source data within a specified time window.



## **Syntax**

#### ovl\_reg\_loaded

#### Parameters/Generics

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                                                              |
|----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| width          | Width of the src_expr and dest_expr registers. Default: 4.                                                                                                                                                       |
| start_count    | Number of cycles after <i>start_event</i> asserts that the time window opens. Default: 1.                                                                                                                        |
| end_count      | Number of cycles after <i>start_event</i> asserts that the time window closes (if it is still open). If <i>end_count</i> is 0, only the <i>end_event</i> signal is used to define the time windows. Default: 10. |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                                                                                                                       |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                                                                                                                              |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                                                                                                                    |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                                                                                                                            |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).                                                                                                         |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK).                                                                                                   |

#### **Ports**

| clock                                | Clock event for the assertion.                                                                                                                                                                                                                                                                                       |
|--------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| reset                                | Synchronous reset signal indicating completed initialization.                                                                                                                                                                                                                                                        |
| enable                               | Enable signal for <i>clock</i> , if <i>gating_type</i> = OVL_GATE_CLOCK (the default gating type) or <i>reset</i> (if <i>gating_type</i> = OVL_GATE_RESET). Ignored if <i>gating_type</i> is OVL_NONE.                                                                                                               |
| start_event                          | Start event signal for the reg_loaded check. If the time window is closed (or closing), the rising edge of <i>start_event</i> initiates a new check. The time window opens <i>start_count</i> cycles later.                                                                                                          |
| end_event                            | End event signal for the reg_loaded check. If the time window is open (or opening), the rising edge of <i>end_event</i> terminates the current check, closes the window and issues a reg_loaded violation (if <i>dest_expr</i> loaded the value of <i>src_expr</i> in that cycle, the time window would be closing). |
| <pre>src_expr[width-1:0]</pre>       | Source register containing the values that load the <i>dest_expr</i> register. For each reg_loaded check, the source value in <i>src_expr</i> is sampled in the same cycle that <i>start_event</i> asserts.                                                                                                          |
| <pre>dest_expr[width-1:0]</pre>      | Destination register for the values in src_expr.                                                                                                                                                                                                                                                                     |
| <pre>fire [OVL_FIRE_WIDTH-1:0]</pre> | Fire output. Assertion failure when <i>fire</i> [0] is TRUE. X/Z check failure when <i>fire</i> [1] is TRUE. Cover event when <i>fire</i> [2] is TRUE.                                                                                                                                                               |

# **Description**

The ovl\_reg\_loaded assertion checker checks start\_event at each active edge of clock. If start\_event has just transitioned to TRUE, the checker evaluates the source register (src\_expr) and initiates a reg loaded check to verify that this value gets loaded into the destination register (dest\_expr) in the specified time window.

If start count is 0, the time window opens immediately. Otherwise, the time window opens start\_count cycles after the current cycle. The values of dest\_expr in the cycles between the start of the reg\_loaded check and the time window opening are not relevant. When the time window opens, the checker evaluates dest\_expr and re-evaluates dest\_expr each subsequent cycle. Once the value of dest expr equals the captured value of src expr, the current reg loaded check terminates successfully. The time window closes when one of the following occur:

- The current cycle is *end\_count* cycles after *start\_event* asserted (*end\_count* > 0).
- The *end\_event* signal is TRUE.

If dest\_expr has not loaded the src\_expr value by the cycle the time window closes, a reg\_loaded violation occurs.

### **Assertion Checks**

REG\_LOADED

Test expression did not equal the value of the source register in the specified time window.

end\_count > 0

Either *end\_event* became TRUE or *end\_count* cycles passed after the rising edge of *start\_event* and *dest\_expr* was still not equal to the captured value of *src\_expr* (ignoring values of *dest\_expr* in the *start\_count* cycles after *start\_event* asserted).

Test expression did not equal the value of the source expression in the time window that ended when 'end\_event' asserted.

 $end_count = 0$ 

End\_event became TRUE after the rising edge of start\_event and dest\_expr was still not equal to the captured value of src\_expr (ignoring values of dest\_expr in the start\_count cycles after start\_event asserted).

#### Implicit X/Z Checks

start\_event contains X or Z Start event signal was X or Z.

end\_event contains X or Z End event signal was X or Z.

src\_expr contains X or Z Source expression contained X or Z bits.

dest\_expr contains X or Z Test expression contained X or Z bits.

#### **Cover Points**

cover\_values\_checked SANITY — Number of times a reg\_loaded check was initiated (i.e., number of cycles *start event* transitioned to TRUE).

cover\_reg\_loaded BASIC — Number of times a reg\_loaded check was terminated

successfully (i.e, *dest\_expr* was loaded with *src\_expr* in the time

window).

cover\_end\_event\_in\_

window

BASIC — Number of time windows in which *end\_event* asserted (whether or not *dest\_expr* loaded *src\_expr* in the window). Not

meaningful if  $end\_count = 0$ .

cover\_no\_end\_event\_in\_

window

BASIC — Number of time windows in which *end\_event* did not assert (whether or not *dest\_expr* loaded *src\_expr* in the window).

Not meaningful if *end* count = 0.

cover\_load\_at\_start\_

count

CORNER — Number of times *dest\_expr* loaded *src\_expr* exactly

start count cycles after start event asserted.

cover\_load\_at\_end\_
count

CORNER — Number of times dest\_expr loaded the src\_expr

value exactly *end\_count* cycles after *start\_event* asserted. Not

meaningful if  $end\_count = 0$ .

cover\_load\_times

STATISTIC — Reports the load times (in cycles from asserting *start\_event* to loading *src\_expr* into *dest\_expr*) that occurred at least once.

### **Cover Groups**

observed\_dest\_expr\_ reg\_load\_time Number of times *dest\_expr* was loaded in the specified number of cycles. Bins are:

- *observed\_load\_time\_good[start\_count+1:maximum]* bin index is the observed load time in clock cycles. The value of *maximum* is:
  - *start\_count* + 4095 (if *end\_count* = 0) or
  - *end\_count* (if *end\_count* > 0).
- *observed\_load\_time\_bad* default.

# ovl\_req\_ack\_unique

Checks that every request receives a corresponding acknowledge in a specified time window.



## **Syntax**

#### ovl\_req\_ack\_unique

#### Parameters/Generics

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
|----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| min_cks        | Minimum number of clock cycles after <i>req</i> asserts that its corresponding acknowledge can occur. Default: 1                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| max_cks        | Maximum number of clock cycles after <i>req</i> asserts that its corresponding acknowledge can occur. Default: 15.                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
| method         | <ul> <li>Method used to track and correlate request/acknowledge pairs.</li> <li>method = 0 (Default)</li> <li>Method suitable for a short time window (max_cks ≤ 15).</li> <li>Uses internal IDs for requests. For each request, generates max_cks properties.</li> <li>method = 1</li> <li>Method suitable for a long time window (max_cks &gt; 15).</li> <li>Uses time stamps (computed mod 2 max_cks) to identify requests. To process an acknowledge, the time stamp for the request at the front of the queue is used to verify that the acknowledge meets timing requirements.</li> </ul> |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |

Active edge of the *clock* input. Default: clock edge

OVL\_CLOCK\_EDGE\_DEFAULT (OVL\_POSEDGE).

Polarity (active level) of the *reset* input. Default: reset\_polarity

OVL\_RESET\_POLARITY\_DEFAULT

(OVL ACTIVE LOW).

gating\_type Gating behavior of the checker when *enable* is FALSE. Default:

OVL GATING TYPE DEFAULT (OVL GATE CLOCK).

#### **Ports**

clock Clock event for the assertion.

Synchronous reset signal indicating completed initialization. reset

enable Enable signal for *clock*, if *gating type* = OVL GATE CLOCK

(the default gating type) or reset (if gating type =

OVL\_GATE\_RESET). Ignored if *gating\_type* is OVL\_NONE.

Request signal. req

ack Acknowledgment signal.

fire Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check [OVL\_FIRE\_WIDTH-1:0]

failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

## **Description**

The ovl req ack unique assertion checker checks req and ack at each active edge of clock. If req is TRUE, a request becomes outstanding immediately. The checker tracks outstanding requests on a first-in first-out basis to verify the specified request/acknowledge handshake protocol is obeyed.

The protocol ensures each request has an acknowledgement that occurs in the time window that opens min\_cks after the request (i.e., when the request becomes outstanding) and closes max cks after the request. When ack is TRUE, the oldest outstanding request is checked. If this request has not been outstanding for at least min cks cycles, the ack is ignored. Otherwise, the request is removed from the outstanding requests FIFO and "matched" with the current acknowledge. The checker detects the following violations:

- If ack is TRUE and no requests are outstanding, a no\_extraneous\_ack violation occurs.
- If a request is not acknowledged in its time window, an ack\_timeout violation occurs.
- If max\_cks requests are outstanding, additional requests cannot become outstanding. If a request occurs (without a simultaneous acknowledge), a max outstanding req violation occurs and the request is ignored.

To help collect coverage data, the checker tracks individual requests and their acknowledgements (up to the maximum outstanding requests limit, which is max cks requests). But the larger *max\_cks* is, the greater the decrease in performance. To resolve this problem, the checker can be configured to a second method of tracking request/acknowledge pairs by setting the *method* parameter to 1. However with this method, the checker does not collect some coverage data.

#### **Assertion Checks**

NO\_EXTRANEOUS\_ACK Acknowledge received when no requests were

outstanding.

No requests were outstanding and ack was TRUE (and if

 $min \ cks = 0$ ,  $reg \ was \ FALSE$ ).

ACK\_TIMEOUT Acknowledge not received in time window.

A request was pending for *max\_cks* cycles and did not receive

its acknowledge in the last cycle of its time window.

MAX\_OUTSTANDING\_REQ Maximum number of requests were outstanding when an

additional request was issued.

*Req* was TRUE and *ack* was FALSE, but *max\_cks* requests

were outstanding.

#### Implicit X/Z Checks

req contains X or Z Request signal was X or Z.

ack contains X or Z Acknowledge signal was X or Z.

### **Cover Points**

cover\_requests SANITY — Number of cycles *reg* asserted.

cover\_acknowledgements SANITY — Number of cycles ack asserted.

min\_cks cycles after its request was issued. Not meaningful if

method = 1.

max\_cks cycles after its request was issued. Not meaningful if

method = 1.

observed\_ack\_times STATISTIC — Reports the request-to-acknowledge times (in

cycles) that occurred at least once. Not meaningful if method = 1.

observed\_outstanding\_

requests

STATISTIC — Reports the number of cycles in which exactly *index* requests become outstanding, for each *index* in the range [0: *max\_cks*] (except for index = 0, which counts all cycles that

no request was outstanding). Not meaningful if method = 1.

### **Cover Groups**

observed\_latency

Number of acknowledgements with the specified req-to-ack latency. Bins are:

- *observed\_latency\_good[min\_cks:max\_cks]* bin index is the observed latency in clock cycles.
- *observed\_latency\_bad* default.

observed\_outstanding\_requests

Number of cycles with the specified number of outstanding requests. Bins are:

• observed\_outstanding\_requests[1:max\_cks] — bin index is the number of outstanding requests.

## ovl\_req\_requires

Checks that every request event initiates a valid request-response event sequence that finishes within a specified time window.



## **Syntax**

#### ovl\_req\_requires

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                                                                      |
|----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| min_cks        | Minimum number of clock cycles after $req\_trigger$ is TRUE that the event sequence can finish. Value of $min\_cks$ must be $> 0$ . Default: 1.                                                                          |
| max_cks        | Maximum number of clock cycles after $req\_trigger$ is TRUE that the event sequence should finish. The special value 0 selects no upper bound. If $max\_cks \neq 0$ , then $max\_cks$ must be Š $min\_cks$ . Default: 0. |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                                                                                                                               |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                                                                                                                                      |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                                                                                                                            |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                                                                                                                                    |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).                                                                                                                 |

| gating_type | Gating behavior of the checker when <i>enable</i> is FALSE. Default: |
|-------------|----------------------------------------------------------------------|
|             | OVL GATING TYPE DEFAULT (OVL GATE CLOCK).                            |

| Ports        |                                                                                                                                                                                                                                                                                                       |
|--------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| clock        | Clock event for the assertion.                                                                                                                                                                                                                                                                        |
| reset        | Synchronous reset signal indicating completed initialization.                                                                                                                                                                                                                                         |
| enable       | Enable signal for <i>clock</i> , if <i>gating_type</i> = OVL_GATE_CLOCK (the default gating type) or <i>reset</i> (if <i>gating_type</i> = OVL_GATE_RESET). Ignored if <i>gating_type</i> is OVL_NONE.                                                                                                |
| req_trigger  | Request trigger signal. If <i>req_trigger</i> is TRUE, the checker initiates a new check and its corresponding time window opens <i>min_cks</i> cycles later.                                                                                                                                         |
| req_follower | Request follower signal. A request event finishes at the first rising edge of <i>req_follower</i> in the same or subsequent cycle as the rising edge of <i>req_trigger</i> .                                                                                                                          |
| resp_leader  | Response leader signal. The first rising edge of <i>resp_leader</i> in a cycle after the request event initiates the response event.                                                                                                                                                                  |
| resp_trigger | Response trigger signal. The response event finishes at the first rising edge of <i>resp_trigger</i> in the same or subsequent cycle as the rising edge of <i>resp_leader</i> . This event must be in the time window from <i>min_cks</i> to <i>max_cks</i> cycles after <i>req_trigger</i> was TRUE. |

## **Description**

[OVL\_FIRE\_WIDTH-1:0]

fire

The ovl\_req\_requires assertion checker checks req\_trigger at each active edge of clock. If req\_trigger is TRUE, a req\_requires check is initiated. The checker verifies that a semaphore request-response event sequence transpires with the last event occurring within the time window specified by [max\_cks:min\_cks]. The event sequence must have the following characteristics:

Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check

failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

- When reg\_trigger is TRUE: reg\_follower, resp\_leader, resp\_trigger are TRUE in sequence.
- Each event happens at the active clock edge at which the first occurrence of its signal is TRUE following the previous event in the sequence.
- The sequence has the following timing relations:

```
treq_trigger ≤ treq_follower < tresp_leader ≤ tresp_trigger
```

That is, the req\_trigger and req\_follower events can occur in the same cycle and the resp\_leader and resp\_trigger events can occur in the same cycle, but the resp\_leader event must be after the req\_follower event.

