All Results

Every design RTLPreCheck has analyzed, with full metrics.

April 30, 2026

OpenTitan Darjeeling

7 IP blocks from the lowRISC silicon root-of-trust SoC integration: Access Control, ASCON crypto, DMA, Key Manager DPE, Mailbox, SoC Debug Control, SoC Proxy. 59 modules. Input: SystemVerilog only. 27 minutes compute, zero counterexamples.

2,066
Properties proven
96
Intent candidates
42
Uncovered actionable
Single-cycle proven1,552
Temporal proven514
Contract edges discharged87 / 87 (100%)

Coverage by IP Block

IP Block Modules Proven Intent Actionable
Access Control 2 47 0 0
ASCON Crypto 5 388 10 5
DMA 2 123 6 5
Key Manager DPE 2 144 8 10
Mailbox 8 378 14 0
SoC Debug Control 3 149 8 5
SoC Proxy 2 86 3 0
Shared Primitives 35 751 47 17

Cross-Module Boundary Closure

87 of 87 structural contract edges discharged. Every cross-module boundary in the design has a proven structural guarantee on the upstream side that satisfies the downstream input requirement.

368 total discharged — 87 structural + 24 cone-of-influence + 257 passthrough

Guard closure: 111 / 139 (79.9%)

12 external inputs — boundary signals driven from outside the analyzed scope. These are the system-level assumptions a SoC integrator carries, not gaps.

Compositional proof at SoC scale. Module-level proofs are not enough — the value comes when their guarantees compose across boundaries. RTLPreCheck produces the full bipartite map: every edge, every family pair, every discharge status.

The tabs below summarize results by pattern and family rather than listing every individual SVA — a single row like “T1/T2 share register family (24 props)” represents 24 assertions following the same reset/update/stable template. This keeps the page readable when a single module proves over a hundred properties. For the full per-property output, machine-readable verification matrix, or a plug-and-play SVA bundle for JasperGold, VC Formal, or other formal solvers, contact taylor@rtlprecheck.com.

Proven (2066)
Intent (96)
Actionable (42)
Informational (750)

All 2066 solver-verified properties across the analyzed modules. 1,552 single-cycle (safety implications, X-checking, parameter constraints) plus 514 temporal (guarded updates, hold conditions, arithmetic updates, liveness, handshake stability). Click a module to expand.

ac_range_check 14 proven
SCF0_ASSERT_KNOWN ×14!$isunknown(...) on alert_tx_o, ctn_filtered_tl_h2d_o (+ sub-fields), ctn_tl_d2h_o, ctn_tl_d2h_o_a_ready
ac_range_check_reg_top 33 proven
SCF0_ASSERT_KNOWN ×20X-checking on intg_err_o, racl_error_o (+ sub-fields), reg2hw, shadowed_storage_err_o, shadowed_update_err_o, tl_o (+ sub-fields)
SCF3_SAFETY_IMPLICATION!((intg_err || reg_we_err) && rst_ni) || (err_q == 1'b1)
SCF3_SAFETY_IMPLICATION!1 || (reg_rdata_next == intr_state_qs)
SCF3_SAFETY_IMPLICATION!rst_ni || (rst_done == 1'b1)
SCF3_SAFETY_IMPLICATION!rst_shadowed_ni || (shadow_rst_done == 1'b1)
SCF0_PARAM_CONSTRAINT ×3parameter consistency checks
SCF3_SAFETY_IMPLICATIONintg_err_o == ((err_q | intg_err) | reg_we_err)
SCF3_OUTPUT_EQUIVALENCEintg_err_o == ((err_q | intg_err) | reg_we_err)
SCF3_SAFETY_IMPLICATION ×3reset-state implications on err_q, rst_done, shadow_rst_done
ascon 47 proven
SCF0/F3 family47 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
ascon_core 144 proven
SCF0/F3 family ×9494 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1_GUARDED_UPDATE ×6(reg2hw.key_share0/1.qe && rst_ni) |=> (key_share0/1_in_q == ...) — and same for data_in_share0/1, nonce_share0/1
TEMPT1_GUARDED_UPDATE(msg_out_we && rst_ni) |=> (msg_out_q == msg_out_d[i])
TEMPT1_GUARDED_UPDATE(rst_ni && tag_out_we) |=> (tag_out_q == tag_out_d[i])
TEMPT1/T2 reg-valid familymsg_out_reg_valid and tag_out_reg_valid: reset, set, hold, clear conditions (8 props)
TEMPT1/T2 share register familykey_share0/1_in_new_q, nonce_share0/1_in_new_q, data_share0/1_in_new_q, tag_in_new_q — reset/update/stable triplets (24 props)
TEMPT1/T2 read-state familymsg_out_read_q, tag_out_read_q — reset/update/stable triplets (6 props)
TEMPT1/T2 message-trackingmsg_received_q, track_reset_msg_q — reset/set/clear/hold (5 props)
ascon_reg_top 131 proven
SCF0/F3 family ×8181 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1/T2 err_q familyerr_q reset, set on (intg_err || reg_we_err), hold otherwise
TEMPT1_GUARDED_UPDATE ×40reg_rdata_next equals each register's read-back signal (40 CSR read-mux properties)
TEMPT2_HOLD_CONDITIONreg_rdata_next stability under disjoint read-decode
TEMPT1/T2 reset-done familyrst_done and shadow_rst_done — reset, set, hold (6 props)
dma_reg_top 123 proven
SCF0/F3 family ×7575 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1/T2 err_q familyerr_q reset, set on (intg_err || reg_we_err), hold otherwise
TEMPT1/T2 racl_addr_hit familyracl_addr_hit_read/write — guarded update on EnableRacl, hold
TEMPT1_GUARDED_UPDATE ×40reg_rdata_next equals each register's read-back: intr_state, intr_enable, src/dst addr, range, control, status, error_code, sha2 digest, handshake (40 props)
keymgr_dpe_reg_top 132 proven
SCF0/F3 family ×8282 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1/T2 err_q familyerr_q reset/set/hold
TEMPT1_GUARDED_UPDATE ×47reg_rdata_next equals each register's read-back: control_shadowed, sideload_clear, reseed_interval, slot_policy, sw_binding[0..7], salt[0..7], key_version, max_key_ver, sw_share0/1_output[0..7] (47 props)
mbx 47 proven
SCF0/F3 family47 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
mbx_core_reg_top 93 proven
SCF0/F3 family ×6060 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1/T2 err_q familyerr_q reset/set/hold
TEMPT1/T2 racl_addr_hit familyracl_addr_hit_read/write — guarded update on EnableRacl, hold
TEMPT1_GUARDED_UPDATE ×26reg_rdata_next equals each register's read-back: intr_state/enable, control, status, address_range, inbound/outbound base/limit/ptr, doe_intr (26 props)
mbx_hostif 41 proven
SCF0/F3 family ×3838 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1_GUARDED_UPDATEhostif_control_abort_clear_o |=> (abort_d == 1'b0)
TEMPT1_GUARDED_UPDATE(!hostif_control_abort_clear_o && sysif_control_abort_set_i) |=> (abort_d == 1'b1)
TEMPT2_HOLD_CONDITIONabort_d stable under disjoint clear/set
mbx_imbx 26 proven
SCF0/F3 family ×2323 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1_GUARDED_UPDATEload_write_ptr |=> (sram_write_ptr_d == hostif_base_i)
TEMPT1_GUARDED_UPDATE(!load_write_ptr && advance_write_ptr) |=> (sram_write_ptr_d == sram_write_ptr_q + ...)
TEMPT2_HOLD_CONDITIONsram_write_ptr_d stable when neither load nor advance fires
mbx_ombx 32 proven
SCF0/F3 family ×2929 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1_GUARDED_UPDATEload_read_ptr |=> (sram_read_ptr_d == hostif_base_i)
TEMPT1_GUARDED_UPDATE(!load_read_ptr && advance_read_ptr) |=> (sram_read_ptr_d == sram_read_ptr_q + ...)
TEMPT2_HOLD_CONDITIONsram_read_ptr_d stable when neither load nor advance fires
mbx_soc_reg_top 74 proven
SCF0/F3 family ×5353 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1/T2 err_q familyerr_q reset/set/hold
TEMPT1_GUARDED_UPDATEintg_err |=> (reg_steer == 2'b10)
TEMPT1/T2 racl_addr_hit familyracl_addr_hit_read/write — guarded update on EnableRacl, hold
TEMPT1_GUARDED_UPDATE ×11reg_rdata_next equals each register's read-back: soc_control, soc_status, soc_doe_intr (11 props)
mbx_sramrwarb 29 proven
SCF0/F3 family29 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
mbx_sysif 36 proven
SCF0/F3 family36 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
prim_alert_sender 102 proven
SCF0/F3 family ×6868 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1_GUARDED_UPDATE ×7FSM transitions: alert/ping trigger → AlertHsPhase1, ack_level → AlertHsPhase2/Pause0, → PingHsPhase2, → Pause1, → Idle, sigint → Idle
TEMPT2_HOLD_CONDITIONstate_d stable under disjoint transition guards
TEMPT1/T2 alert_pd/nd familyalert_pd, alert_nd — guarded set/clear, hold (8 props)
TEMPT1/T2 ping_clr / alert_clr familyping_clr, alert_clr — guarded set, hold (6 props)
TEMPT1/T2 register family ×12state_q, alert_set_q, alert_test_set_q, ping_set_q — reset/update/stable triplets
prim_arbiter_ppc 67 proven
SCF0/F3 family ×5050 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1/T2 mask familymask reset, guarded update on (ready_i && valid_o), hold (4 props)
TEMPT1/T2 data_o familydata_o == data_i[winner], hold under no-winner
TEMPT4 handshake stability(valid_o && !ready_i) |=> valid_o; data_i and data_o stable while held
TEMPT7_PER_REQUESTER_LIVENESS ×8(req_i[k] && ready_i) |=> ##[0:16] gnt_o[k] for k in 0..7
prim_edge_detector 16 proven
SCF0/F3 family ×1313 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1/T2 q_sync_q familyq_sync_q reset/update/stable triplet
prim_fifo_sync 34 proven
SCF0/F3 family ×2525 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1/T2 under_rst familyunder_rst — reset/toggle/stable
TEMPT1/T2 storage familystorage updates on fifo_incr_wptr to wdata_i, holds otherwise
TEMPT4 handshake stability ×4wvalid_i hold under !wready_o, wdata_i stable; rvalid_o hold under !rready_i, rdata_o stable
prim_flop 12 proven
SCF0/F3 family ×99 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1/T2 q_o familyq_o reset to 0, update to d_i, stable
prim_flop_2sync 2 proven
SCF0/F3 family2 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
prim_intr_hw 16 proven
SCF0/F3 family ×1313 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1/T2 intr_o familyintr_o reset, intr_o == (status & enable), stable
prim_lc_sync 3 proven
SCF0/F3 family3 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
prim_mubi4_sync 3 proven
SCF0/F3 family3 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
prim_onehot_check 4 proven
SCF0/F3 family4 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
prim_sha2 166 proven
SCF0/F3 family ×117117 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1/T2 w256 familyw256_d/w256_q — wipe, reset, update, hold (8 props)
TEMPT1/T2 hash256/digest256 familyhash256_d/q, digest256_d/q — wipe/init/run-update/hold (16 props)
TEMPT3_ARITHMETIC_UPDATE ×3digest256_q, round_q, w_index_q — past + 1 increment
TEMPT1/T2 round/w_index familyround_d/q, w_index_q — guarded reset/update/stable (8 props)
TEMPT1/T2 hash_done_o familyhash_done_o — reset, update, stable
TEMPT1/T2 fifo_st FSM family ×9fifo_st_q reset/update/hold + fifo_st_d transitions: Idle → LoadFromFifo → WaitFifo → ...
prim_sram_arbiter 28 proven
SCF0/F3 family28 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
soc_dbg_ctrl_core_reg_top 76 proven
SCF0/F3 family ×5353 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1/T2 err_q familyerr_q reset/set/hold
TEMPT1_GUARDED_UPDATE ×13reg_rdata_next equals each register's read-back: debug_policy, trace_debug_policy, status_auth (13 props)
TEMPT1/T2 reset-done familyrst_done, shadow_rst_done — reset/set/hold (6 props)
soc_dbg_ctrl_decode 5 proven
SCF0/F3 family5 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
soc_dbg_ctrl_jtag_reg_top 68 proven
SCF0/F3 family ×4545 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1/T2 err_q familyerr_q reset/set/hold
TEMPT1_GUARDED_UPDATE ×19reg_rdata_next equals each register's read-back: jtag_trace_debug_policy, jtag_control, jtag_status_auth, jtag_boot_status (main_clk, io_clk, otp_done, lc_done, cpu_fetch_en, halt_fsm_state, boot_greenlight), jtag_trace_soc_dbg_state (19 props)
soc_proxy 49 proven
SCF0_ASSERT_KNOWN ×49X-checking on core_tl_o (+ all sub-fields), ctn_tl_h2d_o (+ sub-fields), ctn_tl_o (+ sub-fields), dma_lsio_trigger_o, dma_tl_d2h_o (+ sub-fields), misc_tl_d2h_o (+ sub-fields), rst_req_external_o
soc_proxy_core_reg_top 37 proven
SCF0/F3 family ×3030 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1/T2 err_q familyerr_q reset/set/hold
TEMPT1_GUARDED_UPDATE ×3reg_rdata_next equals dummy_qs / 0 / 4294967295 (3 props)
tlul_adapter_host 74 proven
SCF0/F3 family ×5757 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1/T2 source_q familysource_q reset, update to source_d, stable
TEMPT3_ARITHMETIC_UPDATEsource_q == past(source_q) + 1
TEMPT1/T2 source_d wrap familysource_d wraps to 0 at MaxSource, increments otherwise (3 props)
TEMPT1/T2 intg_err_q familyintg_err_q reset, set on intg_err, stable
TEMPT1/T2 outstanding_reqs familyoutstanding_reqs_d/q — increment on req w/o resp, decrement on resp w/o req, reset/update/stable (7 props + arithmetic)
tlul_adapter_sram 95 proven
SCF0/F3 family ×7272 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1/T2 intg_error_q familyintg_error_q reset, set on (intg_error || reqfifo_error || rsp_fifo_error || sramreqfifo_error), hold
TEMPT1/T2 d_valid familyd_valid set on (reqfifo error / read / write) and rvalid, clear when no req (5 props)
TEMPT1/T2 d_error familyd_error set from rspfifo data on read, from reqfifo on write, clear when no req (4 props)
TEMPT1/T2 missed_err_gnt_q familymissed_err_gnt_q — reset/update/stable
TEMPT1/T2 wmask/wdata familywmask_int, wdata_int, wmask_intg, wdata_intg — guarded update on a_valid, hold (8 props)
tlul_err 38 proven
SCF0/F3 family ×2323 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1/T2 addr_sz_chk familyaddr_sz_chk per a_size value (5 props)
TEMPT1/T2 mask_chk familymask_chk per a_size value (5 props)
TEMPT1/T2 fulldata_chk familyfulldata_chk per a_size value (5 props)
tlul_err_resp 51 proven
SCF0/F3 family ×3535 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1/T2 err_rsp_pending familyerr_rsp_pending — reset, set on a_valid w/o pending, clear on d_ready, hold (4 props)
TEMPT1/T2 err_source / err_opcode / err_size / err_instr_typelatched from incoming a-channel on first error, hold otherwise (12 props)
tlul_fifo_sync 24 proven
SCF0/F3 family24 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
tlul_socket_1n 44 proven
SCF0/F3 family ×3333 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
TEMPT1/T2 num_req_outstanding familynum_req_outstanding reset, increment on req-no-resp, decrement on resp-no-req (3 props + arithmetic)
TEMPT1/T2 dev_select_outstanding familydev_select_outstanding latched on accept_t_req, reset, hold
TEMPT1/T2 hfifo_reqready familyhfifo_reqready follows tl_u_i[idx].a_ready when selected, 0 when held, stable
TEMPT1/T2 tl_t_p familytl_t_p forwards selected u-port, stable when selection unchanged
tlul_socket_m1 13 proven
SCF0/F3 family13 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints
tlul_sram_byte 37 proven
SCF0/F3 family37 single-cycle: safety implications, ASSERT_KNOWN, parameter constraints

96 verification candidates RTLPreCheck identified from structural analysis. Engineer provides design intent and writes the final assertion. 20 CRITICAL (functional correctness, data integrity) and 76 REQUIRED (protocol compliance, initialization).

CRITICAL — 20 candidates across 7 modules 20 critical
CRITICALmbx_ombxFUNCTIONAL_CORRECTNESS
Verify address decode outputs (hostif_ombx_object_size_o, ombx_read_data_o, ombx_sram_read_ptr_o) are correct for all valid address ranges
CRITICALmbx_sramrwarbERROR_SIGNAL_REACHABILITY
Verify whether intg_err_o (1-bit, resets to 0) is reachable under normal operation. If unreachable, assert(!intg_err_o) with appropriate input assumptions.
CRITICALprim_ascon_duplexDATA_INTEGRITY
Verify FIFO storage: data written via key_i is read unchanged from data_out_o; FIFO ordering preserved (5-entry, 128-bit)
CRITICALprim_ascon_duplexSPECIAL_CASE_HANDLING
Verify full/empty signaling on data_in/out_valid and ready ports at buffer capacity / drain
CRITICALprim_ascon_duplexREDUNDANT_STATE_VERIFICATION
Pointer pair identified but no derived status outputs in fanout. Verify pointer-to-status backward implications.
CRITICALprim_fifo_syncDATA_INTEGRITY
Verify FIFO storage and ordering: wdata_i → rdata_o unchanged (4-entry, 16-bit)
CRITICALprim_fifo_syncSPECIAL_CASE_HANDLING
Verify full/empty signaling at buffer capacity and drain
CRITICALprim_fifo_syncERROR_SIGNAL_REACHABILITY
Verify whether err_o (1-bit, resets to 0) is reachable. If unreachable, assert(!err_o).
CRITICALprim_fifo_syncBEHAVIORAL_CORRECTNESS ×2
Verify clr_i clears wvalid_i within 1 cycle (no stale valid downstream); verify clr_i never asserted during normal operation (parent usage assumption)
CRITICALprim_fifo_syncREDUNDANT_STATE_VERIFICATION
Pointer pair identified but no derived status outputs. Verify pointer-to-status backward implications.
CRITICALprim_sha2DATA_INTEGRITY
Verify FIFO storage and ordering: fifo_rdata_i → digest_o unchanged (2-entry, 64-bit)
CRITICALprim_sha2SPECIAL_CASE_HANDLING
Verify full/empty signaling at buffer capacity and drain
CRITICALprim_sha2REDUNDANT_STATE_VERIFICATION
Pointer pair identified but no derived status outputs. Verify pointer-to-status backward implications.
CRITICALsoc_dbg_ctrlFUNCTIONAL_CORRECTNESS
Verify alert_tx_o[1:0] equals expected function of core_tl_i and jtag_tl_i (102-bit binary operator → 66-bit + 2-bit alert)
CRITICALsoc_dbg_ctrlSPECIAL_CASE_HANDLING
Verify boundary input behavior on 102-bit data path: zero, max positive/negative, overflow, underflow
CRITICALtlul_lc_gateDATA_INTEGRITY
Verify pipeline buffer storage: tl_h2d_i → tl_d2h_o unchanged (1 reg, 102-bit)
REQUIRED — 76 candidates across 23 modules 76 required
REQUIREDascon_corePROTOCOL_COMPLIANCE ×2 + INITIALIZATION
Valid/ready handshake non-deassert + payload stability on keymgr_key AXI ports; 22-register reset reachability
REQUIREDascon_reg_topPROTOCOL_COMPLIANCE ×2 + INITIALIZATION
tl_i/tl_o handshake non-deassert + payload stability; 3-register reset
REQUIREDdmaPROTOCOL_COMPLIANCE ×2
Multi-channel handshake (tl_d, ctn_tl, host_tl, sys_i AXI ports) — non-deassert + payload stability across 12 valid / 11 ready signals
REQUIREDdma_reg_topPROTOCOL_COMPLIANCE ×2 + INITIALIZATION
tl_i/tl_o + racl_error_o handshake; 1-register reset
REQUIREDexpansion_prim_flopINITIALIZATION
1-register reset reachability
REQUIREDkeymgr_dpePROTOCOL_COMPLIANCE ×2 + INITIALIZATION
Multi-channel handshake on tl, kmac_data, otp_key, edn, aes/kmac/otbn key, kmac_data, edn AXI ports — 25 valid / 18 ready; 2-register reset across rst_ni / rst_shadowed_ni / rst_edn_ni
REQUIREDkeymgr_dpe_ctrlPROTOCOL_COMPLIANCE ×2 + INITIALIZATION
kmac_input_invalid, root_key, key_o, active_key_slot handshake; 4-register reset
REQUIREDkeymgr_dpe_reg_topPROTOCOL_COMPLIANCE ×2 + INITIALIZATION
tl_i/tl_o handshake; 3-register reset across rst_ni / rst_shadowed_ni
REQUIREDmbx_core_reg_topPROTOCOL_COMPLIANCE ×2 + INITIALIZATION
tl_i/tl_o + racl_error_o handshake; 1-register reset
REQUIREDmbx_imbxPROTOCOL_COMPLIANCE ×2
hostif_range_valid, sysif_data_write_valid, hostif_sram_all_vld_rcvd handshake on imbx_irq_ready
REQUIREDmbx_ombxPROTOCOL_COMPLIANCE ×2
5 valid signals against 4 ready signals (sysif_status_ready, ombx_doe_intr_ready_set, ombx_status_ready_update, ombx_status_ready)
REQUIREDmbx_soc_reg_topPROTOCOL_COMPLIANCE ×2 + INITIALIZATION
tl_i/tl_o + racl_error_o handshake; 1-register reset
REQUIREDmbx_sramrwarbPROTOCOL_COMPLIANCE ×2
tl_host handshake; imbx/ombx response valid coordination
REQUIREDprim_alert_senderINITIALIZATION
4-register reset reachability
REQUIREDprim_arbiter_ppcPROTOCOL_COMPLIANCE ×2 + INITIALIZATION + LIVENESS
valid_o/ready_i handshake; 1-register reset; 8-way starvation freedom (req_i[k] eventually leads to gnt_o[k] under fairness on ready_i)
REQUIREDprim_ascon_duplexPROTOCOL_COMPLIANCE ×2 + INITIALIZATION
data_in/out_valid and tag_out_valid handshake; 1-register reset
REQUIREDprim_edge_detector / prim_intr_hw / prim_lc_sync / prim_mubi4_syncINITIALIZATION ×4
1-register reset reachability per module
REQUIREDprim_fifo_syncPROTOCOL_COMPLIANCE ×2 + INITIALIZATION + USAGE_ASSUMPTION
wvalid/rvalid handshake; 2-register reset; clr_i usage assumption from parent
REQUIREDprim_sha2PROTOCOL_COMPLIANCE ×2 + INITIALIZATION
fifo_rvalid_i/fifo_rready_o handshake; 3-register reset
REQUIREDsoc_dbg_ctrlPROTOCOL_COMPLIANCE ×2 + INITIALIZATION
core_tl + jtag_tl 4-valid / 4-ready handshake; 4-register reset
REQUIREDsoc_dbg_ctrl_core_reg_topPROTOCOL_COMPLIANCE ×2 + INITIALIZATION
tl_i/tl_o handshake; 3-register reset across rst_ni / rst_shadowed_ni
REQUIREDsoc_dbg_ctrl_jtag_reg_topPROTOCOL_COMPLIANCE ×2 + INITIALIZATION
tl_i/tl_o handshake; 1-register reset
REQUIREDsoc_proxy_core_reg_topPROTOCOL_COMPLIANCE ×2 + INITIALIZATION
tl_i/tl_o handshake; 1-register reset
REQUIREDtlul_adapter_sramPROTOCOL_COMPLIANCE ×2 + INITIALIZATION
rvalid_i + tl_i/tl_o handshake; 2-register reset
REQUIREDtlul_err_respPROTOCOL_COMPLIANCE ×2 + INITIALIZATION
tl_h handshake; 5-register reset
REQUIREDtlul_lc_gatePROTOCOL_COMPLIANCE ×2 + INITIALIZATION
tl_h2d / tl_d2h 4-valid / 4-ready handshake; 1-register reset
REQUIREDtlul_socket_1nPROTOCOL_COMPLIANCE ×2 + INITIALIZATION
tl_h handshake; 2-register reset

42 output signals with zero functional coverage and no X-checking. Logic drives them but no proven assertion covers their behavior. Real verification gaps.

dma 5 uncovered
intr_dma_done_o1-bit1 write site
intr_dma_chunk_done_o1-bit1 write site
intr_dma_error_o1-bit1 write site
alert_tx_o1-bit1 write site
racl_error_o35-bit1 write site
keymgr_dpe 5 uncovered
tl_o66-bit1 write site
aes_key_o217-bit1 write site
kmac_key_o217-bit1 write site
otbn_key_o217-bit1 write site
kmac_data_o217-bit1 write site
keymgr_dpe_ctrl 5 uncovered
key_version_vld_o1-bit1 write site
op_done_o1-bit1 write site
status_o1-bit3 write sites
error_o3-bit1 write site
fault_o14-bit1 write site
prim_ascon_duplex 5 uncovered
done_o1-bit2 write sites
idle_o1-bit2 write sites
data_in_ready_o1-bit3 write sites
data_out_o128-bit1 write site
data_out_valid_o1-bit2 write sites
prim_ascon_round 1 uncovered
state_o320-bit1 write site
prim_ascon_sbox 1 uncovered
state_o5-bit1 write site
prim_buf 1 uncovered
out_o1-bit1 write site
prim_mubi4_dec 1 uncovered
mubi_dec_o1-bit1 write site
prim_sparse_fsm_flop 1 uncovered
state_o1-bit1 write site
prim_subreg_arb 2 uncovered
wr_en1-bit1 write site
wr_data32-bit1 write site
soc_dbg_ctrl 5 uncovered
alert_tx_o2-bit2 write sites
core_tl_o66-bit1 write site
jtag_tl_o66-bit1 write site
soc_dbg_policy_bus_o1-bit1 write site
continue_cpu_boot_o1-bit0 write sites
tlul_cmd_intg_gen 5 uncovered
tl_o102-bit1 write site
tl_o_a_valid1-bit0 write sites
tl_o_a_opcode3-bit0 write sites
tl_o_a_param3-bit0 write sites
tl_o_a_size2-bit0 write sites
tlul_lc_gate 5 uncovered
tl_d2h_o66-bit2 write sites
tl_h2d_o102-bit1 write site
flush_ack_o1-bit2 write sites
resp_pending_o1-bit3 write sites
err_o1-bit2 write sites

750 informational signals — not verification gaps. Flagged for transparency. An engineer can upgrade any signal to actionable if functional coverage is needed.

ASSERT_KNOWN-only (X-checking, no functional)125
Structural (wire-throughs, struct sub-fields, CSR)625

ASSERT_KNOWN-Only (125)

Have X-propagation checking but no functional property. Concentrated in CSR adapter outputs (tl_o.d_* sub-fields), interrupt outputs, FIFO depth/error signals, and SRAM arbiter outputs.

Distribution by module (top 10) 125 signals
ascon5idle_o, edn_o (+ sub-fields), tl_o
ascon_reg_top5tl_o (+ sub-fields), reg2hw
dma_reg_top5tl_o (+ sub-fields), reg2hw, racl_error_o
keymgr_dpe_reg_top5tl_o (+ sub-fields), reg2hw
mbx5intr_mbx_ready/abort/error_o, doe_intr_support_o, doe_intr_en_o
mbx_core_reg_top5tl_o (+ sub-fields), reg2hw, racl_error_o
mbx_hostif5tl_host_o, intr_ready/abort/error_o, hostif_control_error_set_o
prim_sram_arbiter5sram_req_o, sram_addr_o, sram_write_o, sram_wdata_o, sram_wmask_o
tlul_adapter_host5rdata_o, rdata_intg_o, err_o, tl_o (+ sub-fields)
tlul_adapter_sram5tl_o, req_o, req_type_o, we_o, addr_o
+ 17 more modules75remaining 75 ASSERT_KNOWN-only signals

Structural (625)

Wire-throughs, struct sub-fields, CSR boilerplate. Coverage exists in child modules or these are non-driven informational ports.

Distribution by module 625 signals
keymgr_dpe173CSR + KMAC interface struct sub-fields
dma70multi-channel TileLink struct sub-fields
keymgr_dpe_ctrl49internal struct wire-throughs
ascon40crypto interface struct sub-fields
mbx40mailbox interface struct sub-fields
mbx_hostif / mbx_sysif50hostif/sysif TileLink sub-fields (25 each)
soc_dbg_ctrl20debug control TileLink sub-fields
tlul_lc_gate / tlul_fifo_sync39TileLink wrapper passthroughs
tlul_sram_byte / tlul_adapter_sram / tlul_cmd_intg_gen33TileLink-to-SRAM adapter sub-fields
other reg_top modules (12 modules)~85CSR adapter struct sub-fields, ~7 each
remaining~26misc primitives

Run ID 2026-04-30T08-51-00 · Z3 unbounded k-induction · 27 min compute · 0 counterexamples

April 25, 2026

OpenTitan Prim FPV Suite

130 primitive modules from the lowRISC silicon root-of-trust. Arbiters, FIFOs, counters, alert/escalation protocol, SECDED encoders, LFSRs, edge detectors. Input: SystemVerilog only.

2,327
Properties proven
136
Intent candidates
104
Modules analyzed
Single-cycle proven1,543
Temporal proven784
Uncovered signals flagged493 (7 core)
AI calls in generation0

Validated Against OpenTitan's Hand-Written FPV Assertions

33
14
21
13

33 Solver-Verified — Z3 proves OT's assertion follows from RTLPreCheck's facts

14 Discovered — intent candidate covers same signals and goal

21 Flagged — coverage scanner explicitly flags the gap

13 Covered Signals — proven properties exist on same signals

81 of 81 design RTL assertions accounted for. 100% coverage visibility.

2 additional OT assertions reference FPV testbench signals not in design RTL — excluded from scope.

Proven (2327)
Intent (136)
Uncovered (493)

All 2327 solver-verified properties across 104 modules. Click a module to expand.

