Note that this tool command will electronically overwrite the RTL reset value without changing your RTL code.<\/p>\n The best part of this technique from an end-user perspective is that when the given property is proven, the proof is valid for the original counter value, and for all time. Conversely, if a counter example (CEX) is found for the property, the CEX would probably be much shorter and easier to interpret than if you used the original counter initialization value. The caveat is that while the \u201cfiring\u201d may be not be a design bug, per se \u2013 the design might require the counter to always start from \u20180\u2019. Again, if this the case, this \u2018X\u2019 method is not useful and other techniques need to be tried.<\/p>\n Another popular and effective way to handle big counters is to replace them with a small state machine model that only considers the critical values of the counter that would trigger interesting design actions. For example, suppose value \u2018m\u2019, \u2018n-1\u2019 and \u2018n\u2019 of the counter are critical. Consider the following state machine as a replacement:<\/p>\n To replace the original counter with this abstract model, we first temporarily bypass\/disable the real design\u2019s driving logic \u2013 without altering the source RTL in any way \u2013 by electronically \u201ccutting\u201d the original counter signal with the tool command \u201cnetlist cutpoint\u201d to make it a free variable and then add constraints to it. Since this abstracted counter has only 4 states — much less than the original — the formal engines will be able to reach interesting design states much faster!<\/p>\n Here is an example.<\/p>\n The Makefile to run the test is as follows. The \u201cabs_cnt.do\u201d contains the TCL commands to define the abstract counter for \u201ccnt\u201d in the design. The assertion \u201cassert_action3\u201d should be fired due to the error in RTL that drives \u201caction\u201d to be 2\u2019d2 when \u201ccnt==8\u2019hf1\u201d.<\/p>\n The \u201cabs_cnt.do\u201d file is as follows.<\/p>\n The error trace from using abstract counter is as follows. The firing happened at cycle 4 that is short and easy for debugging the problem.<\/p>\n If we remove \u201cdo abs_cnt.do\u201d from \u201cMakefile\u201d and rerun the test by using original \u201ccnt\u201d defined in the RTL, we will get error trace similar to the following one. We can see the firing happened at cycle 242 that is much longer than the one using abstract version of \u201ccnt\u201d. In real big designs, it may be impossible to formal to converge for big counters without abstraction.<\/p>\n Note that this strategy should mainly be used for bug-hunting \u2013 a full proof from this approach is not going to be valid if the rest of design relies on a particular number of cycles in between counter values. Again, as noted above, any CEX\u2019s must be carefully reviewed to confirm the firing is being caused by design bug and not an overly-abstracted counter model.<\/p>\n Now that all your counters have been tamed, the next beasts to deal with are all the memories. We will show you how in Part 5 \u2026<\/p>\n Until then, may your state spaces be shallow, and your analyses be exhaustive!<\/p>\n Jin Hou and Joe Hupcey III Reference Links:<\/p>\n Part 1: Finding Where Formal Got Stuck and Some Initial Corrective Steps to Take<\/a><\/p>\n Part 2: Reducing the Complexity of Your Assumptions<\/a><\/p>\n![\"\"](\"https:\/\/blogs.sw.siemens.com\/wp-content\/uploads\/sites\/54\/2018\/09\/Part-4-code-example-1.jpg\")
<\/a><\/p>\n![\"\"](\"https:\/\/blogs.sw.siemens.com\/wp-content\/uploads\/sites\/54\/2018\/09\/Part-4-Fig-1-state-machine-instead-of-counter.jpg\")
<\/a>![\"\"](\"https:\/\/blogs.sw.siemens.com\/wp-content\/uploads\/sites\/54\/2018\/09\/Part-4-code-example-2.jpg\")
<\/a><\/p>\n![\"\"](\"https:\/\/blogs.sw.siemens.com\/wp-content\/uploads\/sites\/54\/2018\/09\/Part-4-code-example-3.jpg\")
<\/a><\/p>\n![\"\"](\"https:\/\/blogs.sw.siemens.com\/wp-content\/uploads\/sites\/54\/2018\/09\/Part-4-code-example-4.jpg\")
<\/a><\/p>\n![\"\"](\"https:\/\/blogs.sw.siemens.com\/wp-content\/uploads\/sites\/54\/2018\/09\/Part-4-Fig-2.jpg\")
<\/a><\/p>\n![\"\"](\"https:\/\/blogs.sw.siemens.com\/wp-content\/uploads\/sites\/54\/2018\/09\/Part-4-Fig-3.jpg\")
<\/a><\/p>\n
\nfor The Questa Formal Team<\/p>\n