A req\_requires check violation occurs if one of the following cases arises:

- The semaphore event sequence finishes before the [min\_cks:max\_cks] time window opens.
- A cycle is reached at which the checker determines the semaphore event sequence cannot finish within the [min\_cks:max\_cks] time window.
- The [min\_cks:max\_cks] time window closes, but the semaphore event sequence did not finish.

The default value of *max\_cks* is 0, which sets no upper bound for the time windows. In this case, a req\_requires violation occurs only when a sequence finishes before *min\_cks* cycles after the *req\_trigger* event. The default value of *min\_cks* is 1, so if both *min\_cks* and *max\_cks* are left set to their defaults, the req\_requires check cannot be violated.

#### **Assertion Checks**

REQ\_REQUIRES

A request-response event sequence started, but did not finish when the specified time window was open.  $\max\_cks > 0$ 

Req\_trigger was TRUE, so a request-response event sequence started. But, either the sequence finished before min\_cks cycles, or it could not finish by max\_cks cycles.

A request-response event sequence started, but it finished before the specified time window opened.  $max\_cks$  = 0

*Req\_trigger* was TRUE, so a request-response event sequence started, but the sequence finished before *min\_cks* cycles.

#### Implicit X/Z Checks

req\_trigger contains X or Z

req\_follower contains X or Z

Request trigger was X or Z.

Request follower was X or Z.

Response leader was X or Z.

Response leader was X or Z.

Response trigger was X or Z.

#### **Cover Points**

#### ovl\_req\_requires

If overlapping request-response sequences are triggered, the coverage data might be inaccurate because the cover group vectors do not reflect which responses belong to which requests.

| cover_requests                                | SANITY — Number of cycles <i>req_trigger</i> was TRUE.                                                                                                             |
|-----------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| cover_request_<br>followers                   | BASIC — Number of times <i>req_trigger</i> was TRUE and <i>req_follower</i> was TRUE in the same or subsequent cycle.                                              |
| cover_response_leaders                        | BASIC — Number of times $req\_trigger$ was TRUE; $req\_follower$ was TRUE in the same or subsequent cycle; and then $resp\_leader$ was TRUE in a subsequent cycle. |
| cover_req_requires                            | BASIC — Number of valid request-response event sequences.                                                                                                          |
| <pre>cover_resp_trigger_at_ min_cks</pre>     | CORNER — Number of valid request-response event sequences that finished in <i>min_cks</i> cycles.                                                                  |
| <pre>cover_resp_trigger_at_ max_cks</pre>     | CORNER — Number of valid request-response event sequences that finished in <i>max_cks</i> cycles.                                                                  |
| cover_req_trigger_to_<br>resp_trigger         | STATISTIC — Reports the request-trigger to response-trigger times (in cycles) that occurred at least once.                                                         |
| cover_req_trigger_to_<br>req_follower         | STATISTIC — Reports the request-trigger to request-follower times (in cycles) that occurred at least once.                                                         |
| <pre>cover_req_follower_to_ resp_leader</pre> | STATISTIC — Reports the request-follower to response-leader times (in cycles) that occurred at least once.                                                         |
| <pre>cover_resp_leader_to_ resp_trigger</pre> | STATISTIC — Reports the response-leader to response-trigger times (in cycles) that occurred at least once.                                                         |

#### **Cover Groups**

observed\_latency\_btw\_ req\_trigger\_and\_ resp\_trigger Number of requests with the specified request-trigger to response-trigger latency. Bins are:

- observed\_req\_trigger\_resp\_trigger\_latency\_good [min\_cks:maximum] bin index is the observed latency in clock cycles from the request trigger to the response trigger. The value of maximum is:
  - 4095 (if  $max\_cks = 0$ ) or
  - $max_cks$  (if  $max_cks > 0$ ).
- *observed\_req\_trigger\_resp\_trigger\_latency\_bad* default.

observed\_latency\_btw\_ req\_trigger\_and\_ resp\_follower Number of requests with the specified request-trigger to response-follower latency. Bins are:

- observed\_req\_trigger\_resp\_follower\_latency\_good [0:maximum] bin index is the observed latency in clock cycles from the request trigger to the response follower. The value of maximum is:
  - 4095 (if  $max\_cks = 0$ ) or
  - $max\_cks$  (if  $max\_cks > 0$ ).
- *observed\_req\_trigger\_resp\_follower\_latency\_bad* default.

observed\_latency\_btw\_ req\_follower\_and\_ resp\_leader Number of requests with the specified request-follower to response-leader latency. Bins are:

- observed\_req\_follower\_resp\_leader\_latency\_good [1:maximum] bin index is the observed latency in clock cycles from the request follower to the response leader. The value of maximum is:
  - 4095 (if  $max\_cks = 0$ ) or
  - $max_cks$  (if  $max_cks > 0$ ).
- *observed\_req\_follower\_resp\_leader\_latency\_bad* default.

observed\_latency\_btw\_ resp\_leader\_and\_ resp\_trigger Number of requests with the specified response-leader to response-trigger latency. Bins are:

- observed\_resp\_leader\_resp\_trigger\_latency\_good [0:maximum] bin index is the observed latency in clock cycles from the response leader to the response trigger. The value of maximum is:
  - 4095 (if  $max \ cks = 0$ ) or
  - $max \ cks \ (if \ max \ cks > 0).$
- *observed\_resp\_leader\_resp\_trigger\_latency\_bad* default.

## ovl\_stack

Checks the data integrity of a stack and checks that the stack does not overflow or underflow.



## **Syntax**

```
ovl stack
```

| severity_level  | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                                                                                                                                 |
|-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| width           | Width of a data item. Default: 1.                                                                                                                                                                                                                                                   |
| depth           | Stack depth. The <i>depth</i> must be $> 0$ . Default: 2.                                                                                                                                                                                                                           |
| push_latency    | Latency for push operation.  push_latency = 0 (Default)  Value of push_data is valid and the push operation is performed in the same cycle push asserts.  push_latency > 0  Value of push_data is valid and the push operation is performed push_latency cycles after push asserts. |
| pop_latency     | Latency for pop operation.  pop_latency = 0 (Default)  Value of pop_data is valid and the pop operation is performed in the same cycle pop asserts.  pop_latency > 0  Value of pop_data is valid and the pop operation is performed pop_latency cycles after pop asserts.           |
| high_water_mark | Stack high-water mark. Must be < depth. A value of 0 disables the cover_high_water_mark cover point. Default: 0.                                                                                                                                                                    |

property\_type Property type. Default: OVL PROPERTY DEFAULT

(OVL ASSERT).

msg Error message printed when assertion fails. Default:

OVL\_MSG\_DEFAULT ("VIOLATION").

coverage\_level Coverage level. Default: OVL\_COVER\_DEFAULT

(OVL\_COVER\_BASIC).

clock\_edge Active edge of the clock input. Default:

OVL\_CLOCK\_EDGE\_DEFAULT (OVL\_POSEDGE).

reset\_polarity Polarity (active level) of the reset input. Default:

OVL\_RESET\_POLARITY\_DEFAULT

(OVL\_ACTIVE\_LOW).

gating\_type Gating behavior of the checker when enable is FALSE. Default:

OVL\_GATING\_TYPE\_DEFAULT (OVL\_GATE\_CLOCK).

#### **Ports**

*clock* Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

enable Enable signal for clock, if gating\_type = OVL\_GATE\_CLOCK

(the default gating type) or reset (if gating\_type =

OVL\_GATE\_RESET). Ignored if *gating\_type* is OVL\_NONE.

Stack push input. When *push* asserts, the stack performs a push

operation. A data item is pushed onto the stack and the stack counter increments by 1. If *push\_latency* is 0, the push is performed in the same cycle *push* asserts. Otherwise *push\_latency* cycles later, *push\_data* is latched, the push operation occurs, and the stack counter increments.

push\_data[width-1:0] Push data input to the stack. Contains the data item to push onto

the stack.

Stack pop input. When pop asserts, the stack performs a pop

operation. A data item is popped from the stack and the stack

counter decrements by 1. If *deq\_latency* is 0, the pop is

performed in the same cycle *pop* asserts. Otherwise *enq\_latency* 

cycles later, the pop operation occurs, the stack counter

decrements, and pop\_data is valid.

pop\_data[width-1:0] Pop data output from the stack. Contains the data item popped

from the stack.

full Output status flag from the stack.

fu11 = 0

Stack not full.

full = 1 Stack full.

```
empty
Output status flag from the stack.

empty = 0
Stack not empty.

empty = 1
Stack empty.

fire
[OVL_FIRE_WIDTH-1:0]

Fire output. Assertion failure when fire[0] is TRUE. X/Z check failure when fire[1] is TRUE. Cover event when fire[2] is TRUE.
```

## **Description**

The ovl\_stack checker checks *push* and *pop* at the active edge of *clock*. If *push* is TRUE, the checker assumes a push operation occurs *push\_latency* cycles later (or in the same cycle if *push\_latency* is 0). *In that cycle*, the checker does the following:

- If a pop operation is scheduled for this cycle, a simultaneous\_push\_pop check violation occurs.
- Otherwise, if the stack is already full, an overflow check violation occurs. The checker
  assumes the data item in *push\_data* was latched in the current cycle and replaced the top
  entry.
- Otherwise, the checker assumes the data item in *push\_data* was latched in the current cycle and pushed on the top of the stack. The checker increments the stack counter by 1 in the next cycle.

Similarly, if *pop* is TRUE, the checker assumes a pop operation occurs *pop\_latency* cycles later (or in the same cycle if *pop\_latency* is 0). *In that cycle*, unless a simultaneous\_push\_pop violation has occurred, the checker does the following:

- If the stack is already empty, an underflow check violation occurs.
- Otherwise, the checker assumes the data item on the top of the stack was popped and compares the value of *pop\_data* with the expected value of the popped data item. If they do not match, a value check violation occurs. The checker decrements the stack counter by 1 in the next cycle.

The ovl\_stack checker also checks *full* and *empty* at the active edge of *clock*. After the stack pointer is adjusted to reflect a push or pop performed in the previous cycle:

- If the stack is full and *full* is FALSE or if the stack is not full and *full* is TRUE, a full check violation occurs.
- If the stack is empty and *empty* is FALSE or if the stack is not empty and *empty* is TRUE, an empty check violation occurs.

#### **Assertion Checks**

OVERFLOW Data pushed onto stack when the stack was full.

Stack had *depth* data items *push\_latency* cycles after *push* 

was sampled TRUE.

UNDERFLOW Data popped from stack when the stack was empty.

Stack was empty *pop\_latency* cycles after *pop* was sampled

TRUE.

SIMULTANEOUS\_PUSH\_POP Push and pop operations occurred together.

A push operation and a pop operation were both scheduled

for the same cycle.

VALUE Data value popped from the stack did not match the

corresponding data value pushed onto the stack.

Pop was sampled TRUE, but pop\_latency cycles later the value of pop\_data did not equal the expected value pushed

onto the stack in a previous cycle.

FULL Stack was empty, but 'empty' was deasserted.

Empty was sampled FALSE when the stack was empty. Stack was not empty, but 'empty' was asserted. Empty was sampled TRUE when the stack was not empty.

EMPTY Stack was full, but 'full' was deasserted.

Full was sampled FALSE when the stack was full. Stack was not full, but 'full' was asserted. Full was sampled TRUE when the stack was not full.

#### Implicit X/Z Checks

push contains X or Z Push signal was X or Z.

pop contains X or Z Pop signal was X or Z.

push\_data contains X or Z Push data contained X or Z bits.

pop\_data contains X or Z Pop data contained X or Z bits.

full contains X or Z Full signal was X or Z.

empty contains X or Z Empty signal was X or Z.

#### **Cover Points**

cover\_pushes SANITY — Number of cycles *push* was asserted.

cover\_pops SANITY — Number of cycles *pop* was asserted.

cover\_max\_entries BASIC — Number of cycles for which the number of data items

in the stack was the same as the maximum number of data items

the stack had held up to and including that cycle.

cover\_push\_then\_pop BASIC — Number of times a push was followed by a pop

without an intervening *push* (or *pop*).

# OVL Checkers ovl\_stack

cover\_full CORNER — Number of times a push incremented the stack

pointer to depth data items.

cover\_empty CORNER — Number of times a pop decremented the stack

pointer to 0 data items.

than the specified *high\_water\_mark*. Not meaningful if

*high\_water\_mark* is 0.

## **Cover Groups**

none

## ovl\_time

Checks that the value of an expression remains TRUE for a specified number of cycles after a start event.



## **Syntax**

#### ovl\_time

| severity_level      | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                                             |
|---------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| num_cks             | Number of cycles after <i>start_event</i> is TRUE that <i>test_expr</i> must be held TRUE. Default: 1.                                                                                          |
| action_on_new_start | Method for handling a new start event that occurs while a check is pending. Values are: OVL_IGNORE_NEW_START, OVL_RESET_ON_NEW_START and OVL_ERROR_ON_NEW_START. Default: OVL_IGNORE_NEW_START. |
| property_type       | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                                                                                                      |
| msg                 | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                                                                                                             |
| coverage_level      | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                                                                                                   |
| clock_edge          | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                                                                                                           |
| reset_polarity      | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).                                                                                        |

| gating_type | Gating behavior of the checker when <i>enable</i> is FALSE. Default: |
|-------------|----------------------------------------------------------------------|
|             | OVL GATING TYPE DEFAULT (OVL GATE CLOCK).                            |

#### **Ports**

*clock* Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

enable Enable signal for *clock*, if *gating\_type* = OVL\_GATE\_CLOCK

(the default gating type) or reset (if gating\_type =

OVL\_GATE\_RESET). Ignored if *gating\_type* is OVL\_NONE.

start\_event Expression that (along with num\_cks) identifies when to check

test\_expr.

test\_expr Expression that should evaluate to TRUE for num\_cks cycles

after start event initiates a check.

fire output. Assertion failure when *fire*[0] is TRUE. X/Z check failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

### **Description**

The ovl\_time assertion checker checks the expression *start\_event* at each active edge of *clock* to determine whether or not to initiate a check. Once initiated, the check evaluates *test\_expr* each subsequent active edge of *clock* for *num\_cks* cycles to verify that the value of *test\_expr* is TRUE. During that time, the assertion fails the first cycle a sampled value of *test\_expr* is not TRUE.

