Git Product home page Git Product logo

cosa's Introduction

CoSA: CoreIR Symbolic Analyzer SMT-based symbolic model checker for hardware design.


CoSA supports a variety of input formats:

  • CoreIR
  • BTOR2
  • Verilog (with Yosys)
  • SystemVerilog (with Verific)
  • Symbolic Transition System (STS)
  • Explicit states Transition System (ETS)

and verifications:

  • Invariant Properties
  • Linear Temporal Logic (LTL) Properties
  • Proving capabilities
  • Equivalence Checking
  • Parametric (Invariant) Model Checking
  • Fault Analysis
  • Automated Lemma Extraction


  1. pip3 install cosa to install CoSA, and its dependencies i.e., PySMT, PyCoreIR, and PyVerilog
  2. pysmt-install --msat to install MathSAT5 solver (it provides interpolation support), or pysmt-install --cvc4 for CVC4 and pysmt-install --z3 for Z3 and pysmt-install --btor for Boolector
  3. pysmt-install --env to show the environment variables that need to be exported

Software requirements:

  • Python3 -- Full support requires Python3.6 or higher, however running without the CoreIR inputs should work on older Python 3 versions
  • Pip3: package manager -- easiest way to install CoSA. On Debian: apt-get update; apt-get install python3-pip.
  • Cmake and a standard C++ compiler for CoreIR / PyCoreIR
  • Yosys needs to be installed in order to support Verilog as an input format
  • Verific binaries or Yosys built with Verific library in order to support SystemVerilog as an input format [Commercial Tool]

Installation from Source

  • Install Git
  • git clone
  • cd CoSA
  • pip3 install -e .

Pip will automatically install the Python dependencies. To install Yosys for Verilog support, follow the instructions here.

Note: If running in a Python virtualenv, pip will install the CoSA script in ~/.local/bin, so be sure it's added to your PATH with export PATH=~/.local/bin:$PATH.

To run tests (tests include Veriog models and thus require Yosys):

  • nosetests tests


To start playing with the tool, you can run:

  1. CoSA -h shows the helper with command options
  2. CoSA -i examples/counters/counters.json --verification simulation -k 7 generates a system execution with depth 7
  3. CoSA -i examples/counters/counters.json --safety -p "!(count0.a.out = 5_16)" -k 7 performs reachability model checking with property count0.a.out != 5 as a 16-bit Bitvector
  4. CoSA --problem examples/counter/problem.txt --prefix trace performs liveness (GF) and finally (F) checking on the counter.json model using the problem definition
  5. CoSA --problem examples/fold-constants/problem.txt performs equivalence checking using lemmas

For more information, please refer to the CoSA user manual.


  1. install Docker with your package manager e.g., sudo apt-get install docker
  2. build the Docker image: cd docker/ubuntu_1604 && docker build -t ubuntu-cosa .
  3. run the Docker image: docker run -i -t ubuntu-cosa /bin/bash


CoSA is released under the modified BSD (3-clause BSD) License.

If you use CoSA in your work, please consider citing the following publication:

   author    = {Cristian Mattarei and
               Makai Mann and
               Clark Barrett and
               Ross G. Daly and
               Dillon Huff and
               Pat Hanrahan},
  title     = {{CoSA: Integrated Verification for Agile Hardware Design}},
  booktitle = {Formal Methods in Computer-Aided Design, {FMCAD} 2018, Austin, Texas,
               USA, October 30 - November 2, 2018.},
  publisher = {{IEEE}},
  year      = {2018}

Build Status

cosa's People


cristian-mattarei avatar lonsing avatar makaimann avatar zsisco avatar


 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar


 avatar  avatar  avatar  avatar  avatar  avatar  avatar

cosa's Issues


Is there any way to get hold of a copy of the award-winning CoSA2?

I am currently working on a tool that emits bounded model checking problems in BTOR2 and SMT2 format. There are some problems where yices (+SMT2 encoding) does a lot better than btormc on the BTOR2 encoding.
It would be great if I had another fast model checker to compare with.

A question about CoSa and Pono workflow

For the current workflow in CoSa and Pono - is it possible to load the BTOR2 file with the Verilog model with no assertions and add "assertions" trough Python API?

