1

how can I translate PSL or SVA liveness assertions into verilog either by hand or automatically using a (open source) tool? i can do simple safety properties but i have no clue about liveness properties. i know some commercial tools have this feature to check Verilog designs, but i do not have access to them.

for example, i want to translate a liveness assertion in PSL like assert always req -> eventually! ack; into an equivalent Verilog circuit, so that i can use some tools to model check whether this property exists.

  • edit was made to rephrase from "is it possible to translate..." to "how do i translate" thanks ira!
AndresM
  • 1,293
  • 10
  • 19
adrianX
  • 619
  • 7
  • 21
  • 1
    If some existing commercial tools can do it, then so can you. What is your specific question? [There's an implicit question: "given that you have an algorithm to implement, what's the best infrastructure for doing this?"] – Ira Baxter Feb 17 '15 at 10:51
  • rephrased my question - thanks for pointing! – adrianX Feb 17 '15 at 13:15
  • A cheap trick is to assume that "eventually" means some bounded number of clocks. Then "req==false" holds a counter reset, otherwise the counter counts clocks; when some 2^N bit in the counter goes true, insist that "2^N implies ack". You can generalize this idea to more complex temporal conditions with more counters and cascaded checking, I think. If the logic of "ack" is purely combinational, a single clock ("N=1") will be sufficient. I'm sure there are cleverer things you can do, which is why this is only a comment, but this would get you a workable starting point. – Ira Baxter Feb 17 '15 at 15:59

1 Answers1

1

The question should really be "How can I translate a static formal property like liveness or safety into an assertion that can be checked with a dynamic simulator? The answer is: you can't. Or you can't realistically translate it into an equivalent assertion.

The problem with trying to approximate a liveness assertion in simulation is that you would need to provide exhaustive stimulus for the assertion to execute as well. Then you would need to prove that the stimulus was exhaustive. You might be able to do this for a few simple cases, but it will quickly explode as more signals get involved.

dave_59
  • 39,096
  • 3
  • 24
  • 63