The method used to determine what constitutes a start event for initiating a check is controlled by the *action\_on\_new\_start* parameter. If no check is in progress when *start\_event* is sampled TRUE, a new check is initiated. But, if a check is in progress when *start\_event* is sampled TRUE, the checker has the following actions:

OVL\_IGNORE\_NEW\_START

The checker does not sample *start\_event* for the next *num\_cks* cycles after a start event.

OVL\_RESET\_ON\_NEW\_START

The checker samples *start\_event* every cycle. If a check is pending and the value of *start\_event* is TRUE, the checker terminates the check (no violation occurs even if *test\_expr* has changed to FALSE) and initiates a new check starting in the next cycle.

OVL\_ERROR\_ON\_NEW\_START

The checker samples *start\_event* every cycle. If a check is pending and the value of *start\_event* is TRUE, the assertion fails with an illegal start event violation. In this case,

the checker does not initiate a new check, does not terminate a pending check and reports an additional assertion violation if *test\_expr* is FALSE.

#### **Assertion Checks**

TIME The value of *test\_expr* was not TRUE within *num\_cks* cycles

after start event was sampled TRUE.

illegal start event The action\_on\_new\_start parameter is set to

OVL\_ERROR\_ON\_NEW\_START and *start\_event* expression evaluated to TRUE while the checker was monitoring *test\_expr*.

#### Implicit X/Z Checks

test\_expr contains X or Z Expression value was X or Z. start event contains X or Z Start event value was X or Z.

#### **Cover Points**

cover\_window\_open BASIC — A time check was initiated.

cover\_window\_close BASIC — A time check lasted the full *num\_cks* cycles.

OVL\_RESET\_ON\_NEW\_START, and start\_event was sampled

TRUE while the checker was monitoring *test\_expr*.

#### **Cover Groups**

none

#### See also

ovl\_changeovl\_win\_changeovl\_nextovl\_win\_unchangeovl\_frameovl\_windowovl\_unchange

## **Examples**

#### Example 1

```
ovl_time #(
                                                  // severity_level
   'OVL ERROR,
                                                  // num_cks
   'OVL_IGNORE_NEW_START,
                                                  // action_on_new_start
   'OVL_ASSERT,
                                                  // property_type
   "Error: invalid transaction",
                                                  // msg
   'OVL COVER DEFAULT,
                                                  // coverage_level
   'OVL_POSEDGE,
                                                  // clock_edge
   'OVL_ACTIVE_LOW,
                                                  // reset_polarity
   'OVL_GATE_CLOCK)
                                                  // gating_type
   valid_transaction (
      clock,
                                                  // clock
                                                  // reset
      reset,
      enable,
                                                  // enable
      req == 1,
                                                  // start_event
      ptr >= 1 && ptr <= 3,
                                                  // test_expr
      fire_valid_transaction );
                                                  // fire
```

Checks that *ptr* is sampled in the range 1 to 3 for three cycles after *req* is sampled equal to 1 at the rising edge of *clock*. If *req* is sampled equal to 1 when the checker samples *ptr*, a new check is not initiated (i.e., the new start is ignored).



#### Example 2

```
ovl_time #(
   'OVL_ERROR,
                                                  // severity_level
   3,
                                                  // num_cks
   'OVL_RESET_ON_NEW_START,
                                                  // action_on_new_start
   'OVL_ASSERT,
                                                  // property_type
   "Error: invalid transaction",
                                                  // msg
   'OVL_COVER_DEFAULT,
                                                  // coverage_level
   'OVL_POSEDGE,
                                                  // clock_edge
   'OVL_ACTIVE_LOW,
                                                  // reset_polarity
   'OVL_GATE_CLOCK)
                                                  // gating_type
   valid_transaction (
                                                  // clock
      clock,
      reset,
                                                  // reset
      enable,
                                                  // enable
      req == 1,
                                                  // start_event
      ptr >= 1 && ptr <= 3,
                                                  // test_expr
      fire_valid_transaction );
                                                  // fire
```

Checks that *ptr* is sampled in the range 1 to 3 for three cycles after *req* is sampled equal to 1 at the rising edge of *clock*. If *req* is sampled equal to 1 when the checker samples *ptr*, a new check is initiated (i.e., the new start restarts a check).



#### Example 3

```
ovl_time #(
   'OVL_ERROR,
                                                  // severity_level
   3,
                                                  // num_cks
   'OVL_ERROR_ON_NEW_START,
                                                  // action_on_new_start
   'OVL_ASSERT,
                                                  // property_type
                                                  // msg
   "Error: invalid transaction",
   'OVL_COVER_DEFAULT,
                                                  // coverage_level
   'OVL_POSEDGE,
                                                  // clock_edge
   'OVL_ACTIVE_LOW,
                                                  // reset_polarity
   'OVL_GATE_CLOCK)
                                                  // gating_type
   valid transaction (
                                                  // clock
      clock,
      reset,
                                                  // reset
      enable,
                                                  // enable
      req == 1,
                                                  // start_event
      ptr >= 1 && ptr <= 3,
                                                  // test_expr
      fire_valid_transaction );
                                                  // fire
```

Checks that *ptr* is sampled in the range 1 to 3 for three cycles after *req* is sampled equal to 1 at the rising edge of *clock*. If *req* is sampled equal to 1 when the checker samples *ptr*, the checker issues an *illegal start event* violation and does not start a new check.



## ovl\_transition

Checks that the value of an expression transitions properly from a start state to the specified next state.



## **Syntax**

#### ovl\_transition

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| width          | Width of the <i>test_expr</i> argument. Default: 1.                                                            |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |

### **Ports**

| clock                                | Clock event for the assertion.                                                                                                                                                                                                                                                                    |
|--------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| reset                                | Synchronous reset signal indicating completed initialization.                                                                                                                                                                                                                                     |
| enable                               | Enable signal for <i>clock</i> , if <i>gating_type</i> = OVL_GATE_CLOCK (the default gating type) or <i>reset</i> (if <i>gating_type</i> = OVL_GATE_RESET). Ignored if <i>gating_type</i> is OVL_NONE.                                                                                            |
| test_expr[width-1:0]                 | Expression that should transition to <i>next_state</i> on the active edge of <i>clock</i> if its value at the previous active edge of <i>clock</i> is the same as the current value of <i>start_state</i> .                                                                                       |
| start_state[width-1:0]               | Expression that indicates the start state for the assertion check. If the start state matches the value of <i>test_expr</i> on the previous active edge of <i>clock</i> , the check is performed.                                                                                                 |
| <pre>next_state[width-1:0]</pre>     | Expression that indicates the only valid next state for the assertion check. If the value of <i>test_expr</i> was <i>start_state</i> at the previous active edge of <i>clock</i> , then the value of <i>test_expr</i> should equal <i>next_state</i> on the current active edge of <i>clock</i> . |
| <pre>fire [OVL_FIRE_WIDTH-1:0]</pre> | Fire output. Assertion failure when <i>fire</i> [0] is TRUE. X/Z check failure when <i>fire</i> [1] is TRUE. Cover event when <i>fire</i> [2] is TRUE.                                                                                                                                            |

## **Description**

The ovl\_transition assertion checker checks the expression *test\_expr* and *start\_state* at each active edge of *clock* to see if they are the same. If so, the checker evaluates and stores the current value of *next\_state*. At the next active edge of *clock*, the checker re-evaluates *test\_expr* to see if its value equals the stored value of *next\_state*. If not, the assertion fails. The checker returns to checking *start\_state* in the current cycle (unless a fatal failure occurred)

The *start\_state* and *next\_state* expressions are verification events that can change. In particular, the same assertion checker can be coded to verify multiple types of transitions of *test\_expr*.

The checker is useful for ensuring certain control structure values (such as counters and finite-state machine values) transition properly.

#### **Assertion Checks**

TRANSITION Expression transitioned from *start\_state* to a value different from *next state*.

#### Implicit X/Z Checks

```
test_expr contains X or Z Expression value contained X or Z bits.

start_state contains X or Z Start state value contained X or Z bits.

next_state contains X or Z Next state value contained X or Z bits.
```

#### **Cover Points**

```
cover_start_state BASIC — Expression assumed a start state value.
```

### **Cover Groups**

none

#### **Notes**

1. The assertion check compares the current value of *test\_expr* with its previous value. Therefore, checking does not start until the second rising edge of *clock* after *reset* deasserts.

#### See also

ovl\_no\_transition

## **Examples**

```
ovl_transition #(
   'OVL_ERROR,
                                                  // severity_level
                                                  // width
                                                  // property_type
   'OVL_ASSERT,
                                                  // msg
   "Error: bad count transition",
   'OVL_COVER_DEFAULT,
                                                  // coverage_level
   'OVL POSEDGE,
                                                  // clock_edge
   'OVL_ACTIVE_LOW,
                                                  // reset polarity
   'OVL_GATE_CLOCK)
                                                  // gating_type
   valid_count (
      clock,
                                                  // clock
      reset,
                                                  // reset
      enable,
                                                  // enable
      count,
                                                  // test_expr
                                                  // start_state
      (sel 8 == 1'b0) ? 3'd0 : 3'd4,
                                                  // next_state
      fire_valid_count );
                                                  // fire
```

Checks that *count* transitions from 3'd3 properly. If *sel\_8* is 0, *count* should have transitioned to 3'd0. Otherwise, *count* should have transitioned to 3'd4.



# ovl\_unchange

Checks that the value of an expression does not change for a specified number of cycles after a start event initiates checking.



## **Syntax**

```
ovl_unchange
```

| severity_level      | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                                                                                                                    |
|---------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| width               | Width of the <i>test_expr</i> argument. Default: 1.                                                                                                                                                                                                                    |
| num_cks             | Number of cycles <i>test_expr</i> should remain unchanged after a start event. Default: 1.                                                                                                                                                                             |
| action_on_new_start | Method for handling a new start event that occurs before <i>num_cks</i> clock cycles transpire without a change in the value of <i>test_expr</i> . Values are: OVL_IGNORE_NEW_START, OVL_RESET_ON_NEW_START and OVL_ERROR_ON_NEW_START. Default: OVL_IGNORE_NEW_START. |
| property_type       | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                                                                                                                                                                             |
| msg                 | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                                                                                                                                                                                    |
| coverage_level      | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                                                                                                                                                                          |
| clock_edge          | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                                                                                                                                                                                  |

#### **OVL Checkers** ovl unchange

Polarity (active level) of the *reset* input. Default: reset\_polarity

OVL\_RESET\_POLARITY\_DEFAULT

(OVL ACTIVE LOW).

gating\_type Gating behavior of the checker when *enable* is FALSE. Default:

OVL GATING TYPE DEFAULT (OVL GATE CLOCK).

**Ports** 

Clock event for the assertion. clock

reset Synchronous reset signal indicating completed initialization.

enable Enable signal for *clock*, if *gating\_type* = OVL\_GATE\_CLOCK

(the default gating type) or reset (if gating\_type =

OVL\_GATE\_RESET). Ignored if *gating\_type* is OVL\_NONE.

Expression that (along with action on new start) identifies

when to start checking test expr.

Expression that should not change value for *num cks* cycles from test\_expr[width-1:0]

the start event unless the check is interrupted by a valid new start

event.

fire Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check [OVL\_FIRE\_WIDTH-1:0]

failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

### **Description**

start\_event

The ovl unchange assertion checker checks the expression *start event* at each active edge of *clock* to determine if it should check for a change in the value of *test\_expr*. If *start\_event* is sampled TRUE, the checker evaluates test expr and re-evaluates test expr at each of the subsequent num cks active edges of clock. Each time the checker re-evaluates test expr, if its value has changed from its value in the previous cycle, the assertion fails.

The method used to determine how to handle a new start event, when the checker is in the state of checking for a change in *test\_expr*, is controlled by the *action\_on\_new\_start* parameter. The checker has the following actions:

OVL\_IGNORE\_NEW\_START

The checker does not sample *start\_event* for the next *num\_cks* cycles after a start event.

OVL\_RESET\_ON\_NEW\_START

The checker samples *start\_event* every cycle. If a check is pending and the value of start event is TRUE, the checker terminates the pending check (no violation occurs even if test expr has changed in the current cycle) and initiates a new check with the current value of test\_expr.

#### OVL\_ERROR\_ON\_NEW\_START

The checker samples *start\_event* every cycle. If a check is pending and the value of *start\_event* is TRUE, the assertion fails with an illegal start event violation. In this case, the checker does not initiate a new check and does not terminate a pending check.

The checker is useful for ensuring proper changes in structures after various events. For example, it can be used to check that multiple-cycle operations with enabling conditions function properly with the same data. It can be used to check that single-cycle operations function correctly with data loaded at different cycles. It also can be used to verify synchronizing conditions that require date to be stable after an initial triggering event.

#### **Assertion Checks**

UNCHANGE The test expr expression changed value within num cks cycles

after start\_event was sampled TRUE.

illegal start event The action\_on\_new\_start parameter is set to

OVL\_ERROR\_ON\_NEW\_START and *start\_event* expression evaluated to TRUE while the checker was in the state of checking

for a change in the value of test expr.

#### Implicit X/Z Checks

test\_expr contains X or Z Expression value contained X or Z bits.

start\_event contains X or Z Start event value was X or Z.

#### **Cover Points**

cover\_window\_open BASIC — A change check was initiated.

cover\_window\_close BASIC — A change check lasted the full *num\_cks* cycles.

OVL\_RESET\_ON\_NEW\_START, and *start\_event* was sampled

TRUE while the checker was monitoring *test\_expr* without

detecting a changed value.

