Results 1  10
of
39
Formal Verification in Hardware Design: A Survey
 ACM TRANSACTIONS ON DESIGN AUTOMATION OF ELECTRONIC SYSTEMS
, 1999
"... ..."
An Integration of Model Checking with Automated Proof Checking
, 1995
"... Although automated proof checking tools for generalpurpose logics have been successfully employed in the verification of digital systems, there are inherent limits to the efficient automation of expressive logics. If the expressiveness is constrained, there are useful logic fragments for which effi ..."
Abstract

Cited by 88 (8 self)
 Add to MetaCart
Although automated proof checking tools for generalpurpose logics have been successfully employed in the verification of digital systems, there are inherent limits to the efficient automation of expressive logics. If the expressiveness is constrained, there are useful logic fragments for which efficient decision procedures can be found. The model checking paradigm yields an important class of decision procedures for establishing temporal properties of finitestate systems. Model checking is remarkably effective for automatically verifying finite automata with relatively small state spaces, but is inadequate when the state spaces are either too large or unbounded. For this reason, it is useful to integrate the complementary technologies of model checking and proof checking. Such an integration has to be carried out in a delicate manner in order to be more than just the sum of the techniques. We describe...
Hybrid Systems in TLA+
, 1993
"... . TLA + is a general purpose, formal specification language based on the Temporal Logic of Actions, with no builtin primitives for specifying realtime properties. Here, we use TLA + to define operators for specifying the temporal behavior of physical components obeying integral equations of ev ..."
Abstract

Cited by 51 (8 self)
 Add to MetaCart
. TLA + is a general purpose, formal specification language based on the Temporal Logic of Actions, with no builtin primitives for specifying realtime properties. Here, we use TLA + to define operators for specifying the temporal behavior of physical components obeying integral equations of evolution. These operators, together with previously defined operators for describing timing constraints, are used to specify a toy gas burner introduced by Ravn, Rischel, and Hansen. The burner is specified at three levels of abstraction, each of the two lowerlevel specifications implementing the next higherlevel one. Correctness proofs are sketched. 1 Introduction TLA + is a formal specification language based on TLA, the Temporal Logic of Actions [5]. We use TLA + to specify and verify a toy hybrid systema gas burner described by Ravn, Rischel, and Hansen (RRH) [8]. The TLA + specification and proof can be compared with the one by RRH that uses the Duration Calculus. We do not e...
Verification of a Multiplier: 64 Bits and beyond
, 1993
"... Verifying a 64bit multiplier has a computational complexity that puts it beyond the grasp of current finitestate algorithms, including those based upon homomorphic reduction, the induction principle, and bdd fixedpoint algorithms. Theorem proving, while not bound by the same computational constra ..."
Abstract

Cited by 36 (7 self)
 Add to MetaCart
Verifying a 64bit multiplier has a computational complexity that puts it beyond the grasp of current finitestate algorithms, including those based upon homomorphic reduction, the induction principle, and bdd fixedpoint algorithms. Theorem proving, while not bound by the same computational constraints, may not be feasible for routinely coping with the complex, lowlevel details of a real multiplier. We show how to verify such a multiplier by applying COSPAN, a modelchecking algorithm, to verify local properties of the complex lowlevel circuit, and using TLP, a theorem prover based on the Temporal Logic of Actions, to prove that these properties imply the correctness of the multiplier. Both verification steps are automated, and we plan to mechanize the translation between the languages of TLP and COSPAN.
Specifying and Verifying FaultTolerant Systems
 FORMAL TECHNIQUES IN REALTIME AND FAULTTOLERANT SYSTEMS, VOLUME 863 OF LECTURE NOTES IN COMPUTER SCIENCE
, 1994
"... We formally specify a well known solution to the Byzantine generals problem and give a rigorous, hierarchically structured proof of its correctness. We demonstrate that this is an engineering exercise, requiring no new scientific ideas. ..."
Abstract

Cited by 33 (3 self)
 Add to MetaCart
We formally specify a well known solution to the Byzantine generals problem and give a rigorous, hierarchically structured proof of its correctness. We demonstrate that this is an engineering exercise, requiring no new scientific ideas.
The IOA Language and Toolset: Support for Designing, Analyzing, and Building Distributed Systems
, 1998
"... This report describes a new language for distributed programming, the IOA language, together with a highlevel design and preliminary implementation for a suite of tools, the IOA toolset, to support the production of highquality distributed software. The language and tools are based on the I/O a ..."
Abstract

