Necessity and sufficiency of the formal property set for complete functional correctness

Determine whether the set of 21 SystemVerilog Assertions (seven assert properties and fourteen cover properties) used to formally verify the Data BUS Interface block of the microprocessor IP is both necessary and sufficient to prove the block’s functional correctness in every possible valid scenario and for all values of the configuration parameter Address_Width_1.

Background

The methodology was applied to a microprocessor IP and a block-level formal verification was performed on the Data BUS Interface, a combinational logic largely composed of case statements. The authors wrote 21 properties (seven assert and fourteen cover) and reported that all properties were proven.

Despite these proofs, the authors explicitly raise the question of whether the chosen property set achieves completeness—i.e., whether it is necessary and sufficient to guarantee functional correctness under all valid configurations and scenarios. They note that formal coverage helps assess completeness but acknowledge that this key question remains unresolved.

References

The properties proved in the formal tool during verification are necessary to prove the functional correctness of the design. However, a more significant question, if these properties are necessary and sufficient to prove the functional correctness of the design in every possible valid scenario, remains open.

A Semi-Formal Verification Methodology for Efficient Configuration Coverage of Highly Configurable Digital Designs  (2405.01572 - Kumar et al., 2024) in Section 6.2 (Formal Verification of Blocks), paragraph after Figure 13