### **Cover Groups**

none

#### See also

```
ovl_changeovl_win_unchangeovl_timeovl_windowovl_win_changeovl_window
```

## **Examples**

#### Example 1

```
ovl_unchange #(
                                                 // severity_level
  'OVL_ERROR,
                                                 // width
  8,
                                                 // num_cks
  8,
                                                 // action_on_new_start
  'OVL_IGNORE_NEW_START,
  'OVL ASSERT,
                                                 // property_type
  "Error: a changed during divide",
                                                 // msq
  'OVL_COVER_DEFAULT,
                                                 // coverage level
  'OVL_POSEDGE,
                                                 // clock_edge
  'OVL_ACTIVE_LOW,
                                                 // reset_polarity
  'OVL_GATE_CLOCK)
                                                 // gating_type
  valid_div_unchange_a (
                                                 // clock
     clock,
     reset,
                                                 // reset
     enable,
                                                 // enable
     start == 1,
                                                 // start_event
                                                 // test_expr
     fire_valid_div_unchange_a );
                                                 // fire
```

Checks that *a* remains unchanged while a divide operation is performed (8 cycles). Restarts during divide operations are ignored.



#### Example 2

```
ovl_unchange #(
  'OVL_ERROR,
                                                  // severity_level
  8,
                                                  // width
                                                  // num_cks
  8,
  'OVL_RESET_ON_NEW_START,
                                                  // action_on_new_start
  'OVL_ASSERT,
                                                  // property_type
  "Error: a changed during divide",
                                                  // msg
  'OVL_COVER_DEFAULT,
                                                 // coverage_level
  'OVL_POSEDGE,
                                                  // clock_edge
  'OVL_ACTIVE_LOW,
                                                 // reset_polarity
  'OVL_GATE_CLOCK)
                                                  // gating_type
  valid_div_unchange_a (
                                                  // clock
     clock,
     reset,
                                                  // reset
     enable,
                                                  // enable
     start == 1,
                                                  // start_event
                                                 // test_expr
     fire_valid_div_unchange_a );
                                                 // fire
```

Checks that *a* remains unchanged while a divide operation is performed (8 cycles). A restart during a divide operation starts the check over.



#### Example 3

```
ovl_unchange #(
                                                  // severity_level
// width
  'OVL_ERROR,
  8,
                                                  // num_cks
  8,
  'OVL_ERROR_ON_NEW_START,
                                                  // action_on_new_start
  'OVL_ASSERT,
                                                  // property_type
  "Error: a changed during divide",
                                                  // msg
  'OVL_COVER_DEFAULT,
                                                  // coverage_level
  'OVL_POSEDGE,
                                                  // clock_edge
  'OVL_ACTIVE_LOW,
                                                  // reset_polarity
  'OVL_GATE_CLOCK)
                                                  // gating_type
  valid_div_unchange_a (
                                                  // clock
     clock,
     reset,
                                                  // reset
     enable,
                                                  // enable
     start == 1,
                                                  // start_event
                                                  // test_expr
     fire_valid_div_unchange_a );
                                                  // fire
```

Checks that *a* remains unchanged while a divide operation is performed (8 cycles). A restart during a divide operation is a violation.



## ovl\_valid\_id

Checks that each issued ID is returned within a specified time window; that returned IDs match issued IDs; and that the issued and outstanding IDs do not exceed specified limits.



## **Syntax**

#### ovl\_valid\_id

| severity_level       | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                     |
|----------------------|---------------------------------------------------------------------------------------------------------|
| width                | Width of the issued_id, returned_id and flush_id. Default: 2.                                           |
| min_cks              | Minimum number of clock cycles an ID instance must be outstanding. Must be $> 0$ . Default: 1           |
| max_cks              | Maximum number of clock cycles an ID instance can be outstanding. Must be $\geq min\_cks$ . Default: 1. |
| max_id_instances     | Maximum number of ID instances that can be outstanding at any time. Default: 2.                         |
| max_ids              | Maximum number of different IDs that can be outstanding at any time. Default: 1.                        |
| max_instances_per_id | Maximum number of instances of a single ID that can be outstanding at any time. Default: 1.             |
| instance_count_width | Width of issued_count. Default: 2.                                                                      |
| property_type        | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                              |

msg Error message printed when assertion fails. Default:

OVL MSG DEFAULT ("VIOLATION").

coverage\_level Coverage level. Default: OVL COVER DEFAULT

(OVL\_COVER\_BASIC).

clock\_edge Active edge of the clock input. Default:

OVL\_CLOCK\_EDGE\_DEFAULT (OVL\_POSEDGE).

reset\_polarity Polarity (active level) of the reset input. Default:

OVL\_RESET\_POLARITY\_DEFAULT

(OVL\_ACTIVE\_LOW).

gating\_type Gating behavior of the checker when enable is FALSE. Default:

OVL\_GATING\_TYPE\_DEFAULT (OVL\_GATE\_CLOCK).

#### **Ports**

*clock* Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

enable Enable signal for clock, if gating\_type = OVL\_GATE\_CLOCK

(the default gating type) or reset (if gating type =

OVL GATE RESET). Ignored if gating type is OVL NONE.

issued IDs signal indicating the ID in issued\_id is added to the

outstanding IDs list. The *issued count* port specifies the number

of instances of the ID to make outstanding.

issued\_id[width-1:0] Expression or variable containing the ID to add to the

outstanding IDs list if issued is TRUE.

returned Returned ID signal indicating an instance of the ID in

returned id is removed from the outstanding IDs list.

returned\_id[width-1:0] Expression or variable containing the ID of an instance returned

and removed from the outstanding IDs list if returned is TRUE.

Flush ID signal indicating all instances of the ID in *flush id* are

removed from the outstanding IDs list.

flush\_id[width-1:0] Expression or variable containing the ID to flush if flush is

TRUE. All instances of the ID are removed from the outstanding

IDs list.

issued\_count

[instance\_count\_width-

1:0]

Number of instances of the issued ID to make outstanding when

issued asserts.

fire

[OVL\_FIRE\_WIDTH-1:0]

Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

### **Description**

The ovl\_valid\_id assertion checker checks *flush*, *returned* and *issued* at each active edge of *clock* and performs the following sequence of operations using an internal scratch pad of outstanding IDs:

- 1. If *flush* is TRUE, the ID specified in *flush\_id* is compared to the outstanding IDs. All instances (if any) of the flush ID are removed from the list of outstanding IDs. If *returned* is TRUE and *flush\_id = returned\_id*, the returned instance is ignored (even if it was not previously outstanding or was outstanding longer that *max\_cks*). If *issued* is TRUE and *flush\_id = issued\_id*, the issued ID instances are flushed as well (even if one of the outstanding IDs, instances or instances-per-ID limits for the issued ID instance were reached).
- 2. If *returned* is TRUE and the ID in *returned\_ID* is not being flushed:
  - a. If an instance of the returned ID is outstanding, the longest-outstanding instance of the returned ID is removed from the list of outstanding ID instances. If that ID instance was outstanding for fewer than *min\_cks* cycles, a min\_cks violation occurs.
  - b. If no instance of the returned ID is outstanding, a returned\_id violation occurs. Even if an instance of the returned ID were issued in the same cycle, all ID instances must be outstanding for *min\_cks* cycles (and *min\_cks* must be Š 1). In particular, the same ID instance cannot be issued and returned in the same cycle.
- 3. If *issued* is TRUE and *issued\_count* is 0, an issued\_count violation occurs.
- 4. If *issued* is TRUE and *issued\_count* > 0, then:
  - a. If the current number of unique outstanding IDs is *max\_ids* and issued\_id is not one of them, a max\_instances violation occurs.
  - b. If the current number of outstanding ID instances plus *issued\_count* exceeds *max\_id\_instances*, a max\_ids violation occurs.
  - c. If the current number of outstanding instances of the issued ID plus *issued\_count* exceeds *max\_instances\_per\_id*, a max\_instances\_per\_id violation occurs.
  - d. If the none of these violations occur, *issued\_count* instances of the ID in *issued\_id* are added to the list of outstanding ID instances.
- 5. After flushing and returning IDs, if any IDs have been outstanding for *max\_cks* cycles, a max\_cks violation occurs in the next cycle.

#### **Assertion Checks**

RETURNED ID

Returned ID not outstanding.

Returned is TRUE, but the list of outstanding ID instances does not contain an instance of returned\_ID.

ID instance outstanding for too many cycles. MAX CKS An ID instance was outstanding longer than *max\_cks* cycles. MIN\_CKS ID instance returned in too few cycles. *Returned* is TRUE and an instance of the ID in *returned\_id* is outstanding, but the longest-outstanding instance of the ID has been outstanding for fewer than min cks cycles. MAX IDS Maximum number of outstanding IDs or ID instances exceeded. *Issued* is TRUE, but the number of outstanding instances plus issued\_count (minus 1 if an instance of issued\_id is returned without error) exceeds max id instances or the number of unique outstanding IDs plus issued count (minus 1 if an instance of *issued\_id* is returned without error) exceeds max ids. Maximum number of outstanding ID instances for the issued ID MAX\_INSTANCES\_PER\_ID exceeded. *Issued* is TRUE, but the number of outstanding instances of issued\_id plus issued\_count (minus 1 if an instance of issued id is returned without error) exceeds max\_instances\_per\_id. ID issued with count 0. ISSUED COUNT Issued is TRUE, but issued count is 0. Implicit X/Z Checks issued contains X or Z Issued signal was X or Z. returned contains X or Z Returned signal was X or Z. flush contains X or Z Flush signal was X or Z. issued\_id contains X or Z Issued ID contained X or Z bits. when issued is asserted ret id contains X or Z Returned ID contained X or Z bits. when returned is asserted Flush ID contained X or Z bits. flush id contains X or Z when flush is asserted **Cover Points** cover\_issued\_asserted SANITY — Number of cycles *issued* was TRUE. SANITY — Number of cycles returned was TRUE. cover\_returned\_ asserted cover\_flush\_asserted SANITY — Number of cycles *flush* was TRUE. BASIC — Reports the turnaround times (i.e., number of cycles turnaround\_times after an ID instance is issued that the instance is returned) that occurred at least once.

BASIC — Reports the numbers of outstanding ID instances that outstanding\_ids occurred at least once. CORNER — Number of times the returned ID instance was cover\_returned\_at\_min\_ cks outstanding for min\_cks cycles. CORNER — Number of times the returned ID instance was cover returned at max outstanding for *max\_cks* cycles. cover\_max\_ids CORNER — Number of cycles the outstanding IDs reached the max\_ids limit or the max\_id\_instances limit. cover max instances CORNER — Number of cycles the outstanding instances of an per\_id ID reached the *max\_instances\_per\_id* limit.

### **Cover Groups**

Number of returned IDs with the specified turnaround time. Bins observed\_latency are:

- observed\_latency\_good[min\_cks:max\_cks] bin index is the observed turnaround time in clock cycles.
- *observed\_latency\_bad* default.

Number of cycles with the specified number of outstanding ids. outstanding\_ids

> • *observed\_outstanding\_ids*[0:*max\_id\_instances*] — bin index is the instance ID.

Accellera Standard OVL V2 LRM, 2.8.1 March 2014

## ovl\_value

Checks that the value of an expression either matches a value in a specified list or does not match any value in the list (as determined by a mode signal).



## **Syntax**

```
ovl_value
```

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| num_values     | Number of values in <i>vals</i> . Must be $\geq 1$ . Default: 1.                                               |
| width          | Width of test_expr. Default: 1.                                                                                |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |

#### **Ports**

*clock* Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

enable Enable signal for clock, if gating\_type = OVL\_GATE\_CLOCK

(the default gating type) or reset (if gating\_type =

OVL\_GATE\_RESET). Ignored if *gating\_type* is OVL\_NONE.

test\_expr[width-1:0] Variable or expression to check.

vals
[num\_values\*width-1:0]

Concatenated list of values for *test\_expr*.

disallow Sense of the comparison of *test expr* with *vals*.

disallow = 0

Value of *test\_expr* should match one of the values in *vals*.

disallow = 1

Value of *test\_expr* should not match one of the values in *vals*.

fire output. Assertion failure when *fire*[0] is TRUE. X/Z check failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

### **Description**

The ovl\_value assertion checker checks <code>test\_expr</code>, <code>vals</code> and <code>disallow</code> at each active edge of <code>clock</code> (except for the first cycle after a checker reset). The value of <code>test\_expr</code> is compared with the list of values in <code>vals</code>. If <code>disallow</code> is FALSE and the value of <code>test\_expr</code> is not a value in <code>vals</code>, a value check violation occurs. Similarly, if <code>disallow</code> is TRUE and the value of <code>test\_expr</code> is one of the values in <code>vals</code>, an is not check violation occurs. The check occurs at the active clock edge, .

#### **Assertion Checks**

VALUE Expression value did not equal one of the specified

values.

Value of the test expr did not match a value in vals, but

disallow was FALSE.

IS\_NOT Expression value was equal to one of the specified values.

Value of the *test\_expr* matched one of the values in *vals*, but

disallow was TRUE.

#### Implicit X/Z Checks

test\_expr contains X or Z Expression contained X or Z bits.

vals contains X or Z Values contained X or Z bits.

disallow contains X or Z Disallow signal was X or Z.

#### **Cover Points**

SANITY — Number of cycles test\_expr loaded a new value.

SANITY — Number of cycles disallow was FALSE and the value of test\_expr matched a value in vals.

SANITY — Number of cycles disallow was FALSE and the value of test\_expr matched a value in vals.

SANITY — Number of cycles disallow was TRUE and the value of test\_expr did not match a value in vals.

SANITY — Number of cycles disallow was TRUE and the value of test\_expr did not match a value in vals.

SANITY — Number of cycles disallow was TRUE and the value of test\_expr did not match a value in vals.

BASIC — Reports the values in *vals* that were covered at leas once. Not applicable for cycles where disallow = 1.