prim_fifo_async_sram_adapter 101 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(r_full_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(r_notempty_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(r_sram_addr_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(r_sram_req_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(r_sram_wdata_o)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(r_sram_wmask_o)
SCAI_F0_ASSERT_KNOWN/6!$isunknown(r_sram_write_o)
SCAI_F0_ASSERT_KNOWN/7!$isunknown(rdata_o)
SCAI_F0_ASSERT_KNOWN/8!$isunknown(rdepth_o)
SCAI_F0_ASSERT_KNOWN/9!$isunknown(rvalid_o)
SCAI_F0_ASSERT_KNOWN/10!$isunknown(w_full_o)
SCAI_F0_ASSERT_KNOWN/11!$isunknown(w_sram_addr_o)
SCAI_F0_ASSERT_KNOWN/12!$isunknown(w_sram_req_o)
SCAI_F0_ASSERT_KNOWN/13!$isunknown(w_sram_wdata_o)
SCAI_F0_ASSERT_KNOWN/14!$isunknown(w_sram_wmask_o)
SCAI_F0_ASSERT_KNOWN/15!$isunknown(w_sram_write_o)
SCAI_F0_ASSERT_KNOWN/16!$isunknown(wdepth_o)
SCAI_F0_ASSERT_KNOWN/17!$isunknown(wready_o)
SCAI_F3_SAFETY_IMPLICATION/18!(!r_sram_rvalid_i && !store_en && rfifo_ack && rst_rd_ni) |
SCAI_F3_SAFETY_IMPLICATION/19!(!r_sram_rvalid_i && !store_en && rfifo_ack && rst_rd_ni) |
SCAI_F3_SAFETY_IMPLICATION/20!(r_rptr_inc && rst_rd_ni) || (r_rptr_gray_q == r_rptr_gray_
SCAI_F3_SAFETY_IMPLICATION/21!(r_rptr_inc && rst_rd_ni) || (r_rptr_q == r_rptr_d)
SCAI_F3_SAFETY_IMPLICATION/22!(rst_rd_ni && store_en) || (rdata_q == rdata_d)
SCAI_F3_SAFETY_IMPLICATION/23!(rst_rd_ni && store_en) || (stored == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/24!(rst_wr_ni && w_wptr_inc) || (w_wptr_gray_q == w_wptr_gray_
SCAI_F3_SAFETY_IMPLICATION/25!(rst_wr_ni && w_wptr_inc) || (w_wptr_q == w_wptr_d)
SCAI_F5_COUNTER_BOUND/26!r_sram_rptr_inc || (r_sram_rptr != 5'h1F)
SCAI_F3_SAFETY_IMPLICATION/27!stored || (r_sram_req_o == (!r_sramrptr_empty && rfifo_ack)
SCAI_F3_BACKWARD_IMPLICATION/28(r_sram_req_o == 1'b0) || (!stored)
SCAI_F3_BACKWARD_IMPLICATION/29(r_sram_req_o == 1'b0) || (stored)
SCAI_F3_SAFETY_IMPLICATION/30r_full_o == r_full
SCAI_F3_SAFETY_IMPLICATION/31r_notempty_o == rvalid_o
SCAI_F5_COUNTER_BOUND/32r_rptr_d <= 5'h1F
SCAI_F5_COUNTER_BOUND/35r_sram_rptr <= 5'h1F
SCAI_F3_SAFETY_IMPLICATION/36r_sram_wdata_o == 32'h0
SCAI_F0_CONSTANT_OUTPUT/37r_sram_wdata_o == 32'h0
SCAI_F3_SAFETY_IMPLICATION/38r_sram_wmask_o == 32'h0
SCAI_F0_CONSTANT_OUTPUT/39r_sram_wmask_o == 32'h0
SCAI_F3_SAFETY_IMPLICATION/40r_sram_write_o == 1'b0
SCAI_F0_CONSTANT_OUTPUT/41r_sram_write_o == 1'b0
SCAI_F3_SAFETY_IMPLICATION/42rdata_o == (stored ? rdata_q : rdata_d)
SCAI_F3_OUTPUT_EQUIVALENCE/43rdata_o == (stored ? rdata_q : rdata_d)
SCAI_F3_SAFETY_IMPLICATION/44rdepth_o == ((r_wptr_p == r_rptr_p) ? (r_wptr_v - r_rptr_v)
SCAI_F3_OUTPUT_EQUIVALENCE/45rdepth_o == ((r_wptr_p == r_rptr_p) ? (r_wptr_v - r_rptr_v)
SCAI_F3_SAFETY_IMPLICATION/46rst_rd_ni || (r_rptr_gray_q == 5'h0)
SCAI_F3_SAFETY_IMPLICATION/47rst_rd_ni || (r_rptr_q == 5'h0)
SCAI_F3_SAFETY_IMPLICATION/48rst_rd_ni || (r_sram_rptr == 5'h0)
SCAI_F3_SAFETY_IMPLICATION/49rst_rd_ni || (rdata_q == 32'h0)
SCAI_F3_SAFETY_IMPLICATION/50rst_rd_ni || (stored == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/51rst_wr_ni || (w_wptr_gray_q == 5'h0)
SCAI_F3_SAFETY_IMPLICATION/52rst_wr_ni || (w_wptr_q == 5'h0)
SCAI_F3_SAFETY_IMPLICATION/53rvalid_o == (stored || r_sram_rvalid_i)
SCAI_F3_OUTPUT_EQUIVALENCE/54rvalid_o == (stored || r_sram_rvalid_i)
SCAI_F3_SAFETY_IMPLICATION/55stored || (r_sram_req_o == (!r_sramrptr_empty && !(r_sram_rv
SCAI_F3_SAFETY_IMPLICATION/56w_full_o == w_full
SCAI_F3_SAFETY_IMPLICATION/59w_sram_req_o == (wvalid_i && !w_full)
SCAI_F3_OUTPUT_EQUIVALENCE/60w_sram_req_o == (wvalid_i && !w_full)
SCAI_F3_SAFETY_IMPLICATION/61w_sram_wdata_o == wdata_i
SCAI_F3_PASSTHROUGH/62w_sram_wdata_o == wdata_i
SCAI_F3_SAFETY_IMPLICATION/63w_sram_wmask_o == {32'h20{{1'b1}}}
SCAI_F3_SAFETY_IMPLICATION/64w_sram_write_o == 1'b1
SCAI_F0_CONSTANT_OUTPUT/65w_sram_write_o == 1'b1
SCAI_F5_COUNTER_BOUND/66w_wptr_d <= 5'h1F
SCAI_F3_SAFETY_IMPLICATION/67wdepth_o == ((w_wptr_p == w_rptr_p) ? (w_wptr_v - w_rptr_v)
SCAI_F3_OUTPUT_EQUIVALENCE/68wdepth_o == ((w_wptr_p == w_rptr_p) ? (w_wptr_v - w_rptr_v)
SCAI_F3_SAFETY_IMPLICATION/69wready_o == (!w_full && w_sram_gnt_i)
SCAI_F3_OUTPUT_EQUIVALENCE/70wready_o == (!w_full && w_sram_gnt_i)
TT1_GUARDED_UPDATE/T0!(rst_wr_ni) |=> (w_wptr_q == 0)
TT1_GUARDED_UPDATE/T1(rst_wr_ni && w_wptr_inc) |=> (w_wptr_q == w_wptr_d)
TT2_HOLD_CONDITION/T2!((!(rst_wr_ni) || (rst_wr_ni && w_wptr_inc))) |=> $stable(w_wptr_q)
TT1_GUARDED_UPDATE/T3!(rst_wr_ni) |=> (w_wptr_gray_q == 0)
TT1_GUARDED_UPDATE/T4(rst_wr_ni && w_wptr_inc) |=> (w_wptr_gray_q == w_wptr_gray_d)
TT2_HOLD_CONDITION/T5!((!(rst_wr_ni) || (rst_wr_ni && w_wptr_inc))) |=> $stable(w_wptr_gray
TT1_GUARDED_UPDATE/T6!(rst_rd_ni) |=> (r_rptr_q == 0)
TT1_GUARDED_UPDATE/T7(r_rptr_inc && rst_rd_ni) |=> (r_rptr_q == r_rptr_d)
TT2_HOLD_CONDITION/T8!((!(rst_rd_ni) || (r_rptr_inc && rst_rd_ni))) |=> $stable(r_rptr_q)
TT1_GUARDED_UPDATE/T9!(rst_rd_ni) |=> (r_rptr_gray_q == 0)
TT1_GUARDED_UPDATE/T10(r_rptr_inc && rst_rd_ni) |=> (r_rptr_gray_q == r_rptr_gray_d)
TT2_HOLD_CONDITION/T11!((!(rst_rd_ni) || (r_rptr_inc && rst_rd_ni))) |=> $stable(r_rptr_gray
TT1_GUARDED_UPDATE/T12!(rst_rd_ni) |=> (r_sram_rptr == 0)
TT2_HOLD_CONDITION/T13!((!(rst_rd_ni) || (r_sram_rptr_inc && rst_rd_ni))) |=> $stable(r_sram
TT3_ARITHMETIC_UPDATE/T14(r_sram_rptr_inc && rst_rd_ni) |=> (r_sram_rptr == $past(r_sram_rptr)
TT1_GUARDED_UPDATE/T15stored |=> (r_sram_req_o == (!(r_sramrptr_empty) && rfifo_ack))
TT1_GUARDED_UPDATE/T16!(stored) |=> (r_sram_req_o == (!(r_sramrptr_empty) && !((r_sram_rvali
TT2_HOLD_CONDITION/T17!((stored || !(stored))) |=> $stable(r_sram_req_o)
TT1_GUARDED_UPDATE/T18!(rst_rd_ni) |=> (stored == 1'b0)
TT1_GUARDED_UPDATE/T19(rst_rd_ni && store_en) |=> (stored == 1'b1)
TT1_GUARDED_UPDATE/T20(!(r_sram_rvalid_i) && !(store_en) && rfifo_ack && rst_rd_ni) |=> (sto
TT2_HOLD_CONDITION/T21!((!(rst_rd_ni) || (rst_rd_ni && store_en) || (!(r_sram_rvalid_i) && !
TT1_GUARDED_UPDATE/T22!(rst_rd_ni) |=> (rdata_q == 0)
TT1_GUARDED_UPDATE/T23(rst_rd_ni && store_en) |=> (rdata_q == rdata_d)
TT1_GUARDED_UPDATE/T24(!(r_sram_rvalid_i) && !(store_en) && rfifo_ack && rst_rd_ni) |=> (rda
TT2_HOLD_CONDITION/T25!((!(rst_rd_ni) || (rst_rd_ni && store_en) || (!(r_sram_rvalid_i) && !
TT4_HOLD_VALID/T26(wvalid_i && !wready_o) |=> wvalid_i
TT4_DATA_STABLE/T27(wvalid_i && !wready_o) |=> $stable(wdata_i)
TT4_DATA_STABLE/T28(wvalid_i && !wready_o) |=> $stable(w_sram_wdata_o)
TT4_DATA_STABLE/T29(wvalid_i && !wready_o) |=> $stable(w_sram_rdata_i)
TT4_HOLD_VALID/T30(rvalid_o && !rready_i) |=> rvalid_o
TT4_DATA_STABLE/T31(rvalid_o && !rready_i) |=> $stable(rdata_o)
TT4_DATA_STABLE/T32(rvalid_o && !rready_i) |=> $stable(r_sram_wdata_o)
TT4_DATA_STABLE/T33(rvalid_o && !rready_i) |=> $stable(r_sram_rdata_i)
tlul_adapter_dmi 98 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(dmi_req_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(dmi_req_o_ar_addr)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(dmi_req_o_ar_burst)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(dmi_req_o_ar_cache)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(dmi_req_o_ar_id)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(dmi_req_o_ar_len)
SCAI_F0_ASSERT_KNOWN/6!$isunknown(dmi_req_o_ar_lock)
SCAI_F0_ASSERT_KNOWN/7!$isunknown(dmi_req_o_ar_prot)
SCAI_F0_ASSERT_KNOWN/8!$isunknown(dmi_req_o_ar_qos)
SCAI_F0_ASSERT_KNOWN/9!$isunknown(dmi_req_o_ar_region)
SCAI_F0_ASSERT_KNOWN/10!$isunknown(dmi_req_o_ar_size)
SCAI_F0_ASSERT_KNOWN/11!$isunknown(dmi_req_o_ar_user)
SCAI_F0_ASSERT_KNOWN/12!$isunknown(dmi_req_o_ar_valid)
SCAI_F0_ASSERT_KNOWN/13!$isunknown(dmi_req_o_aw_addr)
SCAI_F0_ASSERT_KNOWN/14!$isunknown(dmi_req_o_aw_atop)
SCAI_F0_ASSERT_KNOWN/15!$isunknown(dmi_req_o_aw_burst)
SCAI_F0_ASSERT_KNOWN/16!$isunknown(dmi_req_o_aw_cache)
SCAI_F0_ASSERT_KNOWN/17!$isunknown(dmi_req_o_aw_id)
SCAI_F0_ASSERT_KNOWN/18!$isunknown(dmi_req_o_aw_len)
SCAI_F0_ASSERT_KNOWN/19!$isunknown(dmi_req_o_aw_lock)
SCAI_F0_ASSERT_KNOWN/20!$isunknown(dmi_req_o_aw_prot)
SCAI_F0_ASSERT_KNOWN/21!$isunknown(dmi_req_o_aw_qos)
SCAI_F0_ASSERT_KNOWN/22!$isunknown(dmi_req_o_aw_region)
SCAI_F0_ASSERT_KNOWN/23!$isunknown(dmi_req_o_aw_size)
SCAI_F0_ASSERT_KNOWN/24!$isunknown(dmi_req_o_aw_user)
SCAI_F0_ASSERT_KNOWN/25!$isunknown(dmi_req_o_aw_valid)
SCAI_F0_ASSERT_KNOWN/26!$isunknown(dmi_req_o_b_ready)
SCAI_F0_ASSERT_KNOWN/27!$isunknown(dmi_req_o_r_ready)
SCAI_F0_ASSERT_KNOWN/28!$isunknown(dmi_req_o_w_data)
SCAI_F0_ASSERT_KNOWN/29!$isunknown(dmi_req_o_w_last)
SCAI_F0_ASSERT_KNOWN/30!$isunknown(dmi_req_o_w_strb)
SCAI_F0_ASSERT_KNOWN/31!$isunknown(dmi_req_o_w_user)
SCAI_F0_ASSERT_KNOWN/32!$isunknown(dmi_req_o_w_valid)
SCAI_F0_ASSERT_KNOWN/33!$isunknown(dmi_req_valid_o)
SCAI_F0_ASSERT_KNOWN/34!$isunknown(dmi_resp_ready_o)
SCAI_F0_ASSERT_KNOWN/35!$isunknown(intg_error_o)
SCAI_F0_ASSERT_KNOWN/36!$isunknown(tl_d2h_o)
SCAI_F0_ASSERT_KNOWN/37!$isunknown(tl_d2h_o_a_ready)
SCAI_F0_ASSERT_KNOWN/38!$isunknown(tl_d2h_o_d_data)
SCAI_F0_ASSERT_KNOWN/39!$isunknown(tl_d2h_o_d_error)
SCAI_F0_ASSERT_KNOWN/40!$isunknown(tl_d2h_o_d_opcode)
SCAI_F0_ASSERT_KNOWN/41!$isunknown(tl_d2h_o_d_param)
SCAI_F0_ASSERT_KNOWN/42!$isunknown(tl_d2h_o_d_sink)
SCAI_F0_ASSERT_KNOWN/43!$isunknown(tl_d2h_o_d_size)
SCAI_F0_ASSERT_KNOWN/44!$isunknown(tl_d2h_o_d_source)
SCAI_F0_ASSERT_KNOWN/45!$isunknown(tl_d2h_o_d_user)
SCAI_F0_ASSERT_KNOWN/46!$isunknown(tl_d2h_o_d_valid)
SCAI_F3_SAFETY_IMPLICATION/47!(!a_ack && d_ack && rst_ni) || (outstanding_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/48!(a_ack && rst_ni) || (error_q == error_d)
SCAI_F3_SAFETY_IMPLICATION/49!(a_ack && rst_ni) || (outstanding_q == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/50!(a_ack && rst_ni) || (rd_req_q == rd_req)
SCAI_F3_SAFETY_IMPLICATION/51!(a_ack && rst_ni) || (reqid_q == tl_h2d_i.a_source)
SCAI_F3_SAFETY_IMPLICATION/52!(a_ack && rst_ni) || (reqsz_q == tl_h2d_i.a_size)
SCAI_F3_SAFETY_IMPLICATION/54!(a_ack && rst_ni) || (wr_req_q == wr_req)
SCAI_F3_SAFETY_IMPLICATION/55!(intg_error && rst_ni) || (intg_error_q == 1'b1)
SCAI_F0_PARAM_CONSTRAINT/561'b1
SCAI_F0_PARAM_CONSTRAINT/571'b1
SCAI_F3_SAFETY_IMPLICATION/58dmi_req_valid_o == ((wr_req || rd_req) && !error_d)
SCAI_F3_OUTPUT_EQUIVALENCE/59dmi_req_valid_o == ((wr_req || rd_req) && !error_d)
SCAI_F3_SAFETY_IMPLICATION/60dmi_resp_ready_o == (outstanding_q && !error_q)
SCAI_F3_OUTPUT_EQUIVALENCE/61dmi_resp_ready_o == (outstanding_q && !error_q)
SCAI_F3_SAFETY_IMPLICATION/62intg_error_o == intg_error_q
SCAI_F3_SAFETY_IMPLICATION/63rst_ni || (error_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/64rst_ni || (intg_error_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/65rst_ni || (outstanding_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/66rst_ni || (rd_req_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/67rst_ni || (reqid_q == 8'h0)
SCAI_F3_SAFETY_IMPLICATION/68rst_ni || (reqsz_q == 2'h0)
SCAI_F3_SAFETY_IMPLICATION/70rst_ni || (wr_req_q == 1'b0)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (outstanding_q == 1'b0)
TT1_GUARDED_UPDATE/T1(a_ack && rst_ni) |=> (outstanding_q == 1'b1)
TT1_GUARDED_UPDATE/T2(!(a_ack) && d_ack && rst_ni) |=> (outstanding_q == 1'b0)
TT2_HOLD_CONDITION/T3!((!(rst_ni) || (a_ack && rst_ni) || (!(a_ack) && d_ack && rst_ni))) |
TT1_GUARDED_UPDATE/T4!(rst_ni) |=> (reqid_q == 8'd0)
TT1_GUARDED_UPDATE/T5(a_ack && rst_ni) |=> (reqid_q == tl_h2d_i.a_source)
TT2_HOLD_CONDITION/T6!((!(rst_ni) || (a_ack && rst_ni))) |=> $stable(reqid_q)
TT1_GUARDED_UPDATE/T7!(rst_ni) |=> (reqsz_q == 2'b0)
TT1_GUARDED_UPDATE/T8(a_ack && rst_ni) |=> (reqsz_q == tl_h2d_i.a_size)
TT2_HOLD_CONDITION/T9!((!(rst_ni) || (a_ack && rst_ni))) |=> $stable(reqsz_q)
TT1_GUARDED_UPDATE/T10!(rst_ni) |=> (rspop_q == AccessAck)
TT1_GUARDED_UPDATE/T11(a_ack && rst_ni) |=> (rspop_q == (rd_req ? AccessAckData : AccessAck)
TT2_HOLD_CONDITION/T12!((!(rst_ni) || (a_ack && rst_ni))) |=> $stable(rspop_q)
TT1_GUARDED_UPDATE/T13!(rst_ni) |=> (error_q == 1'b0)
TT1_GUARDED_UPDATE/T14(a_ack && rst_ni) |=> (error_q == error_d)
TT2_HOLD_CONDITION/T15!((!(rst_ni) || (a_ack && rst_ni))) |=> $stable(error_q)
TT1_GUARDED_UPDATE/T16!(rst_ni) |=> (wr_req_q == 1'b0)
TT1_GUARDED_UPDATE/T17(a_ack && rst_ni) |=> (wr_req_q == wr_req)
TT2_HOLD_CONDITION/T18!((!(rst_ni) || (a_ack && rst_ni))) |=> $stable(wr_req_q)
TT1_GUARDED_UPDATE/T19!(rst_ni) |=> (rd_req_q == 1'b0)
TT1_GUARDED_UPDATE/T20(a_ack && rst_ni) |=> (rd_req_q == rd_req)
TT2_HOLD_CONDITION/T21!((!(rst_ni) || (a_ack && rst_ni))) |=> $stable(rd_req_q)
TT1_GUARDED_UPDATE/T22!(rst_ni) |=> (intg_error_q == 1'b0)
TT1_GUARDED_UPDATE/T23(intg_error && rst_ni) |=> (intg_error_q == 1'b1)
TT2_HOLD_CONDITION/T24!((!(rst_ni) || (intg_error && rst_ni))) |=> $stable(intg_error_q)
TT4_HOLD_VALID/T25(dmi_req_valid_o && !dmi_req_ready_i) |=> dmi_req_valid_o
TT4_DATA_STABLE/T26(dmi_req_valid_o && !dmi_req_ready_i) |=> $stable(dmi_req_o_w_data)
TT4_HOLD_VALID/T27(dmi_resp_valid_i && !dmi_resp_ready_o) |=> dmi_resp_valid_i
TT4_DATA_STABLE/T28(dmi_resp_valid_i && !dmi_resp_ready_o) |=> $stable(dmi_resp_i_r_data)
prim_packer 92 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(flush_done_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(mask_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(ready_o)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(valid_o)
SCAI_F3_SAFETY_IMPLICATION/6!(!(pos_q == 7'h7) && flush_st) || (flush_done == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/7!(!(pos_q == 7'h7) && flush_st) || (flush_st_next == FlushSe
SCAI_F3_SAFETY_IMPLICATION/8!(!(pos_q == 7'h7) && flush_st) || (flush_valid == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/9!(!flush_done && rst_ni) || (pos_q == pos_d)
SCAI_F3_SAFETY_IMPLICATION/10!(!flush_done && rst_ni) || (stored_data == stored_data_next
SCAI_F3_SAFETY_IMPLICATION/11!(!flush_done && rst_ni) || (stored_mask == stored_mask_next
SCAI_F3_SAFETY_IMPLICATION/12!(!flush_i && flush_st) || (flush_st_next == FlushIdle)
SCAI_F3_SAFETY_IMPLICATION/13!((pos_q == 7'h7) && flush_st) || (flush_done == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/14!((pos_q == 7'h7) && flush_st) || (flush_st_next == FlushIdl
SCAI_F3_SAFETY_IMPLICATION/15!((pos_q == 7'h7) && flush_st) || (flush_valid == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/16!(ack_in && ack_out) || (pos_d == pos_q)
SCAI_F3_SAFETY_IMPLICATION/17!(ack_in && ack_out) || (stored_data_next == stored_data)
SCAI_F3_SAFETY_IMPLICATION/18!(ack_in && ack_out) || (stored_mask_next == stored_mask)
SCAI_F3_SAFETY_IMPLICATION/19!(flush_done && rst_ni) || (pos_q == 7'h0)
SCAI_F3_SAFETY_IMPLICATION/20!(flush_done && rst_ni) || (stored_data == 64'h0)
SCAI_F3_SAFETY_IMPLICATION/21!(flush_done && rst_ni) || (stored_mask == 64'h0)
SCAI_F3_SAFETY_IMPLICATION/22!(flush_i && flush_st) || (flush_st_next == FlushSend)
SCAI_F3_SAFETY_IMPLICATION/23!(mask_i == 32'h1) || (lod_idx == i)
SCAI_F3_SAFETY_IMPLICATION/24!flush_st || (flush_done == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/25!flush_st || (flush_st_next == FlushIdle)
SCAI_F3_SAFETY_IMPLICATION/26!flush_st || (flush_valid == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/27!rst_ni || (flush_st == flush_st_next)
SCAI_F0_VALUE_ENUM/28(flush_st == 1'b0) || (flush_st == 1'b1)
SCAI_F0_VALUE_ENUM/29(flush_st_next == 1'b0) || (flush_st_next == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/32err_o == 1'b0
SCAI_F0_CONSTANT_OUTPUT/33err_o == 1'b0
SCAI_F3_SAFETY_IMPLICATION/34flush_done_o == flush_done
SCAI_F5_COUNTER_BOUND/35inmask_ones <= 6'h3F
SCAI_F5_COUNTER_BOUND/38pos_d <= 7'h7F
SCAI_F5_COUNTER_BOUND/40pos_with_input <= 7'h7F
SCAI_F3_SAFETY_IMPLICATION/41ready_o == ready_next
SCAI_F3_SAFETY_IMPLICATION/42rst_ni || (flush_st == FlushIdle)
SCAI_F3_SAFETY_IMPLICATION/43rst_ni || (pos_q == 7'h0)
SCAI_F3_SAFETY_IMPLICATION/44rst_ni || (stored_data == 64'h0)
SCAI_F3_SAFETY_IMPLICATION/45rst_ni || (stored_mask == 64'h0)
SCAI_F3_SAFETY_IMPLICATION/46valid_o == valid_next
TT1_GUARDED_UPDATE/T0(ack_in && ack_out) |=> (pos_d == pos_q)
TT1_GUARDED_UPDATE/T1(ack_in && ack_out) |=> (pos_d == ((pos_q <= 32'd32) ? 7'b0 : (pos_q -
TT1_GUARDED_UPDATE/T2(ack_in && ack_out) |=> (pos_d == pos_with_input)
TT1_GUARDED_UPDATE/T3(ack_in && ack_out) |=> (pos_d == ((pos_with_input <= 32'd32) ? 7'b0 :
TT2_HOLD_CONDITION/T4!(((ack_in && ack_out) || (ack_in && ack_out) || (ack_in && ack_out) |
TT1_GUARDED_UPDATE/T5!(rst_ni) |=> (pos_q == 7'b0)
TT1_GUARDED_UPDATE/T6(flush_done && rst_ni) |=> (pos_q == 7'b0)
TT1_GUARDED_UPDATE/T7(!(flush_done) && rst_ni) |=> (pos_q == pos_d)
TT2_HOLD_CONDITION/T8!((!(rst_ni) || (flush_done && rst_ni) || (!(flush_done) && rst_ni)))
TT3_ARITHMETIC_UPDATE/T9(flush_done && rst_ni) |=> (pos_q == $past(pos_q) - 1)
TT1_GUARDED_UPDATE/T10(mask_i == 1) |=> (lod_idx == i)
TT2_HOLD_CONDITION/T11!((mask_i == 1)) |=> $stable(lod_idx)
TT1_GUARDED_UPDATE/T12(ack_in && ack_out) |=> (stored_data_next == stored_data)
TT1_GUARDED_UPDATE/T13(ack_in && ack_out) |=> (stored_data_next == {{32'd32{{1'b0}}}, stored
TT1_GUARDED_UPDATE/T14(ack_in && ack_out) |=> (stored_data_next == concat_data[0:32'd64])
TT1_GUARDED_UPDATE/T15(ack_in && ack_out) |=> (stored_data_next == concat_data[(32'd96 - 1):
TT2_HOLD_CONDITION/T16!(((ack_in && ack_out) || (ack_in && ack_out) || (ack_in && ack_out) |
TT1_GUARDED_UPDATE/T17(ack_in && ack_out) |=> (stored_mask_next == stored_mask)
TT1_GUARDED_UPDATE/T18(ack_in && ack_out) |=> (stored_mask_next == {{32'd32{{1'b0}}}, stored
TT1_GUARDED_UPDATE/T19(ack_in && ack_out) |=> (stored_mask_next == concat_mask[0:32'd64])
TT1_GUARDED_UPDATE/T20(ack_in && ack_out) |=> (stored_mask_next == concat_mask[(32'd96 - 1):
TT2_HOLD_CONDITION/T21!(((ack_in && ack_out) || (ack_in && ack_out) || (ack_in && ack_out) |
TT1_GUARDED_UPDATE/T22!(rst_ni) |=> (stored_data == 64'h0)
TT1_GUARDED_UPDATE/T23(flush_done && rst_ni) |=> (stored_data == 64'h0)
TT1_GUARDED_UPDATE/T24(!(flush_done) && rst_ni) |=> (stored_data == stored_data_next)
TT2_HOLD_CONDITION/T25!((!(rst_ni) || (flush_done && rst_ni) || (!(flush_done) && rst_ni)))
TT1_GUARDED_UPDATE/T26!(rst_ni) |=> (stored_mask == 64'h0)
TT1_GUARDED_UPDATE/T27(flush_done && rst_ni) |=> (stored_mask == 64'h0)
TT1_GUARDED_UPDATE/T28(!(flush_done) && rst_ni) |=> (stored_mask == stored_mask_next)
TT2_HOLD_CONDITION/T29!((!(rst_ni) || (flush_done && rst_ni) || (!(flush_done) && rst_ni)))
TT1_GUARDED_UPDATE/T30!(rst_ni) |=> (flush_st == FlushIdle)
TT1_GUARDED_UPDATE/T31rst_ni |=> (flush_st == flush_st_next)
TT2_HOLD_CONDITION/T32!((!(rst_ni) || rst_ni)) |=> $stable(flush_st)
TT1_GUARDED_UPDATE/T33(flush_i && flush_st) |=> (flush_st_next == FlushSend)
TT1_GUARDED_UPDATE/T34(!(flush_i) && flush_st) |=> (flush_st_next == FlushIdle)
TT1_GUARDED_UPDATE/T35((pos_q == 7) && flush_st) |=> (flush_st_next == FlushIdle)
TT1_GUARDED_UPDATE/T36(!((pos_q == 7)) && flush_st) |=> (flush_st_next == FlushSend)
TT1_GUARDED_UPDATE/T37flush_st |=> (flush_st_next == FlushIdle)
TT2_HOLD_CONDITION/T38!(((flush_i && flush_st) || (!(flush_i) && flush_st) || ((pos_q == 7)
TT1_GUARDED_UPDATE/T39((pos_q == 7) && flush_st) |=> (flush_valid == 1'b0)
TT1_GUARDED_UPDATE/T40(!((pos_q == 7)) && flush_st) |=> (flush_valid == 1'b1)
TT1_GUARDED_UPDATE/T41flush_st |=> (flush_valid == 1'b0)
TT2_HOLD_CONDITION/T42!((((pos_q == 7) && flush_st) || (!((pos_q == 7)) && flush_st) || flus
TT1_GUARDED_UPDATE/T43((pos_q == 7) && flush_st) |=> (flush_done == 1'b1)
TT1_GUARDED_UPDATE/T44(!((pos_q == 7)) && flush_st) |=> (flush_done == 1'b0)
TT1_GUARDED_UPDATE/T45flush_st |=> (flush_done == 1'b0)
TT2_HOLD_CONDITION/T46!((((pos_q == 7) && flush_st) || (!((pos_q == 7)) && flush_st) || flus
TT4_HOLD_VALID/T47(valid_i && !ready_o) |=> valid_i
TT4_DATA_STABLE/T48(valid_i && !ready_o) |=> $stable(data_i)
TT4_DATA_STABLE/T49(valid_i && !ready_o) |=> $stable(data_o)
alert_handler_esc_timer 90 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(esc_cnt_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(esc_sig_req_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(esc_state_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(esc_trig_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(latch_crashdump_o)
SCAI_F3_SAFETY_IMPLICATION/5!(!(!clr_i && accu_trig_i && en_i) && !cnt_ge && en_i && sta
SCAI_F3_SAFETY_IMPLICATION/6!(!(!clr_i && accu_trig_i && en_i) && !cnt_ge && en_i && sta
SCAI_F3_SAFETY_IMPLICATION/7!(!((!clr_i && accu_trig_i && en_i) || (cnt_ge && timeout_en
SCAI_F3_SAFETY_IMPLICATION/8!(!((!clr_i && accu_trig_i && en_i) || (cnt_ge && timeout_en
SCAI_F3_SAFETY_IMPLICATION/9!(!((!clr_i && accu_trig_i && en_i) || (cnt_ge && timeout_en
SCAI_F3_SAFETY_IMPLICATION/10!(!clr_i && accu_trig_i && en_i && state_q) || (cnt_en == 1'
SCAI_F3_SAFETY_IMPLICATION/11!(!clr_i && accu_trig_i && en_i && state_q) || (esc_trig_o =
SCAI_F3_SAFETY_IMPLICATION/12!(!clr_i && accu_trig_i && en_i && state_q) || (state_d == P
SCAI_F3_SAFETY_IMPLICATION/13!(!clr_i && cnt_ge && state_q) || (cnt_clr == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/14!(!clr_i && cnt_ge && state_q) || (cnt_en == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/15!(!clr_i && cnt_ge && state_q) || (state_d == Phase1St)
SCAI_F3_SAFETY_IMPLICATION/16!(((!clr_i && accu_trig_i && en_i) || (cnt_ge && timeout_en_
SCAI_F3_SAFETY_IMPLICATION/17!(((!clr_i && accu_trig_i && en_i) || (cnt_ge && timeout_en_
SCAI_F3_SAFETY_IMPLICATION/18!(((!clr_i && accu_trig_i && en_i) || (cnt_ge && timeout_en_
SCAI_F3_SAFETY_IMPLICATION/19!(((!clr_i && accu_trig_i && en_i) || (cnt_ge && timeout_en_
SCAI_F3_SAFETY_IMPLICATION/20!(accu_fail_i || cnt_error) || (fsm_error == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/21!(accu_fail_i || cnt_error) || (state_d == FsmErrorSt)
SCAI_F3_SAFETY_IMPLICATION/22!(clr_i && state_q) || (cnt_clr == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/23!(clr_i && state_q) || (cnt_en == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/24!(clr_i && state_q) || (state_d == IdleSt)
SCAI_F3_SAFETY_IMPLICATION/25!state_q || (cnt_clr == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/26!state_q || (cnt_en == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/27!state_q || (esc_state_o == Idle)
SCAI_F3_SAFETY_IMPLICATION/28!state_q || (fsm_error == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/29!state_q || (latch_crashdump_o == (crashdump_phase_i == 2'h0
SCAI_F3_SAFETY_IMPLICATION/30!state_q || (phase_oh == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/31!state_q || (state_d == FsmErrorSt)
SCAI_F3_SAFETY_IMPLICATION/32!state_q || (thresh == phase_cyc_i[0])
SCAI_F2_GRANT_EXCLUSIVITY/33$onehot0(esc_sig_req_o)
SCAI_F3_BACKWARD_IMPLICATION/34(esc_state_o == 1'b0) || (state_q)
SCAI_F3_BACKWARD_IMPLICATION/35(esc_trig_o == 1'b0) || ((!clr_i && accu_trig_i && en_i && s
SCAI_F3_BACKWARD_IMPLICATION/36(esc_trig_o == 1'b0) || ((((!clr_i && accu_trig_i && en_i) |
SCAI_F3_BACKWARD_IMPLICATION/37(latch_crashdump_o == 1'b0) || (state_q)
SCAI_F0_VALUE_ENUM/39(state_q == 10'h2DA) || (state_q == 10'h26) || (state_q == 1
SCAI_F0_PARAM_CONSTRAINT/401'b1
TT1_GUARDED_UPDATE/T0(!(clr_i) && accu_trig_i && en_i && state_q) |=> (state_d == Phase0St)
TT1_GUARDED_UPDATE/T1(!((!(clr_i) && accu_trig_i && en_i)) && !(cnt_ge) && en_i && state_q
TT1_GUARDED_UPDATE/T2(((!(clr_i) && accu_trig_i && en_i) || (cnt_ge && timeout_en_i)) && st
TT1_GUARDED_UPDATE/T3(!(((!(clr_i) && accu_trig_i && en_i) || (cnt_ge && timeout_en_i))) &&
TT1_GUARDED_UPDATE/T4(clr_i && state_q) |=> (state_d == IdleSt)
TT1_GUARDED_UPDATE/T5(!(clr_i) && cnt_ge && state_q) |=> (state_d == Phase1St)
TT1_GUARDED_UPDATE/T6(!(clr_i) && cnt_ge && state_q) |=> (state_d == Phase2St)
TT1_GUARDED_UPDATE/T7(!(clr_i) && cnt_ge && state_q) |=> (state_d == Phase3St)
TT1_GUARDED_UPDATE/T8(!(clr_i) && cnt_ge && state_q) |=> (state_d == TerminalSt)
TT1_GUARDED_UPDATE/T9state_q |=> (state_d == FsmErrorSt)
TT1_GUARDED_UPDATE/T10(accu_fail_i || cnt_error) |=> (state_d == FsmErrorSt)
TT2_HOLD_CONDITION/T11!(((!(clr_i) && accu_trig_i && en_i && state_q) || (!((!(clr_i) && acc
TT1_GUARDED_UPDATE/T12state_q |=> (esc_state_o == Idle)
TT1_GUARDED_UPDATE/T13state_q |=> (esc_state_o == Timeout)
TT1_GUARDED_UPDATE/T14state_q |=> (esc_state_o == Phase0)
TT1_GUARDED_UPDATE/T15state_q |=> (esc_state_o == Phase1)
TT1_GUARDED_UPDATE/T16state_q |=> (esc_state_o == Phase2)
TT1_GUARDED_UPDATE/T17state_q |=> (esc_state_o == Phase3)
TT1_GUARDED_UPDATE/T18state_q |=> (esc_state_o == Terminal)
TT1_GUARDED_UPDATE/T19state_q |=> (esc_state_o == FsmError)
TT2_HOLD_CONDITION/T20!((state_q || state_q || state_q || state_q || state_q || state_q || s
TT1_GUARDED_UPDATE/T21(!(clr_i) && accu_trig_i && en_i && state_q) |=> (cnt_en == 1'b1)
TT1_GUARDED_UPDATE/T22(!((!(clr_i) && accu_trig_i && en_i)) && !(cnt_ge) && en_i && state_q
TT1_GUARDED_UPDATE/T23(((!(clr_i) && accu_trig_i && en_i) || (cnt_ge && timeout_en_i)) && st
TT1_GUARDED_UPDATE/T24(!(((!(clr_i) && accu_trig_i && en_i) || (cnt_ge && timeout_en_i))) &&
TT1_GUARDED_UPDATE/T25state_q |=> (cnt_en == 1'b1)
TT1_GUARDED_UPDATE/T26(clr_i && state_q) |=> (cnt_en == 1'b0)
TT1_GUARDED_UPDATE/T27(!(clr_i) && cnt_ge && state_q) |=> (cnt_en == 1'b1)
TT1_GUARDED_UPDATE/T28(!(clr_i) && cnt_ge && state_q) |=> (cnt_en == 1'b0)
TT2_HOLD_CONDITION/T29!(((!(clr_i) && accu_trig_i && en_i && state_q) || (!((!(clr_i) && acc
TT1_GUARDED_UPDATE/T30state_q |=> (cnt_clr == 1'b1)
TT1_GUARDED_UPDATE/T31(((!(clr_i) && accu_trig_i && en_i) || (cnt_ge && timeout_en_i)) && st
TT1_GUARDED_UPDATE/T32(!(((!(clr_i) && accu_trig_i && en_i) || (cnt_ge && timeout_en_i))) &&
TT1_GUARDED_UPDATE/T33(clr_i && state_q) |=> (cnt_clr == 1'b1)
TT1_GUARDED_UPDATE/T34(!(clr_i) && cnt_ge && state_q) |=> (cnt_clr == 1'b1)
TT2_HOLD_CONDITION/T35!((state_q || (((!(clr_i) && accu_trig_i && en_i) || (cnt_ge && timeou
TT1_GUARDED_UPDATE/T36(!(clr_i) && accu_trig_i && en_i && state_q) |=> (esc_trig_o == 1'b1)
TT1_GUARDED_UPDATE/T37(((!(clr_i) && accu_trig_i && en_i) || (cnt_ge && timeout_en_i)) && st
TT2_HOLD_CONDITION/T38!(((!(clr_i) && accu_trig_i && en_i && state_q) || (((!(clr_i) && accu
TT1_GUARDED_UPDATE/T39state_q |=> (phase_oh == 1'b1)
TT2_HOLD_CONDITION/T40!((state_q || state_q || state_q || state_q)) |=> $stable(phase_oh)
TT1_GUARDED_UPDATE/T41state_q |=> (thresh == phase_cyc_i[0])
TT1_GUARDED_UPDATE/T42state_q |=> (thresh == phase_cyc_i[1])
TT1_GUARDED_UPDATE/T43state_q |=> (thresh == phase_cyc_i[2])
TT1_GUARDED_UPDATE/T44state_q |=> (thresh == phase_cyc_i[3])
TT2_HOLD_CONDITION/T45!((state_q || state_q || state_q || state_q)) |=> $stable(thresh)
TT1_GUARDED_UPDATE/T46state_q |=> (fsm_error == 1'b1)
TT1_GUARDED_UPDATE/T47(accu_fail_i || cnt_error) |=> (fsm_error == 1'b1)
TT2_HOLD_CONDITION/T48!((state_q || state_q || (accu_fail_i || cnt_error))) |=> $stable(fsm_
TT1_GUARDED_UPDATE/T49state_q |=> (latch_crashdump_o == (crashdump_phase_i == 2'b0))
prim_alert_receiver 86 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(alert_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(alert_rx_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(alert_rx_o_ack_n)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(alert_rx_o_ack_p)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(alert_rx_o_ping_n)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(alert_rx_o_ping_p)
SCAI_F0_ASSERT_KNOWN/6!$isunknown(integ_fail_o)
SCAI_F0_ASSERT_KNOWN/7!$isunknown(ping_ok_o)
SCAI_F3_SAFETY_IMPLICATION/8!(!(mubi4_test_true_strict(init_trig_i)) && !((state_q == In
SCAI_F3_SAFETY_IMPLICATION/9!(!(mubi4_test_true_strict(init_trig_i)) && !((state_q == In
SCAI_F3_SAFETY_IMPLICATION/10!(!(mubi4_test_true_strict(init_trig_i)) && !((state_q == In
SCAI_F3_SAFETY_IMPLICATION/11!(!(mubi4_test_true_strict(init_trig_i)) && !((state_q == In
SCAI_F3_SAFETY_IMPLICATION/12!(!(mubi4_test_true_strict(init_trig_i)) && !((state_q == In
SCAI_F3_SAFETY_IMPLICATION/13!(!(mubi4_test_true_strict(init_trig_i)) && alert_sigint &&
SCAI_F3_SAFETY_IMPLICATION/14!(!alert_level && state_q) || (state_d == Pause0)
SCAI_F3_SAFETY_IMPLICATION/15!(!alert_sigint && state_q) || (send_ping == (ping_rise || p
SCAI_F3_SAFETY_IMPLICATION/16!(!alert_sigint && state_q) || (state_d == Pause0)
SCAI_F3_SAFETY_IMPLICATION/17!(!ping_pending_q && alert_level && state_q) || (alert_o ==
SCAI_F3_SAFETY_IMPLICATION/18!(alert_level && ping_pending_q && state_q) || (ping_ok_o ==
SCAI_F3_SAFETY_IMPLICATION/19!(alert_level && state_q) || (ack_pd == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/20!(alert_level && state_q) || (state_d == HsAckWait)
SCAI_F3_SAFETY_IMPLICATION/21!(mubi4_test_true_strict(init_trig_i) && !((state_q == InitR
SCAI_F3_SAFETY_IMPLICATION/22!(mubi4_test_true_strict(init_trig_i) && !((state_q == InitR
SCAI_F3_SAFETY_IMPLICATION/23!(mubi4_test_true_strict(init_trig_i) && !((state_q == InitR
SCAI_F3_SAFETY_IMPLICATION/24!(mubi4_test_true_strict(init_trig_i) && !((state_q == InitR
SCAI_F3_SAFETY_IMPLICATION/25!(mubi4_test_true_strict(init_trig_i) && !((state_q == InitR
SCAI_F3_SAFETY_IMPLICATION/27!(mubi4_test_true_strict(init_trig_i) && state_q) || (ping_o
SCAI_F3_SAFETY_IMPLICATION/28!rst_ni || (ping_pending_q == ping_pending_d)
SCAI_F3_SAFETY_IMPLICATION/29!rst_ni || (ping_req_q == ping_req_d)
SCAI_F3_SAFETY_IMPLICATION/30!rst_ni || (state_q == state_d)
SCAI_F3_SAFETY_IMPLICATION/31!state_q || (send_init == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/32!state_q || (send_ping == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/33!state_q || (state_d == Pause1)
SCAI_F3_BACKWARD_IMPLICATION/34(alert_o == 1'b0) || ((!ping_pending_q && alert_level && sta
SCAI_F0_XOR_DIFFERENTIAL/35(alert_rx_o_ack_p ^ alert_rx_o_ack_n) || (alert_rx_o_ack_p =
SCAI_F0_XOR_DIFFERENTIAL/36(alert_rx_o_ping_p ^ alert_rx_o_ping_n) || (alert_rx_o_ping_
SCAI_F3_BACKWARD_IMPLICATION/37(ping_ok_o == 1'b0) || ((alert_level && ping_pending_q && st
SCAI_F3_BACKWARD_IMPLICATION/38(ping_ok_o == 1'b0) || ((mubi4_test_true_strict(init_trig_i)
SCAI_F0_VALUE_ENUM/40(state_q == 7'h0) || (state_q == 7'h1) || (state_q == 7'hA)
SCAI_F3_SAFETY_IMPLICATION/41rst_ni || (ping_pending_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/42rst_ni || (ping_req_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/43rst_ni || (state_q == InitReq)
SCAI_F3_SAFETY_IMPLICATION/26!(mubi4_test_true_strict(init_trig_i) && !((state_q == InitR
SCAI_F0_VALUE_ENUM/39(state_d == 7'h0) || (state_d == 7'h1) || (state_d == 7'hA)
TT1_GUARDED_UPDATE/T0(alert_level && state_q) |=> (state_d == HsAckWait)
TT1_GUARDED_UPDATE/T1(!(alert_level) && state_q) |=> (state_d == Pause0)
TT1_GUARDED_UPDATE/T2state_q |=> (state_d == Pause1)
TT1_GUARDED_UPDATE/T3state_q |=> (state_d == Idle)
TT1_GUARDED_UPDATE/T4(!(mubi4_test_true_strict(init_trig_i)) && alert_sigint && state_q) |=
TT1_GUARDED_UPDATE/T5(!(alert_sigint) && state_q) |=> (state_d == Pause0)
TT1_GUARDED_UPDATE/T6(mubi4_test_true_strict(init_trig_i) && !(((state_q == InitReq) || (st
TT1_GUARDED_UPDATE/T7(!(mubi4_test_true_strict(init_trig_i)) && !(((state_q == InitReq) ||
TT2_HOLD_CONDITION/T8!(((alert_level && state_q) || (!(alert_level) && state_q) || state_q
TT1_GUARDED_UPDATE/T9(alert_level && state_q) |=> (ack_pd == 1'b1)
TT1_GUARDED_UPDATE/T10(mubi4_test_true_strict(init_trig_i) && !(((state_q == InitReq) || (st
TT1_GUARDED_UPDATE/T11(!(mubi4_test_true_strict(init_trig_i)) && !(((state_q == InitReq) ||
TT2_HOLD_CONDITION/T12!(((alert_level && state_q) || (alert_level && state_q) || (mubi4_test
TT1_GUARDED_UPDATE/T13(alert_level && ping_pending_q && state_q) |=> (ping_ok_o == 1'b1)
TT1_GUARDED_UPDATE/T14(mubi4_test_true_strict(init_trig_i) && state_q) |=> (ping_ok_o == pin
TT1_GUARDED_UPDATE/T15(mubi4_test_true_strict(init_trig_i) && !(((state_q == InitReq) || (st
TT1_GUARDED_UPDATE/T16(!(mubi4_test_true_strict(init_trig_i)) && !(((state_q == InitReq) ||
TT2_HOLD_CONDITION/T17!(((alert_level && ping_pending_q && state_q) || (mubi4_test_true_stri
TT1_GUARDED_UPDATE/T18(mubi4_test_true_strict(init_trig_i) && !(((state_q == InitReq) || (st
TT1_GUARDED_UPDATE/T19(!(mubi4_test_true_strict(init_trig_i)) && !(((state_q == InitReq) ||
TT2_HOLD_CONDITION/T20!(((mubi4_test_true_strict(init_trig_i) && !(((state_q == InitReq) ||
TT1_GUARDED_UPDATE/T21(!(ping_pending_q) && alert_level && state_q) |=> (alert_o == 1'b1)
TT1_GUARDED_UPDATE/T22(mubi4_test_true_strict(init_trig_i) && !(((state_q == InitReq) || (st
TT1_GUARDED_UPDATE/T23(!(mubi4_test_true_strict(init_trig_i)) && !(((state_q == InitReq) ||
TT2_HOLD_CONDITION/T24!(((!(ping_pending_q) && alert_level && state_q) || (mubi4_test_true_s
TT1_GUARDED_UPDATE/T25state_q |=> (send_init == 1'b1)
TT1_GUARDED_UPDATE/T26(mubi4_test_true_strict(init_trig_i) && !(((state_q == InitReq) || (st
TT2_HOLD_CONDITION/T27!((state_q || (mubi4_test_true_strict(init_trig_i) && !(((state_q == I
TT1_GUARDED_UPDATE/T28state_q |=> (send_ping == 1'b0)
TT1_GUARDED_UPDATE/T29(!(alert_sigint) && state_q) |=> (send_ping == (ping_rise || ping_pend
TT2_HOLD_CONDITION/T30!((state_q || state_q || (!(alert_sigint) && state_q))) |=> $stable(se
TT1_GUARDED_UPDATE/T31!(rst_ni) |=> (state_q == InitReq)
TT1_GUARDED_UPDATE/T32rst_ni |=> (state_q == state_d)
TT2_HOLD_CONDITION/T33!((!(rst_ni) || rst_ni)) |=> $stable(state_q)
TT1_GUARDED_UPDATE/T34!(rst_ni) |=> (ping_req_q == 1'b0)
TT1_GUARDED_UPDATE/T35rst_ni |=> (ping_req_q == ping_req_d)
TT2_HOLD_CONDITION/T36!((!(rst_ni) || rst_ni)) |=> $stable(ping_req_q)
TT1_GUARDED_UPDATE/T37!(rst_ni) |=> (ping_pending_q == 1'b0)
TT1_GUARDED_UPDATE/T38rst_ni |=> (ping_pending_q == ping_pending_d)
TT2_HOLD_CONDITION/T39!((!(rst_ni) || rst_ni)) |=> $stable(ping_pending_q)
TT8_FSM_LIVENESS/T40(state_d != 3'd0) |=> ##[0:20] (state_d == 3'd0)
TT8_FSM_LIVENESS/T41(state_q != 3'd0) |=> ##[0:20] (state_q == 3'd0)
alert_handler_ping_timer 79 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(alert_ping_fail_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(alert_ping_req_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(edn_req_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(esc_ping_fail_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(esc_ping_req_o)
SCAI_F3_SAFETY_IMPLICATION/5!((1'b0 || !id_vld || timer_expired) && state_q && timer_exp
SCAI_F3_SAFETY_IMPLICATION/6!((1'b0 || !id_vld || timer_expired) && state_q) || (state_d
SCAI_F3_SAFETY_IMPLICATION/7!((1'b0 || !id_vld || timer_expired) && state_q) || (wait_cn
SCAI_F3_SAFETY_IMPLICATION/8!((1'b0 || timer_expired) && state_q && timer_expired) || (e
SCAI_F3_SAFETY_IMPLICATION/9!((1'b0 || timer_expired) && state_q) || (esc_cnt_en == 1'b1
SCAI_F3_SAFETY_IMPLICATION/10!((1'b0 || timer_expired) && state_q) || (state_d == AlertWa
SCAI_F3_SAFETY_IMPLICATION/11!((1'b0 || timer_expired) && state_q) || (wait_cnt_set == 1'
SCAI_F3_SAFETY_IMPLICATION/12!(cnt_error || esc_cnt_error || lfsr_err) || (alert_ping_fai
SCAI_F3_SAFETY_IMPLICATION/13!(cnt_error || esc_cnt_error || lfsr_err) || (esc_ping_fail_
SCAI_F3_SAFETY_IMPLICATION/14!(cnt_error || esc_cnt_error || lfsr_err) || (state_d == Fsm
SCAI_F3_SAFETY_IMPLICATION/15!(cnt_set && rst_ni) || (id_to_ping_q == id_to_ping_d)
SCAI_F3_SAFETY_IMPLICATION/16!(en_i && state_q) || (state_d == AlertWaitSt)
SCAI_F3_SAFETY_IMPLICATION/17!(en_i && state_q) || (wait_cnt_set == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/18!(state_q && timer_expired) || (state_d == AlertPingSt)
SCAI_F3_SAFETY_IMPLICATION/19!(state_q && timer_expired) || (timeout_cnt_set == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/20!rst_ni || (reseed_timer_q == reseed_timer_d)
SCAI_F3_SAFETY_IMPLICATION/21!state_q || (alert_ping_en == id_vld)
SCAI_F3_SAFETY_IMPLICATION/22!state_q || (alert_ping_fail_o == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/23!state_q || (esc_ping_en == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/24!state_q || (esc_ping_fail_o == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/25!state_q || (state_d == FsmErrorSt)
SCAI_F3_BACKWARD_IMPLICATION/26(alert_ping_fail_o == 1'b0) || (((1'b0 || !id_vld || timer_e
SCAI_F3_BACKWARD_IMPLICATION/27(alert_ping_fail_o == 1'b0) || ((cnt_error || esc_cnt_error
SCAI_F3_BACKWARD_IMPLICATION/28(alert_ping_fail_o == 1'b0) || (state_q)
SCAI_F3_BACKWARD_IMPLICATION/29(esc_ping_fail_o == 1'b0) || (((1'b0 || timer_expired) && st
SCAI_F3_BACKWARD_IMPLICATION/30(esc_ping_fail_o == 1'b0) || ((cnt_error || esc_cnt_error ||
SCAI_F3_BACKWARD_IMPLICATION/31(esc_ping_fail_o == 1'b0) || (state_q)
SCAI_F0_VALUE_ENUM/33(state_q == 9'hCB) || (state_q == 9'h180) || (state_q == 9'h
SCAI_F0_PARAM_CONSTRAINT/341'b1
SCAI_F3_SAFETY_IMPLICATION/35alert_ping_req_o == (alert_ping_en << id_to_ping_q)
SCAI_F3_OUTPUT_EQUIVALENCE/36alert_ping_req_o == (alert_ping_en << id_to_ping_q)
SCAI_F3_SAFETY_IMPLICATION/37edn_req_o == (reseed_timer_q == 19'h0)
SCAI_F5_COUNTER_BOUND/38esc_cnt_clr <= 1'b1
SCAI_F3_SAFETY_IMPLICATION/39esc_ping_req_o == (esc_ping_en << esc_cnt)
SCAI_F3_OUTPUT_EQUIVALENCE/40esc_ping_req_o == (esc_ping_en << esc_cnt)
SCAI_F5_COUNTER_BOUND/41reseed_timer_d <= 19'h7FFFF
SCAI_F5_COUNTER_BOUND/42reseed_timer_q <= 19'h7FFFF
SCAI_F3_SAFETY_IMPLICATION/43rst_ni || (id_to_ping_q == 7'h0)
SCAI_F3_SAFETY_IMPLICATION/44rst_ni || (reseed_timer_q == 19'h0)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (reseed_timer_q == 19'd0)
TT1_GUARDED_UPDATE/T1rst_ni |=> (reseed_timer_q == reseed_timer_d)
TT2_HOLD_CONDITION/T2!((!(rst_ni) || rst_ni)) |=> $stable(reseed_timer_q)
TT3_ARITHMETIC_UPDATE/T3!(rst_ni) |=> (reseed_timer_q == $past(reseed_timer_q) - 1)
TT1_GUARDED_UPDATE/T4!(rst_ni) |=> (id_to_ping_q == 7'b0)
TT1_GUARDED_UPDATE/T5(cnt_set && rst_ni) |=> (id_to_ping_q == id_to_ping_d)
TT2_HOLD_CONDITION/T6!((!(rst_ni) || (cnt_set && rst_ni))) |=> $stable(id_to_ping_q)
TT1_GUARDED_UPDATE/T7(en_i && state_q) |=> (state_d == AlertWaitSt)
TT1_GUARDED_UPDATE/T8(state_q && timer_expired) |=> (state_d == AlertPingSt)
TT1_GUARDED_UPDATE/T9((1'b0 || !(id_vld) || timer_expired) && state_q) |=> (state_d == EscW
TT1_GUARDED_UPDATE/T10(state_q && timer_expired) |=> (state_d == EscPingSt)
TT1_GUARDED_UPDATE/T11((1'b0 || timer_expired) && state_q) |=> (state_d == AlertWaitSt)
TT1_GUARDED_UPDATE/T12state_q |=> (state_d == FsmErrorSt)
TT1_GUARDED_UPDATE/T13(cnt_error || esc_cnt_error || lfsr_err) |=> (state_d == FsmErrorSt)
TT2_HOLD_CONDITION/T14!(((en_i && state_q) || (state_q && timer_expired) || ((1'b0 || !(id_v
TT1_GUARDED_UPDATE/T15(en_i && state_q) |=> (wait_cnt_set == 1'b1)
TT1_GUARDED_UPDATE/T16((1'b0 || !(id_vld) || timer_expired) && state_q) |=> (wait_cnt_set ==
