├── README.md
├── safe
    ├── Arbiter
    │   ├── main.c
    │   ├── main.v
    │   └── test.desc
    ├── Barrel
    │   ├── main.c
    │   ├── main.sv
    │   └── test.desc
    ├── BufAl
    │   ├── main.c
    │   ├── main.sv
    │   └── test.desc
    ├── CRC
    │   ├── main.c
    │   ├── main.sv
    │   └── test.desc
    ├── Ethernet_mac_IP
    │   ├── Broadcast_filter.c
    │   ├── CRC_chk.c
    │   ├── CRC_gen.c
    │   ├── Clk_ctrl.c
    │   ├── MAC-sliced
    │   ├── MAC_rx.c
    │   ├── MAC_rx_FF.c
    │   ├── MAC_rx_add_chk.c
    │   ├── MAC_rx_ctrl.c
    │   ├── MAC_tx.c
    │   ├── MAC_tx_FF.c
    │   ├── MAC_tx_addr_add.c
    │   ├── MAC_tx_ctrl.c
    │   ├── Phy_int.c
    │   ├── RMON.c
    │   ├── RMON_addr_gen.c
    │   ├── RMON_ctrl.c
    │   ├── RMON_dpram.c
    │   ├── Random_gen.c
    │   ├── afifo.c
    │   ├── eth_clockgen.c
    │   ├── eth_miim.c
    │   ├── eth_outputcontrol.c
    │   ├── eth_shiftreg.c
    │   ├── flow_ctrl.c
    │   ├── main.c
    │   ├── reg_int.c
    │   └── run.sh
    ├── FIFO
    │   ├── main.c
    │   ├── main.v
    │   └── test.desc
    ├── FourbyFour
    │   ├── main.c
    │   ├── main.sv
    │   └── test.desc
    ├── Makefile
    ├── RCU
    │   ├── main.c
    │   ├── main.v
    │   └── test.desc
    ├── Rrobin
    │   ├── main.c
    │   ├── main.sv
    │   └── test.desc
    ├── Spinner
    │   ├── main.c
    │   ├── main.sv
    │   └── test.desc
    ├── TicTacToe
    │   ├── main.c
    │   ├── main.sv
    │   └── test.desc
    ├── TreeArb
    │   ├── main.c
    │   ├── main.sv
    │   └── test.desc
    ├── Vending
    │   ├── main.c
    │   ├── main.sv
    │   └── test.desc
    ├── Vlunc
    │   ├── main.c
    │   ├── main.sv
    │   └── test.desc
    ├── Vsa16
    │   ├── main.c
    │   ├── main.sv
    │   ├── stats.dat
    │   └── test.desc
    ├── b01
    │   ├── main.c
    │   ├── main.sv
    │   └── test.desc
    ├── b02
    │   ├── main.c
    │   ├── main.sv
    │   └── test.desc
    ├── b03
    │   ├── main.c
    │   ├── main.sv
    │   └── test.desc
    ├── b04
    │   ├── main.sv
    │   └── test.desc
    ├── b05
    │   ├── main.sv
    │   └── test.desc
    ├── b06
    │   ├── main.c
    │   ├── main.sv
    │   └── test.desc
    ├── b07
    │   ├── main.c
    │   ├── main.sv
    │   └── test.desc
    ├── b08
    │   ├── main.c
    │   ├── main.sv
    │   └── test.desc
    ├── hwmcc15
    │   ├── 139442p0
    │   │   ├── 139442p0.aig
    │   │   ├── 139442p0.c
    │   │   └── 139442p0.sv
    │   ├── 139443p0
    │   │   ├── 139443p0.aig
    │   │   └── 139443p0.sv
    │   ├── 139444p0
    │   │   ├── 139444p0.aig
    │   │   └── 139444p0.sv
    │   ├── 139454p0
    │   │   ├── 139454p0.aig
    │   │   └── 139454p0.sv
    │   ├── 139463p0
    │   │   ├── 139463p0.aig
    │   │   └── 139463p0.sv
    │   ├── 6s105
    │   │   ├── 6s105.aig
    │   │   └── 6s105.sv
    │   ├── 6s12
    │   │   ├── 6s12.aig
    │   │   └── 6s12.sv
    │   ├── 6s120
    │   │   ├── 6s120.aig
    │   │   └── 6s120.sv
    │   ├── 6s122
    │   │   ├── 6s122.aig
    │   │   └── 6s122.sv
    │   ├── 6s131
    │   │   ├── 6s131.aig
    │   │   └── 6s131.sv
    │   ├── 6s173
    │   │   ├── 6s173.aig
    │   │   └── 6s173.sv
    │   ├── 6s177
    │   │   ├── 6s177.aig
    │   │   ├── 6s177.c
    │   │   └── 6s177.sv
    │   ├── 6s179
    │   │   ├── 6s179.aig
    │   │   └── 6s179.sv
    │   ├── 6s185
    │   │   ├── 6s185.aig
    │   │   └── 6s185.sv
    │   ├── 6s186
    │   │   ├── 6s186.aig
    │   │   └── 6s186.sv
    │   ├── 6s187
    │   │   ├── 6s187.aig
    │   │   └── 6s187.sv
    │   ├── 6s198
    │   │   ├── 6s198.aig
    │   │   └── 6s198.sv
    │   └── 6s33
    │   │   ├── 6s33.aig
    │   │   ├── 6s33.c
    │   │   └── 6s33.sv
    ├── result.sh
    ├── statistics.py
    ├── statistics.sh
    ├── traffic_light_example
    │   ├── main.c
    │   ├── main.sv
    │   └── test.desc
    └── translate
    │   ├── CRC
    │       ├── crc-1.hint
    │       ├── crc-2.hint
    │       ├── crc.ctl
    │       ├── crc.inv
    │       ├── crc.ltl
    │       └── vcrc32_8.ord
    │   ├── Rotate
    │       ├── rotate.vpp
    │       ├── rotate32.ctl
    │       ├── rotate32.hint
    │       ├── rotate32.inv
    │       ├── rotate32.ltl
    │       ├── rotate32.ord
    │       ├── rotate32.v
    │       └── rotate4.v
    │   ├── Swap
    │       ├── swap.ctl
    │       ├── swap.inv
    │       ├── swap.ltl
    │       ├── swap.ord
    │       └── swap.v
    │   ├── Unidec
    │       ├── ex2.ctl
    │       ├── ex2.inv
    │       ├── ex2.ltl
    │       ├── ex2.v
    │       ├── ex3.v
    │       ├── unidec.ctl
    │       ├── unidec.inv
    │       └── unidec.ltl
    │   └── segments
    │       ├── .sg1.fair.swp
    │       ├── .sg1.v.swp
    │       ├── main.v
    │       └── test.desc
├── test.pl
└── unsafe
    ├── DAIO
        ├── main.c
        ├── main.v
        └── test.desc
    ├── Dekker
        ├── .dekker.ltl.swp
        ├── main.c
        ├── main.v
        └── test.desc
    ├── Elevator
        └── main.sv
    ├── FIFO
        ├── main.c
        ├── main.v
        └── test.desc
    ├── Ibuf
        ├── main.c
        ├── main.sv
        └── test.desc
    ├── Makefile
    ├── NullModem
        ├── main.c
        ├── main.sv
        └── test.desc
    ├── ReqAck
        ├── main.c
        ├── main.sv
        └── test.desc
    ├── Rotate
        ├── main.c
        ├── main.v
        └── test.desc
    ├── Unidec
        ├── main.c
        ├── main.sv
        └── test.desc
    ├── Vlunc
        ├── main.c
        ├── main.sv
        └── test.desc
    ├── b01
        ├── .main.c.swp
        ├── .main.sv.swp
        ├── main.c
        ├── main.sv
        ├── note
        └── test.desc
    ├── b02
        ├── note
        └── test.desc
    ├── non-pipelined-microprocessor
        ├── main.c
        ├── main.v
        └── test.desc
    ├── result.sh
    ├── statistics.py
    └── statistics.sh


/README.md:
--------------------------------------------------------------------------------
 1 | # verilog-c
 2 | ANSI-C benchmarks generated from Verilog RTL circuits with safety assertions. Used for Formal Property Verification. If you are using the benchmarks, please refer to the following papers for the translation details from Verilog RTL to C programs. 
 3 | 
 4 | ```
 5 | @inproceedings{mkm2015,
 6 |   AUTHOR    = { Mukherjee, Rajdeep
 7 |                 and Kroening, Daniel
 8 |                 and Melham, Tom },
 9 |   TITLE     = { Hardware Verification using Software Analyzers },
10 |   BOOKTITLE = { IEEE Computer Society Annual Symposium on VLSI },
11 |   YEAR      = { 2015 },
12 |   PUBLISHER = { IEEE },
13 |   PAGES     = { 7--12 },
14 |   ISBN      = { 978-1-4799-8719-1 },
15 | }
16 | ```
17 | ```
18 | @inproceedings{mtk2016,
19 |   AUTHOR    = { Mukherjee, Rajdeep
20 |                 and Tautschnig, Michael
21 |                 and Kroening, Daniel },
22 |   TITLE     = { v2c -- A {Verilog} to {C} Translator Tool },
23 |   BOOKTITLE = { Tools and Algorithms for the Construction and Analysis of Systems (TACAS) },
24 |   YEAR      = { 2016 },
25 |   PUBLISHER = { Springer },
26 |   PAGES     = { 580--586 },
27 |   ISBN      = { 978-3-662-49673-2 },
28 |   SERIES    = { LNCS },
29 |   VOLUME    = { 9636 },
30 | }
31 | ```
32 | ```
33 | @inproceedings{mskm2016,
34 |   AUTHOR    = { Mukherjee, Rajdeep
35 |                 and Schrammel, Peter
36 |                 and Kroening, Daniel
37 |                 and Melham, Tom },
38 |   TITLE     = { Unbounded Safety Verification for Hardware Using Software Analyzers },
39 |   BOOKTITLE = { Design, Automation and Test in Europe (DATE) },
40 |   YEAR      = { 2016 },
41 |   PUBLISHER = { IEEE },
42 |   PAGES     = { 1152--1155 },
43 |   ISBN      = { 978-3-9815-3707-9 },
44 | }
45 | ```
46 | 


--------------------------------------------------------------------------------
/safe/Arbiter/main.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #define TRUE 1
  3 | #define FALSE 0
  4 | 
  5 | #define IDLE 0
  6 | #define READY 1
  7 | #define BUSY 2
  8 | 
  9 | #define NO_REQ 0
 10 | #define REQ 1
 11 | #define HAVE_TOKEN 2
 12 | 
 13 | 
 14 | int A = 0;
 15 | int B = 1;
 16 | int C = 2;
 17 | int X = 3;
 18 | 
 19 | struct state_elements_controller{
 20 |   _Bool ack;
 21 |   unsigned char state;
 22 |   _Bool pass_token;
 23 | };
 24 | struct state_elements_controller  scontroller;
 25 | 
 26 | void controller_initial()
 27 | {
 28 |   scontroller.state = IDLE;
 29 |   scontroller.ack = 0;
 30 |   scontroller.pass_token = 1;
 31 | }
 32 | 
 33 | void controller(_Bool clk, _Bool req, _Bool *ack, unsigned char sel, _Bool *pass_token, unsigned char id)
 34 | {
 35 |   _Bool is_selected;
 36 |   is_selected = (sel&0x3 == id&0x3);
 37 |   
 38 |   // clocked block
 39 |   if(scontroller.state == IDLE) {
 40 |     if(is_selected)
 41 |       if(req)
 42 |       {
 43 |         scontroller.state = READY;
 44 |         scontroller.pass_token = FALSE;
 45 |       }
 46 |       else
 47 |         scontroller.pass_token = TRUE;
 48 |     else
 49 |       scontroller.pass_token = FALSE;
 50 |   }
 51 |   else if(scontroller.state == READY)
 52 |   {
 53 |     scontroller.state = BUSY;
 54 |     scontroller.ack = TRUE;
 55 |   }
 56 |   else if(scontroller.state == BUSY) {
 57 |     if(!req)
 58 |     {
 59 |       scontroller.state = IDLE;
 60 |       scontroller.ack = FALSE;
 61 |       scontroller.pass_token = TRUE;
 62 |     }
 63 |   }
 64 |   // pass the output variable
 65 |   *ack = scontroller.ack;
 66 |   *pass_token = scontroller.pass_token;
 67 | 
 68 | }
 69 | 
 70 | struct state_elements_arbiter{
 71 |   unsigned char state;
 72 | };
 73 | struct state_elements_arbiter sarbiter;
 74 | 
 75 | void arbiter_initial()
 76 | {
 77 |   sarbiter.state = A;
 78 | }
 79 | 
 80 | void arbiter(_Bool clk, unsigned char *sel, _Bool active)
 81 | {
 82 |   if(active) {
 83 |     if(sarbiter.state == A) 
 84 |       sarbiter.state = B;
 85 |     else if(sarbiter.state == B) 
 86 |       sarbiter.state = C;
 87 |     if(sarbiter.state == C) 
 88 |       sarbiter.state = A;
 89 |   } 
 90 |   // continuous assignment
 91 |   *sel = active ? sarbiter.state: X;
 92 | }
 93 | 
 94 | struct state_elements_client{
 95 |   unsigned char state;
 96 |   _Bool req;
 97 | };
 98 | struct state_elements_client sclient;
 99 | 
100 | void client_initial()
101 | {
102 |   sclient.state = NO_REQ;
103 |   sclient.req = 0;
104 | }
105 | void client(_Bool clk, _Bool *req, _Bool ack)
106 | {
107 |   _Bool rand_choice = 0;
108 |   if(sclient.state == NO_REQ) {
109 |     if (rand_choice) {
110 |       sclient.req = 1;
111 |       sclient.state = REQ;
112 |     }
113 |   }
114 |   else if(sclient.state == REQ) {
115 |     if (ack)
116 |       sclient.state = HAVE_TOKEN;
117 |   }
118 |   else if(sclient.state == HAVE_TOKEN) 
119 |   {
120 |     if (rand_choice) {
121 |       sclient.req = 0;
122 |       sclient.state = NO_REQ;
123 |     }
124 |   }
125 |   // pass the output variable
126 |   *req = sclient.req;
127 | }
128 | 
129 | void main()
130 | {
131 |   _Bool clk, ackA, ackB, ackC;
132 |   unsigned char sel;
133 |   _Bool active;
134 |   _Bool reqA, reqB, reqC;
135 |   _Bool pass_tokenA, pass_tokenB, pass_tokenC;
136 | 
137 |   // initial functions
138 |   client_initial();
139 |   controller_initial();
140 |   arbiter_initial();
141 |   
142 |   //while(1) {
143 |     client(clk, &reqA, ackA);
144 |     client(clk, &reqB, ackB);
145 |     client(clk, &reqC, ackC);
146 | 
147 |     controller(clk, reqA, &ackA, sel, &pass_tokenA, A);
148 |     controller(clk, reqB, &ackB, sel, &pass_tokenB, B);
149 |     controller(clk, reqC, &ackC, sel, &pass_tokenC, C);
150 | 
151 |     arbiter(clk, &sel, active);
152 | 
153 |     active = pass_tokenA || pass_tokenB || pass_tokenC;
154 | 
155 |     assert(!(ackA == 1 && ackB == 1 || ackB == 1 && ackC == 1 || ackC == 1 && ackA ==1));
156 |   //}
157 | }
158 | 


--------------------------------------------------------------------------------
/safe/Arbiter/main.v:
--------------------------------------------------------------------------------
  1 | //dified by: Rajdeep Mukherjee <rajdeep.mukherjee@cs.ox.ac.ik>
  2 | 
  3 | 
  4 | //typedef enum {A, B, C, X} selection;
  5 | //typedef enum {IDLE, READY, BUSY} controller_state;
  6 | //typedef enum {NO_REQ, REQ, HAVE_TOKEN} client_state;
  7 | 
  8 | module main(clk, ackA, ackB, ackC);
  9 | input clk;
 10 | output ackA, ackB, ackC;
 11 | 
 12 | parameter A =0;
 13 | parameter B =1;
 14 | parameter C =2;
 15 | parameter X =3;
 16 | 
 17 | parameter IDLE = 0;
 18 | parameter READY = 1;
 19 | parameter BUSY = 2;
 20 | 
 21 | parameter NO_REQ = 0;
 22 | parameter REQ = 1;
 23 | parameter HAVE_TOKEN = 2;
 24 | 
 25 | wire [1:0] sel;
 26 | wire active;
 27 | 
 28 | assign active = pass_tokenA || pass_tokenB || pass_tokenC;
 29 | 
 30 | controller controllerA(clk, reqA, ackA, sel, pass_tokenA, A);
 31 | controller controllerB(clk, reqB, ackB, sel, pass_tokenB, B);
 32 | controller controllerC(clk, reqC, ackC, sel, pass_tokenC, C);
 33 | arbiter arbiter(clk, sel, active);
 34 | 
 35 | client clientA(clk, reqA, ackA);
 36 | client clientB(clk, reqB, ackB);
 37 | client clientC(clk, reqC, ackC);
 38 | 
 39 | assert property1: !(ackA == 1 && ackB == 1 || ackB == 1 && ackC == 1 || ackC == 1 && ackA ==1);
 40 | endmodule
 41 | 
 42 | module controller(clk, req, ack, sel, pass_token, id);
 43 | input clk, req, sel, id;
 44 | output ack, pass_token;
 45 | 
 46 | parameter A =0;
 47 | parameter B =1;
 48 | parameter C =2;
 49 | parameter X =3;
 50 | 
 51 | parameter IDLE = 0;
 52 | parameter READY = 1;
 53 | parameter BUSY = 2;
 54 | 
 55 | parameter NO_REQ = 0;
 56 | parameter REQ = 1;
 57 | parameter HAVE_TOKEN = 2;
 58 | 
 59 | wire [1:0] sel, id;
 60 | reg ack, pass_token;
 61 | reg [1:0] state;
 62 | 
 63 | initial state = IDLE;
 64 | initial ack = 0;
 65 | initial pass_token = 1;
 66 | 
 67 | wire is_selected;
 68 | assign is_selected = (sel == id);
 69 | 
 70 | always @(posedge clk) begin
 71 |   case(state)
 72 |     IDLE:
 73 |       if (is_selected)
 74 |         if (req)
 75 |           begin
 76 |           state = READY;
 77 |           pass_token = 0; /* dropping off this line causes a safety bug */
 78 |           end
 79 |         else
 80 |           pass_token = 1;
 81 |       else
 82 |         pass_token = 0;
 83 |     READY:
 84 |       begin
 85 |       state = BUSY;
 86 |       ack = 1;
 87 |       end
 88 |     BUSY:
 89 |       if (!req)
 90 |         begin
 91 |         state = IDLE;
 92 |         ack = 0;
 93 |         pass_token = 1;
 94 |         end
 95 |   endcase
 96 | end
 97 | endmodule
 98 | 
 99 | module arbiter(clk, sel, active);
100 | input clk, active;
101 | output sel;
102 | 
103 | 
104 | parameter A =0;
105 | parameter B =1;
106 | parameter C =2;
107 | parameter X =3;
108 | 
109 | parameter IDLE = 0;
110 | parameter READY = 1;
111 | parameter BUSY = 2;
112 | 
113 | parameter NO_REQ = 0;
114 | parameter REQ = 1;
115 | parameter HAVE_TOKEN = 2;
116 | wire [1:0] sel;
117 | reg [1:0] state;
118 | 
119 | initial state = A;
120 | 
121 | assign sel = active ? state: X;
122 | 
123 | always @(posedge clk) begin
124 |   if (active)
125 |     case(state) 
126 |       A:
127 |         state = B;
128 |       B:
129 |         state = C;
130 |       C:
131 |         state = A;
132 |     endcase
133 | end
134 | endmodule
135 | 
136 | module client(clk, req, ack);
137 | input clk, ack;
138 | output req;
139 | 
140 | parameter A =0;
141 | parameter B =1;
142 | parameter C =2;
143 | parameter X =3;
144 | 
145 | parameter IDLE = 0;
146 | parameter READY = 1;
147 | parameter BUSY = 2;
148 | 
149 | parameter NO_REQ = 0;
150 | parameter REQ = 1;
151 | parameter HAVE_TOKEN = 2;
152 | reg req;
153 | reg [1:0] state;
154 | 
155 | // RM: This can be nondeterministically set to 0 or 1
156 | wire rand_choice = 1'b0;
157 | 
158 | initial req = 0;
159 | initial state = NO_REQ;
160 | 
161 | always @(posedge clk) begin
162 |   case(state)
163 |     NO_REQ:
164 |       if (rand_choice)
165 |         begin
166 |         req = 1;
167 |         state = REQ;
168 |         end
169 |     REQ:
170 |       if (ack)
171 |         state = HAVE_TOKEN;
172 |     HAVE_TOKEN:
173 |       if (rand_choice)
174 |         begin
175 |         req = 0;
176 |         state = NO_REQ;
177 |         end
178 |   endcase
179 | end
180 | endmodule
181 | 


--------------------------------------------------------------------------------
/safe/Arbiter/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | --unwind 1
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/Barrel/main.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <assert.h>
  3 | 
  4 | struct state_elements_barrel {
  5 |   unsigned char b0, r0;
  6 |   unsigned char b1, r1;
  7 |   unsigned char b2, r2;
  8 |   unsigned char b3, r3;
  9 | };
 10 | struct state_elements_barrel sb;
 11 | 
 12 | _Bool fvalid(
 13 |     unsigned char b0, unsigned char r0,
 14 |     unsigned char b1, unsigned char r1,
 15 |     unsigned char b2, unsigned char r2,
 16 |     unsigned char b3, unsigned char r3
 17 |     )
 18 | {
 19 |   _Bool valid;
 20 |   valid =
 21 |     ((b0&0x3 != r0&0x3)|| ( b1&0x3 == r1&0x3)) &&
 22 |     ((b0&0x3 != r1&0x3)|| ( b1&0x3 == r2&0x3)) &&
 23 |     ((b0&0x3 != r2&0x3)|| ( b1&0x3 == r3&0x3)) &&
 24 |     ((b0&0x3 != r3&0x3)|| ( b1&0x3 == r0&0x3)) &&
 25 |     ((b1&0x3 != r0&0x3)|| ( b2&0x3 == r1&0x3)) &&
 26 |     ((b1&0x3 != r1&0x3)|| ( b2&0x3 == r2&0x3)) &&
 27 |     ((b1&0x3 != r2&0x3)|| ( b2&0x3 == r3&0x3)) &&
 28 |     ((b1&0x3 != r3&0x3)|| ( b2&0x3 == r0&0x3)) &&
 29 |     ((b2&0x3 != r0&0x3)|| ( b3&0x3 == r1&0x3)) &&
 30 |     ((b2&0x3 != r1&0x3)|| ( b3&0x3 == r2&0x3)) &&
 31 |     ((b2&0x3 != r2&0x3)|| ( b3&0x3 == r3&0x3)) &&
 32 |     ((b2&0x3 != r3&0x3)|| ( b3&0x3 == r0&0x3)) &&
 33 |     ((b3&0x3 != r0&0x3)|| ( b0&0x3 == r1&0x3)) &&
 34 |     ((b3&0x3 != r1&0x3)|| ( b0&0x3 == r2&0x3)) &&
 35 |     ((b3&0x3 != r2&0x3)|| ( b0&0x3 == r3&0x3)) &&
 36 |     ((b3&0x3 != r3&0x3) || ( b0&0x3 == r0&0x3));
 37 |   return valid;
 38 | }
 39 | 
 40 | void initial()
 41 | {
 42 |   sb.b0 = 0&0x3; sb.r0 = 0&0x3;
 43 |   sb.b1 = 0&0x3; sb.r1 = 0&0x3;
 44 |   sb.b2 = 0&0x3; sb.r2 = 0&0x3;
 45 |   sb.b3 = 0&0x3; sb.r3 = 0&0x3;
 46 |   // Then remap invalid initial states to valid one.
 47 |   if (!fvalid(
 48 |         sb.b0&0x3, sb.r0&0x3,
 49 |         sb.b1&0x3, sb.r1&0x3,
 50 |         sb.b2&0x3, sb.r2&0x3,
 51 |         sb.b3&0x3, sb.r3&0x3
 52 |         )) 
 53 |   {
 54 |     sb.b0 = 0; sb.r0 = 0;
 55 |     sb.b1 = 0; sb.r1 = 0;
 56 |     sb.b2 = 0; sb.r2 = 0;
 57 |     sb.b3 = 0; sb.r3 = 0;
 58 |   } 
 59 | }
 60 | 
 61 | int barrel(_Bool clk)
 62 | {
 63 |   /*unsigned char b0_old=sb.b0;
 64 |   unsigned char b1_old=sb.b1;
 65 |   unsigned char b2_old=sb.b2;
 66 |   unsigned char b3_old=sb.b3;
 67 | 
 68 |   // always block
 69 |   sb.b0 = b1_old;
 70 |   sb.b1 = b2_old;
 71 |   sb.b2 = b3_old;
 72 |   sb.b3 = b0_old;*/
 73 | 
 74 |   sb.b0 = sb.b1;
 75 |   sb.b1 = sb.b2;
 76 |   sb.b2 = sb.b3;
 77 |   sb.b3 = sb.b0;
 78 | } // barrel
 79 | 
 80 | int main()
 81 | {
 82 |   _Bool clk;
 83 |   initial();
 84 |   barrel(clk);
 85 |   barrel(clk);
 86 |   assert
 87 |     ((((sb.b0&0x3 != sb.r0&0x3) || (sb.b1&0x3 == sb.r1&0x3)) &&
 88 |      ((sb.b0&0x3 != sb.r1&0x3) || ( sb.b1&0x3 == sb.r2&0x3)) &&
 89 |      ((sb.b0&0x3 != sb.r2&0x3) || ( sb.b1&0x3 == sb.r3&0x3)) &&
 90 |      ((sb.b0&0x3 != sb.r3&0x3) || ( sb.b1&0x3 == sb.r0&0x3)) &&
 91 |      ((sb.b1&0x3 != sb.r0&0x3) || ( sb.b2&0x3 == sb.r1&0x3)) &&
 92 |      ((sb.b1&0x3 != sb.r1&0x3) || ( sb.b2&0x3 == sb.r2&0x3)) &&
 93 |      ((sb.b1&0x3 != sb.r2&0x3) || ( sb.b2&0x3 == sb.r3&0x3)) &&
 94 |      ((sb.b1&0x3 != sb.r3&0x3) || ( sb.b2&0x3 == sb.r0&0x3)) &&
 95 |      ((sb.b2&0x3 != sb.r0&0x3) || ( sb.b3&0x3 == sb.r1&0x3)) &&
 96 |      ((sb.b2&0x3 != sb.r1&0x3) || ( sb.b3&0x3 == sb.r2&0x3)) &&
 97 |      ((sb.b2&0x3 != sb.r2&0x3) || ( sb.b3&0x3 == sb.r3&0x3)) &&
 98 |      ((sb.b2&0x3 != sb.r3&0x3) || ( sb.b3&0x3 == sb.r0&0x3)) &&
 99 |      ((sb.b3&0x3 != sb.r0&0x3) || ( sb.b0&0x3 == sb.r1&0x3)) &&
100 |      ((sb.b3&0x3 != sb.r1&0x3) || ( sb.b0&0x3 == sb.r2&0x3)) &&
101 |      ((sb.b3&0x3 != sb.r2&0x3) || ( sb.b0&0x3 == sb.r3&0x3)) &&
102 |      ((sb.b3&0x3 != sb.r3&0x3) || ( sb.b0&0x3 == sb.r0&0x3))));
103 | }
104 | 
105 | 


--------------------------------------------------------------------------------
/safe/Barrel/main.sv:
--------------------------------------------------------------------------------
  1 | // This is a system composed of a register file and a shifter
  2 | // with the same number of registers of the same width.
  3 | // At each transition, the shifter rotates its contents up by one
  4 | // position.  The register file holds its contents perpetually.  The
  5 | // verification problem consists in proving the following safety
  6 | // property (an invariant):
  7 | //
  8 | //   If one entry of the register file holds the same contents of an
  9 | //   entry of the shift register, then their neighbors hold the same
 10 | //   contents too.  In formula, letting n be the number of registers
 11 | //   in the shifter and the register file:
 12 | //       r(i) = b(j) || ( r(i+1 mod n) = b(j+1 mod n),
 13 | //   for all i,j in {0,...,n-1}.
 14 | //
 15 | // Note that this invariant imposes the following constraint. Let m be
 16 | // the minimum value of |j-k| such that j != k, r(i) = b(j), and
 17 | // r(i) = b(k).  Let m = n if no j and k satisfy the requirement.  Then
 18 | // the contents of r and b are periodic with period gcd(m,n).
 19 | //
 20 | // The width of each register is the logarithm base 2 of n
 21 | // (the number of registers). This guarantees enough values to fill
 22 | // all registers of either shifter or register file with distinct values.
 23 | //
 24 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
 25 | 
 26 | module main(clock);
 27 |     input clock;
 28 | 
 29 |     reg [2-1:0] b0, r0;
 30 |     reg [2-1:0] b1, r1;
 31 |     reg [2-1:0] b2, r2;
 32 |     reg [2-1:0] b3, r3;
 33 | 
 34 |     integer index;
 35 | 
 36 |     function valid;
 37 |         input [2-1:0] b0, r0;
 38 |         input [2-1:0] b1, r1;
 39 |         input [2-1:0] b2, r2;
 40 |         input [2-1:0] b3, r3;
 41 | 	begin: _valid
 42 | 	    valid =
 43 | 		    (b0 != r0 || b1 == r1) &&
 44 | 		    (b0 != r1 || b1 == r2) &&
 45 | 		    (b0 != r2 || b1 == r3) &&
 46 | 		    (b0 != r3 || b1 == r0) &&
 47 | 		    (b1 != r0 || b2 == r1) &&
 48 | 		    (b1 != r1 || b2 == r2) &&
 49 | 		    (b1 != r2 || b2 == r3) &&
 50 | 		    (b1 != r3 || b2 == r0) &&
 51 | 		    (b2 != r0 || b3 == r1) &&
 52 | 		    (b2 != r1 || b3 == r2) &&
 53 | 		    (b2 != r2 || b3 == r3) &&
 54 | 		    (b2 != r3 || b3 == r0) &&
 55 | 		    (b3 != r0 || b0 == r1) &&
 56 | 		    (b3 != r1 || b0 == r2) &&
 57 | 		    (b3 != r2 || b0 == r3) &&
 58 | 		    (b3 != r3 || b0 == r0);
 59 | 	end
 60 |     endfunction // valid
 61 | 
 62 |   initial begin
 63 | 	// Start by assuming all states initial.
 64 | 	for (index = 0; index < 2; index = index + 1) begin
 65 | 	    b0[index] = 0; r0[index] = 0;
 66 | 	    b1[index] = 0; r1[index] = 0;
 67 | 	    b2[index] = 0; r2[index] = 0;
 68 | 	    b3[index] = 0; r3[index] = 0;
 69 | 	end
 70 | 	// Then remap invalid initial states to valid one.
 71 | 	if (!valid(
 72 | 		   b0, r0,
 73 | 		   b1, r1,
 74 | 		   b2, r2,
 75 | 		   b3, r3
 76 | 		  )) begin
 77 | 	    b0 = 0; r0 = 0;
 78 | 	    b1 = 0; r1 = 0;
 79 | 	    b2 = 0; r2 = 0;
 80 | 	    b3 = 0; r3 = 0;
 81 | 	end
 82 |     end
 83 |     
 84 | always @ (posedge clock) begin
 85 | 
 86 | 	b0 = b1;
 87 | 	b1 = b2;
 88 | 	b2 = b3;
 89 | 	b3 = b0;
 90 | end    
 91 |   
 92 | assert property
 93 | (((b0[1:0] != r0[1:0]) || (b1[1:0] == r1[1:0])) &&
 94 | ((b0[1:0] != r1[1:0]) || ( b1[1:0] == r2[1:0])) &&
 95 | ((b0[1:0] != r2[1:0]) || ( b1[1:0] == r3[1:0])) &&
 96 | ((b0[1:0] != r3[1:0]) || ( b1[1:0] == r0[1:0])) &&
 97 | ((b1[1:0] != r0[1:0]) || ( b2[1:0] == r1[1:0])) &&
 98 | ((b1[1:0] != r1[1:0]) || ( b2[1:0] == r2[1:0])) &&
 99 | ((b1[1:0] != r2[1:0]) || ( b2[1:0] == r3[1:0])) &&
100 | ((b1[1:0] != r3[1:0]) || ( b2[1:0] == r0[1:0])) &&
101 | ((b2[1:0] != r0[1:0]) || ( b3[1:0] == r1[1:0])) &&
102 | ((b2[1:0] != r1[1:0]) || ( b3[1:0] == r2[1:0])) &&
103 | ((b2[1:0] != r2[1:0]) || ( b3[1:0] == r3[1:0])) &&
104 | ((b2[1:0] != r3[1:0]) || ( b3[1:0] == r0[1:0])) &&
105 | ((b3[1:0] != r0[1:0]) || ( b0[1:0] == r1[1:0])) &&
106 | ((b3[1:0] != r1[1:0]) || ( b0[1:0] == r2[1:0])) &&
107 | ((b3[1:0] != r2[1:0]) || ( b0[1:0] == r3[1:0])) &&
108 | ((b3[1:0] != r3[1:0]) || ( b0[1:0] == r0[1:0])));
109 | endmodule // barrel
110 | 


--------------------------------------------------------------------------------
/safe/Barrel/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | 
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/BufAl/main.c:
--------------------------------------------------------------------------------
  1 | /*###############################
  2 | ## Author:  Rajdeep Mukherjee ##
  3 | ## Date:    6/7/2015          ##
  4 | ## Task:    Buffer Allocation ##
  5 | ###############################*/
  6 | 
  7 | #include <stdio.h>
  8 | #include <assert.h>
  9 | #define TRUE 1
 10 | #define FALSE 0
 11 | 
 12 | _Bool nondet_bool();
 13 | unsigned char nondet_uchar();
 14 | 
 15 | struct state_elements_main{
 16 |   _Bool alloc;
 17 |   _Bool free;
 18 |   unsigned char free_addr;
 19 |   _Bool busy[16];
 20 |   unsigned char count;
 21 | };
 22 | struct state_elements_main smain;
 23 | 
 24 | void initial() {
 25 | 	smain.busy[0] = 0;
 26 | 	smain.busy[1] = 0;
 27 | 	smain.busy[2] = 0;
 28 | 	smain.busy[3] = 0;
 29 | 	smain.busy[4] = 0;
 30 | 	smain.busy[5] = 0;
 31 | 	smain.busy[6] = 0;
 32 | 	smain.busy[7] = 0;
 33 | 	smain.busy[8] = 0;
 34 | 	smain.busy[9] = 0;
 35 | 	smain.busy[10] = 0;
 36 | 	smain.busy[11] = 0;
 37 | 	smain.busy[12] = 0;
 38 | 	smain.busy[13] = 0;
 39 | 	smain.busy[14] = 0;
 40 | 	smain.busy[15] = 0;
 41 | 	smain.count = 0;
 42 | 	smain.alloc = 0;
 43 | 	smain.free = 0;
 44 | 	smain.free_addr = 0;
 45 | }
 46 | 
 47 | void design(_Bool clock, _Bool alloc_raw, _Bool *nack, unsigned char *alloc_addr, _Bool free_raw, unsigned char free_addr_raw)
 48 | {
 49 |   unsigned char tmpaddr, tmp;
 50 |   
 51 |   // always clocked block
 52 |   tmpaddr = smain.free_addr & 0xF;
 53 |   smain.count = ((smain.count & 0x1F) + (smain.alloc & !(*nack)) - (smain.free & smain.busy[tmpaddr])) & 0x1F;
 54 |   if(smain.free) smain.busy[smain.free_addr] = 0;
 55 |   tmp = *alloc_addr;
 56 |   if(smain.alloc & !nack) smain.busy[tmp] = 1;
 57 | 
 58 |   smain.alloc = alloc_raw;
 59 |   smain.free = free_raw;
 60 |   smain.free_addr = free_addr_raw;
 61 |   
 62 |   // continuous assignment statements
 63 |   *nack = smain.alloc && ((smain.count & 0x1F) == 16);
 64 | 
 65 |     *alloc_addr =
 66 | 		       !smain.busy[0] ? 0 :
 67 | 		       !smain.busy[1] ? 1 :
 68 | 		       !smain.busy[2] ? 2 :
 69 | 		       !smain.busy[3] ? 3 :
 70 | 		       !smain.busy[4] ? 4 :
 71 | 		       !smain.busy[5] ? 5 :
 72 | 		       !smain.busy[6] ? 6 :
 73 | 		       !smain.busy[7] ? 7 :
 74 | 		       !smain.busy[8] ? 8 :
 75 | 		       !smain.busy[9] ? 9 :
 76 | 		       !smain.busy[10] ? 10 :
 77 | 		       !smain.busy[11] ? 11 :
 78 | 		       !smain.busy[12] ? 12 :
 79 | 		       !smain.busy[13] ? 13 :
 80 | 		       !smain.busy[14] ? 14 :
 81 | 		       !smain.busy[15] ? 15 : 0;
 82 | 
 83 | }
 84 | void main() {
 85 |  
 86 |   _Bool clock;
 87 |   _Bool alloc_raw;
 88 |   _Bool nack;
 89 |   unsigned char alloc_addr;
 90 |   _Bool free_raw;
 91 |   unsigned char free_addr_raw;
 92 | 
 93 |   initial(&smain);
 94 |   while(1) {
 95 |    alloc_raw = nondet_bool();
 96 |    free_raw = nondet_bool();
 97 |    free_addr_raw = nondet_uchar();
 98 |    design(clock, alloc_raw, &nack, &alloc_addr, free_raw, free_addr_raw);
 99 |    assert(((((smain.count >> 4) & 1) == 0) || ((smain.count & 0xF) == 0)));
100 |   }
101 | }
102 | 


