introduce sva_implies and sva_iff

kroening · kroening · commit 4bdc90ab5b7a · 2024-09-08T18:47:56.000+01:00
This introduces separate expressions for SVA iff and SVA implies.
diff --git a/regression/verilog/SVA/eventually1.desc b/regression/verilog/SVA/eventually1.desc
@@ -1,7 +1,7 @@
 CORE
 eventually1.sv
 --bound 20
-^\[main\.property\.p0\] always \(main\.counter == 1 |-> eventually \[1:2\] main\.counter == 3\): PROVED up to bound 20$
+^\[main\.p0\] always main\.counter == 1 implies \(eventually \[1:2\] main\.counter == 3\): PROVED up to bound 20$
 ^EXIT=0$
 ^SIGNAL=0$
 --
diff --git a/regression/verilog/SVA/sva_iff1.desc b/regression/verilog/SVA/sva_iff1.desc
@@ -0,0 +1,11 @@
+CORE
+sva_iff1.sv
+--bound 0
+^\[main\.p0\] always 1 iff 1: PROVED up to bound 0$
+^\[main\.p1\] always 1 iff 0: REFUTED$
+^\[main\.p2\] always 1 iff 32'b0000000000000000000000000000000x: PROVED up to bound 0$
+^EXIT=10$
+^SIGNAL=0$
+--
+^warning: ignoring
+--
diff --git a/regression/verilog/SVA/sva_iff1.sv b/regression/verilog/SVA/sva_iff1.sv
@@ -0,0 +1,12 @@
+module main;
+
+  // should pass
+  p0: assert property (10 iff 20);
+
+  // should fail
+  p1: assert property (10 iff 0);
+
+  // should fail
+  p2: assert property (10 iff 'bx);
+
+endmodule
diff --git a/regression/verilog/SVA/sva_implies1.desc b/regression/verilog/SVA/sva_implies1.desc
@@ -0,0 +1,11 @@
+CORE
+sva_implies1.sv
+--bound 0
+^\[main\.p0\] always 1 implies 1: PROVED up to bound 0$
+^\[main\.p1\] always 1 implies 0: REFUTED$
+^\[main\.p2\] always 1 implies 32'b0000000000000000000000000000000x: PROVED up to bound 0$
+^EXIT=10$
+^SIGNAL=0$
+--
+^warning: ignoring
+--
diff --git a/regression/verilog/SVA/sva_implies1.sv b/regression/verilog/SVA/sva_implies1.sv
@@ -0,0 +1,12 @@
+module main;
+
+  // should pass
+  p0: assert property (10 implies 20);
+
+  // should fail
+  p1: assert property (10 implies 0);
+
+  // should fail
+  p2: assert property (10 implies 'bx);
+
+endmodule
diff --git a/src/hw_cbmc_irep_ids.h b/src/hw_cbmc_irep_ids.h
@@ -55,6 +55,8 @@ IREP_ID_ONE(sva_nonoverlapped_followed_by)
 IREP_ID_ONE(sva_overlapped_implication)
 IREP_ID_ONE(sva_non_overlapped_implication)
 IREP_ID_ONE(sva_and)
+IREP_ID_ONE(sva_iff)
+IREP_ID_ONE(sva_implies)
 IREP_ID_ONE(sva_not)
 IREP_ID_ONE(sva_or)
 IREP_ID_ONE(module_instance)
diff --git a/src/temporal-logic/normalize_property.cpp b/src/temporal-logic/normalize_property.cpp
@@ -143,6 +143,16 @@ exprt normalize_property(exprt expr)
   else if(expr.id() == ID_sva_non_overlapped_implication)
     expr = normalize_pre_sva_non_overlapped_implication(
       to_sva_non_overlapped_implication_expr(expr));
+  else if(expr.id() == ID_sva_iff)
+  {
+    expr =
+      equal_exprt{to_sva_iff_expr(expr).lhs(), to_sva_iff_expr(expr).rhs()};
+  }
+  else if(expr.id() == ID_sva_implies)
+  {
+    expr = implies_exprt{
+      to_sva_implies_expr(expr).lhs(), to_sva_implies_expr(expr).rhs()};
+  }
   else if(expr.id() == ID_sva_and)
     expr = normalize_pre_sva_and(to_sva_and_expr(expr));
   else if(expr.id() == ID_sva_not)
diff --git a/src/temporal-logic/normalize_property.h b/src/temporal-logic/normalize_property.h
@@ -16,6 +16,8 @@ Author: Daniel Kroening, dkr@amazon.com
 /// ¬(a ∨ b) --> ¬a ∧ ¬b
 /// ¬(a ∧ b) --> ¬a ∨ ¬b
 /// (a -> b) --> ¬a ∨ b
+/// a sva_iff b --> a <-> b
+/// a sva_implies b --> a -> b
 /// sva_not a --> ¬a
 /// a sva_and b --> a ∧ b                       if a and b are not SVA sequences
 /// a sva_or b --> a ∨ b                        if a and b are not SVA sequences
diff --git a/src/verilog/expr2verilog.cpp b/src/verilog/expr2verilog.cpp
@@ -1273,6 +1273,12 @@ expr2verilogt::convert(const exprt &src, verilog_precedencet &precedence)
   else if(src.id() == ID_sva_and)
     return convert_sva_binary("and", to_sva_and_expr(src));
 