TT1_GUARDED_UPDATE/T17((1'b0 || timer_expired) && state_q) |=> (wait_cnt_set == 1'b1)
TT2_HOLD_CONDITION/T18!(((en_i && state_q) || ((1'b0 || !(id_vld) || timer_expired) && state
TT1_GUARDED_UPDATE/T19(state_q && timer_expired) |=> (timeout_cnt_set == 1'b1)
TT2_HOLD_CONDITION/T20!(((state_q && timer_expired) || (state_q && timer_expired))) |=> $sta
TT1_GUARDED_UPDATE/T21((1'b0 || timer_expired) && state_q) |=> (esc_cnt_en == 1'b1)
TT2_HOLD_CONDITION/T22!(((1'b0 || timer_expired) && state_q)) |=> $stable(esc_cnt_en)
TT1_GUARDED_UPDATE/T23state_q |=> (alert_ping_en == id_vld)
TT2_HOLD_CONDITION/T24!(state_q) |=> $stable(alert_ping_en)
TT1_GUARDED_UPDATE/T25state_q |=> (esc_ping_en == 1'b1)
TT2_HOLD_CONDITION/T26!(state_q) |=> $stable(esc_ping_en)
TT1_GUARDED_UPDATE/T27((1'b0 || !(id_vld) || timer_expired) && state_q && timer_expired) |=>
TT1_GUARDED_UPDATE/T28state_q |=> (alert_ping_fail_o == 1'b1)
TT1_GUARDED_UPDATE/T29(cnt_error || esc_cnt_error || lfsr_err) |=> (alert_ping_fail_o == 1'b
TT2_HOLD_CONDITION/T30!((((1'b0 || !(id_vld) || timer_expired) && state_q && timer_expired)
TT1_GUARDED_UPDATE/T31((1'b0 || timer_expired) && state_q && timer_expired) |=> (esc_ping_fa
TT1_GUARDED_UPDATE/T32state_q |=> (esc_ping_fail_o == 1'b1)
TT1_GUARDED_UPDATE/T33(cnt_error || esc_cnt_error || lfsr_err) |=> (esc_ping_fail_o == 1'b1)
TT2_HOLD_CONDITION/T34!((((1'b0 || timer_expired) && state_q && timer_expired) || state_q ||
tlul_lc_gate 79 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(flush_ack_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(resp_pending_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(tl_d2h_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(tl_d2h_o_a_ready)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(tl_d2h_o_d_data)
SCAI_F0_ASSERT_KNOWN/6!$isunknown(tl_d2h_o_d_error)
SCAI_F0_ASSERT_KNOWN/7!$isunknown(tl_d2h_o_d_opcode)
SCAI_F0_ASSERT_KNOWN/8!$isunknown(tl_d2h_o_d_param)
SCAI_F0_ASSERT_KNOWN/9!$isunknown(tl_d2h_o_d_sink)
SCAI_F0_ASSERT_KNOWN/10!$isunknown(tl_d2h_o_d_size)
SCAI_F0_ASSERT_KNOWN/11!$isunknown(tl_d2h_o_d_source)
SCAI_F0_ASSERT_KNOWN/12!$isunknown(tl_d2h_o_d_user)
SCAI_F0_ASSERT_KNOWN/13!$isunknown(tl_d2h_o_d_valid)
SCAI_F0_ASSERT_KNOWN/14!$isunknown(tl_h2d_o)
SCAI_F0_ASSERT_KNOWN/15!$isunknown(tl_h2d_o_a_address)
SCAI_F0_ASSERT_KNOWN/16!$isunknown(tl_h2d_o_a_data)
SCAI_F0_ASSERT_KNOWN/17!$isunknown(tl_h2d_o_a_mask)
SCAI_F0_ASSERT_KNOWN/18!$isunknown(tl_h2d_o_a_opcode)
SCAI_F0_ASSERT_KNOWN/19!$isunknown(tl_h2d_o_a_param)
SCAI_F0_ASSERT_KNOWN/20!$isunknown(tl_h2d_o_a_size)
SCAI_F0_ASSERT_KNOWN/21!$isunknown(tl_h2d_o_a_source)
SCAI_F0_ASSERT_KNOWN/22!$isunknown(tl_h2d_o_a_user)
SCAI_F0_ASSERT_KNOWN/23!$isunknown(tl_h2d_o_a_valid)
SCAI_F0_ASSERT_KNOWN/24!$isunknown(tl_h2d_o_d_ready)
SCAI_F3_SAFETY_IMPLICATION/25!(!(lc_tx_test_false_loose(lc_en_i)) && !flush_req_i && stat
SCAI_F3_SAFETY_IMPLICATION/26!(!(outstanding_txn == 2'h2) && state_q) || (resp_pending_o
SCAI_F3_SAFETY_IMPLICATION/27!((lc_tx_test_false_loose(lc_en_i) || flush_req_i) && state_
SCAI_F3_SAFETY_IMPLICATION/28!((outstanding_txn != 2'h2) && state_q) || (resp_pending_o =
SCAI_F3_SAFETY_IMPLICATION/29!((outstanding_txn == 2'h2) && state_q) || (state_d == (lc_t
SCAI_F3_SAFETY_IMPLICATION/30!(lc_tx_test_false_loose(lc_en_i) && state_q) || (state_d ==
SCAI_F3_SAFETY_IMPLICATION/31!(lc_tx_test_true_loose(err_en)) || (tl_d2h_o == tl_d2h_erro
SCAI_F3_SAFETY_IMPLICATION/33!(lc_tx_test_true_strict(lc_en_i) && state_q) || (state_d ==
SCAI_F5_COUNTER_BOUND/37!d_ack || (outstanding_txn != 2'h3)
SCAI_F3_SAFETY_IMPLICATION/38!state_q || (block_cmd == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/40!state_q || (err_o == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/41!state_q || (flush_ack_o == 1'b1)
SCAI_F3_BACKWARD_IMPLICATION/42(err_o == 1'b0) || (state_q)
SCAI_F3_BACKWARD_IMPLICATION/43(flush_ack_o == 1'b0) || (state_q)
SCAI_F3_BACKWARD_IMPLICATION/44(resp_pending_o == 1'b0) || ((!(outstanding_txn == 2'h2) &&
SCAI_F3_BACKWARD_IMPLICATION/45(resp_pending_o == 1'b0) || (((outstanding_txn != 2'h2) && s
SCAI_F0_VALUE_ENUM/47(state_q == 9'h121) || (state_q == 9'hE7) || (state_q == 9'h
SCAI_F3_BACKWARD_IMPLICATION/48(tl_d2h_o == 66'h0) || (lc_tx_test_true_loose(err_en))
SCAI_F0_PARAM_CONSTRAINT/491'b1
SCAI_F0_PARAM_CONSTRAINT/501'b1
SCAI_F5_COUNTER_BOUND/51outstanding_txn <= 2'h3
SCAI_F5_COUNTER_BOUND/52outstanding_txn <= 2'h3
SCAI_F3_SAFETY_IMPLICATION/53rst_ni || (outstanding_txn == 2'h0)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (outstanding_txn == 2'b0)
TT2_HOLD_CONDITION/T1!((!(rst_ni) || (!(d_ack) && a_ack && rst_ni) || (!((!(d_ack) && a_ack
TT3_ARITHMETIC_UPDATE/T2(!(d_ack) && a_ack && rst_ni) |=> (outstanding_txn == $past(outstandin
TT1_GUARDED_UPDATE/T3state_q |=> (block_cmd == 1'b1)
TT2_HOLD_CONDITION/T4!((state_q || state_q || state_q)) |=> $stable(block_cmd)
TT1_GUARDED_UPDATE/T5((lc_tx_test_false_loose(lc_en_i) || flush_req_i) && state_q) |=> (sta
TT1_GUARDED_UPDATE/T6((outstanding_txn == 2) && state_q) |=> (state_d == (lc_tx_test_false_
TT1_GUARDED_UPDATE/T7(lc_tx_test_false_loose(lc_en_i) && state_q) |=> (state_d == StError)
TT1_GUARDED_UPDATE/T8(!(lc_tx_test_false_loose(lc_en_i)) && !(flush_req_i) && state_q) |=>
TT1_GUARDED_UPDATE/T9(lc_tx_test_true_strict(lc_en_i) && state_q) |=> (state_d == StErrorOu
TT1_GUARDED_UPDATE/T10((outstanding_txn == 2) && state_q) |=> (state_d == StActive)
TT2_HOLD_CONDITION/T11!((((lc_tx_test_false_loose(lc_en_i) || flush_req_i) && state_q) || ((
TT1_GUARDED_UPDATE/T12state_q |=> (err_en == On)
TT2_HOLD_CONDITION/T13!((state_q || state_q || state_q)) |=> $stable(err_en)
TT1_GUARDED_UPDATE/T14state_q |=> (err_o == 1'b1)
TT2_HOLD_CONDITION/T15!(state_q) |=> $stable(err_o)
TT1_GUARDED_UPDATE/T16state_q |=> (flush_ack_o == 1'b1)
TT2_HOLD_CONDITION/T17!(state_q) |=> $stable(flush_ack_o)
TT1_GUARDED_UPDATE/T18((outstanding_txn != 2) && state_q) |=> (resp_pending_o == 1'b1)
TT1_GUARDED_UPDATE/T19(!((outstanding_txn == 2)) && state_q) |=> (resp_pending_o == 1'b1)
TT2_HOLD_CONDITION/T20!((((outstanding_txn != 2) && state_q) || (!((outstanding_txn == 2)) &
TT1_GUARDED_UPDATE/T21lc_tx_test_true_loose(err_en) |=> (tl_d2h_o == tl_d2h_error)
TT2_HOLD_CONDITION/T22!(lc_tx_test_true_loose(err_en)) |=> $stable(tl_d2h_o)
TT1_GUARDED_UPDATE/T23lc_tx_test_true_loose(err_en) |=> (tl_h2d_error == tl_h2d_i)
TT2_HOLD_CONDITION/T24!(lc_tx_test_true_loose(err_en)) |=> $stable(tl_h2d_error)
TT1_GUARDED_UPDATE/T25block_cmd |=> (tl_d2h_o.a_ready == 1'b0)
TT2_HOLD_CONDITION/T26!(block_cmd) |=> $stable(tl_d2h_o.a_ready)
TT1_GUARDED_UPDATE/T27block_cmd |=> (tl_h2d_int.a_valid == 1'b0)
TT2_HOLD_CONDITION/T28!(block_cmd) |=> $stable(tl_h2d_int.a_valid)
TT1_GUARDED_UPDATE/T29block_cmd |=> (tl_h2d_error.a_valid == 1'b0)
TT2_HOLD_CONDITION/T30!(block_cmd) |=> $stable(tl_h2d_error.a_valid)
prim_esc_sender 73 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(esc_tx_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(esc_tx_o_esc_n)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(esc_tx_o_esc_p)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(integ_fail_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(ping_ok_o)
SCAI_F3_SAFETY_IMPLICATION/5!(!esc_req_i && !ping_req_q && ping_req_d && state_q) || (st
SCAI_F3_SAFETY_IMPLICATION/6!(!esc_req_i && !resp && state_q) || (integ_fail_o == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/7!(!esc_req_i && !resp && state_q) || (ping_ok_o == ping_req_
SCAI_F3_SAFETY_IMPLICATION/8!(!esc_req_i && !resp && state_q) || (state_d == Idle)
SCAI_F3_SAFETY_IMPLICATION/9!(!esc_req_i && resp && state_q) || (integ_fail_o == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/10!(!esc_req_i && resp && state_q) || (state_d == Idle)
SCAI_F3_SAFETY_IMPLICATION/15!((esc_req_i || esc_req_q || esc_req_q1) && ping_req_i) || (
SCAI_F3_SAFETY_IMPLICATION/16!(esc_req_i && state_q) || (state_d == CheckEscRespHi)
SCAI_F3_SAFETY_IMPLICATION/17!(resp && state_q) || (integ_fail_o == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/18!rst_ni || (esc_req_q == esc_req_d)
SCAI_F3_SAFETY_IMPLICATION/19!rst_ni || (esc_req_q1 == esc_req_q)
SCAI_F3_SAFETY_IMPLICATION/20!rst_ni || (ping_req_q == ping_req_d)
SCAI_F3_SAFETY_IMPLICATION/21!rst_ni || (state_q == state_d)
SCAI_F3_SAFETY_IMPLICATION/22!sigint_detected || (ping_ok_o == 1'b0)
SCAI_F3_ENABLE_GATE/23!sigint_detected || (ping_ok_o == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/24!sigint_detected || (state_d == Idle)
SCAI_F3_SAFETY_IMPLICATION/25!state_q || (state_d == CheckEscRespHi)
SCAI_F0_XOR_DIFFERENTIAL/26(esc_tx_o_esc_p ^ esc_tx_o_esc_n) || (esc_tx_o_esc_p == esc_
SCAI_F3_BACKWARD_IMPLICATION/27(integ_fail_o == 1'b0) || ((!esc_req_i && !resp && state_q))
SCAI_F3_BACKWARD_IMPLICATION/28(integ_fail_o == 1'b0) || ((!esc_req_i && resp && state_q))
SCAI_F3_BACKWARD_IMPLICATION/31(integ_fail_o == 1'b0) || ((resp && state_q))
SCAI_F3_BACKWARD_IMPLICATION/32(ping_ok_o == 1'b0) || ((!esc_req_i && !resp && state_q))
SCAI_F3_BACKWARD_IMPLICATION/33(ping_ok_o == 1'b0) || (((esc_req_i || esc_req_q || esc_req_
SCAI_F0_VALUE_ENUM/35(state_q == 7'h0) || (state_q == 7'h1) || (state_q == 7'hA)
SCAI_F3_SAFETY_IMPLICATION/36rst_ni || (esc_req_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/37rst_ni || (esc_req_q1 == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/38rst_ni || (ping_req_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/39rst_ni || (state_q == Idle)
SCAI_F0_VALUE_ENUM/34(state_d == 7'h0) || (state_d == 7'h1) || (state_d == 7'hA)
TT1_GUARDED_UPDATE/T0(esc_req_i && state_q) |=> (state_d == CheckEscRespHi)
TT1_GUARDED_UPDATE/T1(!(esc_req_i) && !(ping_req_q) && ping_req_d && state_q) |=> (state_d
TT1_GUARDED_UPDATE/T2state_q |=> (state_d == CheckEscRespHi)
TT1_GUARDED_UPDATE/T3((!(esc_tx_o.esc_p) || resp) && state_q) |=> (state_d == Idle)
TT1_GUARDED_UPDATE/T4state_q |=> (state_d == CheckEscRespLo)
TT1_GUARDED_UPDATE/T5((!(esc_tx_o.esc_p) || !(resp)) && state_q) |=> (state_d == Idle)
TT1_GUARDED_UPDATE/T6state_q |=> (state_d == CheckPingResp1)
TT1_GUARDED_UPDATE/T7(esc_req_i && state_q) |=> (state_d == CheckEscRespLo)
TT1_GUARDED_UPDATE/T8(!(esc_req_i) && !(resp) && state_q) |=> (state_d == Idle)
TT1_GUARDED_UPDATE/T9state_q |=> (state_d == CheckPingResp2)
TT1_GUARDED_UPDATE/T10(!(esc_req_i) && resp && state_q) |=> (state_d == Idle)
TT1_GUARDED_UPDATE/T11state_q |=> (state_d == CheckPingResp3)
TT1_GUARDED_UPDATE/T12state_q |=> (state_d == Idle)
TT1_GUARDED_UPDATE/T13sigint_detected |=> (state_d == Idle)
TT2_HOLD_CONDITION/T14!(((esc_req_i && state_q) || (!(esc_req_i) && !(ping_req_q) && ping_re
TT1_GUARDED_UPDATE/T15(!(esc_req_i) && !(resp) && state_q) |=> (ping_ok_o == ping_req_i)
TT1_GUARDED_UPDATE/T16sigint_detected |=> (ping_ok_o == 1'b0)
TT1_GUARDED_UPDATE/T17((esc_req_i || esc_req_q || esc_req_q1) && ping_req_i) |=> (ping_ok_o
TT2_HOLD_CONDITION/T18!(((!(esc_req_i) && !(resp) && state_q) || sigint_detected || ((esc_re
TT1_GUARDED_UPDATE/T19(resp && state_q) |=> (integ_fail_o == 1'b1)
TT1_GUARDED_UPDATE/T20((!(esc_tx_o.esc_p) || resp) && state_q) |=> (integ_fail_o == (sigint_
TT1_GUARDED_UPDATE/T21((!(esc_tx_o.esc_p) || !(resp)) && state_q) |=> (integ_fail_o == (sigi
TT1_GUARDED_UPDATE/T22(!(esc_req_i) && !(resp) && state_q) |=> (integ_fail_o == 1'b1)
TT1_GUARDED_UPDATE/T23(!(esc_req_i) && resp && state_q) |=> (integ_fail_o == 1'b1)
TT2_HOLD_CONDITION/T24!(((resp && state_q) || ((!(esc_tx_o.esc_p) || resp) && state_q) || ((
TT1_GUARDED_UPDATE/T25!(rst_ni) |=> (state_q == Idle)
TT1_GUARDED_UPDATE/T26rst_ni |=> (state_q == state_d)
TT2_HOLD_CONDITION/T27!((!(rst_ni) || rst_ni)) |=> $stable(state_q)
TT1_GUARDED_UPDATE/T28!(rst_ni) |=> (esc_req_q == 1'b0)
TT1_GUARDED_UPDATE/T29rst_ni |=> (esc_req_q == esc_req_d)
TT2_HOLD_CONDITION/T30!((!(rst_ni) || rst_ni)) |=> $stable(esc_req_q)
TT1_GUARDED_UPDATE/T31!(rst_ni) |=> (esc_req_q1 == 1'b0)
TT1_GUARDED_UPDATE/T32rst_ni |=> (esc_req_q1 == esc_req_q)
TT2_HOLD_CONDITION/T33!((!(rst_ni) || rst_ni)) |=> $stable(esc_req_q1)
TT1_GUARDED_UPDATE/T34!(rst_ni) |=> (ping_req_q == 1'b0)
TT1_GUARDED_UPDATE/T35rst_ni |=> (ping_req_q == ping_req_d)
TT2_HOLD_CONDITION/T36!((!(rst_ni) || rst_ni)) |=> $stable(ping_req_q)
TT8_FSM_LIVENESS/T37(state_d != 3'd0) |=> ##[0:40] (state_d == 3'd0)
TT8_FSM_LIVENESS/T38(state_q != 3'd0) |=> ##[0:20] (state_q == 3'd0)
tlul_adapter_sram 71 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(addr_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(compound_txn_in_progress_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(intg_error_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(readback_error_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(req_o)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(req_type_o)
SCAI_F0_ASSERT_KNOWN/6!$isunknown(tl_o)
SCAI_F0_ASSERT_KNOWN/7!$isunknown(tl_o_a_ready)
SCAI_F0_ASSERT_KNOWN/8!$isunknown(tl_o_d_data)
SCAI_F0_ASSERT_KNOWN/9!$isunknown(tl_o_d_error)
SCAI_F0_ASSERT_KNOWN/10!$isunknown(tl_o_d_opcode)
SCAI_F0_ASSERT_KNOWN/11!$isunknown(tl_o_d_param)
SCAI_F0_ASSERT_KNOWN/12!$isunknown(tl_o_d_sink)
SCAI_F0_ASSERT_KNOWN/13!$isunknown(tl_o_d_size)
SCAI_F0_ASSERT_KNOWN/14!$isunknown(tl_o_d_source)
SCAI_F0_ASSERT_KNOWN/15!$isunknown(tl_o_d_user)
SCAI_F0_ASSERT_KNOWN/16!$isunknown(tl_o_d_valid)
SCAI_F0_ASSERT_KNOWN/17!$isunknown(user_rsvd_o)
SCAI_F0_ASSERT_KNOWN/18!$isunknown(wdata_o)
SCAI_F0_ASSERT_KNOWN/19!$isunknown(we_o)
SCAI_F0_ASSERT_KNOWN/20!$isunknown(wmask_o)
SCAI_F3_SAFETY_IMPLICATION/24!((intg_error || reqfifo_error || rsp_fifo_error || sramreqf
SCAI_F3_SAFETY_IMPLICATION/27!rst_ni || (missed_err_gnt_q == missed_err_gnt_d)
SCAI_F0_PARAM_CONSTRAINT/321'b1
SCAI_F0_PARAM_CONSTRAINT/331'b1
SCAI_F0_PARAM_CONSTRAINT/341'b1
SCAI_F0_PARAM_CONSTRAINT/351'b1
SCAI_F0_PARAM_CONSTRAINT/361'b1
SCAI_F0_PARAM_CONSTRAINT/371'b1
SCAI_F0_PARAM_CONSTRAINT/381'b1
SCAI_F0_PARAM_CONSTRAINT/391'b1
SCAI_F0_PARAM_CONSTRAINT/401'b1
SCAI_F0_PARAM_CONSTRAINT/411'b1
SCAI_F0_PARAM_CONSTRAINT/421'b1
SCAI_F0_PARAM_CONSTRAINT/431'b1
SCAI_F0_PARAM_CONSTRAINT/441'b1
SCAI_F0_PARAM_CONSTRAINT/451'b1
SCAI_F0_PARAM_CONSTRAINT/461'b1
SCAI_F3_SAFETY_IMPLICATION/49intg_error_o == ((((intg_error | rsp_fifo_error) | sramreqfi
SCAI_F3_OUTPUT_EQUIVALENCE/50intg_error_o == ((((intg_error | rsp_fifo_error) | sramreqfi
SCAI_F3_SAFETY_IMPLICATION/51readback_error_o == (readback_error | readback_error_q)
SCAI_F3_OUTPUT_EQUIVALENCE/52readback_error_o == (readback_error | readback_error_q)
SCAI_F3_SAFETY_IMPLICATION/56reqfifo_rvalid || (d_error == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/57reqfifo_rvalid || (d_valid == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/58rst_ni || (intg_error_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/59rst_ni || (missed_err_gnt_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/62wdata_o == wdata_combined
SCAI_F3_SAFETY_IMPLICATION/63wmask_o == wmask_combined
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (intg_error_q == 1'b0)
TT1_GUARDED_UPDATE/T1((intg_error || reqfifo_error || rsp_fifo_error || sramreqfifo_error)
TT2_HOLD_CONDITION/T2!((!(rst_ni) || ((intg_error || reqfifo_error || rsp_fifo_error || sra
TT1_GUARDED_UPDATE/T3(reqfifo_rdata.error && reqfifo_rvalid) |=> (d_valid == 1'b1)
TT1_GUARDED_UPDATE/T4(!(reqfifo_rdata.error) && reqfifo_rdata.is_read && reqfifo_rvalid) |=
TT1_GUARDED_UPDATE/T5(!(reqfifo_rdata.error) && !(reqfifo_rdata.is_read) && reqfifo_rvalid)
TT1_GUARDED_UPDATE/T6!(reqfifo_rvalid) |=> (d_valid == 1'b0)
TT2_HOLD_CONDITION/T7!(((reqfifo_rdata.error && reqfifo_rvalid) || (!(reqfifo_rdata.error)
TT1_GUARDED_UPDATE/T8(reqfifo_rdata.is_read && reqfifo_rvalid) |=> (d_error == (rspfifo_rda
TT1_GUARDED_UPDATE/T9(!(reqfifo_rdata.is_read) && reqfifo_rvalid) |=> (d_error == reqfifo_r
TT1_GUARDED_UPDATE/T10!(reqfifo_rvalid) |=> (d_error == 1'b0)
TT2_HOLD_CONDITION/T11!(((reqfifo_rdata.is_read && reqfifo_rvalid) || (!(reqfifo_rdata.is_re
TT1_GUARDED_UPDATE/T12!(rst_ni) |=> (missed_err_gnt_q == 1'b0)
TT1_GUARDED_UPDATE/T13rst_ni |=> (missed_err_gnt_q == missed_err_gnt_d)
TT2_HOLD_CONDITION/T14!((!(rst_ni) || rst_ni)) |=> $stable(missed_err_gnt_q)
TT1_GUARDED_UPDATE/T15tl_i_int.a_valid |=> (wmask_int == {8{{tl_i_int.a_mask[i]}}})
TT2_HOLD_CONDITION/T16!(tl_i_int.a_valid) |=> $stable(wmask_int)
TT1_GUARDED_UPDATE/T17tl_i_int.a_valid |=> (wdata_int == ((tl_i_int.a_mask[i] && we_o) ? tl_
TT2_HOLD_CONDITION/T18!(tl_i_int.a_valid) |=> $stable(wdata_int)
TT1_GUARDED_UPDATE/T19tl_i_int.a_valid |=> (wmask_intg == {DataIntgWidth{{1'b1}}})
TT2_HOLD_CONDITION/T20!(tl_i_int.a_valid) |=> $stable(wmask_intg)
TT1_GUARDED_UPDATE/T21tl_i_int.a_valid |=> (wdata_intg == tl_i_int.a_user.data_intg)
TT2_HOLD_CONDITION/T22!(tl_i_int.a_valid) |=> $stable(wdata_intg)
prim_alert_sender 68 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(alert_ack_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(alert_state_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(alert_tx_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(alert_tx_o_alert_n)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(alert_tx_o_alert_p)
SCAI_F3_SAFETY_IMPLICATION/5!(!ack_level && state_q) || (alert_clr == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/6!(!ack_level && state_q) || (alert_nd == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/7!(!ack_level && state_q) || (alert_pd == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/8!(!ack_level && state_q) || (ping_clr == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/9!(!ack_level && state_q) || (state_d == Pause0)
SCAI_F3_SAFETY_IMPLICATION/10!((alert_trigger || ping_trigger) && state_q) || (alert_nd =
SCAI_F3_SAFETY_IMPLICATION/11!((alert_trigger || ping_trigger) && state_q) || (alert_pd =
SCAI_F3_SAFETY_IMPLICATION/12!((alert_trigger || ping_trigger) && state_q) || (state_d ==
SCAI_F3_SAFETY_IMPLICATION/13!(ack_level && state_q) || (state_d == AlertHsPhase2)
SCAI_F3_SAFETY_IMPLICATION/14!rst_ni || (alert_set_q == alert_set_d)
SCAI_F3_SAFETY_IMPLICATION/15!rst_ni || (alert_test_set_q == alert_test_set_d)
SCAI_F3_SAFETY_IMPLICATION/16!rst_ni || (ping_set_q == ping_set_d)
SCAI_F3_SAFETY_IMPLICATION/17!rst_ni || (state_q == state_d)
SCAI_F3_SAFETY_IMPLICATION/18!sigint_detected || (alert_clr == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/19!sigint_detected || (alert_nd == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/20!sigint_detected || (alert_pd == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/21!sigint_detected || (ping_clr == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/22!sigint_detected || (state_d == Idle)
SCAI_F3_SAFETY_IMPLICATION/23!state_q || (state_d == Pause1)
SCAI_F0_XOR_DIFFERENTIAL/24(alert_tx_o_alert_p ^ alert_tx_o_alert_n) || (alert_tx_o_ale
SCAI_F0_VALUE_ENUM/26(state_q == 7'h0) || (state_q == 7'h1) || (state_q == 7'hA)
SCAI_F3_SAFETY_IMPLICATION/27alert_ack_o == (alert_clr & alert_set_q)
SCAI_F3_OUTPUT_EQUIVALENCE/28alert_ack_o == (alert_clr & alert_set_q)
SCAI_F3_SAFETY_IMPLICATION/29alert_state_o == alert_set_q
SCAI_F3_SAFETY_IMPLICATION/30rst_ni || (alert_set_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/31rst_ni || (alert_test_set_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/32rst_ni || (ping_set_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/33rst_ni || (state_q == Idle)
SCAI_F0_VALUE_ENUM/25(state_d == 7'h0) || (state_d == 7'h1) || (state_d == 7'hA)
TT1_GUARDED_UPDATE/T0((alert_trigger || ping_trigger) && state_q) |=> (state_d == (alert_tr
TT1_GUARDED_UPDATE/T1(ack_level && state_q) |=> (state_d == AlertHsPhase2)
TT1_GUARDED_UPDATE/T2(!(ack_level) && state_q) |=> (state_d == Pause0)
TT1_GUARDED_UPDATE/T3(ack_level && state_q) |=> (state_d == PingHsPhase2)
TT1_GUARDED_UPDATE/T4state_q |=> (state_d == Pause1)
TT1_GUARDED_UPDATE/T5state_q |=> (state_d == Idle)
TT1_GUARDED_UPDATE/T6sigint_detected |=> (state_d == Idle)
TT2_HOLD_CONDITION/T7!((((alert_trigger || ping_trigger) && state_q) || (ack_level && state
TT1_GUARDED_UPDATE/T8((alert_trigger || ping_trigger) && state_q) |=> (alert_pd == 1'b1)
TT1_GUARDED_UPDATE/T9(!(ack_level) && state_q) |=> (alert_pd == 1'b1)
TT1_GUARDED_UPDATE/T10sigint_detected |=> (alert_pd == 1'b0)
TT2_HOLD_CONDITION/T11!((((alert_trigger || ping_trigger) && state_q) || (!(ack_level) && st
TT1_GUARDED_UPDATE/T12((alert_trigger || ping_trigger) && state_q) |=> (alert_nd == 1'b0)
TT1_GUARDED_UPDATE/T13(!(ack_level) && state_q) |=> (alert_nd == 1'b0)
TT1_GUARDED_UPDATE/T14sigint_detected |=> (alert_nd == 1'b0)
TT2_HOLD_CONDITION/T15!((((alert_trigger || ping_trigger) && state_q) || (!(ack_level) && st
TT1_GUARDED_UPDATE/T16(!(ack_level) && state_q) |=> (ping_clr == 1'b1)
TT1_GUARDED_UPDATE/T17sigint_detected |=> (ping_clr == 1'b1)
TT2_HOLD_CONDITION/T18!(((!(ack_level) && state_q) || sigint_detected)) |=> $stable(ping_clr
TT1_GUARDED_UPDATE/T19(!(ack_level) && state_q) |=> (alert_clr == 1'b1)
TT1_GUARDED_UPDATE/T20sigint_detected |=> (alert_clr == 1'b0)
TT2_HOLD_CONDITION/T21!(((!(ack_level) && state_q) || sigint_detected)) |=> $stable(alert_cl
TT1_GUARDED_UPDATE/T22!(rst_ni) |=> (state_q == Idle)
TT1_GUARDED_UPDATE/T23rst_ni |=> (state_q == state_d)
TT2_HOLD_CONDITION/T24!((!(rst_ni) || rst_ni)) |=> $stable(state_q)
TT1_GUARDED_UPDATE/T25!(rst_ni) |=> (alert_set_q == 1'b0)
TT1_GUARDED_UPDATE/T26rst_ni |=> (alert_set_q == alert_set_d)
TT2_HOLD_CONDITION/T27!((!(rst_ni) || rst_ni)) |=> $stable(alert_set_q)
TT1_GUARDED_UPDATE/T28!(rst_ni) |=> (alert_test_set_q == 1'b0)
TT1_GUARDED_UPDATE/T29rst_ni |=> (alert_test_set_q == alert_test_set_d)
TT2_HOLD_CONDITION/T30!((!(rst_ni) || rst_ni)) |=> $stable(alert_test_set_q)
TT1_GUARDED_UPDATE/T31!(rst_ni) |=> (ping_set_q == 1'b0)
TT1_GUARDED_UPDATE/T32rst_ni |=> (ping_set_q == ping_set_d)
TT2_HOLD_CONDITION/T33!((!(rst_ni) || rst_ni)) |=> $stable(ping_set_q)
prim_esc_receiver 61 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(esc_req_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(esc_rx_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(esc_rx_o_resp_n)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(esc_rx_o_resp_p)
SCAI_F3_SAFETY_IMPLICATION/4!((state_q != SigInt) && sigint_detected) || (resp_nd == 1'b
SCAI_F3_SAFETY_IMPLICATION/5!((state_q != SigInt) && sigint_detected) || (resp_pd == 1'b
SCAI_F3_SAFETY_IMPLICATION/6!((state_q != SigInt) && sigint_detected) || (state_d == Sig
SCAI_F3_SAFETY_IMPLICATION/7!(esc_level && state_q) || (esc_req == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/8!(esc_level && state_q) || (resp_nd == resp_pq)
SCAI_F3_SAFETY_IMPLICATION/9!(esc_level && state_q) || (resp_pd == ~(resp_pq))
SCAI_F3_SAFETY_IMPLICATION/10!(esc_level && state_q) || (state_d == Check)
SCAI_F3_SAFETY_IMPLICATION/11!(sigint_detected && state_q) || (resp_nd == ~(resp_pq))
SCAI_F3_SAFETY_IMPLICATION/12!(sigint_detected && state_q) || (resp_pd == ~(resp_pq))
SCAI_F3_SAFETY_IMPLICATION/13!(sigint_detected && state_q) || (state_d == SigInt)
SCAI_F3_SAFETY_IMPLICATION/14!rst_ni || (esc_req_q == esc_req_d)
SCAI_F3_SAFETY_IMPLICATION/15!rst_ni || (state_q == state_d)
SCAI_F3_SAFETY_IMPLICATION/16!state_q || (esc_req == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/17!state_q || (ping_en == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/18!state_q || (resp_nd == resp_pq)
SCAI_F3_SAFETY_IMPLICATION/19!state_q || (resp_pd == ~(resp_pq))
SCAI_F3_SAFETY_IMPLICATION/20!state_q || (state_d == PingResp)
SCAI_F0_XOR_DIFFERENTIAL/21(esc_rx_o_resp_p ^ esc_rx_o_resp_n) || (esc_rx_o_resp_p == e
SCAI_F0_VALUE_ENUM/23(state_q == 7'h0) || (state_q == 7'h1) || (state_q == 7'hA)
SCAI_F0_PARAM_CONSTRAINT/241'b1
SCAI_F0_PARAM_CONSTRAINT/251'b1
SCAI_F0_PARAM_CONSTRAINT/261'b1
SCAI_F0_PARAM_CONSTRAINT/271'b1
SCAI_F0_PARAM_CONSTRAINT/281'b1
SCAI_F0_PARAM_CONSTRAINT/291'b1
SCAI_F3_SAFETY_IMPLICATION/30rst_ni || (esc_req_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/31rst_ni || (state_q == Idle)
SCAI_F0_VALUE_ENUM/22(state_d == 7'h0) || (state_d == 7'h1) || (state_d == 7'hA)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (esc_req_q == 1'b0)
TT1_GUARDED_UPDATE/T1rst_ni |=> (esc_req_q == esc_req_d)
TT2_HOLD_CONDITION/T2!((!(rst_ni) || rst_ni)) |=> $stable(esc_req_q)
TT1_GUARDED_UPDATE/T3(esc_level && state_q) |=> (state_d == Check)
TT1_GUARDED_UPDATE/T4state_q |=> (state_d == PingResp)
TT1_GUARDED_UPDATE/T5(esc_level && state_q) |=> (state_d == EscResp)
TT1_GUARDED_UPDATE/T6state_q |=> (state_d == Idle)
TT1_GUARDED_UPDATE/T7(sigint_detected && state_q) |=> (state_d == SigInt)
TT1_GUARDED_UPDATE/T8((state_q != SigInt) && sigint_detected) |=> (state_d == SigInt)
TT2_HOLD_CONDITION/T9!(((esc_level && state_q) || state_q || (esc_level && state_q) || stat
TT1_GUARDED_UPDATE/T10(esc_level && state_q) |=> (resp_pd == ~(resp_pq))
TT1_GUARDED_UPDATE/T11state_q |=> (resp_pd == ~(resp_pq))
TT1_GUARDED_UPDATE/T12(sigint_detected && state_q) |=> (resp_pd == ~(resp_pq))
TT1_GUARDED_UPDATE/T13((state_q != SigInt) && sigint_detected) |=> (resp_pd == 1'b0)
TT2_HOLD_CONDITION/T14!(((esc_level && state_q) || state_q || state_q || (esc_level && state
TT1_GUARDED_UPDATE/T15(esc_level && state_q) |=> (resp_nd == resp_pq)
TT1_GUARDED_UPDATE/T16state_q |=> (resp_nd == resp_pq)
TT1_GUARDED_UPDATE/T17(sigint_detected && state_q) |=> (resp_nd == ~(resp_pq))
TT1_GUARDED_UPDATE/T18((state_q != SigInt) && sigint_detected) |=> (resp_nd == 1'b0)
TT2_HOLD_CONDITION/T19!(((esc_level && state_q) || state_q || state_q || (esc_level && state
TT1_GUARDED_UPDATE/T20(esc_level && state_q) |=> (esc_req == 1'b1)
TT1_GUARDED_UPDATE/T21state_q |=> (esc_req == 1'b1)
TT2_HOLD_CONDITION/T22!(((esc_level && state_q) || (esc_level && state_q) || (esc_level && s
TT1_GUARDED_UPDATE/T23state_q |=> (ping_en == 1'b1)
TT2_HOLD_CONDITION/T24!(state_q) |=> $stable(ping_en)
TT1_GUARDED_UPDATE/T25!(rst_ni) |=> (state_q == Idle)
TT1_GUARDED_UPDATE/T26rst_ni |=> (state_q == state_d)
TT2_HOLD_CONDITION/T27!((!(rst_ni) || rst_ni)) |=> $stable(state_q)
TT8_FSM_LIVENESS/T28(state_d != 3'd0) |=> ##[0:24] (state_d == 3'd0)
prim_edn_req 57 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(ack_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(edn_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(edn_o_ar_addr)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(edn_o_ar_burst)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(edn_o_ar_cache)
SCAI_F0_ASSERT_KNOWN/6!$isunknown(edn_o_ar_id)
SCAI_F0_ASSERT_KNOWN/7!$isunknown(edn_o_ar_len)
SCAI_F0_ASSERT_KNOWN/8!$isunknown(edn_o_ar_lock)
SCAI_F0_ASSERT_KNOWN/9!$isunknown(edn_o_ar_prot)
SCAI_F0_ASSERT_KNOWN/10!$isunknown(edn_o_ar_qos)
SCAI_F0_ASSERT_KNOWN/11!$isunknown(edn_o_ar_region)
SCAI_F0_ASSERT_KNOWN/12!$isunknown(edn_o_ar_size)
SCAI_F0_ASSERT_KNOWN/13!$isunknown(edn_o_ar_user)
SCAI_F0_ASSERT_KNOWN/14!$isunknown(edn_o_ar_valid)
SCAI_F0_ASSERT_KNOWN/15!$isunknown(edn_o_aw_addr)
SCAI_F0_ASSERT_KNOWN/16!$isunknown(edn_o_aw_atop)
SCAI_F0_ASSERT_KNOWN/17!$isunknown(edn_o_aw_burst)
SCAI_F0_ASSERT_KNOWN/18!$isunknown(edn_o_aw_cache)
SCAI_F0_ASSERT_KNOWN/19!$isunknown(edn_o_aw_id)
SCAI_F0_ASSERT_KNOWN/20!$isunknown(edn_o_aw_len)
SCAI_F0_ASSERT_KNOWN/21!$isunknown(edn_o_aw_lock)
SCAI_F0_ASSERT_KNOWN/22!$isunknown(edn_o_aw_prot)
SCAI_F0_ASSERT_KNOWN/23!$isunknown(edn_o_aw_qos)
SCAI_F0_ASSERT_KNOWN/24!$isunknown(edn_o_aw_region)
SCAI_F0_ASSERT_KNOWN/25!$isunknown(edn_o_aw_size)
SCAI_F0_ASSERT_KNOWN/26!$isunknown(edn_o_aw_user)
SCAI_F0_ASSERT_KNOWN/27!$isunknown(edn_o_aw_valid)
SCAI_F0_ASSERT_KNOWN/28!$isunknown(edn_o_b_ready)
SCAI_F0_ASSERT_KNOWN/29!$isunknown(edn_o_r_ready)
SCAI_F0_ASSERT_KNOWN/30!$isunknown(edn_o_w_data)
SCAI_F0_ASSERT_KNOWN/31!$isunknown(edn_o_w_last)
SCAI_F0_ASSERT_KNOWN/32!$isunknown(edn_o_w_strb)
SCAI_F0_ASSERT_KNOWN/33!$isunknown(edn_o_w_user)
SCAI_F0_ASSERT_KNOWN/34!$isunknown(edn_o_w_valid)
SCAI_F0_ASSERT_KNOWN/35!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/36!$isunknown(fips_o)
SCAI_F3_SAFETY_IMPLICATION/37!(ack_o && rst_ni) || (data_curr == data_o)
SCAI_F3_SAFETY_IMPLICATION/38!(ack_o && rst_ni) || (data_prev == data_curr)
SCAI_F3_SAFETY_IMPLICATION/39!rst_ni || (fips_q == fips_d)
SCAI_F0_PARAM_CONSTRAINT/401'b1
SCAI_F0_PARAM_CONSTRAINT/411'b1
SCAI_F3_SAFETY_IMPLICATION/42err_o == 1'b0
SCAI_F0_CONSTANT_OUTPUT/43err_o == 1'b0
SCAI_F3_SAFETY_IMPLICATION/44fips_o == fips_q
SCAI_F3_SAFETY_IMPLICATION/45rst_ni || (data_curr == 32'h0)
SCAI_F3_SAFETY_IMPLICATION/46rst_ni || (data_prev == 32'h0)
SCAI_F3_SAFETY_IMPLICATION/47rst_ni || (fips_q == 1'b1)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (fips_q == 1'b1)
TT1_GUARDED_UPDATE/T1rst_ni |=> (fips_q == fips_d)
TT2_HOLD_CONDITION/T2!((!(rst_ni) || rst_ni)) |=> $stable(fips_q)
TT1_GUARDED_UPDATE/T3!(rst_ni) |=> (data_prev == 32'd0)
TT1_GUARDED_UPDATE/T4(ack_o && rst_ni) |=> (data_prev == data_curr)
TT2_HOLD_CONDITION/T5!((!(rst_ni) || (ack_o && rst_ni))) |=> $stable(data_prev)
TT1_GUARDED_UPDATE/T6!(rst_ni) |=> (data_curr == 32'd0)
TT1_GUARDED_UPDATE/T7(ack_o && rst_ni) |=> (data_curr == data_o)
TT2_HOLD_CONDITION/T8!((!(rst_ni) || (ack_o && rst_ni))) |=> $stable(data_curr)
tlul_adapter_host 54 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(gnt_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(intg_err_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(rdata_intg_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(rdata_o)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(tl_o)
SCAI_F0_ASSERT_KNOWN/6!$isunknown(tl_o_a_address)
SCAI_F0_ASSERT_KNOWN/7!$isunknown(tl_o_a_data)
SCAI_F0_ASSERT_KNOWN/8!$isunknown(tl_o_a_mask)
SCAI_F0_ASSERT_KNOWN/9!$isunknown(tl_o_a_opcode)
SCAI_F0_ASSERT_KNOWN/10!$isunknown(tl_o_a_param)
SCAI_F0_ASSERT_KNOWN/11!$isunknown(tl_o_a_size)
SCAI_F0_ASSERT_KNOWN/12!$isunknown(tl_o_a_source)
SCAI_F0_ASSERT_KNOWN/13!$isunknown(tl_o_a_user)
SCAI_F0_ASSERT_KNOWN/14!$isunknown(tl_o_a_valid)
SCAI_F0_ASSERT_KNOWN/15!$isunknown(tl_o_d_ready)
SCAI_F0_ASSERT_KNOWN/16!$isunknown(valid_o)
SCAI_F3_SAFETY_IMPLICATION/17!(!(!valid_o && gnt_o && req_i) && !(gnt_o && req_i) && vali
SCAI_F3_SAFETY_IMPLICATION/18!(!(source_q == MaxSource) && gnt_o && req_i) || (source_d =
SCAI_F3_SAFETY_IMPLICATION/19!(!valid_o && gnt_o && req_i) || (outstanding_reqs_d == (out
SCAI_F3_SAFETY_IMPLICATION/20!((source_q == MaxSource) && gnt_o && req_i) || (source_d ==
SCAI_F3_SAFETY_IMPLICATION/21!(intg_err && rst_ni) || (intg_err_q == 1'b1)
SCAI_F5_COUNTER_BOUND/22!rst_ni || (outstanding_reqs_q != 2'h3)
SCAI_F3_SAFETY_IMPLICATION/23!rst_ni || (outstanding_reqs_q == outstanding_reqs_d)
SCAI_F5_COUNTER_BOUND/24!rst_ni || (source_q != 1'b1)
SCAI_F3_SAFETY_IMPLICATION/25!rst_ni || (source_q == source_d)
SCAI_F0_PARAM_CONSTRAINT/261'b1
SCAI_F3_SAFETY_IMPLICATION/30intg_err_o == (intg_err_q | intg_err)
SCAI_F3_OUTPUT_EQUIVALENCE/31intg_err_o == (intg_err_q | intg_err)
SCAI_F5_COUNTER_BOUND/32outstanding_reqs_d <= 2'h3
SCAI_F5_COUNTER_BOUND/33outstanding_reqs_q <= 2'h3
SCAI_F5_COUNTER_BOUND/34outstanding_reqs_q <= 2'h3
SCAI_F3_SAFETY_IMPLICATION/37rst_ni || (intg_err_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/38rst_ni || (outstanding_reqs_q == 2'h0)
SCAI_F3_SAFETY_IMPLICATION/39rst_ni || (source_q == 1'b0)
SCAI_F5_COUNTER_BOUND/40source_d <= 1'b1
SCAI_F5_COUNTER_BOUND/41source_q <= 1'b1
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (source_q == 1'b0)
TT1_GUARDED_UPDATE/T1rst_ni |=> (source_q == source_d)
TT2_HOLD_CONDITION/T2!((!(rst_ni) || rst_ni)) |=> $stable(source_q)
TT3_ARITHMETIC_UPDATE/T3!(rst_ni) |=> (source_q == $past(source_q) + 1)
TT1_GUARDED_UPDATE/T4((source_q == MaxSource) && gnt_o && req_i) |=> (source_d == 1'b0)
TT1_GUARDED_UPDATE/T5(!((source_q == MaxSource)) && gnt_o && req_i) |=> (source_d == (sourc
TT2_HOLD_CONDITION/T6!((((source_q == MaxSource) && gnt_o && req_i) || (!((source_q == MaxS
TT1_GUARDED_UPDATE/T7!(rst_ni) |=> (intg_err_q == 1'b0)
TT1_GUARDED_UPDATE/T8(intg_err && rst_ni) |=> (intg_err_q == 1'b1)
TT2_HOLD_CONDITION/T9!((!(rst_ni) || (intg_err && rst_ni))) |=> $stable(intg_err_q)
TT1_GUARDED_UPDATE/T10(!(valid_o) && gnt_o && req_i) |=> (outstanding_reqs_d == (outstanding
TT1_GUARDED_UPDATE/T11(!((!(valid_o) && gnt_o && req_i)) && !((gnt_o && req_i)) && valid_o)
TT2_HOLD_CONDITION/T12!(((!(valid_o) && gnt_o && req_i) || (!((!(valid_o) && gnt_o && req_i)
TT1_GUARDED_UPDATE/T13!(rst_ni) |=> (outstanding_reqs_q == 2'b0)
TT1_GUARDED_UPDATE/T14rst_ni |=> (outstanding_reqs_q == outstanding_reqs_d)
TT2_HOLD_CONDITION/T15!((!(rst_ni) || rst_ni)) |=> $stable(outstanding_reqs_q)
TT3_ARITHMETIC_UPDATE/T16!(rst_ni) |=> (outstanding_reqs_q == $past(outstanding_reqs_q) + 1)
prim_arbiter_ppc 49 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(gnt_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(idx_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(valid_o)
SCAI_F3_SAFETY_IMPLICATION/4!(!(ready_i && valid_o) && !ready_i && rst_ni && valid_o) ||
SCAI_F3_SAFETY_IMPLICATION/5!(ready_i && rst_ni && valid_o) || (mask == mask_next)
SCAI_F2_ARBITER_COMPLETENESS/6!(|(req_i) && ready_i) || |(gnt_o)
SCAI_F2_GRANT_IMPLIES_REQUEST/7!gnt_o[0] || req_i[0]
SCAI_F2_PRIORITY_ORDERING/8!gnt_o[1] || !req_i[0]
SCAI_F2_GRANT_IMPLIES_REQUEST/9!gnt_o[1] || req_i[1]
SCAI_F2_PRIORITY_ORDERING/10!gnt_o[2] || !(|(req_i[1:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/11!gnt_o[2] || req_i[2]
SCAI_F2_PRIORITY_ORDERING/12!gnt_o[3] || !(|(req_i[2:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/13!gnt_o[3] || req_i[3]
SCAI_F2_PRIORITY_ORDERING/14!gnt_o[4] || !(|(req_i[3:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/15!gnt_o[4] || req_i[4]
SCAI_F2_PRIORITY_ORDERING/16!gnt_o[5] || !(|(req_i[4:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/17!gnt_o[5] || req_i[5]
SCAI_F2_PRIORITY_ORDERING/18!gnt_o[6] || !(|(req_i[5:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/19!gnt_o[6] || req_i[6]
SCAI_F2_PRIORITY_ORDERING/20!gnt_o[7] || !(|(req_i[6:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/21!gnt_o[7] || req_i[7]
SCAI_F3_SAFETY_IMPLICATION/22!winner || (data_o == data_i[i])
SCAI_F2_GRANT_EXCLUSIVITY/23$onehot0(data_o)
SCAI_F3_BACKWARD_IMPLICATION/24(data_o == 32'h0) || (winner)
SCAI_F3_BACKWARD_IMPLICATION/25(gnt_o == 8'h0) || ready_i
SCAI_F3_CROSS_OUTPUT/26(gnt_o == 8'h0) || ready_i
SCAI_F0_PARAM_CONSTRAINT/271'b1
SCAI_F3_SAFETY_IMPLICATION/28gnt_o == (ready_i ? winner : 8'h0)
SCAI_F3_OUTPUT_EQUIVALENCE/29gnt_o == (ready_i ? winner : 8'h0)
SCAI_F3_SAFETY_IMPLICATION/30rst_ni || (mask == 8'h0)
SCAI_F3_SAFETY_IMPLICATION/31valid_o == |(req_i)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (mask == 8'd0)
TT1_GUARDED_UPDATE/T1(ready_i && rst_ni && valid_o) |=> (mask == mask_next)
TT1_GUARDED_UPDATE/T2(!((ready_i && valid_o)) && !(ready_i) && rst_ni && valid_o) |=> (mask
TT2_HOLD_CONDITION/T3!((!(rst_ni) || (ready_i && rst_ni && valid_o) || (!((ready_i && valid
TT1_GUARDED_UPDATE/T4winner |=> (data_o == data_i[i])
TT2_HOLD_CONDITION/T5!(winner) |=> $stable(data_o)
TT4_HOLD_VALID/T6(valid_o && !ready_i) |=> valid_o
TT4_DATA_STABLE/T7(valid_o && !ready_i) |=> $stable(data_i)
TT4_DATA_STABLE/T8(valid_o && !ready_i) |=> $stable(data_o)
TT7_PER_REQUESTER_LIVENESS/T10(req_i[0] && ready_i) |=> ##[0:16] gnt_o[0]
TT7_PER_REQUESTER_LIVENESS/T11(req_i[1] && ready_i) |=> ##[0:16] gnt_o[1]
TT7_PER_REQUESTER_LIVENESS/T12(req_i[2] && ready_i) |=> ##[0:16] gnt_o[2]
TT7_PER_REQUESTER_LIVENESS/T13(req_i[3] && ready_i) |=> ##[0:16] gnt_o[3]
TT7_PER_REQUESTER_LIVENESS/T14(req_i[4] && ready_i) |=> ##[0:16] gnt_o[4]
TT7_PER_REQUESTER_LIVENESS/T15(req_i[5] && ready_i) |=> ##[0:16] gnt_o[5]
TT7_PER_REQUESTER_LIVENESS/T16(req_i[6] && ready_i) |=> ##[0:16] gnt_o[6]
TT7_PER_REQUESTER_LIVENESS/T17(req_i[7] && ready_i) |=> ##[0:16] gnt_o[7]
prim_packer_fifo 45 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(depth_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(rdata_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(rvalid_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(wready_o)
SCAI_F3_SAFETY_IMPLICATION/4!rst_ni || (clr_q == clr_d)
SCAI_F3_SAFETY_IMPLICATION/5!rst_ni || (data_q == data_d)
SCAI_F3_SAFETY_IMPLICATION/6!rst_ni || (depth_q == depth_d)
SCAI_F5_COUNTER_BOUND/7!rst_ni || (ptr_q != 3'h7)
SCAI_F3_SAFETY_IMPLICATION/8!rst_ni || (ptr_q == ptr_d)
SCAI_F0_PARAM_CONSTRAINT/91'b1
SCAI_F0_PARAM_CONSTRAINT/101'b1
SCAI_F0_PARAM_CONSTRAINT/111'b1
SCAI_F0_PARAM_CONSTRAINT/121'b1
SCAI_F0_PARAM_CONSTRAINT/131'b1
SCAI_F5_COUNTER_BOUND/14depth_d <= 3'h7
SCAI_F3_SAFETY_IMPLICATION/15depth_o == depth_q
SCAI_F5_COUNTER_BOUND/16depth_q <= 3'h7
SCAI_F5_COUNTER_BOUND/17ptr_d <= 3'h7
SCAI_F5_COUNTER_BOUND/18ptr_q <= 3'h7
SCAI_F3_SAFETY_IMPLICATION/21rst_ni || (clr_q == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/22rst_ni || (data_q == 32'h0)
SCAI_F3_SAFETY_IMPLICATION/23rst_ni || (depth_q == 3'h0)
SCAI_F3_SAFETY_IMPLICATION/24rst_ni || (ptr_q == 3'h0)
SCAI_F3_SAFETY_IMPLICATION/25rvalid_o == (!(depth_q == 3'h0) && !clr_q)
SCAI_F3_OUTPUT_EQUIVALENCE/26rvalid_o == (!(depth_q == 3'h0) && !clr_q)
SCAI_F3_SAFETY_IMPLICATION/27wready_o == ((depth_q == 3'h0) && !clr_q)
SCAI_F3_OUTPUT_EQUIVALENCE/28wready_o == ((depth_q == 3'h0) && !clr_q)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (depth_q == 3'b0)
TT1_GUARDED_UPDATE/T1rst_ni |=> (depth_q == depth_d)
TT2_HOLD_CONDITION/T2!((!(rst_ni) || rst_ni)) |=> $stable(depth_q)
TT3_ARITHMETIC_UPDATE/T3!(rst_ni) |=> (depth_q == $past(depth_q) - 1)
TT1_GUARDED_UPDATE/T4!(rst_ni) |=> (data_q == 32'd0)
TT1_GUARDED_UPDATE/T5rst_ni |=> (data_q == data_d)
TT2_HOLD_CONDITION/T6!((!(rst_ni) || rst_ni)) |=> $stable(data_q)
TT1_GUARDED_UPDATE/T7!(rst_ni) |=> (clr_q == 1'b1)
TT1_GUARDED_UPDATE/T8rst_ni |=> (clr_q == clr_d)
TT2_HOLD_CONDITION/T9!((!(rst_ni) || rst_ni)) |=> $stable(clr_q)
TT1_GUARDED_UPDATE/T10!(rst_ni) |=> (ptr_q == 3'b0)
TT1_GUARDED_UPDATE/T11rst_ni |=> (ptr_q == ptr_d)
TT2_HOLD_CONDITION/T12!((!(rst_ni) || rst_ni)) |=> $stable(ptr_q)
TT3_ARITHMETIC_UPDATE/T13!(rst_ni) |=> (ptr_q == $past(ptr_q) + 1)
TT4_HOLD_VALID/T14(wvalid_i && !wready_o) |=> wvalid_i
TT4_DATA_STABLE/T15(wvalid_i && !wready_o) |=> $stable(wdata_i)
TT4_HOLD_VALID/T16(rvalid_o && !rready_i) |=> rvalid_o
TT4_DATA_STABLE/T17(rvalid_o && !rready_i) |=> $stable(rdata_o)
prim_sha2 45 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(digest_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(digest_on_blk_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(fifo_rready_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(fifo_st_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(hash_done_o)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(hash_running_o)
