The 
Introduction
Assertions have been found to be beneficial for solving a wide range of tasks in systems design ranging from modeling, verification and even manufacturing test [1] . In this paper we consider assertion-based verification which has been recognized as an efficient approach to cope with many difficulties in the state-of-the-art digital systems functional verification. Verification assertions can be used in both dynamic and static verification. Here, we consider only the first case, where assertions play the role of monitors for particular system behavior during simulation.
Property Specification Language (PSL) is a recently accepted IEEE standard language [11] that is commonly used to express the assertions. The research on the topic of converting PSL assertions to design representation such as HDL is gaining its popularity. There are several approaches published in recent time [2, 3, 4, 15] . The most widely known tool for this task is FoCs by IBM [5] .
Our first attempt [14] of PSL properties translation to HLDD was implying the generation of VHDL checkers by IBM's FoCs as an intermediate step.
However this experience has revealed particular limitations and inefficiency for HLDD-based assertions creation. Moreover, checkers synthesis from PSL properties are efficient mainly for the case where checkers are to be used in hardware emulation. The application of the same checker constructs for simulation in software may lack efficiency due to target language concurrency and poor means for temporal expressions. Synthesis of checkers hardware for emulation is out of the scope of current paper.
In this paper, we present an approach to checking PSL assertions using High-Level Decision Diagrams (HLDD). Here, the assertions are translated to HLDD graphs and integrated into fast HLDD-based simulation. The structure of an HLDD design representation with the temporal extension proposed in this paper allows straightforward and lossless translation of PSL properties. HLDDs are a convenient model for diagnosis and debug since they provide for easy identification of cause-effect relationships. The feasibility and efficiency of the proposed approach are demonstrated by the experimental results, where the proposed method is compared against a commercial simulator with PSL assertions support from a major CAD vendor.
High-Level Decision Diagrams have been proposed and further developed by the authors in [13] . For more than a decade this model of digital design representation has been successfully applied for design simulation and test generation research areas. Recently the group has started to apply HLDD model in its verification flow. The emphasis of this paper is put on assertion checking in simulation-based verification. However, several other tools working with HLDD are under development, including dynamic verification code coverage analysis, formal methods of stimuli generation and model checking. The latter are relying on the engine of HLDD based ATPG known as DECIDER [7] . This paper is organized as follows. PSL and its supported subset are discussed in Section 2. Section 3 defines the existing HLDD graph model and describes the HLDD-based simulation process. Section 4 presents the temporal extension for HLDD model, discusses the hierarchical creation of THLDD representation of PSL properties and THLDD assertions checking process, Section 5 provides the experimental results, and finally conclusions are drawn.
PSL subset for assertion checking
Assertion-based verification popularity has encouraged a common Property Specification Language development by the Functional Verification Technical Committee of Accellera. After a process in which donations from a number of sources were evaluated, the Sugar language from IBM was chosen as the basis for PSL. The latest Language Reference Manual for PSL version 1.1 was released in 2004 [10] . The language became an IEEE 1850 Standard in 2005 [11] .
An example PSL property reqack structure is shown in Figure 1 . Its possible timing diagram is also illustrated by Figure 2a . It states that ack must become high next after req being high. A system behaviour that activates reqack property however obviously violating it is demonstrated in Figure 2b . Figure 2c shows the case when the property was not activated.
For the convenience of verification engineers PSL is a multi-flavoured language, which means that it supports common constructs of VHDL, Verilog, IBM's GDL, SystemVerilog and SystemC [15] . PSL is also a multi-layered language [10] . The layers include:
• Boolean layer -the lowest one, consists of The second one considers multiple execution paths and models design behaviour as execution trees. CTL can only be used in formal verification. Therefore, in this paper we will consider only the FL part of PSL. In fact, only FL, or more precisely its subset known as PSL Simple Subset, is suitable for dynamic assertion checking. This subset is explicitly defined in [10] and loosely speaking it has two requirements for time: to advance monotonically and be finite and restrictions on types of operands for several operators. In this paper only several LTL operators without SERE support were implemented. However, as it will be shown later, the support for SERE as well as for any other language constructs can be easily added by just proprietary library extension.
High-level decision diagrams
Decision Diagrams (DD) have been used in verification for about two decades. Reduced Ordered Binary Decision Diagrams (BDD) [8] as canonical forms of Boolean functions have their application in equivalence checking and in symbolic model checking. Additionally, a higher abstraction level DD representation, called Assignment Decision Diagrams (ADD) [9] , have been successfully applied to, both, register-transfer level (RTL) verification and test. In this paper we consider a different decision diagram representation, High-Level Decision Diagrams (HLDD) that, unlike ADDs can be viewed as a generalization of BDD. HLDDs can be used for representing different abstraction levels from RTL to TLM (Transaction Level Modeling) and behavioral. HLDDs have proven to be an efficient model for 
When to check
Property to be checked simulation and diagnosis since they provide for a fast evaluation by graph traversal and for easy identification of cause-effect relationships [6] .
