Automated Formal Verification

RTL in. Proven properties out.

RTLPreCheck reads raw SystemVerilog and generates formally proven properties automatically. No specifications. No manual assertions. No naming conventions. Just structure.

How It Works

The design tells you what to verify.

Traditional formal verification asks: given this spec, does the design comply? RTLPreCheck asks the opposite: given this design, what must be true? The structure reveals buffers, arbiters, pipelines, and exactly which formal properties each one must satisfy.

Structural Analysis

Reads raw RTL. Classifies every register cluster by behavioral role using AST topology, graph structure, and IR metadata alone.

Property Generation

Selects formal property templates for each classification. Register stability, deadlock freedom, drain liveness, mutual exclusion — all generated from structure.

Formal Proof

Every property is proven via k-induction. Sound abstract models are built automatically for large modules. Anti-vacuity covers verify every proof is exercised.

Compositional Closure

Cross-module assume-guarantee contracts are extracted from proven probes and discharged automatically via geometry-based port matching.

Most Recent Results

NVIDIA NVDLA CDP Subsystem

Channel Data Processor from NVIDIA's Deep Learning Accelerator. LUT-based activation functions, floating-point conversion, and post-processing pipeline.

April 3, 2026

89,484
Lines of Verilog
906
Properties proven
41m 42s
Zero manual assertions
Control signals 496 / 528 — 93.9%
Data signals 16 / 16 — 100%
Signal activity bounds 162 / 162 — 100%
Memory index bounds 41 / 51 — 80.4%
Assume-guarantee closure 405 / 405 — 100%

124 modules analyzed across the full CDP hierarchy — 2,023 registers, LUT register banks, HLS floating-point libraries, interpolation units, and data conversion pipeline. Same binary that verified CDMA. Cold start, zero configuration, reproducible every run.

Data Plane Coverage

CDMA moved data without transforming it — 0/0 data signal properties. CDP transforms data through LUT-based activation functions and floating-point conversion. 16/16 data signal properties verified at 100%. RTLPreCheck generates and proves structural properties on data-carrying signals, not just control flow.

Cross-Module Assume-Guarantee Closure

405 unique contract edges discharged across 124 modules. Port connections validated across the full hierarchy (100% netlist completeness). External inputs cataloged as integration boundary candidates. Zero manual assume-guarantee pairs. Port matching over RTL wiring topology using structural geometry. Validated against Slang elaborated IR.

View all results →

Let's talk.

If you're working on a design that needs formal verification coverage, or if you'd like to see RTLPreCheck run on your RTL, reach out.

[email protected]
<