Cited by 28 (9 self)
 Add to MetaCart
This report describes a new language for distributed programming, the IOA language, together with a highlevel design and preliminary implementation for a suite of tools, the IOA toolset, to support the production of highquality distributed software. The language and tools are based on the I/O automaton model, which has been used to describe and verify distributed algorithms. The toolset supports a development process that begins with a highlevel specification, refines that specification via successively more detailed designs, and ends by automatically generating distributed programs. The toolset encourages system decomposition, which helps make distributed programs understandable and easy to modify. It also provides a variety of validation methods (theorem proving, model checking, and simulation), which can be used to ensure that the generated programs are correct, subject to assumptions about externallyprovided system services (e.g., communication services), and about the correctness of handcoded data type implementations.
Formalizing Process Algebraic Verifications in the Calculus of Constructions
"... This paper reports on the first steps towards the formal verification of correctness proofs of reallife protocols in process algebra. We show that proofs can be verified, and partly constructed, by a general purpose proof checker. The process algebra we use is µCRL, ACP augmented with data, wh ..."
Abstract

Cited by 18 (7 self)
 Add to MetaCart
This paper reports on the first steps towards the formal verification of correctness proofs of reallife protocols in process algebra. We show that proofs can be verified, and partly constructed, by a general purpose proof checker. The process algebra we use is µCRL, ACP augmented with data, which is small enough to make the verification feasible, and at the same time expressive enough for the specification of reallife protocols. The proof checker we use is Coq, which is based on the Calculus of Constructions, an extension of simply typed lambda calculus. The focus is on the translation of the proof theory of µCRL and µCRLspecifications to Coq. As a case study, we verified the Alternating Bit Protocol.
Specification and Verification of Faulttolerance, Timing and Scheduling
 ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS
, 1999
"... Faulttolerance and timing have often been considered to be implementation issues of a program, quite distinct from the functional safety and liveness properties. Recent work has shown how these nonfunctional and functional properties can be verified in a similar way. However, the more practical qu ..."
Abstract

Cited by 17 (5 self)
 Add to MetaCart
Faulttolerance and timing have often been considered to be implementation issues of a program, quite distinct from the functional safety and liveness properties. Recent work has shown how these nonfunctional and functional properties can be verified in a similar way. However, the more practical question of determining whether a realtime program will meet its deadlines, i.e. showing that there is a feasible schedule, is usually done using scheduling theory, quite separately from the verification of other properties of the program. This makes it hard to use the results of scheduling analysis in the design, or redesign, of faulttolerant, realtime programs. This paper shows how faulttolerance, timing and schedulability can be specified and verified using a single notation and model. This allows a unified view to be taken of the functional and nonfunctional properties of programs and a simple transformational method to be used to combine these properties. It also permits results fro...
Program Verification using HOLUNITY
 Higher Order Logic Theorem Proving and Its Applications: HUG ’93, LNCS 780
, 1994
"... . HOLUNITY is an implementation of Chandy and Misra's UNITY theory in the HOL88 and HOL90 theorem provers. This paper shows how to verify safety and progress properties of concurrent programs using HOLUNITY. As an example it is proved that a liftcontrol program satisfies a given progress property ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
. HOLUNITY is an implementation of Chandy and Misra's UNITY theory in the HOL88 and HOL90 theorem provers. This paper shows how to verify safety and progress properties of concurrent programs using HOLUNITY. As an example it is proved that a liftcontrol program satisfies a given progress property. The proof is compositional and partly automated. The progress property is decomposed into basic safety and progress properties, which are proved automatically by a developed tactic based on a combination of Gentzenlike proof methods and Pressburger decision procedures. The proof of the decomposition which includes induction is done mechanically using the inference rules of the UNITY logic implemented as theorems in HOL. The paper also contains some empirical results of running the developed tactic in HOL88 and HOL90, respectively. It turns out that HOL90 in average is about 9 times faster than HOL88. Finally, we discuss various ways of improving the tactic. 1 Introduction This paper pres...