Results 1 
5 of
5
Experiences formally verifying a network component
 In Proceedings of the 9th Annual IEEE Conference on Computer Assurance
, 1994
"... Errors in network components can have disastrous e ects so it is important that all aspects of the design are correct. We describe our experiences formally verifying an implementation of an Asynchronous Transfer Mode (ATM) network switching fabric using the HOL90 theorem proving system. The design h ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
(Show Context)
Errors in network components can have disastrous e ects so it is important that all aspects of the design are correct. We describe our experiences formally verifying an implementation of an Asynchronous Transfer Mode (ATM) network switching fabric using the HOL90 theorem proving system. The design has been fabricated and is in use in the Cambridge Fairisle Network. It was designed and implemented with no consideration for formal speci cation or veri cation. This case study gives an indication of the di culties in formally verifying real designs. We discuss the time spent on the veri cation. This was comparable to the time spent designing and testing the fabric. We also describe the problems encountered and the errors discovered. 1
A unified approach for combining different formalisms for hardware verification
 PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON FORMAL METHODS IN COMPUTERAIDED DESIGN, VOLUME 1166 OF LECTURE NOTES IN COMPUTER SCIENCE
, 1996
"... Model Checking as the predominant technique for automatically verifying circuits suffers from the wellknown state explosion problem. This hinders the verification of circuits which contain nontrivial data paths. Recently, it has been shown that for those circuits it may be useful to separate the c ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
Model Checking as the predominant technique for automatically verifying circuits suffers from the wellknown state explosion problem. This hinders the verification of circuits which contain nontrivial data paths. Recently, it has been shown that for those circuits it may be useful to separate the control and data part prior to verification. This paper is also based on this idea and presents an approach for combining various proof approaches like model checking and theorem proving in a unifying framework. In contrast to other approaches, special proof procedures are available to verify circuits with data sensitive controllers, where a bidirectional signal flow between controller and data path can be found. Generic circuits can be verified by induction or by model checking finite instantiations. By giving the system `proof hints', also the verification effort for model checking based proofs can be considerably reduced in many cases. The paper presents an introduction to the different proof strategies as well as an algorithm for their combination. The underlying C@S system also allows the efficiency evaluation of different approaches to verify the same circuits. This is shown in different case studies, demonstrating the tradeoff between interaction and verifiable circuit size.
The importance of proof maintenance and reengineering
 Int. Workshop on Higher Order Logic Theorem Proving and Its Applications: BTrack
, 1995
"... ..."
(Show Context)
A Unif ied Approach for Combin ing Different Formal isms for Hardware Verification*
"... Abstract. Model Checking as the predominant technique for automatically verifying circuits suffers from the wellknown state explosion problem. This hinders the verification of circuits which contain nontrivial data paths. Recently, it has been shown that for those circuits it may be useful to se ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Model Checking as the predominant technique for automatically verifying circuits suffers from the wellknown state explosion problem. This hinders the verification of circuits which contain nontrivial data paths. Recently, it has been shown that for those circuits it may be useful to separate the control and data part prior to verification. This paper is also based on this idea and presents an approach for combining various proof approaches like model checking and theorem proving in a unifying framework. In contrast o other approaches, special proof procedures are available to verify circuits with data sensitive controllers, where a bidirectional signal flow between controller and data path can be found. Generic circuits can be verified by induction or by model checking finite instantiations. By giving the system 'proof hints', also the verification effort for model checking based proofs can be considerably reduced in many cases. The paper presents an introduction to the different proof strategies as well as an algorithm for their combination. The underlying Cr system also allows the efficiency evaluation of different approaches to verify the same circuits. This is shown in different case studies, demonstrating the trade* off between interaction and verifiable circuit size. 1
Formal Verification of an Asynchronous Transfer Mode Network: Final Report
, 1994
"... Introduction The aim of this project was to demonstrate that formal proof can be applied to real ATM network hardware in a realistic time scale. The Fairisle switching element was used as a case study. It was chosen because it is a selfcontained, fabricated component that was not designed with ver ..."
Abstract
 Add to MetaCart
Introduction The aim of this project was to demonstrate that formal proof can be applied to real ATM network hardware in a realistic time scale. The Fairisle switching element was used as a case study. It was chosen because it is a selfcontained, fabricated component that was not designed with verification in mind. It is large enough to raise realistic problems but small enough to complete within the limited time scale available. Furthermore, several variations on the original design had been fabricated thus allowing us to investigate the ease with which design changes can be tracked with formal verification. The main achievements of the project are as follows. ffl We have demonstrated that fully machine checked, hierarchical proof can be applied to the implementation of real hardware designs in a time scale on a par with the design time. ffl We have demonstrated that the effort expended in performing such a proof is not wasted if the design is change