Core Linear Temporal Logic Operators #
These operators form the foundation of LTL for hardware verification.
All operators work on Signal d Bool predicates.
always P - Property P holds at ALL future time steps.
Semantics: ∀ t, P.atTime t = true
Example:
theorem counter_never_exceeds_max :
always (counter.map (· < 256))
Instances For
eventually P - Property P holds at SOME future time step.
Semantics: ∃ t, P.atTime t = true
Example:
theorem done_flag_set :
eventually (done.map (· == true))
Instances For
next n P - Property P holds exactly n cycles in the future.
Semantics: ∀ t, P.atTime (t + n) = true
Example:
theorem pipeline_latency :
next 3 (output.map (· == expected))
Instances For
Until P Q - Property P holds until Q becomes true.
Semantics: ∃ t, Q.atTime t = true ∧ (∀ t' < t, P.atTime t' = true)
Example:
theorem busy_until_done :
Until (busy.map id) (done.map id)
Equations
Instances For
Derived Temporal Operators #
These are convenience operators defined in terms of the core LTL operators.
implies P Q - Temporal implication: whenever P holds, Q also holds.
Semantics: ∀ t, P.atTime t = true → Q.atTime t = true
Equations
Instances For
release P Q - Dual of until: Q holds until and including when P holds.
Semantics: ∀ t, (Q.atTime t = true) ∨ (∃ t' ≤ t, P.atTime t' = true ∧ ∀ t'' < t', Q.atTime t'' = true)
Equations
Instances For
WeakUntil P Q - Like Until, but P can hold forever if Q never becomes true.
Semantics: (∃ t, Q.atTime t ∧ ∀ t' < t, P.atTime t') ∨ (∀ t, P.atTime t)
Equations
Instances For
Optimization-Enabling Operators #
These operators specifically enable cycle-skipping optimizations when proven. They express stability properties that allow the simulator to skip evaluations.
stableFor s v n - Signal s maintains value v for exactly n cycles.
This is the KEY property that enables cycle skipping optimization. When proven, the simulator can skip n-1 evaluation cycles.
Example:
theorem reset_stable :
stableFor counter 0 10 -- Counter stays 0 for 10 cycles
Equations
Instances For
stableWhile s cond - Signal s remains constant while condition holds.
Example:
theorem idle_stable :
stableWhile state (isIdle.map id)
Equations
Instances For
monotonic s - Signal s is monotonically increasing.
Useful for counters and timers. While not enabling cycle skipping, helps prove other temporal properties.
Instances For
Temporal Induction Principles #
Helper lemmas and tactics for proving temporal properties.
Induction principle for stableFor:
To prove signal stays stable for n cycles, prove base case and preservation.
Note: This is a placeholder theorem for future proof development.
Composition lemma: If P always holds and P implies Q, then Q always holds.
Eventually is weaker than always: if P always holds, it eventually holds.
Temporal Oracle Interface (Future Work) #
This interface will be used by an optimized simulator to enable cycle skipping. Currently a placeholder for future implementation.
Temporal Oracle: Queries proven temporal properties to enable cycle skipping.
The oracle checks if a signal has a proven stability property and returns how many cycles can be safely skipped.
Query if we can skip cycles for a given signal property
- soundness {α : Type} [BEq α] (s : Core.Signal.Signal d α) (v : α) (n : Nat) : self.canSkip α s v = some n → stableFor s v n
Proof that canSkip is sound: if it returns n, the signal is stable for n cycles
Instances For
Empty oracle: no optimizations available. This is the default for standard simulation.
Equations
- Sparkle.Verification.Temporal.emptyOracle = { canSkip := fun (x : Type) [BEq x] (x_1 : Sparkle.Core.Signal.Signal d x) (x_2 : x) => none, soundness := ⋯ }
Instances For
Notation and Helpers #
Convenient notation for temporal formulas.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Equations
- One or more equations did not get rendered due to their size.
Instances For
Equations
- One or more equations did not get rendered due to their size.
Instances For
Equations
- One or more equations did not get rendered due to their size.
Instances For
Equations
- One or more equations did not get rendered due to their size.
Instances For
Equations
- One or more equations did not get rendered due to their size.
Instances For
Check if a signal satisfies a property at a specific time.
Equations
Instances For
Check if a signal satisfies a property for a duration.
Instances For
Examples and Documentation #
See Examples/TemporalLogicExample.md for comprehensive usage examples.