Ver2Smv - A Tool for Automatic Verilog to nuXmv Language Translation for Verification of Digital Circuits

### Mishal Minhas, <u>Osman Hasan</u>, Kashif Saghar System Analysis and Verification (SAVe) Lab National University of Sciences and Technology Islamabad, Pakistan

**ICEET-2018** 

Lahore, Pakistan







- Introduction and Motivation
- Proposed Approach
- □ Formal Analysis of Sequential RTL Verilog
- Conclusions

# Hardware Verification

- 8 Bit Adder
- Model
  - VHDL/Verilog
- Test Cases

| Test vectors (x,y) | System output (z) | z=x+y |
|--------------------|-------------------|-------|
| (1,1)              | 2                 | True  |
| (4,0)              | 4                 | True  |
| (100,100)          | 200               | True  |
| (127,127)          | 254               | True  |

 Conclusion: The property is true as it is found to be true for all the test vectors used



## Safety-Critical Systems

#### Accuracy is Extremely Important

• Failure can cause loss of life or severe injury



O.Hasan

# Faulty Systems can be disastrous

### **FDIV** bug in Intel Pentium (60 Mhz, 90Mhz)

Hardware error in the floating point division unit
 expected precision up to 18 positions
 in practice, only 4 positions
 Example:

 5505001 / 294911
 wrong answer: 18.66600093

• expected answer: 18.6665197



□ Resulted in net loss of US \$500M to the company in 1994

# **Solution: Formal Methods**

 System Validation technique that bridges the gap between Paper-andpencil proof methods and testing



- Shares their advantages
  - As precise as a mathematical proof can be
  - Computers are used for bookkeeping
- Not as straightforward to use as testing

# **Formal Verification Methods**

- Based on Mathematical techniques
  - Construct a computer-based mathematical model of the VHDL/Verilog model (*implementation*)
  - Use mathematical reasoning to check if the implementation satisfies the properties of interest (*specifications or assertions*) in a computerized environment

# **Problem Description**



MODULE counter\_cell(carry\_in)
VAR
value : boolean;
ASSIGN
init(value) := FALSE;
next(value) := value xor carry\_in;
DEFINE
carry\_out := value & carry\_in;
MODULE main
VAR
bit0 : counter\_cell(TRUE);
bit1 : counter\_cell(bit0.carry\_out);
bit2 : counter cell(bit1.carry out);

**Assertions** describe how the circuit should behave

LTLSPEC

G F bit2.carry\_out

Formal Modeling at the RTL level and writing quality assertions manually requires a lot of effort and time – not effective for industrial applications

## **Related Work**

#### EBMC – Enhanced Bounded Model Checker

- Reads Verilog designs with properties in LTL or System Verilog Assertions
- Outputs boolean level MC problem in SMV
- Uses BMC and/or k-induction

**Limitation:** Slow performance

#### Verilog2smv - Translator for Verilog Designs

- Open source
- Reads Verilog with Assertions
- Outputs a word-level MC problem in SMV

**Limitation:** Assertions are written manually by user

# **Proposed Approach**

Generates the SystemVerilog Assertions and then translates the circuit's implementation and assertions to SMV model for automatic formal verification



## Formal Analysis of Sequential RTL Verilog

#### **Sequential Circuit**



Assertions generated automatically

#### **Translated SMV Model**



# Conclusions

- Extensive **Circuit Simulations** require heavy computations and can still result in faulty hardware and uncertainties
- Formal analysis of digital circuits require a formal model with desired properties
  - Writing a circuit's formal model **manually is ineffective**
  - Property specification requires effort and time
- Proposed methodology presents a tool to **automate** this process that ensures **minimum user involvement** with **complete verification**

## Thanks!



SCHOOL OF ELECTRICAL ENGINEERING & COMPUTER SCIENCE (SEECS)





O.Hasan

13