tmeissner
/
formal_hw_verification
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 6 Wiki Activity
Trying to verify Verilog/VHDL designs with formal methods and tools
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33 Commits
3 Branches
324 KiB
Tree: 6c3a6db83b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6c3a6db83b'
${ noResults }
formal_hw_verification/vai_reg/vai_reg.vhd

368 lines
11 KiB
Raw Normal View History

Add simple VAI register file as base to try to formal verify FSM designs
5 years ago
Add many new asserts & covers
5 years ago
Add simple VAI register file as base to try to formal verify FSM designs
5 years ago
Add DoutValid_o to condition for state change in putput states
5 years ago
Add simple VAI register file as base to try to formal verify FSM designs
5 years ago
Simplify signal generation
5 years ago
Add DoutValid_o to condition for state change in putput states
5 years ago
Add simple VAI register file as base to try to formal verify FSM designs
5 years ago
Fix req cai handling; add more properties
5 years ago
Add simple VAI register file as base to try to formal verify FSM designs
5 years ago
Add many new asserts & covers
5 years ago
Add simple VAI register file as base to try to formal verify FSM designs
5 years ago
Fix req cai handling; add more properties
5 years ago
Add simple VAI register file as base to try to formal verify FSM designs
5 years ago
Fix req cai handling; add more properties
5 years ago
Add simple VAI register file as base to try to formal verify FSM designs
5 years ago
GHDL supports memory with resets, finally
5 years ago
Add simple VAI register file as base to try to formal verify FSM designs
5 years ago
Remove unused SVA properties file; Makefile optimizations; use prep auto-top option to prevent error with not founded top-level module
4 years ago
Add simple VAI register file as base to try to formal verify FSM designs
5 years ago
Add DoutValid_o to condition for state change in putput states
5 years ago
Add simple VAI register file as base to try to formal verify FSM designs
5 years ago
Add DoutValid_o to condition for state change in putput states
5 years ago
Add simple VAI register file as base to try to formal verify FSM designs
5 years ago
Add DoutValid_o to condition for state change in putput states
5 years ago
Add simple VAI register file as base to try to formal verify FSM designs
5 years ago
Adapt to use GHDL as plugin for Yosys VHDL synthesis
5 years ago
Add many new asserts & covers
5 years ago
GHDL supports memory with resets, finally
5 years ago
Add many new asserts & covers
5 years ago
Add Assumptions about job req VAI interface
5 years ago
Add many new asserts & covers
5 years ago
GHDL supports memory with resets, finally
5 years ago
Add Assumptions about job req VAI interface
5 years ago
GHDL supports memory with resets, finally
5 years ago
Add Assumptions about job req VAI interface
5 years ago
Add many new asserts & covers
5 years ago
GHDL supports memory with resets, finally
5 years ago
Add many new asserts & covers
5 years ago
Add Assumptions about job req VAI interface
5 years ago
Add many new asserts & covers
5 years ago
GHDL supports memory with resets, finally
5 years ago
Add Assumptions about job req VAI interface
5 years ago
Add many new asserts & covers
5 years ago
Add Assumptions about job req VAI interface
5 years ago
GHDL supports memory with resets, finally
5 years ago
Add Assumptions about job req VAI interface
5 years ago
GHDL supports memory with resets, finally
5 years ago
Add Assumptions about job req VAI interface
5 years ago
GHDL supports memory with resets, finally
5 years ago
Add Assumptions about job req VAI interface
5 years ago
GHDL supports memory with resets, finally
5 years ago
Add many new asserts & covers
5 years ago
GHDL supports memory with resets, finally
5 years ago
Add many new asserts & covers
5 years ago
GHDL supports memory with resets, finally
5 years ago
Add many new asserts & covers
5 years ago
GHDL supports memory with resets, finally
5 years ago
Add many new asserts & covers
5 years ago
GHDL supports memory with resets, finally
5 years ago
Add many new asserts & covers
5 years ago
GHDL supports memory with resets, finally
5 years ago
Add many new asserts & covers
5 years ago
GHDL supports memory with resets, finally
5 years ago
Add many new asserts & covers
5 years ago
GHDL supports memory with resets, finally
5 years ago
Add many new asserts & covers
5 years ago
Add Assumptions about job req VAI interface
5 years ago
Add many new asserts & covers
5 years ago
Add Assumptions about job req VAI interface
5 years ago
Add many new asserts & covers
5 years ago
Add Assumptions about job req VAI interface
5 years ago
Add many new asserts & covers
5 years ago
Add Assumptions about job req VAI interface
5 years ago
Add many new asserts & covers
5 years ago
Add Assumptions about job req VAI interface
5 years ago
Add many new asserts & covers
5 years ago
Add Assumptions about job req VAI interface
5 years ago
Add many new asserts & covers
5 years ago
GHDL supports memory with resets, finally
5 years ago
Add many new asserts & covers
5 years ago
Add Assumptions about job req VAI interface
5 years ago
Add many new asserts & covers
5 years ago
GHDL supports memory with resets, finally
5 years ago
Add many new asserts & covers
5 years ago
Adapt to use GHDL as plugin for Yosys VHDL synthesis
5 years ago
Add simple VAI register file as base to try to formal verify FSM designs
5 years ago
 
