Abstract The semantics of hardware description languages can be represented in higher order logic. This provides a formal definition that is suitable for machine processing. Experiments are in progress at Cambridge to see whether this method can be the basis of practical tools based on the HOL theorem-proving assistant. Three languages are being investigated: ELLA, Silage and VHDL. The approaches taken for these languages are compared and current progress on building semantically-based theorem-proving tools is discussed.

We show how the second-order monadic theory of strings can be used to specify hardware components and their behavior. This logic admits a decision procedure and counter-model generator based on canonical automata for formulas. We have used a system implementing these concepts to verify, or find errors in, a number of circuits proposed in the literature. The techniques we use make it easier to identify regularity in circuits, including those that are parameterized or have parameterized behavioral specifications. Our proofs are semantic and do not require lemmas or induction as would be needed when employing a conventional theory of strings as a recursive data type.

. We present a new approach to hardware verification based on describing circuits in Monadic Second-order Logic (M2L). We show how to use this logic to represent generic designs like n-bit adders, which are parameterized in space, and sequential circuits, where time is an unbounded parameter. M2L admits a decision procedure, implemented in the Mona tool [17], which reduces formulas to canonical automata. The decision problem for M2L is non-elementary decidable and thus unlikely to be usable in practice. However, we have used Mona to automatically verify, or find errors in, a number of circuits studied in the literature. Previously published machine proofs of the same circuits are based on deduction and may involve substantial interaction with the user. Moreover, our approach is orders of magnitude faster for the examples considered. We show why the underlying computations are feasible and how our use of Mona generalizes standard BDD-based hardware reasoning. 1. Introduction Correctnes...

: The ß-calculus is a process algebra for modelling concurrent systems in which the pattern of communication between processes may change over time. This paper describes the results of preliminary work on a definitional formal theory of the ß-calculus in higher order logic using the HOL theorem prover. The ultimate goal of this work is to provide practical mechanized support for reasoning with the ß-calculus about applications. Introduction The ß-calculus [17, 18] is a process algebra proposed by Milner, Parrow and Walker for modelling concurrent systems in which the pattern of interconnection between processes may change over time. This paper describes work on a mechanized formal theory of the ß-calculus in higher order logic using the HOL theorem prover [8]. The main aim of this work is to construct a practical and sound theorem-proving tool to support reasoning about applications using the ß-calculus, as well as metatheoretic reasoning about the ß-calculus itself. Four general prin...

. This paper illustrates the differences between the style of theory mechanisation of Coq and of HOL. This comparative study is based on the mechanisation of fragments of the theory of computation in these systems. Examples from these implementations are given to support some of the arguments discussed in this paper. The mechanisms for specifying definitions and for theorem proving are discussed separately, building in parallel two pictures of the different approaches of mechanisation given by these systems. 1 Introduction This paper compares the different theorem proving approaches of the HOL [10] and Coq [5] proof assistants. This comparison is based on a case study involving the mechanisation of parts of the theory of computation in the two systems. This paper does not illustrate these mechanisations but rather discusses the differences between the two systems and backs up certain points by examples taken from the case studies. One motivation of this work is that many users of theo...

This paper describes the development of progressively more powerful and abstract hardware simulators. A small computer hardware design and description language picoella is then introduced, followed by its formal semantics. Using a number of small examples, we will then show the how this formal semantics may be used within a proof system as a sophisticated simulation tool. Examples include some full adders, a general N bit adder, and two parity checkers. Keyword Codes: I.2.3; B.7.2; F.3 Keywords: Deduction and Theorem Proving; Integrated Circuits, Design Aids; Logics and Meaning of Programs 1 Introduction This introduction describes the development of various kinds of hardware simulators. Following this, a small hdl called picoella, is introduced in section 2. Its formal semantics, and a brief account of this semantics' embedding in a proof system are described in section 3. Section 4 illustrates the use of the semantics in the capacity of a symbolic simulator, as described in the rema...

. This paper describes a mechanisation of computability theory in HOL using the Unlimited Register Machine (URM) model of computation. The URM model is first specified as a rudimentary machine language and then the notion of a computable function is derived. This is followed by an illustration of the proof of a number of basic results of computability which include various closure properties of computable functions. These are used in the implementation of a mechanism which partly automates the proof of the computability of functions and a number of functions are then proved to be computable. This work forms part of a comparative study of different theorem proving approaches and a brief discussion regarding theorem proving in HOL follows the description of the mechanisation. 1 Introduction The theory of computation is a field which has been widely explored in mathematical and computer science literature [4, 12, 13] and several approaches to a standard model of computation h...

ion . . . . . . . . . . . . . . . . . . . . . . 56 4.1.3 General Time Representation . . . . . . . . . . . . . . . . 56 4.2 Flip-Flops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 4.2.1 Basic Flip-Flops . . . . . . . . . . . . . . . . . . . . . . . 57 4.3 Sequential Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . 64 4.3.1 Correctness Proof Development . . . . . . . . . . . . . . . 64 4.3.2 A Complex Flip-Flop . . . . . . . . . . . . . . . . . . . . 66 4.3.3 A Simple Shifter . . . . . . . . . . . . . . . . . . . . . . . 79 4.3.4 A Scrambler . . . . . . . . . . . . . . . . . . . . . . . . . 86 5 Finite State Machines 93 5.1 Theory of Finite State Machines . . . . . . . . . . . . . . . . . . 93 5.1.1 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . 93 5.1.2 Boolean Reducibility . . . . . . . . . . . . . . . . . . . . . 94 5.2 Canonical Implementation . . . . . . . . . . . . . . . . . . . . . . 96 5.2.1 Definitions . . . . . . . . . . . . ....

Z9/33 N94-70722 unclas 0185921

Introduction A great deal of research effort has been recently spent in the areas of formal hardware verification. Several approaches have been proposed using model checkers, induction-based approaches and higher-order logics. Three problems common to all these approches, however, include the ad hoc nature of proof organization, the lack of generalized hardware theories and the lack of support for modular verification. Ad hoc proofs require much expertise and creativity on the part of the verifier. Hardware design engineers do not want to spend large amounts of time in training on these techniques and they would rather employ their creativity in circuit design. Without generalized hardware theories, even similar hardware components must be proven from first principles. Much proof effort can be saved by creating very general theories of large classes of hardware components and specializing them for individual proofs. Like hardware development, hardware verification can be sim