SCAI_F0_ASSERT_KNOWN/6!$isunknown(idle_o)
SCAI_F3_SAFETY_IMPLICATION/8!(!(!run_hash && update_w_from_fifo) && !(!sha_en_i || hash_
SCAI_F3_SAFETY_IMPLICATION/9!(!(!sha_en_i || hash_go) && !run_hash && !wipe_secret_i &&
SCAI_F3_SAFETY_IMPLICATION/14!(!(fifo_st_q == FifoWait) && sha_st_q) || (sha_st_d == ShaI
SCAI_F3_SAFETY_IMPLICATION/20!(!clear_digest && !hash_start_i && !sha_en_i && !wipe_secre
SCAI_F3_SAFETY_IMPLICATION/21!(!clear_digest && !hash_start_i && !wipe_secret_i && sha_en
SCAI_F3_SAFETY_IMPLICATION/23!(!hash_start_i && !wipe_secret_i && clear_digest) || (diges
SCAI_F3_SAFETY_IMPLICATION/24!(!init_hash && !wipe_secret_i && run_hash) || (hash256_d ==
SCAI_F3_SAFETY_IMPLICATION/25!(!sha_en_i || hash_go) || (round_d == 7'h0)
SCAI_F3_SAFETY_IMPLICATION/26!(!sha_en_i || hash_go) || (sha_st_d == ShaIdle)
SCAI_F3_SAFETY_IMPLICATION/31!(!wipe_secret_i && (!sha_en_i || hash_go)) || (w256_d == 51
SCAI_F3_SAFETY_IMPLICATION/32!(!wipe_secret_i && hash_start_i) || (digest256_d == InitHas
SCAI_F3_SAFETY_IMPLICATION/33!(!wipe_secret_i && init_hash) || (hash256_d == digest256_q)
SCAI_F3_SAFETY_IMPLICATION/35!((fifo_st_q == FifoWait) && sha_st_q) || (init_hash == 1'b1
SCAI_F3_SAFETY_IMPLICATION/36!((fifo_st_q == FifoWait) && sha_st_q) || (sha_st_d == ShaCo
SCAI_F5_COUNTER_BOUND/44!rst_ni || (digest256_q != 8'hFF)
SCAI_F3_SAFETY_IMPLICATION/45!rst_ni || (digest256_q == digest256_d)
SCAI_F3_SAFETY_IMPLICATION/48!rst_ni || (hash256_q == hash256_d)
SCAI_F3_ENABLE_GATE/49!rst_ni || (hash_done_o == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/50!rst_ni || (hash_done_o == hash_done_next)
SCAI_F5_COUNTER_BOUND/51!rst_ni || (round_q != 7'h7F)
SCAI_F3_SAFETY_IMPLICATION/52!rst_ni || (round_q == round_d)
SCAI_F3_SAFETY_IMPLICATION/53!rst_ni || (sha_en_q == sha_en_i)
SCAI_F3_SAFETY_IMPLICATION/54!rst_ni || (sha_st_q == sha_st_d)
SCAI_F3_SAFETY_IMPLICATION/55!rst_ni || (update_digest_q == update_digest_d)
SCAI_F5_COUNTER_BOUND/56!rst_ni || (w_index_q != 4'hF)
SCAI_F3_SAFETY_IMPLICATION/57!rst_ni || (w_index_q == w_index_d)
SCAI_F3_SAFETY_IMPLICATION/58!sha_st_q || (run_hash == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/59!sha_st_q || (sha_st_d == ShaIdle)
SCAI_F3_SAFETY_IMPLICATION/60!sha_st_q || (update_digest == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/61!wipe_secret_i || (digest256_d == {8{{wipe_v_i}}})
SCAI_F3_SAFETY_IMPLICATION/62!wipe_secret_i || (hash256_d == {8{{wipe_v_i}}})
SCAI_F3_SAFETY_IMPLICATION/63!wipe_secret_i || (w256_d == {16{{wipe_v_i}}})
SCAI_F2_GRANT_EXCLUSIVITY/64$onehot0(digest_o)
SCAI_F3_BACKWARD_IMPLICATION/65(hash_done_o == 1'b0) || (rst_ni)
SCAI_F0_VALUE_ENUM/66(sha_st_d == 4'h0) || (sha_st_d == 4'h1) || (sha_st_d == 4'h
SCAI_F5_COUNTER_BOUND/68digest256_d <= 8'hFF
SCAI_F5_COUNTER_BOUND/69digest256_q <= 8'hFF
SCAI_F3_SAFETY_IMPLICATION/70digest_o == 32'h0
prim_fifo_async 42 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(rdata_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(rdepth_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(rvalid_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(wdepth_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(wready_o)
SCAI_F3_SAFETY_IMPLICATION/5!(fifo_incr_rptr && rst_rd_ni) || (fifo_rptr_gray_q == fifo_
SCAI_F3_SAFETY_IMPLICATION/6!(fifo_incr_rptr && rst_rd_ni) || (fifo_rptr_q == fifo_rptr_
SCAI_F3_SAFETY_IMPLICATION/7!(fifo_incr_wptr && rst_wr_ni) || (fifo_wptr_gray_q == fifo_
SCAI_F3_SAFETY_IMPLICATION/8!(fifo_incr_wptr && rst_wr_ni) || (fifo_wptr_q == fifo_wptr_
SCAI_F3_SAFETY_IMPLICATION/9!fifo_incr_wptr || (storage == wdata_i)
SCAI_F3_SAFETY_IMPLICATION/10!rst_wr_ni || (fifo_rptr_sync_q == fifo_rptr_sync_combi)
SCAI_F5_COUNTER_BOUND/11fifo_rptr_d <= 3'h7
SCAI_F5_COUNTER_BOUND/12fifo_wptr_d <= 3'h7
SCAI_F3_SAFETY_IMPLICATION/13rdata_o == rdata_int
SCAI_F3_SAFETY_IMPLICATION/16rst_rd_ni || (fifo_rptr_gray_q == 3'h0)
SCAI_F3_SAFETY_IMPLICATION/17rst_rd_ni || (fifo_rptr_q == 3'h0)
SCAI_F3_SAFETY_IMPLICATION/18rst_wr_ni || (fifo_rptr_sync_q == 3'h0)
SCAI_F3_SAFETY_IMPLICATION/19rst_wr_ni || (fifo_wptr_gray_q == 3'h0)
SCAI_F3_SAFETY_IMPLICATION/20rst_wr_ni || (fifo_wptr_q == 3'h0)
SCAI_F3_SAFETY_IMPLICATION/21rvalid_o == ~(empty_rclk)
SCAI_F3_SAFETY_IMPLICATION/24wready_o == ~(full_wclk)
TT1_GUARDED_UPDATE/T0!(rst_wr_ni) |=> (fifo_wptr_q == 3'b0)
TT1_GUARDED_UPDATE/T1(fifo_incr_wptr && rst_wr_ni) |=> (fifo_wptr_q == fifo_wptr_d)
TT2_HOLD_CONDITION/T2!((!(rst_wr_ni) || (fifo_incr_wptr && rst_wr_ni))) |=> $stable(fifo_wp
TT1_GUARDED_UPDATE/T3!(rst_wr_ni) |=> (fifo_wptr_gray_q == 3'b0)
TT1_GUARDED_UPDATE/T4(fifo_incr_wptr && rst_wr_ni) |=> (fifo_wptr_gray_q == fifo_wptr_gray_
TT2_HOLD_CONDITION/T5!((!(rst_wr_ni) || (fifo_incr_wptr && rst_wr_ni))) |=> $stable(fifo_wp
TT1_GUARDED_UPDATE/T6!(rst_rd_ni) |=> (fifo_rptr_q == 3'b0)
TT1_GUARDED_UPDATE/T7(fifo_incr_rptr && rst_rd_ni) |=> (fifo_rptr_q == fifo_rptr_d)
TT2_HOLD_CONDITION/T8!((!(rst_rd_ni) || (fifo_incr_rptr && rst_rd_ni))) |=> $stable(fifo_rp
TT1_GUARDED_UPDATE/T9!(rst_rd_ni) |=> (fifo_rptr_gray_q == 3'b0)
TT1_GUARDED_UPDATE/T10(fifo_incr_rptr && rst_rd_ni) |=> (fifo_rptr_gray_q == fifo_rptr_gray_
TT2_HOLD_CONDITION/T11!((!(rst_rd_ni) || (fifo_incr_rptr && rst_rd_ni))) |=> $stable(fifo_rp
TT1_GUARDED_UPDATE/T12!(rst_wr_ni) |=> (fifo_rptr_sync_q == 3'b0)
TT1_GUARDED_UPDATE/T13rst_wr_ni |=> (fifo_rptr_sync_q == fifo_rptr_sync_combi)
TT2_HOLD_CONDITION/T14!((!(rst_wr_ni) || rst_wr_ni)) |=> $stable(fifo_rptr_sync_q)
TT1_GUARDED_UPDATE/T15fifo_incr_wptr |=> (storage == wdata_i)
TT2_HOLD_CONDITION/T16!(fifo_incr_wptr) |=> $stable(storage)
TT4_HOLD_VALID/T17(wvalid_i && !wready_o) |=> wvalid_i
TT4_DATA_STABLE/T18(wvalid_i && !wready_o) |=> $stable(wdata_i)
TT4_HOLD_VALID/T19(rvalid_o && !rready_i) |=> rvalid_o
TT4_DATA_STABLE/T20(rvalid_o && !rready_i) |=> $stable(rdata_o)
prim_sync_reqack 41 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(dst_req_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(src_ack_o)
SCAI_F3_SAFETY_IMPLICATION/2!(!chk_flag && effective_rst_n && src_req_i) || (chk_flag ==
SCAI_F3_SAFETY_IMPLICATION/7!rst_dst_ni || (dst_ack_q == dst_ack_d)
SCAI_F3_SAFETY_IMPLICATION/10!rst_src_ni || (src_req_q == src_req_d)
SCAI_F3_SAFETY_IMPLICATION/15effective_rst_n || (chk_flag == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/16rst_dst_ni || (dst_ack_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/19rst_src_ni || (src_req_q == 1'b0)
TT1_GUARDED_UPDATE/T0(src_fsm_cs && src_handshake) |=> (src_fsm_ns == ODD)
TT1_GUARDED_UPDATE/T1(src_fsm_cs && src_handshake) |=> (src_fsm_ns == EVEN)
TT2_HOLD_CONDITION/T2!(((src_fsm_cs && src_handshake) || (src_fsm_cs && src_handshake))) |=
TT1_GUARDED_UPDATE/T3src_fsm_cs |=> (src_req_d == src_req_i)
TT1_GUARDED_UPDATE/T4src_fsm_cs |=> (src_req_d == ~(src_req_i))
TT2_HOLD_CONDITION/T5!((src_fsm_cs || src_fsm_cs)) |=> $stable(src_req_d)
TT1_GUARDED_UPDATE/T6src_fsm_cs |=> (src_ack_o == src_ack)
TT1_GUARDED_UPDATE/T7src_fsm_cs |=> (src_ack_o == ~(src_ack))
TT2_HOLD_CONDITION/T8!((src_fsm_cs || src_fsm_cs)) |=> $stable(src_ack_o)
TT1_GUARDED_UPDATE/T9(dst_fsm_cs && dst_handshake) |=> (dst_fsm_ns == ODD)
TT1_GUARDED_UPDATE/T10(dst_fsm_cs && dst_handshake) |=> (dst_fsm_ns == EVEN)
TT2_HOLD_CONDITION/T11!(((dst_fsm_cs && dst_handshake) || (dst_fsm_cs && dst_handshake))) |=
TT1_GUARDED_UPDATE/T12dst_fsm_cs |=> (dst_req_o == dst_req)
TT1_GUARDED_UPDATE/T13dst_fsm_cs |=> (dst_req_o == ~(dst_req))
TT2_HOLD_CONDITION/T14!((dst_fsm_cs || dst_fsm_cs)) |=> $stable(dst_req_o)
TT1_GUARDED_UPDATE/T15dst_fsm_cs |=> (dst_ack_d == dst_ack_i)
TT1_GUARDED_UPDATE/T16dst_fsm_cs |=> (dst_ack_d == ~(dst_ack_i))
TT2_HOLD_CONDITION/T17!((dst_fsm_cs || dst_fsm_cs)) |=> $stable(dst_ack_d)
TT1_GUARDED_UPDATE/T18!(rst_src_ni) |=> (src_fsm_cs == EVEN)
TT1_GUARDED_UPDATE/T19rst_src_ni |=> (src_fsm_cs == src_fsm_ns)
TT2_HOLD_CONDITION/T20!((!(rst_src_ni) || rst_src_ni)) |=> $stable(src_fsm_cs)
TT1_GUARDED_UPDATE/T21!(rst_src_ni) |=> (src_req_q == 1'b0)
TT1_GUARDED_UPDATE/T22rst_src_ni |=> (src_req_q == src_req_d)
TT2_HOLD_CONDITION/T23!((!(rst_src_ni) || rst_src_ni)) |=> $stable(src_req_q)
TT1_GUARDED_UPDATE/T24!(rst_dst_ni) |=> (dst_fsm_cs == EVEN)
TT1_GUARDED_UPDATE/T25rst_dst_ni |=> (dst_fsm_cs == dst_fsm_ns)
TT2_HOLD_CONDITION/T26!((!(rst_dst_ni) || rst_dst_ni)) |=> $stable(dst_fsm_cs)
TT1_GUARDED_UPDATE/T27!(rst_dst_ni) |=> (dst_ack_q == 1'b0)
TT1_GUARDED_UPDATE/T28rst_dst_ni |=> (dst_ack_q == dst_ack_d)
TT2_HOLD_CONDITION/T29!((!(rst_dst_ni) || rst_dst_ni)) |=> $stable(dst_ack_q)
TT1_GUARDED_UPDATE/T30!(effective_rst_n) |=> (chk_flag == 1'b0)
TT1_GUARDED_UPDATE/T31(!(chk_flag) && effective_rst_n && src_req_i) |=> (chk_flag == 1'b1)
TT2_HOLD_CONDITION/T32!((!(effective_rst_n) || (!(chk_flag) && effective_rst_n && src_req_i)
prim_arbiter_fixed 38 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(gnt_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(idx_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(valid_o)
SCAI_F2_ARBITER_COMPLETENESS/4!(|(req_i) && ready_i) || |(gnt_o)
SCAI_F2_GRANT_IMPLIES_REQUEST/5!gnt_o[0] || req_i[0]
SCAI_F2_PRIORITY_ORDERING/6!gnt_o[1] || !req_i[0]
SCAI_F2_GRANT_IMPLIES_REQUEST/7!gnt_o[1] || req_i[1]
SCAI_F2_PRIORITY_ORDERING/8!gnt_o[2] || !(|(req_i[1:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/9!gnt_o[2] || req_i[2]
SCAI_F2_PRIORITY_ORDERING/10!gnt_o[3] || !(|(req_i[2:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/11!gnt_o[3] || req_i[3]
SCAI_F2_PRIORITY_ORDERING/12!gnt_o[4] || !(|(req_i[3:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/13!gnt_o[4] || req_i[4]
SCAI_F2_PRIORITY_ORDERING/14!gnt_o[5] || !(|(req_i[4:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/15!gnt_o[5] || req_i[5]
SCAI_F2_PRIORITY_ORDERING/16!gnt_o[6] || !(|(req_i[5:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/17!gnt_o[6] || req_i[6]
SCAI_F2_PRIORITY_ORDERING/18!gnt_o[7] || !(|(req_i[6:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/19!gnt_o[7] || req_i[7]
SCAI_F2_GRANT_EXCLUSIVITY/20$onehot0(gnt_o)
SCAI_F0_PARAM_CONSTRAINT/211'b1
SCAI_F0_PARAM_CONSTRAINT/221'b1
SCAI_F0_PARAM_CONSTRAINT/231'b1
SCAI_F3_SAFETY_IMPLICATION/24data_o == data_tree[0]
SCAI_F3_SAFETY_IMPLICATION/34idx_o == idx_tree[0]
SCAI_F3_SAFETY_IMPLICATION/35valid_o == req_tree[0]
TT4_HOLD_VALID/T0(valid_o && !ready_i) |=> valid_o
TT4_DATA_STABLE/T1(valid_o && !ready_i) |=> $stable(data_i)
TT4_DATA_STABLE/T2(valid_o && !ready_i) |=> $stable(data_o)
TT7_PER_REQUESTER_LIVENESS/T4(req_i[0] && ready_i) |=> ##[0:16] gnt_o[0]
TT7_PER_REQUESTER_LIVENESS/T5(req_i[1] && ready_i) |=> ##[0:16] gnt_o[1]
TT7_PER_REQUESTER_LIVENESS/T6(req_i[2] && ready_i) |=> ##[0:16] gnt_o[2]
TT7_PER_REQUESTER_LIVENESS/T7(req_i[3] && ready_i) |=> ##[0:16] gnt_o[3]
TT7_PER_REQUESTER_LIVENESS/T8(req_i[4] && ready_i) |=> ##[0:16] gnt_o[4]
TT7_PER_REQUESTER_LIVENESS/T9(req_i[5] && ready_i) |=> ##[0:16] gnt_o[5]
TT7_PER_REQUESTER_LIVENESS/T10(req_i[6] && ready_i) |=> ##[0:16] gnt_o[6]
TT7_PER_REQUESTER_LIVENESS/T11(req_i[7] && ready_i) |=> ##[0:16] gnt_o[7]
prim_fifo_sync_assert_fpv 38 proven
SCAI_F3_SAFETY_IMPLICATION/0!(!(rready_i && rvalid_o && wready_o && wvalid_i) && !(wread
SCAI_F3_SAFETY_IMPLICATION/1!(!(rready_i && rvalid_o && wready_o && wvalid_i) && !(wread
SCAI_F3_SAFETY_IMPLICATION/2!(!(rready_i && rvalid_o && wready_o && wvalid_i) && !clr_i
SCAI_F3_SAFETY_IMPLICATION/3!(!(rready_i && rvalid_o && wready_o && wvalid_i) && !clr_i
SCAI_F3_SAFETY_IMPLICATION/4!(!(rready_i && rvalid_o && wready_o && wvalid_i) && !clr_i
SCAI_F3_SAFETY_IMPLICATION/5!(!clr_i && rready_i && rst_ni && rvalid_o && wready_o && wv
SCAI_F3_SAFETY_IMPLICATION/6!(!clr_i && rready_i && rst_ni && rvalid_o && wready_o && wv
SCAI_F3_SAFETY_IMPLICATION/7!(!clr_i && rready_i && rst_ni && rvalid_o && wready_o && wv
SCAI_F3_SAFETY_IMPLICATION/8!(clr_i && rst_ni) || (ref_depth == 6'h0)
SCAI_F3_SAFETY_IMPLICATION/9!(clr_i && rst_ni) || (rptr == 6'h0)
SCAI_F3_SAFETY_IMPLICATION/10!(clr_i && rst_ni) || (wptr == 6'h0)
SCAI_F5_COUNTER_BOUND/11!rready_i || (ref_depth != 6'h3F)
SCAI_F5_COUNTER_BOUND/12ref_depth <= 6'h3F
SCAI_F5_COUNTER_BOUND/13ref_depth <= 6'h3F
SCAI_F3_SAFETY_IMPLICATION/14rst_ni || (ref_depth == 6'h0)
SCAI_F3_SAFETY_IMPLICATION/15rst_ni || (rptr == 6'h0)
SCAI_F3_SAFETY_IMPLICATION/16rst_ni || (wptr == 6'h0)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (wptr == 0)
TT1_GUARDED_UPDATE/T1(clr_i && rst_ni) |=> (wptr == 0)
TT1_GUARDED_UPDATE/T2(!(clr_i) && rready_i && rst_ni && rvalid_o && wready_o && wvalid_i) |
TT1_GUARDED_UPDATE/T3(!((rready_i && rvalid_o && wready_o && wvalid_i)) && !(clr_i) && rst_
TT2_HOLD_CONDITION/T4!((!(rst_ni) || (clr_i && rst_ni) || (!(clr_i) && rready_i && rst_ni &
TT1_GUARDED_UPDATE/T5!(rst_ni) |=> (rptr == 0)
TT1_GUARDED_UPDATE/T6(clr_i && rst_ni) |=> (rptr == 0)
TT1_GUARDED_UPDATE/T7(!(clr_i) && rready_i && rst_ni && rvalid_o && wready_o && wvalid_i) |
TT1_GUARDED_UPDATE/T8(!((rready_i && rvalid_o && wready_o && wvalid_i)) && !((wready_o && w
TT2_HOLD_CONDITION/T9!((!(rst_ni) || (clr_i && rst_ni) || (!(clr_i) && rready_i && rst_ni &
TT1_GUARDED_UPDATE/T10!(rst_ni) |=> (ref_depth == 0)
TT1_GUARDED_UPDATE/T11(clr_i && rst_ni) |=> (ref_depth == 0)
TT2_HOLD_CONDITION/T12!((!(rst_ni) || (clr_i && rst_ni) || (!((rready_i && rvalid_o && wread
TT3_ARITHMETIC_UPDATE/T13(!((rready_i && rvalid_o && wready_o && wvalid_i)) && !(clr_i) && rst_
TT1_GUARDED_UPDATE/T14(!(clr_i) && rready_i && rst_ni && rvalid_o && wready_o && wvalid_i) |
TT1_GUARDED_UPDATE/T15(!((rready_i && rvalid_o && wready_o && wvalid_i)) && !(clr_i) && rst_
TT2_HOLD_CONDITION/T16!(((!(clr_i) && rready_i && rst_ni && rvalid_o && wready_o && wvalid_i
TT4_HOLD_VALID/T17(wvalid_i && !wready_o) |=> wvalid_i
TT4_DATA_STABLE/T18(wvalid_i && !wready_o) |=> $stable(wdata_i)
TT4_HOLD_VALID/T19(rvalid_o && !rready_i) |=> rvalid_o
TT4_DATA_STABLE/T20(rvalid_o && !rready_i) |=> $stable(rdata_o)
tlul_sram_byte 37 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(alert_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(compound_txn_in_progress_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(error_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(tl_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(tl_o_a_ready)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(tl_o_d_data)
SCAI_F0_ASSERT_KNOWN/6!$isunknown(tl_o_d_error)
SCAI_F0_ASSERT_KNOWN/7!$isunknown(tl_o_d_opcode)
SCAI_F0_ASSERT_KNOWN/8!$isunknown(tl_o_d_param)
SCAI_F0_ASSERT_KNOWN/9!$isunknown(tl_o_d_sink)
SCAI_F0_ASSERT_KNOWN/10!$isunknown(tl_o_d_size)
SCAI_F0_ASSERT_KNOWN/11!$isunknown(tl_o_d_source)
SCAI_F0_ASSERT_KNOWN/12!$isunknown(tl_o_d_user)
SCAI_F0_ASSERT_KNOWN/13!$isunknown(tl_o_d_valid)
SCAI_F0_ASSERT_KNOWN/14!$isunknown(tl_sram_o)
SCAI_F0_ASSERT_KNOWN/15!$isunknown(tl_sram_o_a_address)
SCAI_F0_ASSERT_KNOWN/16!$isunknown(tl_sram_o_a_data)
SCAI_F0_ASSERT_KNOWN/17!$isunknown(tl_sram_o_a_mask)
SCAI_F0_ASSERT_KNOWN/18!$isunknown(tl_sram_o_a_opcode)
SCAI_F0_ASSERT_KNOWN/19!$isunknown(tl_sram_o_a_param)
SCAI_F0_ASSERT_KNOWN/20!$isunknown(tl_sram_o_a_size)
SCAI_F0_ASSERT_KNOWN/21!$isunknown(tl_sram_o_a_source)
SCAI_F0_ASSERT_KNOWN/22!$isunknown(tl_sram_o_a_user)
SCAI_F0_ASSERT_KNOWN/23!$isunknown(tl_sram_o_a_valid)
SCAI_F0_ASSERT_KNOWN/24!$isunknown(tl_sram_o_d_ready)
SCAI_F0_PARAM_CONSTRAINT/251'b1
SCAI_F0_PARAM_CONSTRAINT/261'b1
SCAI_F3_SAFETY_IMPLICATION/27alert_o == 1'b0
SCAI_F0_CONSTANT_OUTPUT/28alert_o == 1'b0
SCAI_F3_SAFETY_IMPLICATION/29compound_txn_in_progress_o == 1'b0
SCAI_F0_CONSTANT_OUTPUT/30compound_txn_in_progress_o == 1'b0
SCAI_F3_SAFETY_IMPLICATION/31error_o == error_i
SCAI_F3_PASSTHROUGH/32error_o == error_i
SCAI_F3_SAFETY_IMPLICATION/33tl_o == tl_sram_i
SCAI_F3_PASSTHROUGH/34tl_o == tl_sram_i
SCAI_F3_SAFETY_IMPLICATION/35tl_sram_o == tl_i
SCAI_F3_PASSTHROUGH/36tl_sram_o == tl_i
prim_arbiter_tree 36 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(gnt_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(idx_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(valid_o)
SCAI_F2_ARBITER_COMPLETENESS/4!(|(req_i) && ready_i) || |(gnt_o)
SCAI_F2_GRANT_IMPLIES_REQUEST/5!gnt_o[0] || req_i[0]
SCAI_F2_GRANT_IMPLIES_REQUEST/6!gnt_o[1] || req_i[1]
SCAI_F2_GRANT_IMPLIES_REQUEST/7!gnt_o[2] || req_i[2]
SCAI_F2_GRANT_IMPLIES_REQUEST/8!gnt_o[3] || req_i[3]
SCAI_F2_GRANT_IMPLIES_REQUEST/9!gnt_o[4] || req_i[4]
SCAI_F2_GRANT_IMPLIES_REQUEST/10!gnt_o[5] || req_i[5]
SCAI_F2_GRANT_IMPLIES_REQUEST/11!gnt_o[6] || req_i[6]
SCAI_F2_GRANT_IMPLIES_REQUEST/12!gnt_o[7] || req_i[7]
SCAI_F3_SAFETY_IMPLICATION/13!rst_ni || (prio_mask_q == prio_mask_d)
SCAI_F2_GRANT_EXCLUSIVITY/14$onehot0(gnt_o)
SCAI_F0_PARAM_CONSTRAINT/151'b1
SCAI_F0_PARAM_CONSTRAINT/161'b1
SCAI_F0_PARAM_CONSTRAINT/171'b1
SCAI_F3_SAFETY_IMPLICATION/18data_o == data_tree[0]
SCAI_F3_SAFETY_IMPLICATION/28idx_o == idx_tree[0]
SCAI_F3_SAFETY_IMPLICATION/29rst_ni || (prio_mask_q == 8'h0)
SCAI_F3_SAFETY_IMPLICATION/30valid_o == req_tree[0]
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (prio_mask_q == 8'd0)
TT1_GUARDED_UPDATE/T1rst_ni |=> (prio_mask_q == prio_mask_d)
TT2_HOLD_CONDITION/T2!((!(rst_ni) || rst_ni)) |=> $stable(prio_mask_q)
TT4_HOLD_VALID/T3(valid_o && !ready_i) |=> valid_o
TT4_DATA_STABLE/T4(valid_o && !ready_i) |=> $stable(data_i)
TT4_DATA_STABLE/T5(valid_o && !ready_i) |=> $stable(data_o)
TT7_PER_REQUESTER_LIVENESS/T7(req_i[0] && ready_i) |=> ##[0:16] gnt_o[0]
TT7_PER_REQUESTER_LIVENESS/T8(req_i[1] && ready_i) |=> ##[0:16] gnt_o[1]
TT7_PER_REQUESTER_LIVENESS/T9(req_i[2] && ready_i) |=> ##[0:16] gnt_o[2]
TT7_PER_REQUESTER_LIVENESS/T10(req_i[3] && ready_i) |=> ##[0:16] gnt_o[3]
TT7_PER_REQUESTER_LIVENESS/T11(req_i[4] && ready_i) |=> ##[0:16] gnt_o[4]
TT7_PER_REQUESTER_LIVENESS/T12(req_i[5] && ready_i) |=> ##[0:16] gnt_o[5]
TT7_PER_REQUESTER_LIVENESS/T13(req_i[6] && ready_i) |=> ##[0:16] gnt_o[6]
TT7_PER_REQUESTER_LIVENESS/T14(req_i[7] && ready_i) |=> ##[0:16] gnt_o[7]
prim_alert_rxtx_async_fatal_tb 35 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(alert_ack_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(alert_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(alert_state_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(integ_fail_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(ping_ok_o)
SCAI_F3_SAFETY_IMPLICATION/5!rst_ni || (ack_nq == {ack_nq[($high(ack_nq) - 1):0], ack_nd
SCAI_F3_SAFETY_IMPLICATION/6!rst_ni || (ack_pq == {ack_pq[($high(ack_pq) - 1):0], ack_pd
SCAI_F3_SAFETY_IMPLICATION/7!rst_ni || (alert_nq == {alert_nq[($high(alert_nq) - 1):0],
SCAI_F3_SAFETY_IMPLICATION/8!rst_ni || (alert_pq == {alert_pq[($high(alert_pq) - 1):0],
SCAI_F3_SAFETY_IMPLICATION/9!rst_ni || (ping_nq == {ping_nq[($high(ping_nq) - 1):0], pin
SCAI_F3_SAFETY_IMPLICATION/10!rst_ni || (ping_pq == {ping_pq[($high(ping_pq) - 1):0], pin
SCAI_F3_SAFETY_IMPLICATION/11rst_ni || (ack_nq == 2'h3)
SCAI_F3_SAFETY_IMPLICATION/12rst_ni || (ack_pq == 2'h0)
SCAI_F3_SAFETY_IMPLICATION/13rst_ni || (alert_nq == 2'h3)
SCAI_F3_SAFETY_IMPLICATION/14rst_ni || (alert_pq == 2'h0)
SCAI_F3_SAFETY_IMPLICATION/15rst_ni || (ping_nq == 2'h3)
SCAI_F3_SAFETY_IMPLICATION/16rst_ni || (ping_pq == 2'h0)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (ping_pq == 2'b0)
TT1_GUARDED_UPDATE/T1rst_ni |=> (ping_pq == {ping_pq[($high(ping_pq) - 1):0], ping_pd})
TT2_HOLD_CONDITION/T2!((!(rst_ni) || rst_ni)) |=> $stable(ping_pq)
TT1_GUARDED_UPDATE/T3!(rst_ni) |=> (ping_nq == 2'b11)
TT1_GUARDED_UPDATE/T4rst_ni |=> (ping_nq == {ping_nq[($high(ping_nq) - 1):0], ping_nd})
TT2_HOLD_CONDITION/T5!((!(rst_ni) || rst_ni)) |=> $stable(ping_nq)
TT1_GUARDED_UPDATE/T6!(rst_ni) |=> (ack_pq == 2'b0)
TT1_GUARDED_UPDATE/T7rst_ni |=> (ack_pq == {ack_pq[($high(ack_pq) - 1):0], ack_pd})
TT2_HOLD_CONDITION/T8!((!(rst_ni) || rst_ni)) |=> $stable(ack_pq)
TT1_GUARDED_UPDATE/T9!(rst_ni) |=> (ack_nq == 2'b11)
TT1_GUARDED_UPDATE/T10rst_ni |=> (ack_nq == {ack_nq[($high(ack_nq) - 1):0], ack_nd})
TT2_HOLD_CONDITION/T11!((!(rst_ni) || rst_ni)) |=> $stable(ack_nq)
TT1_GUARDED_UPDATE/T12!(rst_ni) |=> (alert_pq == 2'b0)
TT1_GUARDED_UPDATE/T13rst_ni |=> (alert_pq == {alert_pq[($high(alert_pq) - 1):0], alert_pd})
TT2_HOLD_CONDITION/T14!((!(rst_ni) || rst_ni)) |=> $stable(alert_pq)
TT1_GUARDED_UPDATE/T15!(rst_ni) |=> (alert_nq == 2'b11)
TT1_GUARDED_UPDATE/T16rst_ni |=> (alert_nq == {alert_nq[($high(alert_nq) - 1):0], alert_nd})
TT2_HOLD_CONDITION/T17!((!(rst_ni) || rst_ni)) |=> $stable(alert_nq)
prim_alert_rxtx_async_tb 35 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(alert_ack_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(alert_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(alert_state_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(integ_fail_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(ping_ok_o)
SCAI_F3_SAFETY_IMPLICATION/5!rst_ni || (ack_nq == {ack_nq[($high(ack_nq) - 1):0], ack_nd
SCAI_F3_SAFETY_IMPLICATION/6!rst_ni || (ack_pq == {ack_pq[($high(ack_pq) - 1):0], ack_pd
SCAI_F3_SAFETY_IMPLICATION/7!rst_ni || (alert_nq == {alert_nq[($high(alert_nq) - 1):0],
SCAI_F3_SAFETY_IMPLICATION/8!rst_ni || (alert_pq == {alert_pq[($high(alert_pq) - 1):0],
SCAI_F3_SAFETY_IMPLICATION/9!rst_ni || (ping_nq == {ping_nq[($high(ping_nq) - 1):0], pin
SCAI_F3_SAFETY_IMPLICATION/10!rst_ni || (ping_pq == {ping_pq[($high(ping_pq) - 1):0], pin
SCAI_F3_SAFETY_IMPLICATION/11rst_ni || (ack_nq == 2'h3)
SCAI_F3_SAFETY_IMPLICATION/12rst_ni || (ack_pq == 2'h0)
SCAI_F3_SAFETY_IMPLICATION/13rst_ni || (alert_nq == 2'h3)
SCAI_F3_SAFETY_IMPLICATION/14rst_ni || (alert_pq == 2'h0)
SCAI_F3_SAFETY_IMPLICATION/15rst_ni || (ping_nq == 2'h3)
SCAI_F3_SAFETY_IMPLICATION/16rst_ni || (ping_pq == 2'h0)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (ping_pq == 2'b0)
TT1_GUARDED_UPDATE/T1rst_ni |=> (ping_pq == {ping_pq[($high(ping_pq) - 1):0], ping_pd})
TT2_HOLD_CONDITION/T2!((!(rst_ni) || rst_ni)) |=> $stable(ping_pq)
TT1_GUARDED_UPDATE/T3!(rst_ni) |=> (ping_nq == 2'b11)
TT1_GUARDED_UPDATE/T4rst_ni |=> (ping_nq == {ping_nq[($high(ping_nq) - 1):0], ping_nd})
TT2_HOLD_CONDITION/T5!((!(rst_ni) || rst_ni)) |=> $stable(ping_nq)
TT1_GUARDED_UPDATE/T6!(rst_ni) |=> (ack_pq == 2'b0)
TT1_GUARDED_UPDATE/T7rst_ni |=> (ack_pq == {ack_pq[($high(ack_pq) - 1):0], ack_pd})
TT2_HOLD_CONDITION/T8!((!(rst_ni) || rst_ni)) |=> $stable(ack_pq)
TT1_GUARDED_UPDATE/T9!(rst_ni) |=> (ack_nq == 2'b11)
TT1_GUARDED_UPDATE/T10rst_ni |=> (ack_nq == {ack_nq[($high(ack_nq) - 1):0], ack_nd})
TT2_HOLD_CONDITION/T11!((!(rst_ni) || rst_ni)) |=> $stable(ack_nq)
TT1_GUARDED_UPDATE/T12!(rst_ni) |=> (alert_pq == 2'b0)
TT1_GUARDED_UPDATE/T13rst_ni |=> (alert_pq == {alert_pq[($high(alert_pq) - 1):0], alert_pd})
TT2_HOLD_CONDITION/T14!((!(rst_ni) || rst_ni)) |=> $stable(alert_pq)
TT1_GUARDED_UPDATE/T15!(rst_ni) |=> (alert_nq == 2'b11)
TT1_GUARDED_UPDATE/T16rst_ni |=> (alert_nq == {alert_nq[($high(alert_nq) - 1):0], alert_nd})
TT2_HOLD_CONDITION/T17!((!(rst_ni) || rst_ni)) |=> $stable(alert_nq)
prim_arbiter_fixed_tb 34 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(gnt_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(idx_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(valid_o)
SCAI_F2_ARBITER_COMPLETENESS/4!(|(req_i) && ready_i) || |(gnt_o)
SCAI_F2_GRANT_IMPLIES_REQUEST/5!gnt_o[0] || req_i[0]
SCAI_F2_PRIORITY_ORDERING/6!gnt_o[1] || !req_i[0]
SCAI_F2_GRANT_IMPLIES_REQUEST/7!gnt_o[1] || req_i[1]
SCAI_F2_PRIORITY_ORDERING/8!gnt_o[2] || !(|(req_i[1:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/9!gnt_o[2] || req_i[2]
SCAI_F2_PRIORITY_ORDERING/10!gnt_o[3] || !(|(req_i[2:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/11!gnt_o[3] || req_i[3]
SCAI_F2_PRIORITY_ORDERING/12!gnt_o[4] || !(|(req_i[3:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/13!gnt_o[4] || req_i[4]
SCAI_F2_PRIORITY_ORDERING/14!gnt_o[5] || !(|(req_i[4:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/15!gnt_o[5] || req_i[5]
SCAI_F2_PRIORITY_ORDERING/16!gnt_o[6] || !(|(req_i[5:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/17!gnt_o[6] || req_i[6]
SCAI_F2_PRIORITY_ORDERING/18!gnt_o[7] || !(|(req_i[6:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/19!gnt_o[7] || req_i[7]
SCAI_F0_PARAM_CONSTRAINT/201'b1
SCAI_F0_PARAM_CONSTRAINT/211'b1
SCAI_F0_PARAM_CONSTRAINT/221'b1
TT4_HOLD_VALID/T0(valid_o && !ready_i) |=> valid_o
TT4_DATA_STABLE/T1(valid_o && !ready_i) |=> $stable(data_i)
TT4_DATA_STABLE/T2(valid_o && !ready_i) |=> $stable(data_o)
TT7_PER_REQUESTER_LIVENESS/T4(req_i[0] && ready_i) |=> ##[0:16] gnt_o[0]
TT7_PER_REQUESTER_LIVENESS/T5(req_i[1] && ready_i) |=> ##[0:16] gnt_o[1]
TT7_PER_REQUESTER_LIVENESS/T6(req_i[2] && ready_i) |=> ##[0:16] gnt_o[2]
TT7_PER_REQUESTER_LIVENESS/T7(req_i[3] && ready_i) |=> ##[0:16] gnt_o[3]
TT7_PER_REQUESTER_LIVENESS/T8(req_i[4] && ready_i) |=> ##[0:16] gnt_o[4]
TT7_PER_REQUESTER_LIVENESS/T9(req_i[5] && ready_i) |=> ##[0:16] gnt_o[5]
TT7_PER_REQUESTER_LIVENESS/T10(req_i[6] && ready_i) |=> ##[0:16] gnt_o[6]
TT7_PER_REQUESTER_LIVENESS/T11(req_i[7] && ready_i) |=> ##[0:16] gnt_o[7]
tlul_adapter_racl 34 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(racl_error_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(racl_error_o_overflow)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(racl_error_o_read_access)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(racl_error_o_request_address)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(racl_error_o_valid)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(tl_d2h_o)
SCAI_F0_ASSERT_KNOWN/6!$isunknown(tl_d2h_o_a_ready)
SCAI_F0_ASSERT_KNOWN/7!$isunknown(tl_d2h_o_d_data)
SCAI_F0_ASSERT_KNOWN/8!$isunknown(tl_d2h_o_d_error)
SCAI_F0_ASSERT_KNOWN/9!$isunknown(tl_d2h_o_d_opcode)
SCAI_F0_ASSERT_KNOWN/10!$isunknown(tl_d2h_o_d_param)
SCAI_F0_ASSERT_KNOWN/11!$isunknown(tl_d2h_o_d_sink)
SCAI_F0_ASSERT_KNOWN/12!$isunknown(tl_d2h_o_d_size)
SCAI_F0_ASSERT_KNOWN/13!$isunknown(tl_d2h_o_d_source)
SCAI_F0_ASSERT_KNOWN/14!$isunknown(tl_d2h_o_d_user)
SCAI_F0_ASSERT_KNOWN/15!$isunknown(tl_d2h_o_d_valid)
SCAI_F0_ASSERT_KNOWN/16!$isunknown(tl_filtered_h2d_o)
SCAI_F0_ASSERT_KNOWN/17!$isunknown(tl_filtered_h2d_o_a_address)
SCAI_F0_ASSERT_KNOWN/18!$isunknown(tl_filtered_h2d_o_a_data)
SCAI_F0_ASSERT_KNOWN/19!$isunknown(tl_filtered_h2d_o_a_mask)
SCAI_F0_ASSERT_KNOWN/20!$isunknown(tl_filtered_h2d_o_a_opcode)
SCAI_F0_ASSERT_KNOWN/21!$isunknown(tl_filtered_h2d_o_a_param)
SCAI_F0_ASSERT_KNOWN/22!$isunknown(tl_filtered_h2d_o_a_size)
SCAI_F0_ASSERT_KNOWN/23!$isunknown(tl_filtered_h2d_o_a_source)
SCAI_F0_ASSERT_KNOWN/24!$isunknown(tl_filtered_h2d_o_a_user)
SCAI_F0_ASSERT_KNOWN/25!$isunknown(tl_filtered_h2d_o_a_valid)
SCAI_F0_ASSERT_KNOWN/26!$isunknown(tl_filtered_h2d_o_d_ready)
SCAI_F0_PARAM_CONSTRAINT/271'b1
SCAI_F3_SAFETY_IMPLICATION/28racl_error_o == 37'h0
SCAI_F0_CONSTANT_OUTPUT/29racl_error_o == 37'h0
SCAI_F3_SAFETY_IMPLICATION/30tl_d2h_o == tl_filtered_d2h_i
SCAI_F3_PASSTHROUGH/31tl_d2h_o == tl_filtered_d2h_i
SCAI_F3_SAFETY_IMPLICATION/32tl_filtered_h2d_o == tl_h2d_i
SCAI_F3_PASSTHROUGH/33tl_filtered_h2d_o == tl_h2d_i
tlul_adapter_sram_racl 34 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(addr_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(compound_txn_in_progress_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(intg_error_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(racl_error_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(racl_error_o_overflow)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(racl_error_o_read_access)
SCAI_F0_ASSERT_KNOWN/6!$isunknown(racl_error_o_request_address)
SCAI_F0_ASSERT_KNOWN/7!$isunknown(racl_error_o_valid)
SCAI_F0_ASSERT_KNOWN/8!$isunknown(readback_error_o)
SCAI_F0_ASSERT_KNOWN/9!$isunknown(req_o)
SCAI_F0_ASSERT_KNOWN/10!$isunknown(req_type_o)
SCAI_F0_ASSERT_KNOWN/11!$isunknown(tl_o)
SCAI_F0_ASSERT_KNOWN/12!$isunknown(tl_o_a_ready)
SCAI_F0_ASSERT_KNOWN/13!$isunknown(tl_o_d_data)
SCAI_F0_ASSERT_KNOWN/14!$isunknown(tl_o_d_error)
SCAI_F0_ASSERT_KNOWN/15!$isunknown(tl_o_d_opcode)
SCAI_F0_ASSERT_KNOWN/16!$isunknown(tl_o_d_param)
SCAI_F0_ASSERT_KNOWN/17!$isunknown(tl_o_d_sink)
SCAI_F0_ASSERT_KNOWN/18!$isunknown(tl_o_d_size)
SCAI_F0_ASSERT_KNOWN/19!$isunknown(tl_o_d_source)
SCAI_F0_ASSERT_KNOWN/20!$isunknown(tl_o_d_user)
SCAI_F0_ASSERT_KNOWN/21!$isunknown(tl_o_d_valid)
SCAI_F0_ASSERT_KNOWN/22!$isunknown(user_rsvd_o)
SCAI_F0_ASSERT_KNOWN/23!$isunknown(wdata_o)
SCAI_F0_ASSERT_KNOWN/24!$isunknown(we_o)
SCAI_F0_ASSERT_KNOWN/25!$isunknown(wmask_o)
SCAI_F0_PARAM_CONSTRAINT/261'b1
SCAI_F0_PARAM_CONSTRAINT/271'b1
SCAI_F0_PARAM_CONSTRAINT/281'b1
SCAI_F0_PARAM_CONSTRAINT/291'b1
SCAI_F0_PARAM_CONSTRAINT/301'b1
SCAI_F0_PARAM_CONSTRAINT/311'b1
SCAI_F0_PARAM_CONSTRAINT/321'b1
SCAI_F0_PARAM_CONSTRAINT/331'b1
prim_arbiter_ppc_tb 32 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(gnt_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(idx_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(valid_o)
SCAI_F2_ARBITER_COMPLETENESS/4!(|(req_i) && ready_i) || |(gnt_o)
SCAI_F2_GRANT_IMPLIES_REQUEST/5!gnt_o[0] || req_i[0]
SCAI_F2_PRIORITY_ORDERING/6!gnt_o[1] || !req_i[0]
SCAI_F2_GRANT_IMPLIES_REQUEST/7!gnt_o[1] || req_i[1]
SCAI_F2_PRIORITY_ORDERING/8!gnt_o[2] || !(|(req_i[1:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/9!gnt_o[2] || req_i[2]
SCAI_F2_PRIORITY_ORDERING/10!gnt_o[3] || !(|(req_i[2:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/11!gnt_o[3] || req_i[3]
SCAI_F2_PRIORITY_ORDERING/12!gnt_o[4] || !(|(req_i[3:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/13!gnt_o[4] || req_i[4]
SCAI_F2_PRIORITY_ORDERING/14!gnt_o[5] || !(|(req_i[4:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/15!gnt_o[5] || req_i[5]
SCAI_F2_PRIORITY_ORDERING/16!gnt_o[6] || !(|(req_i[5:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/17!gnt_o[6] || req_i[6]
SCAI_F2_PRIORITY_ORDERING/18!gnt_o[7] || !(|(req_i[6:0]))
SCAI_F2_GRANT_IMPLIES_REQUEST/19!gnt_o[7] || req_i[7]
SCAI_F0_PARAM_CONSTRAINT/201'b1
TT4_HOLD_VALID/T0(valid_o && !ready_i) |=> valid_o
TT4_DATA_STABLE/T1(valid_o && !ready_i) |=> $stable(data_i)
TT4_DATA_STABLE/T2(valid_o && !ready_i) |=> $stable(data_o)
TT7_PER_REQUESTER_LIVENESS/T4(req_i[0] && ready_i) |=> ##[0:16] gnt_o[0]
TT7_PER_REQUESTER_LIVENESS/T5(req_i[1] && ready_i) |=> ##[0:16] gnt_o[1]
TT7_PER_REQUESTER_LIVENESS/T6(req_i[2] && ready_i) |=> ##[0:16] gnt_o[2]
TT7_PER_REQUESTER_LIVENESS/T7(req_i[3] && ready_i) |=> ##[0:16] gnt_o[3]
TT7_PER_REQUESTER_LIVENESS/T8(req_i[4] && ready_i) |=> ##[0:16] gnt_o[4]
TT7_PER_REQUESTER_LIVENESS/T9(req_i[5] && ready_i) |=> ##[0:16] gnt_o[5]
TT7_PER_REQUESTER_LIVENESS/T10(req_i[6] && ready_i) |=> ##[0:16] gnt_o[6]
TT7_PER_REQUESTER_LIVENESS/T11(req_i[7] && ready_i) |=> ##[0:16] gnt_o[7]
prim_reg_cdc 32 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(dst_re_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(dst_regwen_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(dst_wd_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(dst_we_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(src_busy_o)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(src_qs_o)
SCAI_F3_SAFETY_IMPLICATION/6!(!src_req && dst_to_src && rst_src_ni) || (src_q == dst_qs)
SCAI_F3_SAFETY_IMPLICATION/7!(!src_req && dst_to_src && rst_src_ni) || (txn_bits_q == 3'
SCAI_F3_SAFETY_IMPLICATION/8!(!src_req && rst_src_ni && src_ack) || (src_busy_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/9!(rst_src_ni && src_req) || (src_busy_q == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/10!(rst_src_ni && src_req) || (src_q == (src_wd_i & 32'hFFFFFF
SCAI_F3_SAFETY_IMPLICATION/11!(rst_src_ni && src_req) || (txn_bits_q == {src_we_i, src_re
SCAI_F0_PARAM_CONSTRAINT/121'b1
SCAI_F0_PARAM_CONSTRAINT/131'b1
SCAI_F3_SAFETY_IMPLICATION/14dst_wd_o == src_q
SCAI_F3_SAFETY_IMPLICATION/15rst_src_ni || (src_busy_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/16rst_src_ni || (src_q == 32'h0)
SCAI_F3_SAFETY_IMPLICATION/17rst_src_ni || (txn_bits_q == 3'h0)
SCAI_F3_SAFETY_IMPLICATION/18src_busy_o == src_busy_q
SCAI_F3_SAFETY_IMPLICATION/19src_qs_o == src_q
TT1_GUARDED_UPDATE/T0!(rst_src_ni) |=> (src_busy_q == 1'b0)
TT1_GUARDED_UPDATE/T1(rst_src_ni && src_req) |=> (src_busy_q == 1'b1)
TT1_GUARDED_UPDATE/T2(!(src_req) && rst_src_ni && src_ack) |=> (src_busy_q == 1'b0)
TT2_HOLD_CONDITION/T3!((!(rst_src_ni) || (rst_src_ni && src_req) || (!(src_req) && rst_src_
TT1_GUARDED_UPDATE/T4!(rst_src_ni) |=> (src_q == 32'd0)
TT1_GUARDED_UPDATE/T5(rst_src_ni && src_req) |=> (src_q == (src_wd_i & 32'd4294967295))
TT1_GUARDED_UPDATE/T6(!(src_req) && dst_to_src && rst_src_ni) |=> (src_q == dst_qs)
TT2_HOLD_CONDITION/T7!((!(rst_src_ni) || (rst_src_ni && src_req) || (!(src_req) && dst_to_s
TT1_GUARDED_UPDATE/T8!(rst_src_ni) |=> (txn_bits_q == 3'b0)
TT1_GUARDED_UPDATE/T9(rst_src_ni && src_req) |=> (txn_bits_q == {src_we_i, src_re_i, src_re
TT1_GUARDED_UPDATE/T10(!(src_req) && dst_to_src && rst_src_ni) |=> (txn_bits_q == 3'b0)
TT2_HOLD_CONDITION/T11!((!(rst_src_ni) || (rst_src_ni && src_req) || (!(src_req) && dst_to_s
tlul_jtag_dtm 32 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(jtag_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(jtag_o_ar_ready)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(jtag_o_aw_ready)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(jtag_o_b_id)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(jtag_o_b_resp)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(jtag_o_b_user)
SCAI_F0_ASSERT_KNOWN/6!$isunknown(jtag_o_b_valid)
SCAI_F0_ASSERT_KNOWN/7!$isunknown(jtag_o_r_data)
SCAI_F0_ASSERT_KNOWN/8!$isunknown(jtag_o_r_id)
SCAI_F0_ASSERT_KNOWN/9!$isunknown(jtag_o_r_last)
SCAI_F0_ASSERT_KNOWN/10!$isunknown(jtag_o_r_resp)
SCAI_F0_ASSERT_KNOWN/11!$isunknown(jtag_o_r_user)
SCAI_F0_ASSERT_KNOWN/12!$isunknown(jtag_o_r_valid)
SCAI_F0_ASSERT_KNOWN/13!$isunknown(jtag_o_w_ready)
SCAI_F0_ASSERT_KNOWN/14!$isunknown(tl_h2d_o)
SCAI_F0_ASSERT_KNOWN/15!$isunknown(tl_h2d_o_a_address)
SCAI_F0_ASSERT_KNOWN/16!$isunknown(tl_h2d_o_a_data)
SCAI_F0_ASSERT_KNOWN/17!$isunknown(tl_h2d_o_a_mask)
SCAI_F0_ASSERT_KNOWN/18!$isunknown(tl_h2d_o_a_opcode)
SCAI_F0_ASSERT_KNOWN/19!$isunknown(tl_h2d_o_a_param)
SCAI_F0_ASSERT_KNOWN/20!$isunknown(tl_h2d_o_a_size)
SCAI_F0_ASSERT_KNOWN/21!$isunknown(tl_h2d_o_a_source)
SCAI_F0_ASSERT_KNOWN/22!$isunknown(tl_h2d_o_a_user)
SCAI_F0_ASSERT_KNOWN/23!$isunknown(tl_h2d_o_a_valid)
SCAI_F0_ASSERT_KNOWN/24!$isunknown(tl_h2d_o_d_ready)
SCAI_F3_SAFETY_IMPLICATION/25!(!(!pending_req_q && dmi_req_ready && dmi_req_valid) && dmi
SCAI_F3_SAFETY_IMPLICATION/26!(!pending_req_q && dmi_req_ready && dmi_req_valid && rst_ni
SCAI_F3_SAFETY_IMPLICATION/27rst_ni || (pending_req_q == 1'b0)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (pending_req_q == 1'b0)
TT1_GUARDED_UPDATE/T1(!(pending_req_q) && dmi_req_ready && dmi_req_valid && rst_ni) |=> (pe
TT1_GUARDED_UPDATE/T2(!((!(pending_req_q) && dmi_req_ready && dmi_req_valid)) && dmi_resp_v
TT2_HOLD_CONDITION/T3!((!(rst_ni) || (!(pending_req_q) && dmi_req_ready && dmi_req_valid &&
tlul_socket_1n 32 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(tl_d_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(tl_h_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(tl_h_o_a_ready)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(tl_h_o_d_data)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(tl_h_o_d_error)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(tl_h_o_d_opcode)
SCAI_F0_ASSERT_KNOWN/6!$isunknown(tl_h_o_d_param)
SCAI_F0_ASSERT_KNOWN/7!$isunknown(tl_h_o_d_sink)
SCAI_F0_ASSERT_KNOWN/8!$isunknown(tl_h_o_d_size)
SCAI_F0_ASSERT_KNOWN/9!$isunknown(tl_h_o_d_source)
SCAI_F0_ASSERT_KNOWN/10!$isunknown(tl_h_o_d_user)
SCAI_F0_ASSERT_KNOWN/11!$isunknown(tl_h_o_d_valid)
SCAI_F3_SAFETY_IMPLICATION/12!(accept_t_req && rst_ni) || (dev_select_outstanding == dev_
SCAI_F3_SAFETY_IMPLICATION/14!(dev_select_t == idx) || (hfifo_reqready == tl_u_i[idx].a_r
SCAI_F5_COUNTER_BOUND/15!accept_t_rsp || (num_req_outstanding != 9'h1FF)
SCAI_F3_SAFETY_IMPLICATION/16!hold_all_requests || (hfifo_reqready == 1'b0)
SCAI_F2_GRANT_EXCLUSIVITY/17$onehot0(tl_d_o)
SCAI_F0_PARAM_CONSTRAINT/181'b1
SCAI_F0_PARAM_CONSTRAINT/191'b1
SCAI_F3_SAFETY_IMPLICATION/22rst_ni || (dev_select_outstanding == 3'h0)
SCAI_F3_SAFETY_IMPLICATION/23rst_ni || (num_req_outstanding == 9'h0)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (num_req_outstanding == 9'd0)
TT2_HOLD_CONDITION/T1!((!(rst_ni) || (!(accept_t_rsp) && accept_t_req && rst_ni) || (!(acce
TT3_ARITHMETIC_UPDATE/T2(!(accept_t_rsp) && accept_t_req && rst_ni) |=> (num_req_outstanding =
TT1_GUARDED_UPDATE/T3!(rst_ni) |=> (dev_select_outstanding == 3'b0)
TT1_GUARDED_UPDATE/T4(accept_t_req && rst_ni) |=> (dev_select_outstanding == dev_select_t)
TT2_HOLD_CONDITION/T5!((!(rst_ni) || (accept_t_req && rst_ni))) |=> $stable(dev_select_outs
TT1_GUARDED_UPDATE/T6(dev_select_t == idx) |=> (hfifo_reqready == tl_u_i[idx].a_ready)
TT1_GUARDED_UPDATE/T7hold_all_requests |=> (hfifo_reqready == 1'b0)
TT2_HOLD_CONDITION/T8!(((dev_select_t == idx) || hold_all_requests)) |=> $stable(hfifo_reqr
TT1_GUARDED_UPDATE/T9(dev_select_outstanding == idx) |=> (tl_t_p == tl_u_i[idx])
TT2_HOLD_CONDITION/T10!((dev_select_outstanding == idx)) |=> $stable(tl_t_p)
tlul_err_resp 30 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(tl_h_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(tl_h_o_a_ready)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(tl_h_o_d_data)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(tl_h_o_d_error)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(tl_h_o_d_opcode)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(tl_h_o_d_param)
SCAI_F0_ASSERT_KNOWN/6!$isunknown(tl_h_o_d_sink)
SCAI_F0_ASSERT_KNOWN/7!$isunknown(tl_h_o_d_size)
SCAI_F0_ASSERT_KNOWN/8!$isunknown(tl_h_o_d_source)
SCAI_F0_ASSERT_KNOWN/9!$isunknown(tl_h_o_d_user)
SCAI_F0_ASSERT_KNOWN/10!$isunknown(tl_h_o_d_valid)
SCAI_F3_SAFETY_IMPLICATION/19rst_ni || (err_rsp_pending == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/20rst_ni || (err_size == 2'h0)
SCAI_F3_SAFETY_IMPLICATION/21rst_ni || (err_source == {TL_AIW{{1'b0}}})
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (err_rsp_pending == 1'b0)
TT1_GUARDED_UPDATE/T1(err_rsp_pending && rst_ni && tl_h_i.d_ready) |=> (err_rsp_pending ==
TT1_GUARDED_UPDATE/T2(!((err_rsp_pending && tl_h_i.d_ready)) && rst_ni && tl_h_i.a_valid &&
TT2_HOLD_CONDITION/T3!((!(rst_ni) || (err_rsp_pending && rst_ni && tl_h_i.d_ready) || (!((e
TT1_GUARDED_UPDATE/T4!(rst_ni) |=> (err_source == {TL_AIW{{1'b0}}})
