Hardware Reference
In-Depth Information
and
$past(c, 2,,@(
posedge
clk)) = 1'bx
etc. As mentioned in the note preceding this example, some FV tools will assume
the past value of all these expressions to be
1'b0
.
t
Example 7.12.
Consider the following code fragment.
logic
a;
a1:
assert property
(@(
posedge
clk) $past(a));
Assertion
a1
fails at clock tick 0, since
$past(a)
returns
x
—the initial value of
a
.
This example shows that one should be careful when using
$past
in assertions
because it may lead to nonintuitive assertion behavior in the initial clock ticks.
t
Example 7.13.
Each grant
gnt
should be immediately preceded by a request
req
.
Solution:
a1:
assert property
(@(
posedge
clk) gnt |-> $past(req));
Discussion:
What happens if
gnt
is active at the initial clock tick? If
req
has not
been explicitly initialized,
$past(req)
is
x
or 0 depending on
req
type, and the
assertion fails. In this case, this is a desired behavior.
t
Example 7.14. Gray Encoding:
Check that signal
sig
has a
Gray
encoding, i.e., its
two consecutive values differ in only one bit.
Solution:
Here is the first solution:
a1_wrong:
assert property
(@(
posedge
clk)
$onehot(sig ^ $past(sig)));
The result of the exclusive OR
^
operator between the current and the past values
of
sig
contains ones in the bits that changed. We want to make sure that exactly
one bit of the result is 1. But what happens at the initial clock tick?
$past(sig)
will return
x
, the result of the exclusive OR will also be
x
, and assertion
a1_wrong
will fail in the initial clock tick! To handle the initial situation correctly, we need to
delay the first check of the assertion:
a2:
assert property
(@(
posedge
clk)
nexttime
$onehot(sig ^ $past(sig)));
Here
sig
may have any value at the initial clock tick.
Discussion:
One can argue that a real-life implementation should take into account
the reset sequence during which no check is performed and therefore no initial delay
is necessary:
a3_problematic:
assert property
(
@(
posedge
clk)
disable iff
(rst) $onehot(sig ^ $past(sig)));
but this is also problematic. For example, if during reset and immediately after it
sig
was equal to 0, assertion
a3_problematic
will fail immediately after reset.
Search WWH ::
Custom Search