--------------------------------------------------------------------------------
/safe/BufAl/main.sv:
--------------------------------------------------------------------------------
 1 | // Buffer allocation model derived from Ken McMillan's.
 2 | // The modifications were meant to adapt the description to the requirements
 3 | // of vl2mv.
 4 | //
 5 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
 6 | //
 7 | module main(clock,alloc_raw,nack,alloc_addr,free_raw,free_addr_raw);
 8 |     input		     clock;
 9 |     input 		     alloc_raw;
10 |     output 		     nack;
11 |     output [(4-1):0] alloc_addr;
12 |     input 		     free_raw;
13 |     input [(4-1):0]  free_addr_raw;
14 | 
15 |     reg 		     busy [0:(16 - 1)];
16 |     reg [4:0] 	     count;
17 |     reg 		     alloc, free;
18 |     reg [(4-1):0]    free_addr;
19 |     integer 		     i;
20 | 
21 |    initial begin
22 | 	for (i = 0; i < 16; i = i + 1)
23 | 	  busy[i] = 0;
24 | 	count = 0;
25 | 	alloc = 0;
26 | 	free = 0;
27 | 	free_addr = 0;
28 |     end
29 | 
30 |     assign nack = alloc & (count == 16);
31 |     assign alloc_addr =
32 | 		       ~busy[0] ? 0 :
33 | 		       ~busy[1] ? 1 :
34 | 		       ~busy[2] ? 2 :
35 | 		       ~busy[3] ? 3 :
36 | 		       ~busy[4] ? 4 :
37 | 		       ~busy[5] ? 5 :
38 | 		       ~busy[6] ? 6 :
39 | 		       ~busy[7] ? 7 :
40 | 		       ~busy[8] ? 8 :
41 | 		       ~busy[9] ? 9 :
42 | 		       ~busy[10] ? 10 :
43 | 		       ~busy[11] ? 11 :
44 | 		       ~busy[12] ? 12 :
45 | 		       ~busy[13] ? 13 :
46 | 		       ~busy[14] ? 14 :
47 | 		       ~busy[15] ? 15 :
48 | 		       0;
49 | 
50 |     always @ (posedge clock) begin
51 | 	alloc = alloc_raw;
52 | 	free = free_raw;
53 | 	free_addr = free_addr_raw;
54 |     end
55 |     always @ (posedge clock) begin
56 | 	count = count + (alloc & ~nack) - (free & busy[free_addr]);
57 | 	if (free) busy[free_addr] = 0;
58 | 	if (alloc & ~nack) busy[alloc_addr] = 1;
59 |     end
60 | 
61 |   p1: assert property ((count[4] == 0 || count[3:0] == 0));
62 | endmodule // buffer_alloc
63 | 


--------------------------------------------------------------------------------
/safe/BufAl/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | 
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/CRC/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | 
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/Ethernet_mac_IP/Broadcast_filter.c:
--------------------------------------------------------------------------------
  1 | //#include <stdio.h>
  2 | #define TRUE 1
  3 | #define FALSE 0
  4 | 
  5 | struct state_elements_Broadcast_filter{
  6 |  unsigned short int time_counter;
  7 |  unsigned short int broadcast_counter;
  8 |  _Bool broadcast_drop;
  9 | };
 10 | 
 11 | void Broadcast_filter(_Bool Reset, _Bool Clk, _Bool broadcast_ptr, _Bool *broadcast_drop, _Bool broadcast_filter_en, unsigned short int broadcast_bucket_depth, unsigned short int broadcast_bucket_interval)
 12 | {
 13 |   struct state_elements_Broadcast_filter  sBroadcast_filter;
 14 |   _Bool tmp8;
 15 |   _Bool tmp7;
 16 |   _Bool tmp6;
 17 |   unsigned short int tmp5;
 18 |   unsigned short int tmp4;
 19 |   unsigned short int tmp3;
 20 |   unsigned short int tmp2;
 21 |   unsigned short int tmp1;
 22 |   unsigned short int tmp0;
 23 |   if(Reset)
 24 |     tmp0 = 0;
 25 | 
 26 |   else
 27 |     if(sBroadcast_filter.time_counter == broadcast_bucket_interval)
 28 |       tmp1 = 0;
 29 | 
 30 |     else
 31 |       tmp2 = (unsigned short int)(unsigned int)sBroadcast_filter.time_counter + 1;
 32 |   if(Reset)
 33 |     tmp3 = 0;
 34 | 
 35 |   else
 36 |     if(sBroadcast_filter.time_counter == broadcast_bucket_interval)
 37 |       tmp4 = 0;
 38 | 
 39 |     else
 40 |       if(broadcast_ptr && sBroadcast_filter.broadcast_counter != broadcast_bucket_depth)
 41 |         tmp5 = (unsigned short int)(unsigned int)sBroadcast_filter.broadcast_counter + 1;
 42 | 
 43 |   if(Reset)
 44 |     tmp6 = FALSE;
 45 | 
 46 |   else
 47 |     if(broadcast_filter_en && sBroadcast_filter.broadcast_counter == broadcast_bucket_depth)
 48 |       tmp7 = TRUE;
 49 | 
 50 |     else
 51 |       tmp8 = FALSE;
 52 |   if(Reset)
 53 |     sBroadcast_filter.time_counter = tmp0;
 54 | 
 55 |   else
 56 |     if(sBroadcast_filter.time_counter == broadcast_bucket_interval)
 57 |       sBroadcast_filter.time_counter = tmp1;
 58 | 
 59 |     else
 60 |       sBroadcast_filter.time_counter = tmp2;
 61 |   if(Reset)
 62 |     sBroadcast_filter.broadcast_counter = tmp3;
 63 | 
 64 |   else
 65 |     if(sBroadcast_filter.time_counter == broadcast_bucket_interval)
 66 |       sBroadcast_filter.broadcast_counter = tmp4;
 67 | 
 68 |     else
 69 |       if(broadcast_ptr && sBroadcast_filter.broadcast_counter != broadcast_bucket_depth)
 70 |         sBroadcast_filter.broadcast_counter = tmp5;
 71 | 
 72 |   if(Reset)
 73 |   {
 74 |     sBroadcast_filter.broadcast_drop = tmp6;
 75 |     *broadcast_drop = tmp6;
 76 |   }
 77 | 
 78 |   else
 79 |     if(broadcast_filter_en && sBroadcast_filter.broadcast_counter == broadcast_bucket_depth)
 80 |     {
 81 |       sBroadcast_filter.broadcast_drop = tmp7;
 82 |       *broadcast_drop = tmp7;
 83 |     }
 84 | 
 85 |     else
 86 |     {
 87 |       sBroadcast_filter.broadcast_drop = tmp8;
 88 |       *broadcast_drop = tmp8;
 89 |     }
 90 | }
 91 | 
 92 | /*
 93 | void main() {
 94 | _Bool Reset;
 95 | _Bool Clk;
 96 | _Bool broadcast_ptr;
 97 | _Bool broadcast_drop;
 98 | _Bool broadcast_filter_en;
 99 | unsigned short int broadcast_bucket_depth;
100 | unsigned short int broadcast_bucket_interval;
101 | 
102 |  while(1) {
103 |   Broadcast_filter(Reset, Clk, broadcast_ptr, &broadcast_drop, broadcast_filter_en, broadcast_bucket_depth, broadcast_bucket_interval);
104 |  }
105 | } */
106 | 


--------------------------------------------------------------------------------
/safe/Ethernet_mac_IP/Clk_ctrl.c:
--------------------------------------------------------------------------------
 1 | //#include <stdio.h>
 2 | 
 3 | #define TRUE 1
 4 | #define FALSE 0
 5 | 
 6 | void Clk_ctrl(_Bool Reset, _Bool Clk_125M, unsigned char Speed, _Bool *Gtx_clk, _Bool Rx_clk, _Bool Tx_clk, _Bool *MAC_tx_clk, _Bool *MAC_rx_clk, _Bool *MAC_tx_clk_div, _Bool *MAC_rx_clk_div)
 7 | {
 8 |   _Bool Rx_clk_div2;
 9 |   _Bool Tx_clk_div2;
10 |   *Gtx_clk = Clk_125M;
11 |   *Gtx_clk = Clk_125M;
12 |   *MAC_rx_clk = Rx_clk;
13 |   *MAC_rx_clk = Rx_clk;
14 | }
15 | 
16 | /*
17 | void main() {
18 | _Bool Reset;
19 | _Bool Clk_125M;
20 | unsigned char Speed;
21 | _Bool Gtx_clk;
22 | _Bool Rx_clk;
23 | _Bool Tx_clk;
24 | _Bool MAC_tx_clk;
25 | _Bool MAC_rx_clk;
26 | _Bool MAC_tx_clk_div;
27 | _Bool MAC_rx_clk_div;
28 | Clk_ctrl(Reset, Clk_125M, Speed, &Gtx_clk, Rx_clk, Tx_clk, &MAC_tx_clk, &MAC_rx_clk, &MAC_tx_clk_div, &MAC_rx_clk_div);
29 | }
30 | */
31 | 


--------------------------------------------------------------------------------
/safe/Ethernet_mac_IP/MAC-sliced:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/safe/Ethernet_mac_IP/MAC-sliced


--------------------------------------------------------------------------------
/safe/Ethernet_mac_IP/MAC_rx.c:
--------------------------------------------------------------------------------
 1 | //#include <stdio.h>
 2 | 
 3 | #include "CRC_chk.c"
 4 | #include "MAC_rx_add_chk.c"
 5 | #include "MAC_rx_ctrl.c"
 6 | #include "MAC_rx_FF.c"
 7 | #include "Broadcast_filter.c"
 8 | 
 9 | #define TRUE 1
10 | #define FALSE 0
11 | 
12 | void MAC_rx(_Bool Reset, _Bool Clk_user, _Bool Clk, _Bool MCrs_dv, unsigned char MRxD, _Bool MRxErr, unsigned short int *pause_quanta, _Bool *pause_quanta_val, _Bool *Rx_mac_ra, _Bool Rx_mac_rd, unsigned int *Rx_mac_data, unsigned char *Rx_mac_BE, _Bool *Rx_mac_pa, _Bool *Rx_mac_sop, _Bool *Rx_mac_eop, _Bool MAC_rx_add_chk_en, unsigned char MAC_add_prom_data, unsigned char MAC_add_prom_add, _Bool MAC_add_prom_wr, _Bool broadcast_filter_en, unsigned short int broadcast_bucket_depth, unsigned short int broadcast_bucket_interval, _Bool RX_APPEND_CRC, unsigned char Rx_Hwmark, unsigned char Rx_Lwmark, _Bool CRC_chk_en, unsigned char RX_IFG_SET, unsigned short int RX_MAX_LENGTH, unsigned char RX_MIN_LENGTH, unsigned short int *Rx_pkt_length_rmon, _Bool *Rx_apply_rmon, unsigned char *Rx_pkt_err_type_rmon, unsigned char *Rx_pkt_type_rmon)
13 | {
14 |   _Bool CRC_en;
15 |   _Bool CRC_init;
16 |   _Bool CRC_err;
17 |   _Bool MAC_add_en;
18 |   _Bool MAC_rx_add_chk_err;
19 |   _Bool broadcast_ptr;
20 |   _Bool broadcast_drop;
21 |   unsigned char Fifo_data;
22 |   _Bool Fifo_data_en;
23 |   _Bool Fifo_full;
24 |   _Bool Fifo_data_err;
25 |   _Bool Fifo_data_end;
26 | 
27 |   MAC_rx_ctrl(Reset, Clk, MCrs_dv, MRxD, MRxErr, &CRC_en, &CRC_init, CRC_err, &MAC_add_en, MAC_rx_add_chk_err, &broadcast_ptr, broadcast_drop, &pause_quanta, &pause_quanta_val, &Fifo_data, &Fifo_data_en, &Fifo_data_err, &Fifo_data_end, Fifo_full, &Rx_pkt_length_rmon, &Rx_apply_rmon, &Rx_pkt_err_type_rmon, &Rx_pkt_type_rmon, RX_IFG_SET, RX_MAX_LENGTH, RX_MIN_LENGTH);
28 | 
29 |  MAC_rx_FF(Reset, Clk, Clk_user, Fifo_data, Fifo_data_en, &Fifo_full, Fifo_data_err, Fifo_data_end, RX_APPEND_CRC, Rx_Hwmark, Rx_Lwmark, &Rx_mac_ra, Rx_mac_rd, &Rx_mac_data, &Rx_mac_BE, &Rx_mac_pa, &Rx_mac_sop, &Rx_mac_eop);
30 | 
31 |  Broadcast_filter(Reset, Clk, broadcast_ptr, &broadcast_drop, broadcast_filter_en, broadcast_bucket_depth, broadcast_bucket_interval);
32 | 
33 |  CRC_chk(Reset, Clk, Fifo_data, CRC_init, CRC_en, CRC_chk_en, &CRC_err);
34 | 
35 |  MAC_rx_add_chk(Reset, Clk, CRC_init, Fifo_data, MAC_add_en, &MAC_rx_add_chk_err, MAC_rx_add_chk_en, MAC_add_prom_data, MAC_add_prom_add, MAC_add_prom_wr);
36 | 
37 | }
38 | 
39 | 
40 | /*
41 | void main() {
42 | 
43 | _Bool Reset;
44 | _Bool Clk_user;
45 | _Bool Clk;
46 | _Bool MCrs_dv;
47 | unsigned char MRxD;
48 | _Bool MRxErr;
49 | unsigned short int pause_quanta;
50 | _Bool pause_quanta_val;
51 | _Bool Rx_mac_ra;
52 | _Bool Rx_mac_rd;
53 | unsigned int Rx_mac_data;
54 | unsigned char Rx_mac_BE;
55 | _Bool Rx_mac_pa;
56 | _Bool Rx_mac_sop;
57 | _Bool Rx_mac_eop;
58 | _Bool MAC_rx_add_chk_en;
59 | unsigned char MAC_add_prom_data;
60 | unsigned char MAC_add_prom_add;
61 | _Bool MAC_add_prom_wr;
62 | _Bool broadcast_filter_en;
63 | unsigned short int broadcast_bucket_depth;
64 | unsigned short int broadcast_bucket_interval;
65 | _Bool RX_APPEND_CRC;
66 | unsigned char Rx_Hwmark;
67 | unsigned char Rx_Lwmark;
68 | _Bool CRC_chk_en;
69 | unsigned char RX_IFG_SET;
70 | unsigned short int RX_MAX_LENGTH;
71 | unsigned char RX_MIN_LENGTH;
72 | unsigned short int Rx_pkt_length_rmon;
73 | _Bool Rx_apply_rmon;
74 | unsigned char Rx_pkt_err_type_rmon;
75 | unsigned char Rx_pkt_type_rmon;
76 | 
77 | MAC_rx(Reset, Clk_user, Clk, MCrs_dv, MRxD, MRxErr, &pause_quanta, &pause_quanta_val, &Rx_mac_ra, Rx_mac_rd, &Rx_mac_data, &Rx_mac_BE, &Rx_mac_pa, &Rx_mac_sop, &Rx_mac_eop, MAC_rx_add_chk_en, MAC_add_prom_data, MAC_add_prom_add, MAC_add_prom_wr, broadcast_filter_en, broadcast_bucket_depth, broadcast_bucket_interval, RX_APPEND_CRC, Rx_Hwmark, Rx_Lwmark, CRC_chk_en, RX_IFG_SET, RX_MAX_LENGTH, RX_MIN_LENGTH, &Rx_pkt_length_rmon, &Rx_apply_rmon, &Rx_pkt_err_type_rmon, &Rx_pkt_type_rmon);
78 | 
79 | }*/
80 | 


--------------------------------------------------------------------------------
/safe/Ethernet_mac_IP/MAC_rx_add_chk.c:
--------------------------------------------------------------------------------
  1 | //#include <stdio.h>
  2 | #define TRUE 1
  3 | #define FALSE 0
  4 | 
  5 | struct state_elements_MAC_rx_add_chk{
  6 | _Bool MAC_add_prom_wr_dl1;
  7 | _Bool MAC_add_prom_wr_dl2;
  8 | unsigned char data_dl1;
  9 | _Bool MAC_add_en_dl1;
 10 | unsigned char addr_rd;
 11 | _Bool MAC_rx_add_chk_err;
 12 | };
 13 | void MAC_rx_add_chk(_Bool Reset, _Bool Clk, _Bool Init, unsigned char data, _Bool MAC_add_en, _Bool *MAC_rx_add_chk_err, _Bool MAC_rx_add_chk_en, unsigned char MAC_add_prom_data, unsigned char MAC_add_prom_add, _Bool MAC_add_prom_wr)
 14 | {
 15 |   struct state_elements_MAC_rx_add_chk  sMAC_rx_add_chk;
 16 |   _Bool tmp13;
 17 |   _Bool tmp12;
 18 |   _Bool tmp11;
 19 |   unsigned char tmp10;
 20 |   unsigned char tmp9;
 21 |   unsigned char tmp8;
 22 |   _Bool tmp7;
 23 |   _Bool tmp6;
 24 |   _Bool tmp5;
 25 |   _Bool tmp4;
 26 |   _Bool tmp3;
 27 |   unsigned char tmp2;
 28 |   _Bool tmp1;
 29 |   unsigned char tmp0;
 30 |   unsigned char addr_wr;
 31 |   unsigned char din;
 32 |   unsigned char dout;
 33 |   _Bool wr_en;
 34 |   if(Reset)
 35 |   {
 36 |     tmp0 = 0;
 37 |     tmp1 = FALSE;
 38 |   }
 39 | 
 40 |   else
 41 |   {
 42 |     tmp2 = data;
 43 |     tmp3 = MAC_add_en;
 44 |   }
 45 |   if(Reset)
 46 |   {
 47 |     tmp4 = FALSE;
 48 |     tmp5 = FALSE;
 49 |   }
 50 | 
 51 |   else
 52 |   {
 53 |     tmp6 = MAC_add_prom_wr;
 54 |     tmp7 = sMAC_rx_add_chk.MAC_add_prom_wr_dl1;
 55 |   }
 56 |   wr_en = sMAC_rx_add_chk.MAC_add_prom_wr_dl1 && !sMAC_rx_add_chk.MAC_add_prom_wr_dl2;
 57 |   addr_wr = MAC_add_prom_add;
 58 |   din = MAC_add_prom_data;
 59 |   if(Reset)
 60 |     tmp8 = 0;
 61 | 
 62 |   else
 63 |     if(Init)
 64 |       tmp9 = 0;
 65 | 
 66 |     else
 67 |       if(MAC_add_en)
 68 |         tmp10 = (unsigned char)(unsigned int)sMAC_rx_add_chk.addr_rd + 1;
 69 | 
 70 |   if(Reset)
 71 |     tmp11 = FALSE;
 72 | 
 73 |   else
 74 |     if(Init)
 75 |       tmp12 = FALSE;
 76 | 
 77 |     else
 78 |       if(MAC_rx_add_chk_en && sMAC_rx_add_chk.MAC_add_en_dl1 && dout != sMAC_rx_add_chk.data_dl1)
 79 |         tmp13 = TRUE;
 80 | 
 81 |   if(Reset)
 82 |   {
 83 |     sMAC_rx_add_chk.data_dl1 = tmp0;
 84 |     sMAC_rx_add_chk.MAC_add_en_dl1 = tmp1;
 85 |   }
 86 | 
 87 |   else
 88 |   {
 89 |     sMAC_rx_add_chk.data_dl1 = tmp2;
 90 |     sMAC_rx_add_chk.MAC_add_en_dl1 = tmp3;
 91 |   }
 92 |   if(Reset)
 93 |   {
 94 |     sMAC_rx_add_chk.MAC_add_prom_wr_dl1 = tmp4;
 95 |     sMAC_rx_add_chk.MAC_add_prom_wr_dl2 = tmp5;
 96 |   }
 97 | 
 98 |   else
 99 |   {
100 |     sMAC_rx_add_chk.MAC_add_prom_wr_dl1 = tmp6;
101 |     sMAC_rx_add_chk.MAC_add_prom_wr_dl2 = tmp7;
102 |   }
103 |   if(Reset)
104 |     sMAC_rx_add_chk.addr_rd = tmp8;
105 | 
106 |   else
107 |     if(Init)
108 |       sMAC_rx_add_chk.addr_rd = tmp9;
109 | 
110 |     else
111 |       if(MAC_add_en)
112 |         sMAC_rx_add_chk.addr_rd = tmp10;
113 | 
114 |   if(Reset)
115 |   {
116 |     sMAC_rx_add_chk.MAC_rx_add_chk_err = tmp11;
117 |     *MAC_rx_add_chk_err = tmp11;
118 |   }
119 | 
120 |   else
121 |     if(Init)
122 |     {
123 |       sMAC_rx_add_chk.MAC_rx_add_chk_err = tmp12;
124 |       *MAC_rx_add_chk_err = tmp12;
125 |     }
126 | 
127 |     else
128 |       if(MAC_rx_add_chk_en && sMAC_rx_add_chk.MAC_add_en_dl1 && dout != sMAC_rx_add_chk.data_dl1)
129 |       {
130 |         sMAC_rx_add_chk.MAC_rx_add_chk_err = tmp13;
131 |         *MAC_rx_add_chk_err = tmp13;
132 |       }
133 | 
134 | }
135 | 
136 | /*
137 | void main() {
138 | _Bool Reset;
139 | _Bool Clk;
140 | _Bool Init;
141 | unsigned char data;
142 | _Bool MAC_add_en;
143 | _Bool MAC_rx_add_chk_err;
144 | _Bool MAC_rx_add_chk_en;
145 | unsigned char MAC_add_prom_data;
146 | unsigned char MAC_add_prom_add;
147 | _Bool MAC_add_prom_wr;
148 | while(1) {
149 | MAC_rx_add_chk(Reset, Clk, Init, data, MAC_add_en, &MAC_rx_add_chk_err, MAC_rx_add_chk_en, MAC_add_prom_data, MAC_add_prom_add, MAC_add_prom_wr);
150 | }
151 | }*/
152 | 


--------------------------------------------------------------------------------
/safe/Ethernet_mac_IP/MAC_tx.c:
--------------------------------------------------------------------------------
 1 | //#include <stdio.h>
 2 | #define TRUE 1
 3 | #define FALSE 0
 4 | 
 5 | #include "CRC_gen.c"
 6 | #include "flow_ctrl.c"
 7 | #include "MAC_tx_addr_add.c"
 8 | #include "MAC_tx_ctrl.c"
 9 | #include "MAC_tx_FF.c"
10 | #include "Random_gen.c"
11 | 
12 | void MAC_tx(_Bool Reset, _Bool Clk, _Bool Clk_user, unsigned char *TxD, _Bool *TxEn, _Bool CRS, unsigned char *Tx_pkt_type_rmon, unsigned short int *Tx_pkt_length_rmon, _Bool *Tx_apply_rmon, unsigned char *Tx_pkt_err_type_rmon, _Bool *Tx_mac_wa, _Bool Tx_mac_wr, unsigned int Tx_mac_data, unsigned char Tx_mac_BE, _Bool Tx_mac_sop, _Bool Tx_mac_eop, unsigned char Tx_Hwmark, unsigned char Tx_Lwmark, _Bool pause_frame_send_en, unsigned short int pause_quanta_set, _Bool MAC_tx_add_en, _Bool FullDuplex, unsigned char MaxRetry, unsigned char IFGset, unsigned char MAC_add_prom_data, unsigned char MAC_add_prom_add, _Bool MAC_add_prom_wr, _Bool tx_pause_en, _Bool xoff_cpu, _Bool xon_cpu, unsigned short int pause_quanta, _Bool pause_quanta_val)
13 | {
14 |   _Bool CRC_init;
15 |   unsigned char Frame_data;
16 |   _Bool Data_en;
17 |   _Bool CRC_rd;
18 |   _Bool CRC_end;
19 |   unsigned char CRC_out;
20 |   _Bool Random_init;
21 |   unsigned char RetryCnt;
22 |   _Bool Random_time_meet;
23 |   _Bool pause_apply;
24 |   _Bool pause_quanta_sub;
25 |   _Bool xoff_gen;
26 |   _Bool xoff_gen_complete;
27 |   _Bool xon_gen;
28 |   _Bool xon_gen_complete;
29 |   unsigned char Fifo_data;
30 |   _Bool Fifo_rd;
31 |   _Bool Fifo_eop;
32 |   _Bool Fifo_da;
33 |   _Bool Fifo_rd_finish;
34 |   _Bool Fifo_rd_retry;
35 |   _Bool Fifo_ra;
36 |   _Bool Fifo_data_err_empty;
37 |   _Bool Fifo_data_err_full;
38 |   _Bool MAC_tx_addr_init;
39 |   _Bool MAC_tx_addr_rd;
40 |   unsigned char MAC_tx_addr_data;
41 | 
42 |   MAC_tx_ctrl(Reset, Clk, &CRC_init, &Frame_data, &Data_en, &CRC_rd, CRC_end, CRC_out, &Random_init, &RetryCnt, Random_time_meet, pause_apply, &pause_quanta_sub, xoff_gen, &xoff_gen_complete, xon_gen, &xon_gen_complete, Fifo_data, &Fifo_rd, Fifo_eop, Fifo_da, &Fifo_rd_finish, &Fifo_rd_retry, Fifo_ra, Fifo_data_err_empty, Fifo_data_err_full, &TxD, &TxEn, CRS, &MAC_tx_addr_init, &MAC_tx_addr_rd, MAC_tx_addr_data, &Tx_pkt_type_rmon, &Tx_pkt_length_rmon, &Tx_apply_rmon, &Tx_pkt_err_type_rmon, pause_frame_send_en, pause_quanta_set, MAC_tx_add_en, FullDuplex, MaxRetry, IFGset);
43 | 
44 |  CRC_gen(Reset, Clk, CRC_init, Frame_data, Data_en, CRC_rd, &CRC_out, &CRC_end);
45 | 
46 |  flow_ctrl(Reset, Clk, tx_pause_en, xoff_cpu, xon_cpu, pause_quanta, pause_quanta_val, &pause_apply, pause_quanta_sub, &xoff_gen, xoff_gen_complete, &xon_gen, xon_gen_complete);
47 | 
48 |  MAC_tx_addr_add(Reset, Clk, MAC_tx_addr_rd, MAC_tx_addr_init, &MAC_tx_addr_data, MAC_add_prom_data, MAC_add_prom_add, MAC_add_prom_wr);
49 | 
50 |  MAC_tx_FF(Reset, Clk, Clk_user, &Fifo_data, Fifo_rd, Fifo_rd_finish, Fifo_rd_retry, &Fifo_eop, &Fifo_da, &Fifo_ra, &Fifo_data_err_empty, &Fifo_data_err_full, &Tx_mac_wa, Tx_mac_wr, Tx_mac_data, Tx_mac_BE, Tx_mac_sop, Tx_mac_eop, FullDuplex, Tx_Hwmark, Tx_Lwmark);
51 | 
52 |  Random_gen(Reset, Clk, Random_init, RetryCnt, &Random_time_meet);
53 | 
54 | }
55 | 
56 | /*
57 | void main() {
58 | 
59 | _Bool Reset;
60 | _Bool Clk;
61 | _Bool Clk_user;
62 | unsigned char TxD;
63 | _Bool TxEn;
64 | _Bool CRS;
65 | unsigned char Tx_pkt_type_rmon;
66 | unsigned short int Tx_pkt_length_rmon;
67 | _Bool Tx_apply_rmon;
68 | unsigned char Tx_pkt_err_type_rmon;
69 | _Bool Tx_mac_wa;
70 | _Bool Tx_mac_wr;
71 | unsigned int Tx_mac_data;
72 | unsigned char Tx_mac_BE;
73 | _Bool Tx_mac_sop;
74 | _Bool Tx_mac_eop;
75 | unsigned char Tx_Hwmark;
76 | unsigned char Tx_Lwmark;
77 | _Bool pause_frame_send_en;
78 | unsigned short int pause_quanta_set;
79 | _Bool MAC_tx_add_en;
80 | _Bool FullDuplex;
81 | unsigned char MaxRetry;
82 | unsigned char IFGset;
83 | unsigned char MAC_add_prom_data;
84 | unsigned char MAC_add_prom_add;
85 | _Bool MAC_add_prom_wr;
86 | _Bool tx_pause_en;
87 | _Bool xoff_cpu;
88 | _Bool xon_cpu;
89 | unsigned short int pause_quanta;
90 | _Bool pause_quanta_val;
91 | 
92 | MAC_tx(Reset, Clk, Clk_user, &TxD, &TxEn, CRS, &Tx_pkt_type_rmon, &Tx_pkt_length_rmon, &Tx_apply_rmon, &Tx_pkt_err_type_rmon, &Tx_mac_wa, Tx_mac_wr, Tx_mac_data, Tx_mac_BE, Tx_mac_sop, Tx_mac_eop, Tx_Hwmark, Tx_Lwmark, pause_frame_send_en, pause_quanta_set, MAC_tx_add_en, FullDuplex, MaxRetry, IFGset, MAC_add_prom_data, MAC_add_prom_add, MAC_add_prom_wr, tx_pause_en, xoff_cpu, xon_cpu, pause_quanta, pause_quanta_val);
93 | }*/
94 | 


--------------------------------------------------------------------------------
/safe/Ethernet_mac_IP/MAC_tx_addr_add.c:
--------------------------------------------------------------------------------
 1 | //#include <stdio.h>
 2 | #define TRUE 1
 3 | #define FALSE 0
 4 | struct state_elements_MAC_tx_addr_add{
 5 | unsigned char add_rd;
 6 | _Bool MAC_add_prom_wr_dl1;
 7 | _Bool MAC_add_prom_wr_dl2;
 8 | };
 9 | void MAC_tx_addr_add(_Bool Reset, _Bool Clk, _Bool MAC_tx_addr_rd, _Bool MAC_tx_addr_init, unsigned char *MAC_tx_addr_data, unsigned char MAC_add_prom_data, unsigned char MAC_add_prom_add, _Bool MAC_add_prom_wr)
10 | {
11 |   struct state_elements_MAC_tx_addr_add  sMAC_tx_addr_add;
12 |   unsigned char tmp6;
13 |   unsigned char tmp5;
14 |   unsigned char tmp4;
15 |   _Bool tmp3;
16 |   _Bool tmp2;
17 |   _Bool tmp1;
18 |   _Bool tmp0;
19 |   unsigned char add_wr;
20 |   unsigned char din;
21 |   unsigned char dout;
22 |   _Bool wr_en;
23 |   if(Reset)
24 |   {
25 |     tmp0 = FALSE;
26 |     tmp1 = FALSE;
27 |   }
28 | 
29 |   else
30 |   {
31 |     tmp2 = MAC_add_prom_wr;
32 |     tmp3 = sMAC_tx_addr_add.MAC_add_prom_wr_dl1;
33 |   }
34 |   wr_en = sMAC_tx_addr_add.MAC_add_prom_wr_dl1 && !sMAC_tx_addr_add.MAC_add_prom_wr_dl2;
35 |   add_wr = MAC_add_prom_add;
36 |   din = MAC_add_prom_data;
37 |   if(Reset)
38 |     tmp4 = 0;
39 | 
40 |   else
41 |     if(MAC_tx_addr_init)
42 |       tmp5 = 0;
43 | 
44 |     else
45 |       if(MAC_tx_addr_rd)
46 |         tmp6 = (unsigned char)(unsigned int)sMAC_tx_addr_add.add_rd + 1;
47 | 
48 |   *MAC_tx_addr_data = dout;
49 |   *MAC_tx_addr_data = dout;
50 |   if(Reset)
51 |   {
52 |     sMAC_tx_addr_add.MAC_add_prom_wr_dl1 = tmp0;
53 |     sMAC_tx_addr_add.MAC_add_prom_wr_dl2 = tmp1;
54 |   }
55 | 
56 |   else
57 |   {
58 |     sMAC_tx_addr_add.MAC_add_prom_wr_dl1 = tmp2;
59 |     sMAC_tx_addr_add.MAC_add_prom_wr_dl2 = tmp3;
60 |   }
61 |   if(Reset)
62 |     sMAC_tx_addr_add.add_rd = tmp4;
63 | 
64 |   else
65 |     if(MAC_tx_addr_init)
66 |       sMAC_tx_addr_add.add_rd = tmp5;
67 | 
68 |     else
69 |       if(MAC_tx_addr_rd)
70 |         sMAC_tx_addr_add.add_rd = tmp6;
71 | 
72 | }
73 | /*
74 | void main() {
75 | _Bool Reset;
76 | _Bool Clk;
77 | _Bool MAC_tx_addr_rd;
78 | _Bool MAC_tx_addr_init;
79 | unsigned char MAC_tx_addr_data;
80 | unsigned char MAC_add_prom_data;
81 | unsigned char MAC_add_prom_add;
82 | _Bool MAC_add_prom_wr;
83 | while(1) {
84 | MAC_tx_addr_add(Reset, Clk, MAC_tx_addr_rd, MAC_tx_addr_init, &MAC_tx_addr_data, MAC_add_prom_data, MAC_add_prom_add, MAC_add_prom_wr);
85 | }
86 | }*/
87 | 


--------------------------------------------------------------------------------
/safe/Ethernet_mac_IP/RMON.c:
--------------------------------------------------------------------------------
 1 | //#include <stdio.h>
 2 | 
 3 | #include "RMON_addr_gen.c"
 4 | #include "RMON_dpram.c"
 5 | #include "RMON_ctrl.c"
 6 | 
 7 | #define TRUE 1
 8 | #define FALSE 0
 9 | void RMON(_Bool Clk, _Bool Reset, unsigned char Tx_pkt_type_rmon, unsigned short int Tx_pkt_length_rmon, _Bool Tx_apply_rmon, unsigned char Tx_pkt_err_type_rmon, unsigned char Rx_pkt_type_rmon, unsigned short int Rx_pkt_length_rmon, _Bool Rx_apply_rmon, unsigned char Rx_pkt_err_type_rmon, unsigned char CPU_rd_addr, _Bool CPU_rd_apply, _Bool *CPU_rd_grant, unsigned int *CPU_rd_dout)
10 | {
11 |   _Bool Reg_apply_0;
12 |   unsigned char Reg_addr_0;
13 |   unsigned short int Reg_data_0;
14 |   _Bool Reg_next_0;
15 |   _Bool Reg_apply_1;
16 |   unsigned char Reg_addr_1;
17 |   unsigned short int Reg_data_1;
18 |   _Bool Reg_next_1;
19 |   unsigned char Addra;
20 |   unsigned int Dina;
21 |   unsigned int Douta;
22 |   _Bool Wea;
23 |   _Bool RxAddrb;
24 |   _Bool TxAddrb;
25 |   _Bool Reg_drop_apply;
26 |   
27 |   RMON_addr_gen(Clk, Reset, Rx_pkt_type_rmon, Rx_pkt_length_rmon, Rx_apply_rmon, Rx_pkt_err_type_rmon, &Reg_apply_0, &Reg_addr_0, &Reg_data_0, Reg_next_0, &Reg_drop_apply);
28 | 
29 | 
30 |   RMON_addr_gen(Clk, Reset, Tx_pkt_type_rmon, Tx_pkt_length_rmon, Tx_apply_rmon, Tx_pkt_err_type_rmon, &Reg_apply_1, &Reg_addr_1, &Reg_data_1, Reg_next_1, &Reg_drop_apply);
31 | 
32 |   RMON_CTRL(Clk, Reset, Reg_apply_0, Reg_addr_0, Reg_data_0, &Reg_next_0, Reg_apply_1, Reg_addr_1, Reg_data_1, &Reg_next_1, &Addra, &Dina, Douta, &Wea, CPU_rd_addr, CPU_rd_apply, &CPU_rd_grant, &CPU_rd_dout);
33 | 
34 |   RMON_dpram(Reset, Clk, Addra, Dina, &Douta, Wea, Addra, &Douta);
35 | 
36 |   RxAddrb = FALSE;
37 |   TxAddrb = FALSE;
38 | }
39 | 
40 | /*
41 | void main() {
42 | _Bool Clk;
43 | _Bool Reset;
44 | unsigned char Tx_pkt_type_rmon;
45 | unsigned short int Tx_pkt_length_rmon;
46 | _Bool Tx_apply_rmon;
47 | unsigned char Tx_pkt_err_type_rmon;
48 | unsigned char Rx_pkt_type_rmon;
49 | unsigned short int Rx_pkt_length_rmon;
50 | _Bool Rx_apply_rmon;
51 | unsigned char Rx_pkt_err_type_rmon;
52 | unsigned char CPU_rd_addr;
53 | _Bool CPU_rd_apply;
54 | _Bool CPU_rd_grant;
55 | unsigned int CPU_rd_dout;
56 | 
57 | RMON(Clk, Reset, Tx_pkt_type_rmon, Tx_pkt_length_rmon, Tx_apply_rmon, Tx_pkt_err_type_rmon, Rx_pkt_type_rmon, Rx_pkt_length_rmon, Rx_apply_rmon, Rx_pkt_err_type_rmon, CPU_rd_addr, CPU_rd_apply, &CPU_rd_grant, &CPU_rd_dout);
58 | 
59 | }*/
60 | 


--------------------------------------------------------------------------------
/safe/Ethernet_mac_IP/RMON_dpram.c:
--------------------------------------------------------------------------------
 1 | //#include <stdio.h>
 2 | #define TRUE 1
 3 | #define FALSE 0
 4 | struct state_elements_RMON_dpram{
 5 | };
 6 | void RMON_dpram(_Bool Reset, _Bool Clk, unsigned char Addra, unsigned int Dina, unsigned int *Douta, _Bool Wea, unsigned char Addrb, unsigned int *Doutb)
 7 | {
 8 |   struct state_elements_RMON_dpram  sRMON_dpram;
 9 |   _Bool Clka;
10 |   _Bool Clkb;
11 |   Clka = Clk;
12 |   Clkb = Clk;
13 | }
14 | 
15 | /*
16 | void main() {
17 | _Bool Reset;
18 | _Bool Clk;
19 | unsigned char Addra;
20 | unsigned int Dina;
21 | unsigned int Douta;
22 | _Bool Wea;
23 | unsigned char Addrb;
24 | unsigned int Doutb;
25 | RMON_dpram(Reset, Clk, Addra, Dina, &Douta, Wea, Addrb, &Doutb);
26 | }
27 | */
28 | 


--------------------------------------------------------------------------------
/safe/Ethernet_mac_IP/eth_clockgen.c:
--------------------------------------------------------------------------------
 1 | //#include <stdio.h>
 2 | #define TRUE 1
 3 | #define FALSE 0
 4 | 
 5 | struct state_elements_eth_clockgen{
 6 | unsigned char Counter;
 7 | _Bool Mdc;
 8 | };
 9 | void eth_clockgen(_Bool Clk, _Bool Reset, unsigned char Divider, _Bool *Mdc, _Bool *MdcEn, _Bool *MdcEn_n)
10 | {
11 |   struct state_elements_eth_clockgen  seth_clockgen;
12 |   _Bool tmp4;
13 |   _Bool tmp3;
14 |   unsigned char tmp2;
15 |   unsigned char tmp1;
16 |   unsigned char tmp0;
17 |   int Tp;
18 |   Tp = 1;
19 |   _Bool CountEq0;
20 |   unsigned char CounterPreset;
21 |   unsigned char TempDivider;
22 |   TempDivider = TempDivider | ((unsigned int)Divider & 0xFF < 2 ? 2 : Divider & 0xFF) << 0;
23 |   CounterPreset = CounterPreset | (unsigned int)(TempDivider & 0xFF >> 1) - 1 << 0;
24 |   if(Reset)
25 |     tmp0 = 1;
26 | 
27 |   else
28 |   {
29 |     if(CountEq0)
30 |     {
31 |       tmp1 = CounterPreset & 0xFF;
32 |     }
33 | 
34 |     else
35 |       tmp2 = seth_clockgen.Counter - 1;
36 |   }
37 |   if(Reset)
38 |     tmp3 = FALSE;
39 | 
40 |   else
41 |   {
42 |     if(CountEq0)
43 |       tmp4 = !seth_clockgen.Mdc;
44 | 
45 |   }
46 |   CountEq0 = seth_clockgen.Counter == 0;
47 |   *MdcEn = CountEq0 && !seth_clockgen.Mdc;
48 |   *MdcEn = CountEq0 && !seth_clockgen.Mdc;
49 |   *MdcEn_n = CountEq0 && seth_clockgen.Mdc;
50 |   *MdcEn_n = CountEq0 && seth_clockgen.Mdc;
51 |   if(Reset)
52 |     seth_clockgen.Counter = tmp0 & 0xFF;
53 | 
54 |   else
55 |   {
56 |     if(CountEq0)
57 |     {
58 |       seth_clockgen.Counter = tmp1 & 0xFF;
59 |     }
60 | 
61 |     else
62 |       seth_clockgen.Counter = tmp2 & 0xFF;
63 |   }
64 |   if(Reset)
65 |   {
66 |     seth_clockgen.Mdc = tmp3;
67 |     *Mdc = tmp3;
68 |   }
69 | 
70 |   else
71 |   {
72 |     if(CountEq0)
73 |     {
74 |       seth_clockgen.Mdc = tmp4;
75 |       *Mdc = tmp4;
76 |     }
77 | 
78 |   }
79 | }
80 | 
81 | /*
82 | void main() {
83 | _Bool Clk;
84 | _Bool Reset;
85 | unsigned char Divider;
86 | _Bool Mdc;
87 | _Bool MdcEn;
88 | _Bool MdcEn_n;
89 | while(1) {
90 | eth_clockgen(Clk, Reset, Divider, &Mdc, &MdcEn, &MdcEn_n);
91 | }
92 | }*/
93 | 


