SystemVerilog: distinguish assertions

This changes the front-end to distinguish three kinds of assertions/assumptions:

1) concurrent assertions/assumptions ("assert property"), which can be
module items or statements,

2) immediate assertion/assumption statements, and

3) SMV-style assertions/assumptions.

Front-end and BMC back-end support for initial concurrent assertion
statements is added.

Author: kroening

regression/ebmc/Output-Register-Passing/main.v

@@ -13,12 +13,12 @@ module main(in1, in2);
 
  and1 A1 (in1, in2, o1, o2);             
 
- assert property1: o1 == (in1 & in2);
+ always assert property1: o1 == (in1 & in2);
 /* A2 is another instance of      
 ports are referenced to the       
 declaration by name. */           
  and1 A2 (.c(o1),.d(o2),.a(o1),.b(in2)); 
- assert property2: o1 == (in1 & in2);
+ always assert property2: o1 == (in1 & in2);
 endmodule                       
 
 // MODULE DEFINITION              

regression/ebmc/smv/initial1.desc

@@ -0,0 +1,9 @@
+CORE
+initial1.smv
+--bound 0
+^\[main::spec1\] main::var::tmp1 = TRUE: PROVED up to bound 0$
+^\[main::spec2\] main::var::tmp2 = TRUE: REFUTED$
+^EXIT=10$
+^SIGNAL=0$
+--
+^warning: ignoring

regression/ebmc/smv/initial1.smv

@@ -0,0 +1,12 @@
+MODULE main
+
+VAR tmp1: boolean;
+VAR tmp2: boolean;
+
+ASSIGN init(tmp1):=1;
+
+-- should pass
+SPEC tmp1 = 1;
+
+-- should fail
+SPEC tmp2 = 1;

regression/verilog/SVA/initial1.desc

@@ -1,9 +1,13 @@
-KNOWNBUG
+CORE
 initial1.sv
 --module main --bound 1
-^EXIT=0$
+^\[main\.property\.1\] main\.counter == 0: PROVED up to bound 1$
+^\[main\.property\.2\] main\.counter == 100: REFUTED$
+^\[main\.property\.3\] ##1 main\.counter == 1: PROVED up to bound 1$
+^\[main\.property\.4\] ##1 main\.counter == 100: REFUTED$
+^\[main\.property\.5\] s_nexttime main\.counter == 1: PROVED up to bound 1$
+^EXIT=10$
 ^SIGNAL=0$
 --
 ^warning: ignoring
 --
-Syntax is missing for initial label: assert property (...);

regression/verilog/SVA/initial1.sv

@@ -14,7 +14,16 @@ module main(input clk);
   // expected to pass
   initial p0: assert property (counter == 0);
 
+  // expected to fail
+  initial p1: assert property (counter == 100);
+
+  // expected to pass
+  initial p2: assert property (##1 counter == 1);
+
+  // expected to fail
+  initial p2: assert property (##1 counter == 100);
+
   // expected to pass if there are timeframes 0 and 1
-  initial p1: assert property (s_nexttime counter == 1);
+  initial p3: assert property (s_nexttime counter == 1);
 
 endmodule

regression/verilog/modules/parameters2.v

@@ -10,7 +10,7 @@ module test(in1, in2);
 
   my_m #( .Ptop(P), .Qtop(Q) ) m_instance(in1, in2, o1, o2); 
 
-  assert property1: tmp == 4; // should pass
+  always assert property1: tmp == 4; // should pass
 
 endmodule                       
 
@@ -25,6 +25,6 @@ module my_m(a, b, c, d);
 
   wire [3:0] tmp_in_m = Ptop; // tmp1 should be 4 now  
 
-  assert property2: tmp_in_m == 4; // should pass
+  always assert property2: tmp_in_m == 4; // should pass
 
 endmodule

regression/verilog/tasks/tasks1.v

@@ -12,6 +12,6 @@ module main;
     some_task(x, y);
   end
 
-  assert p1: y==x+1;
+  always assert p1: y==x+1;
 