### **Cover Groups**

none

## ovl\_value\_coverage

ovl\_value\_coverage

Ensures that values of a specified expression are covered during simulation.

```
Parameters/Generics:
                                                                      property_type
                 fire[OVL_FIRE_WIDTH-1:0]
                                           severity_level
                                                                      msg
 test_expr[width-1:0]
                                             width
                                                                      coverage_level
                                             is not width
                                                                      clock edge
       ovl_value_coverage
                                                                      reset_polarity
                                             is not count
is_not[total_is_not_width-1:0]
                                             value_coverage
                                                                      gating_type
           clock reset enable
                                             Class: 2-cycle assertion
```

total\_is\_not\_width = (is\_not\_count\*is\_not\_width) ? is\_not\_count\*is\_not\_width : 1

## **Syntax**

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                         |
|----------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| width          | Width of test_expr. Default: 1.                                                                                                                                             |
| is_not_width   | Maximum width of an is_not value. Default: 1.                                                                                                                               |
| is_not_count   | Number of <i>is_not</i> values. Default: 0.                                                                                                                                 |
| value_coverage | Whether or not to perform value_coverage checks.  value_coverage = 0 (Default)  Turns off the value_coverage check.  value_coverage = 1  Turns on the value_coverage check. |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                                                                                  |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                                                                                         |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                                                                               |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                                                                                       |

reset\_polarity Polarity (active level) of the reset input. Default:

OVL\_RESET\_POLARITY\_DEFAULT

(OVL\_ACTIVE\_LOW).

gating\_type Gating behavior of the checker when enable is FALSE. Default:

OVL\_GATING\_TYPE\_DEFAULT (OVL\_GATE\_CLOCK).

**Ports** 

*clock* Clock event for the checker. The checker samples on the rising

edge of the clock.

reset Synchronous reset signal indicating completed initialization.

enable Expression that indicates whether or not to check the inputs.

test\_expr[width-1:0] Variable or expression to check.

is\_not Con [total\_is\_not\_width value

Concatenated list of *is\_not\_count* variables containing 'is-not' values for *test\_expr*. The variables' values are latched at reset and are then used as values of *test\_expr* to exclude from cover

point data.

If  $is\_not = 1$ 'b0 and both  $is\_not\_width$  and  $is\_not\_count$  are undefined, then is-not values are not used. The  $test\ expr$  variable

is covered when all possible values have been covered.

fire
[OVL\_FIRE\_WIDTH-1:0]

- 1:0]

Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

## **Description**

The *ovl\_value\_coverage* checker ensures the value of *test\_expr* does not change when the checker is active. The checker checks the multiple-bit expression *test\_expr* at each rising edge of *clock* whenever *enable* is TRUE. If *test\_expr* has changed value, the assertion fails and *msg* is printed. This checker is used to determine coverage of *test\_expr* and to gather coverpoint data. As such, the sense of the assertion is reversed. Unlike most other OVL checkers (which verify assertions that are not expected to fail), ovl\_coverage checkers' assertion is intended to fail, therefore the value\_coverage check typically is turned off (*value\_coverage* = 0).

#### **Assertion Checks**

VALUE\_COVERAGE The value of the variable was covered.

property\_type = 'OVL\_ASSERT

The value of *test\_expr* should not change. This check occurs at every active clock edge and fires if the value of *test\_expr* has changed from the value at the previous active clock edge.

#### Implicit X/Z Checks

test\_expr contains X or Z Expression contained X or Z bits. is\_not contains X or Z Expression contained X or Z bits.

#### **Cover Points**

#### See also

ovl\_coverage

## **Examples**

```
ovl_value_coverage #(
    .severity_level('OVL_ERROR),
    .width(2),
    .property_type('OVL_ASSERT),
    .coverage_level('OVL_COVER_ALL))
    ovl_coverage_mux_select(
        .clock(clock),
        .reset(reset),
        .enable(1'b1),
        .test_expr(mux_sel),
        .is_not(1'b0),
```

All Values Covered corner case asserts when mux\_sel has covered all encodings. Is\_not\_count by default is 0; is\_not\_width by default is 1 and the is\_not port is tied to 1'b0, so no is-not values are included.



## ovl\_width

Checks that when value of an expression is TRUE, it remains TRUE for a minimum number of clock cycles and transitions from TRUE no later than a maximum number of clock cycles.



## **Syntax**

```
ovl_width
```

#### **Parameters/Generics**

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                                                                                                                                                                     |
|----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| min_cks        | Minimum number of clock edges <i>test_expr</i> must remain TRUE once it is sampled TRUE. The special case where <i>min_cks</i> is 0 turns off minimum checking (i.e., <i>test_expr</i> can transition from TRUE in the next clock cycle). Default: 1 (i.e., same as 0).                                                 |
| max_cks        | Maximum number of clock edges <i>test_expr</i> can remain TRUE once it is sampled TRUE. The special case where <i>max_cks</i> is 0 turns off maximum checking (i.e., <i>test_expr</i> can remain TRUE for any number of cycles). Default: 1 (i.e., <i>test_expr</i> must transition from TRUE in the next clock cycle). |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                                                                                                                                                                                                                              |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                                                                                                                                                                                                                                     |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                                                                                                                                                                                                                           |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                                                                                                                                                                                                                                   |

reset\_polarity Polarity (active level) of the reset input. Default:

OVL\_RESET\_POLARITY\_DEFAULT

(OVL\_ACTIVE\_LOW).

gating\_type Gating behavior of the checker when enable is FALSE. Default:

OVL GATING TYPE DEFAULT (OVL GATE CLOCK).

#### **Ports**

*clock* Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

enable Enable signal for clock, if gating\_type = OVL\_GATE\_CLOCK

(the default gating type) or reset (if gating\_type =

OVL\_GATE\_RESET). Ignored if *gating\_type* is OVL\_NONE.

test\_expr Expression that should evaluate to TRUE for at least min cks

cycles and at most *max\_cks* cycles after it is sampled TRUE.

fire Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check

[OVL\_FIRE\_WIDTH-1:0] failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

## **Description**

The ovl\_width assertion checker checks the single-bit expression *test\_expr* at each active edge of *clock*. If the value of *test\_expr* is TRUE, the checker performs the following steps:

- 1. Unless it is disabled by setting *min\_cks* to 0, a minimum check is initiated. The check evaluates *test\_expr* at each subsequent active edge of *clock*. If its value is not TRUE, the minimum check fails. Otherwise, after *min\_cks* -1 cycles transpire, the minimum check terminates.
- 2. Unless it is disabled by setting  $max\_cks$  to 0, a maximum check is initiated. The check evaluates  $test\_expr$  at each subsequent active edge of clock. If its value does not transition from TRUE by the time  $max\_cks$  cycles transpire (from the start of checking), the maximum check fails.
- 3. The checker returns to checking *test\_expr* in the next cycle. In particular if *test\_expr* is TRUE, a new set of checks is initiated.

#### **Assertion Checks**

MIN\_CHECK The value of test expr was held TRUE for less than min cks

cycles.

MAX\_CHECK The value of test\_expr was held TRUE for more than max\_cks

cycles.

#### **OVL Checkers** ovl width

The *min\_cks* parameter is greater than the *max\_cks* parameter min\_cks > max\_cks

(and  $max\_cks > 0$ ). Unless the violation is fatal, either the

minimum or maximum check will fail.

Implicit X/Z Checks

test\_expr contains X or Z Expression value was X or Z.

**Cover Points** 

cover\_test\_expr\_ BASIC — A check was initiated (i.e., test\_expr was sampled asserts

TRUE).

CORNER — The expression *test\_expr* was held TRUE for cover\_test\_expr\_ asserted\_for\_min\_cks

exactly  $min\_cks$  cycles  $(min\_cks > 0)$ .

cover\_test\_expr\_ CORNER — The expression *test\_expr* was held TRUE for asserted\_for\_max\_cks

exactly  $max\_cks$  cycles  $(max\_cks > 0)$ .

#### **Cover Groups**

none

## See also

```
ovl_change ovl_unchange ovl_time
```

## **Examples**

```
ovl_width #(
   'OVL_ERROR,
                                                   // severity_level
   2,
                                                   // min_cks
   3,
                                                   // max_cks
   'OVL_ASSERT,
                                                   // property_type
   "Error: invalid request",
                                                   // msg
   'OVL_COVER_DEFAULT,
                                                  // coverage_level
   'OVL_POSEDGE,
                                                   // clock_edge
   'OVL_ACTIVE_LOW,
                                                  // reset polarity
   'OVL_GATE_CLOCK)
                                                  // gating_type
   valid_request (
                                                  // clock
      clock,
      reset,
                                                   // reset
      enable,
                                                   // enable
      req == 1,
                                                   // test_expr
      fire_valid_request );
                                                   // fire
```

#### Checks that *req* asserts for 2 or 3 cycles.



## ovl\_win\_change

Checks that the value of an expression changes in a specified window between a start event and an end event.



## **Syntax**

```
ovl_win_change
```

#### Parameters/Generics

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| width          | Width of the <i>test_expr</i> argument. Default: 1.                                                            |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |

#### **Ports**

*clock* Clock event for the assertion.

Synchronous reset signal indicating completed initialization. reset

enable Enable signal for *clock*, if *gating type* = OVL GATE CLOCK

(the default gating type) or reset (if gating type =

OVL\_GATE\_RESET). Ignored if *gating\_type* is OVL\_NONE.

Expression that opens an event window. start event

test\_expr[width-1:0] Expression that should change value in the event window

end event Expression that closes an event window.

Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check fire [OVL\_FIRE\_WIDTH-1:0]

failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

## **Description**

The ovl\_win\_change assertion checker checks the expression *start\_event* at each active edge of clock to determine if it should open an event window at the start of the next cycle. If start event is sampled TRUE, the checker evaluates test\_expr. At each subsequent active edge of clock, the checker evaluates end\_event and re-evaluates test\_expr. If end\_event is TRUE, the checker closes the event window and if all sampled values of test expr equal its value at the start of the window, then the assertion fails. The checker returns to the state of monitoring start\_event at the next active edge of *clock* after the event window is closed.

The checker is useful for ensuring proper changes in structures in various event windows. A typical use is to verify that synchronization logic responds after a stimulus (for example, bus transactions occurs without interrupts or write commands are not issued during read cycles). Another typical use is verifying a finite-state machine responds correctly in event windows.

#### **Assertion Checks**

WIN\_CHANGE The *test\_expr* expression did not change value during an open

event window.

Implicit X/Z Checks

test expr contains X or Z Expression value contained X or Z bits.

start\_event contains X or Z Start event value was X or Z. End event value was X or Z. end event contains X or Z

**Cover Points** 

cover window open BASIC — An event window opened (*start event* was TRUE).

BASIC — An event window closed (end\_event was TRUE in an cover\_window\_close

open event window).

#### **Cover Groups**

none

#### See also

```
ovl_changeovl_win_unchangeovl_timeovl_windowovl_unchangeovl_window
```

## **Examples**

```
ovl_win_change #(
   'OVL_ERROR,
                                                   // severity_level
   32,
                                                   // width
   'OVL_ASSERT,
                                                   // property_type
   "Error: read not synchronized",
                                                  // msg
   'OVL_COVER_DEFAULT,
                                                  // coverage_level
   'OVL_POSEDGE,
                                                  // clock_edge
   'OVL_ACTIVE_LOW,
                                                   // reset_polarity
   'OVL_GATE_CLOCK)
                                                   // gating_type
   valid_sync_data_bus_rd (
      clock,
                                                   // clock
      reset,
                                                   // reset
      enable,
                                                   // enable
      rd,
                                                   // start_event
      data,
                                                  // test expr
      rd_ack,
                                                  // end event
      fire_valid_sync_data_bus_rd );
                                                   // fire
```

#### Checks that *data* changes value in every data read window.



## ovl\_win\_unchange

Checks that the value of an expression does not change in a specified window between a start event and an end event.



## **Syntax**

#### ovl\_win\_unchange

#### **Parameters/Generics**

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| width          | Width of the <i>test_expr</i> argument. Default: 1.                                                            |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |

#### **Ports**

*clock* Clock event for the assertion.

#### **OVL Checkers** ovl win unchange

Synchronous reset signal indicating completed initialization. reset

Enable signal for *clock*, if *gating type* = OVL GATE CLOCK enable

(the default gating type) or reset (if gating type =

OVL\_GATE\_RESET). Ignored if *gating\_type* is OVL\_NONE.

Expression that opens an event window. start event

test\_expr[width-1:0] Expression that should not change value in the event window

end event Expression that closes an event window.

Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check fire [OVL\_FIRE\_WIDTH-1:0]

failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

## **Description**

The ovl\_win\_unchange assertion checker checks the expression *start\_event* at each active edge of *clock* to determine if it should open an event window at the start of the next cycle. If start\_event is sampled TRUE, the checker evaluates test\_expr. At each subsequent active edge of clock, the checker evaluates end event and re-evaluates test expr. If a sampled value of test expr is changed from its value in the previous cycle, then the assertion fails. If end event is TRUE, the checker closes the event window (after reporting a violation if test\_expr has changed) and returns to the state of monitoring *start event* at the next active edge of *clock*.

The checker is useful for ensuring certain variables and expressions do not change in various event windows. A typical use is to verify that synchronization logic responds after a stimulus (for example, bus transactions occurs without interrupts or write commands are not issued during read cycles). Another typical use is to verify that non-deterministic multiple-cycle operations with enabling conditions function properly with the same data.

#### **Assertion Checks**

WIN\_UNCHANGE The test expr expression changed value during an open event

window.

Implicit X/Z Checks

test\_expr contains X or Z Expression value contained X or Z bits.

Start event value was X or Z. start event contains X or Z

end event contains X or Z End event value was X or Z.

**Cover Points** 

cover\_window\_open BASIC — An event window opened (*start\_event* was TRUE).

cover\_window\_close BASIC — An event window closed (end event was TRUE in an

open event window).

#### **Cover Groups**

none

#### See also

```
ovl_changeovl_win_changeovl_timeovl_windowovl_unchangeovl_window
```

## **Examples**

```
ovl_win_unchange #(
   'OVL_ERROR,
                                                  // severity_level
                                                  // width
   'OVL_ASSERT,
                                                   // property_type
   "Error: a changed during divide",
                                                  // msg
   'OVL_COVER_DEFAULT,
                                                  // coverage_level
   'OVL_POSEDGE,
                                                  // clock_edge
   'OVL_ACTIVE_LOW,
                                                  // reset_polarity
   'OVL_GATE_CLOCK)
                                                  // gating_type
   valid_div_win_unchange_a (
      clock,
                                                   // clock
      reset,
                                                  // reset
      enable,
                                                   // enable
      start,
                                                  // start_event
      a,
                                                  // test_expr
      done,
                                                  // end_event
      fire_valid_div_win_unchange_a );
                                                  // fire
```

Checks that the *a* input to the divider remains unchanged while a divide operation is performed (i.e., in the window from *start* to *done*).