+  else if(src.id() == ID_sva_iff)
+    return convert_sva_binary("iff", to_sva_iff_expr(src));
+
+  else if(src.id() == ID_sva_implies)
+    return convert_sva_binary("implies", to_sva_implies_expr(src));
+
   else if(src.id()==ID_power)
     return convert_binary(
       to_multi_ary_expr(src), "**", precedence = verilog_precedencet::POWER);
diff --git a/src/verilog/parser.y b/src/verilog/parser.y
@@ -2200,9 +2200,9 @@ property_expr_proper:
 	| property_expr "s_until_with" property_expr
 		{ init($$, "sva_s_until_with"); mto($$, $1); mto($$, $3); }
 	| property_expr "implies" property_expr
-		{ init($$, ID_implies); mto($$, $1); mto($$, $3); }
+		{ init($$, ID_sva_implies); mto($$, $1); mto($$, $3); }
 	| property_expr "iff" property_expr
-		{ init($$, ID_iff); mto($$, $1); mto($$, $3); }
+		{ init($$, ID_sva_iff); mto($$, $1); mto($$, $3); }
 	| "accept_on" '(' expression_or_dist ')' property_expr %prec "property_expr_abort"
 		{ init($$, ID_sva_accept_on); mto($$, $3); mto($$, $5); }
 	| "reject_on" '(' expression_or_dist ')' property_expr %prec "property_expr_abort"
diff --git a/src/verilog/sva_expr.h b/src/verilog/sva_expr.h
@@ -619,6 +619,52 @@ static inline sva_and_exprt &to_sva_and_expr(exprt &expr)
   return static_cast<sva_and_exprt &>(expr);
 }
 
+class sva_iff_exprt : public binary_predicate_exprt
+{
+public:
+  explicit sva_iff_exprt(exprt op0, exprt op1)
+    : binary_predicate_exprt(std::move(op0), ID_sva_iff, std::move(op1))
+  {
+  }
+};
+
+static inline const sva_iff_exprt &to_sva_iff_expr(const exprt &expr)
+{
+  PRECONDITION(expr.id() == ID_sva_iff);
+  sva_iff_exprt::check(expr, validation_modet::INVARIANT);
+  return static_cast<const sva_iff_exprt &>(expr);
+}
+
+static inline sva_iff_exprt &to_sva_iff_expr(exprt &expr)
+{
+  PRECONDITION(expr.id() == ID_sva_iff);
+  sva_iff_exprt::check(expr, validation_modet::INVARIANT);
+  return static_cast<sva_iff_exprt &>(expr);
+}
+
+class sva_implies_exprt : public binary_predicate_exprt
+{
+public:
+  explicit sva_implies_exprt(exprt op0, exprt op1)
+    : binary_predicate_exprt(std::move(op0), ID_sva_implies, std::move(op1))
+  {
+  }
+};
+
+static inline const sva_implies_exprt &to_sva_implies_expr(const exprt &expr)
+{
+  PRECONDITION(expr.id() == ID_sva_implies);
+  sva_implies_exprt::check(expr, validation_modet::INVARIANT);
+  return static_cast<const sva_implies_exprt &>(expr);
+}
+
+static inline sva_implies_exprt &to_sva_implies_expr(exprt &expr)
+{
+  PRECONDITION(expr.id() == ID_sva_implies);
+  sva_implies_exprt::check(expr, validation_modet::INVARIANT);
+  return static_cast<sva_implies_exprt &>(expr);
+}
+
 class sva_or_exprt : public binary_predicate_exprt
 {
 public:
diff --git a/src/verilog/verilog_typecheck_expr.cpp b/src/verilog/verilog_typecheck_expr.cpp
@@ -2562,7 +2562,9 @@ exprt verilog_typecheck_exprt::convert_binary_expr(binary_exprt expr)
 
     return std::move(expr);
   }
-  else if(expr.id() == ID_sva_and || expr.id() == ID_sva_or)
+  else if(
+    expr.id() == ID_sva_and || expr.id() == ID_sva_or ||
+    expr.id() == ID_sva_implies || expr.id() == ID_sva_iff)
   {
     for(auto &op : expr.operands())
     {
