Add SymbiYosys formal verification for 6 modules, fix 2 doppler bugs

Formal verification (SymbiYosys + smtbmc/z3): - cdc_single_bit: BMC PASS depth 80, cover PASS 3/3 - cdc_handshake: BMC PASS depth 100, cover PASS 4/4 - cdc_adc_to_processing: BMC PASS depth 80, cover PASS - radar_mode_controller: BMC PASS depth 200, cover PASS 8/8 - range_bin_decimator: cover PASS 7/7, BMC running (step 61+) - doppler_processor: cover running (step 133/150), BMC running (step 35+) DUT bug fixes found by formal: - doppler_processor: write_chirp_index overflow past CHIRPS_PER_FRAME-1 in S_ACCUMULATE frame-complete branch (reset to 0) - doppler_processor: read_doppler_index unclamped prefetch in S_LOAD_FFT causing OOB BRAM reads (clamped to DOPPLER_FFT_SIZE-1) CDC fix (prior session, included): - cdc_modules: async reset changed to sync reset on all CDC sync chains to prevent metastability on reset deassertion RTL changes for formal observability: - Added ifdef FORMAL output ports to cdc_handshake (6), cdc_adc (2), radar_mode_controller (2), range_bin_decimator (5), doppler_processor (11)
2026-03-17 12:47:22 +02:00
parent a9c857c447
commit fb59e98737
17 changed files with 1979 additions and 14 deletions
@@ -75,6 +75,12 @@ module radar_mode_controller #(
    // Status
    output wire scanning,       // 1 = scan in progress
    output wire scan_complete   // pulse when full scan done
+
+`ifdef FORMAL
+    ,
+    output wire [2:0]  fv_scan_state,
+    output wire [17:0] fv_timer
+`endif
 );

 // ============================================================================
@@ -94,6 +100,11 @@ localparam S_ADVANCE     = 3'd6;
 // Timing counter
 reg [17:0] timer;  // enough for up to 262143 cycles (~2.6ms at 100 MHz)

+`ifdef FORMAL
+assign fv_scan_state = scan_state;
+assign fv_timer      = timer;
+`endif
+
 // Edge detection for STM32 pass-through
 reg stm32_new_chirp_prev;
 reg stm32_new_elevation_prev;