## ovl\_window

Checks that the value of an expression is TRUE in a specified window between a start event and an end event.



## **Syntax**

```
ovl_window
```

#### **Parameters/Generics**

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |

#### **Ports**

*clock* Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

enable Enable signal for *clock*, if *gating\_type* = OVL\_GATE\_CLOCK

(the default gating type) or reset (if gating\_type =

OVL\_GATE\_RESET). Ignored if *gating\_type* is OVL\_NONE.

start\_event Expression that opens an event window.

Expression that should be TRUE in the event window test\_expr

end\_event Expression that closes an event window.

fire Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check [OVL FIRE WIDTH-1:0]

failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

## **Description**

The ovl\_window assertion checker checks the expression *start\_event* at each active edge of clock to determine if it should open an event window at the start of the next cycle. If start\_event is sampled TRUE, at each subsequent active edge of clock, the checker evaluates end event and test\_expr. If a sampled value of test\_expr is not TRUE, then the assertion fails. If end\_event is TRUE, the checker closes the event window and returns to the state of monitoring start event at the next active edge of clock.

The checker is useful for ensuring proper changes in structures after various events. For example, it can be used to check that multiple-cycle operations with enabling conditions function properly with the same data. It can be used to check that single-cycle operations function correctly with data loaded at different cycles. It also can be used to verify synchronizing conditions that require date to be stable after an initial triggering event.

#### **Assertion Checks**

WINDOW The *test expr* expression changed value during an open event

window.

#### Implicit X/Z Checks

test expr contains X or Z Expression value was X or Z. start event contains X or Z Start event value was X or Z.

end\_event contains X or Z End event value was X or Z.

#### **Cover Points**

BASIC — A change check was initiated. cover\_window\_open

BASIC — A change check lasted the full *num\_cks* cycles. cover\_window\_close

### **Cover Groups**

none

#### See also

```
ovl_changeovl_win_changeovl_timeovl_win_unchangeovl_unchangeovl_win_unchange
```

## **Examples**

```
ovl_window #(
   'OVL_ERROR,
                                                   // severity_level
   'OVL_ASSERT,
                                                   // property_type
   "Error: write without grant",
                                                   // msg
   'OVL_COVER_DEFAULT,
                                                   // coverage_level
   'OVL_POSEDGE,
                                                   // clock_edge
   'OVL_ACTIVE_LOW,
                                                   // reset_polarity
   'OVL_GATE_CLOCK)
                                                   // gating_type
   valid_sync_data_bus_write (
      clock,
                                                   // clock
      reset,
                                                   // reset
      enable,
                                                   // enable
// start_event
      write,
      bus_gnt,
                                                   // test_expr
      write_ack,
                                                   // end_event
      fire_valid_sync_data_bus_write );
                                                   // fire
```

Checks that the bus grant is not deasserted during a write cycle.



## ovl\_xproduct\_bit\_coverage

Ensures functional cross product bit coverage of two vectors.



## **Syntax**

#### **Parameters/Generics**

| severity_level    | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                                                                                                                                                  |
|-------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| width1            | Width of the test_expr1. Default: 1.                                                                                                                                                                                                 |
| width2            | Width of the <i>test_expr2</i> . Default: 1.                                                                                                                                                                                         |
| test_expr2_enable | Whether or not to use $test\_expr2$ as the second vector. $test\_expr2\_enable = 0$ (Default)  Use $test\_expr1$ as the second vector ( $test\_expr2$ is ignored). $test\_expr2\_enable = 1$ Use $test\_expr2$ as the second vector. |
| coverage_check    | Whether or not to perform coverage checks.  coverage_check = 0 (Default)  Turns off the coverage check.  coverage_check = 1  Turns on the coverage check.                                                                            |
| property_type     | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                                                                                                                                           |
| msg               | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                                                                                                                                                  |
| coverage_level    | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                                                                                                                                        |
| clock_edge        | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                                                                                                                                                |

reset\_polarity Polarity (active level) of the *reset* input. Default:

OVL\_RESET\_POLARITY\_DEFAULT

(OVL ACTIVE LOW).

gating\_type Gating behavior of the checker when *enable* is FALSE. Default:

OVL GATING TYPE DEFAULT (OVL GATE CLOCK).

#### **Ports**

clock Clock event for the checker. The checker samples on the rising

edge of the clock.

reset Synchronous reset signal indicating completed initialization.

enable Expression that indicates whether or not to check the inputs.

test\_expr1[width1-1:0] First vector, specified as a signal, vector or concatenation of

signals.

test\_expr2[width2-1:0] Second vector (if *test\_expr2\_enable* is 1), specified as a signal,

vector or concatenation of signals (or 1'b0).

fire Fire output. Assertion failure when *fire*[0] is TRUE. X/Z check [OVL\_FIRE\_WIDTH-1:0]

failure when *fire*[1] is TRUE. Cover event when *fire*[2] is TRUE.

## **Description**

The ovl\_xproduct\_bit\_coverage checker determines cross-product coverage of the bits of one or two variables and gathers coverpoint data. By default, the checker performs no assertion checks. If test\_expr2\_enable is 1, the checker checks the expressions test\_expr1 and test\_expr2 at each rising edge of clk whenever enable is TRUE. If test\_expr1 or test\_expr2 has changed value, the checker updates its cross-product coverage matrix based on the values of test\_expr1 and test expr2.

The checker's cross-product coverage matrix is a bit matrix whose rows correspond to the descending bits of test exprl and whose columns correspond to the descending bits of test expr2. Elements in the matrix are the corresponding bits of test expr1 and test expr2 ANDed together. For example, if:

```
test_expr1 is a[9:6]
and
```

test\_expr2 is b[5:3]

then the cross-product coverage matrix is:

a[9] & b[5] a[9] & b[4] a[9] & b[3]a[8] & b[5] a[8] & b[4] a[8] & b[3]

```
a[7] & b[5] a[7] & b[4] a[7] & b[3] a[6] & b[5] a[6] & b[4] a[6] & b[3]
```

At reset, the matrix is initialized to all 0's. Each cycle *test\_expr1* or *test\_expr2* changes, the checker calculates a temporary matrix for the current values of *test\_expr1* and *test\_expr2*. Then, the cross-coverage matrix is updated by setting all elements to 1 whose corresponding elements in the temporary matrix are 1. That is, the bits of the cross-product coverage matrix are "sticky": once set to 1, they remain set to 1. The matrix is considered covered when all bits are 1.

To help analyze partial coverage, the Coverage Matrix Bitmap statistic coverpoint is a concatenated list of the bits of the cross-product coverage matrix arranged by rows.

By default, the value of  $test\_expr2\_enable$  is 0, which disables the  $test\_expr2$  port. This is the special case where the checker maintains a cross-product coverage matrix for a vector with itself. However, the Coverage Matrix Bitmap value reported is not the same as one for a matrix where  $test\_expr2 = test\_expr1$ . In this special case, diagonal elements are extraneous (for example, a[3]==1 && a[3]==1) and the elements of the lower-half matrix are redundant. So, the matrix reported by the Coverage Matrix Bitmap is formed by removing the diagonal elements and setting all lower-half matrix elements to 1. For example, if:

```
test_expr2_enable is 0
test_expr1 is a[9:6]
test_expr2 is 1'b0
```

then the cross-product coverage matrix reported by Coverage Matrix Bitmap is:

| a[9] & a[8] | a[9] & a[7] | a[9] & a[6] |
|-------------|-------------|-------------|
| 1           | a[8] & a[7] | a[8] & a[6] |
| 1           | 1           | a[7] & a[6] |

#### **Assertion Checks**

COVERAGE All bits of the coverage matrix were covered.

Every bit of the cross product coverage matrix is 1.

#### Implicit X/Z Checks

test\_expr1 contains X or Z Expression contained X or Z bits. test\_expr2 contains X or Z Expression contained X or Z bits.

#### **Cover Points**

cover\_test\_expr1\_ SANITY — Number of cycles test\_expr1 changed value.

```
cover_test_expr2_ SANITY — Number of cycles test_expr2 changed value if parameter test_expr2_enable is set to 1

cover_value_checked STATISTIC — Number of times the cover value was checked.

cover_matrix_covered CORNER — Number of times all bits of the matrix is 1.
```

#### **Cover Groups**

None

#### See also

```
ovl_coverage ovl_value_coverage ovl_xproduct_value_coverage
```

## **Examples**

#### Example 1

```
ovl_xproduct_bit_coverage #(
    .severity_level('OVL_ERROR),
.width1(5),
    .property_type('OVL_ASSERT),
    .msg('OVL_VIOLATION : "),
    .coverage_level('OVL_COVER_NONE))
    XPD1 (
        .clock(clock),
        .reset(1'b1),
        .enable(1'b1),
        .test_expr1(a[4:0]),
        .test_expr2(1'b0))
.fire(fire));
```

Maintains the following bit coverage matrix:

| a[4] & a[3] | a[4] & a[2] | a[4] & a[1] | a[4] & a[0] |
|-------------|-------------|-------------|-------------|
| 1           | a[3] & a[2] | a[3] & a[1] | a[3] & a[0] |
| 1           | 1           | a[2] & a[1] | a[2] & a[0] |
| 1           | 1           | 1           | a[1] & a[0] |

#### Example 2

```
ovl_xproduct_bit_coverage #(
    .severity_level('OVL_ERROR),
    .width1(4),
    .coverage_check(1'b1),
    .property_type('OVL_ASSERT),
    .msg('OVL_VIOLATION : "),
    .coverage_level('OVL_COVER_NONE))
```

```
XPD2 (
    .clock(clock),
    .reset(1'b1),
    .enable(1'b1),
    .test_expr1({sig3, sig2, sig1, sig0}))
.fire(fire));
```

Maintains the following bit coverage matrix:

```
      sig3 \& sig2
      sig3 \& sig1
      sig3 \& sig0

      1
      sig2 \& sig1
      sig2 \& sig0

      1
      1
      sig1 \& sig0
```

### Example 3

```
ovl_xproduct_bit_coverage #(
   .severity_level('OVL_ERROR),
   .width1(5),
   .width2(4),
   .test_expr2_enable(1),
   .coverage_check(1'b1),
   .property_type('OVL_ASSERT),
   .msg('OVL_VIOLATION : "),
   .coverage_level('OVL_COVER_NONE))
   XPD3 (
      .clock(clock),
      .reset(1'b1),
      .enable(1'b1),
      .test_expr1(a[4:0]),
      .test_expr2(b[3:0]),
.fire(fire));
```

Maintains the following bit coverage matrix:

| a[4] | & b[3] | a[4] & b[2] | a[4] & b[1] | a[4] & b[0] |
|------|--------|-------------|-------------|-------------|
| a[3] | & b[3] | a[3] & b[2] | a[3] & b[1] | a[3] & b[0] |
| a[2] | & b[3] | a[2] & b[2] | a[2] & b[1] | a[2] & b[0] |
| a[1] | & b[3] | a[1] & b[2] | a[1] & b[1] | a[1] & b[0] |
| a[0] | & b[3] | a[0] & b[2] | a[0] & b[1] | a[0] & b[0] |

#### Example 4

```
ovl_xproduct_bit_coverage #(
    .severity_level('OVL_ERROR),
    .width1(4),
    .width2(1),
    .test_expr2_enable(1),
    .property_type('OVL_ASSERT),
    .msg('OVL_VIOLATION : "),
    .coverage_level('OVL_COVER_NONE))

XPD4 (
    .clock(clock),
    .reset(1'b1),
    .active(1'b1),
    .test_expr1(a[3:0]),
    .test_expr2(sig));
```

Maintains the following bit coverage matrix:

```
a[3] & sig
a[2] & sig
a[1] & sig
a[0] & sig
```

## ovl\_xproduct\_value\_coverage

Ensures functional cross product value coverage of two variables.



Class: event-bounded assertion

```
*val1_width = val1_count > 0 ? val1_count * val1_width : 1
**val2_width = val2_count > 0 ? val2_count * val2_width : 1
```

## **Syntax**

#### ovl\_xproduct\_value\_coverage

#### **Parameters/Generics**

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                 |
|----------------|-----------------------------------------------------------------------------------------------------|
| width1         | Width of the <i>test_expr1</i> . Default: 1.                                                        |
| width2         | Width of the <i>test_expr2</i> . Default: 1.                                                        |
| val1_width     | Width of each item in val1. Default: 1.                                                             |
| val2_width     | Width of each item in val2. Default: 1.                                                             |
| val1_count     | Number of items in val1. Default: 0.                                                                |
| val2_count     | Number of items in val2. Default: 0.                                                                |
| min1           | Minimum value of the range of $test\_expr1$ . Ignored unless $val1\_count = 0$ . Default : 0        |
| min2           | Minimum value of the range of <i>test_expr2</i> . Ignored unless <i>val2_count</i> = 0. Default : 0 |

max1 Maximum value of the range of test expr1. Ignored unless

 $val1\_count = 0$ . max1 = 0 (Default)

Maximum value is the largest possible value of test expr1.

max1 > 0

Maximum value is *max1*.

max2 Maximum value of the range of test\_expr2. Ignored unless

 $val2\_count = 0$ . max2 = 0 (Default)

Maximum value is the largest possible value of *test\_expr2*.

max2 > 0

Maximum value is *max2*.

coverage\_check Whether or not to perform coverage checks.

coverage\_check = 0 (Default)
Turns off the coverage check.

coverage\_check = 1

Turns on the coverage check.

property\_type Property type. Default: OVL\_PROPERTY\_DEFAULT

(OVL\_ASSERT).

msg Error message printed when assertion fails. Default:

OVL MSG DEFAULT ("VIOLATION").

coverage\_level Coverage level. Default: OVL\_COVER\_DEFAULT

(OVL COVER BASIC).

clock\_edge Active edge of the clock input. Default:

OVL CLOCK EDGE DEFAULT (OVL POSEDGE).

reset\_polarity Polarity (active level) of the reset input. Default:

OVL\_RESET\_POLARITY\_DEFAULT

(OVL\_ACTIVE\_LOW).

gating\_type Gating behavior of the checker when enable is FALSE. Default:

OVL\_GATING\_TYPE\_DEFAULT (OVL\_GATE\_CLOCK).

