| |
| % IEEEtran howto: |
| % http://ftp.univie.ac.at/packages/tex/macros/latex/contrib/IEEEtran/IEEEtran_HOWTO.pdf |
| \documentclass[9pt,technote,a4paper]{IEEEtran} |
| |
| \usepackage[T1]{fontenc} % required for luximono! |
| \usepackage[scaled=0.8]{luximono} % typewriter font with bold face |
| |
| % To install the luximono font files: |
| % getnonfreefonts-sys --all or |
| % getnonfreefonts-sys luximono |
| % |
| % when there are trouble you might need to: |
| % - Create /etc/texmf/updmap.d/99local-luximono.cfg |
| % containing the single line: Map ul9.map |
| % - Run update-updmap followed by mktexlsr and updmap-sys |
| % |
| % This commands must be executed as root with a root environment |
| % (i.e. run "sudo su" and then execute the commands in the root |
| % shell, don't just prefix the commands with "sudo"). |
| |
| \usepackage[unicode,bookmarks=false]{hyperref} |
| \usepackage[english]{babel} |
| \usepackage[utf8]{inputenc} |
| \usepackage{amssymb} |
| \usepackage{amsmath} |
| \usepackage{amsfonts} |
| \usepackage{units} |
| \usepackage{nicefrac} |
| \usepackage{eurosym} |
| \usepackage{graphicx} |
| \usepackage{verbatim} |
| \usepackage{algpseudocode} |
| \usepackage{scalefnt} |
| \usepackage{xspace} |
| \usepackage{color} |
| \usepackage{colortbl} |
| \usepackage{multirow} |
| \usepackage{hhline} |
| \usepackage{listings} |
| \usepackage{float} |
| |
| \usepackage{tikz} |
| \usetikzlibrary{calc} |
| \usetikzlibrary{arrows} |
| \usetikzlibrary{scopes} |
| \usetikzlibrary{through} |
| \usetikzlibrary{shapes.geometric} |
| |
| \lstset{basicstyle=\ttfamily,frame=trBL,xleftmargin=2em,xrightmargin=1em,numbers=left} |
| |
| \begin{document} |
| |
| \title{Yosys Application Note 012: \\ Converting Verilog to BTOR} |
| \author{Ahmed Irfan and Clifford Wolf \\ April 2015} |
| \maketitle |
| |
| \begin{abstract} |
| Verilog-2005 is a powerful Hardware Description Language (HDL) that |
| can be used to easily create complex designs from small HDL code. |
| BTOR~\cite{btor} is a bit-precise word-level format for model |
| checking. It is a simple format and easy to parse. It allows to model |
| the model checking problem over the theory of bit-vectors with |
| one-dimensional arrays, thus enabling to model Verilog designs with |
| registers and memories. Yosys~\cite{yosys} is an Open-Source Verilog |
| synthesis tool that can be used to convert Verilog designs with simple |
| assertions to BTOR format. |
| |
| \end{abstract} |
| |
| \section{Installation} |
| |
| Yosys written in C++ (using features from C++11) and is tested on |
| modern Linux. It should compile fine on most UNIX systems with a |
| C++11 compiler. The README file contains useful information on |
| building Yosys and its prerequisites. |
| |
| Yosys is a large and feature-rich program with some dependencies. For |
| this work, we may deactivate other extra features such as {\tt TCL} |
| and {\tt ABC} support in the {\tt Makefile}. |
| |
| \bigskip |
| |
| This Application Note is based on GIT Rev. {\tt 082550f} from |
| 2015-04-04 of Yosys~\cite{yosys}. |
| |
| \section{Quick Start} |
| |
| We assume that the Verilog design is synthesizable and we also assume |
| that the design does not have multi-dimensional memories. As BTOR |
| implicitly initializes registers to zero value and memories stay |
| uninitialized, we assume that the Verilog design does |
| not contain initial blocks. For more details about the BTOR format, |
| please refer to~\cite{btor}. |
| |
