Definition

A Design Under Verification (DUV) is the hardware design or circuit whose behavior is being checked by a verification methodology. In property-suite and RTL-verification settings, properties describe the DUV's internal-state changes and output behavior for operations such as processor instructions. The DUV may be an RTL implementation checked against formal properties or SystemVerilog Assertions (SVA). [DUV-property-view] [DUV-RTL-impl]

Knowledge Requirements

Compared to simulation-based approaches, formal verification requires a deep knowledge of the internals of the DUV in order to write useful assertions. This is a central motivation for automating formal verification of well-defined classes of circuits, because it eases the migration from simulation to formal methods. [DUV-deep-knowledge]

Role in Property-Based Verification

In formal property checking, the intended behavior of a design can be expressed as safety properties. Interval Property Checking (IPC) checks bounded safety properties with SAT-based techniques and uses arbitrary starting states rather than only the initial state. If a property holds from an arbitrary state, it also holds from any reachable state, giving exhaustive verification for that property; counterexamples from unreachable states can be addressed by adding invariants. [IPC-DUV-verification]

A complete property suite aims to cover every possible input scenario, or transaction sequence, with a chain of properties that predicts states and outputs at every point in time. Under this view, any two designs satisfying all properties in a complete suite are formally equivalent. The equivalence of the property suite and the DUV is established by chaining the generated properties, with each property consisting of an assume part (assumption A) and a prove part (consequent C). [complete-property-suite] [property-DUV-chaining]

Completeness analysis checks include whether successor properties exist with matching assumptions, whether the successor is uniquely determined, and whether each property uniquely describes the DUV's outputs and states. [complete-property-suite]

Architectural-State Abstraction

For processor verification, the DUV can be described through a high-level operation view: each property captures the effect of executing a single instruction on the internal state and outputs. The state of the DUV is described in terms of an Architectural State, corresponding to the programmer-visible registers of the design. Mapping functions connect this architectural state to the implementation, for example by hiding pipeline forwarding logic behind an architectural register-file view. [architectural-state-abstraction]

This abstraction makes operation properties resemble a high-level specification while still being checked against the RTL. In an architectural-style formulation, verification explicitly models architectural state and interfaces to memories or ports, and defines a next_state macro describing the effect of instructions and interrupts on that state. [architectural-style]

Consistency Assertions for the DUV

While instruction properties describe the processing of a single instruction through the pipeline, a set of consistency assertions is automatically generated alongside them to cover the overall correctness of the DUV. These assertions ensure the correct interaction of multiple instructions and the consistent pipeline behavior when no instruction is present in a dedicated stage. For example, they check that empty stages will not update any state elements, and that instructions do not overwrite each other or cause empty pipeline stages to have an effect on the visible registers or issue-interface transactions. Consistency assertions also help the user find an appropriate architectural mapping by giving feedback for debugging when a property fails. [consistency-assertions] [consistency-feedback]

The overall verification is fail-safe: it cannot succeed if the DUV is not correct, but even for a correct design, finding the appropriate mapping functions can be difficult, and failing consistency assertions can guide the user to mapping functions that need revision. [consistency-fail-safe]

Relation to Assertion Generation

In SystemVerilog Assertion workflows, creating useful assertions requires expertise in both temporal logic and the design under verification. Recent tool-augmented approaches generate assertions from natural-language specifications by gathering design context (e.g., semantic search over an AST-indexed vector database and structural queries) and refining assertions with formal proof feedback over multiple verification rounds, illustrating that the DUV's structure and signals are central to assertion correctness. Such approaches are evaluated on design-to-SVA benchmarks, achieving high syntax and functional correctness. [SVA-DUV-context] [ProofLoop-evaluation]

Verification Tools and Tool Chains

The generated property suite can be formally verified against the RTL of the DUV using commercial formal-verification tools that support the required spectrum of techniques, from the verification of SystemVerilog assertions all the way to automatic completeness analysis. Such tools offer IPC and k-induction proof engines with sufficient capacity and performance to handle complete verification of processors, and have been applied to industrial processor designs. [verification-tools] [IPC-k-induction]

The overall effort for verifying a DUV can be reduced significantly compared to manual complete formal verification by adopting a structured, architecture-driven approach to property-suite generation. [structured-verification]