--------------------------------------------------------------------------------
/safe/Ethernet_mac_IP/eth_outputcontrol.c:
--------------------------------------------------------------------------------
  1 | //#include <stdio.h>
  2 | #define TRUE 1
  3 | #define FALSE 0
  4 | 
  5 | struct state_elements_eth_outputcontrol{
  6 | _Bool MdoEn_2d;
  7 | _Bool MdoEn_d;
  8 | _Bool Mdo_2d;
  9 | _Bool Mdo_d;
 10 | _Bool Mdo;
 11 | _Bool MdoEn;
 12 | };
 13 | void eth_outputcontrol(_Bool Clk, _Bool Reset, _Bool WriteOp, _Bool NoPre, _Bool InProgress, _Bool ShiftedBit, unsigned char BitCounter, _Bool MdcEn_n, _Bool *Mdo, _Bool *MdoEn)
 14 | {
 15 |   struct state_elements_eth_outputcontrol  seth_outputcontrol;
 16 |   _Bool tmp11;
 17 |   _Bool tmp10;
 18 |   _Bool tmp9;
 19 |   _Bool tmp8;
 20 |   _Bool tmp7;
 21 |   _Bool tmp6;
 22 |   _Bool tmp5;
 23 |   _Bool tmp4;
 24 |   _Bool tmp3;
 25 |   _Bool tmp2;
 26 |   _Bool tmp1;
 27 |   _Bool tmp0;
 28 |   int Tp;
 29 |   Tp = 1;
 30 |   _Bool SerialEn;
 31 |   SerialEn = WriteOp && InProgress && ((unsigned int)BitCounter > 31 || (unsigned int)BitCounter == 0 && NoPre) || !WriteOp && InProgress && ((unsigned int)BitCounter > 31 && (unsigned int)BitCounter < 46 || (unsigned int)BitCounter == 0 && NoPre);
 32 |   if(Reset)
 33 |   {
 34 |     tmp0 = FALSE;
 35 |     tmp1 = FALSE;
 36 |     tmp2 = FALSE;
 37 |   }
 38 | 
 39 |   else
 40 |   {
 41 |     if(MdcEn_n)
 42 |     {
 43 |       tmp3 = SerialEn || InProgress && (unsigned int)BitCounter < 32;
 44 |       tmp4 = seth_outputcontrol.MdoEn_2d;
 45 |       tmp5 = seth_outputcontrol.MdoEn_d;
 46 |     }
 47 | 
 48 |   }
 49 |   if(Reset)
 50 |   {
 51 |     tmp6 = FALSE;
 52 |     tmp7 = FALSE;
 53 |     tmp8 = FALSE;
 54 |   }
 55 | 
 56 |   else
 57 |   {
 58 |     if(MdcEn_n)
 59 |     {
 60 |       tmp9 = !SerialEn && (unsigned int)BitCounter < 32;
 61 |       tmp10 = ShiftedBit || seth_outputcontrol.Mdo_2d;
 62 |       tmp11 = seth_outputcontrol.Mdo_d;
 63 |     }
 64 | 
 65 |   }
 66 |   if(Reset)
 67 |   {
 68 |     seth_outputcontrol.MdoEn_2d = tmp0;
 69 |     seth_outputcontrol.MdoEn_d = tmp1;
 70 |     {
 71 |       seth_outputcontrol.MdoEn = tmp2;
 72 |       *MdoEn = tmp2;
 73 |     }
 74 |   }
 75 | 
 76 |   else
 77 |   {
 78 |     if(MdcEn_n)
 79 |     {
 80 |       seth_outputcontrol.MdoEn_2d = tmp3;
 81 |       seth_outputcontrol.MdoEn_d = tmp4;
 82 |       {
 83 |         seth_outputcontrol.MdoEn = tmp5;
 84 |         *MdoEn = tmp5;
 85 |       }
 86 |     }
 87 | 
 88 |   }
 89 |   if(Reset)
 90 |   {
 91 |     seth_outputcontrol.Mdo_2d = tmp6;
 92 |     seth_outputcontrol.Mdo_d = tmp7;
 93 |     {
 94 |       seth_outputcontrol.Mdo = tmp8;
 95 |       *Mdo = tmp8;
 96 |     }
 97 |   }
 98 | 
 99 |   else
100 |   {
101 |     if(MdcEn_n)
102 |     {
103 |       seth_outputcontrol.Mdo_2d = tmp9;
104 |       seth_outputcontrol.Mdo_d = tmp10;
105 |       {
106 |         seth_outputcontrol.Mdo = tmp11;
107 |         *Mdo = tmp11;
108 |       }
109 |     }
110 | 
111 |   }
112 | }
113 | /*
114 | void main() {
115 | _Bool Clk;
116 | _Bool Reset;
117 | _Bool WriteOp;
118 | _Bool NoPre;
119 | _Bool InProgress;
120 | _Bool ShiftedBit;
121 | unsigned char BitCounter;
122 | _Bool MdcEn_n;
123 | _Bool Mdo;
124 | _Bool MdoEn;
125 | while(1) {
126 | eth_outputcontrol(Clk, Reset, WriteOp, NoPre, InProgress, ShiftedBit, BitCounter, MdcEn_n, &Mdo, &MdoEn);
127 | }
128 | }*/
129 | 


--------------------------------------------------------------------------------
/safe/Ethernet_mac_IP/eth_shiftreg.c:
--------------------------------------------------------------------------------
  1 | //#include <stdio.h>
  2 | #define TRUE 1
  3 | #define FALSE 0
  4 | 
  5 | struct state_elements_eth_shiftreg{
  6 | unsigned short int Prsd;
  7 | _Bool LinkFail;
  8 | unsigned char ShiftReg;
  9 | };
 10 | void eth_shiftreg(_Bool Clk, _Bool Reset, _Bool MdcEn_n, _Bool Mdi, unsigned char Fiad, unsigned char Rgad, unsigned short int CtrlData, _Bool WriteOp, unsigned char ByteSelect, unsigned char LatchByte, _Bool *ShiftedBit, unsigned short int *Prsd, _Bool *LinkFail)
 11 | {
 12 |   struct state_elements_eth_shiftreg  seth_shiftreg;
 13 |   unsigned char tmp6, tmp7, tmp8, tmp9, tmp10, tmp11;
 14 |   _Bool tmp5;
 15 |   unsigned char tmp4;
 16 |   unsigned char tmp3;
 17 |   _Bool tmp2;
 18 |   unsigned short int tmp1;
 19 |   unsigned char tmp0;
 20 |   int Tp;
 21 |   Tp = 1;
 22 |   if(Reset)
 23 |   {
 24 |     tmp0 = 0;
 25 |     tmp1 = 0;
 26 |     tmp2 = FALSE;
 27 |   }
 28 | 
 29 |   else
 30 |   {
 31 |     if(MdcEn_n)
 32 |     {
 33 |       if((ByteSelect & 8) | (ByteSelect & 4) | (ByteSelect & 2) | (ByteSelect & 1))
 34 |       {
 35 |         switch (ByteSelect & 0xF) {
 36 |           case 1: tmp7 = 0x1 << 6 | !WriteOp | WriteOp | Fiad & 0x1E;
 37 |           case 2: tmp8 = Fiad & 1 << 7 | Rgad & 0x1F << 2 | 0x2;
 38 |           case 4: tmp9 = CtrlData >> 8 & 0xFF;
 39 |           case 8: tmp10 = CtrlData & 0xFF;
 40 |           default: tmp11 = 0x00;
 41 |         }
 42 |       }
 43 |       else
 44 |       {
 45 |         tmp3 = (seth_shiftreg.ShiftReg >> 0 & 127) << 1 | Mdi;
 46 |         if(LatchByte & 1)
 47 |         {
 48 |           tmp4 = (seth_shiftreg.ShiftReg >> 0 & 127) << 1 | Mdi;
 49 |           if(Rgad == 1)
 50 |             tmp5 = !seth_shiftreg.ShiftReg >> 1 & 1;
 51 |         }
 52 |         else
 53 |         {
 54 |           if(LatchByte >> 1 & 1)
 55 |             tmp6 = (seth_shiftreg.ShiftReg >> 0 & 127) << 1 | Mdi;
 56 |         }
 57 |       }
 58 |     }
 59 |   }
 60 |   if(Reset)
 61 |   {
 62 |     seth_shiftreg.ShiftReg = tmp0 & 0xFF;
 63 |     {
 64 |       seth_shiftreg.Prsd = tmp1 & 0xFFFF;
 65 |       *Prsd = tmp1 & 0xFF;
 66 |     }
 67 |     {
 68 |       seth_shiftreg.LinkFail = tmp2;
 69 |       *LinkFail = tmp2;
 70 |     }
 71 |   }
 72 | 
 73 |   else
 74 |   {
 75 |     if(MdcEn_n)
 76 |     {
 77 |       if((ByteSelect & 8) | (ByteSelect & 4) | (ByteSelect & 2) | (ByteSelect & 1))
 78 |       {
 79 |         switch (ByteSelect & 0xF) {
 80 |           case 1: seth_shiftreg.ShiftReg = tmp7; 
 81 |           case 2: seth_shiftreg.ShiftReg = tmp8; 
 82 |           case 4: seth_shiftreg.ShiftReg = tmp9; 
 83 |           case 8: seth_shiftreg.ShiftReg = tmp10; 
 84 |           default: seth_shiftreg.ShiftReg = tmp11;
 85 |         }
 86 |       }
 87 |       else
 88 |       {
 89 |         seth_shiftreg.ShiftReg = tmp3;
 90 |         if(LatchByte & 1)
 91 |         {
 92 |           *Prsd = *Prsd | tmp4 & 0xFF;
 93 |           seth_shiftreg.Prsd = seth_shiftreg.Prsd | tmp4 & 0xFF;
 94 |           if(Rgad == 1)
 95 |             *LinkFail = tmp5; 
 96 |         }
 97 |         else
 98 |         {
 99 |           if(LatchByte >> 1 & 1)
100 |             *Prsd = *Prsd | tmp6 << 8;
101 |             seth_shiftreg.Prsd = seth_shiftreg.Prsd | tmp6 & 0xFF;
102 |         }
103 |       }
104 |     }
105 |   }
106 |   *ShiftedBit = seth_shiftreg.ShiftReg >> 7 & 1;
107 | }
108 | 
109 | /*
110 | void main() {
111 | _Bool Clk;
112 | _Bool Reset;
113 | _Bool MdcEn_n;
114 | _Bool Mdi;
115 | unsigned char Fiad;
116 | unsigned char Rgad;
117 | unsigned short int CtrlData;
118 | _Bool WriteOp;
119 | unsigned char ByteSelect;
120 | unsigned char LatchByte;
121 | _Bool ShiftedBit;
122 | unsigned short int Prsd;
123 | _Bool LinkFail;
124 | while(1) {
125 | eth_shiftreg(Clk, Reset, MdcEn_n, Mdi, Fiad, Rgad, CtrlData, WriteOp, ByteSelect, LatchByte, &ShiftedBit, &Prsd, &LinkFail);
126 | }
127 | }*/
128 | 


--------------------------------------------------------------------------------
/safe/Ethernet_mac_IP/run.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # command to run cbmc
 4 | time cbmc MAC_top.c --unwind 4 --no-unwinding-assertions
 5 | 
 6 | #time cbmc MAC_top.c --unwind 5 --no-unwinding-assertions --z3
 7 | 
 8 | # command to run SYMEX
 9 | #time hasco-pi MAC_top.c --unwind 5 --no-unwinding-assertions
10 | 


--------------------------------------------------------------------------------
/safe/FIFO/main.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <assert.h>
  3 | 
  4 | _Bool nondet_bool();
  5 | unsigned char nondet_uchar();
  6 | 
  7 | int MSBD = 3;
  8 | int LAST = 15;
  9 | int MSBA = 3;
 10 | 
 11 | struct state_elements_srFIFO {
 12 |   _Bool empty;
 13 |   unsigned char mem[16];
 14 |   unsigned char tail;
 15 | };
 16 | struct state_elements_srFIFO ssrFIFO;
 17 | 
 18 | void initial_srFIFO() {
 19 |   int i;
 20 |   for(i = 0; i <= LAST; i = i + 1)
 21 |     ssrFIFO.mem[i] = 0;
 22 |   ssrFIFO.tail = 0;
 23 |   ssrFIFO.empty = 1;
 24 | } 
 25 | 
 26 | void srFIFO(_Bool clock, unsigned char dataIn, _Bool push, _Bool pop, unsigned char *dataOut, _Bool *full, _Bool *empty)
 27 | {
 28 |   int i;
 29 |   unsigned char tmp1;
 30 |   // clocked block 
 31 |   if(push && !*full)
 32 |   {
 33 |     for(i = LAST; i > 0; i = i - 1)
 34 |       ssrFIFO.mem[i] = (ssrFIFO.mem[i - 1] & 0xF);
 35 |     ssrFIFO.mem[0] = dataIn & 0xF;
 36 |     
 37 |     if(!ssrFIFO.empty)
 38 |       ssrFIFO.tail = (ssrFIFO.tail + 1) & 0xF;
 39 |     ssrFIFO.empty = 0;
 40 |     *empty = 0;
 41 |   }
 42 | 
 43 |   else
 44 |     if(pop && !ssrFIFO.empty)
 45 |     {
 46 |       if(ssrFIFO.tail == 0)
 47 |       {
 48 |         ssrFIFO.empty = 1;
 49 |         *empty = 1;
 50 |       }
 51 |     else
 52 |         ssrFIFO.tail = ((ssrFIFO.tail & 0xF) - 1) & 0xF;
 53 |     }
 54 | 
 55 |   tmp1 = ssrFIFO.tail & 0xF;
 56 |   *dataOut = (ssrFIFO.mem[tmp1]) & 0xF;
 57 |   *full = ((ssrFIFO.tail & 0xF) == LAST);
 58 | }
 59 | 
 60 | struct state_elements_rbFIFO{
 61 |   _Bool empty;
 62 |   unsigned char mem[16];
 63 |   unsigned char head;
 64 |   unsigned char tail;
 65 | };
 66 | struct state_elements_rbFIFO  srbFIFO;
 67 | 
 68 | void initial_rbFIFO()
 69 | {
 70 |   int i;
 71 |   for(i = 0;i <= LAST; i = i + 1)
 72 |     srbFIFO.mem[i] = 0;
 73 |   srbFIFO.head = 0;
 74 |   srbFIFO.tail = 0;
 75 |   srbFIFO.empty = 1;
 76 | }
 77 | 
 78 | void rbFIFO(_Bool clock, unsigned char dataIn, _Bool push, _Bool pop, unsigned char *dataOut, _Bool *full, _Bool *empty)
 79 | {
 80 |   unsigned char tmp1, tmp2; 
 81 |   
 82 |   if(push && !*full)
 83 |   {
 84 |     tmp1 = srbFIFO.head & 0xF;
 85 |     srbFIFO.mem[tmp1] = dataIn & 0xF;
 86 |     srbFIFO.head = ((srbFIFO.head & 0xF) + 1) & 0xF;
 87 |     srbFIFO.empty = 0;
 88 |     *empty = 0;
 89 |   }
 90 | 
 91 |   else
 92 |     if(pop && !srbFIFO.empty)
 93 |     {
 94 |       srbFIFO.tail = ((srbFIFO.tail & 0xf) + 1) & 0xF;
 95 |       if((srbFIFO.tail & 0xF) == (srbFIFO.head & 0xF)) {
 96 |         srbFIFO.empty = 1;
 97 |         *empty = 1;
 98 |       }
 99 |     }
100 |   tmp2 = srbFIFO.tail & 0xF;
101 |   *dataOut = (srbFIFO.mem[tmp2]) & 0xF;
102 |   *full = ((srbFIFO.tail & 0xF) == (srbFIFO.head & 0xF)) & (!srbFIFO.empty );
103 | }
104 | 
105 | unsigned char srDataOut;
106 | _Bool srFull;
107 | _Bool srEmpty;
108 | unsigned char rbDataOut;
109 | _Bool rbFull;
110 | _Bool rbEmpty;
111 | 
112 | void design(_Bool clock, unsigned char dataIn, _Bool push, _Bool pop, _Bool *equal)
113 | {
114 |   
115 |   srFIFO(clock, dataIn, push, pop, &srDataOut, &srFull, &srEmpty);
116 |   rbFIFO(clock, dataIn, push, pop, &rbDataOut, &rbFull, &rbEmpty);
117 |   *equal = ((srFull == rbFull) && (ssrFIFO.empty == srbFIFO.empty) && (ssrFIFO.empty || (srDataOut == rbDataOut)));
118 |   //assert(srFull == rbFull);
119 |   //assert(srEmpty == rbEmpty);
120 |   assert(*equal == 1);
121 | }
122 | 
123 | 
124 | void main() {
125 |   _Bool clock;
126 |   unsigned char dataIn;
127 |   _Bool push;
128 |   _Bool pop;
129 |   _Bool equal;
130 | 
131 |   initial_rbFIFO();
132 |   initial_srFIFO();
133 |   
134 |   //while(1) {
135 |     push = nondet_bool();
136 |     pop = nondet_bool();
137 |     dataIn = nondet_uchar();
138 |     design(clock, dataIn, push, pop, &equal);
139 |   //}
140 | }
141 | 


--------------------------------------------------------------------------------
/safe/FIFO/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | 
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/FourbyFour/main.c:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #include <assert.h>
 3 | #define TRUE 1
 4 | #define FALSE 0
 5 | 
 6 | struct state_elements_main{
 7 |   unsigned char b[8];
 8 |   unsigned char freg;
 9 |   unsigned char treg;
10 | };
11 | struct state_elements_main smain;
12 | 
13 | void initial_main(){
14 |   smain.treg = 0;
15 |   smain.freg = 0;
16 | }
17 | 
18 | void four_by_four(_Bool clock, unsigned char from, unsigned char to)
19 | {
20 |   _Bool valid;
21 |   _Bool parity;
22 |   _Bool permutation;
23 |   _Bool oddInversions;
24 | 
25 |   smain.freg = from;
26 |   smain.treg = to;
27 | 
28 | 
29 |   valid = (smain.b[smain.treg] == 0) && 
30 |     (((smain.treg&0x3 == smain.freg&0x3) && !(smain.treg&0x4 == smain.freg&0x4)) || 
31 |      ((smain.treg&0x4 == smain.freg&0x4) && 
32 |       (((smain.treg&0x3 == 0) && (smain.freg&0x3 == 1)) || 
33 |        ((smain.treg&0x3 == 1) && (smain.freg&0x1 == 0)) || 
34 |        ((smain.treg&0x3 == 2) && (smain.freg&0x1 == 1)) || 
35 |        ((smain.treg&0x3 == 3) && (smain.freg&0x3 == 2)) )));
36 | 
37 |   parity = 
38 |     (((smain.b[0] & 5) == 1) | ((smain.b[0] & 5) == 4)) ^
39 |     (((smain.b[1] & 5) == 0) | ((smain.b[1] & 5) == 5)) ^
40 |     (((smain.b[2] & 5) == 1) | ((smain.b[2] & 5) == 4)) ^
41 |     (((smain.b[3] & 5) == 0) | ((smain.b[3] & 5) == 5)) ^
42 |     (((smain.b[4] & 5) == 1) | ((smain.b[4] & 5) == 4)) ^
43 |     (((smain.b[5] & 5) == 0) | ((smain.b[5] & 5) == 5)) ^
44 |     (((smain.b[6] & 5) == 1) | ((smain.b[6] & 5) == 4)) ^
45 |     (((smain.b[7] & 5) == 0) | ((smain.b[7] & 5) == 5));
46 | 
47 |   permutation = smain.b[0]!=smain.b[1] && smain.b[0]!=smain.b[2] && smain.b[0]!=smain.b[3] &&
48 |     smain.b[0]!=smain.b[4] && smain.b[0]!=smain.b[5] && smain.b[0]!=smain.b[6] && smain.b[0]!=smain.b[7] &&
49 |     smain.b[1]!=smain.b[2] && smain.b[1]!=smain.b[3] && smain.b[1]!=smain.b[4] && smain.b[1]!=smain.b[5] &&
50 |     smain.b[1]!=smain.b[6] && smain.b[1]!=smain.b[7] && smain.b[2]!=smain.b[3] && smain.b[2]!=smain.b[4] &&
51 |     smain.b[2]!=smain.b[5] && smain.b[2]!=smain.b[6] && smain.b[2]!=smain.b[7] && smain.b[3]!=smain.b[4] &&
52 |     smain.b[3]!=smain.b[5] && smain.b[3]!=smain.b[6] && smain.b[3]!=smain.b[7] && smain.b[4]!=smain.b[5] &&
53 |     smain.b[4]!=smain.b[6] && smain.b[4]!=smain.b[7] && smain.b[5]!=smain.b[6] && smain.b[5]!=smain.b[7] &&
54 |     smain.b[6]!=smain.b[7];
55 | 
56 |   oddInversions = (smain.b[4]==0 || smain.b[5]==0 || smain.b[6]==0 || smain.b[7]==0) ^
57 |     (smain.b[0]>smain.b[1] && smain.b[1]!=0) ^ (smain.b[0]>smain.b[2] && smain.b[2]!=0) ^
58 |     (smain.b[0]>smain.b[3] && smain.b[3]!=0) ^ (smain.b[0]>smain.b[4] && smain.b[4]!=0) ^
59 |     (smain.b[0]>smain.b[5] && smain.b[5]!=0) ^ (smain.b[0]>smain.b[6] && smain.b[6]!=0) ^
60 |     (smain.b[0]>smain.b[7] && smain.b[7]!=0) ^ (smain.b[1]>smain.b[2] && smain.b[2]!=0) ^
61 |     (smain.b[1]>smain.b[3] && smain.b[3]!=0) ^ (smain.b[1]>smain.b[4] && smain.b[4]!=0) ^
62 |     (smain.b[1]>smain.b[5] && smain.b[5]!=0) ^ (smain.b[1]>smain.b[6] && smain.b[6]!=0) ^
63 |     (smain.b[1]>smain.b[7] && smain.b[7]!=0) ^ (smain.b[2]>smain.b[3] && smain.b[3]!=0) ^
64 |     (smain.b[2]>smain.b[4] && smain.b[4]!=0) ^ (smain.b[2]>smain.b[5] && smain.b[5]!=0) ^
65 |     (smain.b[2]>smain.b[6] && smain.b[6]!=0) ^ (smain.b[2]>smain.b[7] && smain.b[7]!=0) ^
66 |     (smain.b[3]>smain.b[4] && smain.b[4]!=0) ^ (smain.b[3]>smain.b[5] && smain.b[5]!=0) ^
67 |     (smain.b[3]>smain.b[6] && smain.b[6]!=0) ^ (smain.b[3]>smain.b[7] && smain.b[7]!=0) ^
68 |     (smain.b[4]>smain.b[5] && smain.b[5]!=0) ^ (smain.b[4]>smain.b[6] && smain.b[6]!=0) ^
69 |     (smain.b[4]>smain.b[7] && smain.b[7]!=0) ^ (smain.b[5]>smain.b[6] && smain.b[6]!=0) ^
70 |     (smain.b[5]>smain.b[7] && smain.b[7]!=0) ^ (smain.b[6]>smain.b[7] && smain.b[7]!=0);
71 | 
72 |   if(valid)
73 |   {
74 |     smain.b[smain.treg] = smain.b[smain.freg];
75 |     smain.b[smain.freg] = 0;
76 |   }
77 | 
78 |   //#PASS:
79 |   assert(!permutation==1 || parity==0);
80 |   /*
81 |   //#PASS:
82 |   assert property (permutation==1 |-> ##[0:100] permutation==1);
83 |   //#PASS:
84 |   assert property (permutation==1 && oddInversions==0 |-> ##[0:100] oddInversions==0);
85 |   //#PASS:
86 |   assert property (parity==0 |-> ##[0:100] parity==0);
87 |   */
88 | }
89 | 
90 | void main() {
91 |   _Bool clock;
92 |   unsigned char from;
93 |   unsigned char to;
94 |   initial_main();
95 |   //while(1) {
96 |     four_by_four(clock, from, to);
97 |   //}
98 | }
99 | 


--------------------------------------------------------------------------------
/safe/FourbyFour/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | --unwind 1
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/Makefile:
--------------------------------------------------------------------------------
 1 | default: tests.log
 2 | 
 3 | FLAGS = --verbosity 10 --acdl --decision ordered --learning first-uip --propagate chaotic --inline 
 4 | TIMEOUT=600
 5 | 
 6 | test:
 7 | 	@../test.pl -c "runsolver -C $(TIMEOUT) -d 1 -M 32768 /users/rajdeep/acdlp/2ls/src/2ls/2ls $(FLAGS)"
 8 | 
 9 | tests.log: ../test.pl
10 | 	@../test.pl -c "/users/rajdeep/git-acdlp/2ls/src/2ls/2ls $(FLAGS)"
11 | 
12 | show:
13 | 	@for dir in *; do \
14 | 		if [ -d "$$dir" ]; then \
15 | 			vim -o "$$dir/*.c" "$$dir/*.out"; \
16 | 		fi; \
17 | 	done;
18 | 
19 | clean:
20 | 	@rm -f *.log
21 | 	@for dir in *; do rm -f $$dir/*.out; done;
22 | 


--------------------------------------------------------------------------------
/safe/RCU/main.v:
--------------------------------------------------------------------------------
  1 | // Model for the RCU (read-copy update) mutual exclusion mechanism.
  2 | // Translated from the Promela model of Paul McKenney.
  3 | // This model assumes one update process.
  4 | 
  5 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
  6 | 
  7 | //typedef enum {L0, L1, L2, L3, L4, L5, L6, L7} locR;
  8 | //typedef enum {L0, L1, L2, L3, L4, L5, L6, L7, L8, L9, L10} locU;
  9 | 
 10 | // Modified by: Rajdeep Mukherjee <rajdeep.mukherjee@cs.ox.ac.uk>
 11 | module main(clock, select);
 12 | 				// 0 <= select < NRDR --> reader
 13 | 				// else		      --> update
 14 | 
 15 |     parameter		PASSES = 10;
 16 |     parameter 		NRDR = 4;	// number of reader processes
 17 |     parameter 		NRDR_ELEM = NRDR + NRDR;
 18 |     parameter 		SELMSB = 2;	// MSB for the select input
 19 | 					// must satisfy 2^(SELMSB+1) > NRDR
 20 | 
 21 | 
 22 |     parameter L0 = 0;
 23 |     parameter L1 = 1;
 24 |     parameter L2 = 2;
 25 |     parameter L3 = 3;
 26 |     parameter L4 = 4;
 27 |     parameter L5 = 5;
 28 |     parameter L6 = 6;
 29 |     parameter L7 = 7;
 30 |     parameter L8 = 8;
 31 |     parameter L9 = 9;
 32 |     parameter L10 = 10;
 33 | 
 34 |     input		clock;
 35 |     input [SELMSB:0] 	select; // nondeterministic scheduler
 36 |     reg 		flip;
 37 |     reg 		ctr[0:NRDR_ELEM-1];
 38 |     reg [7:0] 		passctr;
 39 |     // latched version of select, to which we can refer in properties
 40 |     reg [SELMSB:0] 	self;
 41 |     // local variables for the reader processes
 42 |     reg	[2:0]	pc [0:NRDR-1];
 43 |     reg 		lclFlip [0:NRDR-1];
 44 |     reg 		both [0:NRDR-1];
 45 |     // local variables for the update process
 46 |     reg	[3:0]	pcu;
 47 |     reg [7:0] 		lclPassctr;
 48 |     reg [SELMSB:0] 	cpunum;
 49 | 
 50 |     integer 		i;
 51 | 
 52 |     initial begin
 53 | 	flip = 0;
 54 | 	passctr = 0;
 55 | 	cpunum = 0;
 56 | 	for (i = 0; i < NRDR_ELEM; i = i + 1)
 57 | 	  ctr[i] = 0;
 58 | 	for (i = 0; i < NRDR; i = i + 1) begin
 59 | 	    lclFlip[i] = 0;
 60 | 	    both[i] = 0;
 61 | 	    pc[i] = L0;
 62 | 	end
 63 | 	pcu = L0;
 64 | 	self = 0;
 65 | 	lclPassctr = 0;
 66 |     end
 67 | 
 68 |     always @ (posedge clock) begin
 69 | 	self = select;
 70 | 	if (self >= NRDR) begin
 71 | 	    // upd process
 72 | 	    case (pcu)
 73 | 	      L0: if (passctr < PASSES) begin
 74 | 		  lclPassctr = passctr;
 75 | 		  pcu = L1;
 76 | 	      end
 77 | 	      L1: begin
 78 | 		  if (~lclPassctr[0])
 79 | 		    lclPassctr = 255;
 80 | 		  pcu = L2;
 81 | 	      end
 82 | 	      L2: begin
 83 | 		  cpunum = 0;
 84 | 		  pcu = L3;
 85 | 	      end
 86 | 	      L3: if (cpunum < NRDR)
 87 | 		pcu = L4;
 88 | 	      else
 89 | 		pcu = L6;
 90 | 	      L4: if (ctr[{cpunum,~flip}] == 0)
 91 | 		pcu = L5;
 92 | 	      L5: begin
 93 | 		  cpunum = cpunum + 1;
 94 | 		  pcu = L3;
 95 | 	      end
 96 | 	      L6: begin
 97 | 		  flip = ~flip;
 98 | 		  pcu = L7;
 99 | 	      end
100 | 	      L7: begin
101 | 		  cpunum = 0;
102 | 		  pcu = L8;
103 | 	      end
104 | 	      L8: if (cpunum < NRDR)
105 | 		pcu = L9;
106 | 	      else
107 | 		pcu = L0;
108 | 	      L9: if (ctr[{cpunum,~flip}] == 0)
109 | 		pcu = L10;
110 | 	      L10: begin
111 | 		  cpunum = cpunum + 1;
112 | 		  pcu = L8;
113 | 	      end
114 | 	    endcase
115 | 	end else begin
116 | 	    // rdr process
117 | 	    case (pc[self])
118 | 	      L0: if (passctr < PASSES) begin
119 | 		  lclFlip[self] = flip;
120 | 		  pc[self] = L1;
121 | 	      end
122 | 	      L1: begin
123 | 		  ctr[{self,lclFlip[self]}] = ~ctr[{self,lclFlip[self]}];
124 | 		  pc[self] = L2;
125 | 	      end
126 | 	      L2: if (lclFlip[self] == flip) begin
127 | 		  both[self] = 0;
128 | 		  pc[self] = L4;
129 | 	      end else begin
130 | 		  ctr[{self,~lclFlip[self]}] = ~ctr[{self,~lclFlip[self]}];
131 | 		  pc[self] = L3;
132 | 	      end
133 | 	      L3: begin
134 | 		  both[self] = 1;
135 | 		  pc[self] = L4;
136 | 	      end
137 | 	      L4: begin
138 | 		  passctr = passctr + 1;
139 | 		  pc[self] = L5;
140 | 	      end
141 | 	      L5: begin
142 | 		  passctr = passctr + 1;
143 | 		  pc[self] = L6;
144 | 	      end
145 | 	      L6: begin
146 | 		  ctr[{self,lclFlip[self]}] = ~ctr[{self,lclFlip[self]}];
147 | 		  pc[self] = L7;
148 | 	      end
149 | 	      L7: begin
150 | 		  if (both[self])
151 | 		   ctr[{self,~lclFlip[self]}] = ~ctr[{self,~lclFlip[self]}];
152 | 		  pc[self] = L0;
153 | 	      end
154 | 	    endcase
155 | 	end
156 |     end
157 | 
158 | // Safety Invariant
159 | assert property1: (!(pcu==L8 && cpunum[2:0]==4)) || (!(lclPassctr[7:0] == passctr[7:0]));
160 | assert property2: (lclPassctr[7:4]==0 || lclPassctr[7:4] == 15);
161 | //assert property3: (passctr[7:4]==0);
162 | endmodule // rcu
163 | 


--------------------------------------------------------------------------------
/safe/RCU/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | 
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/Rrobin/main.c:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #define TRUE 1
 3 | #define FALSE 0
 4 | 
 5 | struct state_elements_main {
 6 |   _Bool ack0;
 7 |   _Bool ack1;
 8 |   _Bool req0;
 9 |   _Bool req1;
10 |   _Bool robin;
11 | };
12 | struct state_elements_main  smain;
13 | 
14 | void rrobin(_Bool clock, _Bool ir0, _Bool ir1, _Bool *ack0, _Bool *ack1)
15 | {
16 |   if(!smain.req0)
17 |     smain.ack0 = FALSE;
18 |   else if(!smain.req1)
19 |     smain.ack0 = TRUE;
20 |   else if(!smain.ack0 && !smain.ack1)
21 |     smain.ack0 = !smain.robin;
22 |   else
23 |     smain.ack0 = !smain.ack0;
24 |   
25 |   if(!smain.req1)
26 |     smain.ack1 = FALSE;
27 |   else if(!smain.req0)
28 |     smain.ack1 = TRUE;
29 |   else if(!smain.ack0 && !smain.ack1)
30 |     smain.ack1 = smain.robin;
31 |   else
32 |     smain.ack1 = !smain.ack1;
33 | 
34 |   if(smain.req0 && smain.req1 && !smain.ack0 && !smain.ack1)
35 |     smain.robin = !smain.robin;
36 | 
37 |   smain.req0 = ir0;
38 |   smain.req1 = ir1;
39 | 
40 |   // update the acknowledgement
41 |   *ack0 = smain.ack0;
42 |   *ack1 = smain.ack1;
43 | }
44 | 
45 | void initial_main(_Bool ir0, _Bool ir1) {
46 |   smain.ack0 = FALSE;
47 |   smain.ack1 = FALSE;
48 |   smain.robin = FALSE;
49 |   smain.req0 = ir0;
50 |   smain.req1 = ir1;
51 | }
52 | 
53 | void main() {
54 |   _Bool clock;
55 |   _Bool ir0;
56 |   _Bool ir1;
57 |   _Bool ack0;
58 |   _Bool ack1;
59 |   _Bool clock;
60 |   _Bool ir0;
61 |   _Bool ir1;
62 |   _Bool ack0;
63 |   _Bool ack1;
64 |   initial_main(ir0, ir1);
65 |   //while(1) {
66 |     // All property passes
67 |     /*if(smain.req0==0 && smain.req1==0)
68 |     {
69 |       rrobin(clock, ir0, ir1, &ack0, &ack1);
70 |       assert(ack0==0 && ack1==0);
71 |     }
72 |     if(smain.req0==1 && smain.req1==0) { 
73 |       rrobin(clock, ir0, ir1, &ack0, &ack1);
74 |       assert(ack0==1);
75 |     }
76 |     if(smain.req0==0 && smain.req1==1) {
77 |       rrobin(clock, ir0, ir1, &ack0, &ack1);
78 |       assert(ack1==1);
79 |     }
80 |     if(smain.req0==1 && smain.ack1==1) {
81 |       rrobin(clock, ir0, ir1, &ack0, &ack1);
82 |       assert(ack0==1);
83 |     }*/
84 |     if(smain.req1==1 && smain.ack0==1) {
85 |       rrobin(clock, ir0, ir1, &ack0, &ack1);
86 |       assert(ack1==1);
87 |     }
88 |   //}
89 | }
90 | 


--------------------------------------------------------------------------------
/safe/Rrobin/main.sv:
--------------------------------------------------------------------------------
 1 | // Verilog model for the round-robin arbiter described in
 2 | // the CHARME99 paper by Katz, Grumberg, and Geist.
 3 | 
 4 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
 5 | 
 6 | module main(clock,ir0,ir1,ack0,ack1);
 7 |     input  clock;
 8 |     input  ir0, ir1;
 9 |     output ack0, ack1;
10 | 
11 |     reg    req0, req1, ack0, ack1, robin;
12 | 
13 |     initial begin
14 | 	ack0 = 0; ack1 = 0; robin = 0;
15 | 	req0 = ir0; req1 = ir1;	// nondeterministic initial requests
16 |     end
17 | 
18 |     always @ (posedge clock) begin
19 | 	if (~req0)
20 | 	  ack0 = 0;		// no request -> no ack
21 | 	else if (~req1)
22 | 	  ack0 = 1;		// a single request
23 | 	else if (~ack0 & ~ack1)
24 | 	  ack0 = ~robin;	// simultaneous request assertions
25 | 	else
26 | 	  ack0 = ~ack0;		// both requesting: toggle ack
27 |     end
28 | 
29 |     always @ (posedge clock) begin
30 | 	if (~req1)
31 | 	  ack1 = 0;		// no request -> no ack
32 | 	else if (~req0)
33 | 	  ack1 = 1;		// a single request
34 | 	else if (~ack0 & ~ack1)
35 | 	  ack1 = robin;		// simultaneous request assertions
36 | 	else
37 | 	  ack1 = ~ack1;		// both requesting: toggle ack
38 |     end
39 | 
40 |     always @ (posedge clock) begin
41 | 	if (req0 & req1 & ~ack0 & ~ack1)
42 | 	  robin = ~robin;	// simultaneous request assertions
43 |     end
44 | 
45 |     // Latched inputs.
46 |     always @ (posedge clock) begin
47 | 	req0 = ir0;
48 | 	req1 = ir1;
49 |     end
50 | 
51 |   // Mutual exclusion.
52 |   assert property1: (ack0==0 || ack1==0);
53 |   assert property (req0==0 && req1==0 |-> ##1 (ack0==0 && ack1==0));
54 |   assert property (req0==1 && req1==0 |-> ##1 ack0==1);
55 |   assert property (req0==0 && req1==1 |-> ##1 ack1==1);
56 |   assert property (req0==1 && ack1==1 |-> ##1 ack0==1);
57 |   assert property (req1==1 && ack0==1 |-> ##1 ack1==1);
58 |   
59 | endmodule // rrobin
60 | 


