Results 1 
3 of
3
Experiences formally verifying a network component
 In Proceedings of the 9th Annual IEEE Conference on Computer Assurance
, 1994
"... Errors in network components can have disastrous e ects so it is important that all aspects of the design are correct. We describe our experiences formally verifying an implementation of an Asynchronous Transfer Mode (ATM) network switching fabric using the HOL90 theorem proving system. The design h ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
Errors in network components can have disastrous e ects so it is important that all aspects of the design are correct. We describe our experiences formally verifying an implementation of an Asynchronous Transfer Mode (ATM) network switching fabric using the HOL90 theorem proving system. The design has been fabricated and is in use in the Cambridge Fairisle Network. It was designed and implemented with no consideration for formal speci cation or veri cation. This case study gives an indication of the di culties in formally verifying real designs. We discuss the time spent on the veri cation. This was comparable to the time spent designing and testing the fabric. We also describe the problems encountered and the errors discovered. 1
A unified approach for combining different formalisms for hardware verification
 PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON FORMAL METHODS IN COMPUTERAIDED DESIGN, VOLUME 1166 OF LECTURE NOTES IN COMPUTER SCIENCE
, 1996
"... Model Checking as the predominant technique for automatically verifying circuits suffers from the wellknown state explosion problem. This hinders the verification of circuits which contain nontrivial data paths. Recently, it has been shown that for those circuits it may be useful to separate the c ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Model Checking as the predominant technique for automatically verifying circuits suffers from the wellknown state explosion problem. This hinders the verification of circuits which contain nontrivial data paths. Recently, it has been shown that for those circuits it may be useful to separate the control and data part prior to verification. This paper is also based on this idea and presents an approach for combining various proof approaches like model checking and theorem proving in a unifying framework. In contrast to other approaches, special proof procedures are available to verify circuits with data sensitive controllers, where a bidirectional signal flow between controller and data path can be found. Generic circuits can be verified by induction or by model checking finite instantiations. By giving the system `proof hints', also the verification effort for model checking based proofs can be considerably reduced in many cases. The paper presents an introduction to the different proof strategies as well as an algorithm for their combination. The underlying C@S system also allows the efficiency evaluation of different approaches to verify the same circuits. This is shown in different case studies, demonstrating the tradeoff between interaction and verifiable circuit size.
The Importance of Proof Maintenance and Reengineering
 In Proc. Int. Workshop on Higher Order Logic Theorem Proving and Its Applications
, 1995
"... Our work on the verification of real hardware designs using HOL has resulted in very large proof scripts. Consequently, problems were encountered that are not an issue in smaller verification efforts. In particular, we have found that the maintainability of proofs is of paramount importance. There a ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Our work on the verification of real hardware designs using HOL has resulted in very large proof scripts. Consequently, problems were encountered that are not an issue in smaller verification efforts. In particular, we have found that the maintainability of proofs is of paramount importance. There are many reasons why proof scripts in LCF style theorem provers may be reused. This can be in order to maintain and understand old proofs as well as to speed the creation of new ones. Consequently, proofs should be written in styles that ease their maintainability and make them easier to reuse. Furthermore, proof tools and interfaces should be designed with proof reuse as well as proof creation in mind. Many of the problems could be prevented from occurring in the first place with suitable support. 1 Introduction The recent Fairisle switching fabric verification project [3] entailed using HOL [5] to verify real hardware designs. The resulting proofs consist of several hundred theories, the s...