TT1_GUARDED_UPDATE/T5(!((err_rsp_pending && tl_h_i.d_ready)) && rst_ni && tl_h_i.a_valid &&
TT2_HOLD_CONDITION/T6!((!(rst_ni) || (!((err_rsp_pending && tl_h_i.d_ready)) && rst_ni && t
TT1_GUARDED_UPDATE/T7!(rst_ni) |=> (err_opcode == Get)
TT1_GUARDED_UPDATE/T8(!((err_rsp_pending && tl_h_i.d_ready)) && rst_ni && tl_h_i.a_valid &&
TT2_HOLD_CONDITION/T9!((!(rst_ni) || (!((err_rsp_pending && tl_h_i.d_ready)) && rst_ni && t
TT1_GUARDED_UPDATE/T10!(rst_ni) |=> (err_size == 2'b0)
TT1_GUARDED_UPDATE/T11(!((err_rsp_pending && tl_h_i.d_ready)) && rst_ni && tl_h_i.a_valid &&
TT2_HOLD_CONDITION/T12!((!(rst_ni) || (!((err_rsp_pending && tl_h_i.d_ready)) && rst_ni && t
TT1_GUARDED_UPDATE/T13!(rst_ni) |=> (err_instr_type == MuBi4False)
TT1_GUARDED_UPDATE/T14(!((err_rsp_pending && tl_h_i.d_ready)) && rst_ni && tl_h_i.a_valid &&
TT2_HOLD_CONDITION/T15!((!(rst_ni) || (!((err_rsp_pending && tl_h_i.d_ready)) && rst_ni && t
prim_sram_arbiter 28 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(gnt_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(rsp_error_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(rsp_rdata_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(rsp_rvalid_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(sram_addr_o)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(sram_req_o)
SCAI_F0_ASSERT_KNOWN/6!$isunknown(sram_wdata_o)
SCAI_F0_ASSERT_KNOWN/7!$isunknown(sram_wmask_o)
SCAI_F0_ASSERT_KNOWN/8!$isunknown(sram_write_o)
SCAI_F2_GRANT_IMPLIES_REQUEST/9!gnt_o[0] || req_i[0]
SCAI_F2_GRANT_IMPLIES_REQUEST/10!gnt_o[1] || req_i[1]
SCAI_F2_GRANT_IMPLIES_REQUEST/11!gnt_o[2] || req_i[2]
SCAI_F2_GRANT_IMPLIES_REQUEST/12!gnt_o[3] || req_i[3]
SCAI_F2_GRANT_EXCLUSIVITY/13$onehot0(rsp_error_o)
SCAI_F2_GRANT_EXCLUSIVITY/14$onehot0(rsp_rdata_o)
SCAI_F0_PARAM_CONSTRAINT/151'b1
SCAI_F3_SAFETY_IMPLICATION/16rsp_error_o == sram_rerror_i
SCAI_F3_SAFETY_IMPLICATION/17rsp_error_o == sram_rerror_i
SCAI_F3_SAFETY_IMPLICATION/18rsp_error_o == sram_rerror_i
SCAI_F3_SAFETY_IMPLICATION/19rsp_error_o == sram_rerror_i
SCAI_F3_PASSTHROUGH/20rsp_error_o == sram_rerror_i
SCAI_F3_SAFETY_IMPLICATION/21rsp_rdata_o == sram_rdata_i
SCAI_F3_SAFETY_IMPLICATION/22rsp_rdata_o == sram_rdata_i
SCAI_F3_SAFETY_IMPLICATION/23rsp_rdata_o == sram_rdata_i
SCAI_F3_SAFETY_IMPLICATION/24rsp_rdata_o == sram_rdata_i
SCAI_F3_PASSTHROUGH/25rsp_rdata_o == sram_rdata_i
SCAI_F3_SAFETY_IMPLICATION/26rsp_rvalid_o == (steer & {32'h4{{sram_rvalid_i}}})
SCAI_F3_OUTPUT_EQUIVALENCE/27rsp_rvalid_o == (steer & {32'h4{{sram_rvalid_i}}})
tlul_adapter_reg_racl 27 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(addr_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(be_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(intg_error_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(racl_error_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(racl_error_o_overflow)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(racl_error_o_read_access)
SCAI_F0_ASSERT_KNOWN/6!$isunknown(racl_error_o_request_address)
SCAI_F0_ASSERT_KNOWN/7!$isunknown(racl_error_o_valid)
SCAI_F0_ASSERT_KNOWN/8!$isunknown(re_o)
SCAI_F0_ASSERT_KNOWN/9!$isunknown(tl_o)
SCAI_F0_ASSERT_KNOWN/10!$isunknown(tl_o_a_ready)
SCAI_F0_ASSERT_KNOWN/11!$isunknown(tl_o_d_data)
SCAI_F0_ASSERT_KNOWN/12!$isunknown(tl_o_d_error)
SCAI_F0_ASSERT_KNOWN/13!$isunknown(tl_o_d_opcode)
SCAI_F0_ASSERT_KNOWN/14!$isunknown(tl_o_d_param)
SCAI_F0_ASSERT_KNOWN/15!$isunknown(tl_o_d_sink)
SCAI_F0_ASSERT_KNOWN/16!$isunknown(tl_o_d_size)
SCAI_F0_ASSERT_KNOWN/17!$isunknown(tl_o_d_source)
SCAI_F0_ASSERT_KNOWN/18!$isunknown(tl_o_d_user)
SCAI_F0_ASSERT_KNOWN/19!$isunknown(tl_o_d_valid)
SCAI_F0_ASSERT_KNOWN/20!$isunknown(wdata_o)
SCAI_F0_ASSERT_KNOWN/21!$isunknown(we_o)
SCAI_F0_PARAM_CONSTRAINT/221'b1
SCAI_F0_PARAM_CONSTRAINT/231'b1
SCAI_F0_PARAM_CONSTRAINT/241'b1
SCAI_F3_SAFETY_IMPLICATION/25racl_error_o == 37'h0
SCAI_F0_CONSTANT_OUTPUT/26racl_error_o == 37'h0
prim_fifo_async_simple 24 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(rdata_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(rvalid_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(wready_o)
SCAI_F3_SAFETY_IMPLICATION/3!rst_wr_ni || (not_in_reset_q == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/4!rst_wr_ni || (pending_q == pending_d)
SCAI_F3_SAFETY_IMPLICATION/5!wr_en || (data_q == wdata_i)
SCAI_F3_SAFETY_IMPLICATION/6rdata_o == data_q
SCAI_F3_SAFETY_IMPLICATION/7rst_wr_ni || (not_in_reset_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/8rst_wr_ni || (pending_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/9rvalid_o == dst_req
SCAI_F3_SAFETY_IMPLICATION/10wready_o == (!pending_q && not_in_reset_q)
SCAI_F3_OUTPUT_EQUIVALENCE/11wready_o == (!pending_q && not_in_reset_q)
TT1_GUARDED_UPDATE/T0!(rst_wr_ni) |=> (pending_q == 1'b0)
TT1_GUARDED_UPDATE/T1rst_wr_ni |=> (pending_q == pending_d)
TT2_HOLD_CONDITION/T2!((!(rst_wr_ni) || rst_wr_ni)) |=> $stable(pending_q)
TT1_GUARDED_UPDATE/T3!(rst_wr_ni) |=> (not_in_reset_q == 1'b0)
TT1_GUARDED_UPDATE/T4rst_wr_ni |=> (not_in_reset_q == 1'b1)
TT2_HOLD_CONDITION/T5!((!(rst_wr_ni) || rst_wr_ni)) |=> $stable(not_in_reset_q)
TT1_GUARDED_UPDATE/T6wr_en |=> (data_q == wdata_i)
TT2_HOLD_CONDITION/T7!(wr_en) |=> $stable(data_q)
TT4_HOLD_VALID/T8(wvalid_i && !wready_o) |=> wvalid_i
TT4_DATA_STABLE/T9(wvalid_i && !wready_o) |=> $stable(wdata_i)
TT4_HOLD_VALID/T10(rvalid_o && !rready_i) |=> rvalid_o
TT4_DATA_STABLE/T11(rvalid_o && !rready_i) |=> $stable(rdata_o)
prim_fifo_sync 24 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(depth_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(full_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(rdata_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(rvalid_o)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(wready_o)
SCAI_F3_SAFETY_IMPLICATION/6!fifo_incr_wptr || (storage == wdata_i)
SCAI_F0_PARAM_CONSTRAINT/71'b1
SCAI_F3_SAFETY_IMPLICATION/8rdata_o == (empty ? 0 : rdata_int)
SCAI_F3_OUTPUT_EQUIVALENCE/9rdata_o == (empty ? 0 : rdata_int)
SCAI_F3_SAFETY_IMPLICATION/10rst_ni || (under_rst == 1'b1)
SCAI_F3_SAFETY_IMPLICATION/11rvalid_o == (~(empty) & ~(under_rst))
SCAI_F3_OUTPUT_EQUIVALENCE/12rvalid_o == (~(empty) & ~(under_rst))
SCAI_F3_SAFETY_IMPLICATION/13wready_o == (~(full_o) & ~(under_rst))
SCAI_F3_OUTPUT_EQUIVALENCE/14wready_o == (~(full_o) & ~(under_rst))
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (under_rst == 1'b1)
TT1_GUARDED_UPDATE/T1(rst_ni && under_rst) |=> (under_rst == ~(under_rst))
TT2_HOLD_CONDITION/T2!((!(rst_ni) || (rst_ni && under_rst))) |=> $stable(under_rst)
TT1_GUARDED_UPDATE/T3fifo_incr_wptr |=> (storage == wdata_i)
TT2_HOLD_CONDITION/T4!(fifo_incr_wptr) |=> $stable(storage)
TT4_HOLD_VALID/T5(wvalid_i && !wready_o) |=> wvalid_i
TT4_DATA_STABLE/T6(wvalid_i && !wready_o) |=> $stable(wdata_i)
TT4_HOLD_VALID/T7(rvalid_o && !rready_i) |=> rvalid_o
TT4_DATA_STABLE/T8(rvalid_o && !rready_i) |=> $stable(rdata_o)
prim_diff_decode 23 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(event_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(fall_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(level_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(rise_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(sigint_o)
SCAI_F3_SAFETY_IMPLICATION/5!rst_ni || (diff_pq == diff_pd)
SCAI_F3_SAFETY_IMPLICATION/6!rst_ni || (level_q == level_d)
SCAI_F3_SAFETY_IMPLICATION/7event_o == (rise_o | fall_o)
SCAI_F3_OUTPUT_EQUIVALENCE/8event_o == (rise_o | fall_o)
SCAI_F3_SAFETY_IMPLICATION/9fall_o == ((diff_pq & ~(diff_pi)) & ~(sigint_o))
SCAI_F3_OUTPUT_EQUIVALENCE/10fall_o == ((diff_pq & ~(diff_pi)) & ~(sigint_o))
SCAI_F3_SAFETY_IMPLICATION/11level_o == (sigint_o ? level_q : diff_pi)
SCAI_F3_OUTPUT_EQUIVALENCE/12level_o == (sigint_o ? level_q : diff_pi)
SCAI_F3_SAFETY_IMPLICATION/13rise_o == ((~(diff_pq) & diff_pi) & ~(sigint_o))
SCAI_F3_OUTPUT_EQUIVALENCE/14rise_o == ((~(diff_pq) & diff_pi) & ~(sigint_o))
SCAI_F3_SAFETY_IMPLICATION/15rst_ni || (diff_pq == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/16rst_ni || (level_q == 1'b0)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (diff_pq == 1'b0)
TT1_GUARDED_UPDATE/T1rst_ni |=> (diff_pq == diff_pd)
TT2_HOLD_CONDITION/T2!((!(rst_ni) || rst_ni)) |=> $stable(diff_pq)
TT1_GUARDED_UPDATE/T3!(rst_ni) |=> (level_q == 1'b0)
TT1_GUARDED_UPDATE/T4rst_ni |=> (level_q == level_d)
TT2_HOLD_CONDITION/T5!((!(rst_ni) || rst_ni)) |=> $stable(level_q)
tlul_err 23 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(err_o)
SCAI_F0_PARAM_CONSTRAINT/41'b1
SCAI_F0_PARAM_CONSTRAINT/51'b1
SCAI_F0_PARAM_CONSTRAINT/61'b1
SCAI_F0_PARAM_CONSTRAINT/71'b1
SCAI_F0_PARAM_CONSTRAINT/81'b1
SCAI_F3_SAFETY_IMPLICATION/9err_o == ((~((opcode_allowed & a_config_allowed)) | instr_wr
SCAI_F3_OUTPUT_EQUIVALENCE/10err_o == ((~((opcode_allowed & a_config_allowed)) | instr_wr
TT1_GUARDED_UPDATE/T0(tl_i.a_size && tl_i.a_valid) |=> (addr_sz_chk == 1'b1)
TT1_GUARDED_UPDATE/T1(tl_i.a_size && tl_i.a_valid) |=> (addr_sz_chk == ~(tl_i.a_address[0])
TT1_GUARDED_UPDATE/T2(tl_i.a_size && tl_i.a_valid) |=> (addr_sz_chk == ~|(tl_i.a_address[(2
TT1_GUARDED_UPDATE/T3(tl_i.a_size && tl_i.a_valid) |=> (addr_sz_chk == 1'b0)
TT2_HOLD_CONDITION/T4!(((tl_i.a_size && tl_i.a_valid) || (tl_i.a_size && tl_i.a_valid) || (
TT1_GUARDED_UPDATE/T5(tl_i.a_size && tl_i.a_valid) |=> (mask_chk == ~|((tl_i.a_mask & ~(mas
TT1_GUARDED_UPDATE/T6(tl_i.a_size && tl_i.a_valid) |=> (mask_chk == (tl_i.a_address[1] ? ~|
TT1_GUARDED_UPDATE/T7(tl_i.a_size && tl_i.a_valid) |=> (mask_chk == 1'b1)
TT1_GUARDED_UPDATE/T8(tl_i.a_size && tl_i.a_valid) |=> (mask_chk == 1'b0)
TT2_HOLD_CONDITION/T9!(((tl_i.a_size && tl_i.a_valid) || (tl_i.a_size && tl_i.a_valid) || (
TT1_GUARDED_UPDATE/T10(tl_i.a_size && tl_i.a_valid) |=> (fulldata_chk == |((tl_i.a_mask & ma
TT1_GUARDED_UPDATE/T11(tl_i.a_size && tl_i.a_valid) |=> (fulldata_chk == (tl_i.a_address[1]
TT1_GUARDED_UPDATE/T12(tl_i.a_size && tl_i.a_valid) |=> (fulldata_chk == &(tl_i.a_mask[3:0])
TT1_GUARDED_UPDATE/T13(tl_i.a_size && tl_i.a_valid) |=> (fulldata_chk == 1'b0)
TT2_HOLD_CONDITION/T14!(((tl_i.a_size && tl_i.a_valid) || (tl_i.a_size && tl_i.a_valid) || (
tlul_request_loopback 23 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(tl_d2h_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(tl_d2h_o_a_ready)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(tl_d2h_o_d_data)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(tl_d2h_o_d_error)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(tl_d2h_o_d_opcode)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(tl_d2h_o_d_param)
SCAI_F0_ASSERT_KNOWN/6!$isunknown(tl_d2h_o_d_sink)
SCAI_F0_ASSERT_KNOWN/7!$isunknown(tl_d2h_o_d_size)
SCAI_F0_ASSERT_KNOWN/8!$isunknown(tl_d2h_o_d_source)
SCAI_F0_ASSERT_KNOWN/9!$isunknown(tl_d2h_o_d_user)
SCAI_F0_ASSERT_KNOWN/10!$isunknown(tl_d2h_o_d_valid)
SCAI_F0_ASSERT_KNOWN/11!$isunknown(tl_h2d_o)
SCAI_F0_ASSERT_KNOWN/12!$isunknown(tl_h2d_o_a_address)
SCAI_F0_ASSERT_KNOWN/13!$isunknown(tl_h2d_o_a_data)
SCAI_F0_ASSERT_KNOWN/14!$isunknown(tl_h2d_o_a_mask)
SCAI_F0_ASSERT_KNOWN/15!$isunknown(tl_h2d_o_a_opcode)
SCAI_F0_ASSERT_KNOWN/16!$isunknown(tl_h2d_o_a_param)
SCAI_F0_ASSERT_KNOWN/17!$isunknown(tl_h2d_o_a_size)
SCAI_F0_ASSERT_KNOWN/18!$isunknown(tl_h2d_o_a_source)
SCAI_F0_ASSERT_KNOWN/19!$isunknown(tl_h2d_o_a_user)
SCAI_F0_ASSERT_KNOWN/20!$isunknown(tl_h2d_o_a_valid)
SCAI_F0_ASSERT_KNOWN/21!$isunknown(tl_h2d_o_d_ready)
SCAI_F3_SAFETY_IMPLICATION/22tl_h2d_o == tl_muxed_h2d[0]
prim_lfsr 22 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(state_o)
SCAI_F5_COUNTER_BOUND/1!rst_ni || (cnt_q != 32'h0)
SCAI_F3_SAFETY_IMPLICATION/2!rst_ni || (cnt_q == cnt_d)
SCAI_F3_SAFETY_IMPLICATION/3!rst_ni || (lfsr_q == lfsr_d)
SCAI_F3_SAFETY_IMPLICATION/4!rst_ni || (perturbed_q == perturbed_d)
SCAI_F5_COUNTER_BOUND/5cnt_d <= 32'h0
SCAI_F5_COUNTER_BOUND/6cnt_q <= 32'h0
SCAI_F5_LFSR_LOCKUP_FREE/7lfsr_q != 32'h0
SCAI_F3_SAFETY_IMPLICATION/8rst_ni || (cnt_q == 32'h0)
SCAI_F3_SAFETY_IMPLICATION/9rst_ni || (lfsr_q == 32'h1)
SCAI_F3_SAFETY_IMPLICATION/10rst_ni || (perturbed_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/11state_o == sbox_out
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (lfsr_q == 32'd1)
TT1_GUARDED_UPDATE/T1rst_ni |=> (lfsr_q == lfsr_d)
TT2_HOLD_CONDITION/T2!((!(rst_ni) || rst_ni)) |=> $stable(lfsr_q)
TT1_GUARDED_UPDATE/T3!(rst_ni) |=> (cnt_q == 32'd0)
TT1_GUARDED_UPDATE/T4rst_ni |=> (cnt_q == cnt_d)
TT2_HOLD_CONDITION/T5!((!(rst_ni) || rst_ni)) |=> $stable(cnt_q)
TT3_ARITHMETIC_UPDATE/T6!(rst_ni) |=> (cnt_q == $past(cnt_q) + 1)
TT1_GUARDED_UPDATE/T7!(rst_ni) |=> (perturbed_q == 1'b0)
TT1_GUARDED_UPDATE/T8rst_ni |=> (perturbed_q == perturbed_d)
TT2_HOLD_CONDITION/T9!((!(rst_ni) || rst_ni)) |=> $stable(perturbed_q)
prim_filter_ctr 19 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(filter_o)
SCAI_F3_SAFETY_IMPLICATION/1!(rst_ni && update_stored_value) || (stored_value_q == filte
SCAI_F3_SAFETY_IMPLICATION/2!rst_ni || (diff_ctr_q == diff_ctr_d)
SCAI_F3_SAFETY_IMPLICATION/3!rst_ni || (filter_q == filter_synced)
SCAI_F5_COUNTER_BOUND/4diff_ctr_d <= 2'h3
SCAI_F3_SAFETY_IMPLICATION/5filter_o == (enable_i ? stored_value_q : filter_synced)
SCAI_F3_OUTPUT_EQUIVALENCE/6filter_o == (enable_i ? stored_value_q : filter_synced)
SCAI_F3_SAFETY_IMPLICATION/7rst_ni || (diff_ctr_q == 2'h0)
SCAI_F3_SAFETY_IMPLICATION/8rst_ni || (filter_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/9rst_ni || (stored_value_q == 1'b0)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (filter_q == 1'b0)
TT1_GUARDED_UPDATE/T1rst_ni |=> (filter_q == filter_synced)
TT2_HOLD_CONDITION/T2!((!(rst_ni) || rst_ni)) |=> $stable(filter_q)
TT1_GUARDED_UPDATE/T3!(rst_ni) |=> (stored_value_q == 1'b0)
TT1_GUARDED_UPDATE/T4(rst_ni && update_stored_value) |=> (stored_value_q == filter_synced)
TT2_HOLD_CONDITION/T5!((!(rst_ni) || (rst_ni && update_stored_value))) |=> $stable(stored_v
TT1_GUARDED_UPDATE/T6!(rst_ni) |=> (diff_ctr_q == 2'b0)
TT1_GUARDED_UPDATE/T7rst_ni |=> (diff_ctr_q == diff_ctr_d)
TT2_HOLD_CONDITION/T8!((!(rst_ni) || rst_ni)) |=> $stable(diff_ctr_q)
prim_pulse_sync 18 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(dst_pulse_o)
SCAI_F3_SAFETY_IMPLICATION/1!effective_rst_n || (src_active_flag_q == src_active_flag_d)
SCAI_F3_SAFETY_IMPLICATION/2!rst_dst_ni || (dst_level_q == dst_level)
SCAI_F3_SAFETY_IMPLICATION/3!rst_src_ni || (src_level == (src_level ^ src_pulse_i))
SCAI_F3_SAFETY_IMPLICATION/4dst_pulse_o == (dst_level_q ^ dst_level)
SCAI_F3_OUTPUT_EQUIVALENCE/5dst_pulse_o == (dst_level_q ^ dst_level)
SCAI_F3_SAFETY_IMPLICATION/6effective_rst_n || (src_active_flag_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/7rst_dst_ni || (dst_level_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/8rst_src_ni || (src_level == 1'b0)
TT1_GUARDED_UPDATE/T0!(rst_src_ni) |=> (src_level == 1'b0)
TT1_GUARDED_UPDATE/T1rst_src_ni |=> (src_level == (src_level ^ src_pulse_i))
TT2_HOLD_CONDITION/T2!((!(rst_src_ni) || rst_src_ni)) |=> $stable(src_level)
TT1_GUARDED_UPDATE/T3!(effective_rst_n) |=> (src_active_flag_q == 1'b0)
TT1_GUARDED_UPDATE/T4effective_rst_n |=> (src_active_flag_q == src_active_flag_d)
TT2_HOLD_CONDITION/T5!((!(effective_rst_n) || effective_rst_n)) |=> $stable(src_active_flag
TT1_GUARDED_UPDATE/T6!(rst_dst_ni) |=> (dst_level_q == 1'b0)
TT1_GUARDED_UPDATE/T7rst_dst_ni |=> (dst_level_q == dst_level)
TT2_HOLD_CONDITION/T8!((!(rst_dst_ni) || rst_dst_ni)) |=> $stable(dst_level_q)
prim_gate_gen 17 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(valid_o)
SCAI_F3_SAFETY_IMPLICATION/2!(rst_ni && valid_d) || (regs_q == regs_d[k])
SCAI_F3_SAFETY_IMPLICATION/3!rst_ni || (valid_q == valid_d)
SCAI_F0_PARAM_CONSTRAINT/41'b1
SCAI_F0_PARAM_CONSTRAINT/51'b1
SCAI_F0_PARAM_CONSTRAINT/61'b1
SCAI_F0_PARAM_CONSTRAINT/71'b1
SCAI_F0_PARAM_CONSTRAINT/81'b1
SCAI_F3_SAFETY_IMPLICATION/11rst_ni || (regs_q == 64'h0)
SCAI_F3_SAFETY_IMPLICATION/12rst_ni || (valid_q == 2'h0)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (regs_q == 64'h0)
TT1_GUARDED_UPDATE/T1(rst_ni && valid_d) |=> (regs_q == regs_d[k])
TT2_HOLD_CONDITION/T2!((!(rst_ni) || (rst_ni && valid_d))) |=> $stable(regs_q)
TT1_GUARDED_UPDATE/T3!(rst_ni) |=> (valid_q == 2'b0)
TT1_GUARDED_UPDATE/T4rst_ni |=> (valid_q == valid_d)
TT2_HOLD_CONDITION/T5!((!(rst_ni) || rst_ni)) |=> $stable(valid_q)
prim_count 15 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(cnt_after_commit_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(cnt_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(err_o)
SCAI_F3_SAFETY_IMPLICATION/3!rst_ni || (err_q == err_d)
SCAI_F0_PARAM_CONSTRAINT/41'b1
SCAI_F0_PARAM_CONSTRAINT/51'b1
SCAI_F3_SAFETY_IMPLICATION/6cnt_after_commit_o == cnt_d[0]
SCAI_F3_SAFETY_IMPLICATION/7cnt_o == cnt_q[0]
SCAI_F5_COUNTER_BOUND/8cnt_q <= 2'h3
SCAI_F3_SAFETY_IMPLICATION/9err_o == err_q
SCAI_F5_COUNTER_BOUND/10ext_cnt <= 3'h7
SCAI_F3_SAFETY_IMPLICATION/11rst_ni || (err_q == 1'b0)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (err_q == 1'b0)
TT1_GUARDED_UPDATE/T1rst_ni |=> (err_q == err_d)
TT2_HOLD_CONDITION/T2!((!(rst_ni) || rst_ni)) |=> $stable(err_q)
alert_handler_reg_top 14 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(intg_err_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(reg2hw)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(shadowed_storage_err_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(shadowed_update_err_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(tl_o)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(tl_o_a_ready)
SCAI_F0_ASSERT_KNOWN/6!$isunknown(tl_o_d_data)
SCAI_F0_ASSERT_KNOWN/7!$isunknown(tl_o_d_error)
SCAI_F0_ASSERT_KNOWN/8!$isunknown(tl_o_d_opcode)
SCAI_F0_ASSERT_KNOWN/9!$isunknown(tl_o_d_param)
SCAI_F0_ASSERT_KNOWN/10!$isunknown(tl_o_d_sink)
SCAI_F0_ASSERT_KNOWN/11!$isunknown(tl_o_d_size)
SCAI_F0_ASSERT_KNOWN/12!$isunknown(tl_o_d_source)
SCAI_F0_ASSERT_KNOWN/13!$isunknown(tl_o_d_user)
alert_handler_reg_wrap 14 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(crashdump_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(crashdump_o_alert_cause)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(crashdump_o_loc_alert_cause)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(fatal_integ_alert_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(irq_o)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(reg2hw_wrap)
SCAI_F0_ASSERT_KNOWN/6!$isunknown(reg2hw_wrap_alert_en)
SCAI_F0_ASSERT_KNOWN/7!$isunknown(reg2hw_wrap_alert_ping_en)
SCAI_F0_ASSERT_KNOWN/8!$isunknown(reg2hw_wrap_class_clr)
SCAI_F0_ASSERT_KNOWN/9!$isunknown(reg2hw_wrap_class_en)
SCAI_F0_ASSERT_KNOWN/10!$isunknown(reg2hw_wrap_loc_alert_en)
SCAI_F0_ASSERT_KNOWN/11!$isunknown(reg2hw_wrap_ping_enable)
SCAI_F0_ASSERT_KNOWN/12!$isunknown(reg2hw_wrap_ping_timeout_cyc)
SCAI_F0_ASSERT_KNOWN/13!$isunknown(reg2hw_wrap_shadowed_err_storage)
prim_prince 14 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(valid_o)
SCAI_F3_SAFETY_IMPLICATION/2!dec_i || (k0 == k0_prime_d)
SCAI_F3_SAFETY_IMPLICATION/3!dec_i || (k0_prime_d == key_i[((2 * 64) - 1):64])
SCAI_F2_GRANT_EXCLUSIVITY/4$onehot0(data_o)
SCAI_F0_PARAM_CONSTRAINT/51'b1
SCAI_F0_PARAM_CONSTRAINT/61'b1
SCAI_F0_PARAM_CONSTRAINT/71'b1
SCAI_F3_SAFETY_IMPLICATION/8valid_o == valid_i
SCAI_F3_PASSTHROUGH/9valid_o == valid_i
TT1_GUARDED_UPDATE/T0dec_i |=> (k0 == k0_prime_d)
TT2_HOLD_CONDITION/T1!(dec_i) |=> $stable(k0)
TT1_GUARDED_UPDATE/T2dec_i |=> (k0_prime_d == key_i[((2 * 64) - 1):64])
TT2_HOLD_CONDITION/T3!(dec_i) |=> $stable(k0_prime_d)
prim_edge_detector 13 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(q_negedge_pulse_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(q_posedge_pulse_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(q_sync_o)
SCAI_F3_SAFETY_IMPLICATION/3!rst_ni || (q_sync_q == q_sync_d)
SCAI_F3_SAFETY_IMPLICATION/4q_negedge_pulse_o == (~(q_sync_d) & q_sync_q)
SCAI_F3_OUTPUT_EQUIVALENCE/5q_negedge_pulse_o == (~(q_sync_d) & q_sync_q)
SCAI_F3_SAFETY_IMPLICATION/6q_posedge_pulse_o == (q_sync_d & ~(q_sync_q))
SCAI_F3_OUTPUT_EQUIVALENCE/7q_posedge_pulse_o == (q_sync_d & ~(q_sync_q))
SCAI_F3_SAFETY_IMPLICATION/8q_sync_o == q_sync_d
SCAI_F3_SAFETY_IMPLICATION/9rst_ni || (q_sync_q == 1'b0)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (q_sync_q == 1'b0)
TT1_GUARDED_UPDATE/T1rst_ni |=> (q_sync_q == q_sync_d)
TT2_HOLD_CONDITION/T2!((!(rst_ni) || rst_ni)) |=> $stable(q_sync_q)
prim_filter 13 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(filter_o)
SCAI_F3_SAFETY_IMPLICATION/1!(rst_ni && update_stored_value) || (stored_value_q == filte
SCAI_F3_SAFETY_IMPLICATION/2!rst_ni || (stored_vector_q == stored_vector_d)
SCAI_F3_SAFETY_IMPLICATION/3filter_o == (enable_i ? stored_value_q : filter_synced)
SCAI_F3_OUTPUT_EQUIVALENCE/4filter_o == (enable_i ? stored_value_q : filter_synced)
SCAI_F3_SAFETY_IMPLICATION/5rst_ni || (stored_value_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/6rst_ni || (stored_vector_q == 4'h0)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (stored_value_q == 1'b0)
TT1_GUARDED_UPDATE/T1(rst_ni && update_stored_value) |=> (stored_value_q == filter_synced)
TT2_HOLD_CONDITION/T2!((!(rst_ni) || (rst_ni && update_stored_value))) |=> $stable(stored_v
TT1_GUARDED_UPDATE/T3!(rst_ni) |=> (stored_vector_q == 4'b0)
TT1_GUARDED_UPDATE/T4rst_ni |=> (stored_vector_q == stored_vector_d)
TT2_HOLD_CONDITION/T5!((!(rst_ni) || rst_ni)) |=> $stable(stored_vector_q)
prim_intr_hw 13 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(hw2reg_intr_state_d_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(hw2reg_intr_state_de_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(intr_o)
SCAI_F3_SAFETY_IMPLICATION/3!rst_ni || (intr_o == (status & reg2hw_intr_enable_q_i))
SCAI_F3_ENABLE_GATE/4!rst_ni || (intr_o == 1'b0)
SCAI_F3_BACKWARD_IMPLICATION/5(intr_o == 1'b0) || (rst_ni)
SCAI_F3_SAFETY_IMPLICATION/6hw2reg_intr_state_d_o == (new_event | reg2hw_intr_state_q_i)
SCAI_F3_OUTPUT_EQUIVALENCE/7hw2reg_intr_state_d_o == (new_event | reg2hw_intr_state_q_i)
SCAI_F3_SAFETY_IMPLICATION/8hw2reg_intr_state_de_o == |(new_event)
SCAI_F3_SAFETY_IMPLICATION/9rst_ni || (intr_o == 1'b0)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (intr_o == 1'b0)
TT1_GUARDED_UPDATE/T1rst_ni |=> (intr_o == (status & reg2hw_intr_enable_q_i))
TT2_HOLD_CONDITION/T2!((!(rst_ni) || rst_ni)) |=> $stable(intr_o)
tlul_socket_m1 13 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(tl_d_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(tl_d_o_a_address)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(tl_d_o_a_data)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(tl_d_o_a_mask)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(tl_d_o_a_opcode)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(tl_d_o_a_param)
SCAI_F0_ASSERT_KNOWN/6!$isunknown(tl_d_o_a_size)
SCAI_F0_ASSERT_KNOWN/7!$isunknown(tl_d_o_a_source)
SCAI_F0_ASSERT_KNOWN/8!$isunknown(tl_d_o_a_user)
SCAI_F0_ASSERT_KNOWN/9!$isunknown(tl_d_o_a_valid)
SCAI_F0_ASSERT_KNOWN/10!$isunknown(tl_d_o_d_ready)
SCAI_F0_ASSERT_KNOWN/11!$isunknown(tl_h_o)
SCAI_F2_GRANT_EXCLUSIVITY/12$onehot0(tl_h_o)
prim_sync_slow_fast 12 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(rdata_o)
SCAI_F3_SAFETY_IMPLICATION/1!(rst_fast_ni && wdata_en) || (wdata_q == wdata_i)
SCAI_F3_SAFETY_IMPLICATION/2!rst_fast_ni || (sync_clk_slow_q == sync_clk_slow)
SCAI_F3_SAFETY_IMPLICATION/3rdata_o == wdata_q
SCAI_F3_SAFETY_IMPLICATION/4rst_fast_ni || (sync_clk_slow_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/5rst_fast_ni || (wdata_q == 32'h0)
TT1_GUARDED_UPDATE/T0!(rst_fast_ni) |=> (sync_clk_slow_q == 1'b0)
TT1_GUARDED_UPDATE/T1rst_fast_ni |=> (sync_clk_slow_q == sync_clk_slow)
TT2_HOLD_CONDITION/T2!((!(rst_fast_ni) || rst_fast_ni)) |=> $stable(sync_clk_slow_q)
TT1_GUARDED_UPDATE/T3!(rst_fast_ni) |=> (wdata_q == 32'd0)
TT1_GUARDED_UPDATE/T4(rst_fast_ni && wdata_en) |=> (wdata_q == wdata_i)
TT2_HOLD_CONDITION/T5!((!(rst_fast_ni) || (rst_fast_ni && wdata_en))) |=> $stable(wdata_q)
prim_esc_rxtx_assert_fpv 11 proven
SCAI_F3_SAFETY_IMPLICATION/0!rst_ni || (error_q == error_d)
SCAI_F3_SAFETY_IMPLICATION/1!rst_ni || (esc_q == esc_d)
SCAI_F0_PARAM_CONSTRAINT/21'b1
SCAI_F3_SAFETY_IMPLICATION/3rst_ni || (error_q == 1'b0)
SCAI_F3_SAFETY_IMPLICATION/4rst_ni || (esc_q == 1'b0)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (error_q == 1'b0)
TT1_GUARDED_UPDATE/T1rst_ni |=> (error_q == error_d)
TT2_HOLD_CONDITION/T2!((!(rst_ni) || rst_ni)) |=> $stable(error_q)
TT1_GUARDED_UPDATE/T3!(rst_ni) |=> (esc_q == 1'b0)
TT1_GUARDED_UPDATE/T4rst_ni |=> (esc_q == esc_d)
TT2_HOLD_CONDITION/T5!((!(rst_ni) || rst_ni)) |=> $stable(esc_q)
prim_sync_reqack_data 10 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(dst_req_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(src_ack_o)
SCAI_F3_SAFETY_IMPLICATION/3!effective_rst_n || (chk_flag_q == chk_flag_d)
SCAI_F3_SAFETY_IMPLICATION/4data_o == data_i
SCAI_F3_PASSTHROUGH/5data_o == data_i
SCAI_F3_SAFETY_IMPLICATION/6effective_rst_n || (chk_flag_q == 1'b0)
TT1_GUARDED_UPDATE/T0!(effective_rst_n) |=> (chk_flag_q == 1'b0)
TT1_GUARDED_UPDATE/T1effective_rst_n |=> (chk_flag_q == chk_flag_d)
TT2_HOLD_CONDITION/T2!((!(effective_rst_n) || effective_rst_n)) |=> $stable(chk_flag_q)
prim_flop_en 9 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(q_o)
SCAI_F3_SAFETY_IMPLICATION/1!(en && rst_ni) || (q_o == d_i)
SCAI_F3_ENABLE_GATE/2!rst_ni || (q_o == 1'b0)
SCAI_F3_BACKWARD_IMPLICATION/3(q_o == 1'b0) || ((en && rst_ni))
SCAI_F0_PARAM_CONSTRAINT/41'b1
SCAI_F3_SAFETY_IMPLICATION/5rst_ni || (q_o == 1'b0)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (q_o == 1'b0)
TT1_GUARDED_UPDATE/T1(en && rst_ni) |=> (q_o == d_i)
TT2_HOLD_CONDITION/T2!((!(rst_ni) || (en && rst_ni))) |=> $stable(q_o)
tlul_assert 8 proven
SCAI_F3_SAFETY_IMPLICATION/3rst_ni || (pend_req == 2560'h0)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (pend_req == 2560'h0)
TT1_GUARDED_UPDATE/T1(((d2h.d_source != h2d.a_source) || !(d2h.d_valid)) && curr_req.pend &
TT2_HOLD_CONDITION/T2!((!(rst_ni) || (((d2h.d_source != h2d.a_source) || !(d2h.d_valid)) &&
TT1_GUARDED_UPDATE/T3(d2h.d_valid && h2d.d_ready && rst_ni) |=> (pend_req.pend == 0)
TT2_HOLD_CONDITION/T4!((d2h.d_valid && h2d.d_ready && rst_ni)) |=> $stable(pend_req.pend)
TT1_GUARDED_UPDATE/T5!(rst_ni) |=> (disable_sva == 0)
TT2_HOLD_CONDITION/T6!(!(rst_ni)) |=> $stable(disable_sva)
prim_secded_22_16_tb 7 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(encoded_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(syndrome_o)
SCAI_F6_SECDED_NO_ERROR/4(error_inject_i != 22'h0) || (err_o == 2'h0)
SCAI_F6_SECDED_SYNDROME/5(error_inject_i != 22'h0) || (syndrome_o == 6'h0)
SCAI_F6_SECDED_ROUNDTRIP/6(error_inject_i == 22'h0) || (data_o == data_i)
prim_secded_28_22_tb 7 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(encoded_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(syndrome_o)
SCAI_F6_SECDED_NO_ERROR/4(error_inject_i != 28'h0) || (err_o == 2'h0)
SCAI_F6_SECDED_SYNDROME/5(error_inject_i != 28'h0) || (syndrome_o == 6'h0)
SCAI_F6_SECDED_ROUNDTRIP/6(error_inject_i == 28'h0) || (data_o == data_i)
prim_secded_39_32_tb 7 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(encoded_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(syndrome_o)
SCAI_F6_SECDED_NO_ERROR/4(error_inject_i != 39'h0) || (err_o == 2'h0)
SCAI_F6_SECDED_SYNDROME/5(error_inject_i != 39'h0) || (syndrome_o == 7'h0)
SCAI_F6_SECDED_ROUNDTRIP/6(error_inject_i == 39'h0) || (data_o == data_i)
prim_secded_64_57_tb 7 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(encoded_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(syndrome_o)
SCAI_F6_SECDED_NO_ERROR/4(error_inject_i != 64'h0) || (err_o == 2'h0)
SCAI_F6_SECDED_SYNDROME/5(error_inject_i != 64'h0) || (syndrome_o == 7'h0)
SCAI_F6_SECDED_ROUNDTRIP/6(error_inject_i == 64'h0) || (data_o == data_i)
prim_secded_72_64_tb 7 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(encoded_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(syndrome_o)
SCAI_F6_SECDED_NO_ERROR/4(error_inject_i != 72'h0) || (err_o == 2'h0)
SCAI_F6_SECDED_SYNDROME/5(error_inject_i != 72'h0) || (syndrome_o == 8'h0)
SCAI_F6_SECDED_ROUNDTRIP/6(error_inject_i == 72'h0) || (data_o == data_i)
prim_secded_hamming_22_16_tb 7 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(encoded_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(syndrome_o)
SCAI_F6_SECDED_NO_ERROR/4(error_inject_i != 22'h0) || (err_o == 2'h0)
SCAI_F6_SECDED_SYNDROME/5(error_inject_i != 22'h0) || (syndrome_o == 6'h0)
SCAI_F6_SECDED_ROUNDTRIP/6(error_inject_i == 22'h0) || (data_o == data_i)
prim_secded_hamming_39_32_tb 7 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(encoded_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(syndrome_o)
SCAI_F6_SECDED_NO_ERROR/4(error_inject_i != 39'h0) || (err_o == 2'h0)
SCAI_F6_SECDED_SYNDROME/5(error_inject_i != 39'h0) || (syndrome_o == 7'h0)
SCAI_F6_SECDED_ROUNDTRIP/6(error_inject_i == 39'h0) || (data_o == data_i)
prim_secded_hamming_72_64_tb 7 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(encoded_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(syndrome_o)
SCAI_F6_SECDED_NO_ERROR/4(error_inject_i != 72'h0) || (err_o == 2'h0)
SCAI_F6_SECDED_SYNDROME/5(error_inject_i != 72'h0) || (syndrome_o == 8'h0)
SCAI_F6_SECDED_ROUNDTRIP/6(error_inject_i == 72'h0) || (data_o == data_i)
prim_secded_inv_22_16_tb 7 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(encoded_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(syndrome_o)
SCAI_F6_SECDED_NO_ERROR/4(error_inject_i != 22'h0) || (err_o == 2'h0)
SCAI_F6_SECDED_SYNDROME/5(error_inject_i != 22'h0) || (syndrome_o == 6'h0)
SCAI_F6_SECDED_ROUNDTRIP/6(error_inject_i == 22'h0) || (data_o == data_i)
prim_secded_inv_28_22_tb 7 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(encoded_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(syndrome_o)
SCAI_F6_SECDED_NO_ERROR/4(error_inject_i != 28'h0) || (err_o == 2'h0)
SCAI_F6_SECDED_SYNDROME/5(error_inject_i != 28'h0) || (syndrome_o == 6'h0)
SCAI_F6_SECDED_ROUNDTRIP/6(error_inject_i == 28'h0) || (data_o == data_i)
prim_secded_inv_39_32_tb 7 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(encoded_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(syndrome_o)
SCAI_F6_SECDED_NO_ERROR/4(error_inject_i != 39'h0) || (err_o == 2'h0)
SCAI_F6_SECDED_SYNDROME/5(error_inject_i != 39'h0) || (syndrome_o == 7'h0)
SCAI_F6_SECDED_ROUNDTRIP/6(error_inject_i == 39'h0) || (data_o == data_i)
prim_secded_inv_64_57_tb 7 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(encoded_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(syndrome_o)
SCAI_F6_SECDED_NO_ERROR/4(error_inject_i != 64'h0) || (err_o == 2'h0)
SCAI_F6_SECDED_SYNDROME/5(error_inject_i != 64'h0) || (syndrome_o == 7'h0)
SCAI_F6_SECDED_ROUNDTRIP/6(error_inject_i == 64'h0) || (data_o == data_i)
prim_secded_inv_72_64_tb 7 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(encoded_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(syndrome_o)
SCAI_F6_SECDED_NO_ERROR/4(error_inject_i != 72'h0) || (err_o == 2'h0)
SCAI_F6_SECDED_SYNDROME/5(error_inject_i != 72'h0) || (syndrome_o == 8'h0)
SCAI_F6_SECDED_ROUNDTRIP/6(error_inject_i == 72'h0) || (data_o == data_i)
prim_secded_inv_hamming_22_16_tb 7 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(encoded_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(syndrome_o)
SCAI_F6_SECDED_NO_ERROR/4(error_inject_i != 22'h0) || (err_o == 2'h0)
SCAI_F6_SECDED_SYNDROME/5(error_inject_i != 22'h0) || (syndrome_o == 6'h0)
SCAI_F6_SECDED_ROUNDTRIP/6(error_inject_i == 22'h0) || (data_o == data_i)
prim_secded_inv_hamming_39_32_tb 7 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(encoded_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(syndrome_o)
SCAI_F6_SECDED_NO_ERROR/4(error_inject_i != 39'h0) || (err_o == 2'h0)
SCAI_F6_SECDED_SYNDROME/5(error_inject_i != 39'h0) || (syndrome_o == 7'h0)
SCAI_F6_SECDED_ROUNDTRIP/6(error_inject_i == 39'h0) || (data_o == data_i)
prim_secded_inv_hamming_72_64_tb 7 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(data_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(encoded_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(syndrome_o)
SCAI_F6_SECDED_NO_ERROR/4(error_inject_i != 72'h0) || (err_o == 2'h0)
SCAI_F6_SECDED_SYNDROME/5(error_inject_i != 72'h0) || (syndrome_o == 8'h0)
SCAI_F6_SECDED_ROUNDTRIP/6(error_inject_i == 72'h0) || (data_o == data_i)
alert_handler 6 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(alert_rx_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(crashdump_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(crashdump_o_alert_cause)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(crashdump_o_loc_alert_cause)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(edn_o)
SCAI_F0_ASSERT_KNOWN/5!$isunknown(edn_o_ar_addr)
alert_handler_accu 5 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(accu_cnt_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(accu_fail_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(accu_trig_o)
SCAI_F3_SAFETY_IMPLICATION/3accu_trig_o == ((accu_cnt_o >= thresh_i) & trig_gated)
SCAI_F3_OUTPUT_EQUIVALENCE/4accu_trig_o == ((accu_cnt_o >= thresh_i) & trig_gated)
alert_handler_esc_timer_assert_fpv 5 proven
SCAI_F3_SAFETY_IMPLICATION/0!rst_ni || (esc_has_triggered_q == ((esc_has_triggered_q & ~
SCAI_F3_SAFETY_IMPLICATION/1rst_ni || (esc_has_triggered_q == 1'b0)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (esc_has_triggered_q == 1'b0)
TT1_GUARDED_UPDATE/T1rst_ni |=> (esc_has_triggered_q == ((esc_has_triggered_q & ~(clr_i)) |
TT2_HOLD_CONDITION/T2!((!(rst_ni) || rst_ni)) |=> $stable(esc_has_triggered_q)
alert_handler_ping_timer_assert_fpv 5 proven
SCAI_F0_PARAM_CONSTRAINT/01'b1
SCAI_F0_PARAM_CONSTRAINT/11'b1
SCAI_F0_PARAM_CONSTRAINT/21'b1
SCAI_F0_PARAM_CONSTRAINT/31'b1
SCAI_F0_PARAM_CONSTRAINT/41'b1
prim_alert_rxtx_async_assert_fpv 5 proven
SCAI_F3_SAFETY_IMPLICATION/0!rst_ni || (error_setreg_q == error_setreg_d)
SCAI_F3_SAFETY_IMPLICATION/1rst_ni || (error_setreg_q == 1'b0)
TT1_GUARDED_UPDATE/T0!(rst_ni) |=> (error_setreg_q == 1'b0)
TT1_GUARDED_UPDATE/T1rst_ni |=> (error_setreg_q == error_setreg_d)
TT2_HOLD_CONDITION/T2!((!(rst_ni) || rst_ni)) |=> $stable(error_setreg_q)
prim_alert_rxtx_tb 5 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(alert_ack_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(alert_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(alert_state_o)
SCAI_F0_ASSERT_KNOWN/3!$isunknown(integ_fail_o)
SCAI_F0_ASSERT_KNOWN/4!$isunknown(ping_ok_o)
prim_cdc_rand_delay 4 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(dst_data_o)
SCAI_F0_PARAM_CONSTRAINT/11'b1
SCAI_F3_SAFETY_IMPLICATION/2dst_data_o == src_data_i
SCAI_F3_PASSTHROUGH/3dst_data_o == src_data_i
prim_double_lfsr 4 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(err_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(state_o)
SCAI_F3_SAFETY_IMPLICATION/2err_o == (lfsr_state[0] != lfsr_state[1])
SCAI_F3_OUTPUT_EQUIVALENCE/3err_o == (lfsr_state[0] != lfsr_state[1])
prim_esc_rxtx_tb 4 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(esc_req_o)
SCAI_F0_ASSERT_KNOWN/1!$isunknown(integ_fail_o)
SCAI_F0_ASSERT_KNOWN/2!$isunknown(ping_ok_o)
SCAI_F0_PARAM_CONSTRAINT/31'b1
prim_onehot_check 4 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(err_o)
SCAI_F0_PARAM_CONSTRAINT/11'b1
SCAI_F3_SAFETY_IMPLICATION/2err_o == ((oh0_err || enable_err) || addr_err)
SCAI_F3_OUTPUT_EQUIVALENCE/3err_o == ((oh0_err || enable_err) || addr_err)
prim_lc_sync 3 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(lc_en_o)
SCAI_F0_PARAM_CONSTRAINT/11'b1
SCAI_F3_SAFETY_IMPLICATION/2lc_en_o == lc_en_out
prim_mubi12_sync 3 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(mubi_o)
SCAI_F0_PARAM_CONSTRAINT/11'b1
SCAI_F3_SAFETY_IMPLICATION/2mubi_o == mubi_out
prim_mubi16_sync 3 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(mubi_o)
SCAI_F0_PARAM_CONSTRAINT/11'b1
SCAI_F3_SAFETY_IMPLICATION/2mubi_o == mubi_out
prim_mubi20_sync 3 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(mubi_o)
SCAI_F0_PARAM_CONSTRAINT/11'b1
SCAI_F3_SAFETY_IMPLICATION/2mubi_o == mubi_out
prim_mubi24_sync 3 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(mubi_o)
SCAI_F0_PARAM_CONSTRAINT/11'b1
SCAI_F3_SAFETY_IMPLICATION/2mubi_o == mubi_out
prim_mubi28_sync 3 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(mubi_o)
SCAI_F0_PARAM_CONSTRAINT/11'b1
SCAI_F3_SAFETY_IMPLICATION/2mubi_o == mubi_out
prim_mubi32_sync 3 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(mubi_o)
SCAI_F0_PARAM_CONSTRAINT/11'b1
SCAI_F3_SAFETY_IMPLICATION/2mubi_o == mubi_out
prim_mubi4_sync 3 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(mubi_o)
SCAI_F0_PARAM_CONSTRAINT/11'b1
SCAI_F3_SAFETY_IMPLICATION/2mubi_o == mubi_out
prim_mubi8_sync 3 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(mubi_o)
SCAI_F0_PARAM_CONSTRAINT/11'b1
SCAI_F3_SAFETY_IMPLICATION/2mubi_o == mubi_out
prim_sparse_fsm_flop 3 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(state_o)
SCAI_F0_PARAM_CONSTRAINT/11'b1
SCAI_F3_SAFETY_IMPLICATION/2state_o == state_raw
prim_flop_no_rst 2 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(q_o)
SCAI_F0_PARAM_CONSTRAINT/11'b1
prim_mubi12_sender 2 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(mubi_o)
SCAI_F3_SAFETY_IMPLICATION/1mubi_o == mubi_out
prim_mubi16_sender 2 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(mubi_o)
SCAI_F3_SAFETY_IMPLICATION/1mubi_o == mubi_out
prim_mubi20_sender 2 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(mubi_o)
SCAI_F3_SAFETY_IMPLICATION/1mubi_o == mubi_out
prim_mubi24_sender 2 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(mubi_o)
SCAI_F3_SAFETY_IMPLICATION/1mubi_o == mubi_out
prim_mubi28_sender 2 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(mubi_o)
SCAI_F3_SAFETY_IMPLICATION/1mubi_o == mubi_out
prim_mubi32_sender 2 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(mubi_o)
SCAI_F3_SAFETY_IMPLICATION/1mubi_o == mubi_out
prim_mubi4_sender 2 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(mubi_o)
SCAI_F3_SAFETY_IMPLICATION/1mubi_o == mubi_out
prim_mubi8_sender 2 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(mubi_o)
SCAI_F3_SAFETY_IMPLICATION/1mubi_o == mubi_out
alert_handler_lpg_ctrl 1 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(alert_init_trig_o)
prim_clock_inv 1 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(clk_no)
prim_rst_sync 1 proven
SCAI_F0_ASSERT_KNOWN/0!$isunknown(q_o)

