tmeissner
/
formal_hw_verification
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 6 Wiki Activity
Trying to verify Verilog/VHDL designs with formal methods and tools
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
56 Commits
3 Branches
324 KiB
Tree: 3d57fff226
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3d57fff226'
${ noResults }
formal_hw_verification/vai_reg/vai_reg.psl

195 lines
6.6 KiB
Raw Normal View History

Replace reset checks by async VHDL asserts; Add assumptions about inputs
3 years ago
 
  1. vunit formal (vai_reg(rtl)) {
  2. 

  3. 

  4.     signal s_addr : natural range 0 to 15;
  5. 

  6.     type t_cmd is (READ, WRITE, NOP);
  7.     signal s_cmd : t_cmd;
  8. 

  9.     type t_vai is record
  10.       Start  : std_logic;
  11.       Stop   : std_logic;
  12.       Data   : std_logic_vector(7 downto 0);
  13.       Valid  : std_logic;
  14.       Accept : std_logic;
  15.     end record t_vai;
  16. 

  17.     signal s_job_req : t_vai;
  18.     signal s_job_ack : t_vai;
  19. 

  20. 

  21.     -- VHDL helper logic
  22.     process is
  23.     begin
  24.       wait until rising_edge(Clk_i);
  25.       s_job_req <= (DinStart_i, DinStop_i, Din_i, DinValid_i, DinAccept_o);
  26.       s_job_ack <= (DoutStart_o, DoutStop_o, Dout_o, DoutValid_o, DoutAccept_i);
  27.       if (s_fsm_state = GET_HEADER) then
  28.         if (DinValid_i = '1' and DinStart_i = '1') then
  29.           s_cmd  <= READ  when Din_i(3 downto 0) = x"0" else
  30.                     WRITE when Din_i(3 downto 0) = x"1" else
  31.                     NOP;
  32.           s_addr <= to_integer(unsigned(Din_i(7 downto 4)));
  33.         end if;
  34.       end if;
  35.     end process;
  36. 

  37. 

  38.     default clock is rising_edge(Clk_i);
  39. 

  40.     -- RESTRICTIONS
  41. 

  42.     -- Initial reset
  43.     INITIAL_RESET : restrict {Reset_n_i = '0'[*2]; Reset_n_i = '1'[+]}[*1];
  44. 

  45. 

  46.     -- CONSTRAINTS
  47. 

  48.     -- Valid stable until accepted
  49.     JOB_REQ_VALID_STABLE : assume always
  50.       DinValid_i and not DinAccept_o -> next (DinValid_i until_ DinAccept_o);
  51. 

  52.     -- Start stable until accepted
  53.     JOB_REQ_START_STABLE : assume always
  54.       DinValid_i and not DinAccept_o -> next (DinStart_i = s_job_req.Start until_ DinAccept_o);
  55. 

  56.     -- Stop stable until accepted
  57.     JOB_REQ_STOP_STABLE : assume always
  58.       DinValid_i and not DinAccept_o -> next (DinStop_i = s_job_req.Stop until_ DinAccept_o);
  59. 

  60.     -- Data stable until accepted
  61.     JOB_REQ_DIN_STABLE : assume always
  62.       DinValid_i and not DinAccept_o -> next (Din_i = s_job_req.Data until_ DinAccept_o);
  63. 

  64. 

  65.     -- ASSERTIONS
  66. 

  67.     -- Reset values
  68.     AFTER_RESET : assert always
  69.       not Reset_n_i
  70.       ->
  71.       s_fsm_state = IDLE and
  72.       not DinAccept_o and
  73.       not DoutStart_o and
  74.       not DoutStop_o  and
  75.       not DoutValid_o and
  76.       s_register = (0 to 7 => x"00");
  77. 

  78.     -- FSM states in valid range
  79.     FSM_STATES_VALID : assert always
  80.       s_fsm_state = IDLE or s_fsm_state = GET_HEADER or
  81.       s_fsm_state = GET_DATA or s_fsm_state = SET_DATA or
  82.       s_fsm_state = SEND_HEADER or s_fsm_state = SEND_DATA or
  83.       s_fsm_state = SEND_FOOTER;
  84. 

  85.     -- Discard jobs with invalid command
  86.     INV_CMD_DISCARD : assert always
  87.       s_fsm_state = GET_HEADER and DinValid_i = '1' and DinStart_i = '1' and
  88.       Din_i(3 downto 0) /= x"0" and Din_i(3 downto 0) /= x"1"
  89.       ->
  90.       next s_fsm_state = IDLE;
  91. 

  92.     -- Discard read job with invalid stop flags
  93.     READ_INV_FLAGS_DISCARD : assert always
  94.       s_fsm_state = GET_HEADER and DinValid_i = '1' and DinStart_i = '1' and
  95.       Din_i(3 downto 0) = x"0" and DinStop_i = '0'
  96.       ->
  97.       next s_fsm_state = IDLE;
  98. 

  99.     -- Discard write job with invalid stop flags
  100.     WRITE_INV_FLAGS_DISCARD : assert always
  101.       s_fsm_state = GET_HEADER and DinValid_i = '1' and DinStart_i = '1' and
  102.       Din_i(3 downto 0) = x"1" and DinStop_i = '1'
  103.       ->
  104.       next s_fsm_state = IDLE;
  105. 

