add formal

Author: mattvenn

formal/README.md

@@ -0,0 +1,14 @@
+# Formal Verification of the basic mux
+
+Run
+    
+    sby -f config.sby
+
+To make a proof that the ins, outs and bidirectionals are all connected correctly.
+
+## Setup
+
+* config.sby lists all the files needed for the verification.
+* tt_top_formal.v instantiates tt_top.v and loops back the outputs and inputs
+* tt_um_formal.v is a user project that asserts that when its enabled, the inputs are driven by the outputs
+* p_wrapper.v is a replacement for p00, p01, p02, p03_wrapper.v that just instantiates tt_um_formal for each design

formal/config.sby

@@ -0,0 +1,24 @@
+[options]
+multiclock on
+mode prove
+# mode cover
+depth 10
+
+[engines]
+smtbmc
+
+[script]
+read -noverific
+read -sv sg13g2_io.v tt_top.v basic_mux.v counter.v p_wrappers.v tt_um_formal.v tt_top_formal.v
+
+# convert tribuf to logic
+prep -top tt_top_formal; flatten #; tribuf -logic
+
+[files]
+../IHP-Open-PDK/ihp-sg13g2/libs.ref/sg13g2_io/verilog/sg13g2_io.v
+../designs/src/tt-chip/tt_top.v
+../designs/src/tt-chip/basic_mux.v
+../designs/src/tt-chip/counter.v
+p_wrappers.v
+tt_um_formal.v
+tt_top_formal.v