All 136 design intent candidates across 53 modules. Specific signals, specific properties, specific structural evidence.

prim_fifo_sync 11 candidates
CRITICALDATA_INTEGRITY
Verify data written via wdata_i is read unchanged from rdata_o — no bit-level corruption in storage
CRITICALDATA_INTEGRITY
Verify FIFO ordering: data exits in the same order it enters
CRITICALSPECIAL_CASE_HANDLING
Verify full/empty signaling: correct status when buffer reaches capacity or drains completely
REQUIREDPROTOCOL_COMPLIANCE
Verify valid (wvalid_i, rvalid_o) does not deassert while ready (rready_i, wready_o) is low — no dropped transactions
REQUIREDPROTOCOL_COMPLIANCE
Verify payload stability: data signals must not change while valid is high and ready is low
REQUIREDINITIALIZATION
Verify all 2 registers reach a known state after reset within bounded cycles
CRITICALERROR_SIGNAL_REACHABILITY
Single-bit error output detected with reset value zero. Engineer should verify whether this error path is reachable under normal operating conditions. If unreachable, assert(!err_o) with appropriate input assumptions.
CRITICALREDUNDANT_STATE_VERIFICATION
Module has pointer state but no derived status outputs. Engineer should verify pointer-to-status relationships and backward implications (e.g., !ready → full, !valid → empty).
REQUIREDUSAGE_ASSUMPTION
Verify clr_i is only asserted under expected conditions. Parent module should guarantee clr_i is not asserted simultaneously with ongoing transactions. If never asserted in normal operation, assert(!clr_i) with appropriate assumptions.
CRITICALBEHAVIORAL_CORRECTNESS
Verify clearing the FIFO resets wvalid_i to 0 within 1 cycle. After clr_i is asserted, no stale valid should be visible to downstream.
CRITICALBEHAVIORAL_CORRECTNESS
Verify clr_i is never asserted during normal FIFO operation (usage assumption from parent). If asserted mid-transaction, data integrity cannot be guaranteed.
prim_fifo_async 10 candidates
CRITICALDATA_INTEGRITY
Verify data written via wdata_i is read unchanged from wdepth_o — no bit-level corruption in storage
CRITICALDATA_INTEGRITY
Verify FIFO ordering: data exits in the same order it enters
CRITICALSPECIAL_CASE_HANDLING
Verify full/empty signaling: correct status when buffer reaches capacity or drains completely
REQUIREDPROTOCOL_COMPLIANCE
Verify valid (wvalid_i, rvalid_o) does not deassert while ready (rready_i, wready_o) is low — no dropped transactions
REQUIREDPROTOCOL_COMPLIANCE
Verify payload stability: data signals must not change while valid is high and ready is low
REQUIREDINITIALIZATION
Verify all 6 registers reach a known state after reset within bounded cycles
CRITICALREDUNDANT_STATE_VERIFICATION
Structurally derived: assert(wready_o == (fifo_wptr_q == fifo_rptr_sync_q)). Pointer comparison drives status output — provable by formal solver.
CRITICALREDUNDANT_STATE_VERIFICATION
Structurally derived: assert(wdepth_o == (fifo_wptr_q == fifo_rptr_sync_q)). Pointer comparison drives status output — provable by formal solver.
CRITICALREDUNDANT_STATE_VERIFICATION
Structurally derived: assert(rvalid_o == (fifo_rptr_q == fifo_wptr_sync_combi)). Pointer comparison drives status output — provable by formal solver.
CRITICALREDUNDANT_STATE_VERIFICATION
Structurally derived: assert(rdepth_o == (fifo_rptr_q == fifo_wptr_sync_combi)). Pointer comparison drives status output — provable by formal solver.
prim_count 8 candidates
CRITICALDATA_INTEGRITY
Verify data written via set_cnt_i is read unchanged from cnt_o — no bit-level corruption in storage
CRITICALDATA_INTEGRITY
Verify FIFO ordering: data exits in the same order it enters
CRITICALSPECIAL_CASE_HANDLING
Verify full/empty signaling: correct status when buffer reaches capacity or drains completely
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
REQUIREDUSAGE_ASSUMPTION
Verify clr_i is only asserted under expected conditions. Parent module should guarantee clr_i is not asserted simultaneously with ongoing transactions. If never asserted in normal operation, assert(!clr_i) with appropriate assumptions.
REQUIREDUSAGE_ASSUMPTION
Verify set_i is only asserted under expected conditions. Parent module should guarantee set_i is not asserted simultaneously with ongoing transactions. If never asserted in normal operation, assert(!set_i) with appropriate assumptions.
REQUIREDUSAGE_ASSUMPTION
Verify clr_i and set_i are never simultaneously asserted. Simultaneous assertion produces undefined behavior.
CRITICALBEHAVIORAL_CORRECTNESS
Verify clr_i is never asserted during normal FIFO operation (usage assumption from parent). If asserted mid-transaction, data integrity cannot be guaranteed.
prim_arbiter_tree 7 candidates
CRITICALDATA_INTEGRITY
Verify data written via req_i is read unchanged from gnt_o — no bit-level corruption in storage
CRITICALDATA_INTEGRITY
Verify FIFO ordering: data exits in the same order it enters
CRITICALSPECIAL_CASE_HANDLING
Verify full/empty signaling: correct status when buffer reaches capacity or drains completely
REQUIREDPROTOCOL_COMPLIANCE
Verify valid (valid_o) does not deassert while ready (ready_i) is low — no dropped transactions
REQUIREDPROTOCOL_COMPLIANCE
Verify payload stability: data signals must not change while valid is high and ready is low
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
REQUIREDLIVENESS
Verify no requester starvation: for each k in 0..7, req_i[k] eventually leads to gnt_o[k]. Requires fairness assumption on ready_i.
prim_packer 6 candidates
CRITICALFUNCTIONAL_CORRECTNESS
Verify data_o[31:0] equals the expected sum/difference of data_i and mask_i
CRITICALSPECIAL_CASE_HANDLING
Verify behavior for boundary inputs: zero, max positive, max negative, overflow, underflow, NaN, infinity, denormals (IEEE 754)
REQUIREDPROTOCOL_COMPLIANCE
Verify valid (valid_i, valid_o) does not deassert while ready (ready_i, ready_o) is low — no dropped transactions
REQUIREDPROTOCOL_COMPLIANCE
Verify payload stability: data signals must not change while valid is high and ready is low
REQUIREDINITIALIZATION
Verify all 4 registers reach a known state after reset within bounded cycles
REQUIREDUSAGE_ASSUMPTION
Verify flush_i is only asserted under expected conditions. Parent module should guarantee flush_i is not asserted simultaneously with ongoing transactions. If never asserted in normal operation, assert(!flush_i) with appropriate assumptions.
prim_fifo_async_sram_adapter 5 candidates
CRITICALFUNCTIONAL_CORRECTNESS
Verify wdepth_o[4:0] equals the expected sum/difference of wdata_i and w_sram_rdata_i and r_sram_rdata_i
CRITICALSPECIAL_CASE_HANDLING
Verify behavior for boundary inputs: zero, max positive, max negative, overflow, underflow, NaN, infinity, denormals (IEEE 754)
REQUIREDPROTOCOL_COMPLIANCE
Verify valid (wvalid_i, w_sram_rvalid_i, r_sram_rvalid_i, rvalid_o) does not deassert while ready (rready_i, wready_o) is low — no dropped transactions
REQUIREDPROTOCOL_COMPLIANCE
Verify payload stability: data signals must not change while valid is high and ready is low
REQUIREDINITIALIZATION
Verify all 7 registers reach a known state after reset within bounded cycles
prim_arbiter_ppc 4 candidates
REQUIREDPROTOCOL_COMPLIANCE
Verify valid (valid_o) does not deassert while ready (ready_i) is low — no dropped transactions
REQUIREDPROTOCOL_COMPLIANCE
Verify payload stability: data signals must not change while valid is high and ready is low
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
REQUIREDLIVENESS
Verify no requester starvation: for each k in 0..7, req_i[k] eventually leads to gnt_o[k]. Requires fairness assumption on ready_i.
prim_arbiter_tree_dup 4 candidates
REQUIREDPROTOCOL_COMPLIANCE
Verify valid (valid_o) does not deassert while ready (ready_i) is low — no dropped transactions
REQUIREDPROTOCOL_COMPLIANCE
Verify payload stability: data signals must not change while valid is high and ready is low
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
REQUIREDLIVENESS
Verify no requester starvation: for each k in 0..7, req_i[k] eventually leads to gnt_o[k]. Requires fairness assumption on ready_i.
prim_fifo_sync_assert_fpv 4 candidates
REQUIREDPROTOCOL_COMPLIANCE
Verify valid (wvalid_i, rvalid_o) does not deassert while ready (wready_o, rready_i) is low — no dropped transactions
REQUIREDPROTOCOL_COMPLIANCE
Verify payload stability: data signals must not change while valid is high and ready is low
REQUIREDINITIALIZATION
Verify all 4 registers reach a known state after reset within bounded cycles
REQUIREDUSAGE_ASSUMPTION
Verify clr_i is only asserted under expected conditions. Parent module should guarantee clr_i is not asserted simultaneously with ongoing transactions. If never asserted in normal operation, assert(!clr_i) with appropriate assumptions.
prim_gate_gen 4 candidates
CRITICALDATA_INTEGRITY
Verify data written via data_i is read unchanged from data_o — no bit-level corruption in storage
CRITICALDATA_INTEGRITY
Verify FIFO ordering: data exits in the same order it enters
CRITICALSPECIAL_CASE_HANDLING
Verify full/empty signaling: correct status when buffer reaches capacity or drains completely
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
prim_packer_fifo 4 candidates
REQUIREDPROTOCOL_COMPLIANCE
Verify valid (wvalid_i, rvalid_o) does not deassert while ready (rready_i, wready_o) is low — no dropped transactions
REQUIREDPROTOCOL_COMPLIANCE
Verify payload stability: data signals must not change while valid is high and ready is low
REQUIREDINITIALIZATION
Verify all 4 registers reach a known state after reset within bounded cycles
REQUIREDUSAGE_ASSUMPTION
Verify clr_i is only asserted under expected conditions. Parent module should guarantee clr_i is not asserted simultaneously with ongoing transactions. If never asserted in normal operation, assert(!clr_i) with appropriate assumptions.
tlul_lc_gate 4 candidates
CRITICALDATA_INTEGRITY
Verify data written via tl_h2d_i is read unchanged from tl_d2h_o — no bit-level corruption in storage
REQUIREDPROTOCOL_COMPLIANCE
Verify valid (tl_h2d_i_a_valid, tl_d2h_i_d_valid, tl_d2h_o_d_valid, tl_h2d_o_a_valid) does not deassert while ready (tl_h2d_i_d_ready, tl_d2h_i_a_ready, tl_d2h_o_a_ready, tl_h2d_o_d_ready) is low — no dropped transactions
REQUIREDPROTOCOL_COMPLIANCE
Verify payload stability: data signals must not change while valid is high and ready is low
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
alert_handler_esc_timer_assert_fpv 3 candidates
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
REQUIREDUSAGE_ASSUMPTION
Verify clr_i is only asserted under expected conditions. Parent module should guarantee clr_i is not asserted simultaneously with ongoing transactions. If never asserted in normal operation, assert(!clr_i) with appropriate assumptions.
CRITICALBEHAVIORAL_CORRECTNESS
Verify crashdump latch (crashdump_phase_i) triggers on the correct escalation phase. The latch should capture state exactly once during the designated phase, not during other phases or error states.
prim_arbiter_fixed 3 candidates
REQUIREDPROTOCOL_COMPLIANCE
Verify valid (valid_o) does not deassert while ready (ready_i) is low — no dropped transactions
REQUIREDPROTOCOL_COMPLIANCE
Verify payload stability: data signals must not change while valid is high and ready is low
REQUIREDLIVENESS
Verify no requester starvation: for each k in 0..7, req_i[k] eventually leads to gnt_o[k]. Requires fairness assumption on ready_i.
prim_edn_req 3 candidates
REQUIREDPROTOCOL_COMPLIANCE
Verify valid (edn_i_b_valid, edn_i_r_valid, edn_o_aw_valid, edn_o_w_valid, edn_o_ar_valid) does not deassert while ready (edn_i_aw_ready, edn_i_w_ready, edn_i_ar_ready, edn_o_b_ready, edn_o_r_ready) is low — no dropped transactions
REQUIREDPROTOCOL_COMPLIANCE
Verify payload stability: data signals must not change while valid is high and ready is low
REQUIREDINITIALIZATION
Verify all 3 registers reach a known state after reset within bounded cycles
prim_fifo_async_simple 3 candidates
REQUIREDPROTOCOL_COMPLIANCE
Verify valid (wvalid_i, rvalid_o) does not deassert while ready (rready_i, wready_o) is low — no dropped transactions
REQUIREDPROTOCOL_COMPLIANCE
Verify payload stability: data signals must not change while valid is high and ready is low
REQUIREDINITIALIZATION
Verify all 3 registers reach a known state after reset within bounded cycles
prim_lfsr 3 candidates
REQUIREDINITIALIZATION
Verify all 3 registers reach a known state after reset within bounded cycles
CRITICALALGEBRAIC_CORRECTNESS
Verify LFSR reaches maximal sequence length (2^W - 1 states for Galois XOR, or 2^W - 1 for Fibonacci). Requires exhaustive simulation or algebraic proof of the feedback polynomial — beyond structural formal verification.
CRITICALALGEBRAIC_CORRECTNESS
Verify feedback polynomial is primitive (irreducible and of maximal order). The polynomial determines LFSR period — a non-primitive polynomial produces a shorter-than-maximal sequence.
prim_reg_cdc 3 candidates
CRITICALFUNCTIONAL_CORRECTNESS
Verify src_qs_o[31:0] equals the expected sum/difference of src_wd_i and dst_ds_i and dst_qs_i
CRITICALSPECIAL_CASE_HANDLING
Verify behavior for boundary inputs: zero, max positive, max negative, overflow, underflow, NaN, infinity, denormals (IEEE 754)
REQUIREDINITIALIZATION
Verify all 3 registers reach a known state after reset within bounded cycles
tlul_adapter_dmi 3 candidates
REQUIREDPROTOCOL_COMPLIANCE
Verify valid (dmi_resp_valid_i, tl_h2d_i_a_valid, dmi_resp_i_b_valid, dmi_resp_i_r_valid, dmi_req_valid_o, tl_d2h_o_d_valid, dmi_req_o_aw_valid, dmi_req_o_w_valid, dmi_req_o_ar_valid) does not deassert while ready (dmi_req_ready_i, tl_h2d_i_d_ready, dmi_resp_i_aw_ready, dmi_resp_i_w_ready, dmi_resp_i_ar_ready, dmi_resp_ready_o, tl_d2h_o_a_ready, dmi_req_o_b_ready, dmi_req_o_r_ready) is low — no dropped transactions
REQUIREDPROTOCOL_COMPLIANCE
Verify payload stability: data signals must not change while valid is high and ready is low
REQUIREDINITIALIZATION
Verify all 8 registers reach a known state after reset within bounded cycles
tlul_adapter_sram 3 candidates
REQUIREDPROTOCOL_COMPLIANCE
Verify valid (rvalid_i, tl_i_a_valid, tl_o_d_valid) does not deassert while ready (tl_i_d_ready, tl_o_a_ready) is low — no dropped transactions
REQUIREDPROTOCOL_COMPLIANCE
Verify payload stability: data signals must not change while valid is high and ready is low
REQUIREDINITIALIZATION
Verify all 2 registers reach a known state after reset within bounded cycles
tlul_assert 3 candidates
REQUIREDPROTOCOL_COMPLIANCE
Verify valid (h2d_a_valid, d2h_d_valid) does not deassert while ready (h2d_d_ready, d2h_a_ready) is low — no dropped transactions
REQUIREDPROTOCOL_COMPLIANCE
Verify payload stability: data signals must not change while valid is high and ready is low
REQUIREDINITIALIZATION
Verify all 3 registers reach a known state after reset within bounded cycles
tlul_err_resp 3 candidates
REQUIREDPROTOCOL_COMPLIANCE
Verify valid (tl_h_i_a_valid, tl_h_o_d_valid) does not deassert while ready (tl_h_i_d_ready, tl_h_o_a_ready) is low — no dropped transactions
REQUIREDPROTOCOL_COMPLIANCE
Verify payload stability: data signals must not change while valid is high and ready is low
REQUIREDINITIALIZATION
Verify all 5 registers reach a known state after reset within bounded cycles
tlul_jtag_dtm 3 candidates
REQUIREDPROTOCOL_COMPLIANCE
Verify valid (jtag_i_aw_valid, jtag_i_w_valid, jtag_i_ar_valid, tl_d2h_i_d_valid, jtag_o_b_valid, jtag_o_r_valid, tl_h2d_o_a_valid) does not deassert while ready (jtag_i_b_ready, jtag_i_r_ready, tl_d2h_i_a_ready, jtag_o_aw_ready, jtag_o_w_ready, jtag_o_ar_ready, tl_h2d_o_d_ready) is low — no dropped transactions
REQUIREDPROTOCOL_COMPLIANCE
Verify payload stability: data signals must not change while valid is high and ready is low
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
tlul_socket_1n 3 candidates
REQUIREDPROTOCOL_COMPLIANCE
Verify valid (tl_h_i_a_valid, tl_h_o_d_valid) does not deassert while ready (tl_h_i_d_ready, tl_h_o_a_ready) is low — no dropped transactions
REQUIREDPROTOCOL_COMPLIANCE
Verify payload stability: data signals must not change while valid is high and ready is low
REQUIREDINITIALIZATION
Verify all 2 registers reach a known state after reset within bounded cycles
alert_handler_ping_timer 1 candidates
REQUIREDINITIALIZATION
Verify all 2 registers reach a known state after reset within bounded cycles
prim_alert_receiver 1 candidates
REQUIREDINITIALIZATION
Verify all 3 registers reach a known state after reset within bounded cycles
prim_alert_rxtx_async_assert_fpv 1 candidates
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
prim_alert_rxtx_async_fatal_tb 1 candidates
REQUIREDINITIALIZATION
Verify all 6 registers reach a known state after reset within bounded cycles
prim_alert_rxtx_async_tb 1 candidates
REQUIREDINITIALIZATION
Verify all 6 registers reach a known state after reset within bounded cycles
prim_alert_sender 1 candidates
REQUIREDINITIALIZATION
Verify all 4 registers reach a known state after reset within bounded cycles
prim_diff_decode 1 candidates
REQUIREDINITIALIZATION
Verify all 2 registers reach a known state after reset within bounded cycles
prim_edge_detector 1 candidates
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
prim_esc_receiver 1 candidates
REQUIREDINITIALIZATION
Verify all 2 registers reach a known state after reset within bounded cycles
prim_esc_rxtx_assert_fpv 1 candidates
REQUIREDINITIALIZATION
Verify all 2 registers reach a known state after reset within bounded cycles
prim_esc_sender 1 candidates
REQUIREDINITIALIZATION
Verify all 4 registers reach a known state after reset within bounded cycles
prim_filter 1 candidates
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
prim_filter_ctr 1 candidates
REQUIREDINITIALIZATION
Verify all 2 registers reach a known state after reset within bounded cycles
prim_flop_en 1 candidates
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
prim_flop_no_rst 1 candidates
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
prim_intr_hw 1 candidates
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
prim_lc_sync 1 candidates
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
prim_mubi12_sync 1 candidates
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
prim_mubi16_sync 1 candidates
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
prim_mubi20_sync 1 candidates
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
prim_mubi24_sync 1 candidates
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
prim_mubi28_sync 1 candidates
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
prim_mubi32_sync 1 candidates
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
prim_mubi4_sync 1 candidates
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
prim_mubi8_sync 1 candidates
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
prim_pulse_sync 1 candidates
REQUIREDINITIALIZATION
Verify all 3 registers reach a known state after reset within bounded cycles
prim_sync_reqack 1 candidates
REQUIREDINITIALIZATION
Verify all 5 registers reach a known state after reset within bounded cycles
prim_sync_reqack_data 1 candidates
REQUIREDINITIALIZATION
Verify all 1 registers reach a known state after reset within bounded cycles
prim_sync_slow_fast 1 candidates
REQUIREDINITIALIZATION
Verify all 2 registers reach a known state after reset within bounded cycles