--------------------------------------------------------------------------------
/safe/Rrobin/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | --unwind 1
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/Spinner/main.c:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #include <assert.h>
 3 | 
 4 | struct state_elements_main{
 5 |   unsigned int inr;
 6 |   _Bool spl;
 7 |   unsigned int dout;
 8 | };
 9 | struct state_elements_main  smain;
10 | 
11 | void spinner(_Bool clock, _Bool spin, unsigned char amount, unsigned int din, unsigned int *dout)
12 | {
13 |   unsigned int tmp0;
14 |   unsigned int tmp1;
15 |   unsigned int tmp2;
16 |   unsigned int tmp3;
17 |   unsigned int tmp4;
18 |   unsigned int tmp5;
19 |   
20 |   tmp0 = smain.inr;
21 |   tmp1 = ((amount & 0x1) ? ((tmp0 >> 1) & 2147483647) : (tmp0 & 2147483647)) | ((tmp1 >> 31)<<31);
22 |   tmp1 = (tmp1 & 0x7FFFFFFF) | (((amount&0x1) ? (tmp0&0x1) : ((tmp0>>31) & 1)) << 31);
23 |   
24 |   tmp2 = (((amount>>1) & 0x1) ? ((tmp1 >> 2) & 1073741823) : (tmp1 & 1073741823)) | ((tmp2 >> 30)<<30);
25 |   tmp2 = (((((amount>>1) & 0x1) ? (tmp1 & 0x3) : ((tmp1>>30) & 0x3))&0x00000003)<<30) | tmp2&0x3FFFFFFF;
26 |     
27 |   tmp3 = (((amount>>2) & 0x1) ? ((tmp2 >> 4) & 0xFFFFFFF) : (tmp2 & 0xFFFFFFF)) | ((tmp3 >> 28)<<28);
28 |   tmp3 = (((((amount>>2) & 0x1) ? (tmp2 & 0xF) : ((tmp2>>28) & 0xF))&0x0000000F)<<28) | tmp3&0x0FFFFFFF;
29 |   
30 |   tmp4 = (((amount>>3) & 0x1) ? ((tmp3 >> 8) & 0x0FFFFFF) : (tmp3 & 0x0FFFFFF)) | ((tmp4 >> 24)<<24);
31 |   tmp4 = (((((amount>>3) & 0x1) ? (tmp3 & 0xFF) : ((tmp3>>24) & 0xFF))&0x000000FF)<<24) | tmp3&0x00FFFFFF;
32 | 
33 |   
34 |   tmp5 = (((amount>>4) & 0x1) ? ((tmp4 >> 16) & 0xFFFF) : (tmp4 & 0xFFFF)) | ((tmp4 >> 16)<<16);
35 |   tmp5 = (((((amount>>4) & 0x1) ? (tmp4 & 0xFFFF) : ((tmp4>>16) & 0xFFFF))&0x0000FFFF)<<16) | tmp4&0x0000FFFF;
36 |   
37 |   if(smain.spl)
38 |     smain.inr = smain.dout;
39 |   else
40 |     smain.inr = din;
41 | 
42 |   smain.dout = tmp5;
43 |   smain.spl = spin;
44 | 
45 |   // pass the output 
46 |   *dout = smain.dout;
47 |     
48 |   // PASS
49 |   assert(!((smain.inr&0xFFFFFFFF!=0) && (smain.dout&0xFFFFFFFF!=0)) || (smain.spl==0 || smain.inr&0xFFFFFFFF!=0));
50 |   // PASS
51 |   //assert(!(inr[31:0]==0 && dout[31:0]==0) ||  (spl==0 || inr[31:0]==0));
52 |   assert(!((smain.inr&0xFFFFFFFF==0) && (smain.dout&0xFFFFFFFF==0)) || (smain.spl==0 || smain.inr&0xFFFFFFFF==0));
53 | }
54 | 
55 | void main() {
56 |   _Bool clock;
57 |   _Bool spin;
58 |   unsigned char amount;
59 |   unsigned int din;
60 |   unsigned int dout;
61 |   while(1) {
62 |     spinner(clock, spin, amount, din, &dout);
63 |   }
64 | }
65 | 


--------------------------------------------------------------------------------
/safe/Spinner/main.sv:
--------------------------------------------------------------------------------
 1 | // Spinner.
 2 | //
 3 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
 4 | 
 5 | 
 6 | module main(clock,spin,amount,din,dout);
 7 |     input	      clock;
 8 |     input 	      spin;
 9 |     input [4:0]       amount;
10 |     input [31:0]      din;
11 |     output [31:0]     dout;
12 | 
13 |     reg [31:0] 	      dout;
14 |     reg [31:0] 	      inr;
15 |     reg 	      spl;
16 | 
17 |     wire [31:0]       tmp0;
18 |     wire [31:0]       tmp1;
19 |     wire [31:0]       tmp2;
20 |     wire [31:0]       tmp3;
21 |     wire [31:0]       tmp4;
22 |     wire [31:0]       tmp5;
23 | 
24 |   initial begin
25 | 	dout = 0;
26 | 	inr = 0;
27 | 	spl = 0;
28 |   end
29 |   
30 |     assign tmp0 = inr;
31 |     assign tmp1[30:0] = amount[0] ?  tmp0[31:1] : tmp0[30:0];
32 |     assign tmp1[31] = amount[0] ?  tmp0[0] : tmp0[31];
33 |     assign tmp2[29:0] = amount[1] ?  tmp1[31:2] : tmp1[29:0];
34 |     assign tmp2[31:30] = amount[1] ?  tmp1[1:0] : tmp1[31:30];
35 |     
36 |     assign tmp3[27:0] = amount[2] ?  tmp2[31:4] : tmp2[27:0];
37 |     assign tmp3[31:28] = amount[2] ?  tmp2[3:0] : tmp2[31:28];
38 |     
39 |     assign tmp4[23:0] = amount[3] ?  tmp3[31:8] : tmp3[23:0];
40 |     assign tmp4[31:24] = amount[3] ?  tmp3[7:0] : tmp3[31:24];
41 |     
42 |     assign tmp5[15:0] = amount[4] ?  tmp4[31:16] : tmp4[15:0];
43 |     assign tmp5[31:16] = amount[4] ?  tmp4[15:0] : tmp4[31:16];
44 | 
45 |     always @ (posedge clock) begin
46 | 	if (spl)
47 | 	  inr = dout;
48 | 	else
49 | 	  inr = din;
50 | 	dout = tmp5;
51 | 	spl = spin;
52 |     end // always @ (posedge clock)
53 | 
54 | //assert property (!inr[31:0]==0 && !dout[31:0]==0 |-> ##[0:100] spl==0 || !inr[31:0]==0);
55 | //assert property (inr[31:0]==0 && dout[31:0]==0 |-> ##[0:100] spl==0 || inr[31:0]==0);
56 | assert property (!(!inr[31:0]==0 && !dout[31:0]==0) || (spl==0 || !inr[31:0]==0));
57 | assert property (!(inr[31:0]==0 && dout[31:0]==0) ||  (spl==0 || inr[31:0]==0));
58 | endmodule // rotate
59 | 


--------------------------------------------------------------------------------
/safe/Spinner/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | 
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/TicTacToe/main.c:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #define TRUE 1
 3 | #define FALSE 0
 4 | 
 5 | unsigned char nondet_uchar();
 6 | 
 7 | struct state_elements_main{
 8 |  unsigned char b[9];
 9 |  unsigned char turn;
10 |  unsigned char move;
11 | };
12 | struct state_elements_main  smain;
13 | 
14 | int EMPTY = 0;
15 | int X = 1;
16 | int O = 2;
17 | 
18 | void initial() {
19 |   int i;
20 |   for(i = 0; i < 9; i = i + 1)
21 |     smain.b[i] = EMPTY;
22 |   smain.turn = X;
23 |   smain.move = 0;
24 | }
25 | 
26 | void tictactoe(_Bool clock, unsigned char imove, _Bool *winX, _Bool *winO, _Bool *finished)
27 | {
28 |   smain.move = imove < 9 ? imove : 0;
29 |   if(!finished && smain.b[smain.move] == EMPTY)
30 |   {
31 |     smain.b[smain.move] = smain.turn;
32 |     smain.turn = (unsigned int)smain.turn == X ? (unsigned char)O : (unsigned char)X;
33 |   }
34 | 
35 |   *winX = (unsigned int)smain.b[0] == X && ((unsigned int)smain.b[1] == X && (unsigned int)smain.b[2] == X || (unsigned int)smain.b[3] == X && (unsigned int)smain.b[6] == X) || (unsigned int)smain.b[8] == X && ((unsigned int)smain.b[7] == X && (unsigned int)smain.b[6] == X || (unsigned int)smain.b[5] == X && (unsigned int)smain.b[2] == X) || (unsigned int)smain.b[4] == X && ((unsigned int)smain.b[0] == X && (unsigned int)smain.b[8] == X || (unsigned int)smain.b[2] == X && (unsigned int)smain.b[6] == X || (unsigned int)smain.b[1] == X && (unsigned int)smain.b[7] == X || (unsigned int)smain.b[3] == X && (unsigned int)smain.b[5] == X);
36 |   
37 |   *winO = (unsigned int)smain.b[0] == O && ((unsigned int)smain.b[1] == O && (unsigned int)smain.b[2] == O || (unsigned int)smain.b[3] == O && (unsigned int)smain.b[6] == O) || (unsigned int)smain.b[8] == O && ((unsigned int)smain.b[7] == O && (unsigned int)smain.b[6] == O || (unsigned int)smain.b[5] == O && (unsigned int)smain.b[2] == O) || (unsigned int)smain.b[4] == O && ((unsigned int)smain.b[0] == O && (unsigned int)smain.b[8] == O || (unsigned int)smain.b[2] == O && (unsigned int)smain.b[6] == O || (unsigned int)smain.b[1] == O && (unsigned int)smain.b[7] == O || (unsigned int)smain.b[3] == O && (unsigned int)smain.b[5] == O);
38 |   
39 |   *finished = *winX || *winO || (unsigned int)smain.b[0] != EMPTY && (unsigned int)smain.b[1] != EMPTY && (unsigned int)smain.b[2] != EMPTY && (unsigned int)smain.b[3] != EMPTY && (unsigned int)smain.b[4] != EMPTY && (unsigned int)smain.b[5] != EMPTY && (unsigned int)smain.b[6] != EMPTY && (unsigned int)smain.b[7] != EMPTY && (unsigned int)smain.b[8] != EMPTY;
40 | 
41 | }
42 | 
43 | void main() {
44 |   _Bool clock;
45 |   unsigned char imove;
46 |   _Bool winX;
47 |   _Bool winO;
48 |   _Bool finished;
49 |   initial();
50 |   //while(1) {
51 |     imove = nondet_uchar();
52 |     tictactoe(clock, imove, &winX, &winO, &finished);
53 |   
54 |    /*
55 |    assert((((smain.move >> 3)&1)==0) || ((smain.move&3)==0));
56 |    assert(!(winX==1 && winO==1));
57 |    assert(!(smain.b[0]==X && smain.b[1]==X && smain.b[2]==X) || (winX==1)); // top row
58 |    assert(!(smain.b[0]==O && smain.b[1]==O && smain.b[2]==O) || (winO==1));
59 |    assert(!(smain.b[3]==X && smain.b[4]==X && smain.b[5]==X) || (winX==1)); // middle row
60 |    assert(!(smain.b[3]==O && smain.b[4]==O && smain.b[5]==O) || (winO==1)); 
61 |    assert(!(smain.b[6]==X && smain.b[7]==X && smain.b[8]==X) || (winX==1)); // bottom row
62 |    */
63 |    
64 |    assert(!(smain.b[6]==O && smain.b[7]==O && smain.b[8]==O) || (winO==1)); 
65 |   //}
66 | }
67 | 


--------------------------------------------------------------------------------
/safe/TicTacToe/main.sv:
--------------------------------------------------------------------------------
 1 | // This model of a tic-tac-toe player accepts moves on input "imove," and,
 2 | // if they are legal, executes them.  A move is legal if it specifies an empty
 3 | // cell of the game board.  There are two players, X and O.  Initially, X
 4 | // moves.Every time a legal move is executed, the turn passes to the other
 5 | // player.  Once the game is finished, either with a win ora tie, no further
 6 | // moves are allowed.
 7 | //
 8 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
 9 | // Modified by: Rajdeep Mukherjee <rajdeep.mukherjee@cs.ox.ac.uk>
10 | 
11 | //typedef enum {EMPTY, X, O} content;
12 | 
13 | module main(clock,imove,winX,winO,finished);
14 |     input       clock;
15 |     input [3:0] imove;
16 |     output 	winX, winO, finished;
17 | 
18 |     //                  0 | 1 | 2
19 |     //                 ---+---+---
20 |     // The game board:  3 | 4 | 5
21 |     //                 ---+---+---
22 |     //                  6 | 7 | 8
23 | 
24 |     parameter EMPTY = 0;
25 |     parameter X = 1;
26 |     parameter O = 2;
27 | 
28 |     reg [1:0] b[0:8];
29 |     reg [1:0] turn;
30 |     reg [3:0]	move;
31 |     integer 	i;
32 | 
33 |     initial begin
34 | 	for (i = 0; i < 9; i = i + 1)
35 | 	  b[i] = EMPTY;
36 | 	turn = X;
37 | 	move = 0;
38 |     end
39 | 
40 |     always @ (posedge clock) begin
41 | 	move = (imove < 9) ? imove : 0;
42 | 	if (!finished && b[move] == EMPTY) begin
43 | 	    b[move] = turn;
44 | 	    turn = (turn == X) ? 0 : X;
45 | 	end
46 |     end
47 | 
48 |     assign winX = b[0]==X & (b[1]==X & b[2]==X | b[3]==X & b[6]==X) |
49 | 	   b[8]==X & (b[7]==X & b[6]==X | b[5]==X & b[2]==X) |
50 | 	   b[4]==X & (b[0]==X & b[8]==X | b[2]==X & b[6]==X |
51 | 		      b[1]==X & b[7]==X | b[3]==X & b[5]==X);
52 | 
53 |     assign winO = b[0]==O & (b[1]==O & b[2]==O | b[3]==O & b[6]==O) |
54 | 	   b[8]==O & (b[7]==O & b[6]==O | b[5]==O & b[2]==O) |
55 | 	   b[4]==O & (b[0]==O & b[8]==O | b[2]==O & b[6]==O |
56 | 		      b[1]==O & b[7]==O | b[3]==O & b[5]==O);
57 | 
58 |     assign finished = winX | winO |
59 | 	   b[0]!=EMPTY & b[1]!=EMPTY & b[2]!=EMPTY &
60 | 	   b[3]!=EMPTY & b[4]!=EMPTY & b[5]!=EMPTY &
61 | 	   b[6]!=EMPTY & b[7]!=EMPTY & b[8]!=EMPTY;
62 | 
63 | assert property ((move[3]==0) || (move[2:0]==0));
64 | assert property (!(winX==1 && winO==1));
65 | assert property (!(b[0]==X && b[1]==X && b[2]==X) || (winX==1)); // top row
66 | assert property (!(b[0]==O && b[1]==O && b[2]==O) || (winO==1));
67 | assert property (!(b[3]==X && b[4]==X && b[5]==X) || (winX==1)); // middle row
68 | assert property (!(b[3]==O && b[4]==O && b[5]==O) || (winO==1)); 
69 | assert property (!(b[6]==X && b[7]==X && b[8]==X) || (winX==1)); // bottom row
70 | assert property (!(b[6]==O && b[7]==O && b[8]==O) || (winO==1)); 
71 |  
72 | endmodule // ticTacToe
73 | 


--------------------------------------------------------------------------------
/safe/TicTacToe/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | 
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/TreeArb/main.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <assert.h>
  3 | #define TRUE 1
  4 | #define FALSE 0
  5 | 
  6 | int I1 = 0;
  7 | int I2 = 1;
  8 | int R1 = 2;
  9 | int R2 = 3;
 10 | int A1 = 4;
 11 | int A2 = 5;
 12 | 
 13 | struct state_elements_cell{
 14 |   _Bool state;
 15 | };
 16 | 
 17 | void initial_cell(struct state_elements_cell *scell)
 18 | {
 19 |    scell->state=I1;
 20 | }
 21 | 
 22 | void cell(struct state_elements_cell *scell, _Bool clk, _Bool ack0, _Bool req1, _Bool req2, _Bool *req0, _Bool *ack1, _Bool *ack2)
 23 | {
 24 |   if(scell->state == I1) {
 25 |    if(req1)
 26 |      scell->state = R1;
 27 |    else if(req2)
 28 |      scell->state = R2;
 29 |   }
 30 |   else if(scell->state == R1) {
 31 |    if(ack0)
 32 |      scell->state = A1;
 33 |   }
 34 |   else if(scell->state == A1) {
 35 |    if(!req1)
 36 |      scell->state = I2;
 37 |   }
 38 |   else if(scell->state == I2) {
 39 |     if(req2)
 40 |       scell->state = R2;
 41 |     else if(req1)
 42 |       scell->state = R1;
 43 |   }
 44 |   else if(scell->state == R2) {
 45 |     if(ack0)
 46 |       scell->state = A2;
 47 |   }
 48 |   else if(scell->state == A2) {
 49 |     if(!req2)
 50 |       scell->state = I1;
 51 |   }
 52 | 
 53 |   *req0 = (scell->state == R1) || (scell->state == R2) || (scell->state == A1) || (scell->state == A2);
 54 |   *ack1 = (scell->state == A1);
 55 |   *ack2 = (scell->state == A2);
 56 | }
 57 | 
 58 | struct state_elements_proc{
 59 |   _Bool state;
 60 | };
 61 | 
 62 | void initial_proc(struct state_elements_cell *sproc)
 63 | {
 64 |    sproc->state=0;
 65 | }
 66 | 
 67 | void proc(struct state_elements_proc *sproc, _Bool clk, _Bool ack, _Bool choice, _Bool *req)
 68 | {
 69 |   int idle = 0;
 70 |   int requesting = 1;
 71 |   int locking = 2;
 72 |   if(sproc->state == idle) {
 73 |    if(choice)
 74 |      sproc->state = requesting;
 75 |   }
 76 |   else if(sproc->state == requesting) {
 77 |     if(ack)
 78 |       sproc->state = locking;
 79 |   }
 80 |   else if(sproc->state == locking) {
 81 |     if(choice)
 82 |       sproc->state = idle;
 83 |   }
 84 | 
 85 |   *req = (sproc->state == requesting) || (sproc->state == locking);
 86 | }
 87 | 
 88 | void main()
 89 | {
 90 |   _Bool clk;
 91 |   _Bool a3;
 92 |   _Bool a2[2];
 93 |   _Bool a1[4];
 94 |   _Bool a0[8];
 95 |   _Bool r3;
 96 |   _Bool r2[2];
 97 |   _Bool r1[4];
 98 |   _Bool r0[8];
 99 |   _Bool choice[8];
100 |   
101 |   
102 |   struct state_elements_cell c0; 
103 |   struct state_elements_cell c1; 
104 |   struct state_elements_cell c2; 
105 |   struct state_elements_cell c3; 
106 |   struct state_elements_cell c4; 
107 |   struct state_elements_cell c5; 
108 |   struct state_elements_cell c10; 
109 |  
110 |   initial_cell(&c10);
111 |   initial_cell(&c0);
112 |   initial_cell(&c1);
113 |   initial_cell(&c2);
114 |   initial_cell(&c3);
115 |   initial_cell(&c4);
116 |   initial_cell(&c5);
117 | 
118 |   cell(&c10, clk, r2[0], r2[1], a2[0], &a2[1], &r3, &a3);
119 |   a3 = r3;
120 |   cell(&c0, clk, r1[0], r1[1], a1[0], &a1[1], &r2[0], &a2[0]);
121 |   cell(&c1, clk, r1[2], r1[3], a1[2], &a1[3], &r2[1], &a2[1]);
122 |   cell(&c2, clk, r0[0], r0[1], a0[0], &a0[1], &r1[0], &a1[0]);
123 |   cell(&c3, clk, r0[2], r0[3], a0[2], &a0[3], &r1[1], &a1[1]);
124 |   cell(&c4, clk, r0[4], r0[5], a0[4], &a0[5], &r1[2], &a1[2]);
125 |   cell(&c5, clk, r0[6], r0[7], a0[6], &a0[7], &r1[3], &a1[3]);
126 |   
127 |   struct state_elements_proc p0;
128 |   struct state_elements_proc p1;
129 |   struct state_elements_proc p2;
130 |   struct state_elements_proc p3;
131 |   struct state_elements_proc p4;
132 |   struct state_elements_proc p5;
133 |   struct state_elements_proc p6;
134 |   struct state_elements_proc p7;
135 |  
136 |   initial_proc(&p0);
137 |   initial_proc(&p1);
138 |   initial_proc(&p2);
139 |   initial_proc(&p3);
140 |   initial_proc(&p4);
141 |   initial_proc(&p5);
142 |   initial_proc(&p6);
143 |   initial_proc(&p7);
144 |   
145 |   proc(&p0, clk, a0[0], r0[0], &choice[0]);
146 |   proc(&p1, clk, a0[1], r0[1], &choice[1]);
147 |   proc(&p2, clk, a0[2], r0[2], &choice[2]);
148 |   proc(&p3, clk, a0[3], r0[3], &choice[3]);
149 |   proc(&p4, clk, a0[4], r0[4], &choice[4]);
150 |   proc(&p5, clk, a0[5], r0[5], &choice[5]);
151 |   proc(&p6, clk, a0[6], r0[6], &choice[6]);
152 |   proc(&p7, clk, a0[7], r0[7], &choice[7]);
153 |   
154 |   assert(!((p0.state==2 || p1.state==2 || p2.state==2 || p3.state==2) &&
155 |  (p4.state==2 || p5.state==2 || p6.state==2 || p7.state==2) ||
156 |  (p0.state==2 || p1.state==2 || p4.state==2 || p5.state==2) &&
157 |  (p2.state==2 || p3.state==2 || p6.state==2 || p7.state==2) ||
158 |  (p0.state==2 || p2.state==2 || p4.state==2 || p6.state==2) &&
159 |  (p1.state==2 || p3.state==2 || p5.state==2 || p7.state==2)));
160 | }
161 | 


--------------------------------------------------------------------------------
/safe/TreeArb/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | 
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/Vending/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | 
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/Vlunc/main.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <assert.h>
  3 | #define TRUE 1
  4 | #define FALSE 0
  5 | 
  6 | struct state_elements_control {
  7 |   unsigned char prev;
  8 |   _Bool		Lcmd;
  9 |   _Bool		Ucmd;
 10 |   _Bool		Ncmd;
 11 |   _Bool 	Ccmd;
 12 | };
 13 | struct state_elements_control scontrol; 
 14 | 
 15 | void initial_control() 
 16 | {
 17 |   scontrol.Lcmd = 0;
 18 |   scontrol.Ucmd = 0;
 19 |   scontrol.Ncmd = 1;
 20 |   scontrol.Ccmd = 0;
 21 |   scontrol.prev = 0;
 22 | }    
 23 | 
 24 | void control(
 25 |     _Bool	clock,
 26 |     _Bool 	reset,
 27 |     unsigned char	in,
 28 |     _Bool	*Lcmd,
 29 |     _Bool	*Ucmd,
 30 |     _Bool	*Ncmd,
 31 |     _Bool	*Ccmd)
 32 | {
 33 | 
 34 |   _Bool	load;
 35 | 
 36 |   // clocked block
 37 |   if (reset)
 38 |     scontrol.prev = 0;
 39 |   else
 40 |     scontrol.prev = in;
 41 | 
 42 |   load = (scontrol.prev == 0x1b); // escape
 43 | 
 44 |   if (reset) {
 45 |     scontrol.Ncmd = 1;
 46 |     scontrol.Lcmd = 0; scontrol.Ucmd = 0; scontrol.Ccmd = 0;
 47 |   }
 48 |   else if (load) {
 49 |     switch (in) {
 50 |       case 0x4c: { // L
 51 |                    scontrol.Lcmd = 1; scontrol.Ucmd = 0; scontrol.Ncmd = 0; scontrol.Ccmd = 0;
 52 |                    break;
 53 |                  }
 54 |       case 0x55: { // U
 55 |                    scontrol.Lcmd = 0; scontrol.Ucmd = 1; scontrol.Ncmd = 0; scontrol.Ccmd = 0;
 56 |                    break;
 57 |                  }
 58 |       case 0x4e: { // N
 59 |                    scontrol.Lcmd = 0; scontrol.Ucmd = 0; scontrol.Ncmd = 1; scontrol.Ccmd = 0;
 60 |                    break;
 61 |                  }
 62 |       case 0x43: { // C
 63 |                    scontrol.Lcmd = 0; scontrol.Ucmd = 0; scontrol.Ncmd = 0; scontrol.Ccmd = 1;
 64 |                    break;
 65 |                  }
 66 |       default: {
 67 |                  scontrol.Lcmd = 0; scontrol.Ucmd = 0; scontrol.Ncmd = 0; scontrol.Ccmd = 0;
 68 |                  break;
 69 |                }
 70 |     }
 71 |   } // if (load)
 72 |   *Lcmd = scontrol.Lcmd;
 73 |   *Ucmd = scontrol.Ucmd;
 74 |   *Ncmd = scontrol.Ncmd;
 75 |   *Ccmd = scontrol.Ccmd;
 76 | 
 77 | } // control
 78 | 
 79 | // Utility functions
 80 | _Bool isUpper(
 81 | 	unsigned char   in)
 82 | {
 83 |   _Bool isupper;
 84 |   isupper = ~((in>>5)&1);
 85 |   return isupper;
 86 | }
 87 | 
 88 | unsigned char toLower(
 89 | 	unsigned char   in)
 90 | {
 91 |   unsigned char tolower;
 92 | 	if (isUpper(in))
 93 | 	    tolower = in + 0x20;
 94 | 	else
 95 | 	    tolower = in;
 96 |   return tolower;
 97 | }
 98 | 
 99 | unsigned char toUpper(
100 | 	unsigned char   in)
101 | {
102 | 	unsigned char toupper;
103 | 	if (!isUpper(in))
104 | 	    toupper = in - 0x20;
105 | 	else
106 | 	    toupper = in;
107 |   return toupper;
108 | }
109 | 
110 | unsigned char changeCase(
111 | 	unsigned char   in)
112 | {
113 | 	unsigned char changecase;
114 |   return changecase;
115 |   if (isUpper(in))
116 | 	    changecase = in + 0x20;
117 | 	else
118 | 	    changecase = in - 0x20;
119 |   return changecase;
120 | }    
121 | 
122 | void transform(
123 |     unsigned char in,
124 |     _Bool	 Lcmd,
125 |     _Bool	 Ucmd,
126 |     _Bool	 Ncmd,
127 |     _Bool	 Ccmd,
128 |     unsigned char *out)
129 | {
130 |     *out = Lcmd ? toLower(in) :
131 | 	   Ucmd ? toUpper(in) :
132 | 	   Ncmd ? in :
133 | 	   Ccmd ? changeCase(in) : 0x00;
134 | }
135 | 
136 | struct state_elements_main {
137 |   unsigned char regIn;
138 |   unsigned char dataOut;
139 | };
140 | struct state_elements_main smain; 
141 | 
142 | void initial() {
143 | 	smain.regIn = 0;
144 | 	smain.dataOut = 0;
145 | }
146 | 
147 | void vlunc(
148 |     _Bool	 clock,
149 |     _Bool 	 reset,
150 |     unsigned char	 dataIn,
151 |     unsigned char *dataOut)
152 | {
153 |     unsigned char transformed;
154 |     _Bool	 Lcmd, Ucmd, Ncmd, Ccmd;
155 |     
156 |     control(clock,reset,smain.regIn,&Lcmd,&Ucmd,&Ncmd,&Ccmd);
157 |     
158 |     transform(smain.regIn,Lcmd,Ucmd,Ncmd,Ccmd,&transformed);
159 |     
160 |     // clocked block
161 | 	if (reset) {
162 | 	    smain.dataOut = 0;
163 | 	    smain.regIn = 0;
164 |   } else {
165 | 	    smain.dataOut = transformed;
166 | 	    smain.regIn = dataIn;
167 |   } // else: !if(reset)
168 | 
169 |   *dataOut=smain.dataOut;
170 |   //#PASS: The command lines are 1-hot encoded.
171 |   assert(!(Lcmd==1 && Ucmd==1 || Lcmd==1 && Ccmd==1 || Lcmd==1 && Ncmd==1 || Ucmd==1 && Ccmd==1 || Ucmd==1 && Ncmd==1 || Ccmd==1 && Ncmd==1));
172 | }
173 | 
174 | void main()
175 | {
176 |   _Bool	 clock;
177 |    _Bool 	 reset;
178 |   unsigned char	 dataIn;
179 |   unsigned char dataOut;
180 |   initial();
181 |   initial_control();
182 |   while(1) 
183 |     vlunc(clock,reset,dataIn,&dataOut);
184 | }
185 | 
186 | 
187 | 
188 | 


--------------------------------------------------------------------------------
/safe/Vlunc/main.sv:
--------------------------------------------------------------------------------
  1 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
  2 | 
  3 | module main (clock,reset,dataIn,dataOut);
  4 |     input	 clock;
  5 |     inout 	 reset;
  6 |     input [7:0]	 dataIn;
  7 |     output [7:0] dataOut;
  8 |     reg [7:0]	 dataOut;
  9 |     
 10 |     reg [7:0]	 regIn;
 11 |     wire [7:0]	 transformed;
 12 |     wire 	 Lcmd, Ucmd, Ncmd, Ccmd;
 13 | 
 14 |     initial begin
 15 | 	regIn   = 0;
 16 | 	dataOut = 0;
 17 |     end
 18 |     
 19 |     control	c(clock,reset,regIn,Lcmd,Ucmd,Ncmd,Ccmd);
 20 |     
 21 |     transform	t(regIn,Lcmd,Ucmd,Ncmd,Ccmd,transformed);
 22 |     
 23 |     always @ (posedge clock) begin
 24 | 	if (reset) begin
 25 | 	    dataOut = 0;
 26 | 	    regIn = 0;
 27 | 	end else begin
 28 | 	    dataOut = transformed;
 29 | 	    regIn = dataIn;
 30 | 	end // else: !if(reset)
 31 |     end
 32 | 
 33 | //#PASS: The command lines are 1-hot encoded.
 34 | assert property (!(Lcmd==1 && Ucmd==1 || Lcmd==1 && Ccmd==1 || Lcmd==1 && Ncmd==1 || Ucmd==1 && Ccmd==1
 35 |    || Ucmd==1 && Ncmd==1 || Ccmd==1 && Ncmd==1));
 36 | /*#PASS: If the output is a lowercase character and Lcmd is asserted,
 37 | # then Lcmd must be deasserted or the output continues to be a lowercase
 38 | # character.*/
 39 | 
 40 | assert property ((Lcmd==1 && dataOut[5]==1) |-> ##1 (Lcmd==0)); // Fails at fourth cycle
 41 | 
 42 | endmodule // lunc
 43 | 
 44 | 
 45 | module control (clock,reset,in,Lcmd,Ucmd,Ncmd,Ccmd);
 46 |     input	clock;
 47 |     input 	reset;
 48 |     input [7:0]	in;
 49 |     output	Lcmd;
 50 |     output	Ucmd;
 51 |     output	Ncmd;
 52 |     output	Ccmd;
 53 | 
 54 |     reg		Lcmd;
 55 |     reg		Ucmd;
 56 |     reg		Ncmd;
 57 |     reg		Ccmd;
 58 | 
 59 |     wire	load;
 60 |     reg [7:0]	prev;
 61 | 
 62 |     initial begin
 63 | 	Lcmd = 0;
 64 | 	Ucmd = 0;
 65 | 	Ncmd = 1;
 66 | 	Ccmd = 0;
 67 | 	prev = 0;
 68 |     end // initial begin
 69 | 
 70 |     always @ (posedge clock)
 71 |       if (reset)
 72 | 	prev = 0;
 73 |       else
 74 | 	prev = in;
 75 |     
 76 |     assign load = (prev == 8'h1b); // escape
 77 | 
 78 |     always @ (posedge clock)
 79 |       if (reset) begin
 80 | 	  Ncmd = 1;
 81 | 	  Lcmd = 0; Ucmd = 0; Ccmd = 0;
 82 |       end
 83 |       else if (load) begin
 84 | 	  case (in)
 85 | 	    8'h4c: begin // L
 86 | 		Lcmd = 1; Ucmd = 0; Ncmd = 0; Ccmd = 0;
 87 | 	    end
 88 | 	    8'h55: begin // U
 89 | 		Lcmd = 0; Ucmd = 1; Ncmd = 0; Ccmd = 0;
 90 | 	    end
 91 | 	    8'h4e: begin // N
 92 | 		Lcmd = 0; Ucmd = 0; Ncmd = 1; Ccmd = 0;
 93 | 	    end
 94 | 	    8'h43: begin // C
 95 | 		Lcmd = 0; Ucmd = 0; Ncmd = 0; Ccmd = 1;
 96 | 	    end
 97 | 	    default: begin
 98 | 		Lcmd = 1'bx; Ucmd = 1'bx; Ncmd = 1'bx; Ccmd = 1'bx;
 99 | 	    end
100 | 	  endcase
101 |       end // if (load)
102 | 
103 | endmodule // control
104 | 
105 | 
106 | module transform (in,Lcmd,Ucmd,Ncmd,Ccmd,out);
107 |     input [7:0]	 in;
108 |     input	 Lcmd;
109 |     input	 Ucmd;
110 |     input	 Ncmd;
111 |     input	 Ccmd;
112 |     output [7:0] out;
113 | 
114 |     assign out = Lcmd ? toLower(in) :
115 | 	   Ucmd ? toUpper(in) :
116 | 	   Ncmd ? in :
117 | 	   Ccmd ? changeCase(in) : 8'hxx;
118 | 
119 |     function [7:0] toLower;
120 | 	input [7:0]   in;
121 |     begin: _toLower
122 | 	if (isUpper(in))
123 | 	    toLower = in + 8'h20;
124 | 	else
125 | 	    toLower = in;
126 |     end
127 |     endfunction // toLower
128 | 
129 |     function [7:0] toUpper;
130 | 	input [7:0]   in;
131 |     begin: _toUpper
132 | 	if (!isUpper(in))
133 | 	    toUpper = in - 8'h20;
134 | 	else
135 | 	    toUpper = in;
136 |     end
137 |     endfunction // toUpper
138 | 
139 |     function [7:0] changeCase;
140 | 	input [7:0]   in;
141 |     begin: _changeCase
142 | 	if (isUpper(in))
143 | 	    changeCase = in + 8'h20;
144 | 	else
145 | 	    changeCase = in - 8'h20;
146 |     end
147 |     endfunction // changeCase
148 | 
149 |     function isUpper;
150 | 	input [7:0]   in;
151 |     begin: _isUpper
152 | 	isUpper = ~in[5];
153 |     end
154 |     endfunction // isUpper
155 | 
156 | endmodule // transform
157 | 


--------------------------------------------------------------------------------
/safe/Vlunc/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | --unwind 1
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/Vsa16/stats.dat:
--------------------------------------------------------------------------------
 1 | ********************************
 2 | Printing ACDL Solver Statistics
 3 | ********************************
 4 | Decisions:: 0
 5 | Learning Iterations:: 0
 6 | Learnt clauses:: 0
 7 | Learnt literals:: 0
 8 | Propagation::2063
 9 | [alu16.assertion.1] assertion sa.Registers[0]==0: OK
10 | [alu16.assertion.2] assertion sa.Registers[0]==0: OK
11 | [alu16.assertion.3] assertion sa.Registers[0]==0: OK
12 | [alu16.assertion.4] assertion sa.Registers[0]==0: OK
13 | [alu16.assertion.5] assertion sa.Registers[0]==0: OK
14 | 
15 | ** 0 of 6 unknown
16 | ** 0 of 6 failed
17 | VERIFICATION SUCCESSFUL
18 | 
19 | real    443m43.605s
20 | user    434m48.634s
21 | sys     7m9.132s
22 | 
23 | CBMC with SAT Solver statistics
24 | ===============================
25 | Solving with MiniSAT 2.2.1 with simplifier
26 | 8356 variables, 22881 clauses
27 | SAT checker: instance is UNSATISFIABLE
28 | restarts              : 1
29 | conflicts             : 38          
30 | decisions             : 200         (0.00 % random)
31 | propagations          : 2390        
32 | conflict literals     : 172         8.99
33 | Runtime decision procedure: 0.04s
34 | 
35 | ** Results:
36 | [alu16.assertion.1] assertion sa.Registers[0]==0: SUCCESS
37 | 
38 | ** 0 of 1 failed (1 iteration)
39 | VERIFICATION SUCCESSFUL
40 | 


--------------------------------------------------------------------------------
/safe/Vsa16/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | 
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/b01/main.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <assert.h>
  3 | #define TRUE 1
  4 | #define FALSE 0
  5 | 
  6 | int a=0;
  7 | int b=1;
  8 | int c=2;
  9 | int e=3;
 10 | int f=4;
 11 | int g=5;
 12 | int wf0=6;
 13 | int wf1=7;
 14 | 
 15 | struct state_elements_main {
 16 |   _Bool OUTP, OVERFLW;
 17 |   unsigned char stato;
 18 | };
 19 | struct state_elements_main smain; 
 20 | 
 21 | void initial() {
 22 | 	smain.stato = a;
 23 | 	smain.OUTP = 0;
 24 | 	smain.OVERFLW = 0;
 25 | }
 26 | 
 27 | void b01(
 28 |   _Bool  LINE1, _Bool LINE2,
 29 |   _Bool *OUTP, _Bool *OVERFLW, 
 30 |   _Bool  clock)
 31 | {
 32 |   // clocked block
 33 |   switch(smain.stato) {
 34 |     case 0: {
 35 |               if (LINE1 & LINE2)
 36 |                 smain.stato = f;
 37 |               else
 38 |                 smain.stato = b;
 39 |               smain.OUTP = LINE1 ^ LINE2;
 40 |               smain.OVERFLW = 0;
 41 |               break;
 42 |             }
 43 |     case 3:{
 44 |               if (LINE1 & LINE2)
 45 |                 smain.stato = f;
 46 |               else
 47 |                 smain.stato = b;
 48 |               smain.OUTP = LINE1 ^ LINE2;
 49 |               smain.OVERFLW = 1;
 50 |               break;
 51 |             }
 52 |     case 1: {
 53 |               if (LINE1 & LINE2)
 54 |                 smain.stato = g;
 55 |               else 
 56 |                 smain.stato = c;
 57 |               smain.OUTP = LINE1 ^ LINE2;
 58 |               smain.OVERFLW = 0;
 59 |               break;
 60 |             }
 61 |     case 4: {
 62 |               if (LINE1 | LINE2)
 63 |                 smain.stato = g;
 64 |               else
 65 |                 smain.stato = c;
 66 |               smain.OUTP = ~(LINE1 ^ LINE2);
 67 |               smain.OVERFLW = 0;
 68 |               break;
 69 |             }
 70 |     case 2: {
 71 |               if (LINE1 & LINE2)
 72 |                 smain.stato = wf1;
 73 |               else
 74 |                 smain.stato = wf0;
 75 |               smain.OUTP = LINE1 ^ LINE2;
 76 |               smain.OVERFLW = 0;
 77 |               break;
 78 |             }
 79 |     case 5: {
 80 |               if (LINE1 | LINE2)
 81 |                 smain.stato = wf1;
 82 |               else
 83 |                 smain.stato = wf0;
 84 |               smain.OUTP = ~(LINE1 ^ LINE2);
 85 |               smain.OVERFLW = 0;
 86 |               break;
 87 |             }
 88 |     case 6: {
 89 |                 if (LINE1 & LINE2)
 90 |                   smain.stato = e;
 91 |                 else
 92 |                   smain.stato = a;
 93 |                 smain.OUTP = LINE1 ^ LINE2;
 94 |                 smain.OVERFLW = 0;
 95 |                 break;
 96 |               }
 97 |     case 7: {
 98 |                 if (LINE1 | LINE2)
 99 |                   smain.stato = e;
100 |                 else             
101 |                   smain.stato = a;
102 |                 smain.OUTP = ~(LINE1 ^ LINE2);
103 |                 smain.OVERFLW = 0;
104 |                 break;
105 |               }
106 |   }
107 |   *OUTP=smain.OUTP;
108 |   *OVERFLW=smain.OVERFLW;
109 | }
110 |  
111 | void main()
112 | {
113 |   _Bool  LINE1; _Bool LINE2;
114 |   _Bool OUTP; _Bool OVERFLW; 
115 |   _Bool  clock;
116 |  initial();
117 |  while(1) {
118 |    b01(LINE1,LINE2,&OUTP,&OVERFLW,clock);
119 |    if(smain.OVERFLW==1) {
120 |      b01(LINE1,LINE2,&OUTP,&OVERFLW,clock);
121 |      b01(LINE1,LINE2,&OUTP,&OVERFLW,clock);
122 |      assert(smain.OVERFLW==0);
123 |    }
124 |  }
125 | }
126 | 
127 | 
128 | 
129 | 