**Ports** 

clock Clock event for the checker. The checker samples on the rising

edge of the clock.

reset Synchronous reset signal indicating completed initialization.

enable Expression that indicates whether or not to check the inputs.

test\_expr1[width1-1:0] First variable or expression.

test\_expr2[width2-1:0] Second variable or expression.

```
val1[val1 width-1:0]
                            val1 count = 0
                                Connect to 1'b0.
                            val1 count > 0
                                Concatenated list of val1 count elements that define the
                                range of test_expr1. Each element is a val1_width wide
                                variable or expression.
val2[val2_width-1:0]
                            val2\_count = 0
                                Connect to 1'b0.
                            val2_count > 0
                                Concatenated list of val2_count elements that define the
                                range of test expr2. Each element is a val2 width wide
                                variable or expression.
fire
                            Fire output. Assertion failure when fire[0] is TRUE. X/Z check
[OVL_FIRE_WIDTH-1:0]
                            failure when fire[1] is TRUE. Cover event when fire[2] is TRUE.
```

### **Description**

The <code>ovl\_xproduct\_value\_coverage</code> checker determines cross-product coverage of the ranges of two variables and gathers coverpoint data. By default, the checker performs no assertion checks. The checker checks the expressions <code>test\_expr1</code> and <code>test\_expr2</code> at each rising edge of <code>clock</code> whenever <code>enable</code> is TRUE. If <code>test\_expr1</code> or <code>test\_expr2</code> has changed value, the checker updates its cross-product coverage matrix based on the values of <code>test\_expr1</code> and <code>test\_expr2</code>.

The checker's cross-product coverage matrix is a bit matrix whose rows correspond to the range of values of *test\_expr1* and whose columns correspond to the range of values of *test\_expr2*. At reset, the matrix is initialized to all 0's. In a cycle in which both *test\_expr1* and *test\_expr2* have values in their respective ranges, the matrix element corresponding to that event is set to 1. The bits of the cross-product coverage matrix are "sticky": once set to 1, they remain set to 1. The matrix is considered covered when all bits are 1. To help analyze partial coverage, the Coverage Matrix Bitmap statistic coverpoint is a concatenated list of the bits of the cross-product coverage matrix arranged by rows.

The ranges of *test\_expr1* and *test\_expr2* can be specified in two ways: as contiguous value ranges and as discrete value ranges.

#### **Contiguous Value Range**

By default, the ranges of *test\_expr1* and *test\_expr2* are from 0 to their largest possible value. Setting *min1* and *max1* restricts the range of *test\_expr1* to *min1*, *min1+1*, ..., *max1*. Similarly, setting *min2* and *max2* restricts the range of *test\_expr2* to *min2*, *min2+1*, ..., *max2*. The default value of *min1* and *min2* is 0. The default value of *max1* and *max2* is 0, which sets the top range values to the maximum values of *test\_expr1* and *test\_expr2*.

For example, if:

```
test_expr1 is a
min1 = 6 and max1 = 9
and

test_expr2 is b
min2 = 3 and max2 = 5
```

then the cross-product coverage matrix is:

```
(a==9) \&\& (b==5) (a==9) \&\& (b==4) (a==9) \&\& (b==3)

(a==8) \&\& (b==5) (a==8) \&\& (b==4) (a==8) \&\& (b==3)

(a==7) \&\& (b==5) (a==7) \&\& (b==4) (a==7) \&\& (b==3)

(a==6) \&\& (b==5) (a==6) \&\& (b==4) (a==6) \&\& (b==3)
```

#### **Discrete Value Range**

Setting  $val1\_count > 1$  enables discrete values for the range of  $test\_expr1$ . The val1 port contains these values as a concatenated list of  $val1\_count$  values, each value having width  $val1\_width$ . The values of min1 and max1 are ignored. Similarly, setting  $val2\_count > 1$  enables discrete values for the range of  $test\_expr2$ . The val2 port contains these values as a concatenated list of  $val2\_count$  values, each value having width  $val2\_width$ . The values of min2 and max2 are ignored.

For example, if:

```
test_expr1 is a
val1_count = 4, val1_width = 16 and val2 = {1'h9, 1'hB, 1'hF, 1'h4}
and

test_expr2 is b
val1_count = 3, val1_width = 12 and val1 = {1'h3, 1'h8, 1'h7}
```

then the cross-product coverage matrix is:

```
(a==4) \&\& (b==7) (a==4) \&\& (b==8) (a==4) \&\& (b==3)

(a==F) \&\& (b==7) (a==F) \&\& (b==8) (a==F) \&\& (b==3)

(a==B) \&\& (b==7) (a==B) \&\& (b==8) (a==B) \&\& (b==3)

(a==9) \&\& (b==7) (a==9) \&\& (b==8) (a==9) \&\& (b==3)
```

Discrete value ranges have the following characteristics:

- One test expression can have a contiguous range while the other test expression has a discrete range.
- Discrete ranges can be dynamic. Typically, the *val1* and *val2* ports should remain constant, so the coverage matrix makes sense. However, the checker does not check this restriction. If the value of *val1* or *val2* has changed, a new set of range values are used for the current cycle. The same cross-product coverage matrix is updated, but the updated elements correspond to the new ranges.
- Discrete ranges can have duplicate values. Although this is not a typical usage, if a value with duplicates is covered, all corresponding matrix bits are set.

#### **Assertion Checks**

COVERAGE All bits of the coverage matrix were covered.

Every bit of the cross-product coverage matrix is 1.

#### Implicit X/Z Checks

| test_expr1 contains X or Z | Expression contained X or Z bits. |
|----------------------------|-----------------------------------|
| test_expr2 contains X or Z | Expression contained X or Z bits. |
| val1 contains X or Z       | Expression contained X or Z bits. |
| val2 contains X or Z       | Expression contained X or Z bits. |

#### **Cover Points**

| cover_test_expr1_<br>checked | SANITY — Number of cycles test_expr1 changed value.                                          |
|------------------------------|----------------------------------------------------------------------------------------------|
| cover_test_expr2_<br>checked | SANITY — Number of cycles test_expr2 changed value.                                          |
| cover_value_checked          | STATISTIC — Number of cycles in which <i>test_expr1</i> or <i>test_expr2</i> loaded a value. |
| cover_matrix_covered         | CORNER — If non-zero, all bits of the cross-product coverage matrix are covered.             |

#### **Cover Groups**

#### None

#### See also

| ovl_coverage              | ovl_value_coverage |
|---------------------------|--------------------|
| ovl_xproduct_bit_coverage |                    |

## **Examples**

#### Example 1

```
ovl_xproduct_value_coverage #(
   .severity level('OVL ERROR),
   .width1(3),
   .width2(2),
   .coverage_check(1'b0),
   .property_type('OVL_ASSERT),
   .msg("OVL_VIOLATION : "),
   .coverage_level('OVL_COVER_NONE))
   XVC1 (
      .clock(clock),
      .reset(1'b1),
      .enable(1'b1),
      .test expr1(a),
      .test_expr2(b),
      .val1(1'b0),
      .val2(1'b0),
.fire(fire));
```

Maintains the following cross-product coverage matrix:

```
(a==7) \&\& (b==3)
                   (a==7) \&\& (b==2)
                                       (a==7) \&\& (b==1)
                                                           (a==7) \&\& (b==0)
(a==6) \&\& (b==3)
                   (a==6) \&\& (b==2)
                                      (a==6) \&\& (b==1)
                                                           (a==6) \&\& (b==0)
(a==5) && (b==3)
                   (a==5) \&\& (b==2)
                                      (a==5) \&\& (b==1)
                                                           (a==5) \&\& (b==0)
(a==4) \&\& (b==3)
                  (a==4) \&\& (b==2)
                                      (a==4) \&\& (b==1)
                                                           (a==4) \&\& (b==0)
(a==3) && (b==3)
                                                           (a==3) && (b==0)
                   (a==3) & (b==2)
                                      (a==3) \&\& (b==1)
(a==2) && (b==3)
                   (a==2) \&\& (b==2)
                                      (a==2) \&\& (b==1)
                                                           (a==2) \&\& (b==0)
(a==1) && (b==3)
                   (a==1) \&\& (b==2)
                                      (a==1) \&\& (b==1)
                                                           (a==1) & (b==0)
                  (a==0) \&\& (b==2)
                                                           (a==0) \&\& (b==0)
(a==0) \&\& (b==3)
                                      (a==0) \&\& (b==1)
```

#### Example 2

```
ovl_xproduct_value_coverage #(
    .severity_level('OVL_ERROR),
    .width1(3),
    .width2(2),
    .min1(3),
    .min2(1),
    .max1(4),
    .coverage_check(1'b1),
    .property_type('OVL_ASSERT),
    .msg("OVL_VIOLATION : "),
    .coverage_level('OVL_COVER_NONE))

XVC2 (
    .clock(clock),
    .reset(1'b1),
```

```
.enable(1'b1),
    .test_expr1(a),
    .test_expr2(b),
    .val1(1'b0),
    .val2(1'b0),
```

Maintains the following cross-product coverage matrix:

```
(a==4) \&\& (b==3) (a==4) \&\& (b==2) (a==4) \&\& (b==1)
(a==3) \&\& (b==3) (a==3) \&\& (b==2) (a==3) \&\& (b==1)
```

If the Coverage Matrix Bitmap is 111100, the cross-product coverage matrix is:

```
1 1 1
1 0 0
```

Here, all combinations were covered except (a==3)&&(b==2) and (a==3)&&(b==1).

#### Example 3

```
ovl xproduct value coverage #(
   .severity_level('OVL_ERROR),
   .width1(8),
   .width2(4),
   .val1_width(8),
   .val1_count(3),
   .val2_width(4),
   .val2_count(4),
   .coverage_check(1'b1),
   .property_type('OVL_ASSERT),
   .msg("OVL_VIOLATION : "),
   .coverage_level('OVL_COVER_NONE))
      .clock(clock),
      .reset(1'b1),
      .enable(1'b1),
      .test_expr1(a),
      .test_expr2(b),
      .val1(24'b11111111111111111100000001),
      .val2(16'b0111000001010010),
.fire(fire));
```

Maintains the following coverage matrix:

```
(a==225) \&\& (b==7) \qquad (a==225) \&\& (b==0) \qquad (a==225) \&\& (b==5) \qquad (a==225) \&\& (b==2)
(a==127) \&\& (b==7) \qquad (a==127) \&\& (b==0) \qquad (a==127) \&\& (b==5) \qquad (a==1) \&\& (b==2)
(a==1) \&\& (b==7) \qquad (a==1) \&\& (b==0) \qquad (a==1) \&\& (b==5) \qquad (a==1) \&\& (b==2)
```

If the Coverage Matrix Bitmap is 1011111111110, the cross-product coverage matrix is:

| 1 | 0 | 1 | 1 |
|---|---|---|---|
| 1 | 1 | 1 | 1 |
| 1 | 1 | 1 | 0 |

Here, all combinations were covered except (a==225)&&(b==0) and (a==1)&&(b==2).

## ovl\_zero\_one\_hot

Checks that the value of an expression is zero or one-hot.



## **Syntax**

#### ovl\_zero\_one\_hot

#### Parameters/Generics

| severity_level | Severity of the failure. Default: OVL_SEVERITY_DEFAULT (OVL_ERROR).                                            |
|----------------|----------------------------------------------------------------------------------------------------------------|
| width          | Width of the <i>test_expr</i> argument. Default: 32.                                                           |
| property_type  | Property type. Default: OVL_PROPERTY_DEFAULT (OVL_ASSERT).                                                     |
| msg            | Error message printed when assertion fails. Default: OVL_MSG_DEFAULT ("VIOLATION").                            |
| coverage_level | Coverage level. Default: OVL_COVER_DEFAULT (OVL_COVER_BASIC).                                                  |
| clock_edge     | Active edge of the <i>clock</i> input. Default: OVL_CLOCK_EDGE_DEFAULT (OVL_POSEDGE).                          |
| reset_polarity | Polarity (active level) of the <i>reset</i> input. Default: OVL_RESET_POLARITY_DEFAULT (OVL_ACTIVE_LOW).       |
| gating_type    | Gating behavior of the checker when <i>enable</i> is FALSE. Default: OVL_GATING_TYPE_DEFAULT (OVL_GATE_CLOCK). |

#### **Ports**

*clock* Clock event for the assertion.

reset Synchronous reset signal indicating completed initialization.

| enable                               | Enable signal for <i>clock</i> , if <i>gating_type</i> = OVL_GATE_CLOCK (the default gating type) or <i>reset</i> (if <i>gating_type</i> = OVL_GATE_RESET). Ignored if <i>gating_type</i> is OVL_NONE. |
|--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| test_expr[width-1:0]                 | Expression that should evaluate to either 0 or a one-hot value on the active clock edge.                                                                                                               |
| <pre>fire [OVL_FIRE_WIDTH-1:0]</pre> | Fire output. Assertion failure when <i>fire</i> [0] is TRUE. X/Z check failure when <i>fire</i> [1] is TRUE. Cover event when <i>fire</i> [2] is TRUE.                                                 |

## **Description**

The ovl\_zero\_one\_hot assertion checker checks the expression *test\_expr* at each active edge of *clock* to verify the expression evaluates to a one-hot value or is zero. A one-hot value has exactly one bit set to 1.

The checker is useful for verifying control circuits, circuit enabling logic and arbitration logic. For example, it can ensure that a finite-state machine with zero-one-cold encoding operates properly and has exactly one bit asserted high—or else is zero. In a datapath circuit the checker can ensure that the enabling conditions for a bus do not result in bus contention.

