Results 1 
9 of
9
Structuring and Automating Hardware Proofs in a HigherOrder TheoremProving Environment
 Formal Methods in System Design
, 1993
"... . In this article we present a structured approach to formal hardware verification by modelling circuits at the registertransfer level using a restricted form of higherorder logic. This restricted form of higherorder logic is sufficient for obtaining succinct descriptions of hierarchically design ..."
Abstract

Cited by 20 (7 self)
 Add to MetaCart
. In this article we present a structured approach to formal hardware verification by modelling circuits at the registertransfer level using a restricted form of higherorder logic. This restricted form of higherorder logic is sufficient for obtaining succinct descriptions of hierarchically designed registertransfer circuits. By exploiting the structure of the underlying hardware proofs and limiting the form of descriptions used, we have attained nearly complete automation in proving the equivalences of the specifications and implementations. A hardwarespecific tool called MEPHISTO converts the original goal into a set of simpler subgoals, which are then automatically solved by a generalpurpose, firstorder prover called FAUST. Furthermore, the complete verification framework is being integrated within a commercial VLSI CAD framework. Keywords: hardware verification, higherorder logic 1 Introduction The past decade has witnessed the spiralling of interest within the academic com...
Using PVS to Prove a Z Refinement: A Case Study
, 1997
"... The development of critical systems often places undue trust in the software tools used. This is especially true of compilers, which are a weak link between the source code produced and the ob ject code which is executed. Stepney [23] advocates a method for the production of trusted compilers (i.e. ..."
Abstract

Cited by 13 (5 self)
 Add to MetaCart
The development of critical systems often places undue trust in the software tools used. This is especially true of compilers, which are a weak link between the source code produced and the ob ject code which is executed. Stepney [23] advocates a method for the production of trusted compilers (i.e. those which are guaranteed to produce ob ject code that is a correct refinement of the source code) by developing a proof of a small, but non trivial compiler by hand in the Z specification language. This approach is quick, but the type system of Z is too weak to ensure that partial functions are correctly applied. Here, we present a re{working of that development using the PVS specification and verification system. We describe the problems involved in translating from the partial set theory of Z to the total, higher order logic of the PVS system and the strengths and weaknesses of this approach.
A Verified Compiler for a Structured Assembly Language
 In proceedings of the 1991 international workshop on the HOL theorem Proving System and its applications. IEEE Computer
, 1991
"... We describe the verification of a compiler for a subset of the Vista language: a structured assembly language for the Viper microprocessor. This proof has been mechanically checked using the HOL system. We consider how the compiler correctness theorem could be used to deduce safety and liveness prop ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
We describe the verification of a compiler for a subset of the Vista language: a structured assembly language for the Viper microprocessor. This proof has been mechanically checked using the HOL system. We consider how the compiler correctness theorem could be used to deduce safety and liveness properties of compiled code from theorems stating that these properties hold of the source code. We also show how secure compilation can be achieved using automated theorem proving techniques. 1 Introduction In this paper, we describe the verification of a compiler for a subset of the Vista language[10]. Our motivation for verifying the compiler is to allow us to infer properties about the code which is actually executed from properties we prove about Vista programs. Previous work on the formal verification of compilers has largely considered the compiler correctness theorem itself to be the ultimate goal. Consequently, little attention has been given to identifying the way in which the correc...