  106.     -- After a valid job read request,
  107.     -- a job read acknowledge has to follow
  108.     READ_VALID_ACK : assert always
  109.       {s_fsm_state = GET_HEADER and DinValid_i = '1' and DinStart_i = '1' and
  110.        Din_i(3 downto 0) = x"0" and DinStop_i = '1'}
  111.       |=>
  112.       {-- Job ack header cycle
  113.        not DoutValid_o [*];
  114.        DoutValid_o and DoutStart_o and not DoutAccept_i [*];
  115.        DoutValid_o and DoutStart_o and DoutAccept_i;
  116.        -- Job ack data cycle
  117.        not DoutValid_o [*];
  118.        DoutValid_o and not DoutStart_o and not DoutStop_o and not DoutAccept_i [*];
  119.        DoutValid_o and not DoutStart_o and not DoutStop_o and DoutAccept_i;
  120.        -- Job ack footer cycle
  121.        not DoutValid_o [*];
  122.        DoutValid_o and DoutStop_o};
  123. 

  124.     -- After a valid job write request,
  125.     -- a job read acknowledge has to follow
  126.     WRITE_VALID_ACK : assert always
  127.       {s_fsm_state = GET_HEADER and DinValid_i = '1' and DinStart_i = '1' and
  128.        Din_i(3 downto 0) = x"1" and DinStop_i = '0';
  129.        not DinValid_i [*];
  130.        DinValid_i and DinStop_i}
  131.       |=>
  132.       {-- Job ack header cycle
  133.        not DoutValid_o [*];
  134.        DoutValid_o and DoutStart_o and not DoutAccept_i [*];
  135.        DoutValid_o and DoutStart_o and DoutAccept_i;
  136.        -- Job ack footer cycle
  137.        not DoutValid_o [*];
  138.        DoutValid_o and DoutStop_o};
  139. 

  140.      -- Start & stop flag have to be exclusive
  141.      JOB_ACK_NEVER_START_STOP : assert never
  142.        DoutStart_o and DoutStop_o;
  143. 

  144.      -- Start & Stop have to be active together with valid
  145.      JOB_ACK_START_STOP_VALID : assert always
  146.        DoutStart_o or DoutStop_o -> DoutValid_o;
  147. 

  148.      -- Valid has to be stable until accepted
  149.      JOB_ACK_VALID_STABLE : assert always
  150.        DoutValid_o and not DoutAccept_i -> next (DoutValid_o until_ DoutAccept_i);
  151. 

  152.      -- Start has to be stable until accepted
  153.      JOB_ACK_START_STABLE : assert always
  154.        DoutValid_o and not DoutAccept_i -> next (DoutStart_o = s_job_ack.Start until_ DoutAccept_i);
  155. 

  156.      -- Stop has to be stable until accepted
  157.      JOB_ACK_STOP_STABLE : assert always
  158.        DoutValid_o and not DoutAccept_i -> next (DoutStop_o = s_job_ack.Stop until_ DoutAccept_i);
  159. 

  160.      -- Data has to be stable until accepted
  161.      JOB_ACK_DOUT_STABLE : assert always
  162.        DoutValid_o and not DoutAccept_i -> next (Dout_o = s_job_ack.Data until_ DoutAccept_i);
  163. 

  164.     -- Data from selected address has to be read
  165.     READ_DATA : assert always
  166.       DoutValid_o and not DoutStart_o and not DoutStop_o and s_addr <= 7
  167.       ->
  168.       Dout_o = s_register(s_addr);
  169. 

  170.     -- 0 has to be read when invalid address is given
  171.     READ_DATA_INV_ADDR : assert always
  172.       DoutValid_o and not DoutStart_o and not DoutStop_o and s_addr > 7
  173.       ->
  174.       Dout_o = x"00";
  175. 

  176.     -- Register has to be written at given address with given data
  177.     -- when correct job req write occurs
  178.     WRITE_DATA : assert always
  179.       -- Job req header cycle
  180.       {s_fsm_state = GET_HEADER and DinValid_i = '1' and DinStart_i = '1' and
  181.        Din_i(3 downto 0) = x"1" and unsigned(Din_i(7 downto 4)) <= 7 and DinStop_i = '0';
  182.        -- Job req data / footer cycle
  183.        not DinValid_i [*];
  184.        DinValid_i and not DinStart_i and DinStop_i and not DinAccept_o [*];
  185.        DinValid_i and not DinStart_i and DinStop_i and DinAccept_o}
  186.       |=>
  187.       {s_register(s_addr) = s_job_req.Data};
  188. 

  189. 

  190.     -- FUNCTIONAL COVERAGE
  191. 

  192.     FOOTER_VALID : cover {DoutValid_o = '1' and DoutStop_o = '1' and Dout_o = 8x"0"};
  193.     FOOTER_ERR   : cover {DoutValid_o = '1' and DoutStop_o = '1' and Dout_o = 8x"1"};
  194. 

  195. }