If it's possible and stable - will you advise Pono or CoSa for that?

The goal is to formally check the Verilog modules in a more flexible way than open-source Yosys supports currently (with Python probably).

Feature Idea: Synchronize clocks

It might be nice to have an option to automatically synchronize and abstract clocks.

For the yosys/btor frontend, this would just mean adding the async2sync pass. For other frontends (e.g. coreir) this would just call add-clock and abstract_clock.

We should support add-clock for btor input too, just need to search inputs for clock or clk.

Yosys Verilog Frontend Might Blast Memories to Registers

Sometimes the yosys frontend will elect to turn memories into a sequence of registers. Additionally, it might fail for latches.

Suggested fixes:

  • always read the verilog with the -nolatches switch
  • when no_arrays=False (the default), run with -nomem2reg and memory -nomap

It might be worth it to always use read instead of read_verilog or verific as well.

cosa distributed with older version of bit_vector

I was looking at, and if I download CoSA-0.2.4.tar.gz and look in the archive, I see:

❯ ls
CoSA.egg-info PKG-INFO      README.rst    bit_vector    cosa          setup.cfg

It looks like cosa is being distributed with an older version of the bit_vector package.

This breaks compatibility with repos like, where we use both cosa and bit_vector, but are expecting a newer version of bit_vector. Any chance we could get cosa upgraded to a newer version?

Alternatively, can CoSA rename the older bit_vector it's packaged with to something else? E.g. cosa_bit_vector, this would at least avoid the name conflict. This is probably the quicker work around to unblock our issue.

Parsing errors don’t give line numbers

Just a reminder for me to address this when there’s time. It would be nice if parsing errors gave a line number. Especially for STS/ETS files. This might be harder for problem/property/assumption files.

[btor2] Initialize array with scalar constant

The btor2 format allows initializing arrays with scalar constants:

initializing a memory with a bit-vector constant zero, zero-initializes the whole memory

CoSA fails to translate this simplified example (which works fine with btormc):

15 sort bitvec 2
26 sort bitvec 9
63 sort array 26 15
64 const 15 00
65 state 63 memory
66 init 63 65 64

The error message is:

pysmt.exceptions.PysmtTypeError: The formula '(memory = 0_2)' is not well-formed

Unable to access symbols defined within Verilog modules

When I run CoSA --problems examples/counters/problem_verilog.txt from within my unmodified CosA repo copy, it complains that it cannot access the symbol counter_2.out when trying the task [counter_2_reaches_1]:

❯ CoSA master* ⇣ CoSA --problems examples/counters/problem_verilog.txt            
/usr/local/lib/python3.8/site-packages/pysmt/walkers/ DeprecationWarning: Using or importing the ABCs from 'collections' instead of from '' is deprecated since Python 3.3, and in 3.9 it will stop working
  if len(nodetypes) == 1 and isinstance(nodetypes[0], collections.Iterable):
Parsing file "examples/counters/counters.v"... DONE
Parsing file "examples/counters/toggle-clk1.ssts"... DONE
Solving "counter_out_0" .. TRUE
Solving "counter_2_reaches_1_0" Traceback (most recent call last):
  File "/Users/mdko/CoSA/cosa/analyzers/", line 651, in convert_formula
    with as f:
  File "/usr/local/Cellar/[email protected]/3.8.5/Frameworks/Python.framework/Versions/3.8/lib/python3.8/", line 1218, in open
    return, mode, buffering, encoding, errors, newline,
  File "/usr/local/Cellar/[email protected]/3.8.5/Frameworks/Python.framework/Versions/3.8/lib/python3.8/", line 1074, in _opener
    return, flags, mode)
FileNotFoundError: [Errno 2] No such file or directory: 'examples/counters/F(counter_2.out = 1_8)'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/pysmt/", line 119, in get_symbol
    return self.symbols[name]
KeyError: 'counter_2.out'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/CoSA", line 11, in <module>
    load_entry_point('CoSA', 'console_scripts', 'CoSA')()
  File "/Users/mdko/CoSA/cosa/", line 210, in main
  File "/Users/mdko/CoSA/cosa/", line 166, in run_problems
  File "/Users/mdko/CoSA/cosa/analyzers/", line 516, in solve_problems
    prop = self.convert_formula(,
  File "/Users/mdko/CoSA/cosa/analyzers/", line 657, in convert_formula
    converted_tuples = parser.parse_formulae([p.strip() for p in formula.split(MODEL_SP)])
  File "/Users/mdko/CoSA/cosa/encoders/", line 304, in parse_formulae
    formula = self.parse_formula(strform)
  File "/Users/mdko/CoSA/cosa/encoders/", line 294, in parse_formula
    return self.parse_string(quote_names(strformula))
  File "/Users/mdko/CoSA/cosa/encoders/", line 286, in parse_string
    return PrattParser(ExtLexer).parse(string)
  File "/usr/local/lib/python3.8/site-packages/pysmt/", line 486, in parse
    result = self.expression()
  File "/usr/local/lib/python3.8/site-packages/pysmt/", line 469, in expression
    left = t.nud(self)
  File "/usr/local/lib/python3.8/site-packages/pysmt/", line 529, in nud
    right = parser.expression(self.lbp)
  File "/usr/local/lib/python3.8/site-packages/pysmt/", line 468, in expression
    self.token = next(self.tokenizer)
  File "/usr/local/lib/python3.8/site-packages/pysmt/", line 74, in tokenize
    yield symbol(capture)
  File "/usr/local/lib/python3.8/site-packages/pysmt/", line 222, in identifier
    return Identifier(read, env=self.env)
  File "/usr/local/lib/python3.8/site-packages/pysmt/", line 326, in __init__
    self.value = env.formula_manager.get_symbol(name)
  File "/usr/local/lib/python3.8/site-packages/pysmt/", line 121, in get_symbol
    raise UndefinedSymbolError(name)
pysmt.exceptions.UndefinedSymbolError: 'counter_2.out' is not defined!

Do I need to add an output to the top-level Verilog module for each signal I wish to check, or is accessing the internal wires of Verilog modules supported like in CoreIR .json files?


Suggestion: Raw String for Regular Expression

Hi Makai,

On my machine (Ubuntu 18.04 Python 3.6.7), using escape generates warning like these:

 /home/hongce/CoSA/cosa/encoders/ DeprecationWarning: invalid escape sequence \w
  orig_lineno ="/\w.*\(\d+\)", line)

orig_lineno ="/\w.*\(\d+\)", line)

I have a suggestion to change it to raw string to get rid of these warnings.

  orig_lineno ="/\w.*\(\d+\)", line)

Possible regression in latest CoSA release (0.2.1)

Here are the necessary files


CoSA --problem problem_pe_sub.txt


** Problem PE check sub configuration **
Description: "Check configuring to opcode=1 results in read_data=1"
Result: FALSE
Expected: TRUE
FALSE != TRUE <<<---------| ERROR
---> INIT <---
  I: conf_done = 0_1
  I: self.I0 = 22_16
  I: self.I1 = 20_16
  I: self.O = 42_16
  I: self.clk = 0_1
  I: self.config_addr = 0_1
  I: self.config_data = 0_2
  I: self.config_en = 0_1
  I: self.read_data = 0_2
  I: self.reset = 0_1

---> STATE 1 <---
  S1: self.I0 = 18_16
  S1: self.I1 = 17_16
  S1: self.O = 35_16

---> STATE 2 <---
  S2: self.I0 = 15_16
  S2: self.I1 = 13_16
  S2: self.O = 28_16
  S2: self.reset = 1_1

---> STATE 3 <---
  S3: self.I0 = 11_16
  S3: self.I1 = 10_16
  S3: self.O = 21_16
  S3: self.reset = 0_1

---> STATE 4 <---
  S4: self.I0 = 8_16
  S4: self.I1 = 6_16
  S4: self.O = 14_16
  S4: self.clk = 1_1
  S4: self.config_data = 1_2
  S4: self.config_en = 1_1

---> STATE 5 <---
  S5: self.I0 = 4_16
  S5: self.I1 = 3_16
  S5: self.O = 7_16

---> STATE 6 <---
  S6: conf_done = 1_1
  S6: self.I0 = 1_16
  S6: self.I1 = 0_16
  S6: self.O = 1_16
  S6: self.clk = 0_1
  S6: self.config_data = 0_2
  S6: self.config_en = 0_1

This check used to pass on version 0.2.0. Let me know if this is actually an issue in the problem description rather than the checker.

