The artifact for the paper: CIll: CTI-Guided Invariant Generation via LLMs for Model Checking
arXiv: https://arxiv.org/abs/2602.23389
cill-exp/
PROMPT.md # CIll prompt
README.md
deps/
yosys/ # Yosys (dependency)
yosys-slang/ # Yosys-Slang (dependency)
riscv-formal/ # riscv-formal (dependency)
nerv/
picorv32/
serv/
rIC3/ # rIC3 model checker
riscv-formal/ # riscv-formal checks
res/ # saved results / logs
tools/
analyze_stats.py
- Install Yosys-Slang globally by following
./deps/yosys-slang/README.md, then runmake install. - Install rIC3 globally by following
./rIC3/README.md:cargo install --path .. - Install Yosys globally by following
./deps/yosys/README.md - Install the
rIC3/tools/vcd_mcp.pyMCP into Codex. - Go to the
boilerplatedirectory undernerv/serv/picorv32and usegen.shto generate the checks. - Enter the generated check directory, use
PROMPT.mdin Codex, and run it usingGPT5.2-xhigh.
- For the
insnseries checks, we keep onlyo_mem_addr_matchfor load/store instructions, ando_rd_wdata_matchando_pc_wdata_matchfor the remaininginsnchecks, since the other properties can be proved by rIC3. - Cover and liveness cases are ignored.
- Historically, riscv-formal mainly targeted bounded checking. As a result, some checks may not be sound under unbounded proofs. For example,
rvfi_ordercan overflow and wrap around (loop back), which can interfere with certain checks. We prevent this by adding anassumeconstraint as shown below.
reg rvfi_order_loopback;
always @(posedge clock) begin
if (reset) begin
rvfi_order_loopback <= 0;
end else if (rvfi_valid && rvfi_order == {64{1'b1}}) begin
rvfi_order_loopback <= 1;
end
end
always_comb assume (!(rvfi_order_loopback && check));- For ease of agent analysis and to allow multiple checks to run concurrently, each check includes all RTL files via symbolic links.