Skip to content
STIMSMITH

circuit-agnostic property checker

Concept

A circuit-agnostic property checker is a reusable verification component in the rtlv framework that, given a Rosette circuit model and a list of performance hints, decides whether the circuit satisfies a target property. Its defining feature is a hint interface whose hints are untrusted—the checker is sound regardless of the hints supplied, allowing developers to freely experiment with optimizations without invalidating the correctness of the resulting proof.

First seen 6/9/2026
Last seen 6/9/2026
Evidence 4 chunks
Wiki v1

WIKI

Circuit-agnostic Property Checker

A circuit-agnostic property checker is a reusable verification component in the rtlv framework that operates on a generic Rosette circuit model rather than on a specific Verilog design, and decides whether the modeled circuit satisfies a target security or correctness property. The same checker implementation can be reused across multiple circuits, avoiding per-circuit duplication of verification logic.

Role in the rtlv Workflow

READ FULL ARTICLE →

NEIGHBORHOOD

3 nodes · 3 edges
graph · circuit-agnostic property checker · depth=1

RELATIONSHIPS

2 connections
rtlv ← implements 100% 2e
rtlv enables development of circuit-agnostic property checkers with a performance hint interface.
rtlv/shiva ← implements 100% 2e
rtlv/shiva is a concrete implementation of a circuit-agnostic property checker with a performance hint interface.

LINKED ENTITIES

2 links
rtlv IMPLEMENTS Extracted graph relationship
rtlv/shiva IMPLEMENTS Extracted graph relationship

CITATIONS

10 sources
10 citations — click to expand
[1] rtlv enables the development of reusable circuit-agnostic property checkers that have a performance hint interface. rtlv: push-button verification of software on hardware
[2] A circuit-agnostic property checker operates on a Rosette circuit model (including the step function and register names), executes the circuit based on the model provided, and returns whether or not the circuit satisfies the target property. rtlv: push-button verification of software on hardware
[3] The property checker exposes a performance hint interface that allows a developer to suggest state transformations to reduce the size of symbolic expressions and simplify symbolic execution and the final solver query. rtlv: push-button verification of software on hardware
[4] rtlv/shiva supports the abstract, overapproximate, and abstract-or-overapproximate-vector performance hints over circuit-state fields. rtlv: push-button verification of software on hardware
[5] The property checker is sound and the performance hints are untrusted: hints cannot cause a false 'OK' result, only reduced performance or failure to prove the property. rtlv: push-button verification of software on hardware
[6] Encapsulating the trusted state-transformation code in a non-circuit-specific checker allows developers to apply performance hints as needed while maintaining high confidence in the proof's correctness. rtlv: push-button verification of software on hardware
[7] The same circuit-agnostic property checker (rtlv/shiva) was reused to verify output determinism for both the MicroTitan and the PicoRV32 SoCs. rtlv: push-button verification of software on hardware
[8] Output determinism requires a circuit's outputs to not depend on data present in the circuit state prior to reset, and is implied by deterministic start (clearing all circuit state on reset). rtlv: push-button verification of software on hardware
[9] The rtlv workflow compiles Verilog through Yosys to SMT-LIB, then via #lang yosys to a Rosette model, which the circuit-agnostic property checker consumes together with performance hints to produce a verification result. rtlv: push-button verification of software on hardware
[10] The rtlv paper provides, as a contribution, an example circuit-agnostic property checker (rtlv/shiva) for verifying a security property similar to the microarchitectural state clearing property. rtlv: push-button verification of software on hardware