| We provide a shell script {\tt verilog2btor.sh} which can be used to |
| convert a Verilog design to BTOR. The script can be found in the |
| {\tt backends/btor} directory. The following example shows its usage: |
| |
| \begin{figure}[H] |
| \begin{lstlisting}[language=sh,numbers=none] |
| verilog2btor.sh fsm.v fsm.btor test |
| \end{lstlisting} |
| \renewcommand{\figurename}{Listing} |
| \caption{Using verilog2btor script} |
| \end{figure} |
| |
| The script {\tt verilog2btor.sh} takes three parameters. In the above |
| example, the first parameter {\tt fsm.v} is the input design, the second |
| parameter {\tt fsm.btor} is the file name of BTOR output, and the third |
| parameter {\tt test} is the name of top module in the design. |
| |
| To specify the properties (that need to be checked), we have two |
| options: |
| \begin{itemize} |
| \item We can use the Verilog {\tt assert} statement in the procedural block |
| or module body of the Verilog design, as shown in |
| Listing~\ref{specifying_property_assert}. This is the preferred option. |
| \item We can use a single-bit output wire, whose name starts with |
| {\tt safety}. The value of this output wire needs to be driven low |
| when the property is met, i.e. the solver will try to find a model |
| that makes the safety pin go high. This is demonstrated in |
| Listing~\ref{specifying_property_output}. |
| \end{itemize} |
| |
| \begin{figure}[H] |
| \begin{lstlisting}[language=Verilog,numbers=none] |
| module test(input clk, input rst, output y); |
| |
| reg [2:0] state; |
| |
| always @(posedge clk) begin |
| if (rst || state == 3) begin |
| state <= 0; |
| end else begin |
| assert(state < 3); |
| state <= state + 1; |
| end |
| end |
| |
| assign y = state[2]; |
| |
| assert property (y !== 1'b1); |
| |
| endmodule |
| \end{lstlisting} |
| \renewcommand{\figurename}{Listing} |
| \caption{Specifying property in Verilog design with {\tt assert}} |
| \label{specifying_property_assert} |
| \end{figure} |
| |
| \begin{figure}[H] |
| \begin{lstlisting}[language=Verilog,numbers=none] |
| module test(input clk, input rst, |
| output y, output safety1); |
| |
| reg [2:0] state; |
| |
| always @(posedge clk) begin |
| if (rst || state == 3) |
| state <= 0; |
| else |
| state <= state + 1; |
| end |
| |
| assign y = state[2]; |
| |
| assign safety1 = !(y !== 1'b1); |
| |
| endmodule |
| \end{lstlisting} |
| \renewcommand{\figurename}{Listing} |
| \caption{Specifying property in Verilog design with output wire} |
| \label{specifying_property_output} |
| \end{figure} |
| |
| We can run Boolector~\cite{boolector}~$1.4.1$\footnote{ |
| Newer version of Boolector do not support sequential models. |
| Boolector 1.4.1 can be built with picosat-951. Newer versions |
| of picosat have an incompatible API.} on the generated BTOR |
| file: |
| |
| \begin{figure}[H] |
| \begin{lstlisting}[language=sh,numbers=none] |
| $ boolector fsm.btor |
| unsat |
| \end{lstlisting} |
| \renewcommand{\figurename}{Listing} |
| \caption{Running boolector on BTOR file} |
| \end{figure} |
| |
| We can also use nuXmv~\cite{nuxmv}, but on BTOR designs it does not |
| support memories yet. With the next release of nuXmv, we will be also |
| able to verify designs with memories. |
| |
| \section{Detailed Flow} |
| |
| Yosys is able to synthesize Verilog designs up to the gate level. |
| We are interested in keeping registers and memories when synthesizing |
| the design. For this purpose, we describe a customized Yosys synthesis |
| flow, that is also provided by the {\tt verilog2btor.sh} script. |