HLDD data structure
High 
HLDDs for digital systems
HLDD models can be used for representing digital systems. In such models, the non-terminal nodes correspond to conditions or to control signals, and the terminal nodes represent data operations (functional units). Register transfers and constant assignments are treated as special cases of operations. When representing systems by decision diagram models, in general case, a network of HLDDs rather than a single HLDD is required. During the simulation in HLDD systems, the values of some variables labeling the nodes of a HLDD are calculated by other HLDDs of the system. 
Systems simulation using HLDDs
The basis for assertion coverage analysis in this paper is a simulator engine relying on HLDD models. In our earlier works [6] , we have implemented an algorithm supporting, both, Register-Transfer Level (RTL) and behavioral design abstraction levels. This algorithm is briefly explained below and it will be used for simulating the system model.
In the RTL style, the algorithm takes the previous time step value of variable x j labeling a node m i if x j represents a clocked variable in the corresponding HDL. Otherwise, the present value of x j will be used. In the case of behavioral HDL coding style HLDDs are generated and ranked in a specific order to ensure causality. For variables x j labeling HLDD nodes the previous time step value is used if the HLDD diagram calculating x j is ranked after current decision diagram. Otherwise, the present time step value will be used.
Algorithm 1 presents the HLDD based simulation engine for RTL, behavioral and mixed HDL description styles. (Refer to Section 3.1 for HLDD data structure definition). 
Advantages of HLDD-based modeling
As an example, consider a datapath of a digital system and its HLDD depicted in 
Temporally extended HLDDs
The novel contribution of this paper is an extension for the traditional HLDD model defined in Section 3 with the aim to support temporal logic properties. The extension is referred to as Temporally extended HLDDs (THLDD). This Section presents the definition of THLDDs and proposes an algorithm for hierarchical generation of the model based on a concept of templates of PSL constructs referred to as Primitive Property Graphs.
Basic definitions
Unlike the HLDD described in the previous Section, the temporally extended High-Level Decision Diagrams are aimed at representing temporal logic properties. A temporal logic property P at the time-step t i ∈ T denoted by P ti = f(x,T), where x = (x 1 , …, x n ) is a vector defined on a finite domain X = X 1 ×…×X n and T = {t 1 , …, t m } is a finite set of time-steps. In order to represent the temporal logic assertion P ti = f(x,T), a temporally extended high-level decision diagram G P can be used.
Definition 2: A Temporally extended High-Level Decision Diagram (THLDD) is a directed labeled graph that can be defined as a sixtuple
G P =(M,E,T,Z,Γ,Φ)
, where M is a finite set of nodes, E is a finite set of edges, T is a finite set of time-steps, Z is a function which defines the variables labeling the M labeled by constants, whose semantics is explained below:
• FAIL -assertion P has been simulated and does not hold;
• PASS -the assertion has been simulated and holds;
• CHECKING -P has been simulated and it does not fail, nor does it pass non-vacuously (See Section 4.2 for discussion on vacuity). The function Φ(m i ) represents the relationship indicating at which time-steps t∈T the node labeling variable x l ∈Z(m i ) should be evaluated. More exactly, the function returns the range of time-steps relative to current time t curr where the value X l of variable x l must be read. We denote the relative time range by Δt and calculus of variable x k using the time-range Φ(m i )= Δt by x l Δt . We distinguish three cases:
• Δt=k, where k is a constant. In other words, the value of the variable x l has to be taken k time-steps from current time-step t curr .
• One of the motivations for introduction of PSL was the poor ability of standard HDL languages to express temporal relations between expressions in assertions. The main instruments for this purpose used in PSL are repetition operators of its own and of Sequentially Extended Regular Expressions (SERE). A powerful part of the repetition operators are their auxiliary suffixes (e.g for next* family they are next_a, next_e!, next_event etc). In current paper we propose a temporal extension for HLDD model that supports the following 3 PSL constructs (See Table 1 ).
Table 1. Temporal relationships in THLDDs
Additionally we introduce the notion of t end as the final time-step that occurs at the end of simulation and is implicitly determined by one of the following cases:
• Number of test vectors • The amount of time provided for simulation • Simulation interruption Note, that THLDD is an extension of HLDD defined in Section 3 as it includes temporal operators and permits cycles inside the graph. The main purpose of the proposed temporal extension is transferring additional information and directives to the HLDD Simulator that will be used for assertions checking.
Recursive generation of THLDDs
The idea of the proposed method relies on the principle of 'divide and conquer'. The method is based on partitioning PSL properties into elementary entities containing only one operator. There are two main stages in the approach. The first one is preparatory and consists of Primitive Property Graphs Library creation for elementary operators. The second stage is recursive hierarchical construction of the Temporally extended HLDD (THLDD) for a complex property using the PPG Library elements.