  1. library ieee;
  2. use ieee.std_logic_1164.all;
  3. use ieee.numeric_std.all;
  4. 

  5. 

  6. 

  7. entity vai_reg is
  8.   generic (
  9.     Formal : boolean := true
  10.   );
  11.   port (
  12.     Reset_n_i    : in  std_logic;
  13.     Clk_i        : in  std_logic;
  14.     -- req
  15.     Din_i        : in  std_logic_vector(7 downto 0);
  16.     DinValid_i   : in  std_logic;
  17.     DinStart_i   : in  std_logic;
  18.     DinStop_i    : in  std_logic;
  19.     DinAccept_o  : out std_logic;
  20.     -- ack
  21.     Dout_o       : out std_logic_vector(7 downto 0);
  22.     DoutValid_o  : out std_logic;
  23.     DoutStart_o  : out std_logic;
  24.     DoutStop_o   : out std_logic;
  25.     DoutAccept_i : in  std_logic
  26.   );
  27. end entity vai_reg;
  28. 

  29. 

  30. 

  31. architecture rtl of vai_reg is
  32. 

  33. 

  34.   constant C_READ  : std_logic_vector(3 downto 0) := x"0";
  35.   constant C_WRITE : std_logic_vector(3 downto 0) := x"1";
  36. 

  37.   type t_fsm_state is (IDLE, GET_HEADER, GET_DATA,
  38.                        SET_DATA, SEND_HEADER, SEND_DATA, SEND_FOOTER);
  39.   signal s_fsm_state : t_fsm_state;
  40. 

  41.   type t_register is array(0 to 7) of std_logic_vector(7 downto 0);
  42.   signal s_register : t_register;
  43. 

  44.   signal s_header : std_logic_vector(7 downto 0);
  45.   signal s_data   : std_logic_vector(7 downto 0);
  46. 

  47.   signal s_error : boolean;
  48.   signal s_dout_accepted : boolean;
  49. 

  50.   alias a_addr : std_logic_vector(3 downto 0) is s_header(7 downto 4);
  51. 

  52. 

  53. begin
  54. 

  55. 

  56.   s_dout_accepted <= (DoutValid_o and DoutAccept_i) = '1';
  57. 

  58. 

  59.   process (Reset_n_i, Clk_i) is
  60.   begin
  61.     if (Reset_n_i = '0') then
  62.       DinAccept_o <= '0';
  63.       DoutStart_o <= '0';
  64.       DoutStop_o  <= '0';
  65.       DoutValid_o <= '0';
  66.       Dout_o      <= (others => '0');
  67.       s_header    <= (others => '0');
  68.       s_data      <= (others => '0');
  69.       s_register  <= (others => (others => '0'));
  70.       s_error     <= false;
  71.       s_fsm_state <= IDLE;
  72.     elsif (rising_edge(Clk_i)) then
  73.       case s_fsm_state is
  74. 

  75.         when IDLE =>
  76.           DinAccept_o <= '0';
  77.           DoutStart_o <= '0';
  78.           DoutStop_o  <= '0';
  79.           DoutValid_o <= '0';
  80.           Dout_o      <= (others => '0');
  81.           s_header    <= (others => '0');
  82.           s_data      <= (others => '0');
  83.           s_error     <= false;
  84.           DinAccept_o <= '1';
  85.           s_fsm_state <= GET_HEADER;
  86. 

