Results 1 
7 of
7
Model Checking of Safety Properties
, 1999
"... Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region. Proof rules for the verification of safety properties have been developed in the proofbased approach to verification, making verification of safety properties simp ..."
Abstract

Cited by 103 (16 self)
 Add to MetaCart
Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region. Proof rules for the verification of safety properties have been developed in the proofbased approach to verification, making verification of safety properties simpler than verification of general properties. In this paper we consider model checking of safety properties. A computation that violates a general linear property reaches a bad cycle, which witnesses the violation of the property. Accordingly, current methods and tools for model checking of linear properties are based on a search for bad cycles. A symbolic implementation of such a search involves the calculation of a nested fixedpoint expression over the system's state space, and is often impossible. Every computation that violates a safety property has a finite prefix along which the property is violated. We use this fact in order to base model checking of safety properties on a search for ...
An introduction to requirements capture using pvs: Specification of a simple autopilot
, 1996
"... ..."
Formal Verification of Synthesized Analog Designs
 In: International Conference on Computer Design
, 1999
"... We present an approach for formal verification of the DC and low frequency behavior of synthesized analog designs containing linear components and components whose behavior can be represented by piecewise linear models. A formal model of the structural description of a synthesized design is extrac ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
We present an approach for formal verification of the DC and low frequency behavior of synthesized analog designs containing linear components and components whose behavior can be represented by piecewise linear models. A formal model of the structural description of a synthesized design is extracted from the sized component netlist produced by the synthesis tool, in terms of characteristic behavior of the components and various voltage and current laws. For the synthesized implementation to be correct, it must imply a formal model extracted from a user given behavior specification. Circuit implementation and expected behavior are both modeled in the PVS higherorder logic proof checker as linear functions and the PVS decision procedures are used to prove the implication. 1 Introduction The challenges in formally verifying an analog design are some what different from those in verifying digital designs. Analog components exhibit continuous time behavior often represented as an...
A Process Algebra Foundation for Reasoning about Core ELLA
, 1994
"... A process algebraic foundation is developed, for formal analysis of synchronous hardware designs using the commercially available hardware design language, ELLA. An underlying semantic foundation, based on input/outputtrace sets, is presented first through the use of state machines. Such a represent ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
A process algebraic foundation is developed, for formal analysis of synchronous hardware designs using the commercially available hardware design language, ELLA. An underlying semantic foundation, based on input/outputtrace sets, is presented first through the use of state machines. Such a representation enables direct application of standard, fully automated, trace equivalence checking tools. However, to overcome the computational limitations imposed by such analysis methods, the input/output trace semantics is represented through a synchronous process algebra, EPA. Primitive processes in EPA denote the behaviour of primitive hardware components, such as delays or multiplexers, with composition operators corresponding to the different ways in which behaviours may be built. Of particular significance is the parallel composition operator which captures the machinery for building networks from other components/networks. Actions in EPA are structured and signify the state of input and ou...
The State Evolution Method for Verifying Hardware Systems
, 1995
"... We present a novel state evolution method for establishing standard (strong) bisimulation, which gives a tractable verification approach for deterministic machines, possibly with infinite statespaces, and operates at an abstract level. The problem of establishing equivalence is reduced to one of ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
We present a novel state evolution method for establishing standard (strong) bisimulation, which gives a tractable verification approach for deterministic machines, possibly with infinite statespaces, and operates at an abstract level. The problem of establishing equivalence is reduced to one of proving the validity of a set of simpler (firstorder) logical verification conditions, generated from the state evolution expressions. The approach maintains a high degree of automation, a feature of statebased methods, whilst offering the potential of containing the usual growth in complexity of verification, one advantage of using theoremproving techniques. Keywords: symbolic verification, automatic hardware verification, theoremproving, hardware design aids. 1 Introduction One approach commonly used for establishing the behavioural equivalence of hardware systems uses statespace exploration to establish a bisimulation relation between the systems, modelled as labelled transit...
Coq and Hardware Verification: a Case Study
 TPHOLs'96, LCNS 1125
, 1996
"... . We present, on the example of a lefttoright comparator, several approaches for verifying a class of circuits with the Coq proofassistant. The great expressiveness of the Calculus of Inductive Constructions allows us to give precise and general specifications. Thanks to Coq's higherorder log ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
. We present, on the example of a lefttoright comparator, several approaches for verifying a class of circuits with the Coq proofassistant. The great expressiveness of the Calculus of Inductive Constructions allows us to give precise and general specifications. Thanks to Coq's higherorder logic, we state general results for establishing the correctness of such circuits. Finally, exploiting the constructive aspect of the logic, we show how to synthezise automatically a certified circuit from its specification. 1 Introduction During the past decade, intensive and dynamic research has developed in the field of mechanized theorem prover design, resulting in a great deal of new proof assistants. Hardware verification has been one of the original motivations and main applications of this area. Among the earliest and most significant achievements, let us mentionned the works of Gordon's group using HOL [14, 6] and the proof of the FM8501 [?] with Nqthm [5]. On the one hand, using ...
Specifications of the ATM Switch Fabric in Coq
, 1997
"... this report, we consider digital circuits. Describing circuits as mathematical objects corresponds to construct accurate formal specifications of these circuits on which it becomes possible to prove correctness properties. From this point of view, formal verification of circuits amounts to develop a ..."
Abstract
 Add to MetaCart
this report, we consider digital circuits. Describing circuits as mathematical objects corresponds to construct accurate formal specifications of these circuits on which it becomes possible to prove correctness properties. From this point of view, formal verification of circuits amounts to develop a proof which states that the representation of the circuit under consideration (structural specification) satisfies the representation of its intended behaviour (behavioural specification) that is to say what one expects from the circuit to be correct. In other words, establishing the correctness of a circuit is proving that its implementation is equivalent (or at least implies) its specification.