The problem about installing CoSA.

Hi Mattarei,

When I try to install CoSA according to your instructions, some errors about collecting corei are appeared.

The error reports are shown as follows:

Collecting coreir
ERROR: Command errored out with exit status 1:
command: /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/ -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/private/tmp/pip-install-fV7cqe/coreir/'"'"'; file='"'"'/private/tmp/pip-install-fV7cqe/coreir/'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);'"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' egg_info --egg-base /private/tmp/pip-install-fV7cqe/coreir/pip-egg-info
cwd: /private/tmp/pip-install-fV7cqe/coreir/
Complete output (9 lines):
[proxychains] DLL init: proxychains-ng 4.14
[proxychains] DLL init: proxychains-ng 4.14
[proxychains] DLL init: proxychains-ng 4.14
Traceback (most recent call last):
File "", line 1, in
File "/private/tmp/pip-install-fV7cqe/coreir/", line 92
subprocess.check_call(["make", "-C", build_dir, f"-j{njobs}",
SyntaxError: invalid syntax
ERROR: Command errored out with exit status 1: python egg_info Check the logs for full command output.

How can I solve the problem?
Thanks a lot.

Enhancement Idea: Use Yosys through Python API

Yosys now has a Python API using boost_python. Enable it with:

We can use this to encode the Verilog directly from RTLIL instead of going through the BTOR format. This would give us much better control over the design and even allow us to dynamically run passes based on the contents of the design.

AttributeError: '_BVType' object has no attribute 'get_type'


I encountered an error when using the latest CoSA (both the master branch on github and the latest from pip3 seems to produce the same error message).

Here is the error message (on the AXI example):

~/case-studies/axi$ CoSA --problems problem.txt
Parsing file "axi.vlist"... Reading source files from "axi.vlist"... Traceback (most recent call last):
  File "/home/hongce/cosaEnv/bin/CoSA", line 11, in <module>
  File "/home/hongce/cosaEnv/lib/python3.6/site-packages/cosa/", line 209, in main
  File "/home/hongce/cosaEnv/lib/python3.6/site-packages/cosa/", line 165, in run_problems
  File "/home/hongce/cosaEnv/lib/python3.6/site-packages/cosa/analyzers/", line 364, in solve_problems
  File "/home/hongce/cosaEnv/lib/python3.6/site-packages/cosa/analyzers/", line 315, in parse_model
    (hts_a, inv_a, ltl_a) = parser.parse_file(filepath, general_config, flags)
  File "/home/hongce/cosaEnv/lib/python3.6/site-packages/cosa/encoders/", line 162, in parse_file
    ret = parser.parse_file(TMPFILE, config)
  File "/home/hongce/cosaEnv/lib/python3.6/site-packages/cosa/encoders/", line 100, in parse_file
    return self.parse_string(
  File "/home/hongce/cosaEnv/lib/python3.6/site-packages/cosa/encoders/", line 230, in parse_string
    output_symbol = Symbol(nids[1], original_symbol.get_type())
AttributeError: '_BVType' object has no attribute 'get_type'

I have CoSA installed in the virtual environment and the installed packages are:

bit-vector (0.39a0)
coreir (2.0.19)
CoSA (0.4)
Cython (0.29.2)
gmpy2 (2.0.8)
hwtypes (1.0.13)
Jinja2 (2.10)
MarkupSafe (1.0)
numpy (1.15.3)
pip (9.0.1)
pkg-resources (0.0.0)
pyparsing (2.4.0)
PySMT (0.8.0)
pyverilog (1.1.2)
setuptools (39.0.1)
six (1.12.0)
wheel (0.32.2)
z3-solver (

I have Python 3.6.8 on Ubuntu 18.04

Please don't hesitate to tell me if there is any additional information that I can provide.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.