All 493 output signals with zero functional coverage — explicitly flagged. 7 on the 13 cross-checked core modules; 493 across the full 104-module bench (mostly wire-throughs, struct ports, and auto-generated CSR outputs).

tlul_adapter_dmi 44 uncovered
tl_d2h_o66-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o217-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_valid1-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_opcode3-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_param3-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_size2-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_source8-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_sink1-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_data32-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_user14-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_error1-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_a_ready1-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_aw_id4-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_aw_addr32-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_aw_len8-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_aw_size3-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_aw_burst2-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_aw_lock1-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_aw_cache4-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_aw_prot3-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_aw_qos4-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_aw_region4-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_aw_atop6-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_aw_user1-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_aw_valid1-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_w_data64-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_w_strb8-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_w_last1-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_w_user1-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_w_valid1-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_b_ready1-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_ar_id4-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_ar_addr32-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_ar_len8-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_ar_size3-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_ar_burst2-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_ar_lock1-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_ar_cache4-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_ar_prot3-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_ar_qos4-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_ar_region4-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_ar_user1-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_ar_valid1-bitASSERT_KNOWN only — driven but not functionally verified
dmi_req_o_r_ready1-bitASSERT_KNOWN only — driven but not functionally verified
prim_edn_req 34 uncovered
data_o32-bitASSERT_KNOWN only — driven but not functionally verified
edn_o217-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_aw_id4-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_aw_addr32-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_aw_len8-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_aw_size3-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_aw_burst2-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_aw_lock1-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_aw_cache4-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_aw_prot3-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_aw_qos4-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_aw_region4-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_aw_atop6-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_aw_user1-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_aw_valid1-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_w_data64-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_w_strb8-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_w_last1-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_w_user1-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_w_valid1-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_b_ready1-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_ar_id4-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_ar_addr32-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_ar_len8-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_ar_size3-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_ar_burst2-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_ar_lock1-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_ar_cache4-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_ar_prot3-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_ar_qos4-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_ar_region4-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_ar_user1-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_ar_valid1-bitASSERT_KNOWN only — driven but not functionally verified
edn_o_r_ready1-bitASSERT_KNOWN only — driven but not functionally verified
tlul_adapter_sram_racl 26 uncovered
tl_o66-bitASSERT_KNOWN only — driven but not functionally verified
req_o1-bitASSERT_KNOWN only — driven but not functionally verified
req_type_o1-bitASSERT_KNOWN only — driven but not functionally verified
we_o1-bitASSERT_KNOWN only — driven but not functionally verified
addr_o12-bitASSERT_KNOWN only — driven but not functionally verified
wdata_o32-bitASSERT_KNOWN only — driven but not functionally verified
wmask_o32-bitASSERT_KNOWN only — driven but not functionally verified
intg_error_o1-bitASSERT_KNOWN only — driven but not functionally verified
user_rsvd_o5-bitASSERT_KNOWN only — driven but not functionally verified
compound_txn_in_progress_o1-bitASSERT_KNOWN only — driven but not functionally verified
readback_error_o1-bitASSERT_KNOWN only — driven but not functionally verified
racl_error_o35-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_valid1-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_opcode3-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_param3-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_size2-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_source8-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_sink1-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_data32-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_user14-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_error1-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_a_ready1-bitASSERT_KNOWN only — driven but not functionally verified
racl_error_o_valid1-bitASSERT_KNOWN only — driven but not functionally verified
racl_error_o_overflow1-bitASSERT_KNOWN only — driven but not functionally verified
racl_error_o_read_access1-bitASSERT_KNOWN only — driven but not functionally verified
racl_error_o_request_address32-bitASSERT_KNOWN only — driven but not functionally verified
tlul_jtag_dtm 25 uncovered
jtag_o84-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o102-bitASSERT_KNOWN only — driven but not functionally verified
jtag_o_aw_ready1-bitASSERT_KNOWN only — driven but not functionally verified
jtag_o_w_ready1-bitASSERT_KNOWN only — driven but not functionally verified
jtag_o_b_id4-bitASSERT_KNOWN only — driven but not functionally verified
jtag_o_b_resp2-bitASSERT_KNOWN only — driven but not functionally verified
jtag_o_b_user1-bitASSERT_KNOWN only — driven but not functionally verified
jtag_o_b_valid1-bitASSERT_KNOWN only — driven but not functionally verified
jtag_o_ar_ready1-bitASSERT_KNOWN only — driven but not functionally verified
jtag_o_r_id4-bitASSERT_KNOWN only — driven but not functionally verified
jtag_o_r_data64-bitASSERT_KNOWN only — driven but not functionally verified
jtag_o_r_resp2-bitASSERT_KNOWN only — driven but not functionally verified
jtag_o_r_last1-bitASSERT_KNOWN only — driven but not functionally verified
jtag_o_r_user1-bitASSERT_KNOWN only — driven but not functionally verified
jtag_o_r_valid1-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_valid1-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_opcode3-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_param3-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_size2-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_source8-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_address32-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_mask4-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_data32-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_user16-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_d_ready1-bitASSERT_KNOWN only — driven but not functionally verified
tlul_adapter_racl 24 uncovered
tl_d2h_o_d_valid1-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_opcode3-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_param3-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_size2-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_source8-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_sink1-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_data32-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_user14-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_error1-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_a_ready1-bitASSERT_KNOWN only — driven but not functionally verified
tl_filtered_h2d_o_a_valid1-bitASSERT_KNOWN only — driven but not functionally verified
tl_filtered_h2d_o_a_opcode3-bitASSERT_KNOWN only — driven but not functionally verified
tl_filtered_h2d_o_a_param3-bitASSERT_KNOWN only — driven but not functionally verified
tl_filtered_h2d_o_a_size2-bitASSERT_KNOWN only — driven but not functionally verified
tl_filtered_h2d_o_a_source8-bitASSERT_KNOWN only — driven but not functionally verified
tl_filtered_h2d_o_a_address32-bitASSERT_KNOWN only — driven but not functionally verified
tl_filtered_h2d_o_a_mask4-bitASSERT_KNOWN only — driven but not functionally verified
tl_filtered_h2d_o_a_data32-bitASSERT_KNOWN only — driven but not functionally verified
tl_filtered_h2d_o_a_user16-bitASSERT_KNOWN only — driven but not functionally verified
tl_filtered_h2d_o_d_ready1-bitASSERT_KNOWN only — driven but not functionally verified
racl_error_o_valid1-bitASSERT_KNOWN only — driven but not functionally verified
racl_error_o_overflow1-bitASSERT_KNOWN only — driven but not functionally verified
racl_error_o_read_access1-bitASSERT_KNOWN only — driven but not functionally verified
racl_error_o_request_address32-bitASSERT_KNOWN only — driven but not functionally verified
tlul_fifo_async 22 uncovered
tl_h_o66-bitNo functional coverage
tl_d_o102-bitNo functional coverage
tl_h_o_d_valid1-bitNo functional coverage
tl_h_o_d_opcode3-bitNo functional coverage
tl_h_o_d_param3-bitNo functional coverage
tl_h_o_d_size2-bitNo functional coverage
tl_h_o_d_source8-bitNo functional coverage
tl_h_o_d_sink1-bitNo functional coverage
tl_h_o_d_data32-bitNo functional coverage
tl_h_o_d_user14-bitNo functional coverage
tl_h_o_d_error1-bitNo functional coverage
tl_h_o_a_ready1-bitNo functional coverage
tl_d_o_a_valid1-bitNo functional coverage
tl_d_o_a_opcode3-bitNo functional coverage
tl_d_o_a_param3-bitNo functional coverage
tl_d_o_a_size2-bitNo functional coverage
tl_d_o_a_source8-bitNo functional coverage
tl_d_o_a_address32-bitNo functional coverage
tl_d_o_a_mask4-bitNo functional coverage
tl_d_o_a_data32-bitNo functional coverage
tl_d_o_a_user16-bitNo functional coverage
tl_d_o_d_ready1-bitNo functional coverage
tlul_adapter_reg_racl 21 uncovered
tl_o66-bitASSERT_KNOWN only — driven but not functionally verified
intg_error_o1-bitASSERT_KNOWN only — driven but not functionally verified
re_o1-bitASSERT_KNOWN only — driven but not functionally verified
we_o1-bitASSERT_KNOWN only — driven but not functionally verified
addr_o8-bitASSERT_KNOWN only — driven but not functionally verified
wdata_o32-bitASSERT_KNOWN only — driven but not functionally verified
be_o4-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_valid1-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_opcode3-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_param3-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_size2-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_source8-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_sink1-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_data32-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_user14-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_error1-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_a_ready1-bitASSERT_KNOWN only — driven but not functionally verified
racl_error_o_valid1-bitASSERT_KNOWN only — driven but not functionally verified
racl_error_o_overflow1-bitASSERT_KNOWN only — driven but not functionally verified
racl_error_o_read_access1-bitASSERT_KNOWN only — driven but not functionally verified
racl_error_o_request_address32-bitASSERT_KNOWN only — driven but not functionally verified
tlul_lc_gate 21 uncovered
tl_h2d_o102-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_valid1-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_opcode3-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_param3-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_size2-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_source8-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_sink1-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_data32-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_user14-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_error1-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_a_ready1-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_valid1-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_opcode3-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_param3-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_size2-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_source8-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_address32-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_mask4-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_data32-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_user16-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_d_ready1-bitASSERT_KNOWN only — driven but not functionally verified
tlul_request_loopback 21 uncovered
tl_d2h_o66-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_valid1-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_opcode3-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_param3-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_size2-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_source8-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_sink1-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_data32-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_user14-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_d_error1-bitASSERT_KNOWN only — driven but not functionally verified
tl_d2h_o_a_ready1-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_valid1-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_opcode3-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_param3-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_size2-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_source8-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_address32-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_mask4-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_data32-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_a_user16-bitASSERT_KNOWN only — driven but not functionally verified
tl_h2d_o_d_ready1-bitASSERT_KNOWN only — driven but not functionally verified
tlul_sram_byte 20 uncovered
tl_o_d_valid1-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_opcode3-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_param3-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_size2-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_source8-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_sink1-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_data32-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_user14-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_error1-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_a_ready1-bitASSERT_KNOWN only — driven but not functionally verified
tl_sram_o_a_valid1-bitASSERT_KNOWN only — driven but not functionally verified
tl_sram_o_a_opcode3-bitASSERT_KNOWN only — driven but not functionally verified
tl_sram_o_a_param3-bitASSERT_KNOWN only — driven but not functionally verified
tl_sram_o_a_size2-bitASSERT_KNOWN only — driven but not functionally verified
tl_sram_o_a_source8-bitASSERT_KNOWN only — driven but not functionally verified
tl_sram_o_a_address32-bitASSERT_KNOWN only — driven but not functionally verified
tl_sram_o_a_mask4-bitASSERT_KNOWN only — driven but not functionally verified
tl_sram_o_a_data32-bitASSERT_KNOWN only — driven but not functionally verified
tl_sram_o_a_user16-bitASSERT_KNOWN only — driven but not functionally verified
tl_sram_o_d_ready1-bitASSERT_KNOWN only — driven but not functionally verified
tlul_adapter_sram 17 uncovered
tl_o66-bitASSERT_KNOWN only — driven but not functionally verified
req_o1-bitASSERT_KNOWN only — driven but not functionally verified
req_type_o1-bitASSERT_KNOWN only — driven but not functionally verified
we_o1-bitASSERT_KNOWN only — driven but not functionally verified
addr_o12-bitASSERT_KNOWN only — driven but not functionally verified
user_rsvd_o5-bitASSERT_KNOWN only — driven but not functionally verified
compound_txn_in_progress_o1-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_valid1-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_opcode3-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_param3-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_size2-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_source8-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_sink1-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_data32-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_user14-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_error1-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_a_ready1-bitASSERT_KNOWN only — driven but not functionally verified
tlul_adapter_host 14 uncovered
rdata_o32-bitASSERT_KNOWN only — driven but not functionally verified
rdata_intg_o7-bitASSERT_KNOWN only — driven but not functionally verified
err_o1-bitASSERT_KNOWN only — driven but not functionally verified
tl_o102-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_a_valid1-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_a_opcode3-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_a_param3-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_a_size2-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_a_source8-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_a_address32-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_a_mask4-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_a_data32-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_a_user16-bitASSERT_KNOWN only — driven but not functionally verified
tl_o_d_ready1-bitASSERT_KNOWN only — driven but not functionally verified
tlul_cmd_intg_gen 11 uncovered
tl_o102-bitNo functional coverage
tl_o_a_valid1-bitNo functional coverage
tl_o_a_opcode3-bitNo functional coverage
tl_o_a_param3-bitNo functional coverage
tl_o_a_size2-bitNo functional coverage
tl_o_a_source8-bitNo functional coverage
tl_o_a_address32-bitNo functional coverage
tl_o_a_mask4-bitNo functional coverage
tl_o_a_data32-bitNo functional coverage
tl_o_a_user16-bitNo functional coverage
tl_o_d_ready1-bitNo functional coverage
tlul_err_resp 11 uncovered
tl_h_o66-bitASSERT_KNOWN only — driven but not functionally verified
tl_h_o_d_valid1-bitASSERT_KNOWN only — driven but not functionally verified
tl_h_o_d_opcode3-bitASSERT_KNOWN only — driven but not functionally verified
tl_h_o_d_param3-bitASSERT_KNOWN only — driven but not functionally verified
tl_h_o_d_size2-bitASSERT_KNOWN only — driven but not functionally verified
tl_h_o_d_source8-bitASSERT_KNOWN only — driven but not functionally verified
tl_h_o_d_sink1-bitASSERT_KNOWN only — driven but not functionally verified
tl_h_o_d_data32-bitASSERT_KNOWN only — driven but not functionally verified
tl_h_o_d_user14-bitASSERT_KNOWN only — driven but not functionally verified
tl_h_o_d_error1-bitASSERT_KNOWN only — driven but not functionally verified
tl_h_o_a_ready1-bitASSERT_KNOWN only — driven but not functionally verified
tlul_socket_1n 11 uncovered
tl_h_o66-bitASSERT_KNOWN only — driven but not functionally verified
tl_h_o_d_valid1-bitASSERT_KNOWN only — driven but not functionally verified
tl_h_o_d_opcode3-bitASSERT_KNOWN only — driven but not functionally verified
tl_h_o_d_param3-bitASSERT_KNOWN only — driven but not functionally verified
tl_h_o_d_size2-bitASSERT_KNOWN only — driven but not functionally verified
tl_h_o_d_source8-bitASSERT_KNOWN only — driven but not functionally verified
tl_h_o_d_sink1-bitASSERT_KNOWN only — driven but not functionally verified
tl_h_o_d_data32-bitASSERT_KNOWN only — driven but not functionally verified
tl_h_o_d_user14-bitASSERT_KNOWN only — driven but not functionally verified
tl_h_o_d_error1-bitASSERT_KNOWN only — driven but not functionally verified
tl_h_o_a_ready1-bitASSERT_KNOWN only — driven but not functionally verified
tlul_socket_m1 11 uncovered
tl_d_o102-bitASSERT_KNOWN only — driven but not functionally verified
tl_d_o_a_valid1-bitASSERT_KNOWN only — driven but not functionally verified
tl_d_o_a_opcode3-bitASSERT_KNOWN only — driven but not functionally verified
tl_d_o_a_param3-bitASSERT_KNOWN only — driven but not functionally verified
tl_d_o_a_size2-bitASSERT_KNOWN only — driven but not functionally verified
tl_d_o_a_source8-bitASSERT_KNOWN only — driven but not functionally verified
tl_d_o_a_address32-bitASSERT_KNOWN only — driven but not functionally verified
tl_d_o_a_mask4-bitASSERT_KNOWN only — driven but not functionally verified
tl_d_o_a_data32-bitASSERT_KNOWN only — driven but not functionally verified
tl_d_o_a_user16-bitASSERT_KNOWN only — driven but not functionally verified
tl_d_o_d_ready1-bitASSERT_KNOWN only — driven but not functionally verified
prim_fifo_sync_tb 6 uncovered
wready_o11-bitNo functional coverage
rvalid_o11-bitNo functional coverage
rdata_o4-bitNo functional coverage
full_o11-bitNo functional coverage
depth_o5-bitNo functional coverage
err_o11-bitNo functional coverage
prim_packer_tb 6 uncovered
ready_o1-bitNo functional coverage
valid_o1-bitNo functional coverage
data_o64-bitNo functional coverage
mask_o64-bitNo functional coverage
flush_done_o1-bitNo functional coverage
err_o1-bitNo functional coverage
prim_alert_rxtx_async_fatal_tb 5 uncovered
alert_ack_o1-bitASSERT_KNOWN only — driven but not functionally verified
alert_state_o1-bitASSERT_KNOWN only — driven but not functionally verified
ping_ok_o1-bitASSERT_KNOWN only — driven but not functionally verified
integ_fail_o1-bitASSERT_KNOWN only — driven but not functionally verified
alert_o1-bitASSERT_KNOWN only — driven but not functionally verified
prim_alert_rxtx_async_tb 5 uncovered
alert_ack_o1-bitASSERT_KNOWN only — driven but not functionally verified
alert_state_o1-bitASSERT_KNOWN only — driven but not functionally verified
ping_ok_o1-bitASSERT_KNOWN only — driven but not functionally verified
integ_fail_o1-bitASSERT_KNOWN only — driven but not functionally verified
alert_o1-bitASSERT_KNOWN only — driven but not functionally verified
prim_alert_rxtx_tb 5 uncovered
alert_ack_o1-bitASSERT_KNOWN only — driven but not functionally verified
alert_state_o1-bitASSERT_KNOWN only — driven but not functionally verified
ping_ok_o1-bitASSERT_KNOWN only — driven but not functionally verified
integ_fail_o1-bitASSERT_KNOWN only — driven but not functionally verified
alert_o1-bitASSERT_KNOWN only — driven but not functionally verified
prim_arbiter_tree_dup 5 uncovered
gnt_o8-bitNo functional coverage
idx_o3-bitNo functional coverage
valid_o1-bitNo functional coverage
data_o32-bitNo functional coverage
err_o1-bitNo functional coverage
prim_sram_arbiter 5 uncovered
sram_req_o1-bitASSERT_KNOWN only — driven but not functionally verified
sram_addr_o12-bitASSERT_KNOWN only — driven but not functionally verified
sram_write_o1-bitASSERT_KNOWN only — driven but not functionally verified
sram_wdata_o32-bitASSERT_KNOWN only — driven but not functionally verified
sram_wmask_o32-bitASSERT_KNOWN only — driven but not functionally verified
prim_secded_22_16_tb 4 uncovered
data_o16-bitASSERT_KNOWN only — driven but not functionally verified
encoded_o22-bitASSERT_KNOWN only — driven but not functionally verified
syndrome_o6-bitASSERT_KNOWN only — driven but not functionally verified
err_o2-bitASSERT_KNOWN only — driven but not functionally verified
prim_secded_28_22_tb 4 uncovered
data_o22-bitASSERT_KNOWN only — driven but not functionally verified
encoded_o28-bitASSERT_KNOWN only — driven but not functionally verified
syndrome_o6-bitASSERT_KNOWN only — driven but not functionally verified
err_o2-bitASSERT_KNOWN only — driven but not functionally verified
prim_secded_39_32_tb 4 uncovered
data_o32-bitASSERT_KNOWN only — driven but not functionally verified
encoded_o39-bitASSERT_KNOWN only — driven but not functionally verified
syndrome_o7-bitASSERT_KNOWN only — driven but not functionally verified
err_o2-bitASSERT_KNOWN only — driven but not functionally verified
prim_secded_64_57_tb 4 uncovered
data_o57-bitASSERT_KNOWN only — driven but not functionally verified
encoded_o64-bitASSERT_KNOWN only — driven but not functionally verified
syndrome_o7-bitASSERT_KNOWN only — driven but not functionally verified
err_o2-bitASSERT_KNOWN only — driven but not functionally verified
prim_secded_72_64_tb 4 uncovered
data_o64-bitASSERT_KNOWN only — driven but not functionally verified
encoded_o72-bitASSERT_KNOWN only — driven but not functionally verified
syndrome_o8-bitASSERT_KNOWN only — driven but not functionally verified
err_o2-bitASSERT_KNOWN only — driven but not functionally verified
prim_secded_hamming_22_16_tb 4 uncovered
data_o16-bitASSERT_KNOWN only — driven but not functionally verified
encoded_o22-bitASSERT_KNOWN only — driven but not functionally verified
syndrome_o6-bitASSERT_KNOWN only — driven but not functionally verified
err_o2-bitASSERT_KNOWN only — driven but not functionally verified
prim_secded_hamming_39_32_tb 4 uncovered
data_o32-bitASSERT_KNOWN only — driven but not functionally verified
encoded_o39-bitASSERT_KNOWN only — driven but not functionally verified
syndrome_o7-bitASSERT_KNOWN only — driven but not functionally verified
err_o2-bitASSERT_KNOWN only — driven but not functionally verified
prim_secded_hamming_72_64_tb 4 uncovered
data_o64-bitASSERT_KNOWN only — driven but not functionally verified
encoded_o72-bitASSERT_KNOWN only — driven but not functionally verified
syndrome_o8-bitASSERT_KNOWN only — driven but not functionally verified
err_o2-bitASSERT_KNOWN only — driven but not functionally verified
prim_secded_inv_22_16_tb 4 uncovered
data_o16-bitASSERT_KNOWN only — driven but not functionally verified
encoded_o22-bitASSERT_KNOWN only — driven but not functionally verified
syndrome_o6-bitASSERT_KNOWN only — driven but not functionally verified
err_o2-bitASSERT_KNOWN only — driven but not functionally verified
prim_secded_inv_28_22_tb 4 uncovered
data_o22-bitASSERT_KNOWN only — driven but not functionally verified
encoded_o28-bitASSERT_KNOWN only — driven but not functionally verified
syndrome_o6-bitASSERT_KNOWN only — driven but not functionally verified
err_o2-bitASSERT_KNOWN only — driven but not functionally verified
prim_secded_inv_39_32_tb 4 uncovered
data_o32-bitASSERT_KNOWN only — driven but not functionally verified
encoded_o39-bitASSERT_KNOWN only — driven but not functionally verified
syndrome_o7-bitASSERT_KNOWN only — driven but not functionally verified
err_o2-bitASSERT_KNOWN only — driven but not functionally verified
prim_secded_inv_64_57_tb 4 uncovered
data_o57-bitASSERT_KNOWN only — driven but not functionally verified
encoded_o64-bitASSERT_KNOWN only — driven but not functionally verified
syndrome_o7-bitASSERT_KNOWN only — driven but not functionally verified
err_o2-bitASSERT_KNOWN only — driven but not functionally verified
prim_secded_inv_72_64_tb 4 uncovered
data_o64-bitASSERT_KNOWN only — driven but not functionally verified
encoded_o72-bitASSERT_KNOWN only — driven but not functionally verified
syndrome_o8-bitASSERT_KNOWN only — driven but not functionally verified
err_o2-bitASSERT_KNOWN only — driven but not functionally verified
prim_secded_inv_hamming_22_16_tb 4 uncovered
data_o16-bitASSERT_KNOWN only — driven but not functionally verified
encoded_o22-bitASSERT_KNOWN only — driven but not functionally verified
syndrome_o6-bitASSERT_KNOWN only — driven but not functionally verified
err_o2-bitASSERT_KNOWN only — driven but not functionally verified
prim_secded_inv_hamming_39_32_tb 4 uncovered
data_o32-bitASSERT_KNOWN only — driven but not functionally verified
encoded_o39-bitASSERT_KNOWN only — driven but not functionally verified
syndrome_o7-bitASSERT_KNOWN only — driven but not functionally verified
err_o2-bitASSERT_KNOWN only — driven but not functionally verified
prim_secded_inv_hamming_72_64_tb 4 uncovered
data_o64-bitASSERT_KNOWN only — driven but not functionally verified
encoded_o72-bitASSERT_KNOWN only — driven but not functionally verified
syndrome_o8-bitASSERT_KNOWN only — driven but not functionally verified
err_o2-bitASSERT_KNOWN only — driven but not functionally verified
alert_handler_class 3 uncovered
alert_cause_o65-bitNo functional coverage
loc_alert_cause_o7-bitNo functional coverage
class_trig_o4-bitNo functional coverage
prim_arbiter_fixed_tb 3 uncovered
idx_o3-bitASSERT_KNOWN only — driven but not functionally verified
valid_o1-bitASSERT_KNOWN only — driven but not functionally verified
data_o32-bitASSERT_KNOWN only — driven but not functionally verified
prim_arbiter_ppc_tb 3 uncovered
idx_o3-bitASSERT_KNOWN only — driven but not functionally verified
valid_o1-bitASSERT_KNOWN only — driven but not functionally verified
data_o32-bitASSERT_KNOWN only — driven but not functionally verified
prim_esc_rxtx_tb 3 uncovered
ping_ok_o1-bitASSERT_KNOWN only — driven but not functionally verified
integ_fail_o1-bitASSERT_KNOWN only — driven but not functionally verified
esc_req_o1-bitASSERT_KNOWN only — driven but not functionally verified
prim_present 3 uncovered
data_o64-bitNo functional coverage
key_o128-bitNo functional coverage
idx_o5-bitNo functional coverage
prim_reg_cdc 3 uncovered
dst_we_o1-bitASSERT_KNOWN only — driven but not functionally verified
dst_re_o1-bitASSERT_KNOWN only — driven but not functionally verified
dst_regwen_o1-bitASSERT_KNOWN only — driven but not functionally verified
prim_fifo_async 2 uncovered
wdepth_o3-bitASSERT_KNOWN only — driven but not functionally verified
rdepth_o3-bitASSERT_KNOWN only — driven but not functionally verified
prim_fifo_async_sram_adapter 2 uncovered
w_sram_addr_o16-bitASSERT_KNOWN only — driven but not functionally verified
r_sram_addr_o16-bitASSERT_KNOWN only — driven but not functionally verified
prim_fifo_sync 2 uncovered
depth_o3-bitASSERT_KNOWN only — driven but not functionally verified
err_o1-bitASSERT_KNOWN only — driven but not functionally verified
prim_gate_gen 2 uncovered
data_o32-bitASSERT_KNOWN only — driven but not functionally verified
valid_o1-bitASSERT_KNOWN only — driven but not functionally verified
prim_packer 2 uncovered
data_o32-bitASSERT_KNOWN only — driven but not functionally verified
mask_o32-bitASSERT_KNOWN only — driven but not functionally verified
prim_pad_wrapper 2 uncovered
in_o1-bitNo functional coverage
in_raw_o1-bitNo functional coverage
prim_reg_cdc_arb 2 uncovered
src_ack_o1-bitNo functional coverage
src_update_o1-bitNo functional coverage
prim_subreg_arb 2 uncovered
wr_en1-bitNo functional coverage
wr_data32-bitNo functional coverage
prim_sync_reqack 2 uncovered
src_ack_o1-bitASSERT_KNOWN only — driven but not functionally verified
dst_req_o1-bitASSERT_KNOWN only — driven but not functionally verified
prim_sync_reqack_data 2 uncovered
src_ack_o1-bitASSERT_KNOWN only — driven but not functionally verified
dst_req_o1-bitASSERT_KNOWN only — driven but not functionally verified
alert_handler_accu 1 uncovered
accu_fail_o1-bitASSERT_KNOWN only — driven but not functionally verified
alert_handler_esc_timer 1 uncovered
esc_cnt_o32-bitASSERT_KNOWN only — driven but not functionally verified
alert_handler_lpg_ctrl 1 uncovered
alert_init_trig_o65-bitASSERT_KNOWN only — driven but not functionally verified
prim_arbiter_ppc 1 uncovered
idx_o3-bitASSERT_KNOWN only — driven but not functionally verified
prim_buf 1 uncovered
out_o1-bitNo functional coverage
prim_clock_inv 1 uncovered
clk_no1-bitASSERT_KNOWN only — driven but not functionally verified
prim_double_lfsr 1 uncovered
state_o8-bitASSERT_KNOWN only — driven but not functionally verified
prim_esc_receiver 1 uncovered
esc_req_o1-bitASSERT_KNOWN only — driven but not functionally verified
prim_flop_no_rst 1 uncovered
q_o1-bitASSERT_KNOWN only — driven but not functionally verified
prim_mubi12_dec 1 uncovered
mubi_dec_o1-bitNo functional coverage
prim_mubi16_dec 1 uncovered
mubi_dec_o1-bitNo functional coverage
prim_mubi20_dec 1 uncovered
mubi_dec_o1-bitNo functional coverage
prim_mubi24_dec 1 uncovered
mubi_dec_o1-bitNo functional coverage
prim_mubi28_dec 1 uncovered
mubi_dec_o1-bitNo functional coverage
prim_mubi32_dec 1 uncovered
mubi_dec_o1-bitNo functional coverage
prim_mubi4_dec 1 uncovered
mubi_dec_o1-bitNo functional coverage
prim_mubi8_dec 1 uncovered
mubi_dec_o1-bitNo functional coverage
prim_packer_fifo 1 uncovered
rdata_o8-bitASSERT_KNOWN only — driven but not functionally verified
prim_rst_sync 1 uncovered
q_o1-bitASSERT_KNOWN only — driven but not functionally verified
prim_slicer 1 uncovered
data_o8-bitNo functional coverage
prim_subst_perm 1 uncovered
data_o64-bitNo functional coverage

