projects / soc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add overflow handling and proof
[soc.git] / src / soc / fu / alu / formal / proof_main_stage.py
1 # Proof of correctness for partitioned equal signal combiner
2 # Copyright (C) 2020 Michael Nolan <mtnolan2640@gmail.com>
3
4 from nmigen import (Module, Signal, Elaboratable, Mux, Cat, Repl,
5 signed)
6 from nmigen.asserts import Assert, AnyConst, Assume, Cover
7 from nmigen.test.utils import FHDLTestCase
8 from nmigen.cli import rtlil
9
10 from soc.fu.alu.main_stage import ALUMainStage
11 from soc.fu.alu.pipe_data import ALUPipeSpec
12 from soc.fu.alu.alu_input_record import CompALUOpSubset
13 from soc.decoder.power_enums import InternalOp
14 import unittest
15
16
17 # This defines a module to drive the device under test and assert
18 # properties about its outputs
19 class Driver(Elaboratable):
20 def __init__(self):
21 # inputs and outputs
22 pass
23
24 def elaborate(self, platform):
25 m = Module()
26 comb = m.d.comb
27
28 rec = CompALUOpSubset()
29 recwidth = 0
30 # Setup random inputs for dut.op
31 for p in rec.ports():
32 width = p.width
33 recwidth += width
34 comb += p.eq(AnyConst(width))
35
36 pspec = ALUPipeSpec(id_wid=2, op_wid=recwidth)
37 m.submodules.dut = dut = ALUMainStage(pspec)
38
39 # convenience variables
40 a = dut.i.a
41 b = dut.i.b
42 carry_in = dut.i.xer_ca[0]
43 carry_in32 = dut.i.xer_ca[1]
44 so_in = dut.i.xer_so
45 carry_out = dut.o.xer_ca.data[0]
46 carry_out32 = dut.o.xer_ca.data[1]
47 ov_out = dut.o.xer_ov.data[0]
48 ov_out32 = dut.o.xer_ov.data[1]
49 o = dut.o.o
50
51 # setup random inputs
52 comb += [a.eq(AnyConst(64)),
53 b.eq(AnyConst(64)),
54 carry_in.eq(AnyConst(0b11)),
55 so_in.eq(AnyConst(1))]
56
57 comb += dut.i.ctx.op.eq(rec)
58
59 # Assert that op gets copied from the input to output
60 for rec_sig in rec.ports():
61 name = rec_sig.name
62 dut_sig = getattr(dut.o.ctx.op, name)
63 comb += Assert(dut_sig == rec_sig)
64
65 # signed and signed/32 versions of input a
66 a_signed = Signal(signed(64))
67 a_signed_32 = Signal(signed(32))
68 comb += a_signed.eq(a)
69 comb += a_signed_32.eq(a[0:32])
70
71 comb += Assume(a[32:64] == 0)
72 comb += Assume(b[32:64] == 0)
73 # main assertion of arithmetic operations
74 with m.Switch(rec.insn_type):
75 with m.Case(InternalOp.OP_ADD):
76
77 comb += Assert(Cat(o, carry_out) == (a + b + carry_in))
78
79 # CA32 - XXX note this fails! replace with carry_in and it works
80 comb += Assert((a[0:32] + b[0:32] + carry_in)[32]
81 == carry_out32)
82
83 with m.If(a[-1] == b[-1]):
84 comb += Assert(ov_out == (o[-1] != a[-1]))
85 with m.Else():
86 comb += Assert(ov_out == 0)
87 with m.If(a[31] == b[31]):
88 comb += Assert(ov_out32 == (o[31] != a[31]))
89 with m.Else():
90 comb += Assert(ov_out32 == 0)
91 with m.Case(InternalOp.OP_EXTS):
92 for i in [1, 2, 4]:
93 with m.If(rec.data_len == i):
94 comb += Assert(o[0:i*8] == a[0:i*8])
95 comb += Assert(o[i*8:64] == Repl(a[i*8-1], 64-(i*8)))
96 with m.Case(InternalOp.OP_CMP):
97 # CMP is defined as not taking in carry
98 comb += Assume(carry_in == 0)
99 comb += Assert(o == (a+b)[0:64])
100
101 with m.Case(InternalOp.OP_CMPEQB):
102 src1 = a[0:8]
103 eqs = Signal(8)
104 for i in range(8):
105 comb += eqs[i].eq(src1 == b[i*8:(i+1)*8])
106 comb += Assert(dut.o.cr0[2] == eqs.any())
107
108 return m
109
110
111 class ALUTestCase(FHDLTestCase):
112 def test_formal(self):
113 module = Driver()
114 self.assertFormal(module, mode="bmc", depth=2)
115 self.assertFormal(module, mode="cover", depth=2)
116 def test_ilang(self):
117 dut = Driver()
118 vl = rtlil.convert(dut, ports=[])
119 with open("alu_main_stage.il", "w") as f:
120 f.write(vl)
121
122
123 if __name__ == '__main__':
124 unittest.main()