formal/formal.gtkw

@@ -0,0 +1,88 @@
+[*]
+[*] GTKWave Analyzer v3.4.0 (w)1999-2022 BSI
+[*] Wed Jul 24 13:38:14 2024
+[*]
+[dumpfile] "/home/matt/work/asic-workshop/shuttle-tt08/tinytapeout-ihp-0p1/formal/config/engine_0/trace0.vcd"
+[dumpfile_mtime] "Wed Jul 24 13:37:13 2024"
+[dumpfile_size] 13126
+[savefile] "/home/matt/work/asic-workshop/shuttle-tt08/tinytapeout-ihp-0p1/formal/formal.gtkw"
+[timestart] 0
+[size] 2124 977
+[pos] -1 -1
+*-2.866297 4 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1
+[treeopen] tt_top_formal.
+[treeopen] tt_top_formal.tt_top.
+[treeopen] tt_top_formal.tt_top.mux_I.
+[treeopen] tt_top_formal.tt_top.mux_I.p00_I.
+[treeopen] tt_top_formal.tt_top.mux_I.p00_I.p_wrapper.
+[treeopen] tt_top_formal.tt_top.mux_I.p03_I.
+[treeopen] tt_top_formal.tt_top.mux_I.p03_I.p_wrapper.
+[sst_width] 333
+[signals_width] 534
+[sst_expanded] 1
+[sst_vpaned_height] 288
+@28
+tt_top_formal.clk
+@22
+tt_top_formal.tt_top.counter_I.addr[4:0]
+@28
+tt_top_formal.ctrl_ena
+tt_top_formal.ctrl_sel_inc
+tt_top_formal.ctrl_sel_rst_n
+tt_top_formal.loopback_in
+tt_top_formal.loopback_out
+tt_top_formal.rst_n
+@22
+tt_top_formal.ui_in[7:0]
+tt_top_formal.uio[7:0]
+tt_top_formal.uo_out[7:0]
+@800200
+-bidirs
+@22
+tt_top_formal.tt_top.uio_in[7:0]
+tt_top_formal.tt_top.uio_oe[7:0]
+tt_top_formal.tt_top.uio_out[7:0]
+@1000200
+-bidirs
+@800201
+-wrapper1
+@29
+tt_top_formal.tt_top.mux_I.p00_I.ena
+@23
+tt_top_formal.tt_top.mux_I.p00_I.p_wrapper.tt_um_formal.ui_in[7:0]
+tt_top_formal.tt_top.mux_I.p00_I.p_wrapper.tt_um_formal.uio_in[7:0]
+tt_top_formal.tt_top.mux_I.p00_I.p_wrapper.tt_um_formal.uio_oe[7:0]
+tt_top_formal.tt_top.mux_I.p00_I.p_wrapper.tt_um_formal.uio_out[7:0]
+tt_top_formal.tt_top.mux_I.p00_I.p_wrapper.tt_um_formal.uo_out[7:0]
+@1000201
+-wrapper1
+@28
+tt_top_formal.tt_top.mux_I.p01_I.ena
+tt_top_formal.tt_top.mux_I.p02_I.ena
+@800200
+-wrapper4
+@28
+tt_top_formal.tt_top.mux_I.p03_I.ena
+@22
+tt_top_formal.tt_top.mux_I.p03_I.p_wrapper.tt_um_formal.ui_in[7:0]
+tt_top_formal.tt_top.mux_I.p03_I.p_wrapper.tt_um_formal.uio_in[7:0]
+@c00022
+tt_top_formal.tt_top.mux_I.p03_I.p_wrapper.tt_um_formal.uio_oe[7:0]
+@28
+(0)tt_top_formal.tt_top.mux_I.p03_I.p_wrapper.tt_um_formal.uio_oe[7:0]
+(1)tt_top_formal.tt_top.mux_I.p03_I.p_wrapper.tt_um_formal.uio_oe[7:0]
+(2)tt_top_formal.tt_top.mux_I.p03_I.p_wrapper.tt_um_formal.uio_oe[7:0]
+(3)tt_top_formal.tt_top.mux_I.p03_I.p_wrapper.tt_um_formal.uio_oe[7:0]
+(4)tt_top_formal.tt_top.mux_I.p03_I.p_wrapper.tt_um_formal.uio_oe[7:0]
+(5)tt_top_formal.tt_top.mux_I.p03_I.p_wrapper.tt_um_formal.uio_oe[7:0]
+(6)tt_top_formal.tt_top.mux_I.p03_I.p_wrapper.tt_um_formal.uio_oe[7:0]
+(7)tt_top_formal.tt_top.mux_I.p03_I.p_wrapper.tt_um_formal.uio_oe[7:0]
+@1401200
+-group_end
+@22
+tt_top_formal.tt_top.mux_I.p03_I.p_wrapper.tt_um_formal.uio_out[7:0]
+tt_top_formal.tt_top.mux_I.p03_I.p_wrapper.tt_um_formal.uo_out[7:0]
+@1000200
+-wrapper4
+[pattern_trace] 1
+[pattern_trace] 0

formal/p_wrappers.v

@@ -0,0 +1,87 @@
+`default_nettype none
+
+module p00_wrapper (
+  input wire ena,
+  input wire [17:0] iw,
+  output wire [23:0] ow
+);
+
+p_wrapper p_wrapper(
+    .ena(ena),
+    .iw(iw),
+    .ow(ow)
+);
+
+endmodule
+
+module p01_wrapper (
+  input wire ena,
+  input wire [17:0] iw,
+  output wire [23:0] ow
+);
+
+p_wrapper p_wrapper(
+    .ena(ena),
+    .iw(iw),
+    .ow(ow)
+);
+
+endmodule
+
+module p02_wrapper (
+  input wire ena,
+  input wire [17:0] iw,
+  output wire [23:0] ow
+);
+
+p_wrapper p_wrapper(
+    .ena(ena),
+    .iw(iw),
+    .ow(ow)
+);
+
+endmodule
+
+module p03_wrapper (
+  input wire ena,
+  input wire [17:0] iw,
+  output wire [23:0] ow
+);
+
+p_wrapper p_wrapper(
+    .ena(ena),
+    .iw(iw),
+    .ow(ow)
+);
+
+endmodule
+
+module p_wrapper (
+  input wire ena,
+  input wire [17:0] iw,
+  output wire [23:0] ow
+);
+
+wire [7:0] uio_in;
+wire [7:0] uio_out;
+wire [7:0] uio_oe;
+wire [7:0] uo_out;
+wire [7:0] ui_in;
+wire clk;
+wire rst_n;
+
+assign { uio_in, ui_in, rst_n, clk} = iw;
+assign ow = { uio_oe, uio_out, uo_out };
+
+tt_um_formal tt_um_formal (
+  .uio_in  (uio_in),
+  .uio_out (uio_out),
+  .uio_oe  (uio_oe),
+  .uo_out  (uo_out),
+  .ui_in   (ui_in),
+  .ena     (ena),
+  .clk     (clk),
+  .rst_n   (rst_n)
+);
+
+endmodule