Prior to the THLDD construction procedure a Primitive Property Graph (PPG) should be created for every PSL operator supported by the proposed approach. All the created PPGs are combined into one PPG Library. The library is extensible and should be created only once. It implicitly determines the supported PSL subset. The method currently supports only weak versions of PSL operators. However, by means of the supported operators a large set of properties expressed in PSL can be derived.
Primitive Property Graph is a special type of HLDD graph. Compared to the basic HLDD model used for representing the design (defined in Section 3), these graphs have two distinctions. The first distinction is the requirement for all the PPGs to have a standard interface. The second distinction is usage of the HLDD model with a temporal extension. In the following the distinctions will be discussed in detail.
The standard interface for all PPGs was introduced in order to support the hierarchy in a recursive complex property construction described in the next subsection. PPG has one root node and exactly 3 terminal nodes (CHECKING, FAIL and PASS, respectively), as opposed to an arbitrary number of terminal nodes in usual HLDD graph. It has also an optional time range, which shows between which timesteps t min and t max the assertion has to be checked. The standard PPG interface is shown in Figure 5 . Note, that in this paper we support only weak operators. In order to extend the subset to support strong operators a third output PENDING would be needed. Example PPGs created for 4 PSL operators are shown in Figure 6 . Note, that the logic implication operator '->' in Fig. 6b exits to the terminal node 'CHECKING' when the precondition Pa fails. This is due to the fact that in assertion checking the designer is not interested in non-vacuous passes of the property. Also, consider the PPG for operator 'until' shown in Fig. 6d . It is the SERE and 'until' operators that create cyclic THLDDs. In the following subsection an assertion checking algorithm is presented that is capable of handling such cycles.
Complex properties are hierarchically constructed from elementary graphs in PPGs Library in the following way. At first, the property should be parsed. During the parsing phase the PSL property is partitioned into entities containing one operator only. The hierarchy of operators is determined by the PSL operators precedence specified by IEEE1850 Standard.
Hierarchical construction is performed in the topdown manner. It starts for the operators with lowest precedence where the sub-operations are then recursively substituted with the operators having higher precedence. For example, always and never operators have the lowest level of precedence and consequently their corresponding PPGs have the highest level in the hierarchy. The sub-properties (operands) are step-by-step substituted by lower level PPGs until the lowest level where sub-properties are pure signals or HLD operations.
Let us consider an example PSL property for GCD implementation given in Figure 3 . The resulting THLDD graph describing this property is shown in Figure 7 . 
FAIL PASS

Assertion checking using THLDDs
The algorithm for assertion checking using an extension to the basic HLDD simulation presented in Section 3 is presented in Algorithm 2. This step is preceeded by executing Algorithm 1 which calculates the simulation trace that is a starting point for assertion checking. Algorithm 2 is an extension of HLDD simulation as it takes into account temporal information at the nodes and has an exit condition in order to avoid eternal loops that are due to the cyclic nature of the general case of THLDDs. Table 2 shows the experimental results of assertion checking execution times comparison between THLDD simulator and a state-of-the-art commercial tool from a major CAD vendor. The experimental benchmarks are GCD implementation given in Figure  3 Both simulators were supplied with the same sequences of realistic stimuli providing a good coverage for the assertions. The test lengths are shown in the second column of Table 2 . The third and fourth columns show the simulation (Algorithm 1) and assertion checking (Algorithm 2) execution times required for the THLDD simulator. The fifth (highlighted) and the sixth columns are the total execution time taken by the proposed approach and the commercial tool, respectively. The values in the sixth column include approximately 0.5 sec of simulation initialization time for the commercial tool that was impossible to exclude from the measurement. The both tools have shown the identical responses about the assertion satisfactions and violations.
Experimental results
The experimental results show the feasibility of the proposed approach and a significant speed-up (2 times) in the execution time required for design simulation with assertion checking by the proposed approach compared to state-of-the-art commercial tool. 
Conclusions
Current paper proposed a novel method for checking Property Specification Language (PSL) assertions using a new model representation called Temporally extended High-Level Decision Diagrams (THLDDs). Previous works have shown that HLDDs are an efficient model for simulation and diagnosis since they provide for a fast evaluation by graph traversal and for easy identification of cause-effect relationships. In this paper, the model was extended to support temporal operations inherent in PSL properties and also to directly support assertion checking. We presented a hierarchical approach to generate THLDDs based on a library of Primitive Property Graphs (PPG). Basic algorithms for THLDD based assertion checking were discussed.
As a future work we see development of assertion checking methods based on event-driven simulation using THLDDs and their integration to design error diagnosis and debug solutions.
