Abstract not found

The Fairisle project was concerned with ATM in the local area. An earlier paper [9] described the preliminary work and plans for the project. Here we present the experiences we have had with the Fairisle network, describing how implementation has changed over the life of the project, the lessons learned, and some conclusions about the work so far. 1 Introduction The Fairisle project was a three year effort at the Computer Laboratory begun in October 1989, to design and build an ATM local area network, and to investigate the architecture and management algorithms appropriate to the local area. The project included the construction of ATM switches, host interfaces, device drivers, and management software. Within the Computer Laboratory, other research projects such as multimedia, operating systems, workstation architecture and distributed systems are now using the bandwidth provided by the Fairisle network, and providing the network with real data. This paper presents a report of the...

In this paper we present several practical methods for formally verifying an Asynchronous Transfer Mode (ATM) network switching fabric using the Verification Interacting with Synthesis (VIS) tool. We produced Verilog RTL behavioral and netlist structural descriptions of the switch fabric at different levels of hierarchy and established several abstracted models of the fabric. Using various techniques presented in the paper, we provided a number of relevant liveness and safety properties expressible in CTL, and accomplished their verification in reasonable CPU time. Moreover, we performed equivalence checking between the structural and behavioral descriptions of each submodule of the implementation hierarchy.

In this paper we present our results on formally verifying the implementation of an Asynchronous Transfer Mode (ATM) network switching fabric using a new class of decision graphs, called Multiway Decision Graphs (MDG). The design we consider is in use for real applications in the Cambridge Fairisle network. We produced the description of the hardware implementation at different levels of abstraction. We then performed the verification of an abstract description model against the description of the gate-level implementation. Using this abstract model, we accomplished the verification of specific properties that reflect the behavior of the Fairisle ATM switch fabric.

We describe a hybrid formal hardware verification tool that links the HOL interactive proof system and the MDG automated hardware verification tool. It supports a hierarchical verification approach that mirrors the hierarchical structure of designs. We obtain advantages of both verification paradigms. We illustrate its use by considering a component of a communications chip. Verification with the hybrid tool is significantly faster and more tractable than using either tool alone.

Introduction Communication networks are rapidly becoming all pervasive. Systems are increasingly being networked in the local area with applications using non-local services. In the wide area, telecommunications companies are turning to digital networks. As networks become all-pervasive, the consequences of errors in the design or implementation of network components become increasingly important. This is especially so if networks are used in safety-critical applications where communication problems could cause loss of life. For example a telephone network problem can contribute to loss of life if the emergency services cannot be contacted. Errors could cause the network to deadlock, particular links to crash, the service to be degraded to an unacceptable level, or even the whole network to crash. Network problems affect a wide range of users and applications and can cause whole systems or companies to grind to a halt [16, 17]. Asynchronous Transfer Mode (ATM) is a relatively

The MDG system is a decision diagram based verification tool, primarily designed for hardware verification. It is based on Multiway decision diagrams---an extension of the traditional ROBDD approach. In this paper we describe the formal verification of the component library of the MDG system, using HOL. The hardware component library, whilst relatively simple, has been a source of errors in an earlier developmental version of the MDG system. Thus verifying these aspects is of real utility towards the verification of a decision digram based verification system. This work demonstrates how machine assisted proof can be of practical utility when applied to a small focused problem.

We investigate the equivalence checking of the RTL hardware implementation of the Cambridge Fairisle Asynchronous Transfer Mode (ATM) 4 by 4 switch fabric against a high-level behavioral specification which has no restrictions with respect to the frame size, cell length or word width. The verification is based on the reachability analysis of the product machine of the implementation and the specification, both modeled as Abstract State Machines (ASM). Multiway Decision Graphs (MDG) are used to encode both the output and transition relations of ASMs and the set of reachable abstract states, allowing implicit abstract state enumeration. Since MDGs avoid model explosion induce...

Asynchronous Transfer Mode (ATM) has emerged as a backbone for high-speed broadband communications networks. In this paper we present ATM switch design starting from a parametric high-level model, validating the model using a combination of formal verification and simulation. We used a combination of theorem proving and model checking to discover bugs in the high-level model that was presumed correct using simulation. Parametric design validation obviates the need to validate specific ATM switch designs derived from the parametric model. 1 Introduction Asynchronous Transfer Mode (ATM) technology has emerged as a backbone for high-speed broadband communications networks [CFFT96]. An ATM network backbone typically consists of a number of small ATM switches interconnected in a matrix topology. An ATM switch takes data from input ports and forwards the input data to the proper output ports in the same order as the input data. An ATM switch is typically designed as a RAM-embedded Applicat...

. Designs are often modified for use in new circumstances. If formal proof is to be an acceptable verification methodology for industry, it must be capable of tracking design changes quickly. We describe our experiences formally verifying an implementation of an ATM network component, and on our subsequent verification of modified designs. Three of the designs verified are in use in a working network. They were designed and implemented with no consideration for formal methods. This case study gives an indication of the difficulties in formally verifying a real design and of subsequently tracking design changes. 1 Introduction Designs are often modified as requirements change. Such modifications often take a fraction of the original design time to complete. Even if a design can initially be validated in an acceptable time scale, formal verification is unlikely to be accepted if a similar amount of time is required to validate subsequent modified designs. It has been suggested that this...