| Listing~\ref{btor_script_memory} shows the Yosys commands that are |
| executed by {\tt verilog2btor.sh}. |
| |
| \begin{figure}[H] |
| \begin{lstlisting}[language=sh] |
| read_verilog -sv $1; |
| hierarchy -top $3; hierarchy -libdir $DIR; |
| hierarchy -check; |
| proc; opt; |
| opt_expr -mux_undef; opt; |
| rename -hide;;; |
| splice; opt; |
| memory_dff -wr_only; memory_collect;; |
| flatten;; |
| memory_unpack; |
| splitnets -driver; |
| setundef -zero -undriven; |
| opt;;; |
| write_btor $2; |
| \end{lstlisting} |
| \renewcommand{\figurename}{Listing} |
| \caption{Synthesis Flow for BTOR with memories} |
| \label{btor_script_memory} |
| \end{figure} |
| |
| Here is short description of what is happening in the script line by |
| line: |
| |
| \begin{enumerate} |
| \item Reading the input file. |
| \item Setting the top module in the hierarchy and trying to read |
| automatically the files which are given as {\tt include} in the file |
| read in first line. |
| \item Checking the design hierarchy. |
| \item Converting processes to multiplexers (muxs) and flip-flops. |
| \item Removing undef signals from muxs. |
| \item Hiding all signal names that are not used as module ports. |
| \item Explicit type conversion, by introducing slice and concat cells |
| in the circuit. |
| \item Converting write memories to synchronous memories, and |
| collecting the memories to multi-port memories. |
| \item Flattening the design to get only one module. |
| \item Separating read and write memories. |
| \item Splitting the signals that are partially assigned |
| \item Setting undef to zero value. |
| \item Final optimization pass. |
| \item Writing BTOR file. |
| \end{enumerate} |
| |
| For detailed description of the commands mentioned above, please refer |
| to the Yosys documentation, or run {\tt yosys -h \it command\_name}. |
| |
| The script presented earlier can be easily modified to have a BTOR |
| file that does not contain memories. This is done by removing the line |
| number~8 and 10, and introduces a new command {\tt memory} at line |
| number~8. Listing~\ref{btor_script_without_memory} shows the |
| modified Yosys script file: |
| |
| \begin{figure}[H] |
| \begin{lstlisting}[language=sh,numbers=none] |
| read_verilog -sv $1; |
| hierarchy -top $3; hierarchy -libdir $DIR; |
| hierarchy -check; |
| proc; opt; |
| opt_expr -mux_undef; opt; |
| rename -hide;;; |
| splice; opt; |
| memory;; |
| flatten;; |
| splitnets -driver; |
| setundef -zero -undriven; |
| opt;;; |
| write_btor $2; |
| \end{lstlisting} |
| \renewcommand{\figurename}{Listing} |
| \caption{Synthesis Flow for BTOR without memories} |
| \label{btor_script_without_memory} |
| \end{figure} |
| |
| \section{Example} |
| |
| Here is an example Verilog design that we want to convert to BTOR: |
| |
| \begin{figure}[H] |
| \begin{lstlisting}[language=Verilog,numbers=none] |
| module array(input clk); |
| |
| reg [7:0] counter; |
| reg [7:0] mem [7:0]; |
| |
| always @(posedge clk) begin |
| counter <= counter + 8'd1; |
| mem[counter] <= counter; |
| end |
| |
| assert property (!(counter > 8'd0) || |
| mem[counter - 8'd1] == counter - 8'd1); |
| |
| endmodule |
| \end{lstlisting} |
| \renewcommand{\figurename}{Listing} |
| \caption{Example - Verilog Design} |
| \label{example_verilog} |
| \end{figure} |
| |
| The generated BTOR file that contain memories, using the script shown |
| in Listing~\ref{btor_script_memory}: |
| \begin{figure}[H] |
| \begin{lstlisting}[numbers=none] |