--------------------------------------------------------------------------------
/safe/b01/main.sv:
--------------------------------------------------------------------------------
  1 | // Verilog translation of the original b01 circuit from the ITC99
  2 | // benchmark set.
  3 | 
  4 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
  5 | 
  6 | module main(LINE1, LINE2, OUTP, OVERFLW, clock);
  7 |     input  LINE1, LINE2;
  8 |     output OUTP, OVERFLW;
  9 |     input  clock;
 10 | 
 11 |     reg    OUTP, OVERFLW;
 12 |     reg [2:0] stato;
 13 | 
 14 |     parameter a=0;
 15 |     parameter b=1;
 16 |     parameter c=2;
 17 |     parameter e=3;
 18 |     parameter f=4;
 19 |     parameter g=5;
 20 |     parameter wf0=6;
 21 |     parameter wf1=7;
 22 | 
 23 |   initial begin
 24 | 	stato = a;
 25 | 	OUTP = 0;
 26 | 	OVERFLW = 0;
 27 |   end
 28 | 
 29 |     always @ (posedge clock) begin
 30 | 	case (stato)
 31 | 	  a: begin
 32 | 	      if (LINE1 & LINE2)
 33 | 		stato = f;
 34 | 	      else
 35 | 		stato = b;
 36 | 	      OUTP = LINE1 ^ LINE2;
 37 | 	      OVERFLW = 0;
 38 | 	  end
 39 | 	  e: begin
 40 | 	      if (LINE1 & LINE2)
 41 | 		stato = f;
 42 | 	      else
 43 | 		stato = b;
 44 | 	      OUTP = LINE1 ^ LINE2;
 45 | 	      OVERFLW = 1;
 46 | 	  end
 47 |           b: begin
 48 |               if (LINE1 & LINE2)
 49 |                 stato = g;
 50 |               else 
 51 |                 stato = c;
 52 | 	      OUTP = LINE1 ^ LINE2;
 53 | 	      OVERFLW = 0;
 54 |           end
 55 |           f: begin
 56 |               if (LINE1 | LINE2)
 57 |                 stato = g;
 58 |               else
 59 |                 stato = c;
 60 | 	      OUTP = ~(LINE1 ^ LINE2);
 61 | 	      OVERFLW = 0;
 62 |           end
 63 |           c: begin
 64 |               if (LINE1 & LINE2)
 65 |                 stato = wf1;
 66 |               else
 67 |                 stato = wf0;
 68 |               OUTP = LINE1 ^ LINE2;
 69 | 	      OVERFLW = 0;
 70 |           end
 71 | 	  g: begin
 72 |               if (LINE1 | LINE2)
 73 |                 stato = wf1;
 74 |               else
 75 |                 stato = wf0;
 76 | 	      OUTP = ~(LINE1 ^ LINE2);
 77 | 	      OVERFLW = 0;
 78 |           end
 79 |           wf0: begin
 80 |               if (LINE1 & LINE2)
 81 |                 stato = e;
 82 |               else
 83 |                 stato = a;
 84 | 	      OUTP = LINE1 ^ LINE2;
 85 | 	      OVERFLW = 0;
 86 |           end
 87 |           wf1: begin
 88 |               if (LINE1 | LINE2)
 89 |                 stato = e;
 90 |               else             
 91 |                 stato = a;
 92 | 	      OUTP = ~(LINE1 ^ LINE2);
 93 | 	      OVERFLW = 0;
 94 |           end
 95 | 	endcase
 96 |     end
 97 | 
 98 |   assert property (OVERFLW==1 |-> ##2 (OVERFLW==0));
 99 | 
100 | endmodule // b01
101 | 


--------------------------------------------------------------------------------
/safe/b01/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | --unwind 1 
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/b02/main.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <assert.h>
  3 | #define TRUE 1
  4 | #define FALSE 0
  5 | _Bool nondet_bool();
  6 | 
  7 | int A=0;
  8 | int B=1;
  9 | int C=2;
 10 | int D=3;
 11 | int E=4;
 12 | int F=5;
 13 | int G=6;
 14 | 
 15 | struct state_elements_main {
 16 |   _Bool U;
 17 |   unsigned char stato;
 18 | };
 19 | struct state_elements_main smain; 
 20 | 
 21 | void initial() {
 22 |   smain.U = 0;
 23 |   smain.stato = A;
 24 | }
 25 | 
 26 | void b02(
 27 |     _Bool clock,
 28 |     _Bool  LINEA, _Bool *U)
 29 | {
 30 |   // clocked block
 31 |   switch(smain.stato) {
 32 |     case 0: 
 33 |               smain.stato = B;
 34 |               smain.U=0;
 35 |               break;
 36 |             
 37 |     case 1: 
 38 |               if (LINEA==0)
 39 |                 smain.stato = C;
 40 |               else
 41 |                 smain.stato = F;
 42 |               smain.U = 0;
 43 |               break;
 44 |             
 45 |     case 2: 
 46 |               if (LINEA==0)
 47 |                 smain.stato = D;
 48 |               else 
 49 |                 smain.stato = G;
 50 |               smain.U = 0;
 51 |               break;
 52 |             
 53 |     case 3: 
 54 |               smain.stato = E;
 55 |               smain.U=0;
 56 |               break;
 57 |             
 58 |     case 4: 
 59 |               smain.stato = B;
 60 |               smain.U=1;
 61 |               break;
 62 |             
 63 |     case 5: 
 64 |               smain.stato = G;
 65 |               smain.U=0;
 66 |               break;
 67 |             
 68 |     case 6: 
 69 |               if (LINEA==0)
 70 |                 smain.stato = E;
 71 |               else 
 72 |                 smain.stato = A;
 73 |               smain.U = 0;
 74 |               break;
 75 |             
 76 |   }
 77 |   *U=smain.U;
 78 | }
 79 | 
 80 | void main()
 81 | {
 82 |   _Bool LINEA=nondet_bool();
 83 |   _Bool U=nondet_bool; 
 84 |   _Bool  clock;
 85 |   initial();
 86 |   assert(smain.stato==A);
 87 | 
 88 |   while(1) {
 89 |     b02(clock,LINEA,&U);
 90 |     if(smain.stato==D) {
 91 |       b02(clock,LINEA,&U);
 92 |       b02(clock,LINEA,&U);
 93 |       assert(smain.stato==B);
 94 |     }
 95 |     /*if(smain.U==1) {
 96 |       b02(clock,LINEA,&U);
 97 |       assert(smain.U==0);
 98 |     }
 99 |     if(smain.U==1) {
100 |       assert(smain.stato==B);
101 |     }*/
102 |   }
103 | }
104 | 


--------------------------------------------------------------------------------
/safe/b02/main.sv:
--------------------------------------------------------------------------------
 1 | // Verilog translation of the original b02 circuit from the ITC99
 2 | // benchmark set.
 3 | 
 4 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
 5 | 
 6 | module main(clock, LINEA, U);
 7 |     input  clock;
 8 |     input  LINEA;
 9 |     output U;
10 | 
11 |     reg    U;
12 |     reg [2:0] stato;
13 | 
14 |     parameter A=0;
15 |     parameter B=1;
16 |     parameter C=2;
17 |     parameter D=3;
18 |     parameter E=4;
19 |     parameter F=5;
20 |     parameter G=6;
21 | 
22 |   initial begin
23 | 	stato = A;
24 | 	U = 0;
25 |     end
26 | 
27 |     always @ (posedge clock) begin
28 | 	case (stato)
29 |           A: begin
30 |               stato = B;
31 |               U = 0;
32 | 	  end
33 |           B: begin
34 |               if (LINEA == 0)
35 |                 stato = C;
36 |               else
37 |                 stato = F;
38 |               U = 0;
39 | 	  end
40 |           C: begin
41 |               if (LINEA == 0)
42 |                 stato = D;
43 |               else
44 |                 stato = G;
45 |               U = 0;
46 | 	  end
47 |           D: begin
48 |               stato = E; 
49 |               U = 0;
50 | 	  end
51 |           E: begin
52 |               stato = B;
53 |               U = 1;
54 | 	  end
55 | 	  F: begin
56 |               stato = G;
57 |               U = 0;
58 | 	  end
59 |           G: begin
60 |               if (LINEA == 0)
61 |                 stato = E;
62 |               else
63 |                 stato = A;
64 |               U = 0;
65 |           end
66 |         endcase
67 |     end
68 | 
69 | assert property (stato==D |-> ##2 (stato==B));
70 | assert property (U==1 |-> ##1 U==0);
71 | assert property (U==1 |-> stato==B);
72 | endmodule // b02
73 | 


--------------------------------------------------------------------------------
/safe/b02/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | --unwind 3
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/b03/main.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <assert.h>
  3 | #define TRUE 1
  4 | #define FALSE 0
  5 | 
  6 | int U1=0;
  7 | int U2=1;
  8 | int U3=2;
  9 | int U4=3;
 10 | int INIT=0;
 11 | int ANALISI_REQ=1;
 12 | int ASSEGNA=2;
 13 | 
 14 | struct state_elements_main {
 15 |   unsigned char	 GRANT_O;
 16 |   unsigned char  stato;
 17 |   unsigned char  coda0, coda1, coda2, coda3;
 18 |   _Bool 	 ru1, ru2, ru3, ru4, fu1, fu2, fu3, fu4;
 19 |   unsigned char grant;
 20 | };
 21 | struct state_elements_main smain; 
 22 | 
 23 | void initial() {
 24 |   smain.stato = INIT;
 25 |   smain.coda0 = 0;
 26 |   smain.coda1 = 0;
 27 |   smain.coda2 = 0;
 28 |   smain.coda3 = 0;
 29 |   smain.ru1 = 0;
 30 |   smain.fu1 = 0;
 31 |   smain.ru2 = 0;
 32 |   smain.fu2 = 0;
 33 |   smain.ru3 = 0;
 34 |   smain.fu3 = 0;
 35 |   smain.ru4 = 0;
 36 |   smain.fu4 = 0;
 37 |   smain.grant = 0;
 38 |   smain.GRANT_O = 0;
 39 | }
 40 | 
 41 | void b03(
 42 |     _Bool clock,
 43 |     _Bool REQUEST1, 
 44 |     _Bool REQUEST2, 
 45 |     _Bool REQUEST3, 
 46 |     _Bool REQUEST4,
 47 |     unsigned char *GRANT_O
 48 |     )
 49 | {
 50 |   // clocked block
 51 |   switch (smain.stato) {
 52 |     case 0: {
 53 |               smain.ru1 = REQUEST1;
 54 |               smain.ru2 = REQUEST2;
 55 |               smain.ru3 = REQUEST3;
 56 |               smain.ru4 = REQUEST4;
 57 |               smain.stato = ANALISI_REQ;
 58 |               break;
 59 |             }
 60 |     case 1: {
 61 |               smain.GRANT_O = smain.grant;
 62 |               if (smain.ru1) {
 63 |                 if (!smain.fu1) {
 64 |                   smain.coda3 = smain.coda2;
 65 |                   smain.coda2 = smain.coda1;
 66 |                   smain.coda1 = smain.coda0;
 67 |                   smain.coda0 = U1;
 68 |                 }
 69 |               } 
 70 |               else if (smain.ru2) {
 71 |                 if (!smain.fu2) {
 72 |                   smain.coda3 = smain.coda2;
 73 |                   smain.coda2 = smain.coda1;
 74 |                   smain.coda1 = smain.coda0;
 75 |                   smain.coda0 = U2;
 76 |                 }
 77 |               }
 78 |               else if (smain.ru3) {
 79 |                 if (!smain.fu3) {
 80 |                   smain.coda3 = smain.coda2;
 81 |                   smain.coda2 = smain.coda1;
 82 |                   smain.coda1 = smain.coda0;
 83 |                   smain.coda0 = U3;
 84 |                 }
 85 |               }        
 86 |               else if (smain.ru4) {
 87 |                 if (!smain.fu4) {
 88 |                   smain.coda3 = smain.coda2;
 89 |                   smain.coda2 = smain.coda1;
 90 |                   smain.coda1 = smain.coda0;
 91 |                   smain.coda0 = U4;
 92 |                 }
 93 |               }        
 94 |               smain.fu1 = smain.ru1;
 95 |               smain.fu2 = smain.ru2;
 96 |               smain.fu3 = smain.ru3;
 97 |               smain.fu4 = smain.ru4;
 98 |               smain.stato = ASSEGNA;
 99 |               break;
100 |             }
101 |     case 2: {
102 |               if (smain.fu1 | smain.fu2 | smain.fu3 | smain.fu4) {
103 |                 switch (smain.coda0) {
104 |                   case 4:	smain.grant = 8;
105 |                   case 2: smain.grant = 4;
106 |                   case 1: smain.grant = 2;
107 |                   case 7: smain.grant = 1;
108 |                   default: smain.grant = 0;
109 |                 }
110 |                 smain.coda0 = smain.coda1;
111 |                 smain.coda1 = smain.coda2;
112 |                 smain.coda2 = smain.coda3;
113 |                 smain.coda3 = 0;
114 |               }
115 |               smain.ru1 = REQUEST1;
116 |               smain.ru2 = REQUEST2;
117 |               smain.ru3 = REQUEST3;
118 |               smain.ru4 = REQUEST4;
119 |               smain.stato = ANALISI_REQ;
120 |               break;
121 |             }
122 | 
123 |   } // end switch 
124 |   *GRANT_O = smain.GRANT_O;
125 | }
126 | 
127 | void main()
128 | {
129 |   _Bool    clock;
130 |   _Bool 	 REQUEST1, REQUEST2, REQUEST3, REQUEST4;
131 |   unsigned char GRANT_O;
132 |   initial();
133 |   while(1) {
134 |     b03(clock,REQUEST1, REQUEST2, REQUEST3, REQUEST4, &GRANT_O);
135 |     assert(GRANT_O==0 || GRANT_O==8 || GRANT_O==4 || GRANT_O==2 || GRANT_O==1);
136 |   }
137 | }
138 | 
139 | 
140 | 
141 | 


--------------------------------------------------------------------------------
/safe/b03/main.sv:
--------------------------------------------------------------------------------
  1 | // Verilog translation of the original b03 circuit from the ITC99
  2 | // benchmark set.
  3 | 
  4 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
  5 | 
  6 | module main(clock, REQUEST1, REQUEST2, REQUEST3, REQUEST4, GRANT_O);
  7 |     input        clock;
  8 |     input 	 REQUEST1, REQUEST2, REQUEST3, REQUEST4;
  9 |     output [3:0] GRANT_O;
 10 | 
 11 |     parameter 	 U1 = 3'b100;
 12 |     parameter 	 U2 = 3'b010;
 13 |     parameter 	 U3 = 3'b001;
 14 |     parameter 	 U4 = 3'b111;
 15 |     parameter INIT = 0;
 16 |     parameter ANALISI_REQ = 1;
 17 |     parameter ASSEGNA = 2;
 18 | 
 19 | 
 20 |     reg [3:0] 	 GRANT_O;
 21 |     reg [1:0]    stato;
 22 |     reg [2:0] 	 coda0, coda1, coda2, coda3;
 23 |     reg 	 ru1, ru2, ru3, ru4, fu1, fu2, fu3, fu4;
 24 |     reg [3:0] 	 grant;
 25 | 
 26 |     initial begin
 27 | 	stato = INIT;
 28 | 	coda0 = 0;
 29 | 	coda1 = 0;
 30 | 	coda2 = 0;
 31 | 	coda3 = 0;
 32 | 	ru1 = 0;
 33 | 	fu1 = 0;
 34 | 	ru2 = 0;
 35 | 	fu2 = 0;
 36 | 	ru3 = 0;
 37 | 	fu3 = 0;
 38 | 	ru4 = 0;
 39 | 	fu4 = 0;
 40 | 	grant = 0;
 41 | 	GRANT_O = 0;
 42 |     end
 43 | 
 44 |     always @ (posedge clock) begin
 45 | 	case (stato)
 46 | 	  INIT: begin
 47 |               ru1 = REQUEST1;
 48 |               ru2 = REQUEST2;
 49 |               ru3 = REQUEST3;
 50 |               ru4 = REQUEST4;
 51 |               stato = ANALISI_REQ;
 52 | 	  end
 53 | 	  ANALISI_REQ: begin
 54 | 	      GRANT_O = grant;
 55 |               if (ru1) begin
 56 | 		  if (!fu1) begin
 57 | 		      coda3 = coda2;
 58 | 		      coda2 = coda1;
 59 | 		      coda1 = coda0;
 60 | 		      coda0 = U1;
 61 | 		  end
 62 | 	      end else if (ru2) begin
 63 | 		  if (!fu2) begin
 64 | 		      coda3 = coda2;
 65 | 		      coda2 = coda1;
 66 | 		      coda1 = coda0;
 67 | 		      coda0 = U2;
 68 | 		  end
 69 |               end else if (ru3) begin
 70 | 		  if (!fu3) begin
 71 | 		      coda3 = coda2;
 72 | 		      coda2 = coda1;
 73 | 		      coda1 = coda0;
 74 | 		      coda0 = U3;
 75 | 		  end
 76 |               end else if (ru4) begin
 77 | 		  if (!fu4) begin
 78 | 		      coda3 = coda2;
 79 | 		      coda2 = coda1;
 80 | 		      coda1 = coda0;
 81 | 		      coda0 = U4;
 82 | 		  end
 83 |               end
 84 | 
 85 | 	      fu1 = ru1;
 86 | 	      fu2 = ru2;
 87 | 	      fu3 = ru3;
 88 | 	      fu4 = ru4;
 89 | 
 90 |               stato = ASSEGNA;
 91 | 	  end
 92 | 	  ASSEGNA: begin
 93 |               if (fu1 | fu2 | fu3 | fu4) begin
 94 | 		  case (coda0)
 95 | 		    U1:	grant = 4'b1000;
 96 | 		    U2: grant = 4'b0100;
 97 | 		    U3: grant = 4'b0010;
 98 | 		    U4: grant = 4'b0001;
 99 | 		    default: grant = 4'b0000;
100 | 		  endcase
101 |  		  coda0 = coda1;
102 | 		  coda1 = coda2;
103 | 		  coda2 = coda3;
104 | 		  coda3 = 0;
105 | 	      end
106 | 	      ru1 = REQUEST1;
107 | 	      ru2 = REQUEST2;
108 | 	      ru3 = REQUEST3;
109 | 	      ru4 = REQUEST4;
110 | 	      stato = ANALISI_REQ;
111 | 	  end
112 | 	endcase
113 |     end
114 |   assert property (GRANT_O==0 || GRANT_O==8 || GRANT_O==4 || GRANT_O==2 || GRANT_O==1);
115 | endmodule // b03
116 | 


--------------------------------------------------------------------------------
/safe/b03/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | --unwind 1
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/b04/main.sv:
--------------------------------------------------------------------------------
  1 | // Verilog translation of the original b04 circuit from the ITC99
  2 | // benchmark set.
  3 | 
  4 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
  5 | 
  6 | module main(RESTART, AVERAGE, ENABLE, DATA_IN, DATA_OUT, CLOCK);
  7 |     input        RESTART;
  8 |     input 	 AVERAGE;
  9 |     input 	 ENABLE;
 10 |     input [7:0]  DATA_IN;
 11 |     output [7:0] DATA_OUT;
 12 |     input 	 CLOCK;
 13 | 
 14 |     parameter sA = 0;
 15 |     parameter sB = 1;
 16 |     parameter sC = 2;
 17 | 
 18 |     reg    stato;
 19 |     reg [7:0] 	 DATA_OUT;
 20 |     reg [7:0] 	 RMAX, RMIN, RLAST, REG1, REG2, REG3, REG4;
 21 |     wire [7:0] 	 REGD;
 22 |     wire [8:0] 	 temp;
 23 | 
 24 |     initial begin
 25 | 	stato = sA;
 26 |       	RMAX = 0;
 27 |       	RMIN = 0;
 28 |       	RLAST = 0;
 29 |       	REG1 = 0;
 30 |       	REG2 = 0;
 31 |       	REG3 = 0;
 32 |       	REG4 = 0;
 33 |       	DATA_OUT = 0;
 34 |     end
 35 | 
 36 |     // Compute the two's complement of an integer.
 37 |     function [7:0] tc;
 38 | 	input [7:0] x;
 39 | 	begin: _tc
 40 | 	    tc = (~x) + 8'b1;
 41 | 	end
 42 |     endfunction // tc
 43 | 
 44 |     function [7:0] avg;
 45 | 	input [7:0] x;
 46 | 	input [7:0] y;
 47 | 	reg [8:0] tmp;
 48 | 	reg [7:0] tmp2;
 49 | 	begin: _avg
 50 | 	    tmp = {x[7],x} + {y[7],y};
 51 | 	    tmp2 = tc({1'b0,tmp[6:0]});
 52 | 	    if (tmp[8])
 53 | 	      avg = tc({tmp2[7],tmp2[7:1]});
 54 | 	    else
 55 | 	      avg = {2'b0,tmp[6:1]};
 56 | 	end
 57 |     endfunction // avg
 58 | 
 59 |     // Determine whether x > y assuming the two operands are two's complement
 60 |     // integers.
 61 |     function signGt;
 62 | 	input [7:0] x;
 63 | 	input [7:0] y;
 64 | 	begin: _signGt;
 65 | 	    if (!x[7] && y[7])
 66 | 	      signGt = 1;
 67 | 	    else if (x[7] && !y[7])
 68 | 	      signGt = 0;
 69 | 	    else
 70 | 	      signGt = x[6:0] > y[6:0];
 71 | 	end
 72 |     endfunction // signGt
 73 | 
 74 |     always @ (posedge CLOCK) begin
 75 | 	case (stato)
 76 | 	  sA: stato = sB;
 77 | 	  sB: begin
 78 | 	      RMAX = DATA_IN;
 79 | 	      RMIN = DATA_IN;
 80 | 	      REG1 = 0;
 81 | 	      REG2 = 0;
 82 | 	      REG3 = 0;
 83 | 	      REG4 = 0;
 84 | 	      RLAST = 0;
 85 | 	      DATA_OUT = 0;
 86 | 	      stato = sC;
 87 | 	  end // case: sB
 88 | 	  sC: begin
 89 | 	      if (ENABLE) begin
 90 | 		  RLAST = DATA_IN;
 91 | 	      end
 92 | 	      if (RESTART) begin
 93 | 		  DATA_OUT = avg(RMAX, RMIN);
 94 | 	      end else if (ENABLE) begin
 95 | 		  if (AVERAGE)
 96 | 		    DATA_OUT = REG4;
 97 | 		  else
 98 | 		    DATA_OUT = avg(DATA_IN, REG4);
 99 | 	      end else begin
100 | 		  DATA_OUT = RLAST;
101 | 	      end
102 | 	      if (signGt(DATA_IN, RMAX)) begin
103 | 		  RMAX = DATA_IN;
104 | 	      end else if (signGt(RMIN, DATA_IN)) begin
105 | 		  RMIN = DATA_IN;
106 | 	      end
107 | 	      REG4 = REG3;
108 | 	      REG3 = REG2;
109 | 	      REG2 = REG1;
110 | 	      REG1 = DATA_IN;
111 | 	      stato = sC;
112 | 	  end // case: sC
113 | 	endcase // case(stato)
114 |     end // always @ (posedge CLOCK)
115 |   assert property (RMAX[7]==1 |-> RMIN[7]==1);
116 | endmodule // b04
117 | 


--------------------------------------------------------------------------------
/safe/b04/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | 
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/b05/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | 
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/b06/main.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <assert.h>
  3 | 
  4 | struct state_elements_b06 {
  5 |     unsigned char CC_MUX, USCITE;
  6 |     _Bool 	 ENABLE_COUNT, ACKOUT;
  7 |     _Bool    state;
  8 | };
  9 | struct state_elements_b06 sb;
 10 | 
 11 | int 	 cc_nop   = 1;
 12 | int 	 cc_enin  = 1;
 13 | int 	 cc_intr  = 2;
 14 | int 	 cc_ackin = 3;
 15 | int 	 out_norm = 1;
 16 | 
 17 | int s_init=0;
 18 | int s_wait=1;
 19 | int s_enin=2;
 20 | int s_enin_w=3;
 21 | int s_intr=4;
 22 | int s_intr_1=5;
 23 | int s_intr_w=6;
 24 | 
 25 | void initial()
 26 | {
 27 |   sb.state = s_init;
 28 |   sb.CC_MUX = 0;
 29 |   sb.ENABLE_COUNT = 0;
 30 |   sb.ACKOUT = 0;
 31 |   sb.USCITE = 0;
 32 | }
 33 | 
 34 | void b06(
 35 |     unsigned char *CC_MUX,
 36 |     _Bool 	 EQL,
 37 |     unsigned char *USCITE,
 38 |     _Bool 	 clock,
 39 |     _Bool  *ENABLE_COUNT,
 40 |     _Bool  *ACKOUT,
 41 |     _Bool  CONT_EQL
 42 |     )
 43 | {
 44 |   // clocked block
 45 | 	if (CONT_EQL) {
 46 | 	    *ACKOUT = 0;
 47 | 	    *ENABLE_COUNT = 0;
 48 |   } else {
 49 | 	    *ACKOUT = 1;
 50 | 	    *ENABLE_COUNT = 1;
 51 |   }
 52 | 
 53 | 	switch (sb.state)
 54 |   {
 55 | 
 56 | 	  case s_init: {
 57 |                    sb.CC_MUX = cc_enin;
 58 |                    sb.USCITE = out_norm;
 59 |                    sb.state = s_wait;
 60 |                    break;
 61 |                  }
 62 |     case s_wait: {
 63 |                    if (EQL) {
 64 |                      sb.USCITE = 0;
 65 |                      sb.CC_MUX = cc_ackin;
 66 |                      sb.state = s_enin;
 67 |                    } else {
 68 |                      sb.USCITE = out_norm;
 69 |                      sb.CC_MUX = cc_intr;
 70 |                      sb.state = s_intr_1;
 71 |                    }
 72 |                    break;
 73 |                  }
 74 |     case s_intr_1: {
 75 |                      if (EQL) {
 76 |                        sb.USCITE = 0;
 77 |                        sb.CC_MUX = cc_ackin;
 78 |                        sb.state = s_intr;
 79 |                      } else {
 80 |                        sb.USCITE = out_norm;
 81 |                        sb.CC_MUX = cc_enin;
 82 |                        sb.state = s_wait;
 83 |                      }
 84 |                      break;
 85 |                    }
 86 |     case s_enin: {
 87 |                    if (EQL) {
 88 |                      sb.USCITE = 0;
 89 |                      sb.CC_MUX = cc_ackin;
 90 |                      sb.state = s_enin;
 91 |                    } else {
 92 |                      sb.USCITE = 1;
 93 |                      sb.ACKOUT = 1;
 94 |                      sb.ENABLE_COUNT = 1;
 95 |                      sb.CC_MUX = cc_enin;
 96 |                      sb.state = s_enin_w;
 97 |                    }
 98 |                    break;
 99 |                  }
100 |     case s_enin_w: {
101 |                      if (EQL) {
102 |                        sb.USCITE = 1;
103 |                        sb.CC_MUX = cc_enin;
104 |                        sb.state = s_enin_w;
105 |                      } else {
106 |                        sb.USCITE = out_norm;
107 |                        sb.CC_MUX = cc_enin;
108 |                        sb.state = s_wait;
109 |                      }
110 |                      break;
111 |                    }
112 |     case s_intr: {
113 |                    if (EQL) {
114 |                      sb.USCITE = 0;
115 |                      sb.CC_MUX = cc_ackin;
116 |                      sb.state = s_intr;
117 |                    } else {
118 |                      sb.USCITE = 3;
119 |                      sb.CC_MUX = cc_intr;
120 |                      sb.state = s_intr_w;
121 |                    }
122 |                    break;
123 |                  }
124 |     case s_intr_w: {
125 |                      if (EQL) {
126 |                        sb.USCITE = 3;
127 |                        sb.CC_MUX = cc_intr;
128 |                        sb.state = s_intr_w;
129 |                      } else {
130 |                        sb.USCITE = out_norm;
131 |                        sb.CC_MUX = cc_enin;
132 |                        sb.state = s_wait;
133 |                      }
134 |                    }
135 |                    break;
136 |   }
137 |   *USCITE = sb.USCITE;
138 |   *CC_MUX = sb.CC_MUX;
139 |   *ENABLE_COUNT = sb.ENABLE_COUNT;
140 |   *ACKOUT = sb.ACKOUT;
141 | }
142 | 
143 | void main()
144 | {
145 |   unsigned char CC_MUX;
146 |   _Bool  EQL;
147 |   unsigned char USCITE;
148 |   _Bool  clock;
149 |   _Bool  ENABLE_COUNT;
150 |   _Bool  ACKOUT;
151 |   _Bool  CONT_EQL;
152 |   initial();
153 |   while (1) {
154 |     b06(&CC_MUX, EQL, &USCITE, clock, &ENABLE_COUNT, &ACKOUT, CONT_EQL);
155 |     assert (ENABLE_COUNT==ACKOUT);
156 |     assert ((USCITE&0x3)!=2);
157 |   }
158 | }
159 | 


--------------------------------------------------------------------------------
/safe/b06/main.sv:
--------------------------------------------------------------------------------
  1 | // Verilog translation of the original b06 circuit from the ITC99
  2 | // benchmark set.
  3 | 
  4 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
  5 | 
  6 | 
  7 | module main(CC_MUX, EQL, USCITE, clock, ENABLE_COUNT, ACKOUT, CONT_EQL);
  8 |     output [2:1] CC_MUX;
  9 |     input 	 EQL;
 10 |     output [2:1] USCITE;
 11 |     input 	 clock;
 12 |     output 	 ENABLE_COUNT;
 13 |     output 	 ACKOUT;
 14 |     input 	 CONT_EQL;
 15 | 
 16 |     parameter 	 cc_nop   = 2'b01;
 17 |     parameter 	 cc_enin  = 2'b01;
 18 |     parameter 	 cc_intr  = 2'b10;
 19 |     parameter 	 cc_ackin = 2'b11;
 20 |     parameter 	 out_norm = 2'b01;
 21 | 
 22 |     parameter s_init=0;
 23 |     parameter s_wait=1;
 24 |     parameter s_enin=2;
 25 |     parameter s_enin_w=3;
 26 |     parameter s_intr=4;
 27 |     parameter s_intr_1=5;
 28 |     parameter s_intr_w=6;
 29 | 
 30 |     reg [2:1] 	 CC_MUX, USCITE;
 31 |     reg 	 ENABLE_COUNT, ACKOUT;
 32 |     reg    state;
 33 | 
 34 |     initial begin
 35 | 	state = s_init;
 36 | 	CC_MUX = 0;
 37 | 	ENABLE_COUNT = 0;
 38 | 	ACKOUT = 0;
 39 | 	USCITE = 0;
 40 |     end
 41 | 
 42 |     always @ (posedge clock) begin
 43 | 	if (CONT_EQL) begin
 44 | 	    ACKOUT = 0;
 45 | 	    ENABLE_COUNT = 0;
 46 | 	end else begin
 47 | 	    ACKOUT = 1;
 48 | 	    ENABLE_COUNT = 1;
 49 | 	end
 50 | 
 51 | 	case (state)
 52 | 
 53 | 	  s_init: begin
 54 | 		CC_MUX = cc_enin;
 55 | 		USCITE = out_norm;
 56 | 		state = s_wait;
 57 | 	  end
 58 | 	  s_wait: begin
 59 | 	      if (EQL) begin
 60 | 		  USCITE = 0;
 61 | 		  CC_MUX = cc_ackin;
 62 | 		  state = s_enin;
 63 | 	      end else begin
 64 | 		  USCITE = out_norm;
 65 | 		  CC_MUX = cc_intr;
 66 | 		  state = s_intr_1;
 67 | 	      end
 68 | 	  end
 69 | 	  s_intr_1: begin
 70 | 	      if (EQL) begin
 71 | 		  USCITE = 0;
 72 | 		  CC_MUX = cc_ackin;
 73 | 		  state = s_intr;
 74 | 	      end else begin
 75 | 		  USCITE = out_norm;
 76 | 		  CC_MUX = cc_enin;
 77 | 		  state = s_wait;
 78 | 	      end
 79 | 	  end
 80 | 	  s_enin: begin
 81 | 	      if (EQL) begin
 82 | 		  USCITE = 0;
 83 | 		  CC_MUX = cc_ackin;
 84 | 		  state = s_enin;
 85 | 	      end else begin
 86 | 		  USCITE = 1;
 87 | 		  ACKOUT = 1;
 88 | 		  ENABLE_COUNT = 1;
 89 | 		  CC_MUX = cc_enin;
 90 | 		  state = s_enin_w;
 91 | 	      end
 92 | 	  end
 93 | 	  s_enin_w: begin
 94 | 	      if (EQL) begin
 95 | 		  USCITE = 1;
 96 | 		  CC_MUX = cc_enin;
 97 | 		  state = s_enin_w;
 98 | 	      end else begin
 99 | 		  USCITE = out_norm;
100 | 		  CC_MUX = cc_enin;
101 | 		  state = s_wait;
102 | 	      end
103 | 	  end
104 | 	  s_intr: begin
105 | 	      if (EQL) begin
106 | 		  USCITE = 0;
107 | 		  CC_MUX = cc_ackin;
108 | 		  state = s_intr;
109 | 	      end else begin
110 | 		  USCITE = 3;
111 | 		  CC_MUX = cc_intr;
112 | 		  state = s_intr_w;
113 | 	      end
114 | 	  end
115 | 	  s_intr_w: begin
116 | 	      if (EQL) begin
117 | 		  USCITE = 3;
118 | 		  CC_MUX = cc_intr;
119 | 		  state = s_intr_w;
120 | 	      end else begin
121 | 		  USCITE = out_norm;
122 | 		  CC_MUX = cc_enin;
123 | 		  state = s_wait;
124 | 	      end
125 | 	  end
126 | 	endcase
127 |     end
128 | 
129 |   assert property (ENABLE_COUNT==ACKOUT);
130 |   assert property (USCITE[2:1]!=2);
131 | endmodule // b06
132 | 


--------------------------------------------------------------------------------
/safe/b06/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | --unwind 2
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/b07/main.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <assert.h>
  3 | 
  4 | _Bool nondet_bool();
  5 | 
  6 | int S_RESET = 0;
  7 | int S_START = 1;
  8 | int S_LOAD_X = 2;
  9 | int S_UPDATE_MAR = 3;
 10 | int S_LOAD_Y = 4;
 11 | int S_CALC_RETTA = 5;
 12 | int S_INCREMENTA = 6;
 13 | 
 14 | struct state_elements_b07 {
 15 |     unsigned char 	 PUNTI_RETTA;
 16 |     _Bool    stato;
 17 |     unsigned char 	 cont, x;
 18 |     unsigned char 	 y, t;
 19 |     unsigned char 	 mar;
 20 | };
 21 | struct state_elements_b07 sb;
 22 | 
 23 | unsigned char mems(unsigned char a)
 24 | {
 25 |   unsigned char mem;
 26 |   if      (a ==  0) mem = 1;
 27 |   else if (a ==  1) mem = 255;
 28 |   else if (a ==  2) mem = 0;
 29 |   else if (a ==  3) mem = 0;
 30 |   else if (a ==  4) mem = 0;
 31 |   else if (a ==  5) mem = 2;
 32 |   else if (a ==  6) mem = 0;
 33 |   else if (a ==  7) mem = 0;
 34 |   else if (a ==  8) mem = 0;
 35 |   else if (a ==  9) mem = 2;
 36 |   else if (a == 10) mem = 255;
 37 |   else if (a == 11) mem = 5;
 38 |   else if (a == 12) mem = 0;
 39 |   else if (a == 13) mem = 2;
 40 |   else if (a == 14) mem = 0;
 41 |   else              mem = 2;
 42 |   return mem;
 43 | } // mem
 44 | 
 45 | void initial()
 46 | {
 47 | 	sb.stato = S_RESET;
 48 | 	sb.PUNTI_RETTA = 0;
 49 | 	sb.cont = 0;
 50 | 	sb.mar = 0;
 51 | 	sb.x = 0;
 52 | 	sb.y = 0;
 53 | 	sb.t = 0;
 54 | }
 55 | 
 56 | void b07(
 57 |     unsigned char *PUNTI_RETTA,
 58 |     _Bool 	 START,
 59 |     _Bool 	 clock)
 60 | {
 61 |    unsigned char mem_mar;
 62 |    mem_mar = mems(sb.mar);
 63 | 
 64 |   // clocked block
 65 |    switch (sb.stato) {
 66 |      case S_RESET: {
 67 |                      sb.stato = S_START;
 68 |                      break;
 69 |                    }
 70 |      case S_START: {
 71 |                      if (START) {
 72 |                        sb.cont = 0;
 73 |                        sb.mar = 0;
 74 |                        sb.stato = S_LOAD_X;
 75 |                      } else {
 76 |                        sb.stato = S_START;
 77 |                        sb.PUNTI_RETTA = 0;
 78 |                      }
 79 |                      break;
 80 |                    }
 81 |      case S_LOAD_X: {
 82 |                       sb.x = mem_mar;
 83 |                       sb.stato = S_UPDATE_MAR;
 84 |                       break;
 85 |                     }
 86 |      case S_UPDATE_MAR: {
 87 |                           sb.mar = sb.mar + 1;
 88 |                           sb.t = (((sb.x&0x3F)<<1) | 0)&0x7F;
 89 |                           sb.stato = S_LOAD_Y;
 90 |                           break;
 91 |                         }
 92 |      case S_LOAD_Y: {
 93 |                       sb.y = mem_mar&0x7F;
 94 |                       sb.x =  (((0<<7) | (sb.x&0x7F))&0xFF) + (((0<<7) | (sb.t&0x7F))&0xFF);  
 95 |                       sb.stato = S_CALC_RETTA;
 96 |                       break;
 97 |                     }
 98 | S_CALC_RETTA: {
 99 |                 sb.x = (((0<<7) | (sb.x&0x7F))&0xFF) + (((0<<7) | (sb.t&0x7F))&0xFF);  
100 |                 sb.stato = S_INCREMENTA;
101 |                 break;
102 |               }
103 | S_INCREMENTA: {
104 |                 if (sb.mar != 15) {
105 |                   if (sb.x == 2)
106 |                     sb.cont = sb.cont + 1;
107 |                   sb.mar = sb.mar + 1;
108 |                   sb.stato = S_LOAD_X;
109 |                 } else {
110 |                   if (START == 0) {
111 |                     if (sb.x == 2)
112 |                       sb.PUNTI_RETTA = sb.cont + 1;
113 |                     else
114 |                       sb.PUNTI_RETTA = sb.cont;
115 |                     sb.stato = S_START;
116 |                   } else {
117 |                     sb.stato = S_INCREMENTA;
118 |                   }
119 |                 }
120 |                 break;
121 |               }
122 |    }
123 |    *PUNTI_RETTA = sb.PUNTI_RETTA;
124 | }
125 | 
126 | void main()
127 | {
128 |     unsigned char PUNTI_RETTA;
129 |     _Bool 	 START;
130 |     _Bool 	 clock;
131 |     initial();
132 |     while(1) { 
133 |       START=nondet_bool();
134 |       b07(&PUNTI_RETTA, START, clock);
135 |       assert ((sb.x&0xFF)!=148);
136 |     }
137 | }
138 | 