#### **Assertion Checks**

| ZERO_ONE_HOT | Expression evaluated to a value | with multiple bits set to 1. |
|--------------|---------------------------------|------------------------------|
|--------------|---------------------------------|------------------------------|

#### Implicit X/Z Checks

test\_expr contains X or Z Expression value contained X or Z bits.

#### **Cover Points**

| cover_test_expr_change         | SANITY — Expression has changed value.                                        |
|--------------------------------|-------------------------------------------------------------------------------|
| cover_all_one_hots_<br>checked | CORNER — Expression evaluated to all possible combinations of one-hot values. |
| cover_test_expr_all_ zeros     | CORNER — Expression evaluated to 0.                                           |

### **Cover Groups**

none

#### **Notes**

1. By default, the ovl\_zero\_one\_hot assertion is optimistic and the assertion fails if *test\_expr* has multiple bits not set to 0 (i.e.equals 1, X, Z, etc.). However, if OVL\_XCHECK\_OFF is set, the assertion fails if and only if *test\_expr* has multiple bits that are 1.

#### See also

ovl one cold ovl one hot

## **Examples**

```
ovl_zero_one_hot #(
                                                   // severity_level
   'OVL_ERROR,
                                                   // width
   4,
   'OVL_ASSERT,
                                                   // property_type
   "Error: sel not zero or one-hot",
                                                   // msg
   'OVL_COVER_DEFAULT,
                                                   // coverage_level
   'OVL_POSEDGE,
                                                   // clock edge
   'OVL_ACTIVE_LOW,
                                                   // reset_polarity
   'OVL GATE CLOCK)
                                                   // gating_type
   valid_sel_zero_one_hot (
                                                   // clock
      clock,
      reset,
                                                   // reset
      enable,
                                                   // enable
      sel
                                                   // test_expr
      fire_valid_sel_zero_one_hot);
                                                   // fire
```

Checks that sel is zero or one-hot at each rising edge of clock.



| Type                   | Macro                              | Description                                                                                                                                                                                   |
|------------------------|------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                        | OVL_CLOCK_EDGE_<br>DEFAULT         | Value of <i>clock_edge</i> to use when the parameter is unspecified. Default: OVL_POSEDGE.                                                                                                    |
|                        | OVL_RESET_POLARITY_<br>DEFAULT     | Value of <i>reset_polarity</i> to use when the parameter is unspecified. Default: OVL_ACTIVE_LOW.                                                                                             |
|                        | OVL_GATING_TYPE_<br>DEFAULT        | Value of <i>gating_type</i> to use when the parameter is unspecified. Default: OVL_GATE_CLOCK.                                                                                                |
| Clock/Reset<br>Gating  | OVL_GATING_OFF                     | Removes all gating logic and creates checkers with <i>gating_type</i> OVL_GATE_NONE. Default: each checker gated according to its <i>gating_type</i> parameter value                          |
| Global Reset           | OVL_GLOBAL_RESET=<br>reset_signal  | Overrides the <i>reset</i> port assignments of all assertion checkers with the specified active low global reset signal. Default: each checker's reset is specified by the <i>reset</i> port. |
| Reporting              | OVL_MAX_REPORT_ERROR               | Discontinues reporting a checker's assertion violations if the number of times the checker has reported one or more violations reaches this limit. Default: unlimited reporting.              |
|                        | OVL_MAX_REPORT_COVER_<br>POINT     | Discontinues reporting a checker's cover points if the number of times the checker has reported one or more cover points reaches this limit.Default: unlimited reporting.                     |
|                        | OVL_INIT_MSG                       | Reports configuration information for each checker when it is instantiated at the start of simulation. Default: no initialization messages reported.                                          |
|                        | OVL_END_OF_SIMULATION = eos_signal | Performs quiescent state checking at end of simulation when the <i>eos_signal</i> asserts. Default: not defined.                                                                              |
| Fatal Error<br>Runtime | OVL_RUNTIME_AFTER_<br>FATAL        | Number of time units from a fatal error to end of simulation. Default: 100.                                                                                                                   |

| Type       | Macro                       | Description                                          |
|------------|-----------------------------|------------------------------------------------------|
| X/Z Values | OVL_IMPLICIT_XCHECK_<br>OFF | Turns off implicit X/Z checks. Default: not defined. |
|            | OVL_XCHECK_OFF              | Turns off all X/Z checks. Default: not defined.      |

### **Internal Global Macros**

The following global variables are for internal use and the user should not redefine them:

'endmodule
'module
OVL\_FIRE\_WIDTH
OVL\_RESET\_SIGNAL
OVL\_SHARED\_CODE
OVL\_STD\_DEFINES\_H
OVL\_VERSION

## **Macros Common to All Assertions**

| Parameter          | Macro             | Description                                                                                                                                                                             |
|--------------------|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| severity_<br>level | OVL_FATAL         | Runtime fatal error.                                                                                                                                                                    |
|                    | OVL_ERROR         | Runtime error.                                                                                                                                                                          |
|                    | OVL_WARNING       | Runtime Warning.                                                                                                                                                                        |
|                    | OVL_INFO          | Assertion failure has no specific severity.                                                                                                                                             |
| property_type      | OVL_ASSERT        | Assertion checks and X/Z checks are asserts.                                                                                                                                            |
|                    | OVL_ASSUME        | Assertion checks and X/Z checks are assumes.                                                                                                                                            |
|                    | OVL_ASSERT_2STATE | Assertion checks are asserts. X/Z checks are disabled.                                                                                                                                  |
|                    | OVL_ASSUME_2STATE | Assertion checks are assumes. X/Z checks are disabled.                                                                                                                                  |
|                    | OVL_IGNORE        | Assertion checks and X/Z checks are disabled.                                                                                                                                           |
| coverage_<br>level | OVL_COVER_ALL     | Includes coverage logic for all of the checker's cover points if OVL_COVER_ON is defined.                                                                                               |
|                    | OVL_COVER_NONE    | Excludes coverage logic for all of the checker's cover points.                                                                                                                          |
|                    | OVL_COVER_SANITY  | Includes coverage logic for the checker's SANITY cover points if OVL_COVER_ON is defined. Can be bitwise-ORed with OVL_COVER_BASIC, OVL_COVER_CORNER and OVL_COVER_STATISTIC.           |
|                    | OVL_COVER_BASIC   | (default) Includes coverage logic for the checker's BASIC cover points if OVL_COVER_ON is defined. Can be bitwise-ORed with OVL_COVER_SANITY, OVL_COVER_CORNER and OVL_COVER_STATISTIC. |
|                    | OVL_COVER_CORNER  | Includes coverage logic for the checker's CORNER cover points if OVL_COVER_ON is defined. Can be bitwise-ORed with OVL_COVER_SANITY, OVL_COVER_BASIC and OVL_COVER_STATISTIC.           |

| Parameter          | Macro                          | Description                                                                                                                                                                   |
|--------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                    | OVL_COVER_STATISTIC            | Includes coverage logic for the checker's STATISTIC cover points if OVL_COVER_ON is defined. Can be bitwise-ORed with OVL_COVER_SANITY, OVL_COVER_BASIC and OVL_COVER_CORNER. |
| clock_edge         | OVL_POSEDGE                    | Rising edges are active clock edges.                                                                                                                                          |
|                    | OVL_NEGEDGE                    | Falling edges are active clock edges.                                                                                                                                         |
| reset_<br>polarity | OVL_ACTIVE_LOW OVL_ACTIVE_HIGH | Reset is active when FALSE.  Reset is active when TRUE.                                                                                                                       |
| gating_type        | OVL_GATE_NONE                  | Checker ignores the <i>enable</i> input.                                                                                                                                      |
|                    | OVL_GATE_CLOCK                 | Checker pauses when <i>enable</i> is FALSE. The checker treats the current cycle as a NOP. Checks, counters and internal values remain unchanged.                             |
|                    | OVL_GATE_RESET                 | Checker resets (as if the <i>reset</i> input became active) when <i>enable</i> is FALSE.                                                                                      |

## **Macros for Specific Assertions**

| Parameter               | Checkers                 | Macro                               | Description                                                                                                         |
|-------------------------|--------------------------|-------------------------------------|---------------------------------------------------------------------------------------------------------------------|
| action_on_<br>new_start | ovl_change<br>ovl_frame  | OVL_IGNORE_NEW_START                | Ignore new start events.                                                                                            |
|                         | ovl_time<br>ovl_unchange | OVL_RESET_ON_NEW_<br>START          | Restart check on new start events.                                                                                  |
|                         |                          | OVL_ERROR_ON_NEW_<br>START          | Assert fail on new start events.                                                                                    |
|                         |                          | OVL_ACTION_ON_NEW_<br>START_DEFAULT | Value of action_on_new_<br>start to use when the<br>parameter is unspecified.<br>Default: OVL_<br>IGNORE_NEW_START. |
| edge_type               | ovl_always_<br>on_edge   | OVL_NOEDGE                          | Always initiate check.                                                                                              |
|                         |                          | OVL_POSEDGE                         | Initiate check on rising edge of sampling event.                                                                    |
|                         |                          | OVL_NEGEDGE                         | Initiate check on falling edge of sampling event.                                                                   |
|                         |                          | OVL_ANYEDGE                         | Initiate check on both edges of sampling event.                                                                     |
|                         |                          | OVL_EDGE_TYPE_DEFAULT               | Value of <i>edge_type</i> to use when the parameter is unspecified. Default: OVL_NOEDGE.                            |
| necessary_<br>condition | ovl_cycle_<br>sequence   | OVL_TRIGGER_ON_MOST_<br>PIPE        | Necessary condition is full sequence. Pipelining enabled.                                                           |
|                         |                          | OVL_TRIGGER_ON_FIRST_<br>PIPE       | Necessary condition is first in sequence. Pipelining enabled.                                                       |
|                         |                          | OVL_TRIGGER_ON_FIRST_<br>NOPIPE     | Necessary condition is first in sequence. Pipelining disabled.                                                      |

| Parameter | Checkers     | Macro                               | Description                                                                                               |
|-----------|--------------|-------------------------------------|-----------------------------------------------------------------------------------------------------------|
|           |              | OVL_NECESSARY_<br>CONDITION_DEFAULT | Value of necessary_condition to use when the parameter is unspecified. Default: OVL_TRIGGER_ON_MOST_PIPE. |
| inactive  | ovl_one_cold | OVL_ALL_ZEROS                       | Inactive state is all 0's.                                                                                |
|           |              | OVL_ALL_ONES                        | Inactive state is all 1's.                                                                                |
|           |              | OVL_ONE_COLD                        | (default) No inactive state.                                                                              |
|           |              | OVL_INACTIVE_DEFAULT                | Value of <i>inactive</i> to use when the parameter is unspecified. Default: OVL_ONE_COLD.                 |

# Appendix B OVL Backward Compatibility

### **V2.3**

The V2.3 version of OVL is compatible with the V1.8 version. That is, EDA tools that analyzed designs with V1.8 checkers will work seamlessly with the V2.3 OVL implementation. These checkers are identified by the prefix *assert*\_ (see Table B-1).

### Table B-1. assert\_\* Checker Types

|                                                                                                                                                                                             | <u>, , , , , , , , , , , , , , , , , , , </u>                                                                                                                                                          |                                                                                                                                                                                           |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| assert_always assert_always_on_edge assert_change assert_cycle_sequence assert_decrement assert_delta assert_even_parity assert_fifo_index assert_frame assert_handshake assert_implication | assert_increment assert_never assert_never_unknown assert_never_unknown_async assert_next assert_no_overflow assert_no_transition assert_no_underflow assert_odd_parity assert_one_cold assert_one_hot | assert_proposition assert_quiescent_state assert_range assert_time assert_transition assert_unchange assert_width assert_win_change assert_win_unchange assert_window assert_zero_one_hot |
|                                                                                                                                                                                             |                                                                                                                                                                                                        |                                                                                                                                                                                           |

The *assert*\_\* checkers have the same parameters and ports as the V1.x versions of the checkers, so their instance specifications have not changed. However, these checkers do not have the extended parameters (*clock\_edge*, *reset\_polarity* and *gating\_type*) and ports (*enable* and *fire*) added to the new V2 OVL implementations. For this reason, they are deprecated.

The new V2 OVL checkers are identified by the prefix *ovl*\_ (see Table B-2).

Table B-2. ovl\_\* Checker Types

| ovl_always         | ovl_memory_async        | ovl_quiescent_state |
|--------------------|-------------------------|---------------------|
| ovl_always_on_edge | ovl_memory_sync         | ovl_range           |
| ovl_arbiter        | ovl_multiport_fifo      | ovl_reg_loaded      |
| ovl_bits           | ovl_mutex               | ovl_req_ack_unique  |
| ovl_change         | ovl_never               | ovl_req_requires    |
| ovl_code_distance  | ovl_never_unknown       | ovl_stack           |
| ovl_cycle_sequence | ovl_never_unknown_async | ovl_time            |
| ovl_decrement      | ovl_next                | ovl_transition      |
| ovl_delta          | ovl_next_state          | ovl_unchange        |
| ovl_even_parity    | ovl_no_contention       | ovl_valid_id        |
| ovl_fifo           | ovl_no_overflow         | ovl_value           |
| ovl_fifo_index     | ovl_no_transition       | ovl_width           |
| ovl_frame          | ovl_no_underflow        | ovl_win_change      |
| ovl_handshake      | ovl_odd_parity          | ovl_win_unchange    |
| ovl_hold_value     | ovl_one_cold            | ovl_window          |
| ovl_implication    | ovl_one_hot             | ovl_zero_one_hot    |
| ovl_increment      | ovl_proposition         |                     |
|                    |                         |                     |

These include 33 checkers that are extended versions of their *assert\_\** counterparts. Plus completely new checkers.

### assert\_fifo\_index and ovl\_fifo\_index

The V1 assert\_fifo\_index checker is compatible with the V2 implementation. But the ovl\_fifo\_index implementation has a change in the parameter order. The *simultaneous\_push\_pop* parameter was moved to before the *property\_type* parameter. So, the assert\_fifo\_index checker has the following syntax:

```
assert_fifo_index
```

Whereas the ovl\_fifo\_index checker has the following syntax:

#### ovl\_fifo\_index