Add assertions about go_wr and wr_rel

diff --git a/src/soc/fu/compunits/formal/proof_fu.py b/src/soc/fu/compunits/formal/proof_fu.py
index 0644587b6f3a5ff8473c1199437ba6c4d5e37899..86246592594b946ec1f40ab1cdb7c357277ba7b6 100644 (file)
--- a/src/soc/fu/compunits/formal/proof_fu.py
+++ b/src/soc/fu/compunits/formal/proof_fu.py
@@ -23,11 +23,16 @@ class Driver(Elaboratable):
         m.submodules.dut = dut = MultiCompUnit(16, alu,
                                                CompALUOpSubset)
 
+        issue = dut.issue_i
+
         go_rd = dut.rd.go
         rd_rel = dut.rd.rel
-        issue = dut.issue_i
+
+        go_wr = dut.wr.go
+        wr_rel = dut.wr.rel
 
         go_die = dut.go_die_i
+        shadow = dut.shadown_i
 
         rst = ResetSignal()
 
@@ -50,26 +55,26 @@ class Driver(Elaboratable):
                 sync += has_issued.eq(1)
                 comb += Cover(has_issued)
 
-            # Property One: Rd_rel should never be asserted before issue
+            # Property 1: Rd_rel should never be asserted before issue
 
             # If issue has never been raised, then rd_rel should never
             # be raised
             with m.If(rd_rel != 0):
                 comb += Assert(has_issued)
 
-            # Property Two: when rd_rel is asserted, it should stay
+            # Property 2: when rd_rel is asserted, it should stay
             # that way until a go_rd
             with m.If((Past(go_rd) == 0) & ~Past(go_die)):
                 comb += Assert(~Fell(rd_rel))
 
-            # Property Three: when a bit in rd_rel is asserted, and
+            # Property 3: when a bit in rd_rel is asserted, and
             # the corresponding bit in go_rd is asserted, then that
             # bit of rd_rel should be deasserted
             for i in range(2):
                 with m.If(Past(go_rd)[i] & (Past(rd_rel) != 0)):
                     comb += Assert(rd_rel[i] == ~Past(go_rd)[i])
 
-            # Property Four: Similarly, if rd_rel is asserted,
+            # Property 4: Similarly, if rd_rel is asserted,
             # asserting go_die should make rd_rel be deasserted
 
             with m.If(Past(rd_rel) != 0):
@@ -78,6 +83,40 @@ class Driver(Elaboratable):
 
             comb += Cover(Fell(rd_rel))
 
+            # Property 5: Similar to property 1, wr_rel should
+            # never be asserted unless there was a preceeding issue
+
+            with m.If(wr_rel != 0):
+                comb += Assert(has_issued)
+
+            # Property 6: Similar to property 2, wr_rel should stay
+            # asserted until a go_rd, go_die, or shadow
+
+            with m.If((Past(go_wr) == 0) & ~Past(go_die, 2) &
+                      ~Past(shadow)):
+                comb += Assert(~Fell(wr_rel))
+            # Assume go_wr is not asserted unless wr_rel is
+            with m.If(wr_rel == 0):
+                comb += Assume(go_wr == 0)
+
+
+            # Property 7: Similar to property 3, when wr_rel is
+            # asserted and go_wr is asserted, then wr_rel should be
+            # deasserted
+            with m.If(Past(wr_rel) & Past(go_wr)):
+                comb += Assert(wr_rel == 0)
+
+
+            # Property 8: Similar to property 4, wr_rel should be
+            # deasserted when go_die is asserted
+            with m.If(Past(wr_rel) & Past(go_die)):
+                comb += Assert(wr_rel == 0)
+
+            # Property 9: wr_rel should not fall while shadow is
+            # asserted
+            with m.If(wr_rel & shadow):
+                comb += Assert(~Fell(wr_rel))
+
             # Assume no instruction is issued until rd_rel is
             # released. Idk if this is valid