Results 1  10
of
29
Formal Verification by Symbolic Evaluation of PartiallyOrdered Trajectories
 Formal Methods in System Design
, 1993
"... Symbolic trajectory evaluation provides a means to formally verify properties of a sequential system by a modified form of symbolic simulation. The desired system properties are expressed in a notation combining Boolean expressions and the temporal logic "nexttime" operator. In its simplest form ..."
Abstract

Cited by 99 (25 self)
 Add to MetaCart
Symbolic trajectory evaluation provides a means to formally verify properties of a sequential system by a modified form of symbolic simulation. The desired system properties are expressed in a notation combining Boolean expressions and the temporal logic "nexttime" operator. In its simplest form, each property is expressed as an assertion [A =) C], where the antecedent A expresses some assumed conditions on the system state over a bounded time period, and the consequent C expresses conditions that should result. A generalization allows simple invariants to be established and proven automatically. The verifier operates on system models in which the state space is ordered by "information content". By suitable restrictions to the specification notation, we guarantee that for every trajectory formula, there is a unique weakest state trajectory that satisfies it. Therefore, we can verify an assertion [A =) C] by simulating the system over the weakest trajectory for A and testing...
Ordered Binary Decision Diagrams and the DavisPutnam Procedure
 IN PROC. OF THE 1ST INTERNATIONAL CONFERENCE ON CONSTRAINTS IN COMPUTATIONAL LOGICS
, 1994
"... We compare two prominent decision procedures for propositional logic: Ordered Binary Decision Diagrams (obdds) and the DavisPutnam procedure. Experimental results indicate that the DavisPutnam procedure outperforms obdds in hard constraintsatisfaction problems, while obdds are clearly superior for ..."
Abstract

Cited by 43 (1 self)
 Add to MetaCart
We compare two prominent decision procedures for propositional logic: Ordered Binary Decision Diagrams (obdds) and the DavisPutnam procedure. Experimental results indicate that the DavisPutnam procedure outperforms obdds in hard constraintsatisfaction problems, while obdds are clearly superior for Boolean functional equivalence problems from the circuit domain, and, in general, problems that require the schematization of a large number of solutions that share a common structure. The two methods illustrate the different and often complementary strengths of constraintoriented and searchoriented procedures.
A Platform for Combining Deductive with Algorithmic Verification
 Proc. 8 th Intl. Conference on Computer Aided Verification (CAV’96), volume 1102 of Lect. Notes in Comp. Sci
"... . We describe a computeraided verification system which combines deductive with algorithmic (modelchecking) verification methods. The system, called tlv (for temporal verification system), is constructed as an additional layer superimposed on top of the cmu smv system, and can verify finitesta ..."
Abstract

Cited by 42 (16 self)
 Add to MetaCart
. We describe a computeraided verification system which combines deductive with algorithmic (modelchecking) verification methods. The system, called tlv (for temporal verification system), is constructed as an additional layer superimposed on top of the cmu smv system, and can verify finitestate systems relative to linear temporal logic (ltl) as well as ctl specifications. The systems to be verified can be either hardware circuits written in the smv design language or finitestate reactive programs written in a simple programming language (spl). The paper presents a common computational model which can support these two types of applications and a highlevel interactive language tlvBasic, in which temporal verification rules, proofs, and complex assertions can be written. We illustrate the efficiency and generality gained by combining deductive with algorithmic techniques on several examples, culminating in verification of fragments of the Futurebus+ system. In the ana...
LiftedFL: A Pragmatic Implementation of Combined Model Checking and Theorem Proving
, 1999
"... Abstract. Combining theorem proving and model checking o ers the tantalizing possibility of e ciently reasoning about large circuits at high levels of abstraction. We have constructed a system that seamlessly integrates symbolic trajectory evaluation based model checking with theorem proving in a hi ..."
Abstract

Cited by 34 (3 self)
 Add to MetaCart
Abstract. Combining theorem proving and model checking o ers the tantalizing possibility of e ciently reasoning about large circuits at high levels of abstraction. We have constructed a system that seamlessly integrates symbolic trajectory evaluation based model checking with theorem proving in a higherorder classical logic. The approach is made possible by using the same programming language ( ) as both the meta and object language of theorem proving. This is done by \lifting ",essentially deeply embedding in itself. The approach is a pragmatic solution that provides an e cient and extensible veri cation environment. Our approach is generally applicable to any dialect of the ML programming language and any modelchecking algorithm that has practical inference rules for combining results. 1
An industrially effective environment for formal hardware verification
 IEEE Transactions on ComputerAided Design of Integrated Circuits and Systems
, 2005
"... This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author’s copyrig ..."
Abstract