An Overview of the Formal Specification and Verification of the FM9001 Microprocessor
, 1994
"... This document presents the details of the FM9001 development, its specification, and its verification. 1 RESULTS ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
This document presents the details of the FM9001 development, its specification, and its verification. 1 RESULTS
Formal Verification of VIPER's ALU
, 1993
"... This research report describes the formal verification of an arithmetic logic unit of the VIPER microprocessor. VIPER is one of the first processors designed using formal methods. A formal model in HOL has been created which models the ALU at two levels: on the higher level, the ALU is specified as ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
This research report describes the formal verification of an arithmetic logic unit of the VIPER microprocessor. VIPER is one of the first processors designed using formal methods. A formal model in HOL has been created which models the ALU at two levels: on the higher level, the ALU is specified as a function taking two 32bit operands and returning a result; on the lower level, the ALU is implemented by a number of 4bit slices which should takes the same operands and returns the same result. The ALU is capable of performing thirteen different operations. A formal proof of functional equivalence of these two levels has been completed successfully. The complete HOL text of the ALU formal model and details of the proof procedures are included in this report. It has demonstrated that the HOL system is powerful and efficient enough to perform formal verification of realistic hardware design. 4 ALU Verification 1 Introduction This report describes the verification of the Arithmetic Logi...
From Formal Verification to Silicon Compilation
, 1991
"... Formal verification is emerging as a viable method for increasing design assurance for VLSI circuits. Potential benefits include reduction in the time and costs associated with testing and redesign, improved documentation and ease of modification, and greater confidence in the quality of the final p ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Formal verification is emerging as a viable method for increasing design assurance for VLSI circuits. Potential benefits include reduction in the time and costs associated with testing and redesign, improved documentation and ease of modification, and greater confidence in the quality of the final product. This paper reports on an experiment whose main purpose was to identify the diculties of integrating formal verification with conventional VLSI CAD methodology. Our main conclusion is that the most effective use of formal hardware verification will be at the higher levels of VLSI system design, with lower levels best handled by conventional VLSI CAD tools.
Using PVS to Prove a Z Re�nement: A Case Study
, 1997
"... Abstract. The development of critical systems often places undue trust in the software tools used. This is especially true of compilers, which are a weak link between the source code produced and the ob ject code which is executed. Stepney [23] advocates a method for the production of trusted compil ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. The development of critical systems often places undue trust in the software tools used. This is especially true of compilers, which are a weak link between the source code produced and the ob ject code which is executed. Stepney [23] advocates a method for the production of trusted compilers (i.e. those which are guaranteed to produce ob ject code that is a correct re�nement of the source code) by developing a proof of a small, but non trivial compiler by hand in the Z speci�cation language. This approach is quick, but the type system of Z is too weak to ensure that partial functions are correctly applied. Here, we present a re{working of that development using the PVS speci�cation and veri�cation system. We describe the problems involved in translating from the partial set theory of Z to the total, higher order logic of the PVS system and the strengths and weaknesses of this approach. 1
Program Slicing for ATPGBased Property Checking
 International Conference on VLSI Design
, 2004
"... This paper presents a novel technique for abstracting designs in order to increase the efficiency of formal property checking. Bounded Model Checking (BMC), using Satisfiability (SAT) techniques, are beginning to be widely used for checking properties of designs. Recent approaches using sequential A ..."
Abstract
 Add to MetaCart
This paper presents a novel technique for abstracting designs in order to increase the efficiency of formal property checking. Bounded Model Checking (BMC), using Satisfiability (SAT) techniques, are beginning to be widely used for checking properties of designs. Recent approaches using sequential ATPG techniques, which harness the structural information of the design, have been shown to perform better than SATbased BMC. However, these techniques require an effective methodology to deal with the size of commercial designs. A program slicing methodology that has been shown to accelerate sequential ATPG is adapted and integrated into an ATPGbased BMC framework. Furthermore, a generalization of the ATPGbased approach, which checks for unbounded liveness, is also presented.
Using PVS to Prove a Z Refinement:
, 1997
"... 1 Introduction Computer systems are increasingly being used in applications where their failure could lead to financial or environmental disaster, or even to loss of life. Such systems are called Critical and as such must be engineered to the highest quality, to anticipate potential faults and to re ..."
Abstract
 Add to MetaCart
1 Introduction Computer systems are increasingly being used in applications where their failure could lead to financial or environmental disaster, or even to loss of life. Such systems are called Critical and as such must be engineered to the highest quality, to anticipate potential faults and to reduce the possibility of errors in the system.