Abstract not found

Gurevich's Abstract State Machines (ASM) constitute a highlevel specification language for a wide range of applications. The existing tool support for ASM---currently including type-checking, simulation and debugging---should be extended to support computer-aided verification, in particular by model checking. In this paper we introduce an interface from our existing tool environment to the model checker SMV, based on a transformation which maps a large subset of ASM into the SMV language. Through a case study we show how model checking the transformed specification can ease the validation process and what can be done to render an ASM system specification feasible for a model checker. 1 Introduction Gurevich's Abstract State Machines (ASM) [6] constitute a simple but powerful method for specifying and modelling software and hardware systems. Existing case studies include specifications of distributed protocols, architectures, embedded systems, programming languages, etc. (see...

In this paper we present several practical methods for formally verifying an Asynchronous Transfer Mode (ATM) network switching fabric using the Verification Interacting with Synthesis (VIS) tool. We produced Verilog RTL behavioral and netlist structural descriptions of the switch fabric at different levels of hierarchy and established several abstracted models of the fabric. Using various techniques presented in the paper, we provided a number of relevant liveness and safety properties expressible in CTL, and accomplished their verification in reasonable CPU time. Moreover, we performed equivalence checking between the structural and behavioral descriptions of each submodule of the implementation hierarchy.

In this paper we present our results on formally verifying the implementation of an Asynchronous Transfer Mode (ATM) network switching fabric using a new class of decision graphs, called Multiway Decision Graphs (MDG). The design we consider is in use for real applications in the Cambridge Fairisle network. We produced the description of the hardware implementation at different levels of abstraction. We then performed the verification of an abstract description model against the description of the gate-level implementation. Using this abstract model, we accomplished the verification of specific properties that reflect the behavior of the Fairisle ATM switch fabric.

) Ranko Lazi'c y Bill Roscoe z To be presented at INFINITY '98 (Revised version. July 7, 1998.) Abstract Our main result says that determinism of a concurrent system which uses unbounded arrays (i.e. memories) can be verified by considering an appropriate finite array size. That is made possible by restricting the ways in which array indices and values can be used within the system. The restrictions are those of data independence: the system must not perform any operations on the indices and values, but it is only allowed to input them, store them, and output them. Equality tests between indices are also allowed. The restrictions are satisfied by many concurrent systems which use arrays to model memories or databases. As a case study, we have verified that a database system which allows users to lock, read and write records at multiple security levels is secure. 1 The Parameterised Verification Problem Concurrent systems are frequently infinite-state because they have...

Multiway Decision Graphs (MDGs) have recently been proposed as an efficient representation tool for RTL designs. In this paper we demonstrate the MDG-based formal verification technique on the example of the Island Tunnel Controller. We also provide comparative experimental results for the verification of a number of properties using two well-known ROBDD-based verification tools SMV (Symbolic Model verifier) and VIS (Verification Interacting with Synthesis). Finally, we study in detail the non-termination problem of the abstract state enumeration and present an solution.

Systematic user errors commonly occur in the use of interactive systems. We describe a formal reusable user model implemented in higher-order logic that can be used for machine-assisted reasoning about user errors. The core of this model is a series of non-deterministic guarded temporal rules. We consider how this approach allows errors of various specific kinds to be detected by proving a single theorem about a device. We illustrate the approach using a simple case study.

Traditional OBDD-based methods of automated verification suffer from the drawback that they require a binary representation of the circuit. Multiway Decision Graphs (MDGs) [5] combine the advantages of OBDD techniques with those of abstract types. RTL designs can be compactly described by MDGs using abstract data values and uninterpreted function symbols. We have developed MDGbased techniques for combinational verification, reachability analysis, verification of behavioral equivalence, and verification of a microprocessor against its instruction set architecture. We report on the results of several verification experiments using our MDG package. I. Introduction Bryant's Reduced and Ordered Binary Decision Diagrams (OBDDs) [1] have proved to be a powerful tool for automated hardware verification [2, 6, 12]. OBDDs, however, have a drawback: they require a binary representation of the circuit even if the design is given at the Register Transfer Level. Every individual bit of every data ...

We consider the problem of bounded model checking of systems expressed in a decidable fragment of first-order logic. While model checking is not guaranteed to terminate for an arbitrary system, it converges for many practical examples, including pipelined processors. We give a new formal definition of convergence that generalizes previously stated criteria. We also give a sound semidecision procedure to check this criterion based on a translation to quantified separation logic. Preliminary results on simple pipeline processor models are presented.

We present an automated formal verification method that can detect common pipeline-control bugs of logic-design components containing thousands of registers. The method models logic designs using controlled token nets. A controlled token net consists of: a token net that models the data flow in the datapath using token semantics; a control logic that models the control machines using traditional finite state semantics. We provide algorithms to (1) extract a controlled token net from a logic design, (2) minimize the controlled token net, and (3) compute an abstract interpretation of the controlled token net for efficient model checking. We implemented and applied the method to 6 Intel logic-design components containing up to 4500 registers and successfully detected 8 pre-silicon errata. 1.1 Keywords Pipeline control verification, controlled token net, abstract interpretation, processor verification, model checking, formal verification, functional verification, computer-aided design 2.