Cited by 32 (5 self)
 Add to MetaCart
This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author’s copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.
Combining Theorem Proving and Trajectory Evaluation in an Industrial Environment
 in Proc. DAC
, 1998
"... We describe the verification of the IM: a large, complex (12,000 gates and 1100 latches) circuit that detects and marks the boundaries between Intel architecture (IA32) instructions. We verified a gatelevel model of the IM against an implementationindependent specification of IA32 instruction le ..."
Abstract

Cited by 31 (6 self)
 Add to MetaCart
We describe the verification of the IM: a large, complex (12,000 gates and 1100 latches) circuit that detects and marks the boundaries between Intel architecture (IA32) instructions. We verified a gatelevel model of the IM against an implementationindependent specification of IA32 instruction lengths. We used theorem proving to to derive 56 modelchecking runs and to verify that the modelchecking runs imply that the IM meets the specification for all possible sequences of IA32 instructions. Our verification discovered eight previously unknown bugs. 1 Introduction The Intel architecture (IA32) instruction set has several hundred opcodes. The opcode length is variable, as are the lengths of operand and address displacement data. The architecture also includes the notion of prefix bytes, which change the semantics of the subsequent instruction. Two of the prefixes (h66, h67) can affect the length of the instruction. A single instruction may have multiple prefix bytes, but overall ...
Symbolic Trajectory Evaluation
 Formal Hardware Verification
, 1996
"... ion The main problem with model checking is the state explosion problem  the state space grows exponentially with system size. Two methods have some popularity in attacking this problem: compositional methods and abstraction. While they cannot solve the problem in general, they do offer significa ..."
Abstract

Cited by 26 (6 self)
 Add to MetaCart
ion The main problem with model checking is the state explosion problem  the state space grows exponentially with system size. Two methods have some popularity in attacking this problem: compositional methods and abstraction. While they cannot solve the problem in general, they do offer significant improvements in performance. The direct method of verifying that a circuit has a property f is to show the model M satisfies f . The idea behind abstraction is that instead of verifying property f of model M , we verify property f A of model MA and the answer we get helps us answer the original problem. The system MA is an abstraction of the system M . One possibility is to build an abstraction MA that is equivalent (e.g. bisimilar [48]) to M . This sometimes leads to performance advantages if the state space of MA is smaller than M . This type of abstraction would more likely be used in model comparison (e.g. as in [38]). Typically, the behaviour of an abstraction is not equivalent...
Combining Theorem Proving and Model Checking through Symbolic Analysis
 In CONCUR 2000: Concurrency Theory, number 1877 in Lecture
, 2000
"... Automated verification of concurrent systems is hindered by the fact that the state spaces are either infinite or too large for model checking, and the case analysis usually defeats theorem proving. Combinations of the two techniques have been tried with varying degrees of success. We argue for a sp ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
Automated verification of concurrent systems is hindered by the fact that the state spaces are either infinite or too large for model checking, and the case analysis usually defeats theorem proving. Combinations of the two techniques have been tried with varying degrees of success. We argue for a specific combination where theorem proving is used to reduce verification problems to finitestate form, and model checking is used to explore properties of these reductions. This decomposition of the verification task forms the basis of the Symbolic Analysis Laboratory (SAL), a framework for combining different analysis tools for transition systems via a common intermediate language. We demonstrate how symbolic analysis can be an effective methodology for combining deduction and exploration.
Implementing a Model Checker for LEGO
 Proc. of the 4th Inter Symp. of Formal Methods Europe, FME'97: Industrial Applications and Strengthened Foundations of Formal Methods
, 1997
"... . Interactive theorem proving gives a general approach for modelling and verification of both hardware and software systems but requires significant human efforts to deal with many tedious proofs. To be used in practical, we need some automatic tools such as model checkers to deal with those tedious ..."
Abstract

Cited by 14 (3 self)
 Add to MetaCart
. Interactive theorem proving gives a general approach for modelling and verification of both hardware and software systems but requires significant human efforts to deal with many tedious proofs. To be used in practical, we need some automatic tools such as model checkers to deal with those tedious proofs. In this paper, we formalise a verification system of both CCS and an imperative language in LEGO which can be used to verify both finite and infinite problems. Then a model checker, LegoMC, is implemented to generate the LEGO proof terms of finite models automatically. Therefore people can use LEGO to verify a general problem and throw some finite subproblems to be verified by LegoMC. On the other hand, this integration extends the power of model checking to verify more complicated and infinite models as well. 1 Introduction Interactive theorem proving gives a general approach for modelling and verification of both hardware and software systems but requires significant human effor...