--------------------------------------------------------------------------------
/safe/b07/main.sv:
--------------------------------------------------------------------------------
  1 | // Verilog translation of the original b07 circuit from the ITC99
  2 | // benchmark set.
  3 | 
  4 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
  5 | 
  6 | 
  7 | module main(PUNTI_RETTA, START, clock);
  8 |     output [7:0] PUNTI_RETTA;
  9 |     input 	 START;
 10 |     input 	 clock;
 11 | 
 12 |     reg [7:0] 	 PUNTI_RETTA;
 13 |     reg    stato;
 14 |     reg [7:0] 	 cont, x;
 15 |     reg [6:0] 	 y, t;
 16 |     reg [3:0] 	 mar;
 17 |     wire [7:0] 	 mem_mar;
 18 |     parameter S_RESET = 0;
 19 |     parameter S_START = 1;
 20 |     parameter S_LOAD_X = 2;
 21 |     parameter S_UPDATE_MAR = 3;
 22 |     parameter S_LOAD_Y = 4;
 23 |     parameter S_CALC_RETTA = 5;
 24 |     parameter S_INCREMENTA = 6;
 25 | 
 26 |     function [7:0] mem;
 27 | 	input [3:0] a;
 28 | 	begin: _mem
 29 | 	    if      (a ==  0) mem = 1;
 30 | 	    else if (a ==  1) mem = 255;
 31 | 	    else if (a ==  2) mem = 0;
 32 | 	    else if (a ==  3) mem = 0;
 33 | 	    else if (a ==  4) mem = 0;
 34 | 	    else if (a ==  5) mem = 2;
 35 | 	    else if (a ==  6) mem = 0;
 36 | 	    else if (a ==  7) mem = 0;
 37 | 	    else if (a ==  8) mem = 0;
 38 | 	    else if (a ==  9) mem = 2;
 39 | 	    else if (a == 10) mem = 255;
 40 | 	    else if (a == 11) mem = 5;
 41 | 	    else if (a == 12) mem = 0;
 42 | 	    else if (a == 13) mem = 2;
 43 | 	    else if (a == 14) mem = 0;
 44 | 	    else              mem = 2;
 45 | 	end
 46 |     endfunction // mem
 47 | 
 48 |     assign mem_mar = mem(mar);
 49 | 
 50 |     initial begin
 51 | 	stato = S_RESET;
 52 | 	PUNTI_RETTA = 0;
 53 | 	cont = 0;
 54 | 	mar = 0;
 55 | 	x = 0;
 56 | 	y = 0;
 57 | 	t = 0;
 58 |     end
 59 | 
 60 |     always @ (posedge clock) begin
 61 | 	case (stato)
 62 | 	  S_RESET: begin
 63 |               stato = S_START;
 64 | 	  end
 65 | 	  S_START: begin
 66 |               if (START) begin
 67 | 		  cont = 0;
 68 | 		  mar = 0;
 69 | 		  stato = S_LOAD_X;
 70 |               end else begin
 71 | 		  stato = S_START;
 72 | 		  PUNTI_RETTA = 0;
 73 |               end
 74 | 	  end
 75 | 	  S_LOAD_X: begin
 76 |               x = mem_mar;
 77 |               stato = S_UPDATE_MAR;
 78 | 	  end
 79 | 	  S_UPDATE_MAR: begin
 80 |               mar = mar + 1;
 81 |               t = {x[5:0], 1'b0};
 82 |               stato = S_LOAD_Y;
 83 | 	  end
 84 | 	  S_LOAD_Y: begin
 85 |               y = mem_mar[6:0];
 86 |               x = {1'b0, x[6:0]} + {1'b0, t};
 87 |               stato = S_CALC_RETTA;
 88 | 	  end
 89 | 	  S_CALC_RETTA: begin
 90 |               x = {1'b0, x[6:0]} + {1'b0, y};
 91 |               stato = S_INCREMENTA;
 92 | 	  end
 93 | 	  S_INCREMENTA: begin
 94 |               if (mar != 15) begin
 95 | 		  if (x == 2)
 96 | 		    cont = cont + 1;
 97 | 		  mar = mar + 1;
 98 | 		  stato = S_LOAD_X;
 99 |               end else begin
100 | 		  if (START == 0) begin
101 | 		      if (x == 2)
102 | 			PUNTI_RETTA = cont + 1;
103 | 		      else
104 | 			PUNTI_RETTA = cont;
105 | 		      stato = S_START;
106 | 		  end else begin
107 | 		      stato = S_INCREMENTA;
108 | 		  end
109 |               end
110 | 	  end
111 | 	endcase
112 |     end
113 |  assert property (x[7:0]!=148);
114 | 
115 | endmodule // b07
116 | 


--------------------------------------------------------------------------------
/safe/b07/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | --unwind 2
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/b08/main.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <assert.h>
  3 | 
  4 | _Bool nondet_bool();
  5 | unsigned char nondet_char();
  6 | 
  7 | int start_st = 0;
  8 | int init = 1;
  9 | int loop_st = 2;
 10 | int the_end = 3;
 11 | 
 12 | struct state_elements_b08 {
 13 |     unsigned char 	 O;
 14 |     _Bool    STATO;
 15 |     unsigned char 	 IN_R;
 16 |     unsigned char 	 MAR;
 17 |     unsigned char 	 OUT_R;
 18 | };
 19 | struct state_elements_b08 sb;
 20 | 
 21 | unsigned char ROMS(unsigned char a)
 22 | {
 23 |   unsigned int ROM;
 24 |   if      (a ==  0) ROM = 0x7F97A;
 25 |   else if (a ==  1) ROM = 0x39A62;
 26 |   else if (a ==  2) ROM = 0xA8FFF;
 27 |   else if (a ==  3) ROM = 0xFF6BA;
 28 |   else if (a ==  4) ROM = 0xFFF6E;
 29 |   else if (a ==  5) ROM = 0xFFBA8;
 30 |   else if (a ==  6) ROM = 0xCA75B;
 31 |   else              ROM = 0x2FFF4;
 32 |   return ROM;
 33 | } // ROM
 34 | 
 35 | void initial()
 36 | {
 37 | 	sb.STATO = start_st;
 38 | 	sb.MAR = 0;
 39 | 	sb.IN_R = 0;
 40 | 	sb.OUT_R = 0;
 41 | 	sb.O = 0;
 42 | }
 43 | 
 44 | void b08(
 45 |     _Bool        CLOCK,
 46 |     _Bool 	 START,
 47 |     unsigned char  I,
 48 |     unsigned char *O)
 49 | {
 50 | 
 51 |   unsigned char 	 ROM_1, ROM_2;
 52 |   unsigned char 	 ROM_OR;
 53 |   unsigned int  ROM_OUT;
 54 |   
 55 | 
 56 | 	// clocked block
 57 |   switch (sb.STATO) {
 58 |     case start_st: {
 59 |                      if (START) sb.STATO = init;
 60 |                      break;
 61 |                    }
 62 |     case init: {
 63 |                  sb.IN_R  = I;
 64 |                  sb.OUT_R = 0;
 65 |                  sb.MAR   = 0;
 66 |                  sb.STATO = loop_st;
 67 |                  break;
 68 |                }
 69 |     case loop_st: {
 70 |                     if (((ROM_2 & ~sb.IN_R) | (ROM_1 & sb.IN_R) | (ROM_2 & ROM_1)) ==
 71 |                         0xFF) {
 72 |                       sb.OUT_R = (sb.OUT_R | ROM_OR);
 73 |                     }
 74 |                     sb.STATO = the_end;
 75 |                     break;
 76 |                   }
 77 |     case the_end: {
 78 |                     if (sb.MAR != 7) {
 79 |                       sb.MAR = sb.MAR + 1; 
 80 |                       sb.STATO = loop_st;
 81 |                     } else if (!START) {
 82 |                       sb.O = sb.OUT_R;
 83 |                       sb.STATO = start_st;
 84 |                     }
 85 |                     break;
 86 |                   }	
 87 |   }
 88 |   
 89 |   ROM_OUT = ROMS(sb.MAR);
 90 |   ROM_1 = ((ROM_OUT>>12)&0xFF);
 91 |   ROM_2 = ((ROM_OUT>>4)&0xFF);
 92 |   ROM_OR = (ROM_OUT&0xF);
 93 |   assert((ROM_OR&0xF)!=0);
 94 |   *O=sb.O;
 95 | }
 96 | 
 97 | void main()
 98 | {
 99 |     _Bool        CLOCK;
100 |     _Bool 	 START;
101 |     unsigned char  I;
102 |     unsigned char O;
103 |     initial();
104 |     while(1) { 
105 |       START=nondet_bool();
106 |       I=nondet_char();
107 |       b08(CLOCK, START, I, &O);
108 |     }
109 | }
110 | 


--------------------------------------------------------------------------------
/safe/b08/main.sv:
--------------------------------------------------------------------------------
 1 | // Verilog translation of the original b08 circuit from the ITC99
 2 | // benchmark set.
 3 | 
 4 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
 5 | 
 6 | module main(CLOCK, START, I, O);
 7 |     input        CLOCK;
 8 |     input 	 START;
 9 |     input [7:0]  I;
10 |     output [3:0] O;
11 | 
12 |     reg [3:0] 	 O;
13 |     reg    STATO;
14 |     
15 |     parameter start_st = 0;
16 |     parameter init = 1;
17 |     parameter loop_st = 2;
18 |     parameter the_end = 3;
19 | 
20 |     wire [7:0] 	 ROM_1, ROM_2;
21 |     reg [7:0] 	 IN_R;
22 |     reg [2:0] 	 MAR;
23 |     reg [3:0] 	 OUT_R;
24 |     wire [3:0] 	 ROM_OR;
25 |     wire [19:0]  ROM_OUT;
26 | 
27 |     function [19:0] ROM;
28 | 	input [2:0] a;
29 | 	begin: _ROM
30 | 	    if (a == 0)
31 | 	      ROM = 20'b01111111100101111010;
32 | 	    else if (a == 1)
33 | 	      ROM = 20'b00111001110101100010;
34 | 	    else if (a == 2)
35 | 	      ROM = 20'b10101000111111111111;
36 | 	    else if (a == 3)
37 | 	      ROM = 20'b11111111011010111010;
38 | 	    else if (a == 4)
39 | 	      ROM = 20'b11111111111101101110;
40 | 	    else if (a == 5)
41 | 	      ROM = 20'b11111111101110101000;
42 | 	    else if (a == 6)
43 | 	      ROM = 20'b11001010011101011011;
44 | 	    else
45 | 	      ROM = 20'b00101111111111110100;
46 | 	end // block: _ROM
47 |     endfunction // ROM
48 | 
49 |     initial begin
50 | 	STATO = start_st;
51 | 	MAR = 0;
52 | 	IN_R = 0;
53 | 	OUT_R = 0;
54 | 	O = 0;
55 |     end
56 | 
57 |     assign ROM_OUT = ROM(MAR);
58 |     assign ROM_1 = ROM_OUT[19:12];
59 |     assign ROM_2 = ROM_OUT[11:4];
60 |     assign ROM_OR = ROM_OUT[3:0];
61 | 
62 |     always @ (posedge CLOCK) begin
63 | 	case (STATO)
64 | 	  start_st: begin
65 | 	      if (START) STATO = init;
66 | 	  end
67 | 	  init: begin
68 | 	      IN_R  = I;
69 | 	      OUT_R = 0;
70 | 	      MAR   = 0;
71 | 	      STATO = loop_st;
72 | 	  end
73 | 	  loop_st: begin
74 | 	      if (((ROM_2 & ~IN_R) | (ROM_1 & IN_R) | (ROM_2 & ROM_1)) ==
75 | 		  8'b11111111) begin
76 | 		  OUT_R = OUT_R | ROM_OR;
77 | 	      end
78 | 	      STATO = the_end;
79 | 	  end
80 | 	  the_end: begin
81 | 	      if (MAR != 7) begin
82 | 		  MAR = MAR + 1; 
83 | 		  STATO = loop_st;
84 | 	      end else if (!START) begin
85 | 		  O = OUT_R;
86 | 		  STATO = start_st;
87 | 	      end
88 | 	  end		
89 | 	endcase
90 |     end
91 |   assert property (ROM_OR[3:0]!=0);
92 | endmodule // b08
93 | 


--------------------------------------------------------------------------------
/safe/b08/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | --unwind 2
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/hwmcc15/139442p0/139442p0.aig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/safe/hwmcc15/139442p0/139442p0.aig


--------------------------------------------------------------------------------
/safe/hwmcc15/139443p0/139443p0.aig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/safe/hwmcc15/139443p0/139443p0.aig


--------------------------------------------------------------------------------
/safe/hwmcc15/139444p0/139444p0.aig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/safe/hwmcc15/139444p0/139444p0.aig


--------------------------------------------------------------------------------
/safe/hwmcc15/139454p0/139454p0.aig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/safe/hwmcc15/139454p0/139454p0.aig


--------------------------------------------------------------------------------
/safe/hwmcc15/139463p0/139463p0.aig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/safe/hwmcc15/139463p0/139463p0.aig


--------------------------------------------------------------------------------
/safe/hwmcc15/6s105/6s105.aig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/safe/hwmcc15/6s105/6s105.aig


--------------------------------------------------------------------------------
/safe/hwmcc15/6s12/6s12.aig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/safe/hwmcc15/6s12/6s12.aig


--------------------------------------------------------------------------------
/safe/hwmcc15/6s120/6s120.aig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/safe/hwmcc15/6s120/6s120.aig


--------------------------------------------------------------------------------
/safe/hwmcc15/6s122/6s122.aig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/safe/hwmcc15/6s122/6s122.aig


--------------------------------------------------------------------------------
/safe/hwmcc15/6s131/6s131.aig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/safe/hwmcc15/6s131/6s131.aig


--------------------------------------------------------------------------------
/safe/hwmcc15/6s173/6s173.aig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/safe/hwmcc15/6s173/6s173.aig


--------------------------------------------------------------------------------
/safe/hwmcc15/6s177/6s177.aig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/safe/hwmcc15/6s177/6s177.aig


--------------------------------------------------------------------------------
/safe/hwmcc15/6s179/6s179.aig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/safe/hwmcc15/6s179/6s179.aig


--------------------------------------------------------------------------------
/safe/hwmcc15/6s185/6s185.aig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/safe/hwmcc15/6s185/6s185.aig


--------------------------------------------------------------------------------
/safe/hwmcc15/6s186/6s186.aig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/safe/hwmcc15/6s186/6s186.aig


--------------------------------------------------------------------------------
/safe/hwmcc15/6s187/6s187.aig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/safe/hwmcc15/6s187/6s187.aig


--------------------------------------------------------------------------------
/safe/hwmcc15/6s198/6s198.aig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/safe/hwmcc15/6s198/6s198.aig


--------------------------------------------------------------------------------
/safe/hwmcc15/6s33/6s33.aig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/safe/hwmcc15/6s33/6s33.aig


--------------------------------------------------------------------------------
/safe/result.sh:
--------------------------------------------------------------------------------
 1 | if [ "$WORKSPACE" == "" ]
 2 | then
 3 | echo "WORKSPACE is not set"
 4 | exit 1
 5 | fi
 6 | 
 7 | #for all dirs
 8 | for dir in `ls $WORKSPACE`
 9 | do
10 |   #echo "checking " $dir
11 |   python statistics.py $WORKSPACE/$dir/ 
12 | done  
13 | 


--------------------------------------------------------------------------------
/safe/statistics.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | 
 3 | import sys
 4 | import re
 5 | import subprocess
 6 | import csv
 7 | import os
 8 | 
 9 | def processfile():
10 | 
11 |   src_path=sys.argv[1]
12 |   
13 |   properties=0
14 |   verified_prop=0
15 |   false_prop=0
16 |   inconclusive_prop=0
17 |   timeout_prop=0
18 |   memout_prop=0
19 |   error_prop=0
20 |   sum_runtime=0.0
21 |   sum_peak_memory=0.0
22 |   decisions=0
23 |   propagations=0
24 |   conflicts=0
25 |   conflict_literals=0
26 |   learnt_clauses=0
27 | 
28 |   # temporary variable
29 |   status=""
30 |   f_name=""
31 |   func_name=""
32 |   time=""
33 |   ver_time=0.0
34 |   total_time=0.0
35 | 
36 |   status_decision = re.compile("Decisions::") 
37 |   status_propagation = re.compile("Propagation::") 
38 |   status_conflict  = re.compile("Learning Iterations::")
39 |   status_conflict_literal = re.compile("Learnt literals::")
40 |   status_learnt_clauses = re.compile("Learnt clauses::")
41 |   status_time = re.compile("User time")
42 |   
43 |   for root, dirs, filenames in os.walk(src_path):
44 |     for f in filenames:
45 |       if f.endswith(".out"):
46 |         log = open(src_path + f, 'r')
47 |         lines=[line for line in log]
48 |  
49 |          
50 |         for line in lines:
51 |           if status_decision.search(line):
52 |             cols=line.split('::')
53 |             str1=cols[1].lstrip()
54 |             dec=str1.split(' ',1)[0]
55 |             num = int(dec)
56 |             decisions=decisions+num;
57 |           if status_propagation.search(line):
58 |             cols=line.split('::')
59 |             str1=cols[1].lstrip()
60 |             prop=str1.split(' ',1)[0]
61 |             num = int(prop)
62 |             propagations=propagations+num;
63 |           if status_conflict.search(line):
64 |             cols=line.split('::')
65 |             str1=cols[1].lstrip()
66 |             #str2=st1.rstrip()
67 |             con=str1.split(' ',1)[0]
68 |             num = int(con)
69 |             conflicts=conflicts+num
70 |           if status_conflict_literal.search(line):
71 |             cols=line.split('::')
72 |             str1=cols[1].lstrip()
73 |             lit=str1.split(' ',1)[0]
74 |             num = int(lit)
75 |             conflict_literals=conflict_literals+num
76 |           if status_learnt_clauses.search(line):
77 |             cols=line.split('::')
78 |             str1=cols[1].lstrip()
79 |             res=str1.split(' ',1)[0]
80 |             num = int(res)
81 |             learnt_clauses=learnt_clauses+num
82 |           if status_time.search(line):
83 |             cols=line.split(':')
84 |             str1=cols[1].lstrip()
85 |             time=str1.split(' ',1)[0]
86 |         #report.writerow([decisions,propagations,conflicts,conflict_literals,learnt_clauses]) 
87 | 
88 |         print root, decisions, propagations, conflicts, conflict_literals, learnt_clauses, time 
89 |   
90 |   #report_file=open('statistics.csv', 'wb')
91 |   #report = csv.writer(report_file, delimiter=',',
92 |   #    quotechar='|', quoting=csv.QUOTE_MINIMAL)
93 |   #report.writerow(['decisions', 'propagations', 'conflicts', 'conflict literals', 'learnt clauses']) 
94 |   #report.writerow([decisions,propagations,conflicts,conflict_literals,learnt_clauses]) 
95 |    
96 | processfile()            
97 | 


--------------------------------------------------------------------------------
/safe/statistics.sh:
--------------------------------------------------------------------------------
1 | WORKSPACE=~/TACAS17-experiments/acdcl-benchmarks/v2c-benchmarks/ ./result.sh
2 | 


--------------------------------------------------------------------------------
/safe/traffic_light_example/main.c:
--------------------------------------------------------------------------------
 1 | #define TRUE 1
 2 | #define FALSE 0
 3 | 
 4 | struct state_elements_Traffic_Light{
 5 |   unsigned char Light_Sign;
 6 |   unsigned int Counter;
 7 | };
 8 | struct state_elements_Traffic_Light  sTraffic_Light;
 9 | 
10 |  // parameters
11 |   int RED_LIGHT = 0;
12 |   int GREEN_LIGHT = 1;
13 |   int YELLOW_LIGHT = 2;
14 |   
15 |   unsigned int RED_count = 60;
16 |   unsigned int GREEN_count = 40;
17 |   unsigned int YELLOW_count = 5;
18 | 
19 | void Traffic_Light(_Bool reset, _Bool clk, unsigned int *time_left)
20 | {
21 |   unsigned char Light_Sign_old;
22 |   unsigned int Counter_old;
23 |   
24 |   // assignment statements
25 |   Light_Sign_old = sTraffic_Light.Light_Sign;
26 |   Counter_old = sTraffic_Light.Counter;
27 |   
28 |   if(!reset)
29 |   {
30 |     sTraffic_Light.Light_Sign = RED_LIGHT;
31 |     sTraffic_Light.Counter = 0;
32 |   }
33 | 
34 |   else
35 |   {
36 |     if(Light_Sign_old == RED_LIGHT)
37 |         sTraffic_Light.Light_Sign = (Counter_old == 0) ? GREEN_LIGHT : RED_LIGHT;
38 |     else
39 |      if(Light_Sign_old == GREEN_LIGHT)
40 |         sTraffic_Light.Light_Sign = (Counter_old == 0) ? YELLOW_LIGHT : GREEN_LIGHT;
41 |     else
42 |      if(Light_Sign_old == YELLOW_LIGHT)
43 |         sTraffic_Light.Light_Sign = (Counter_old == 0) ? RED_LIGHT : YELLOW_LIGHT;
44 |   
45 |     if(Light_Sign_old == RED_LIGHT)
46 |        sTraffic_Light.Counter = (Counter_old == 0) ? GREEN_count : Counter_old - 1;
47 |     else
48 |       if(Light_Sign_old == GREEN_LIGHT)
49 |        sTraffic_Light.Counter = (Counter_old == 0) ? YELLOW_count : Counter_old - 1;
50 | 
51 |     else
52 |       if(Light_Sign_old == YELLOW_LIGHT)
53 |        sTraffic_Light.Counter = (Counter_old == 0) ? RED_count : Counter_old - 1;
54 |   }
55 |   
56 |   *time_left = sTraffic_Light.Counter;
57 | }
58 | 
59 | int main() {
60 |   _Bool reset;
61 |   _Bool clk;
62 |   unsigned int time_left;
63 |   unsigned char temp;
64 |   // do reset
65 |   Traffic_Light(0, clk, &time_left);
66 |   
67 |   //while(1) {
68 |     Traffic_Light(1, clk, &time_left);
69 |     temp = sTraffic_Light.Light_Sign; 
70 |     //assert((time_left != 0xffffffff));
71 |     // This property failes after 42 clock cycles when GREEN_count reaches 40 down to 0
72 |     //assert((sTraffic_Light.Light_Sign != 2));
73 |     assert((sTraffic_Light.Light_Sign != 3));
74 |   //}
75 |   return 1;
76 | }
77 | 


--------------------------------------------------------------------------------
/safe/traffic_light_example/main.sv:
--------------------------------------------------------------------------------
 1 | module main (reset, clk, time_left);
 2 | input reset, clk;
 3 | output [7:0] time_left;
 4 | 
 5 | parameter RED_LIGHT    = 0;
 6 | parameter GREEN_LIGHT  = 1;
 7 | parameter YELLOW_LIGHT = 2;
 8 | 
 9 | wire [5:0] RED_count;
10 | wire [5:0] GREEN_count;
11 | wire [2:0] YELLOW_count;
12 | reg  [1:0] Light_Sign;
13 | reg  [7:0] Counter;
14 | 
15 | assign RED_count    = 6'h3F;
16 | assign GREEN_count  = 6'h3F;
17 | assign YELLOW_count = 3'h3F;
18 | 
19 | 
20 | assign time_left = Counter;
21 | 
22 | initial begin
23 |  Counter = 0;
24 |  Light_Sign = 0;
25 | end
26 | 
27 | always @(posedge clk) begin // or negedge reset) begin
28 |    if (reset) begin
29 |       Light_Sign <= RED_LIGHT;
30 |       Counter <= 8'd0;
31 |    end
32 |    else begin
33 |       case (Light_Sign)
34 |          RED_LIGHT :
35 |             Light_Sign <= (Counter == 8'd0) ? GREEN_LIGHT : RED_LIGHT;
36 |          GREEN_LIGHT : 
37 |             Light_Sign <= (Counter == 8'd0) ? YELLOW_LIGHT : GREEN_LIGHT;
38 |          YELLOW_LIGHT : 
39 |             Light_Sign <= (Counter == 8'd0) ? RED_LIGHT : YELLOW_LIGHT;
40 |       endcase
41 |       case (Light_Sign)
42 |          RED_LIGHT :
43 |             Counter <= (Counter == 8'd0) ? GREEN_count : Counter - 8'd1;
44 |          GREEN_LIGHT : 
45 |             Counter <= (Counter == 8'd0) ? YELLOW_count : Counter - 8'd1;
46 |          YELLOW_LIGHT : 
47 |             Counter <= (Counter == 8'd0) ? RED_count : Counter - 8'd1;
48 |       endcase
49 |    end
50 | end
51 |    //assume property (reset == 0);
52 |    assert property (time_left != 8'd255);
53 |    // this bug is manifested only after 41 iterations
54 |    //assert property3: (Light_Sign != 2'd2);
55 |    //assert property (Light_Sign != 2'd3);
56 | endmodule
57 | 
58 | 


--------------------------------------------------------------------------------
/safe/traffic_light_example/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | 
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/safe/translate/CRC/crc-1.hint:
--------------------------------------------------------------------------------
1 | clken=1 * reset=0 * compute=0 * load=1;
2 | 


--------------------------------------------------------------------------------
/safe/translate/CRC/crc-2.hint:
--------------------------------------------------------------------------------
1 | clken=1 * reset=0 * compute=0 * load=1;
2 | clken=1 * reset=0 * compute=1 * load=0 * data_in[7:1]=b0000000;
3 | 


--------------------------------------------------------------------------------
/safe/translate/CRC/crc.ctl:
--------------------------------------------------------------------------------
1 | AG !crc[31:0] = b10101010101010101010101010101010;
2 | 


--------------------------------------------------------------------------------
/safe/translate/CRC/crc.inv:
--------------------------------------------------------------------------------
1 | !crc[31:0] = b10101010101010101010101010101010;
2 | 


--------------------------------------------------------------------------------
/safe/translate/CRC/crc.ltl:
--------------------------------------------------------------------------------
1 | G !crc[31:0] = b10101010101010101010101010101010;
2 | 


--------------------------------------------------------------------------------
/safe/translate/Rotate/rotate.vpp:
--------------------------------------------------------------------------------
 1 | // Right rotator.
 2 | //
 3 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
 4 | 
 5 | `let logw = 5
 6 | `let logwm1 = `logw - 1
 7 | `let width = 1 << `logw
 8 | `let msb = `width - 1
 9 | 
10 | module rotate(clock,amount,din,dout);
11 |     input	      clock;
12 |     input [`logwm1:0] amount;
13 |     input [`msb:0]    din;
14 |     output [`msb:0]   dout;
15 | 
16 |     reg [`msb:0]      dout;
17 |     reg [`msb:0]      inr;
18 | 
19 |     `for (i = 0; i <= `logw; i++)
20 |     wire [`msb:0] tmp::`i;
21 |     `endfor
22 | 
23 |     initial begin
24 | 	dout = 0;
25 | 	inr = 0;
26 |     end
27 | 
28 |     assign tmp0 = inr;
29 |     `let j = 1;
30 |     `for (i = 0; i < `logw; i++)
31 |     `let ip1 = `i + 1;
32 |     `let jm1 = `j - 1;
33 |     assign tmp::`ip1 = amount[`i] ?
34 | 	{tmp::`i[`jm1:0], tmp::`i[`msb:`j]} : tmp::`i;
35 |     `let j = j + j;
36 |     `endfor
37 | 
38 |     always @ (posedge clock) begin
39 | 	dout = tmp::`logw;
40 | 	inr = din;
41 |     end // always @ (posedge clock)
42 | 
43 | endmodule // rotate
44 | 


--------------------------------------------------------------------------------
/safe/translate/Rotate/rotate32.ctl:
--------------------------------------------------------------------------------
1 | # FAIL:
2 | AG!(dout[31:0]=b10101010101010101010101010101010);
3 | 


--------------------------------------------------------------------------------
/safe/translate/Rotate/rotate32.hint:
--------------------------------------------------------------------------------
1 | amount[4:0]=0;
2 | 


--------------------------------------------------------------------------------
/safe/translate/Rotate/rotate32.inv:
--------------------------------------------------------------------------------
1 | # FAIL:
2 | !(dout[31:0]=b10101010101010101010101010101010);
3 | 


--------------------------------------------------------------------------------
/safe/translate/Rotate/rotate32.ltl:
--------------------------------------------------------------------------------
1 | # FAIL:
2 | G!(dout[31:0]=b10101010101010101010101010101010);
3 | 


--------------------------------------------------------------------------------
/safe/translate/Rotate/rotate32.v:
--------------------------------------------------------------------------------
 1 | // Right rotator.
 2 | //
 3 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
 4 | 
 5 | 
 6 | module rotate(clock,amount,din,dout);
 7 |     input	      clock;
 8 |     input [4:0] amount;
 9 |     input [31:0]    din;
10 |     output [31:0]   dout;
11 | 
12 |     reg [31:0]      dout;
13 |     reg [31:0]      inr;
14 | 
15 |     wire [31:0] tmp0;
16 |     wire [31:0] tmp1;
17 |     wire [31:0] tmp2;
18 |     wire [31:0] tmp3;
19 |     wire [31:0] tmp4;
20 |     wire [31:0] tmp5;
21 | 
22 |     initial begin
23 | 	dout = 0;
24 | 	inr = 0;
25 |     end
26 | 
27 |     assign tmp0 = inr;
28 |     assign tmp1 = amount[0] ?
29 | 	{tmp0[0:0], tmp0[31:1]} : tmp0;
30 |     assign tmp2 = amount[1] ?
31 | 	{tmp1[1:0], tmp1[31:2]} : tmp1;
32 |     assign tmp3 = amount[2] ?
33 | 	{tmp2[3:0], tmp2[31:4]} : tmp2;
34 |     assign tmp4 = amount[3] ?
35 | 	{tmp3[7:0], tmp3[31:8]} : tmp3;
36 |     assign tmp5 = amount[4] ?
37 | 	{tmp4[15:0], tmp4[31:16]} : tmp4;
38 | 
39 |     always @ (posedge clock) begin
40 | 	dout = tmp5;
41 | 	inr = din;
42 |     end // always @ (posedge clock)
43 | 
44 | endmodule // rotate
45 | 


--------------------------------------------------------------------------------
/safe/translate/Rotate/rotate4.v:
--------------------------------------------------------------------------------
 1 | // Right rotator.
 2 | //
 3 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
 4 | 
 5 | 
 6 | module rotate(clock,amount,din,dout);
 7 |     input	      clock;
 8 |     input [1:0] amount;
 9 |     input [3:0]    din;
10 |     output [3:0]   dout;
11 | 
12 |     reg [3:0]      dout;
13 |     reg [3:0]      inr;
14 | 
15 |     wire [3:0] tmp0;
16 |     wire [3:0] tmp1;
17 |     wire [3:0] tmp2;
18 | 
19 |     initial begin
20 | 	dout = 0;
21 | 	inr = 0;
22 |     end
23 | 
24 |     assign tmp0 = inr;
25 |     assign tmp1 = amount[0] ?
26 | 	{tmp0[0:0], tmp0[3:1]} : tmp0;
27 |     assign tmp2 = amount[1] ?
28 | 	{tmp1[1:0], tmp1[3:2]} : tmp1;
29 | 
30 |     always @ (posedge clock) begin
31 | 	dout = tmp2;
32 | 	inr = din;
33 |     end // always @ (posedge clock)
34 | 
35 | endmodule // rotate
36 | 


--------------------------------------------------------------------------------
/safe/translate/Swap/swap.ctl:
--------------------------------------------------------------------------------
1 | #PASS:
2 | AG !(x<*0*>[2:0] == x<*1*>[2:0]);
3 | 


--------------------------------------------------------------------------------
/safe/translate/Swap/swap.inv:
--------------------------------------------------------------------------------
1 | #PASS:
2 | !(x<*0*>[2:0] == x<*1*>[2:0]);
3 | 


--------------------------------------------------------------------------------
/safe/translate/Swap/swap.ltl:
--------------------------------------------------------------------------------
1 | #PASS:
2 | G !(x<*0*>[2:0] == x<*1*>[2:0]);


--------------------------------------------------------------------------------
/safe/translate/Swap/swap.ord:
--------------------------------------------------------------------------------
 1 | # vis release 2.0 (compiled 21-Aug-03 at 9:00 AM)
 2 | # network name: swap
 3 | # generated: Thu Aug 21 15:22:03 2003
 4 | #
 5 | # name         type            mddId vals levs
 6 | i<2>          primary-input        2    2 (0)
 7 | i<1>          primary-input        1    2 (1)
 8 | i<0>          primary-input        0    2 (2)
 9 | x<*6*><1>$NS  shadow              16    2 (3)
10 | x<*6*><1>     latch               15    2 (4)
11 | x<*1*><1>$NS  shadow               6    2 (5)
12 | x<*1*><1>     latch                5    2 (6)
13 | x<*2*><1>$NS  shadow               8    2 (7)
14 | x<*2*><1>     latch                7    2 (8)
15 | x<*3*><1>$NS  shadow              10    2 (9)
16 | x<*3*><1>     latch                9    2 (10)
17 | x<*4*><1>$NS  shadow              12    2 (11)
18 | x<*4*><1>     latch               11    2 (12)
19 | x<*0*><1>     latch                3    2 (13)
20 | x<*0*><1>$NS  shadow               4    2 (14)
21 | x<*7*><1>     latch               17    2 (15)
22 | x<*7*><1>$NS  shadow              18    2 (16)
23 | tmp<1>        latch               51    2 (17)
24 | tmp<1>$NS     shadow              52    2 (18)
25 | x<*5*><1>$NS  shadow              14    2 (19)
26 | x<*5*><1>     latch               13    2 (20)
27 | x<*2*><2>     latch               23    2 (21)
28 | x<*2*><2>$NS  shadow              24    2 (22)
29 | x<*1*><2>     latch               21    2 (23)
30 | x<*1*><2>$NS  shadow              22    2 (24)
31 | x<*3*><2>$NS  shadow              26    2 (25)
32 | x<*3*><2>     latch               25    2 (26)
33 | x<*0*><2>     latch               19    2 (27)
34 | x<*0*><2>$NS  shadow              20    2 (28)
35 | x<*7*><2>     latch               33    2 (29)
36 | x<*7*><2>$NS  shadow              34    2 (30)
37 | x<*4*><2>$NS  shadow              28    2 (31)
38 | x<*4*><2>     latch               27    2 (32)
39 | x<*5*><2>$NS  shadow              30    2 (33)
40 | x<*5*><2>     latch               29    2 (34)
41 | tmp<2>$NS     shadow              56    2 (35)
42 | tmp<2>        latch               55    2 (36)
43 | tmp<0>$NS     shadow              54    2 (37)
44 | tmp<0>        latch               53    2 (38)
45 | x<*7*><0>     latch               49    2 (39)
46 | x<*7*><0>$NS  shadow              50    2 (40)
47 | x<*1*><0>$NS  shadow              38    2 (41)
48 | x<*1*><0>     latch               37    2 (42)
49 | x<*2*><0>$NS  shadow              40    2 (43)
50 | x<*2*><0>     latch               39    2 (44)
51 | x<*6*><0>     latch               47    2 (45)
52 | x<*6*><0>$NS  shadow              48    2 (46)
53 | x<*6*><2>$NS  shadow              32    2 (47)
54 | x<*6*><2>     latch               31    2 (48)
55 | x<*4*><0>$NS  shadow              44    2 (49)
56 | x<*4*><0>     latch               43    2 (50)
57 | x<*5*><0>$NS  shadow              46    2 (51)
58 | x<*5*><0>     latch               45    2 (52)
59 | x<*3*><0>     latch               41    2 (53)
60 | x<*3*><0>$NS  shadow              42    2 (54)
61 | x<*0*><0>     latch               35    2 (55)
62 | x<*0*><0>$NS  shadow              36    2 (56)
63 | 


--------------------------------------------------------------------------------
/safe/translate/Swap/swap.v:
--------------------------------------------------------------------------------
 1 | // Swap model from "Applying SAT Methods in Unbounded Symbolic Model
 2 | // Checking," by Ken McMillan.
 3 | // Initially, x[j]=j.  At each clock cycle, two adjacent numbers are
 4 | // swapped.
 5 | //
 6 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
 7 | 
 8 | module swap(clock,i);
 9 |     parameter K = 3;		// bits in each number
10 |     parameter Nm1 = 7;		// highest index (must be less than 1<<K)
11 |     input         clock;
12 |     input [K-1:0] i;
13 | 
14 |     reg [K-1:0]   x [0:Nm1];
15 |     reg [K-1:0]   tmp;
16 |     wire [K-1:0]  m, p;
17 |     integer 	  j;
18 | 
19 |     initial begin
20 | 	for (j=0; j<=Nm1; j=j+1)
21 | 	  x[j] = j;
22 | 	tmp = 0;
23 |     end
24 | 
25 |     assign p = (i >= Nm1) ? (Nm1): i;
26 |     assign m = (p == 0) ? Nm1 : (p-1);
27 | 
28 |     always @ (posedge clock) begin
29 | 	tmp = x[p];
30 | 	x[p] = x[m];
31 | 	x[m] = tmp;
32 |     end
33 | 
34 | endmodule // swap
35 | 
36 | 


--------------------------------------------------------------------------------
/safe/translate/Unidec/ex2.ctl:
--------------------------------------------------------------------------------
1 | AG found=0;
2 | 


--------------------------------------------------------------------------------
/safe/translate/Unidec/ex2.inv:
--------------------------------------------------------------------------------
1 | found=0;
2 | 