 endmodule

src/hw-cbmc/Makefile

@@ -35,6 +35,7 @@ OBJ+= $(CPROVER_DIR)/goto-checker/goto-checker$(LIBEXT) \
       $(CPROVER_DIR)/solvers/solvers$(LIBEXT) \
       $(CPROVER_DIR)/util/util$(LIBEXT) \
       $(CPROVER_DIR)/json/json$(LIBEXT) \
+      ../temporal-logic/temporal-logic$(LIBEXT) \
       ../trans-netlist/trans_trace$(OBJEXT) \
       ../trans-word-level/trans-word-level$(LIBEXT)
 

src/hw_cbmc_irep_ids.h

@@ -66,6 +66,11 @@ IREP_ID_ONE(force)
 IREP_ID_ONE(deassign)
 IREP_ID_ONE(continuous_assign)
 IREP_ID_ONE(wait)
+IREP_ID_ONE(verilog_assert_property)
+IREP_ID_ONE(verilog_assume_property)
+IREP_ID_ONE(verilog_cover_property)
+IREP_ID_ONE(verilog_smv_assert)
+IREP_ID_ONE(verilog_smv_assume)
 IREP_ID_ONE(verilog_always)
 IREP_ID_ONE(verilog_always_comb)
 IREP_ID_ONE(verilog_always_ff)
@@ -76,7 +81,6 @@ IREP_ID_ONE(initial)
 IREP_ID_ONE(verilog_label_statement)
 IREP_ID_ONE(disable)
 IREP_ID_ONE(fork)
-IREP_ID_ONE(cover)
 IREP_ID_ONE(instance)
 IREP_ID_ONE(named_parameter_assignment)
 IREP_ID_ONE(parameter_assignment)

src/temporal-logic/temporal_logic.cpp

@@ -10,31 +10,28 @@ Author: Daniel Kroening, [email protected]
 
 #include <util/expr_iterator.h>
 
+bool is_temporal_operator(const exprt &expr)
+{
+  return expr.id() == ID_AG || expr.id() == ID_EG || expr.id() == ID_AF ||
+         expr.id() == ID_EF || expr.id() == ID_AX || expr.id() == ID_EX ||
+         expr.id() == ID_A || expr.id() == ID_E || expr.id() == ID_U ||
+         expr.id() == ID_R || expr.id() == ID_G || expr.id() == ID_F ||
+         expr.id() == ID_X || expr.id() == ID_sva_always ||
+         expr.id() == ID_sva_always || expr.id() == ID_sva_nexttime ||
+         expr.id() == ID_sva_s_nexttime || expr.id() == ID_sva_until ||
+         expr.id() == ID_sva_s_until || expr.id() == ID_sva_until_with ||
+         expr.id() == ID_sva_s_until_with || expr.id() == ID_sva_eventually ||
+         expr.id() == ID_sva_s_eventually || expr.id() == ID_sva_cycle_delay;
+}
+
 bool has_temporal_operator(const exprt &expr)
 {
   for(auto subexpr_it = expr.depth_cbegin(), subexpr_end = expr.depth_cend();
       subexpr_it != subexpr_end;
       subexpr_it++)
   {
-    // clang-format off
-    if(
-      subexpr_it->id() == ID_AG || subexpr_it->id() == ID_EG ||
-      subexpr_it->id() == ID_AF || subexpr_it->id() == ID_EF ||
-      subexpr_it->id() == ID_AX || subexpr_it->id() == ID_EX ||
-      subexpr_it->id() == ID_A || subexpr_it->id() == ID_E ||
-      subexpr_it->id() == ID_U || subexpr_it->id() == ID_R ||
-      subexpr_it->id() == ID_G || subexpr_it->id() == ID_F ||
-      subexpr_it->id() == ID_X ||
-      subexpr_it->id() == ID_sva_always || subexpr_it->id() == ID_sva_always ||
-      subexpr_it->id() == ID_sva_nexttime || subexpr_it->id() == ID_sva_s_nexttime ||
-      subexpr_it->id() == ID_sva_until || subexpr_it->id() == ID_sva_s_until ||
-      subexpr_it->id() == ID_sva_until_with || subexpr_it->id() == ID_sva_s_until_with ||
-      subexpr_it->id() == ID_sva_eventually ||
-      subexpr_it->id() == ID_sva_s_eventually)
-    {
+    if(is_temporal_operator(*subexpr_it))
       return true;
-    }
-    // clang-format on
   }
 
   return false;