Results 1  10
of
39
Formal verification in hardware design: A survey
, 1997
"... In recent years, formal methods have emerged as an alternative approach to ensuring the quality and correctness of hardware designs, overcoming some of the limitations of traditional validation techniques such as simulation and testing. There are two main aspects to the application of formal methods ..."
Abstract

Cited by 110 (0 self)
 Add to MetaCart
In recent years, formal methods have emerged as an alternative approach to ensuring the quality and correctness of hardware designs, overcoming some of the limitations of traditional validation techniques such as simulation and testing. There are two main aspects to the application of formal methods in a design process: The formal framework used to specify desired properties of a design, and the verification techniques and tools used to reason about the relationship between a specification and a corresponding implementation. We survey a variety of frameworks and techniques which have been proposed in the literature and applied to actual designs. The specification frameworks we describe include temporal logics, predicate logic, abstraction and refinement, as well as containment between!regular languages. The verification techniques presented include model checking, automatatheoretic techniques, automated theorem proving, and approaches that integrate the above methods.
Formal Verification by Symbolic Evaluation of PartiallyOrdered Trajectories
 Formal Methods in System Design
, 1993
"... Symbolic trajectory evaluation provides a means to formally verify properties of a sequential system by a modified form of symbolic simulation. The desired system properties are expressed in a notation combining Boolean expressions and the temporal logic "nexttime" operator. In its sim ..."
Abstract

Cited by 104 (24 self)
 Add to MetaCart
Symbolic trajectory evaluation provides a means to formally verify properties of a sequential system by a modified form of symbolic simulation. The desired system properties are expressed in a notation combining Boolean expressions and the temporal logic "nexttime" operator. In its simplest form, each property is expressed as an assertion [A =) C], where the antecedent A expresses some assumed conditions on the system state over a bounded time period, and the consequent C expresses conditions that should result. A generalization allows simple invariants to be established and proven automatically. The verifier operates on system models in which the state space is ordered by "information content". By suitable restrictions to the specification notation, we guarantee that for every trajectory formula, there is a unique weakest state trajectory that satisfies it. Therefore, we can verify an assertion [A =) C] by simulating the system over the weakest trajectory for A and testing...
A Platform for Combining Deductive with Algorithmic Verification
 Proc. 8 th Intl. Conference on Computer Aided Verification (CAV’96), volume 1102 of Lect. Notes in Comp. Sci
"... . We describe a computeraided verification system which combines deductive with algorithmic (modelchecking) verification methods. The system, called tlv (for temporal verification system), is constructed as an additional layer superimposed on top of the cmu smv system, and can verify finitesta ..."
Abstract

Cited by 49 (17 self)
 Add to MetaCart
(Show Context)
. We describe a computeraided verification system which combines deductive with algorithmic (modelchecking) verification methods. The system, called tlv (for temporal verification system), is constructed as an additional layer superimposed on top of the cmu smv system, and can verify finitestate systems relative to linear temporal logic (ltl) as well as ctl specifications. The systems to be verified can be either hardware circuits written in the smv design language or finitestate reactive programs written in a simple programming language (spl). The paper presents a common computational model which can support these two types of applications and a highlevel interactive language tlvBasic, in which temporal verification rules, proofs, and complex assertions can be written. We illustrate the efficiency and generality gained by combining deductive with algorithmic techniques on several examples, culminating in verification of fragments of the Futurebus+ system. In the ana...
Ordered Binary Decision Diagrams and the DavisPutnam Procedure
 IN PROC. OF THE 1ST INTERNATIONAL CONFERENCE ON CONSTRAINTS IN COMPUTATIONAL LOGICS
, 1994
"... We compare two prominent decision procedures for propositional logic: Ordered Binary Decision Diagrams (obdds) and the DavisPutnam procedure. Experimental results indicate that the DavisPutnam procedure outperforms obdds in hard constraintsatisfaction problems, while obdds are clearly superior for ..."
Abstract

Cited by 49 (1 self)
 Add to MetaCart
We compare two prominent decision procedures for propositional logic: Ordered Binary Decision Diagrams (obdds) and the DavisPutnam procedure. Experimental results indicate that the DavisPutnam procedure outperforms obdds in hard constraintsatisfaction problems, while obdds are clearly superior for Boolean functional equivalence problems from the circuit domain, and, in general, problems that require the schematization of a large number of solutions that share a common structure. The two methods illustrate the different and often complementary strengths of constraintoriented and searchoriented procedures.
An Industrially Effective Environment for Formal Hardware Verification
 IEEE Transactions on ComputerAided Design of Integrated Circuits and Systems
, 2005
"... ..."
(Show Context)
LiftedFL: A Pragmatic Implementation of Combined Model Checking and Theorem Proving
, 1999
"... Abstract. Combining theorem proving and model checking o ers the tantalizing possibility of e ciently reasoning about large circuits at high levels of abstraction. We have constructed a system that seamlessly integrates symbolic trajectory evaluation based model checking with theorem proving in a hi ..."
Abstract