  87.         when GET_HEADER =>
  88.           if (DinValid_i = '1' and DinStart_i = '1') then
  89.             s_header <= Din_i;
  90.             if (Din_i(3 downto 0) = C_READ and DinStop_i = '1') then
  91.               DinAccept_o <= '0';
  92.               s_fsm_state <= GET_DATA;
  93.             elsif (Din_i(3 downto 0) = C_WRITE and DinStop_i = '0') then
  94.               s_fsm_state <= SET_DATA;
  95.             else
  96.               DinAccept_o <= '0';
  97.               s_fsm_state <= IDLE;
  98.             end if;
  99.           end if;
  100. 

  101.         when GET_DATA =>
  102.           if (unsigned(a_addr) <= 7) then
  103.             s_data <= s_register(to_integer(unsigned(a_addr)));
  104.           else
  105.             s_error <= true;
  106.             s_data  <= (others => '0');
  107.           end if;
  108.           s_fsm_state <= SEND_HEADER;
  109. 

  110.         when SET_DATA =>
  111.           if (DinValid_i = '1') then
  112.             DinAccept_o <= '0';
  113.             if (DinStop_i = '1') then
  114.               if (unsigned(a_addr) <= 7) then
  115.                 s_register(to_integer(unsigned(a_addr))) <= Din_i;
  116.               else
  117.                 s_error <= true;
  118.               end if;
  119.               s_fsm_state <= SEND_HEADER;
  120.             else
  121.               s_fsm_state <= IDLE;
  122.             end if;
  123.           end if;
  124. 

  125.         when SEND_HEADER =>
  126.           DoutValid_o <= '1';
  127.           DoutStart_o <= '1';
  128.           Dout_o      <= s_header;
  129.           if (s_dout_accepted) then
  130.             DoutValid_o <= '0';
  131.             DoutStart_o <= '0';
  132.             if (s_header(3 downto 0) = C_WRITE) then
  133.               s_fsm_state <= SEND_FOOTER;
  134.             else
  135.               s_fsm_state <= SEND_DATA;
  136.             end if;
  137.           end if;
  138. 

  139.         when SEND_DATA =>
  140.           DoutValid_o <= '1';
  141.           Dout_o      <= s_data;
  142.           if (s_dout_accepted) then
  143.             DoutValid_o <= '0';
  144.             s_fsm_state <= SEND_FOOTER;
  145.           end if;
  146. 

  147.         when SEND_FOOTER =>
  148.           DoutValid_o <= '1';
  149.           DoutStop_o  <= '1';
  150.           Dout_o      <= x"01" when s_error else x"00";
  151.           if (s_dout_accepted) then
  152.             Dout_o      <= (others => '0');
  153.             DoutValid_o <= '0';
  154.             DoutStop_o  <= '0';
  155.             s_fsm_state <= IDLE;
  156.           end if;
  157. 

  158.         when others => null;
  159. 

  160.       end case;
  161.     end if;
  162.   end process;
  163. 

  164. 

  165. 

  166.   FormalG : if Formal generate
  167. 

  168. 

  169.     signal s_addr : natural range 0 to 15;
  170. 

  171.     type t_cmd is (READ, WRITE, NOP);
  172.     signal s_cmd : t_cmd;
  173. 

  174.     type t_vai is record
  175.       Start  : std_logic;
  176.       Stop   : std_logic;
  177.       Data   : std_logic_vector(7 downto 0);
  178.       Valid  : std_logic;
  179.       Accept : std_logic;
  180.     end record t_vai;
  181. 

  182.     signal s_job_req : t_vai;
  183.     signal s_job_ack : t_vai;
  184. 

  185. 

  186.   begin
  187. 

  188. 

  189.     -- VHDL helper logic
  190.     process is
  191.     begin
  192.       wait until rising_edge(Clk_i);
  193.       s_job_req <= (DinStart_i, DinStop_i, Din_i, DinValid_i, DinAccept_o);
  194.       s_job_ack <= (DoutStart_o, DoutStop_o, Dout_o, DoutValid_o, DoutAccept_i);
  195.       if (s_fsm_state = GET_HEADER) then
  196.         if (DinValid_i = '1' and DinStart_i = '1') then
  197.           s_cmd  <= READ  when Din_i(3 downto 0) = x"0" else
  198.                     WRITE when Din_i(3 downto 0) = x"1" else
  199.                     NOP;
  200.           s_addr <= to_integer(unsigned(Din_i(7 downto 4)));
  201.         end if;
  202.       end if;
  203.     end process;
  204. 