| 1 var 1 clk |
| 2 array 8 3 |
| 3 var 8 $auto$rename.cc:150:execute$20 |
| 4 const 8 00000001 |
| 5 sub 8 3 4 |
| 6 slice 3 5 2 0 |
| 7 read 8 2 6 |
| 8 slice 3 3 2 0 |
| 9 add 8 3 4 |
| 10 const 8 00000000 |
| 11 ugt 1 3 10 |
| 12 not 1 11 |
| 13 const 8 11111111 |
| 14 slice 1 13 0 0 |
| 15 one 1 |
| 16 eq 1 1 15 |
| 17 and 1 16 14 |
| 18 write 8 3 2 8 3 |
| 19 acond 8 3 17 18 2 |
| 20 anext 8 3 2 19 |
| 21 eq 1 7 5 |
| 22 or 1 12 21 |
| 23 const 1 1 |
| 24 one 1 |
| 25 eq 1 23 24 |
| 26 cond 1 25 22 24 |
| 27 root 1 -26 |
| 28 cond 8 1 9 3 |
| 29 next 8 3 28 |
| \end{lstlisting} |
| \renewcommand{\figurename}{Listing} |
| \caption{Example - Converted BTOR with memory} |
| \label{example_btor} |
| \end{figure} |
| |
| And the BTOR file obtained by the script shown in |
| Listing~\ref{btor_script_without_memory}, which expands the memory |
| into individual elements: |
| \begin{figure}[H] |
| \begin{lstlisting}[numbers=none,escapechar=@] |
| 1 var 1 clk |
| 2 var 8 mem[0] |
| 3 var 8 $auto$rename.cc:150:execute$20 |
| 4 slice 3 3 2 0 |
| 5 slice 1 4 0 0 |
| 6 not 1 5 |
| 7 slice 1 4 1 1 |
| 8 not 1 7 |
| 9 slice 1 4 2 2 |
| 10 not 1 9 |
| 11 and 1 8 10 |
| 12 and 1 6 11 |
| 13 cond 8 12 3 2 |
| 14 cond 8 1 13 2 |
| 15 next 8 2 14 |
| 16 const 8 00000001 |
| 17 add 8 3 16 |
| 18 const 8 00000000 |
| 19 ugt 1 3 18 |
| 20 not 1 19 |
| 21 var 8 mem[2] |
| 22 and 1 7 10 |
| 23 and 1 6 22 |
| 24 cond 8 23 3 21 |
| 25 cond 8 1 24 21 |
| 26 next 8 21 25 |
| 27 sub 8 3 16 |
| |
| @\vbox to 0pt{\vss\vdots\vskip3pt}@ |
| 54 cond 1 53 50 52 |
| 55 root 1 -54 |
| |
| @\vbox to 0pt{\vss\vdots\vskip3pt}@ |
| 77 cond 8 76 3 44 |
| 78 cond 8 1 77 44 |
| 79 next 8 44 78 |
| \end{lstlisting} |
| \renewcommand{\figurename}{Listing} |
| \caption{Example - Converted BTOR without memory} |
| \label{example_btor} |
| \end{figure} |
| |
| \section{Limitations} |
| |
| BTOR does not support initialization of memories and registers, i.e. they are |
| implicitly initialized to value zero, so the initial block for |
| memories need to be removed when converting to BTOR. It should |
| also be kept in consideration that BTOR does not support the {\tt x} or {\tt z} |
| values of Verilog. |
| |
| Another thing to bear in mind is that Yosys will convert multi-dimensional |
| memories to one-dimensional memories and address decoders. Therefore |
| out-of-bounds memory accesses can yield unexpected results. |
| |
| \section{Conclusion} |
| |
| Using the described flow, we can use Yosys to generate word-level |
| verification benchmarks with or without memories from Verilog designs. |
| |
| \begin{thebibliography}{9} |
| |
| \bibitem{yosys} |
| Clifford Wolf. The Yosys Open SYnthesis Suite. \\ |
| \url{http://www.clifford.at/yosys/} |
| |
| \bibitem{boolector} |
| Robert Brummayer and Armin Biere, Boolector: An Efficient SMT Solver for Bit-Vectors and Arrays\\ |
| \url{http://fmv.jku.at/boolector/} |
| |
| \bibitem{btor} |
| Robert Brummayer and Armin Biere and Florian Lonsing, BTOR: |
| Bit-Precise Modelling of Word-Level Problems for Model Checking\\ |
| \url{http://fmv.jku.at/papers/BrummayerBiereLonsing-BPR08.pdf} |
| |
| \bibitem{nuxmv} |
| Roberto Cavada and Alessandro Cimatti and Michele Dorigatti and |
| Alberto Griggio and Alessandro Mariotti and Andrea Micheli and Sergio |
| Mover and Marco Roveri and Stefano Tonetta, The nuXmv Symbolic Model |
| Checker\\ |
| \url{https://es-static.fbk.eu/tools/nuxmv/index.php} |
| |
| \end{thebibliography} |
| |
| |
| \end{document} |
