Results 1  10
of
39
Formal Verification in Hardware Design: A Survey
 ACM TRANSACTIONS ON DESIGN AUTOMATION OF ELECTRONIC SYSTEMS
, 1999
"... ..."
SafetyCritical Systems, Formal Methods and Standards
, 1993
"... Standards concerned with the development of safetycritical systems, and the software in such systems in particular, abound today as the software crisis increasingly affects the world of embedded computerbased systems. The use of formal methods is often advocated as a way of increasing confidence i ..."
Abstract

Cited by 60 (20 self)
 Add to MetaCart
Standards concerned with the development of safetycritical systems, and the software in such systems in particular, abound today as the software crisis increasingly affects the world of embedded computerbased systems. The use of formal methods is often advocated as a way of increasing confidence in such systems. This paper examines the industrial use of these techniques, the recommendations concerning formal methods in a number of current and draft standards, and comments on the applicability and problems of using formal methods for the development of safetycritical systems of an industrial scale. Some possible future directions are suggested.
The Notion of Proof in Hardware Verification
, 1989
"... : Recent advances in the field of hardware verification have raised some fresh (and some familiar) issues to do with the scope and limitations of formal proof. In this note, some of these are considered in the context of the Viper verification project. Viper is a microprocessor designed by W. J. Cu ..."
Abstract

Cited by 48 (0 self)
 Add to MetaCart
: Recent advances in the field of hardware verification have raised some fresh (and some familiar) issues to do with the scope and limitations of formal proof. In this note, some of these are considered in the context of the Viper verification project. Viper is a microprocessor designed by W. J. Cullyer, C. Pygott and J. Kershaw, of the Royal Signals and Radar Establishment of the U.K. Ministry of Defense, for use in safetycritical applications. Much to their credit, the designers intended from the start that Viper be formally verified; they presented Viper's more abstract specifications in a language suitable for formal reasoning, and they placed the design in the public domain. Viper microprocessors are currently being marketed as verified chips. The formal proof aspects of the verification work have been carried out at the Computer Laboratory of the University of Cambridge. To date, some important properties of a registertransfer level model of Viper, relative to a more abstract ...
Automated Correctness Proofs of Machine Code Programs for a Commercial Microprocessor
, 1991
"... We have formally specified a substantial subset of the MC68020, a widely used microprocessor built by Motorola, within the mathematical logic of the automated reasoning system Nqthm, i.e., the BoyerMoore Theorem Prover [4]. Using this MC68020 specification, we have mechanically checked the correctn ..."
Abstract

Cited by 32 (2 self)
 Add to MetaCart
We have formally specified a substantial subset of the MC68020, a widely used microprocessor built by Motorola, within the mathematical logic of the automated reasoning system Nqthm, i.e., the BoyerMoore Theorem Prover [4]. Using this MC68020 specification, we have mechanically checked the correctness of MC68020 machine code programs for Euclid's GCD, Hoare's Quick Sort, binary search, and other wellknown algorithms. The machine code for these examples was generated using the Gnu C and the Verdix Ada compilers. We have developed an extensive library of proven lemmas to facilitate automated reasoning about machine code programs. We describe a two stage methodology we use to do our machine code proofs.
Practical Verification And Synthesis Of Low Latency Asynchronous Systems
, 1994
"... A new theory and methodology for the practical verification and synthesis of asynchronous systems is developed to aid in the rapid and correct implementation of complex control structures. Specifications are based on a simple process algebra called CCS that is concise and easy to understand and use. ..."
Abstract

Cited by 26 (12 self)
 Add to MetaCart
A new theory and methodology for the practical verification and synthesis of asynchronous systems is developed to aid in the rapid and correct implementation of complex control structures. Specifications are based on a simple process algebra called CCS that is concise and easy to understand and use. A software prototype CAD tool called Analyze was written as part of this dissertation to allow the principles of this work to be tested and applied. Attention to complexity, efficient algorithms, and compositional methods has resulted in a tool that can be several orders of magnitude faster than currently available tools for comparable applications. A new theory for loose specifications based on partial orders is developed for both trace and bisimulation semantics. Formal verification uses these partial orders as the foundation of conformance between a specification and its refinement. The definitions support freedom of design choices by identifying the necessary behaviors, the illegal beh...
A Verified Code Generator For A Subset Of Gypsy
, 1988
"... A VERIFIED CODE GENERATOR FOR A SUBSET OF GYPSY Publication No. William David Young, Ph.D. The University of Texas at Austin, 1988 Supervising Professors: Robert S. Boyer, J Strother Moore This report describes the specification and mechanical proof of a code generator for a subset of Gypsy 2.05 cal ..."
Abstract