Each Run Delivers

Proven assertion set with solver certificates · Intent candidate report with specific signals · Coverage completeness map for all signal classes · Contract edges and boundary closure data · Per-module diagnostic barcodes for every failure · Deterministic output — same RTL in, same results out

April 3, 2026

NVIDIA NVDLA CDP Subsystem

Channel Data Processor from NVIDIA's Deep Learning Accelerator. LUT-based activation functions, floating-point conversion, and post-processing pipeline.

89,484
Lines of Verilog
906
Properties proven
41m 42s
Zero manual assertions
Control signals 496 / 528 — 93.9%
Data signals 16 / 16 — 100%
Signal activity bounds 162 / 162 — 100%
Memory index bounds 41 / 51 — 80.4%
Assume-guarantee closure 405 / 405 — 100%

124 modules analyzed across the full CDP hierarchy — 2,023 registers, LUT register banks (333 address-decoded storage elements), HLS floating-point arithmetic libraries (FP16, FP17, FP32 multipliers, adders, converters), interpolation units, NaN detection, and data conversion pipeline. Same binary that verified CDMA. Cold start, zero configuration, reproducible every run.

Data Plane Coverage

CDMA moved data without transforming it — 0/0 data signal properties. CDP transforms data through LUT-based activation functions and floating-point conversion. 16/16 data signal properties verified at 100%. RTLPreCheck generates and proves structural properties on data-carrying signals, not just control flow.

Memory Index Bounds — 80.4%

41 of 51 memory index bound properties proven. The remaining 10 involve multi-level pointer chains in the LUT control unit where the PDR/IC3 engine is needed to close the induction gap. K-induction alone cannot prove these — the base case holds but the induction step requires an invariant the bounded prover cannot discover. This is a solver limitation, not an RTLPreCheck limitation.

Cross-Module Assume-Guarantee Closure

405 unique contract edges discharged across 124 modules. Port connections validated across the full hierarchy (100% netlist completeness). External inputs cataloged as integration boundary candidates. Zero manual assume-guarantee pairs. Port matching over RTL wiring topology using structural geometry. Validated against Slang elaborated IR.

March 31, 2026

NVIDIA NVDLA CDMA Subsystem

Convolution DMA from NVIDIA's Deep Learning Accelerator. Orchestrates all data movement between external memory and the compute engine.

116,344
Lines of Verilog
362 / 373
Properties proven (97%)
27m 36s
Zero manual assertions
Control signals 258 / 258 — 100%
Data signals (structural) 0 / 0 — N/A
Memory index bounds 7 / 7 — 100%
Signal activity bounds 84 / 84 — 100%
Assume-guarantee closure 236 / 236 — 100%

63 modules analyzed across the full CDMA hierarchy — 5,883 registers, weight/feature/pixel data channels, shared buffer management, DMA mux, and multi-phase sequencing. Cold start, reproducible every run. 940 port connections validated across 3 hierarchy levels (100% netlist completeness). Data plane is N/A because CDMA moves opaque data without transforming values.

All 373 Generated Properties

Every property was generated from RTL structure alone and proven via k-induction. No specifications, no bind files, no testbench.

ModuleProperty TypeSignal / AnchorResult
cklnqd12Signal ActivityQPASS_K
cklnqd12po4Signal ActivityQPASS_K
an2d4po4Signal ActivityZPASS_K

Showing 55 of 373 properties. Full property table available on request.

10 Inapplicable Properties

3 sync integrity checks on dc, img_ctrl, and wg — no CDC sync chain structure found. 3 grant exclusivity checks on RAM logic modules — no arbiter grant signals. 2 decode coverage checks on img_pack and regfile — no structurally defensible decode enable. 1 deadlock freedom check on dc — no self-feedback path. 1 deadlock freedom check on wg — no self-feedback path. BINDING_FAILED = structurally inapplicable. Correct behavior, not a verification gap.

6 Compositionally Delegated Properties

5 RAM logic modules and 1 FIFO module whose registers sit entirely within a parent module's cone of influence. The parent's solver-verified proofs cover the child. Compositionally proven through structural delegation.

1 Induction Limitation

Combinational dependency check on wg where the basecase passes at bounded depth but the k-induction step cannot close at unbounded depth. Stronger proof strategies (IC3/PDR) exist for this case.

Cross-Module Assume-Guarantee Closure

236 unique contract edges discharged across 63 modules. 940 port connections validated (100% netlist completeness). 193 external inputs cataloged as integration boundary candidates. Zero manual pairs.

March 20, 2026

OpenTitan SPI Host Controller

Full-featured SPI peripheral from the lowRISC silicon root-of-trust project

7,842
Lines of SystemVerilog
72 / 75
Properties proven (96%)
2m 39s
Zero manual assertions
Control signals 742 / 742 — 100%
Data signals (structural) 134 / 134 — 100%
Memory index bounds 29 / 29 — 100%
Assume-guarantee closure 876 / 876 — 100%

25 modules analyzed across the full SPI host hierarchy. Cold start, reproducible every run.

3 Inapplicable Properties

Grant exclusivity checks on modules that lack arbiter-style grant chains. BINDING_FAILED = structurally inapplicable.

Cross-Module Assume-Guarantee Closure

876 contract edges automatically discharged across 25 modules. 238 Slang-elaborated wires validated (100% netlist completeness). Zero manual pairs.

March 17, 2026

BOOM RISC-V Out-of-Order Core

SmallBoomV3 from Chipyard

187,356
Lines of SystemVerilog
1,732 / 1,784
Properties proven (97.1%)
46 min
Zero manual assertions
Control signals 4,280 / 4,280 — 100%
Data signals 4,804 / 4,804 — 100%
Memory index bounds 789 / 803 — 98.3%
Assume-guarantee closure 9,084 / 9,084 — 100%

268 modules received automated formal analysis. Every proof ran on an open-source formal solver.

Bug Detection Demo

We injected a 3-line microarchitectural bug into BOOM's reorder buffer. When an exception and a branch mispredict arrive on the exact same cycle, a latch permanently blocks the commit pointer. The processor hangs. Simulation never triggers it.

Clean Design
Rob
F1_EVENTUAL_DRAIN
PASS_KINDUCTION
3 Lines Changed
Rob
F1_EVENTUAL_DRAIN
COUNTEREXAMPLE

Caught in 17 seconds with a concrete counterexample trace. The formal solver explores every reachable state — no random stimulus, no directed tests needed.

Cross-Module Assume-Guarantee Closure

9,084 contract edges automatically discharged across 266 modules. Zero manual pairs.