Documentation

Sparkle.Verification.Temporal

Core Linear Temporal Logic Operators #

These operators form the foundation of LTL for hardware verification. All operators work on Signal d Bool predicates.

always P - Property P holds at ALL future time steps.

Semantics: ∀ t, P.atTime t = true

Example:

theorem counter_never_exceeds_max :
  always (counter.map (· < 256))
Equations
Instances For

    eventually P - Property P holds at SOME future time step.

    Semantics: ∃ t, P.atTime t = true

    Example:

    theorem done_flag_set :
      eventually (done.map (· == true))
    
    Equations
    Instances For

      next n P - Property P holds exactly n cycles in the future.

      Semantics: ∀ t, P.atTime (t + n) = true

      Example:

      theorem pipeline_latency :
        next 3 (output.map (· == expected))
      
      Equations
      Instances For

        Until P Q - Property P holds until Q becomes true.

        Semantics: ∃ t, Q.atTime t = true ∧ (∀ t' < t, P.atTime t' = true)

        Example:

        theorem busy_until_done :
          Until (busy.map id) (done.map id)
        
        Equations
        Instances For

          Derived Temporal Operators #

          These are convenience operators defined in terms of the core LTL operators.

          implies P Q - Temporal implication: whenever P holds, Q also holds.

          Semantics: ∀ t, P.atTime t = true → Q.atTime t = true

          Equations
          Instances For

            release P Q - Dual of until: Q holds until and including when P holds.

            Semantics: ∀ t, (Q.atTime t = true) ∨ (∃ t' ≤ t, P.atTime t' = true ∧ ∀ t'' < t', Q.atTime t'' = true)

            Equations
            Instances For

              WeakUntil P Q - Like Until, but P can hold forever if Q never becomes true.

              Semantics: (∃ t, Q.atTime t ∧ ∀ t' < t, P.atTime t') ∨ (∀ t, P.atTime t)

              Equations
              Instances For

                Optimization-Enabling Operators #

                These operators specifically enable cycle-skipping optimizations when proven. They express stability properties that allow the simulator to skip evaluations.

                stableFor s v n - Signal s maintains value v for exactly n cycles.

                This is the KEY property that enables cycle skipping optimization. When proven, the simulator can skip n-1 evaluation cycles.

                Example:

                theorem reset_stable :
                  stableFor counter 0 10  -- Counter stays 0 for 10 cycles
                
                Equations
                Instances For

                  stableWhile s cond - Signal s remains constant while condition holds.

                  Example:

                  theorem idle_stable :
                    stableWhile state (isIdle.map id)
                  
                  Equations
                  Instances For

                    monotonic s - Signal s is monotonically increasing.

                    Useful for counters and timers. While not enabling cycle skipping, helps prove other temporal properties.

                    Equations
                    Instances For

                      Temporal Induction Principles #

                      Helper lemmas and tactics for proving temporal properties.

                      Induction principle for always: To prove ∀ t, P(t), prove P(0) and P(t) → P(t+1).

                      theorem Sparkle.Verification.Temporal.stableFor_induction {d : Core.Domain.DomainConfig} {α : Type} [BEq α] (s : Core.Signal.Signal d α) (v : α) (n : Nat) :
                      (s.atTime 0 == v) = true(∀ (t : Nat), t < n(s.atTime t == v) = true → (s.atTime (t + 1) == v) = true)stableFor s v (n + 1)

                      Induction principle for stableFor: To prove signal stays stable for n cycles, prove base case and preservation.

                      Note: This is a placeholder theorem for future proof development.

                      Composition lemma: If P always holds and P implies Q, then Q always holds.

                      Eventually is weaker than always: if P always holds, it eventually holds.

                      Temporal Oracle Interface (Future Work) #

                      This interface will be used by an optimized simulator to enable cycle skipping. Currently a placeholder for future implementation.

                      Temporal Oracle: Queries proven temporal properties to enable cycle skipping.

                      The oracle checks if a signal has a proven stability property and returns how many cycles can be safely skipped.

                      Instances For

                        Empty oracle: no optimizations available. This is the default for standard simulation.

                        Equations
                        Instances For

                          Notation and Helpers #

                          Convenient notation for temporal formulas.

                          Equations
                          • One or more equations did not get rendered due to their size.
                          Instances For
                            Equations
                            • One or more equations did not get rendered due to their size.
                            Instances For
                              Equations
                              • One or more equations did not get rendered due to their size.
                              Instances For
                                Equations
                                • One or more equations did not get rendered due to their size.
                                Instances For
                                  Equations
                                  • One or more equations did not get rendered due to their size.
                                  Instances For
                                    Equations
                                    • One or more equations did not get rendered due to their size.
                                    Instances For

                                      Check if a signal satisfies a property at a specific time.

                                      Equations
                                      Instances For

                                        Check if a signal satisfies a property for a duration.

                                        Equations
                                        Instances For

                                          Examples and Documentation #

                                          See Examples/TemporalLogicExample.md for comprehensive usage examples.