  205. 

  206.     default clock is rising_edge(Clk_i);
  207. 

  208.     -- RESTRICTIONS
  209. 

  210.     -- Initial reset
  211.     INITIAL_RESET : restrict {Reset_n_i = '0'[*2]; Reset_n_i = '1'[+]}[*1];
  212. 

  213. 

  214.     -- CONSTRAINTS
  215. 

  216.     -- Valid stable until accepted
  217.     JOB_REQ_VALID_STABLE : assume always
  218.       DinValid_i and not DinAccept_o -> next (DinValid_i until_ DinAccept_o);
  219. 

  220.     -- Start stable until accepted
  221.     JOB_REQ_START_STABLE : assume always
  222.       DinValid_i and not DinAccept_o -> next (DinStart_i = s_job_req.Start until_ DinAccept_o);
  223. 

  224.     -- Stop stable until accepted
  225.     JOB_REQ_STOP_STABLE : assume always
  226.       DinValid_i and not DinAccept_o -> next (DinStop_i = s_job_req.Stop until_ DinAccept_o);
  227. 

  228.     -- Data stable until accepted
  229.     JOB_REQ_DIN_STABLE : assume always
  230.       DinValid_i and not DinAccept_o -> next (Din_i = s_job_req.Data until_ DinAccept_o);
  231. 

  232. 

  233.     -- ASSERTIONS
  234. 

  235.     -- Reset values
  236.     AFTER_RESET : assert always
  237.       not Reset_n_i
  238.       ->
  239.       s_fsm_state = IDLE and
  240.       not DinAccept_o and
  241.       not DoutStart_o and
  242.       not DoutStop_o  and
  243.       not DoutValid_o and
  244.       s_register = (0 to 7 => x"00");
  245. 

  246.     -- FSM states in valid range
  247.     FSM_STATES_VALID : assert always
  248.       s_fsm_state = IDLE or s_fsm_state = GET_HEADER or
  249.       s_fsm_state = GET_DATA or s_fsm_state = SET_DATA or
  250.       s_fsm_state = SEND_HEADER or s_fsm_state = SEND_DATA or
  251.       s_fsm_state = SEND_FOOTER;
  252. 

  253.     -- Discard jobs with invalid command
  254.     INV_CMD_DISCARD : assert always
  255.       s_fsm_state = GET_HEADER and DinValid_i = '1' and DinStart_i = '1' and
  256.       Din_i(3 downto 0) /= x"0" and Din_i(3 downto 0) /= x"1"
  257.       ->
  258.       next s_fsm_state = IDLE;
  259. 

  260.     -- Discard read job with invalid stop flags
  261.     READ_INV_FLAGS_DISCARD : assert always
  262.       s_fsm_state = GET_HEADER and DinValid_i = '1' and DinStart_i = '1' and
  263.       Din_i(3 downto 0) = x"0" and DinStop_i = '0'
  264.       ->
  265.       next s_fsm_state = IDLE;
  266. 

  267.     -- Discard write job with invalid stop flags
  268.     WRITE_INV_FLAGS_DISCARD : assert always
  269.       s_fsm_state = GET_HEADER and DinValid_i = '1' and DinStart_i = '1' and
  270.       Din_i(3 downto 0) = x"1" and DinStop_i = '1'
  271.       ->
  272.       next s_fsm_state = IDLE;
  273. 

  274.     -- After a valid job read request,
  275.     -- a job read acknowledge has to follow
  276.     READ_VALID_ACK : assert always
  277.       {s_fsm_state = GET_HEADER and DinValid_i = '1' and DinStart_i = '1' and
  278.        Din_i(3 downto 0) = x"0" and DinStop_i = '1'}
  279.       |=>
  280.       {-- Job ack header cycle
  281.        not DoutValid_o [*];
  282.        DoutValid_o and DoutStart_o and not DoutAccept_i [*];
  283.        DoutValid_o and DoutStart_o and DoutAccept_i;
  284.        -- Job ack data cycle
  285.        not DoutValid_o [*];
  286.        DoutValid_o and not DoutStart_o and not DoutStop_o and not DoutAccept_i [*];
  287.        DoutValid_o and not DoutStart_o and not DoutStop_o and DoutAccept_i;
  288.        -- Job ack footer cycle
  289.        not DoutValid_o [*];
  290.        DoutValid_o and DoutStop_o};
  291. 

