SystemVerilog: distinguish assertions

This changes the front-end to distinguish three kinds of assertions/assumptions:

1) concurrent assertions/assumptions ("assert property"), which can be
module items or statements,

2) immediate assertion/assumption statements, and

3) SMV-style assertions/assumptions.

Front-end and BMC back-end support for initial concurrent assertion
statements is added.

Author: kroening

regression/ebmc/Output-Register-Passing/main.v

@@ -13,12 +13,12 @@ module main(in1, in2);
 
  and1 A1 (in1, in2, o1, o2);             
 
- assert property1: o1 == (in1 & in2);
+ always assert property1: o1 == (in1 & in2);
 /* A2 is another instance of      
 ports are referenced to the       
 declaration by name. */           
  and1 A2 (.c(o1),.d(o2),.a(o1),.b(in2)); 
- assert property2: o1 == (in1 & in2);
+ always assert property2: o1 == (in1 & in2);
 endmodule                       
 
 // MODULE DEFINITION              

regression/verilog/SVA/initial1.desc

@@ -1,9 +1,13 @@
-KNOWNBUG
+CORE
 initial1.sv
 --module main --bound 1
-^EXIT=0$
+^\[main\.property\.1\] main\.counter == 0: PROVED up to bound 1$
+^\[main\.property\.2\] main\.counter == 100: REFUTED$
+^\[main\.property\.3\] ##1 main\.counter == 1: PROVED up to bound 1$
+^\[main\.property\.4\] ##1 main\.counter == 100: REFUTED$
+^\[main\.property\.5\] s_nexttime main\.counter == 1: FAILURE: property not supported by BMC engine$
+^EXIT=10$
 ^SIGNAL=0$
 --
 ^warning: ignoring
 --
-Syntax is missing for initial label: assert property (...);

regression/verilog/SVA/initial1.sv

@@ -14,7 +14,16 @@ module main(input clk);
   // expected to pass
   initial p0: assert property (counter == 0);
 
+  // expected to fail
+  initial p1: assert property (counter == 100);
+
+  // expected to pass
+  initial p2: assert property (##1 counter == 1);
+
+  // expected to fail
+  initial p2: assert property (##1 counter == 100);
+
   // expected to pass if there are timeframes 0 and 1
-  initial p1: assert property (s_nexttime counter == 1);
+  initial p3: assert property (s_nexttime counter == 1);
 
 endmodule

regression/verilog/modules/parameters2.v

@@ -10,7 +10,7 @@ module test(in1, in2);
 
   my_m #( .Ptop(P), .Qtop(Q) ) m_instance(in1, in2, o1, o2); 
 
-  assert property1: tmp == 4; // should pass
+  always assert property1: tmp == 4; // should pass
 
 endmodule                       
 
@@ -25,6 +25,6 @@ module my_m(a, b, c, d);
 
   wire [3:0] tmp_in_m = Ptop; // tmp1 should be 4 now  
 
-  assert property2: tmp_in_m == 4; // should pass
+  always assert property2: tmp_in_m == 4; // should pass
 
 endmodule

regression/verilog/tasks/tasks1.v

@@ -12,6 +12,6 @@ module main;
     some_task(x, y);
   end
 
-  assert p1: y==x+1;
+  always assert p1: y==x+1;
 
 endmodule

src/hw-cbmc/Makefile

@@ -35,6 +35,7 @@ OBJ+= $(CPROVER_DIR)/goto-checker/goto-checker$(LIBEXT) \
       $(CPROVER_DIR)/solvers/solvers$(LIBEXT) \
       $(CPROVER_DIR)/util/util$(LIBEXT) \
       $(CPROVER_DIR)/json/json$(LIBEXT) \
+      ../temporal-logic/temporal-logic$(LIBEXT) \
       ../trans-netlist/trans_trace$(OBJEXT) \
       ../trans-word-level/trans-word-level$(LIBEXT)
 

src/hw_cbmc_irep_ids.h

@@ -66,6 +66,11 @@ IREP_ID_ONE(force)
 IREP_ID_ONE(deassign)
 IREP_ID_ONE(continuous_assign)
 IREP_ID_ONE(wait)
+IREP_ID_ONE(verilog_assert_property)
+IREP_ID_ONE(verilog_assume_property)
+IREP_ID_ONE(verilog_cover_property)
+IREP_ID_ONE(verilog_smv_assert)
+IREP_ID_ONE(verilog_smv_assume)
 IREP_ID_ONE(verilog_always)
 IREP_ID_ONE(verilog_always_comb)
 IREP_ID_ONE(verilog_always_ff)
@@ -76,7 +81,6 @@ IREP_ID_ONE(initial)
 IREP_ID_ONE(verilog_label_statement)
 IREP_ID_ONE(disable)
 IREP_ID_ONE(fork)
-IREP_ID_ONE(cover)
 IREP_ID_ONE(instance)
 IREP_ID_ONE(named_parameter_assignment)
 IREP_ID_ONE(parameter_assignment)

src/trans-word-level/property.cpp

@@ -14,6 +14,7 @@ Author: Daniel Kroening, [email protected]
 #include <util/symbol_table.h>
 
 #include <temporal-logic/temporal_expr.h>
+#include <temporal-logic/temporal_logic.h>
 #include <verilog/sva_expr.h>
 
 #include "instantiate_word_level.h"
@@ -34,8 +35,8 @@ Function: bmc_supports_property
 
 bool bmc_supports_property(const exprt &expr)
 {
-  if(expr.is_constant())
-    return true;
+  if(!has_temporal_operator(expr))
+    return true; // initial state only
   else if(expr.id() == ID_AG)
     return true;
   else if(expr.id() == ID_G)
@@ -68,9 +69,23 @@ void property(
 {
   messaget message(message_handler);
 