--------------------------------------------------------------------------------
/safe/translate/Unidec/ex2.ltl:
--------------------------------------------------------------------------------
1 | #PASS:
2 | G found=0;
3 | 


--------------------------------------------------------------------------------
/safe/translate/Unidec/ex2.v:
--------------------------------------------------------------------------------
 1 | // Another example of unique decipherability checking from Ash.
 2 | 
 3 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
 4 | 
 5 | module unidec(clk, sel1, sel2, found);
 6 |     input 	clk;
 7 |     input [2:0] sel1;
 8 |     input [1:0] sel2;
 9 |     output 	found;
10 | 
11 |     wire [12:0] other;
12 |     reg [12:0] 	word;
13 |     reg 	found;
14 |     reg 	init;
15 | 
16 |     // This function returns a code word.  Each character is three bits
17 |     // (a: 000, b: 001, c: 010, d: 011, and e: 100).  Each word is up to
18 |     // five characters plus a "stop" bit.  Characters are stored in a word
19 |     // in reverse order so that a right shift produces a suffix.
20 |     function [12:0] code;
21 | 	input [2:0] sel;
22 | 	begin: _code
23 | 	    case (sel)
24 | 	      0: code = 13'b0001010001000; // abc
25 | 	      1: code = 13'b1011010001000; // abcd
26 | 	      2: code = 13'b0000000001100; // e
27 | 	      3: code = 13'b0001000001011; // dba
28 | 	      4: code = 13'b1100010000001; // bace
29 | 	      5: code = 13'b1010000100010; // ceac
30 | 	      6: code = 13'b1001000100010; // ceab
31 | 	      7: code = 13'b1011001000100; // eabd
32 | 	    endcase
33 | 	end
34 |     endfunction // code
35 | 
36 |     // This function extracts a proper prefix of lengh sel from word.
37 |     // If word does not have more than sel characters or sel is 0, it
38 |     // returns an invalid word.
39 |     function [12:0] prefix;
40 | 	input [12:0] word;
41 | 	input [1:0] sel;
42 | 	begin: _prefix
43 | 	    case (sel)
44 | 	      0: prefix = 13'b0111111111111;
45 | 	      1: if (word[12:4] == 0)  prefix = 13'b0111111111111;
46 | 	      else prefix = {10'b1, word[2:0]};
47 | 	      2: if (word[12:7] == 0)  prefix = 13'b0111111111111;
48 | 	      else prefix = { 7'b1, word[5:0]};
49 | 	      3: if (word[12:10] == 0) prefix = 13'b0111111111111;
50 | 	      else prefix = { 4'b1, word[8:0]};
51 | 	    endcase
52 | 	end
53 |     endfunction // prefix
54 | 
55 |     // This function returns a suffix of word dropping the first sel
56 |     // characters.
57 |     function [12:0] suffix;
58 | 	input [12:0] word;
59 | 	input [1:0] sel;
60 | 	begin: _suffix
61 | 	    case (sel)
62 | 	      0: suffix = 0;
63 | 	      1: suffix = {3'b0, word[12:3]};
64 | 	      2: suffix = {6'b0, word[12:6]};
65 | 	      3: suffix = {9'b0, word[12:9]};
66 | 	    endcase
67 | 	end
68 |     endfunction // suffix
69 | 
70 | 
71 |     initial begin
72 | 	word = code(sel1);
73 | 	found = 0;
74 | 	init = 1;
75 |     end
76 | 
77 |     assign other = code(sel1);
78 | 
79 |     always @ (posedge clk) begin
80 | 	found = !init && word == other;
81 | 	init = 0;
82 | 	if (other == prefix(word,sel2)) begin
83 | 	    // There is a code word that is a prefix of the current word.
84 | 	    // Make the suffix of the current word the next word.
85 | 	    word = suffix(word,sel2);
86 | 	end else if (prefix(other,sel2) == word) begin
87 | 	    // The current word is a prefix of another code word.
88 | 	    // Make the suffix of the other word the next word.
89 | 	    word = suffix(other,sel2);
90 | 	end else begin
91 | 	    // Neither applies.  Go to trap state.
92 | 	    word = 0;
93 | 	end
94 |     end
95 | 
96 | endmodule // unidec
97 | 


--------------------------------------------------------------------------------
/safe/translate/Unidec/ex3.v:
--------------------------------------------------------------------------------
  1 | // Another example of unique decipherability checking from Ash.
  2 | 
  3 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
  4 | 
  5 | module unidec(clk, sel1, sel2, found);
  6 |     input 	clk;
  7 |     input [2:0] sel1;
  8 |     input [2:0] sel2;
  9 |     output 	found;
 10 | 
 11 |     wire [6:0] 	other;
 12 |     reg [6:0] 	word;
 13 |     reg 	found;
 14 |     reg 	init;
 15 | 
 16 |     // This function returns a code word.  Each word is up to six
 17 |     // characters (0 or 1) plus a "stop" bit.  Characters are stored in a
 18 |     // word in reverse order so that a right shift produces a suffix.
 19 |     function [6:0] code;
 20 | 	input [2:0] sel;
 21 | 	begin: _code
 22 | 	    case (sel)
 23 | 	      0: code = 7'b0001010; // 010
 24 | 	      1: code = 7'b0011000; // 0001
 25 | 	      2: code = 7'b0010110; // 0110
 26 | 	      3: code = 7'b0010011; // 1100
 27 | 	      4: code = 7'b0111000; // 00011
 28 | 	      5: code = 7'b0101100; // 00110
 29 | 	      6: code = 7'b0101111; // 11110
 30 | 	      7: code = 7'b1110101; // 101011
 31 | 	    endcase
 32 | 	end
 33 |     endfunction // code
 34 | 
 35 |     // This function extracts a proper prefix of lengh sel from word.
 36 |     // If word does not have more than sel characters, it returns
 37 |     // an invalid word.
 38 |     function [6:0] prefix;
 39 | 	input [6:0] word;
 40 | 	input [2:0] sel;
 41 | 	begin: _prefix
 42 | 	    case (sel)
 43 | 	      1: if (word[6:2] == 0) prefix = 7'b0111111;
 44 | 	      else prefix = {6'b1, word[0]};
 45 | 	      2: if (word[6:3] == 0) prefix = 7'b0111111;
 46 | 	      else prefix = {5'b1, word[1:0]};
 47 | 	      3: if (word[6:4] == 0) prefix = 7'b0111111;
 48 | 	      else prefix = {4'b1, word[2:0]};
 49 | 	      4: if (word[6:5] == 0) prefix = 7'b0111111;
 50 | 	      else prefix = {3'b1, word[3:0]};
 51 | 	      5: if (word[6] == 0)   prefix = 7'b0111111;
 52 | 	      else prefix = {2'b1, word[4:0]};
 53 | 	      default: prefix = 7'b0111111;
 54 | 	    endcase
 55 | 	end
 56 |     endfunction // prefix
 57 | 
 58 |     // This function returns a suffix of word dropping the first sel
 59 |     // characters.
 60 |     function [6:0] suffix;
 61 | 	input [6:0] word;
 62 | 	input [2:0] sel;
 63 | 	begin: _suffix
 64 | 	    case (sel)
 65 | 	      1: suffix = {1'b0, word[6:1]};
 66 | 	      2: suffix = {2'b0, word[6:2]};
 67 | 	      3: suffix = {3'b0, word[6:3]};
 68 | 	      4: suffix = {4'b0, word[6:4]};
 69 | 	      5: suffix = {5'b0, word[6:5]};
 70 | 	      default: suffix = 0;
 71 | 	    endcase
 72 | 	end
 73 |     endfunction // suffix
 74 | 
 75 | 
 76 |     initial begin
 77 | 	word = code(sel1);
 78 | 	found = 0;
 79 | 	init = 1;
 80 |     end
 81 | 
 82 |     assign other = code(sel1);
 83 | 
 84 |     always @ (posedge clk) begin
 85 | 	found = !init && word == other;
 86 | 	init = 0;
 87 | 	if (other == prefix(word,sel2)) begin
 88 | 	    // There is a code word that is a prefix of the current word.
 89 | 	    // Make the suffix of the current word the next word.
 90 | 	    word = suffix(word,sel2);
 91 | 	end else if (prefix(other,sel2) == word) begin
 92 | 	    // The current word is a prefix of another code word.
 93 | 	    // Make the suffix of the other word the next word.
 94 | 	    word = suffix(other,sel2);
 95 | 	end else begin
 96 | 	    // Neither applies.  Go to trap state.
 97 | 	    word = 0;
 98 | 	end
 99 |     end
100 | 
101 | endmodule // unidec
102 | 


--------------------------------------------------------------------------------
/safe/translate/Unidec/unidec.ctl:
--------------------------------------------------------------------------------
 1 | #PASS: From every state the trap state is rachable in one step.
 2 | AG EX word[15:0]=0;
 3 | 
 4 | #PASS: The trap state lives up to its name.
 5 | AG(word[15:0]=0 -> AX word[15:0]=0);
 6 | 
 7 | #PASS: Eventually the trap is inevitable.
 8 | AF word[15:0]=0;
 9 | 
10 | #PASS: The initial states are: a, c, ad, abb, bad, deb, bbcde.
11 | word[15:0]={b0000000000001000,
12 |             b0000000000001010,
13 |             b0000000001011000,
14 |             b0000001001001000,
15 |             b0000001011000001,
16 |             b0000001001100011,
17 |             b1100011010001001};
18 | 
19 | #PASS: The states in the first onion ring are d, bb, and Trap.
20 | word[15:0]=b0000000000001000 -> EX word[15:0]=b0000000000001011;
21 | word[15:0]=b0000000000001000 -> EX word[15:0]=b0000000001001001;
22 | 
23 | AX(word[15:0]=b0000000000001011 + word[15:0]=b0000000001001001 +
24 |    word[15:0]=0);
25 | 
26 | #PASS: The states in the second onion ring are eb and cde.
27 | word[15:0]=b0000000000001000 -> EX:2(word[15:0]=b0000000001001100);
28 | word[15:0]=b0000000000001000 -> EX:2(word[15:0]=b0000001100011010);
29 | 
30 | AX:2(word[15:0]=b0000000001001100 + word[15:0]=b0000001100011010 +
31 |      word[15:0]=0);
32 | 
33 | #PASS: The state in the third onion ring is de.
34 | word[15:0]=b0000000000001000 -> EX:3(word[15:0]=b0000000001100011);
35 | 
36 | AX:3(word[15:0]=b0000000001100011 + word[15:0]=0);
37 | 
38 | #PASS: The state in the fourth onion ring is b.
39 | word[15:0]=b0000000000001000 -> EX:4(word[15:0]=b0000000000001001);
40 | 
41 | AX:4(word[15:0]=b0000000000001001 + word[15:0]=0);
42 | 
43 | #PASS: The state in the fifth onion ring is bcde.  State ad is also
44 | # reachable at this point.
45 | word[15:0]=b0000000000001000 -> EX:5(word[15:0]=b0000000001011000);
46 | word[15:0]=b0000000000001000 -> EX:5(word[15:0]=b0001100011010001);
47 | 
48 | AX:5(word[15:0]=b0000000001011000 + word[15:0]=b0001100011010001 +
49 |      word[15:0]=0);
50 | 
51 | #PASS: Every path of length eight or more reaches the Trap.
52 | AX:8(word[15:0]=0);
53 | 
54 | #PASS: Only three initial states have successors that are not the Trap.
55 | word[15:0]={b0000000000001000,b0000000001011000,b0000001001001000} +
56 | AX word[15:0]=0;
57 | 
58 | #FAIL: The counterexample to this property shows that the code is not
59 | # uniquely decipherable.
60 | AG found=0;
61 | 


--------------------------------------------------------------------------------
/safe/translate/Unidec/unidec.inv:
--------------------------------------------------------------------------------
 1 | #FAIL:
 2 | !word[15:0]=b0000000000001000; #  1: a
 3 | !word[15:0]=b0000000000001010; #  2: c
 4 | !word[15:0]=b0000000001011000; #  3: ad
 5 | !word[15:0]=b0000001001001000; #  4: abb
 6 | !word[15:0]=b0000001011000001; #  5: bad
 7 | !word[15:0]=b0000001001100011; #  6: deb
 8 | !word[15:0]=b1100011010001001; #  7: bbcde
 9 | !word[15:0]=b0000000000000000; #  8: NULL
10 | !word[15:0]=b0000000000001011; #  9: d
11 | !word[15:0]=b0000000001001001; # 10: bb
12 | !word[15:0]=b0000000001001100; # 11: eb
13 | !word[15:0]=b0000001100011010; # 12: cde
14 | !word[15:0]=b0000000001100011; # 13: de
15 | !word[15:0]=b0000000000001001; # 14: b
16 | !word[15:0]=b0001100011010001; # 15: bcde
17 | 


--------------------------------------------------------------------------------
/safe/translate/Unidec/unidec.ltl:
--------------------------------------------------------------------------------
 1 | #PASS: The trap state lives up to its name.
 2 | G(word[15:0]=0 -> X word[15:0]=0);
 3 | 
 4 | #PASS: Eventually the trap is inevitable.
 5 | F word[15:0]=0;
 6 | 
 7 | #PASS: The initial states are: a, c, ad, abb, bad, deb, bbcde.
 8 | word[15:0]={b0000000000001000,
 9 |             b0000000000001010,
10 |             b0000000001011000,
11 |             b0000001001001000,
12 |             b0000001011000001,
13 |             b0000001001100011,
14 |             b1100011010001001};
15 | 
16 | #PASS: The states in the first onion ring are d, bb, and Trap.
17 | X(word[15:0]=b0000000000001011 + word[15:0]=b0000000001001001 +
18 |   word[15:0]=0);
19 | 
20 | #PASS: The states in the second onion ring are eb and cde.
21 | X:2(word[15:0]=b0000000001001100 + word[15:0]=b0000001100011010 +
22 |     word[15:0]=0);
23 | 
24 | #PASS: The state in the third onion ring is de.
25 | X:3(word[15:0]=b0000000001100011 + word[15:0]=0);
26 | 
27 | #PASS: The state in the fourth onion ring is b.
28 | X:4(word[15:0]=b0000000000001001 + word[15:0]=0);
29 | 
30 | #PASS: The state in the fifth onion ring is bcde.  State ad is also
31 | # reachable at this point.
32 | X:5(word[15:0]=b0000000001011000 + word[15:0]=b0001100011010001 +
33 |     word[15:0]=0);
34 | 
35 | #PASS: Every path of length eight or more reaches the Trap.
36 | X:8(word[15:0]=0);
37 | 
38 | #PASS: Only three initial states have successors that are not the Trap.
39 | word[15:0]={b0000000000001000,b0000000001011000,b0000001001001000} +
40 | X word[15:0]=0;
41 | 
42 | #FAIL: The counterexample to this property shows that the code is not
43 | # uniquely decipherable.
44 | G found=0;
45 | 


--------------------------------------------------------------------------------
/safe/translate/segments/.sg1.fair.swp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/safe/translate/segments/.sg1.fair.swp


--------------------------------------------------------------------------------
/safe/translate/segments/.sg1.v.swp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/safe/translate/segments/.sg1.v.swp


--------------------------------------------------------------------------------
/safe/translate/segments/main.v:
--------------------------------------------------------------------------------
 1 | // Simple FSM illustrating that convergence of the dijunction of the partial
 2 | // iterates may occur when the fixpoint has not been reached yet in the
 3 | // segmented approach to EG computation.
 4 | //
 5 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
 6 | // Modified By: Rajdeep Mukherjee <rajdeep.mukherjee@cs.ox.ac.uk>
 7 | 
 8 | module main(clock,i, o, state);
 9 |     input clock,i;
10 |     output o;
11 |     output state;
12 |     reg state;
13 | 
14 |     parameter A = 0;
15 |     parameter B = 1;
16 |     parameter C = 2;
17 |     parameter D = 3;
18 |     parameter E = 4;
19 |     
20 |     initial state = A;
21 | 
22 |   always @ (posedge clock) begin
23 | 	 case (state)
24 | 	  0: state = i ? B : A;
25 | 	  1: state = i ? C : D;
26 | 	  2: state = B;
27 | 	  3: state = E;
28 | 	  4: state = E;
29 | 	 endcase // case(state)
30 |   end
31 |   assign o = state == A;
32 |   assert property3: (state == A || state == B || state == C || state == D || state == E);
33 | endmodule // sg1
34 | 
35 | module test();
36 |  wire clock, i, o, state;
37 |   
38 |  parameter A = 0;
39 |  parameter B = 1;
40 |  parameter C = 2;
41 |  parameter D = 3;
42 |  parameter E = 4;
43 |  main m1(clock,1'b0, o, state);
44 |  assert property1: !(i==0) || (state == A); 
45 |  main m2(clock,1'b1, o, state);
46 |  assert property2: !(i==1) || (state == B); 
47 | endmodule 
48 | 


--------------------------------------------------------------------------------
/safe/translate/segments/test.desc:
--------------------------------------------------------------------------------
1 | main.v
2 | --module test --bound 3
3 | ^EXIT=0$
4 | ^SIGNAL=0$
5 | 
6 | 


--------------------------------------------------------------------------------
/unsafe/DAIO/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | 
4 | ^EXIT=10$
5 | ^SIGNAL=0$
6 | ^VERIFICATION FAILED$
7 | 


--------------------------------------------------------------------------------
/unsafe/Dekker/.dekker.ltl.swp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/unsafe/Dekker/.dekker.ltl.swp


--------------------------------------------------------------------------------
/unsafe/Dekker/main.c:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #define TRUE 1
 3 | #define FALSE 0
 4 | 
 5 | _Bool nondet_bool();
 6 | 
 7 | struct state_elements_main{
 8 |   _Bool c[2];
 9 |   _Bool turn;
10 |   _Bool self;
11 |   unsigned char pc[2];
12 | };
13 | 
14 | int L0 = 0;
15 | int L1 = 1;
16 | int L2 = 2;
17 | int L3 = 3;
18 | int L4 = 4;
19 | int L5 = 5;
20 | int L6 = 6;
21 | 
22 | 
23 | void initial(struct state_elements_main *smain, _Bool clock, _Bool select, _Bool pause) {
24 |    smain->pc[0] = L0 & 1;
25 |    smain->pc[1] = (L0 & 1);
26 |    smain->c[0] = TRUE;
27 |    smain->c[1] = TRUE;
28 |    smain->self = select;
29 | }
30 | 
31 |  void dekker(struct state_elements_main *smain, _Bool clock, _Bool select, _Bool pause)
32 |  {
33 |     smain->self = select;
34 |     if(smain->pc[smain->self] == L0) {
35 |       if(!pause)
36 |         smain->pc[smain->self] = L1;
37 |     }
38 |     else
39 |       if(smain->pc[smain->self] == L1)
40 |       {
41 |         smain->c[smain->self] = FALSE;
42 |         smain->pc[smain->self] = L2;
43 |       }
44 |       else
45 |         if(smain->pc[smain->self] == L2) {
46 |           if(smain->c[!smain->self] == 1)
47 |             smain->pc[smain->self] = L5;
48 |           else
49 |             smain->pc[smain->self] = L3;
50 |         }
51 |         else
52 |           if(smain->pc[smain->self] == L3) {
53 |             if(smain->turn == smain->self)
54 |               smain->pc[smain->self] = L2;
55 |             else
56 |             {
57 |               smain->c[smain->self] = TRUE;
58 |               smain->pc[smain->self] = L4;
59 |             }
60 |           }
61 |           else
62 |             if(smain->pc[smain->self] == L4) {
63 |               if(smain->turn == smain->self)
64 |               {
65 |                 smain->c[smain->self] = FALSE;
66 |                 smain->pc[smain->self] = L2;
67 |               }
68 |             }
69 |             else
70 |               if(smain->pc[smain->self] == L5) {
71 |                 if(!pause)
72 |                   smain->pc[smain->self] = L6;
73 |              }
74 |               else
75 |                 if(smain->pc[smain->self] == L6)
76 |                 {
77 |                   smain->c[smain->self] = TRUE;
78 |                   smain->turn = !smain->self;
79 |                   smain->pc[smain->self] = L0;
80 |                 }
81 | 
82 |   }
83 | 
84 | void main() {
85 |  _Bool clock;
86 |  _Bool select;
87 |  _Bool pause;
88 |  struct state_elements_main smain;
89 | 
90 |  initial(&smain,clock, select, pause);
91 |  select = nondet_bool();
92 |  dekker(&smain,clock, select, pause);
93 |  // Mutual exclusion property, both the processes can not be in the critical
94 |  // section at the same time
95 |  assert((smain.pc[0] == L5 && smain.pc[1] == L5));
96 |  // fair scheduling
97 |  //assert((smain.self == 1 || smain.self == 0));
98 | }
99 | 


--------------------------------------------------------------------------------
/unsafe/Dekker/main.v:
--------------------------------------------------------------------------------
 1 | // Model of Dekker's algorithm for mutual exclusion of two processes.
 2 | //
 3 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
 4 | // Modified by: Rajdeep Mukherjee <rajdeep.mukherjee@cs.ox.ac.uk>
 5 | 
 6 | module main(clock,select,pause);
 7 |     input     clock;
 8 |     input     select;
 9 |     input     pause;
10 |     parameter L0 = 0;
11 |     parameter L1 = 1;
12 |     parameter L2 = 2;
13 |     parameter L3 = 3;
14 |     parameter L4 = 4;
15 |     parameter L5 = 5;
16 |     parameter L6 = 6;
17 |    
18 | 
19 |     reg       c[0:1];
20 |     reg  turn, self;
21 |     reg [2:0]  pc[0:1];
22 | 
23 |     initial begin
24 | 	pc[0] = L0; pc[1] = L0;
25 | 	c[0] = 1; c[1] = 1;
26 | 	//turn = $ND(0,1);
27 |    //self = select; // changed to compile with yosys
28 |     end
29 | 
30 |     always @ (posedge clock) begin
31 | 	self = select;
32 | 	case (pc[self])
33 | 	  L0: if (!pause) pc[self] = L1;	// noncritical section
34 | 	  L1: begin c[self] = 0; pc[self] = L2; end
35 | 	  L2: if (c[~self] == 1) pc[self] = L5; else pc[self] = L3;
36 | 	  L3:
37 | 	    if (turn == self)
38 | 	      pc[self] = L2;
39 | 	    else begin
40 | 		c[self] = 1;
41 | 		pc[self] = L4;
42 | 	    end
43 | 	  L4: if (turn == self) begin c[self] = 0; pc[self] = L2; end
44 | 	  L5: if (!pause) pc[self] = L6;	// critical section
45 | 	  L6: begin c[self] = 1; turn = ~self; pc[self] = L0; end
46 | 	endcase
47 |     end
48 |    // Mutual exclusion property, both the processes can not be in the critical
49 |    // section at the same time
50 |    assert property1: ((pc[0] == L5 && pc[1] == L5));
51 |    // fair scheduling
52 |    //assert property2: ((self[0] == 1 || self[0] == 0));
53 | endmodule // dekker
54 | 


--------------------------------------------------------------------------------
/unsafe/Dekker/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | 
4 | ^EXIT=10$
5 | ^SIGNAL=0$
6 | ^VERIFICATION FAILED$
7 | 


--------------------------------------------------------------------------------
/unsafe/FIFO/main.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <assert.h>
  3 | 
  4 | _Bool nondet_bool();
  5 | unsigned char nondet_uchar();
  6 | 
  7 | int MSBD = 3;
  8 | int LAST = 1;
  9 | int MSBA = 3;
 10 | 
 11 | struct state_elements_srFIFO {
 12 |   _Bool empty;
 13 |   unsigned char mem[16];
 14 |   unsigned char tail;
 15 | };
 16 | struct state_elements_srFIFO  ssrFIFO;
 17 | 
 18 | void initial_srFIFO() {
 19 |   int i;
 20 |   //for(i = 0; i <= LAST; i = i + 1)
 21 |   ssrFIFO.mem[0] = 0;
 22 |   ssrFIFO.tail = 0;
 23 |   ssrFIFO.empty = 1;
 24 | } 
 25 | 
 26 | void srFIFO(_Bool clock, unsigned char dataIn, _Bool push, _Bool pop, unsigned char *dataOut, _Bool *full, _Bool *empty)
 27 | {
 28 |   int i;
 29 |   unsigned char tmp1;
 30 |   // clocked block 
 31 |   if(push && !*full)
 32 |   {
 33 |     //for(i = LAST; i > 0; i = i - 1)
 34 |     ssrFIFO.mem[0] = (ssrFIFO.mem[i - 1] & 0xF);
 35 |     ssrFIFO.mem[0] = dataIn & 0xF;
 36 |     
 37 |     if(!ssrFIFO.empty)
 38 |       ssrFIFO.tail = (ssrFIFO.tail + 1) & 0xF;
 39 |     ssrFIFO.empty = 0;
 40 |     *empty = 0;
 41 |   }
 42 | 
 43 |   else
 44 |     if(pop && !ssrFIFO.empty)
 45 |     {
 46 |       if(ssrFIFO.tail == 0)
 47 |       {
 48 |         ssrFIFO.empty = 1;
 49 |         *empty = 1;
 50 |       }
 51 |     else
 52 |         ssrFIFO.tail = ((ssrFIFO.tail & 0xF) - 1) & 0xF;
 53 |     }
 54 | 
 55 |   tmp1 = ssrFIFO.tail & 0xF;
 56 |   *dataOut = (ssrFIFO.mem[tmp1]) & 0xF;
 57 |   *full = ((ssrFIFO.tail & 0xF) == LAST);
 58 | }
 59 | 
 60 | struct state_elements_rbFIFO{
 61 |   _Bool empty;
 62 |   unsigned char mem[16];
 63 |   unsigned char head;
 64 |   unsigned char tail;
 65 | };
 66 | struct state_elements_rbFIFO  srbFIFO;
 67 | 
 68 | void initial_rbFIFO()
 69 | {
 70 |   int i;
 71 |   //for(i = 0;i <= LAST; i = i + 1)
 72 |   srbFIFO.mem[0] = 0;
 73 |   srbFIFO.head = 0;
 74 |   srbFIFO.tail = 0;
 75 |   srbFIFO.empty = 1;
 76 | }
 77 | 
 78 | void rbFIFO(_Bool clock, unsigned char dataIn, _Bool push, _Bool pop, unsigned char *dataOut, _Bool *full, _Bool *empty)
 79 | {
 80 |   unsigned char tmp1, tmp2; 
 81 |   
 82 |   if(push && !*full)
 83 |   {
 84 |     tmp1 = srbFIFO.head & 0xF;
 85 |     srbFIFO.mem[tmp1] = dataIn & 0xF;
 86 |     srbFIFO.head = ((srbFIFO.head & 0xF) + 1) & 0xF;
 87 |     srbFIFO.empty = 0;
 88 |     *empty = 0;
 89 |   }
 90 | 
 91 |   else
 92 |     if(pop && !srbFIFO.empty)
 93 |     {
 94 |       srbFIFO.tail = ((srbFIFO.tail & 0xf) + 1) & 0xF;
 95 |       if((srbFIFO.tail & 0xF) == (srbFIFO.head & 0xF)) {
 96 |         srbFIFO.empty = 1;
 97 |         *empty = 1;
 98 |       }
 99 |     }
100 |   tmp2 = srbFIFO.tail & 0xF;
101 |   *dataOut = (srbFIFO.mem[tmp2]) & 0xF;
102 |   *full = ((srbFIFO.tail & 0xF) == (srbFIFO.head & 0xF)) & (!srbFIFO.empty );
103 | }
104 | 
105 | /*
106 | struct state_elements_main{
107 |   struct state_elements_srFIFO sr;
108 |   struct state_elements_rbFIFO rb;
109 | };
110 | struct state_elements_main  smain;
111 | */
112 | 
113 | unsigned char srDataOut;
114 | _Bool srFull;
115 | _Bool srEmpty;
116 | unsigned char rbDataOut;
117 | _Bool rbFull;
118 | _Bool rbEmpty;
119 | 
120 | _Bool design(_Bool clock, unsigned char dataIn, _Bool push, _Bool pop, _Bool *equal)
121 | {
122 |   
123 |   srFIFO(clock, dataIn, push, pop, &srDataOut, &srFull, &srEmpty);
124 |   rbFIFO(clock, dataIn, push, pop, &rbDataOut, &rbFull, &rbEmpty);
125 |   // the below should fail
126 |   //*equal = ((srFull == rbFull) && (smain.sr.empty == smain.rb.empty) && (smain.sr.empty | (srDataOut == rbDataOut)));
127 |   *equal = ((srFull == rbFull) && (ssrFIFO.empty == srbFIFO.empty) && (ssrFIFO.empty || (srDataOut == rbDataOut)));
128 |   //assert(srFull == rbFull);
129 |   //assert(srEmpty == rbEmpty);
130 |   //assert(srDataOut == rbDataOut);
131 |   
132 |   assert(*equal != 1);
133 | }
134 | 
135 | 
136 | void main() {
137 |   _Bool clock;
138 |   unsigned char dataIn;
139 |   _Bool push;
140 |   _Bool pop;
141 |   _Bool equal;
142 | 
143 |   initial_rbFIFO();
144 |   initial_srFIFO();
145 |   
146 |   //while(1) {
147 |     push = nondet_bool();
148 |     pop = nondet_bool();
149 |     dataIn = nondet_uchar();
150 |     design(clock, dataIn, push, pop, &equal);
151 |     //assert(equal == 1);
152 |   //}
153 | }
154 | 


--------------------------------------------------------------------------------
/unsafe/FIFO/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | 
4 | ^EXIT=10$
5 | ^SIGNAL=0$
6 | ^VERIFICATION FAILED$
7 | 


--------------------------------------------------------------------------------
/unsafe/Ibuf/main.sv:
--------------------------------------------------------------------------------
 1 | // Instruction queue controller.
 2 | //
 3 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
 4 | //
 5 | // Derived from description in Kaufmann, Martin, and Pixley's paper.
 6 | // Modified by: Rajdeep Mukherjee <rajdeep.mukherjee@cs.ox.ac.uk>
 7 | module main(clock,iqLoads,exeReady,opsReady,flush,
 8 | 	  load0,load1,load2,issue0,issue1,valid);
 9 |     input	 clock;
10 |     input [0:1]	 iqLoads;
11 |     input [0:1]	 exeReady;
12 |     input [0:2]	 opsReady;
13 |     input [0:2]	 flush;
14 |     output [0:1] load0;
15 |     output [0:1] load1;
16 |     output [0:1] load2;
17 |     output [0:2] issue0;
18 |     output [0:2] issue1;
19 |     output [0:2] valid;
20 | 
21 |     // valid says if the queue entries hold instructions or are empty.
22 |     reg [0:2]	 valid;
23 |     // qAge encodes the relative age of the queue entries.
24 |     // qAge[0] == 1 means valid[0] == 1 and either valid[1] == 0 or
25 |     // the 0-th entry is older than the 1-st entry.
26 |     // Likewise, qAge[1] compares the 0-th and 2-nd entry, and qAge[2]
27 |     // compares the 1-st and 2-nd entry.
28 |     reg [0:2]	 qAge;
29 | 
30 |     // Initial state: empty queue.
31 |     initial begin
32 | 	qAge = 3'd0;
33 | 	valid = 3'd0;
34 |     end
35 | 
36 |     // Loading instructions to queue slots:
37 |     // The lowest-indexed free entries are preferred.
38 |     // Dispatch port 0 has precedence over dispatch port 1.
39 |     assign load0[0] = ~valid[0] & iqLoads[0];
40 |     assign load0[1] = ~valid[0] & ~iqLoads[0] & iqLoads[1];
41 |     assign load1[0] = ~valid[1] & valid[0] & iqLoads[0];
42 |     assign load1[1] = ~valid[1] & iqLoads[1] & ~(load0[1] | load1[0]);
43 |     assign load2[0] = ~valid[2] & valid[1] & valid[0] & iqLoads[0];
44 |     assign load2[1] = ~valid[2] & iqLoads[1] &
45 | 	~(load2[0] | load0[1] | load1[1]);
46 |     // Issuing instructions to the execution units.
47 |     // Execution unit 0 has precedence over execution unit 1.
48 |     // Older instructions are issued first.
49 |     assign issue0[0] = exeReady[0] & opsReady[0] & valid[0] &
50 | 	(qAge[0] | ~opsReady[1]) & (qAge[1] | ~opsReady[2]);
51 |     assign issue0[1] = exeReady[0] & opsReady[1] & valid[1] &
52 | 	(~qAge[0] | ~opsReady[0]) & (qAge[2] | ~opsReady[2]);
53 |     assign issue0[2] = exeReady[0] & opsReady[2] & valid[2] &
54 | 	(~qAge[1] | ~opsReady[0]) & (qAge[2] | ~opsReady[1]);
55 |     assign issue1[0] = exeReady[1] & opsReady[0] & valid[0] &
56 | 	(qAge[0] | ~opsReady[1] | issue0[1]) &
57 | 	(qAge[1] | ~opsReady[2] | issue0[2]) & ~issue0[0];
58 |     assign issue1[1] = exeReady[1] & opsReady[1] & valid[1] &
59 | 	(~qAge[0] | ~opsReady[0] | issue0[0]) &
60 | 	(qAge[2] | ~opsReady[2] | issue0[2]) & ~issue0[1];
61 |     assign issue1[2] = exeReady[1] & opsReady[2] & valid[2] &
62 | 	(~qAge[1] | ~opsReady[0] | issue0[0]) &
63 | 	(qAge[2] | ~opsReady[1] | issue0[1]) & ~issue0[2];
64 | 
65 |     // Next values of the valid bits;
66 |     wire nv0 = ~flush[0] & (valid[0] & ~(issue0[0] | issue1[0]) | load0);
67 |     wire nv1 = ~flush[1] & (valid[1] & ~(issue0[1] | issue1[1]) | load1);
68 |     wire nv2 = ~flush[2] & (valid[2] & ~(issue0[2] | issue1[2]) | load2);
69 | 
70 |     always @ (posedge clock) begin
71 | 	valid[0] = nv0;
72 | 	valid[1] = nv1;
73 | 	valid[2] = nv2;
74 | 	qAge[0] = nv0 & (~nv1 | qAge[0] | ~valid[1]);
75 | 	qAge[1] = nv0 & (~nv2 | qAge[1] | ~valid[2]);
76 | 	qAge[2] = nv1 & (~nv2 | qAge[2] | ~valid[2]);
77 |     end // always @ (posedge clock)
78 | 
79 | assert property (!((qAge[0]==0 || qAge[1]==1 || qAge[2]==0) &&
80 | (qAge[0]==1 || qAge[1]==0 || qAge[2]==1) &&
81 | (!(qAge[0]==1) ||  valid[0]==1) &&
82 | (!(qAge[1]==1) || valid[0]==1) &&
83 | (!(qAge[2]==1) || valid[1]==1) &&
84 | (!(valid[0]==1 && valid[1]==0) || qAge[0]==1) &&
85 | (!(valid[0]==1 && valid[2]==0) || qAge[1]==1) &&
86 | (!(valid[1]==1 && valid[2]==0) || qAge[2]==1)));
87 |  
88 | 
89 | endmodule // iqc
90 | 


--------------------------------------------------------------------------------
/unsafe/Ibuf/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | 
4 | ^EXIT=10$
5 | ^SIGNAL=0$
6 | ^VERIFICATION FAILED$
7 | 


--------------------------------------------------------------------------------
/unsafe/Makefile:
--------------------------------------------------------------------------------
 1 | default: tests.log
 2 | 
 3 | FLAGS = --verbosity 10 --acdl --decision ordered --learning first-uip --propagate chaotic --inline
 4 | 
 5 | test:
 6 | 	@../test.pl -c "/usr/bin/time -v /users/rajdeep/git-acdlp/2ls/src/2ls/2ls $(FLAGS)"
 7 | 
 8 | tests.log: ../test.pl
 9 | 	@../test.pl -c "/users/rajdeep/git-acdlp/2ls/src/2ls/2ls $(FLAGS)"
10 | 
11 | show:
12 | 	@for dir in *; do \
13 | 		if [ -d "$$dir" ]; then \
14 | 			vim -o "$$dir/*.c" "$$dir/*.out"; \
15 | 		fi; \
16 | 	done;
17 | 
18 | clean:
19 | 	@rm -f *.log
20 | 	@for dir in *; do rm -f $$dir/*.out; done;
21 | 


--------------------------------------------------------------------------------
/unsafe/NullModem/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | 
4 | ^EXIT=10$
5 | ^SIGNAL=0$
6 | ^VERIFICATION FAILED$
7 | 


--------------------------------------------------------------------------------
/unsafe/ReqAck/main.c:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #define TRUE 1
 3 | #define FALSE 0
 4 | 
 5 | int idle = 0;
 6 | int starting = 1;
 7 | int	working = 2;
 8 | int	done = 3;
 9 |     
10 | // This module is a timer.
11 | struct state_elements_slave {
12 |   unsigned short int count;
13 | };
14 | struct state_elements_slave sslave;
15 | 
16 | void initial_slave()
17 | {
18 |   sslave.count = 0;
19 | }
20 | 
21 | void slave(_Bool clock, _Bool start, _Bool *ready)
22 | {
23 | 	if (start)
24 | 	  sslave.count = 0;
25 | 	else
26 | 	  sslave.count = sslave.count + 1;
27 | 
28 |   *ready = (sslave.count == 0x3FF);
29 | }
30 | 
31 | struct state_elements_reqAck {
32 |   unsigned char state;
33 | };
34 | struct state_elements_reqAck sreqAck;
35 | 
36 | void initial_reqAck()
37 | {
38 |   sreqAck.state = idle;
39 | }
40 | 
41 | void reqAck(_Bool clock, _Bool req, _Bool *ack)
42 | {
43 |   _Bool	start;
44 |   _Bool	ready;
45 |   
46 |   slave (clock,start,&ready);
47 | 
48 |   if(sreqAck.state == idle)
49 |   {
50 |     if(req) 
51 |       sreqAck.state = starting;
52 |     else
53 |       sreqAck.state = idle;
54 |   }
55 |   if(sreqAck.state == idle)
56 |   {
57 |     sreqAck.state = working;
58 |   }	
59 |   if(sreqAck.state == working)
60 |   {
61 |     if (ready)
62 |       sreqAck.state = done;
63 |     else
64 |       sreqAck.state = working;
65 |   }
66 |   if(sreqAck.state == done)
67 |   {
68 |     sreqAck.state = idle;
69 |   }
70 | 
71 |   ack = (sreqAck.state == done);
72 |   start = (sreqAck.state == starting);
73 | }
74 | 
75 | struct state_elements_main {
76 |   _Bool req;
77 | };
78 | struct state_elements_main smain;
79 | 
80 | void initial_main()
81 | {
82 |   smain.req =  0;
83 | }
84 | 
85 | void main()
86 | {
87 |   _Bool clock, ack, nd;
88 |   
89 |   nd=1;
90 |   smain.req=nd;
91 |   if(smain.req==1) {
92 |     reqAck(clock, smain.req, &ack);
93 |     assert(ack==1);
94 |   }
95 | }
96 | 
97 | 


