Results 1  10
of
77
Formal Verification by Symbolic Evaluation of PartiallyOrdered Trajectories
 Formal Methods in System Design
, 1993
"... Symbolic trajectory evaluation provides a means to formally verify properties of a sequential system by a modified form of symbolic simulation. The desired system properties are expressed in a notation combining Boolean expressions and the temporal logic "nexttime" operator. In its simplest form ..."
Abstract

Cited by 99 (25 self)
 Add to MetaCart
Symbolic trajectory evaluation provides a means to formally verify properties of a sequential system by a modified form of symbolic simulation. The desired system properties are expressed in a notation combining Boolean expressions and the temporal logic "nexttime" operator. In its simplest form, each property is expressed as an assertion [A =) C], where the antecedent A expresses some assumed conditions on the system state over a bounded time period, and the consequent C expresses conditions that should result. A generalization allows simple invariants to be established and proven automatically. The verifier operates on system models in which the state space is ordered by "information content". By suitable restrictions to the specification notation, we guarantee that for every trajectory formula, there is a unique weakest state trajectory that satisfies it. Therefore, we can verify an assertion [A =) C] by simulating the system over the weakest trajectory for A and testing...
HOL Light: A tutorial introduction
 Proceedings of the First International Conference on Formal Methods in ComputerAided Design (FMCAD’96), volume 1166 of Lecture Notes in Computer Science
, 1996
"... HOL Light is a new version of the HOL theorem prover. While retaining the reliability and programmability of earlier versions, it is more elegant, lightweight, powerful and automatic; it will be the basis for the Cambridge component of the HOL2000 initiative to develop the next generation of HOL th ..."
Abstract

Cited by 70 (9 self)
 Add to MetaCart
HOL Light is a new version of the HOL theorem prover. While retaining the reliability and programmability of earlier versions, it is more elegant, lightweight, powerful and automatic; it will be the basis for the Cambridge component of the HOL2000 initiative to develop the next generation of HOL theorem provers. HOL Light is written in CAML Light, and so will run well even on small machines, e.g. PCs and Macintoshes with a few megabytes of RAM. This is in stark contrast to the resourcehungry systems which are the norm in this field, other versions of HOL included. Among the new features of this version are a powerful simplifier, effective first order automation, simple higherorder matching and very general support for inductive and recursive definitions.
Mechanizing Programming Logics in Higher Order Logic
 in Current Trends in Hardware Verification and Automated Theorem Proving, ed. P.A. Subrahmanyam and Graham Birtwistle
, 1989
"... Formal reasoning about computer programs can be based directly on the semantics of the programming language, or done in a special purpose logic like Hoare logic. The advantage of the first approach is that it guarantees that the formal reasoning applies to the language being used (it is well known, ..."
Abstract

Cited by 59 (3 self)
 Add to MetaCart
Formal reasoning about computer programs can be based directly on the semantics of the programming language, or done in a special purpose logic like Hoare logic. The advantage of the first approach is that it guarantees that the formal reasoning applies to the language being used (it is well known, for example, that Hoare’s assignment axiom fails to hold for most programming languages). The advantage of the second approach is that the proofs can be more direct and natural. In this paper, an attempt to get the advantages of both approaches is described. The rules of Hoare logic are mechanically derived from the semantics of a simple imperative programming language (using the HOL system). These rules form the basis for a simple program verifier in which verification conditions are generated by LCFstyle tactics whose validations use the derived Hoare rules. Because Hoare logic is derived, rather than postulated, it is straightforward to mix semantic and axiomatic reasoning. It is also straightforward to combine the constructs of Hoare logic with other applicationspecific notations. This is briefly illustrated for various logical constructs, including termination statements, VDMstyle ‘relational’ correctness specifications, weakest precondition statements and dynamic logic formulae. The theory underlying the work presented here is well known. Our contribution is to propose a way of mechanizing this theory in a way that makes certain practical details work out smoothly.
Microprocessor Design Verification
 Journal of Automated Reasoning
, 1989
"... The verification of a microprocessor design has been accomplished using a mechanical theorem prover. This microprocessor, the FM8502, is a 32bit general purpose, von Neumann processor whose designlevel (gatelevel) specification has been verified with respect to its instructionlevel specification ..."
Abstract

Cited by 59 (3 self)
 Add to MetaCart
The verification of a microprocessor design has been accomplished using a mechanical theorem prover. This microprocessor, the FM8502, is a 32bit general purpose, von Neumann processor whose designlevel (gatelevel) specification has been verified with respect to its instructionlevel specification. Both specifications were written in the BoyerMoore logic, and the proof of correctness was carried out with the BoyerMoore theorem prover.
Natural Deduction as HigherOrder Resolution
 Journal of Logic Programming
, 1986
"... An interactive theorem prover, Isabelle, is under development. In LCF, each inference rule is represented by one function for forwards proof and another (a tactic) for backwards proof. In Isabelle, each inference rule is represented by a Horn clause. ..."
Abstract