Cited by 22 (4 self)
 Add to MetaCart
A VERIFIED CODE GENERATOR FOR A SUBSET OF GYPSY Publication No. William David Young, Ph.D. The University of Texas at Austin, 1988 Supervising Professors: Robert S. Boyer, J Strother Moore This report describes the specification and mechanical proof of a code generator for a subset of Gypsy 2.05 called MicroGypsy. MicroGypsy is a highlevel language containing many of the Gypsy control structures, simple data types and arrays, and predefined and userdefined procedure definitions including recursive procedure definitions. The language is formally specified by a recognizer and interpreter written as functions in the BoyerMoore logic. The target language for the MicroGypsy code generator is the Piton highlevel assembly language verified by J Moore to be correctly implemented on the FM8502 hardware. The semantics of Piton is specified by another interpreter written in the logic. A BoyerMoore function maps a MicroGypsy state containing program and data structures into an initial Pit...
DDDFM9001: Derivation of a Verified Microprocessor
, 1994
"... Derivation and verification represent alternate approaches to design. Derivation aims at deriving a "correct by construction" design while verification aims at constructing a post factum "proof of correctness" for a design. However, as researchers and engineers gain design experience in a formal fra ..."
Abstract

Cited by 21 (6 self)
 Add to MetaCart
Derivation and verification represent alternate approaches to design. Derivation aims at deriving a "correct by construction" design while verification aims at constructing a post factum "proof of correctness" for a design. However, as researchers and engineers gain design experience in a formal framework, both approaches are emerging as interdependent facets of design. The thesis of this work is that alternate forms of formal reasoning must be integrated if formal methods are to support the natural analytical and generative reasoning that takes place in engineering practice. As a vehicle for this research, the DDD digital design derivation system was implemented to study formal hardware design in an algebraic framework. DDD is a firstorder transformation system which mechanizes a basic design algebra for synthesizing digital circuit descriptions from highlevel functional specifications. The system is a collection of correctness preserving transformations that promote a topdown desig...
Toward Formalizing a Validation Methodology Using Simulation Coverage
 In Proceedings of the 34 th Design Automation Conference
, 1997
"... The biggest obstacle in the formal verification of large designs is their very large state spaces, which cannot be handled even by techniques such as implicit state space traversal. The only viable solution in most cases is validation by functional simulation. Unfortunately, this has the drawbacksof ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
The biggest obstacle in the formal verification of large designs is their very large state spaces, which cannot be handled even by techniques such as implicit state space traversal. The only viable solution in most cases is validation by functional simulation. Unfortunately, this has the drawbacksof high computational requirements due to the large number of test vectors needed, and the lack of adequate coverage measures to characterize the quality of a given test set. To overcome these limitations, there has been recent interest in hybrid techniques which combine the strengths of formal verification and simulation. Formal verificationbased techniques are used on a test model (usually muchsmaller than the design) to derive a set of functional test vectors, which are then used for design validation through simulation. The test set generated typically satisfies some coverage measure on the test model. Recent research has proposed the use of state or transition coverage. However, no effor...
Structuring and Automating Hardware Proofs in a HigherOrder TheoremProving Environment
 Formal Methods in System Design
, 1993
"... . In this article we present a structured approach to formal hardware verification by modelling circuits at the registertransfer level using a restricted form of higherorder logic. This restricted form of higherorder logic is sufficient for obtaining succinct descriptions of hierarchically design ..."
Abstract

Cited by 20 (7 self)
 Add to MetaCart
. In this article we present a structured approach to formal hardware verification by modelling circuits at the registertransfer level using a restricted form of higherorder logic. This restricted form of higherorder logic is sufficient for obtaining succinct descriptions of hierarchically designed registertransfer circuits. By exploiting the structure of the underlying hardware proofs and limiting the form of descriptions used, we have attained nearly complete automation in proving the equivalences of the specifications and implementations. A hardwarespecific tool called MEPHISTO converts the original goal into a set of simpler subgoals, which are then automatically solved by a generalpurpose, firstorder prover called FAUST. Furthermore, the complete verification framework is being integrated within a commercial VLSI CAD framework. Keywords: hardware verification, higherorder logic 1 Introduction The past decade has witnessed the spiralling of interest within the academic com...