-  if(property_expr.is_true())
+  // Initial state only property?
+  if(!has_temporal_operator(property_expr))
   {
-    prop_handles.resize(no_timeframes, true_exprt());
+    for(std::size_t t = 0; t < no_timeframes; t++)
+    {
+      exprt prop_handle;
+      if(t == 0)
+      {
+        exprt tmp = instantiate(property_expr, t, no_timeframes, ns);
+        prop_handle = solver.handle(tmp);
+      }
+      else
+        prop_handle = true_exprt();
+
+      prop_handles.push_back(std::move(prop_handle));
+    }
+
     return;
   }
 

src/verilog/parser.y

@@ -1952,32 +1952,34 @@ concurrent_assertion_statement:
 	| cover_property_statement
 	;
 
-assert_property_statement:
-          TOK_ASSERT TOK_PROPERTY '(' property_expr ')' action_block
-		{ init($$, ID_assert); mto($$, $4); mto($$, $6); }
-	| /* this one is in because SMV does it */
+/* This one mimicks functionality in Cadence SMV */
+smv_assertion_statement:
 	  TOK_ASSERT property_identifier TOK_COLON expression ';'
-		{ init($$, ID_assert); stack_expr($$).operands().resize(2);
+		{ init($$, ID_verilog_smv_assert); stack_expr($$).operands().resize(2);
 		  to_binary_expr(stack_expr($$)).op0().swap(stack_expr($4));
 		  to_binary_expr(stack_expr($$)).op1().make_nil();
 		  stack_expr($$).set(ID_identifier, stack_expr($2).id());
 		}
-	;
-
-assume_property_statement:
-          TOK_ASSUME TOK_PROPERTY '(' property_expr ')' action_block
-		{ init($$, ID_assume); mto($$, $4); mto($$, $6); }
-	| /* this one is in because SMV does it */
-	  TOK_ASSUME property_identifier TOK_COLON expression ';'
-		{ init($$, ID_assume); stack_expr($$).operands().resize(2);
+	| TOK_ASSUME property_identifier TOK_COLON expression ';'
+		{ init($$, ID_verilog_smv_assume); stack_expr($$).operands().resize(2);
 		  to_binary_expr(stack_expr($$)).op0().swap(stack_expr($4));
 		  to_binary_expr(stack_expr($$)).op1().make_nil();
 		  stack_expr($$).set(ID_identifier, stack_expr($2).id());
 		}
 	;
 
+assert_property_statement:
+          TOK_ASSERT TOK_PROPERTY '(' property_expr ')' action_block
+		{ init($$, ID_verilog_assert_property); mto($$, $4); mto($$, $6); }
+	;
+
+assume_property_statement:
+          TOK_ASSUME TOK_PROPERTY '(' property_expr ')' action_block
+		{ init($$, ID_verilog_assume_property); mto($$, $4); mto($$, $6); }
+	;
+
 cover_property_statement: TOK_COVER TOK_PROPERTY '(' expression ')' action_block
-		{ init($$, ID_cover); mto($$, $4); mto($$, $6); }
+		{ init($$, ID_verilog_cover_property); mto($$, $4); mto($$, $6); }
 	;
 
 assertion_item_declaration:
@@ -2646,32 +2648,6 @@ par_block:
                   addswap($$, ID_base_name, $3); }
 	;
 
-concurrent_assert_statement:
-          assert_property_statement
-        | block_identifier TOK_COLON assert_property_statement
-		{ 
-		  $$=$3;
-		  stack_expr($$).set(ID_identifier, stack_expr($1).id());
-		}
-	;
-
-concurrent_assume_statement:
-          assume_property_statement
-        | block_identifier TOK_COLON assume_property_statement
-		{ 
-		  $$=$3;
-		  stack_expr($$).set(ID_identifier, stack_expr($1).id());
-		}
-	;
-
-concurrent_cover_statement: cover_property_statement
-        | block_identifier TOK_COLON cover_property_statement
-		{ 
-		  $$=$3;
-		  stack_expr($$).set(ID_identifier, stack_expr($1).id());
-		}
-	;
-
 // System Verilog standard 1800-2017
 // A.6.4 Statements
 
@@ -2894,6 +2870,7 @@ procedural_assertion_statement:
 	  concurrent_assertion_statement
 	| immediate_assertion_statement
         /* | checker_instantiation */
+	| smv_assertion_statement
 	;
 
 immediate_assertion_statement:

src/verilog/verilog_elaborate.cpp

@@ -628,6 +628,17 @@ void verilog_typecheckt::collect_symbols(const verilog_statementt &statement)
   if(statement.id() == ID_assert || statement.id() == ID_assume)
   {
   }
+  else if(
+    statement.id() == ID_verilog_assert_property ||
+    statement.id() == ID_verilog_assume_property ||
+    statement.id() == ID_verilog_cover_property)
+  {
+  }
+  else if(
+    statement.id() == ID_verilog_smv_assert ||
+    statement.id() == ID_verilog_smv_assume)
+  {
+  }
   else if(statement.id() == ID_block)
   {
     // These may be named
@@ -758,7 +769,10 @@ void verilog_typecheckt::collect_symbols(
   else if(module_item.id() == ID_continuous_assign)
   {
   }
-  else if(module_item.id() == ID_assert || module_item.id() == ID_assume)
+  else if(
+    module_item.id() == ID_verilog_assert_property ||
+    module_item.id() == ID_verilog_assume_property ||
+    module_item.id() == ID_verilog_cover_property)
   {
   }
   else if(module_item.id() == ID_parameter_override)