Cited by 54 (8 self)
 Add to MetaCart
An interactive theorem prover, Isabelle, is under development. In LCF, each inference rule is represented by one function for forwards proof and another (a tactic) for backwards proof. In Isabelle, each inference rule is represented by a Horn clause.
Set theory for verification: I. From foundations to functions
 J. Auto. Reas
, 1993
"... A logic for specification and verification is derived from the axioms of ZermeloFraenkel set theory. The proofs are performed using the proof assistant Isabelle. Isabelle is generic, supporting several different logics. Isabelle has the flexibility to adapt to variants of set theory. Its higherord ..."
Abstract

Cited by 46 (18 self)
 Add to MetaCart
A logic for specification and verification is derived from the axioms of ZermeloFraenkel set theory. The proofs are performed using the proof assistant Isabelle. Isabelle is generic, supporting several different logics. Isabelle has the flexibility to adapt to variants of set theory. Its higherorder syntax supports the definition of new binding operators. Unknowns in subgoals can be instantiated incrementally. The paper describes the derivation of rules for descriptions, relations and functions, and discusses interactive proofs of Cantor’s Theorem, the Composition of Homomorphisms challenge [9], and Ramsey’s Theorem [5]. A generic proof assistant can stand up against provers dedicated to particular logics. Key words. Isabelle, set theory, generic theorem proving, Ramsey’s Theorem,
A Platform for Combining Deductive with Algorithmic Verification
 Proc. 8 th Intl. Conference on Computer Aided Verification (CAV’96), volume 1102 of Lect. Notes in Comp. Sci
"... . We describe a computeraided verification system which combines deductive with algorithmic (modelchecking) verification methods. The system, called tlv (for temporal verification system), is constructed as an additional layer superimposed on top of the cmu smv system, and can verify finitesta ..."
Abstract

Cited by 42 (16 self)
 Add to MetaCart
. We describe a computeraided verification system which combines deductive with algorithmic (modelchecking) verification methods. The system, called tlv (for temporal verification system), is constructed as an additional layer superimposed on top of the cmu smv system, and can verify finitestate systems relative to linear temporal logic (ltl) as well as ctl specifications. The systems to be verified can be either hardware circuits written in the smv design language or finitestate reactive programs written in a simple programming language (spl). The paper presents a common computational model which can support these two types of applications and a highlevel interactive language tlvBasic, in which temporal verification rules, proofs, and complex assertions can be written. We illustrate the efficiency and generality gained by combining deductive with algorithmic techniques on several examples, culminating in verification of fragments of the Futurebus+ system. In the ana...
Experience with embedding hardware description languages in HOL
 Theorem Provers in Circuit Design
, 1992
"... Abstract The semantics of hardware description languages can be represented in higher order logic. This provides a formal definition that is suitable for machine processing. Experiments are in progress at Cambridge to see whether this method can be the basis of practical tools based on the HOL theor ..."
Abstract

Cited by 39 (4 self)
 Add to MetaCart
Abstract The semantics of hardware description languages can be represented in higher order logic. This provides a formal definition that is suitable for machine processing. Experiments are in progress at Cambridge to see whether this method can be the basis of practical tools based on the HOL theoremproving assistant. Three languages are being investigated: ELLA, Silage and VHDL. The approaches taken for these languages are compared and current progress on building semanticallybased theoremproving tools is discussed.
Pebble: A Language For Parametrised and Reconfigurable Hardware Design
 in FieldProgrammable Logic and Applications From FPGAs to Computing Paradigm
, 1998
"... Abstract. Pebble is a simple language designed to improve the productivity and effectiveness of hardware design. It improves productivity by adopting reusable wordlevel and bitlevel descriptions which can be customised by different parameter values, such as design size and the number of pipeline s ..."
Abstract

Cited by 34 (12 self)
 Add to MetaCart
Abstract. Pebble is a simple language designed to improve the productivity and effectiveness of hardware design. It improves productivity by adopting reusable wordlevel and bitlevel descriptions which can be customised by different parameter values, such as design size and the number of pipeline stages. Such descriptions can be compiled without flattening into various VHDL dialects. Pebble improves design effectiveness by supporting optional constraint descriptions, such as placement attributes, at various levels of abstraction; it also supports runtime reconfigurable design. We introduce Pebble and the associated tools, and illustrate their application to VHDL library development and reconfigurable designs for Field Programmable Gate Arrays (FPGAs). 1