--------------------------------------------------------------------------------
/unsafe/ReqAck/main.sv:
--------------------------------------------------------------------------------
  1 | // Example of "bureaucrat" request/acknowledgement protocol.
  2 | // When a request is received, a timer is started and no action is taken
  3 | // until the timer signals that some time has elapsed.
  4 | // Because of the timer, this system is intrinsically hard to model check.
  5 | // The solution is the abstraction of the counter.
  6 | //
  7 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
  8 | 
  9 | // This environment module generates nondeterministic requests.
 10 | module main(clock);
 11 |     input clock;
 12 |     reg	  req;
 13 |     wire  ack;
 14 |     wire  nd;
 15 | 
 16 |     initial begin
 17 | 	req = 0;
 18 |     end
 19 | 
 20 |     assign nd = 1; //$ND(0,1);
 21 | 
 22 |  always @ (posedge clock)
 23 | 	req = nd;
 24 |     
 25 |   reqAck ra(clock,req,ack);
 26 |   
 27 |   assert property (req==1 |-> ##[1:10] ack==1);
 28 | endmodule // main
 29 | 
 30 | // This module 
 31 | module reqAck(clock,req,ack);
 32 |     input	    clock;
 33 |     input	    req;
 34 |     output	    ack;
 35 | 
 36 |     parameter 
 37 | 	idle = 2'd0,
 38 | 	starting = 2'd1,
 39 | 	working = 2'd2,
 40 | 	done = 2'd3;
 41 |     
 42 |     reg [1:0]	    state;
 43 |     wire	    start;
 44 |     wire	    ready;
 45 | 
 46 |     initial begin
 47 | 	state = idle;
 48 |     end
 49 | 
 50 |     always @ (posedge clock) begin
 51 | 	case (state)
 52 | 	  idle:
 53 | 	      begin
 54 | 		  if (req)
 55 | 		      state = starting;
 56 | 		  else
 57 | 		      state = idle;
 58 | 	      end // case: idle
 59 | 	  starting:
 60 | 	      begin
 61 | 		  state = working;
 62 | 	      end // case: starting
 63 | 	  working:
 64 | 	      begin
 65 | 		  if (ready)
 66 | 		      state = done;
 67 | 		  else
 68 | 		      state = working;
 69 | 	      end // case: working
 70 | 	  done:
 71 | 	      begin
 72 | 		  state = idle;
 73 | 	      end // case: done
 74 | 	endcase // case (state)
 75 |     end // always @ (req or ready)
 76 | 
 77 |     assign ack = state == done;
 78 |     assign start = state == starting;
 79 | 
 80 | 
 81 |     slave slv(clock,start,ready);
 82 | 
 83 | endmodule // reqAck
 84 | 
 85 | 
 86 | // This module is a timer.
 87 | module slave(clock,start,ready);
 88 |     input     clock;
 89 |     input     start;
 90 |     output    ready;
 91 | 
 92 |     reg [9:0] count;
 93 | 
 94 |     initial begin
 95 | 	count = 0;
 96 |     end
 97 | 
 98 |     always @ (posedge clock) begin
 99 | 	if (start)
100 | 	    count = 0;
101 | 	else
102 | 	    count = count + 1;
103 |     end // always @ (posedge clock)
104 | 
105 |     assign ready = count == 10'b0000000111; //10'b1111111111;
106 | 
107 | endmodule // slave
108 | 


--------------------------------------------------------------------------------
/unsafe/ReqAck/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | --unwind 1
4 | ^EXIT=10$
5 | ^SIGNAL=0$
6 | ^VERIFICATION FAILED$
7 | 


--------------------------------------------------------------------------------
/unsafe/Rotate/main.c:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #include <assert.h>
 3 | #define TRUE 1
 4 | #define FALSE 0
 5 | 
 6 | struct state_elements_main{
 7 | unsigned int dout;
 8 | unsigned int inr;
 9 | };
10 | struct state_elements_main  smain;
11 | 
12 | void rotate(_Bool clock, unsigned char amount, unsigned int din, unsigned int *dout)
13 | {
14 |   unsigned int dout_old;
15 |   unsigned int inr_old;
16 |   unsigned int tmp0;
17 |   unsigned int tmp1;
18 |   unsigned int tmp2;
19 |   unsigned int tmp3;
20 |   unsigned int tmp4;
21 |   unsigned int tmp5;
22 |   
23 |   // clocked block
24 |   smain.inr = din;
25 |   
26 |   // continuous assignment
27 |   tmp0 = smain.inr;
28 |   tmp1 = (amount&0x1) ? (tmp0 >> 1)|(tmp0 << (32 - 1)) : tmp0;
29 |   tmp2 = (amount&0x2) ? (tmp1 >> 2)|(tmp1 << (32 - 2)) : tmp1;
30 |   tmp3 = (amount&0x4) ? (tmp2 >> 4)|(tmp2 << (32 - 4)) : tmp2;
31 |   tmp4 = (amount&0x8) ? (tmp3 >> 8)|(tmp3 << (32 - 8)) : tmp3;
32 |   tmp5 = (amount&0x10) ? (tmp4 >> 16)|(tmp4 << (32 - 16)) : tmp4;
33 |   
34 |   // clocked
35 |   smain.dout = tmp5;
36 |   *dout = tmp5;
37 | }
38 | 
39 | void initial_main(){
40 |   smain.dout = 0;
41 |   smain.inr = 0;
42 | }
43 | 
44 | void main() {
45 |   _Bool clock;
46 |   unsigned char amount;
47 |   unsigned int din;
48 |   unsigned int dout;
49 |   initial_main();
50 |   //while(1) {
51 |     rotate(clock, amount, din, &dout);
52 |     // # FAIL:
53 |     assert(dout != 0xAAAAAAAA);
54 |   //}
55 | }
56 | 


--------------------------------------------------------------------------------
/unsafe/Rotate/main.v:
--------------------------------------------------------------------------------
 1 | // Right rotator.
 2 | //
 3 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
 4 | 
 5 | 
 6 | module main(clock,amount,din,dout);
 7 |     input	      clock;
 8 |     input [4:0] amount;
 9 |     input [31:0]    din;
10 |     output [31:0]   dout;
11 | 
12 |     reg [31:0]      dout;
13 |     reg [31:0]      inr;
14 | 
15 |     wire [31:0] tmp0;
16 |     wire [31:0] tmp1;
17 |     wire [31:0] tmp2;
18 |     wire [31:0] tmp3;
19 |     wire [31:0] tmp4;
20 |     wire [31:0] tmp5;
21 | 
22 |     initial begin
23 | 	dout = 0;
24 | 	inr = 0;
25 |     end
26 | 
27 |     assign tmp0 = inr;
28 | /*    assign tmp1 = amount[0] ?
29 | 	{tmp0[0:0], tmp0[31:1]} : tmp0;
30 |     assign tmp2 = amount[1] ?
31 | 	{tmp1[1:0], tmp1[31:2]} : tmp1;
32 |     assign tmp3 = amount[2] ?
33 | 	{tmp2[3:0], tmp2[31:4]} : tmp2;
34 |     assign tmp4 = amount[3] ?
35 | 	{tmp3[7:0], tmp3[31:8]} : tmp3;
36 |     assign tmp5 = amount[4] ?
37 | 	{tmp4[15:0], tmp4[31:16]} : tmp4;
38 | */
39 |     always @ (posedge clock) begin
40 | 	dout = tmp5;
41 | 	inr = din;
42 |     end // always @ (posedge clock)
43 | 
44 | endmodule // rotate
45 | 


--------------------------------------------------------------------------------
/unsafe/Rotate/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | 
4 | ^EXIT=10$
5 | ^SIGNAL=0$
6 | ^VERIFICATION FAILED$
7 | 


--------------------------------------------------------------------------------
/unsafe/Unidec/main.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <assert.h>
  3 | #define TRUE 1
  4 | #define FALSE 0
  5 | 
  6 | struct state_elements_main {
  7 |   unsigned short int word;
  8 |   _Bool 	found;
  9 |   _Bool 	init;
 10 | };
 11 | struct state_elements_main smain;
 12 | 
 13 | unsigned short int codes(unsigned char sel)
 14 | {
 15 |   unsigned short int code;
 16 |   if(sel&0x7 == 0)
 17 |     code = 8;
 18 |   
 19 |   else
 20 |     if(sel&0x7 == 1)
 21 |       code = 10;
 22 | 
 23 |     else
 24 |       if(sel&0x7 == 2)
 25 |         code = 0x58;
 26 | 
 27 |       else
 28 |         if(sel&0x7 == 3)
 29 |           code = 0x248;
 30 | 
 31 |         else
 32 |           if(sel&0x7 == 4)
 33 |             code = 0x2C1;
 34 | 
 35 |           else
 36 |             if(sel&0x7 == 5)
 37 |               code = 0x263;
 38 | 
 39 |             else
 40 |               if(sel&0x7 == 6)
 41 |                 code = 0xC689;
 42 | 
 43 |               else
 44 |                 if(sel&0x7 == 7)
 45 |                   code = 0x8;
 46 | 
 47 |   return code;
 48 | }
 49 | 
 50 | unsigned short int suffixes(unsigned short int word, unsigned char sel)
 51 | {
 52 |   unsigned short int suffix; 
 53 |   if(sel&0x3 == 0)
 54 |     suffix = ((0x0&0x7)<<13) | ((smain.word>>3)&0x1FFF);
 55 |   
 56 |   else
 57 |     if(sel&0x3 == 1)
 58 |     suffix = ((0x0&0x3F)<<10) | ((smain.word>>6)&0x3FF);
 59 |       
 60 | 
 61 |     else
 62 |       if(sel&0x3 == 2)
 63 |     suffix = ((0x0&0x1FF)<<7) | ((smain.word>>9)&0x7F);
 64 | 
 65 |       else
 66 |         if(sel&0x3 == 3)
 67 |     suffix = ((0x0&0xFFF)<<4) | ((smain.word>>12)&0xF);
 68 | 
 69 |   return suffix;
 70 | }
 71 | 
 72 | unsigned short int prefixes(unsigned short int word, unsigned char sel)
 73 | {
 74 |   unsigned short int prefix;
 75 |   if(sel&0x3 == 0) {
 76 |     if(((word>>4)&0xFFF)==0)
 77 |       prefix=0x7FFF;
 78 |     else
 79 |       prefix=(0x1FFF<<2) | (word&0x7);
 80 |   }
 81 |   if(sel&0x3 == 1) {
 82 |     if(((word>>7)&0x1FF)==0)
 83 |       prefix=0x7FFF;
 84 |     else
 85 |       prefix=(0x3FF<<5) | (word&0x3F);
 86 |   }
 87 |   if(sel&0x3 == 2) {
 88 |     if(((word>>10)&0x3F)==0)
 89 |       prefix=0x7FFF;
 90 |     else
 91 |       prefix=(0x7F<<8) | (word&0x1FF);
 92 |   }
 93 |   if(sel&0x3 == 3) {
 94 |     if(((word>>13)&0x7)==0)
 95 |       prefix=0x7FFF;
 96 |     else
 97 |       prefix=(0xF<<11) | (word&0x7FF);
 98 |   }
 99 |   return prefix;
100 | }
101 | 
102 | void initial(unsigned char sel1) 
103 | {
104 |   smain.word = codes(sel1);
105 |   smain.found = 0;
106 |   smain.init = 1;
107 | }
108 | 
109 | void unidec(
110 |     _Bool	clk,
111 |     unsigned char sel1,
112 |     unsigned char sel2,
113 |     _Bool *found)
114 | {
115 |   unsigned short int other;
116 |   other = codes(sel1);
117 |   
118 |   smain.init = 0;
119 |   if (other == prefixes(smain.word,sel2)) {
120 |     // There is a code word that is a prefix of the current word.
121 |     // Make the suffix of the current word the next word.
122 |     smain.word = suffixes(smain.word,sel2);
123 |   }
124 |   else if (prefixes(other,sel2) == smain.word) {
125 |     // The current word is a prefix of another code word.
126 |     // Make the suffix of the other word the next word.
127 |     smain.word = suffixes(other,sel2);
128 |   } 
129 |   else {
130 |     // Neither applies.  Go to trap state.
131 |     smain.word = 0;
132 |   }
133 |   
134 |   // clocked block
135 |   smain.found = !smain.init && smain.word == other;
136 |   *found = !smain.init && smain.word == other;
137 | }
138 | 
139 | int main()
140 | {
141 |   _Bool	clk;
142 |   unsigned char sel1;
143 |   unsigned char sel2;
144 |   _Bool found;
145 |   //while(1) {
146 |     unidec(clk, sel1, sel2, &found);
147 | 
148 |     //#PASS: The trap state lives up to its name.
149 |     //assert((smain.word!=0) || (smain.word==0));
150 | 
151 |     // FAIL
152 |     assert(found==1); 
153 |   //}
154 | }
155 | 
156 | 


--------------------------------------------------------------------------------
/unsafe/Unidec/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | 
4 | ^EXIT=0$
5 | ^SIGNAL=0$
6 | ^VERIFICATION SUCCESSFUL$
7 | 


--------------------------------------------------------------------------------
/unsafe/Vlunc/main.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <assert.h>
  3 | #define TRUE 1
  4 | #define FALSE 0
  5 | 
  6 | struct state_elements_control {
  7 |   unsigned char prev;
  8 |   _Bool		Lcmd;
  9 |   _Bool		Ucmd;
 10 |   _Bool		Ncmd;
 11 |   _Bool 	Ccmd;
 12 | };
 13 | struct state_elements_control scontrol; 
 14 | 
 15 | void initial_control() 
 16 | {
 17 |   scontrol.Lcmd = 0;
 18 |   scontrol.Ucmd = 0;
 19 |   scontrol.Ncmd = 1;
 20 |   scontrol.Ccmd = 0;
 21 |   scontrol.prev = 0;
 22 | }    
 23 | 
 24 | void control(
 25 |     _Bool	clock,
 26 |     _Bool 	reset,
 27 |     unsigned char	in,
 28 |     _Bool	*Lcmd,
 29 |     _Bool	*Ucmd,
 30 |     _Bool	*Ncmd,
 31 |     _Bool	*Ccmd)
 32 | {
 33 | 
 34 |   _Bool	load;
 35 | 
 36 |   // clocked block
 37 |   if (reset)
 38 |     scontrol.prev = 0;
 39 |   else
 40 |     scontrol.prev = in;
 41 | 
 42 |   load = (scontrol.prev == 0x1b); // escape
 43 | 
 44 |   if (reset) {
 45 |     scontrol.Ncmd = 1;
 46 |     scontrol.Lcmd = 0; scontrol.Ucmd = 0; scontrol.Ccmd = 0;
 47 |   }
 48 |   else if (load) {
 49 |     switch (in) {
 50 |       case 0x4c: { // L
 51 |                    scontrol.Lcmd = 1; scontrol.Ucmd = 0; scontrol.Ncmd = 0; scontrol.Ccmd = 0;
 52 |                    break;
 53 |                  }
 54 |       case 0x55: { // U
 55 |                    scontrol.Lcmd = 0; scontrol.Ucmd = 1; scontrol.Ncmd = 0; scontrol.Ccmd = 0;
 56 |                    break;
 57 |                  }
 58 |       case 0x4e: { // N
 59 |                    scontrol.Lcmd = 0; scontrol.Ucmd = 0; scontrol.Ncmd = 1; scontrol.Ccmd = 0;
 60 |                    break;
 61 |                  }
 62 |       case 0x43: { // C
 63 |                    scontrol.Lcmd = 0; scontrol.Ucmd = 0; scontrol.Ncmd = 0; scontrol.Ccmd = 1;
 64 |                    break;
 65 |                  }
 66 |       default: {
 67 |                  scontrol.Lcmd = 0; scontrol.Ucmd = 0; scontrol.Ncmd = 0; scontrol.Ccmd = 0;
 68 |                  break;
 69 |                }
 70 |     }
 71 |   } // if (load)
 72 |   *Lcmd = scontrol.Lcmd;
 73 |   *Ucmd = scontrol.Ucmd;
 74 |   *Ncmd = scontrol.Ncmd;
 75 |   *Ccmd = scontrol.Ccmd;
 76 | 
 77 | } // control
 78 | 
 79 | // Utility functions
 80 | _Bool isUpper(
 81 | 	unsigned char   in)
 82 | {
 83 |   _Bool isupper;
 84 |   isupper = ~((in>>5)&1);
 85 |   return isupper;
 86 | }
 87 | 
 88 | unsigned char toLower(
 89 | 	unsigned char   in)
 90 | {
 91 |   unsigned char tolower;
 92 | 	if (isUpper(in))
 93 | 	    tolower = in + 0x20;
 94 | 	else
 95 | 	    tolower = in;
 96 |   return tolower;
 97 | }
 98 | 
 99 | unsigned char toUpper(
100 | 	unsigned char   in)
101 | {
102 | 	unsigned char toupper;
103 | 	if (!isUpper(in))
104 | 	    toupper = in - 0x20;
105 | 	else
106 | 	    toupper = in;
107 |   return toupper;
108 | }
109 | 
110 | unsigned char changeCase(
111 | 	unsigned char   in)
112 | {
113 | 	unsigned char changecase;
114 |   return changecase;
115 |   if (isUpper(in))
116 | 	    changecase = in + 0x20;
117 | 	else
118 | 	    changecase = in - 0x20;
119 |   return changecase;
120 | }    
121 | 
122 | void transform(
123 |     unsigned char in,
124 |     _Bool	 Lcmd,
125 |     _Bool	 Ucmd,
126 |     _Bool	 Ncmd,
127 |     _Bool	 Ccmd,
128 |     unsigned char *out)
129 | {
130 |     *out = Lcmd ? toLower(in) :
131 | 	   Ucmd ? toUpper(in) :
132 | 	   Ncmd ? in :
133 | 	   Ccmd ? changeCase(in) : 0x00;
134 | }
135 | 
136 | struct state_elements_main {
137 |   unsigned char regIn;
138 |   unsigned char dataOut;
139 | };
140 | struct state_elements_main smain; 
141 | 
142 | void initial() {
143 | 	smain.regIn = 0;
144 | 	smain.dataOut = 0;
145 | }
146 | 
147 | void vlunc(
148 |     _Bool	 clock,
149 |     _Bool 	 reset,
150 |     unsigned char	 dataIn,
151 |     unsigned char *dataOut)
152 | {
153 |     unsigned char transformed;
154 |     _Bool	 Lcmd, Ucmd, Ncmd, Ccmd;
155 |     
156 |     control(clock,reset,smain.regIn,&Lcmd,&Ucmd,&Ncmd,&Ccmd);
157 |     
158 |     transform(smain.regIn,Lcmd,Ucmd,Ncmd,Ccmd,&transformed);
159 |     
160 |     // clocked block
161 | 	if (reset) {
162 | 	    smain.dataOut = 0;
163 | 	    smain.regIn = 0;
164 |   } else {
165 | 	    smain.dataOut = transformed;
166 | 	    smain.regIn = dataIn;
167 |   } // else: !if(reset)
168 | 
169 |   *dataOut=smain.dataOut;
170 | 
171 |   /*#FAILS: If the output is a lowercase character and Lcmd is asserted,
172 |   # then Lcmd must be deasserted or the output continues to be a lowercase
173 |   # character.*/
174 |   if(Lcmd==1 || (((*dataOut>>5)&1)==1)) { 
175 |     assert(Lcmd!=0); 
176 |   }
177 | }
178 | 
179 | void main()
180 | {
181 |   _Bool	 clock;
182 |    _Bool 	 reset;
183 |   unsigned char	 dataIn;
184 |   unsigned char dataOut;
185 |   initial();
186 |   initial_control();
187 |   while(1) 
188 |     vlunc(clock,reset,dataIn,&dataOut);
189 | }
190 | 
191 | 
192 | 
193 | 


--------------------------------------------------------------------------------
/unsafe/Vlunc/main.sv:
--------------------------------------------------------------------------------
  1 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
  2 | 
  3 | module main (clock,reset,dataIn,dataOut);
  4 |     input	 clock;
  5 |     inout 	 reset;
  6 |     input [7:0]	 dataIn;
  7 |     output [7:0] dataOut;
  8 |     reg [7:0]	 dataOut;
  9 |     
 10 |     reg [7:0]	 regIn;
 11 |     wire [7:0]	 transformed;
 12 |     wire 	 Lcmd, Ucmd, Ncmd, Ccmd;
 13 | 
 14 |     initial begin
 15 | 	regIn   = 0;
 16 | 	dataOut = 0;
 17 |     end
 18 |     
 19 |     control	c(clock,reset,regIn,Lcmd,Ucmd,Ncmd,Ccmd);
 20 |     
 21 |     transform	t(regIn,Lcmd,Ucmd,Ncmd,Ccmd,transformed);
 22 |     
 23 |     always @ (posedge clock) begin
 24 | 	if (reset) begin
 25 | 	    dataOut = 0;
 26 | 	    regIn = 0;
 27 | 	end else begin
 28 | 	    dataOut = transformed;
 29 | 	    regIn = dataIn;
 30 | 	end // else: !if(reset)
 31 |     end
 32 | 
 33 | /*#FAIL: If the output is a lowercase character and Lcmd is asserted,
 34 | # then Lcmd must be deasserted or the output continues to be a lowercase
 35 | # character.*/
 36 | 
 37 | assert property ((Lcmd==1 || dataOut[5]==1) |-> ##1 (Lcmd!=0)); 
 38 | 
 39 | endmodule // lunc
 40 | 
 41 | 
 42 | module control (clock,reset,in,Lcmd,Ucmd,Ncmd,Ccmd);
 43 |     input	clock;
 44 |     input 	reset;
 45 |     input [7:0]	in;
 46 |     output	Lcmd;
 47 |     output	Ucmd;
 48 |     output	Ncmd;
 49 |     output	Ccmd;
 50 | 
 51 |     reg		Lcmd;
 52 |     reg		Ucmd;
 53 |     reg		Ncmd;
 54 |     reg		Ccmd;
 55 | 
 56 |     wire	load;
 57 |     reg [7:0]	prev;
 58 | 
 59 |     initial begin
 60 | 	Lcmd = 0;
 61 | 	Ucmd = 0;
 62 | 	Ncmd = 1;
 63 | 	Ccmd = 0;
 64 | 	prev = 0;
 65 |     end // initial begin
 66 | 
 67 |     always @ (posedge clock)
 68 |       if (reset)
 69 | 	prev = 0;
 70 |       else
 71 | 	prev = in;
 72 |     
 73 |     assign load = (prev == 8'h1b); // escape
 74 | 
 75 |     always @ (posedge clock)
 76 |       if (reset) begin
 77 | 	  Ncmd = 1;
 78 | 	  Lcmd = 0; Ucmd = 0; Ccmd = 0;
 79 |       end
 80 |       else if (load) begin
 81 | 	  case (in)
 82 | 	    8'h4c: begin // L
 83 | 		Lcmd = 1; Ucmd = 0; Ncmd = 0; Ccmd = 0;
 84 | 	    end
 85 | 	    8'h55: begin // U
 86 | 		Lcmd = 0; Ucmd = 1; Ncmd = 0; Ccmd = 0;
 87 | 	    end
 88 | 	    8'h4e: begin // N
 89 | 		Lcmd = 0; Ucmd = 0; Ncmd = 1; Ccmd = 0;
 90 | 	    end
 91 | 	    8'h43: begin // C
 92 | 		Lcmd = 0; Ucmd = 0; Ncmd = 0; Ccmd = 1;
 93 | 	    end
 94 | 	    default: begin
 95 | 		Lcmd = 1'bx; Ucmd = 1'bx; Ncmd = 1'bx; Ccmd = 1'bx;
 96 | 	    end
 97 | 	  endcase
 98 |       end // if (load)
 99 | 
100 | endmodule // control
101 | 
102 | 
103 | module transform (in,Lcmd,Ucmd,Ncmd,Ccmd,out);
104 |     input [7:0]	 in;
105 |     input	 Lcmd;
106 |     input	 Ucmd;
107 |     input	 Ncmd;
108 |     input	 Ccmd;
109 |     output [7:0] out;
110 | 
111 |     assign out = Lcmd ? toLower(in) :
112 | 	   Ucmd ? toUpper(in) :
113 | 	   Ncmd ? in :
114 | 	   Ccmd ? changeCase(in) : 8'hxx;
115 | 
116 |     function [7:0] toLower;
117 | 	input [7:0]   in;
118 |     begin: _toLower
119 | 	if (isUpper(in))
120 | 	    toLower = in + 8'h20;
121 | 	else
122 | 	    toLower = in;
123 |     end
124 |     endfunction // toLower
125 | 
126 |     function [7:0] toUpper;
127 | 	input [7:0]   in;
128 |     begin: _toUpper
129 | 	if (!isUpper(in))
130 | 	    toUpper = in - 8'h20;
131 | 	else
132 | 	    toUpper = in;
133 |     end
134 |     endfunction // toUpper
135 | 
136 |     function [7:0] changeCase;
137 | 	input [7:0]   in;
138 |     begin: _changeCase
139 | 	if (isUpper(in))
140 | 	    changeCase = in + 8'h20;
141 | 	else
142 | 	    changeCase = in - 8'h20;
143 |     end
144 |     endfunction // changeCase
145 | 
146 |     function isUpper;
147 | 	input [7:0]   in;
148 |     begin: _isUpper
149 | 	isUpper = ~in[5];
150 |     end
151 |     endfunction // isUpper
152 | 
153 | endmodule // transform
154 | 


--------------------------------------------------------------------------------
/unsafe/Vlunc/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | --unwind 2
4 | ^EXIT=10$
5 | ^SIGNAL=0$
6 | ^VERIFICATION FAILED$
7 | 


--------------------------------------------------------------------------------
/unsafe/b01/.main.c.swp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/unsafe/b01/.main.c.swp


--------------------------------------------------------------------------------
/unsafe/b01/.main.sv.swp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rajdeep87/verilog-c/0b46ae072a477b3d8c00559e0df2483be470dcc4/unsafe/b01/.main.sv.swp


--------------------------------------------------------------------------------
/unsafe/b01/main.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <assert.h>
  3 | #define TRUE 1
  4 | #define FALSE 0
  5 | 
  6 | int a=0;
  7 | int b=1;
  8 | int c=2;
  9 | int e=3;
 10 | int f=4;
 11 | int g=5;
 12 | int wf0=6;
 13 | int wf1=7;
 14 | 
 15 | struct state_elements_main {
 16 |   _Bool OUTP, OVERFLW;
 17 |   unsigned char stato;
 18 | };
 19 | struct state_elements_main smain; 
 20 | 
 21 | void initial() {
 22 | 	smain.stato = a;
 23 | 	smain.OUTP = 0;
 24 | 	smain.OVERFLW = 0;
 25 | }
 26 | 
 27 | void b01(
 28 |   _Bool  LINE1, _Bool LINE2,
 29 |   _Bool *OUTP, _Bool *OVERFLW, 
 30 |   _Bool  clock)
 31 | {
 32 |   // clocked block
 33 |   switch(smain.stato) {
 34 |     case 0: {
 35 |               if (LINE1 & LINE2)
 36 |                 smain.stato = f;
 37 |               else
 38 |                 smain.stato = b;
 39 |               smain.OUTP = LINE1 ^ LINE2;
 40 |               smain.OVERFLW = 0;
 41 |               break;
 42 |             }
 43 |     case 3:{
 44 |               if (LINE1 & LINE2)
 45 |                 smain.stato = f;
 46 |               else
 47 |                 smain.stato = b;
 48 |               smain.OUTP = LINE1 ^ LINE2;
 49 |               smain.OVERFLW = 1;
 50 |               break;
 51 |             }
 52 |     case 1: {
 53 |               if (LINE1 & LINE2)
 54 |                 smain.stato = g;
 55 |               else 
 56 |                 smain.stato = c;
 57 |               smain.OUTP = LINE1 ^ LINE2;
 58 |               smain.OVERFLW = 0;
 59 |               break;
 60 |             }
 61 |     case 4: {
 62 |               if (LINE1 | LINE2)
 63 |                 smain.stato = g;
 64 |               else
 65 |                 smain.stato = c;
 66 |               smain.OUTP = ~(LINE1 ^ LINE2);
 67 |               smain.OVERFLW = 0;
 68 |               break;
 69 |             }
 70 |     case 2: {
 71 |               if (LINE1 & LINE2)
 72 |                 smain.stato = wf1;
 73 |               else
 74 |                 smain.stato = wf0;
 75 |               smain.OUTP = LINE1 ^ LINE2;
 76 |               smain.OVERFLW = 0;
 77 |               break;
 78 |             }
 79 |     case 5: {
 80 |               if (LINE1 | LINE2)
 81 |                 smain.stato = wf1;
 82 |               else
 83 |                 smain.stato = wf0;
 84 |               smain.OUTP = ~(LINE1 ^ LINE2);
 85 |               smain.OVERFLW = 0;
 86 |               break;
 87 |             }
 88 |     case 6: {
 89 |                 if (LINE1 & LINE2)
 90 |                   smain.stato = e;
 91 |                 else
 92 |                   smain.stato = a;
 93 |                 smain.OUTP = LINE1 ^ LINE2;
 94 |                 smain.OVERFLW = 0;
 95 |                 break;
 96 |               }
 97 |     case 7: {
 98 |                 if (LINE1 | LINE2)
 99 |                   smain.stato = e;
100 |                 else             
101 |                   smain.stato = a;
102 |                 smain.OUTP = ~(LINE1 ^ LINE2);
103 |                 smain.OVERFLW = 0;
104 |                 break;
105 |               }
106 |   }
107 |   *OUTP=smain.OUTP;
108 |   *OVERFLW=smain.OVERFLW;
109 | }
110 |  
111 | void main()
112 | {
113 |   _Bool  LINE1; _Bool LINE2;
114 |   _Bool OUTP; _Bool OVERFLW; 
115 |   _Bool  clock;
116 |  initial();
117 |  while(1) {
118 |    b01(LINE1,LINE2,&OUTP,&OVERFLW,clock);
119 |    if(smain.OVERFLW==1) {
120 |      b01(LINE1,LINE2,&OUTP,&OVERFLW,clock);
121 |      b01(LINE1,LINE2,&OUTP,&OVERFLW,clock);
122 |      assert(smain.OVERFLW!=0);
123 |    }
124 |  }
125 | }
126 | 
127 | 
128 | 
129 | 


--------------------------------------------------------------------------------
/unsafe/b01/main.sv:
--------------------------------------------------------------------------------
  1 | // Verilog translation of the original b01 circuit from the ITC99
  2 | // benchmark set.
  3 | 
  4 | // Author: Fabio Somenzi <Fabio@Colorado.EDU>
  5 | 
  6 | module main(LINE1, LINE2, OUTP, OVERFLW, clock);
  7 |     input  LINE1, LINE2;
  8 |     output OUTP, OVERFLW;
  9 |     input  clock;
 10 | 
 11 |     reg    OUTP, OVERFLW;
 12 |     reg [2:0] stato;
 13 | 
 14 |     parameter a=0;
 15 |     parameter b=1;
 16 |     parameter c=2;
 17 |     parameter e=3;
 18 |     parameter f=4;
 19 |     parameter g=5;
 20 |     parameter wf0=6;
 21 |     parameter wf1=7;
 22 | 
 23 |   initial begin
 24 | 	stato = a;
 25 | 	OUTP = 0;
 26 | 	OVERFLW = 0;
 27 |   end
 28 | 
 29 |     always @ (posedge clock) begin
 30 | 	case (stato)
 31 | 	  a: begin
 32 | 	      if (LINE1 & LINE2)
 33 | 		stato = f;
 34 | 	      else
 35 | 		stato = b;
 36 | 	      OUTP = LINE1 ^ LINE2;
 37 | 	      OVERFLW = 0;
 38 | 	  end
 39 | 	  e: begin
 40 | 	      if (LINE1 & LINE2)
 41 | 		stato = f;
 42 | 	      else
 43 | 		stato = b;
 44 | 	      OUTP = LINE1 ^ LINE2;
 45 | 	      OVERFLW = 1;
 46 | 	  end
 47 |           b: begin
 48 |               if (LINE1 & LINE2)
 49 |                 stato = g;
 50 |               else 
 51 |                 stato = c;
 52 | 	      OUTP = LINE1 ^ LINE2;
 53 | 	      OVERFLW = 0;
 54 |           end
 55 |           f: begin
 56 |               if (LINE1 | LINE2)
 57 |                 stato = g;
 58 |               else
 59 |                 stato = c;
 60 | 	      OUTP = ~(LINE1 ^ LINE2);
 61 | 	      OVERFLW = 0;
 62 |           end
 63 |           c: begin
 64 |               if (LINE1 & LINE2)
 65 |                 stato = wf1;
 66 |               else
 67 |                 stato = wf0;
 68 |               OUTP = LINE1 ^ LINE2;
 69 | 	      OVERFLW = 0;
 70 |           end
 71 | 	  g: begin
 72 |               if (LINE1 | LINE2)
 73 |                 stato = wf1;
 74 |               else
 75 |                 stato = wf0;
 76 | 	      OUTP = ~(LINE1 ^ LINE2);
 77 | 	      OVERFLW = 0;
 78 |           end
 79 |           wf0: begin
 80 |               if (LINE1 & LINE2)
 81 |                 stato = e;
 82 |               else
 83 |                 stato = a;
 84 | 	      OUTP = LINE1 ^ LINE2;
 85 | 	      OVERFLW = 0;
 86 |           end
 87 |           wf1: begin
 88 |               if (LINE1 | LINE2)
 89 |                 stato = e;
 90 |               else             
 91 |                 stato = a;
 92 | 	      OUTP = ~(LINE1 ^ LINE2);
 93 | 	      OVERFLW = 0;
 94 |           end
 95 | 	endcase
 96 |     end
 97 | 
 98 |   assert property (OVERFLW==1 |-> ##2 (OVERFLW==0));
 99 | 
100 | endmodule // b01
101 | 


--------------------------------------------------------------------------------
/unsafe/b01/note:
--------------------------------------------------------------------------------
1 | Verilog design fails at bound=7. The design is safe up to a bound of 6.
2 | C design fails at bound=6. The design is safe up to a bound of 5.
3 | 


--------------------------------------------------------------------------------
/unsafe/b01/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | --unwind 6
4 | ^EXIT=10$
5 | ^SIGNAL=0$
6 | ^VERIFICATION FAILED$
7 | 


--------------------------------------------------------------------------------
/unsafe/b02/note:
--------------------------------------------------------------------------------
1 | Verilog design fails at bound=5. The design is safe up to a bound of 4.
2 | C design fails at bound=3. The design is safe up to a bound of 2.
3 | 


--------------------------------------------------------------------------------
/unsafe/b02/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | --unwind 3
4 | ^EXIT=10$
5 | ^SIGNAL=0$
6 | ^VERIFICATION FAILED$
7 | 


--------------------------------------------------------------------------------
/unsafe/non-pipelined-microprocessor/test.desc:
--------------------------------------------------------------------------------
1 | CORE
2 | main.c
3 | 
4 | ^EXIT=10$
5 | ^SIGNAL=0$
6 | ^VERIFICATION FAILED$
7 | 


--------------------------------------------------------------------------------
/unsafe/result.sh:
--------------------------------------------------------------------------------
 1 | if [ "$WORKSPACE" == "" ]
 2 | then
 3 | echo "WORKSPACE is not set"
 4 | exit 1
 5 | fi
 6 | 
 7 | #for all dirs
 8 | for dir in `ls $WORKSPACE`
 9 | do
10 |   #echo "checking " $dir
11 |   python statistics.py $WORKSPACE/$dir/ 
12 | done  
13 | 


--------------------------------------------------------------------------------
/unsafe/statistics.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | 
 3 | import sys
 4 | import re
 5 | import subprocess
 6 | import csv
 7 | import os
 8 | 
 9 | def processfile():
10 | 
11 |   src_path=sys.argv[1]
12 |   
13 |   properties=0
14 |   verified_prop=0
15 |   false_prop=0
16 |   inconclusive_prop=0
17 |   timeout_prop=0
18 |   memout_prop=0
19 |   error_prop=0
20 |   sum_runtime=0.0
21 |   sum_peak_memory=0.0
22 |   decisions=0
23 |   propagations=0
24 |   conflicts=0
25 |   conflict_literals=0
26 |   learnt_clauses=0
27 | 
28 |   # temporary variable
29 |   status=""
30 |   f_name=""
31 |   func_name=""
32 |   time=""
33 |   ver_time=0.0
34 |   total_time=0.0
35 | 
36 |   status_decision = re.compile("Decisions::") 
37 |   status_propagation = re.compile("Propagation::") 
38 |   status_conflict  = re.compile("Learning Iterations::")
39 |   status_conflict_literal = re.compile("Learnt literals::")
40 |   status_learnt_clauses = re.compile("Learnt clauses::")
41 |   status_time = re.compile("User time")
42 |   
43 |   for root, dirs, filenames in os.walk(src_path):
44 |     for f in filenames:
45 |       if f.endswith(".out"):
46 |         log = open(src_path + f, 'r')
47 |         lines=[line for line in log]
48 |  
49 |          
50 |         for line in lines:
51 |           if status_decision.search(line):
52 |             cols=line.split('::')
53 |             str1=cols[1].lstrip()
54 |             dec=str1.split(' ',1)[0]
55 |             num = int(dec)
56 |             decisions=decisions+num;
57 |           if status_propagation.search(line):
58 |             cols=line.split('::')
59 |             str1=cols[1].lstrip()
60 |             prop=str1.split(' ',1)[0]
61 |             num = int(prop)
62 |             propagations=propagations+num;
63 |           if status_conflict.search(line):
64 |             cols=line.split('::')
65 |             str1=cols[1].lstrip()
66 |             #str2=st1.rstrip()
67 |             con=str1.split(' ',1)[0]
68 |             num = int(con)
69 |             conflicts=conflicts+num
70 |           if status_conflict_literal.search(line):
71 |             cols=line.split('::')
72 |             str1=cols[1].lstrip()
73 |             lit=str1.split(' ',1)[0]
74 |             num = int(lit)
75 |             conflict_literals=conflict_literals+num
76 |           if status_learnt_clauses.search(line):
77 |             cols=line.split('::')
78 |             str1=cols[1].lstrip()
79 |             res=str1.split(' ',1)[0]
80 |             num = int(res)
81 |             learnt_clauses=learnt_clauses+num
82 |           if status_time.search(line):
83 |             cols=line.split(':')
84 |             str1=cols[1].lstrip()
85 |             time=str1.split(' ',1)[0]
86 |         #report.writerow([decisions,propagations,conflicts,conflict_literals,learnt_clauses]) 
87 | 
88 |         print root, decisions, propagations, conflicts, conflict_literals, learnt_clauses, time 
89 |   
90 |   #report_file=open('statistics.csv', 'wb')
91 |   #report = csv.writer(report_file, delimiter=',',
92 |   #    quotechar='|', quoting=csv.QUOTE_MINIMAL)
93 |   #report.writerow(['decisions', 'propagations', 'conflicts', 'conflict literals', 'learnt clauses']) 
94 |   #report.writerow([decisions,propagations,conflicts,conflict_literals,learnt_clauses]) 
95 |    
96 | processfile()            
97 | 


--------------------------------------------------------------------------------
/unsafe/statistics.sh:
--------------------------------------------------------------------------------
1 | WORKSPACE=~/TACAS17-experiments/acdcl-benchmarks/v2c-benchmarks/ ./result.sh
2 | 


--------------------------------------------------------------------------------