formal/tt_top_formal.v

@@ -0,0 +1,39 @@
+
+module tt_top_formal ();
+
+wire ctrl_sel_rst_n;
+wire ctrl_sel_inc;
+wire ctrl_ena;
+wire [7:0] ui_in;
+wire [7:0] uo_out;
+wire [7:0] uio;
+wire clk;
+wire rst_n;
+wire loopback_in;
+wire loopback_out;
+wire unused;
+
+tt_top tt_top(
+    .ctrl_sel_rst_n_PAD(ctrl_sel_rst_n),
+    .ctrl_sel_inc_PAD(ctrl_sel_inc),
+    .ctrl_ena_PAD(ctrl_ena),
+    .ui_in_PAD(ui_in),
+    .uo_out_PAD(uo_out),
+    .uio_PAD(uio),
+    .clk_PAD(clk),
+    .rst_n_PAD(rst_n),
+    .loopback_in_PAD(loopback_in),
+    .loopback_out_PAD(loopback_out),
+    .unused_PAD(unused),
+);
+
+    // loopback the output to the input
+    assign ui_in = uo_out;
+    // loopback the bidirectionals, if they're set as output
+    assign tt_top.uio_in = tt_top.uio_out & tt_top.uio_oe;
+
+    // only useful for cover
+    initial assume(rst_n == 0);
+    initial assume(ctrl_sel_rst_n == 0);
+
+endmodule

formal/tt_um_formal.v

@@ -0,0 +1,48 @@
+/*
+ * tt_um_formal.v
+ *
+ * User module for formal connectivity proof
+ *
+ * Author: Matt Venn <[email protected]>
+ */
+
+`default_nettype none
+
+module tt_um_formal (
+	input  wire [7:0] ui_in,	// Dedicated inputs
+	output wire [7:0] uo_out,	// Dedicated outputs
+	input  wire [7:0] uio_in,	// IOs: Input path
+	output wire [7:0] uio_out,	// IOs: Output path
+	output wire [7:0] uio_oe,	// IOs: Enable path (active high: 0=input, 1=output)
+	input  wire       ena,
+	input  wire       clk,
+	input  wire       rst_n
+);
+    
+    // let solver drive the outputs
+    rand reg [7:0] anyseq1; assign uo_out   = anyseq1;
+    // bidirectional outputs
+    rand reg [7:0] anyseq2; assign uio_out  = anyseq2;
+    // bidirectional enables
+    rand reg [7:0] anyseq3; assign uio_oe   = anyseq3;
+    
+    always @(*) begin
+        if(ena) begin
+            // if design is enabled, looped back inputs must = outputs
+            assert(ui_in == uo_out);
+            // bidirectional outputs, only should match if oe is set
+            assert(uio_in == (uio_out & uio_oe));
+            cover(ui_in == 8'hAA);
+            cover(uio_in == 8'hAA);
+        end else begin
+            // otherwise inputs must be 0
+            assert(ui_in == 0);
+            // design is in reset 
+            assert(rst_n == 0);
+            // no clock
+            assert(clk == 0);
+        end
+    end
+
+endmodule // tt_um_formal
+