Cited by 38 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Combining theorem proving and model checking o ers the tantalizing possibility of e ciently reasoning about large circuits at high levels of abstraction. We have constructed a system that seamlessly integrates symbolic trajectory evaluation based model checking with theorem proving in a higherorder classical logic. The approach is made possible by using the same programming language ( ) as both the meta and object language of theorem proving. This is done by \lifting &quot;,essentially deeply embedding in itself. The approach is a pragmatic solution that provides an e cient and extensible veri cation environment. Our approach is generally applicable to any dialect of the ML programming language and any modelchecking algorithm that has practical inference rules for combining results. 1
Combining Theorem Proving and Trajectory Evaluation in an Industrial Environment
 in Proc. DAC
, 1998
"... We describe the verification of the IM: a large, complex (12,000 gates and 1100 latches) circuit that detects and marks the boundaries between Intel architecture (IA32) instructions. We verified a gatelevel model of the IM against an implementationindependent specification of IA32 instruction le ..."
Abstract

Cited by 32 (6 self)
 Add to MetaCart
(Show Context)
We describe the verification of the IM: a large, complex (12,000 gates and 1100 latches) circuit that detects and marks the boundaries between Intel architecture (IA32) instructions. We verified a gatelevel model of the IM against an implementationindependent specification of IA32 instruction lengths. We used theorem proving to to derive 56 modelchecking runs and to verify that the modelchecking runs imply that the IM meets the specification for all possible sequences of IA32 instructions. Our verification discovered eight previously unknown bugs. 1 Introduction The Intel architecture (IA32) instruction set has several hundred opcodes. The opcode length is variable, as are the lengths of operand and address displacement data. The architecture also includes the notion of prefix bytes, which change the semantics of the subsequent instruction. Two of the prefixes (h66, h67) can affect the length of the instruction. A single instruction may have multiple prefix bytes, but overall ...
Symbolic Trajectory Evaluation
 Formal Hardware Verification
, 1996
"... ion The main problem with model checking is the state explosion problem  the state space grows exponentially with system size. Two methods have some popularity in attacking this problem: compositional methods and abstraction. While they cannot solve the problem in general, they do offer significa ..."
Abstract

Cited by 27 (6 self)
 Add to MetaCart
(Show Context)
ion The main problem with model checking is the state explosion problem  the state space grows exponentially with system size. Two methods have some popularity in attacking this problem: compositional methods and abstraction. While they cannot solve the problem in general, they do offer significant improvements in performance. The direct method of verifying that a circuit has a property f is to show the model M satisfies f . The idea behind abstraction is that instead of verifying property f of model M , we verify property f A of model MA and the answer we get helps us answer the original problem. The system MA is an abstraction of the system M . One possibility is to build an abstraction MA that is equivalent (e.g. bisimilar [48]) to M . This sometimes leads to performance advantages if the state space of MA is smaller than M . This type of abstraction would more likely be used in model comparison (e.g. as in [38]). Typically, the behaviour of an abstraction is not equivalent...
Combining Theorem Proving and Model Checking through Symbolic Analysis
 In CONCUR 2000: Concurrency Theory, number 1877 in Lecture
, 2000
"... Automated verification of concurrent systems is hindered by the fact that the state spaces are either infinite or too large for model checking, and the case analysis usually defeats theorem proving. Combinations of the two techniques have been tried with varying degrees of success. We argue for a sp ..."
Abstract

Cited by 27 (0 self)
 Add to MetaCart
(Show Context)
Automated verification of concurrent systems is hindered by the fact that the state spaces are either infinite or too large for model checking, and the case analysis usually defeats theorem proving. Combinations of the two techniques have been tried with varying degrees of success. We argue for a specific combination where theorem proving is used to reduce verification problems to finitestate form, and model checking is used to explore properties of these reductions. This decomposition of the verification task forms the basis of the Symbolic Analysis Laboratory (SAL), a framework for combining different analysis tools for transition systems via a common intermediate language. We demonstrate how symbolic analysis can be an effective methodology for combining deduction and exploration.