  292.     -- After a valid job write request,
  293.     -- a job read acknowledge has to follow
  294.     WRITE_VALID_ACK : assert always
  295.       {s_fsm_state = GET_HEADER and DinValid_i = '1' and DinStart_i = '1' and
  296.        Din_i(3 downto 0) = x"1" and DinStop_i = '0';
  297.        not DinValid_i [*];
  298.        DinValid_i and DinStop_i}
  299.       |=>
  300.       {-- Job ack header cycle
  301.        not DoutValid_o [*];
  302.        DoutValid_o and DoutStart_o and not DoutAccept_i [*];
  303.        DoutValid_o and DoutStart_o and DoutAccept_i;
  304.        -- Job ack footer cycle
  305.        not DoutValid_o [*];
  306.        DoutValid_o and DoutStop_o};
  307. 

  308.      -- Start & stop flag have to be exclusive
  309.      JOB_ACK_NEVER_START_STOP : assert never
  310.        DoutStart_o and DoutStop_o;
  311. 

  312.      -- Start & Stop have to be active together with valid
  313.      JOB_ACK_START_STOP_VALID : assert always
  314.        DoutStart_o or DoutStop_o -> DoutValid_o;
  315. 

  316.      -- Valid has to be stable until accepted
  317.      JOB_ACK_VALID_STABLE : assert always
  318.        DoutValid_o and not DoutAccept_i -> next (DoutValid_o until_ DoutAccept_i);
  319. 

  320.      -- Start has to be stable until accepted
  321.      JOB_ACK_START_STABLE : assert always
  322.        DoutValid_o and not DoutAccept_i -> next (DoutStart_o = s_job_ack.Start until_ DoutAccept_i);
  323. 

  324.      -- Stop has to be stable until accepted
  325.      JOB_ACK_STOP_STABLE : assert always
  326.        DoutValid_o and not DoutAccept_i -> next (DoutStop_o = s_job_ack.Stop until_ DoutAccept_i);
  327. 

  328.      -- Data has to be stable until accepted
  329.      JOB_ACK_DOUT_STABLE : assert always
  330.        DoutValid_o and not DoutAccept_i -> next (Dout_o = s_job_ack.Data until_ DoutAccept_i);
  331. 

  332.     -- Data from selected address has to be read
  333.     READ_DATA : assert always
  334.       DoutValid_o and not DoutStart_o and not DoutStop_o and s_addr <= 7
  335.       ->
  336.       Dout_o = s_register(s_addr);
  337. 

  338.     -- 0 has to be read when invalid address is given
  339.     READ_DATA_INV_ADDR : assert always
  340.       DoutValid_o and not DoutStart_o and not DoutStop_o and s_addr > 7
  341.       ->
  342.       Dout_o = x"00";
  343. 

  344.     -- Register has to be written at given address with given data
  345.     -- when correct job req write occurs
  346.     WRITE_DATA : assert always
  347.       -- Job req header cycle
  348.       {s_fsm_state = GET_HEADER and DinValid_i = '1' and DinStart_i = '1' and
  349.        Din_i(3 downto 0) = x"1" and unsigned(Din_i(7 downto 4)) <= 7 and DinStop_i = '0';
  350.        -- Job req data / footer cycle
  351.        not DinValid_i [*];
  352.        DinValid_i and not DinStart_i and DinStop_i and not DinAccept_o [*];
  353.        DinValid_i and not DinStart_i and DinStop_i and DinAccept_o}
  354.       |=>
  355.       {s_register(s_addr) = s_job_req.Data};
  356. 

  357. 

  358.     -- FUNCTIONAL COVERAGE
  359. 

  360.     FOOTER_VALID : cover {DoutValid_o = '1' and DoutStop_o = '1' and Dout_o = 8x"0"};
  361.     FOOTER_ERR   : cover {DoutValid_o = '1' and DoutStop_o = '1' and Dout_o = 8x"1"};
  362. 

  363. 

  364.   end generate FormalG;
  365. 

  366. 

  367. end architecture rtl;
  368.