Automated Formal Verification

RTL in. Proven properties out.

RTLPreCheck reads raw SystemVerilog and generates formally proven properties automatically. No specifications. No manual assertions. No naming conventions. Just structure.

How It Works

The design tells you what to verify.

Traditional formal verification asks: given this spec, does the design comply? RTLPreCheck asks the opposite: given this design, what must be true? The structure reveals buffers, arbiters, pipelines, and exactly which formal properties each one must satisfy.

Structural Analysis

Reads raw RTL. Classifies every register cluster by behavioral role using AST topology, graph structure, and IR metadata alone.

Property Generation

Selects formal property templates for each classification. Register stability, deadlock freedom, drain liveness, mutual exclusion — all generated from structure.

Formal Proof

Every property is proven via k-induction. Sound abstract models are built automatically for large modules. Anti-vacuity covers verify every proof is exercised.

Compositional Closure

Cross-module assume-guarantee contracts are extracted from proven probes and discharged automatically via geometry-based port matching.

Most Recent Results

BOOM RISC-V Out-of-Order Core

SmallBoomV3 from Chipyard

March 17, 2026

187,356
Lines of SystemVerilog
1,732 / 1,784
Properties proven (97.1%)
46 min
Zero manual assertions
Control signals 4,280 / 4,280 — 100%
Data signals 4,804 / 4,804 — 100%
Memory index bounds 789 / 803 — 98.3%
Assume-guarantee closure 9,084 / 9,084 — 100%

268 modules received automated formal analysis. Every proof ran on an open-source formal solver. The generated properties are standard SVA, portable to any commercial formal tool.

Bug Detection Demo

We injected a 3-line microarchitectural bug into BOOM's reorder buffer. When an exception and a branch mispredict arrive on the exact same cycle, a latch permanently blocks the commit pointer. The processor hangs. Simulation never triggers it.

Clean Design
Rob
F1_EVENTUAL_DRAIN
PASS_KINDUCTION
3 Lines Changed
Rob
F1_EVENTUAL_DRAIN
COUNTEREXAMPLE

Caught in 17 seconds with a concrete counterexample trace. The formal solver explores every reachable state — no random stimulus, no directed tests needed. This class of bug sits at the intersection of two independent recovery paths in the microarchitecture and is vanishingly rare in simulation across billions of cycles.

Cross-Module Assume-Guarantee Closure

9,084 contract edges automatically discharged across 266 modules. Guarantees extracted from proven probes, matched to downstream assumptions via geometry-based port matching over RTL wiring topology. Transitive propagation through combinational paths. Zero manual pairs.

View all results →

Let's talk.

If you're working on a design that needs formal verification coverage, or if you'd like to see RTLPreCheck run on your RTL, reach out.

taylor@rtlprecheck.com