Results 1  10
of
25
Effective Theorem Proving for Hardware Verification
, 1994
"... . The attractiveness of using theorem provers for system design verification lies in their generality. The major practical challenge confronting theorem proving technology is in combining this generality with an acceptable degree of automation. We describe an approach for enhancing the effectiveness ..."
Abstract

Cited by 38 (6 self)
 Add to MetaCart
. The attractiveness of using theorem provers for system design verification lies in their generality. The major practical challenge confronting theorem proving technology is in combining this generality with an acceptable degree of automation. We describe an approach for enhancing the effectiveness of theorem provers for hardware verification through the use of efficient automatic procedures for rewriting, arithmetic and equality reasoning, and an offtheshelf BDDbased propositional simplifier. These automatic procedures can be combined into generalpurpose proof strategies that can efficiently automate a number of proofs including those of hardware correctness. The inference procedures and proof strategies have been implemented in the PVS verification system. They are applied to several examples including an Nbit adder, the Saxe pipelined processor, and the benchmark Tamarack microprocessor design. These examples illustrate the basic design philosophy underlying PVS where powerful...
A Tutorial on Using PVS for Hardware Verification
 Proc. 2nd International Conference on Theorem Provers in Circuit Design (TPCD94), volume 901 of Lecture Notes in Computer Science
, 1995
"... PVS stands for "Prototype Verification System." It consists of a specification language integrated with support tools and a theorem prover. PVS tries to provide the mechanization needed to apply formal methods both rigorously and productively. This tutorial serves to introduce PVS and its ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
(Show Context)
PVS stands for "Prototype Verification System." It consists of a specification language integrated with support tools and a theorem prover. PVS tries to provide the mechanization needed to apply formal methods both rigorously and productively. This tutorial serves to introduce PVS and its use in the context of hardware verification. In the first section, we briefly sketch the purposes for which PVS is intended and the rationale behind its design, mention some of the uses that we and others are making of it. We give an overview of the PVS specification language and proof checker. The PVS language, system, and theorem prover each have their own reference manuals, which you will need to study in order to make productive use of the system. A pocket reference card, summarizing all the features of the PVS language, system, and prover is also available. The purpose of this tutorial is not to describe in detail the features of PVS and how to use the system. Rather, its purpose is to...
Implementing a Methodology for Formally Verifying RISC Processors in HOL
, 1994
"... . In this paper a methodology for verifying RISC cores is presented. This methodology is based on a hierarchical model of interpreters. This model allows us to define formal specifications at each level of abstraction and successively prove the correctness between the neighbouring abstraction levels ..."
Abstract

Cited by 15 (7 self)
 Add to MetaCart
. In this paper a methodology for verifying RISC cores is presented. This methodology is based on a hierarchical model of interpreters. This model allows us to define formal specifications at each level of abstraction and successively prove the correctness between the neighbouring abstraction levels, so that the overall specification is correct with respect to its hardware implementation. The correctness proofs have been split into two steps so that the parallelism in the execution due to the pipelining of instructions, is accounted for. The first step shows that the instructions are correctly processed by the pipeline and the second step shows that the semantic of each instruction is correct. We have implemented the specification of the entire model and performed parts of the proofs in HOL. 1 Introduction Completely automating the verification of general complex systems is practically impossible. Hence appropriate heuristics for specific classes of circuits such as finite state machi...
Reflecting BDDs in Coq
 IN ASIAN'2000
, 2000
"... We describe an implementation and a proof of correctness of binary decision diagrams (BDDs), completely formalized in Coq. This allows us to run BDDbased algorithms inside Coq and paves the way for a smooth integration of symbolic model checking in the Coq proof assistant by using reflection. I ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
We describe an implementation and a proof of correctness of binary decision diagrams (BDDs), completely formalized in Coq. This allows us to run BDDbased algorithms inside Coq and paves the way for a smooth integration of symbolic model checking in the Coq proof assistant by using reflection. It also gives us, by Coq's extraction mechanism, certified BDD algorithms implemented in Caml. We also implement and prove correct a garbage collector for our implementation of BDDs inside Coq. Our experiments show that this approach works in practice, and is able to solve both relatively hard propositional problems and actual industrial hardware verification tasks.
A Practical Methodology for the Formal Verification of RISC Processors
, 1995
"... In this paper a practical methodology for formally verifying RISC cores is presented. This methodology is based on a hierarchical model of interpreters which reflects the abstraction levels used by a designer in the implementation of RISC cores, namely the architecture level, the pipeline stage leve ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
In this paper a practical methodology for formally verifying RISC cores is presented. This methodology is based on a hierarchical model of interpreters which reflects the abstraction levels used by a designer in the implementation of RISC cores, namely the architecture level, the pipeline stage level, the clock phase level and the hardware implementation. The use of this model allows us to successively prove the correctness between two neighbouring levels of abstractions, so that the verification process is simplified. The parallelism in the execution of the instructions, resulting from the pipelined architecture of RISCs is handled by splitting the proof into two independent steps. The first step shows that each architectural instruction is implemented correctly by the sequential execution of its pipeline stages. The second step shows that the instructions are correctly processed by the pipeline in that we prove that under certain constraints from the actual architecture, no conflic...
Hierarchical Verification Using an MDGHOL Hybrid Tool
"... We describe a hybrid formal hardware verification tool that links the HOL interactive proof system and the MDG automated hardware verification tool. It supports a hierarchical verification approach that mirrors the hierarchical structure of designs. We obtain advantages of both verification paradi ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
We describe a hybrid formal hardware verification tool that links the HOL interactive proof system and the MDG automated hardware verification tool. It supports a hierarchical verification approach that mirrors the hierarchical structure of designs. We obtain advantages of both verification paradigms. We illustrate its use by considering a component of a communications chip. Verification with the hybrid tool is significantly faster and more tractable than using either tool alone.
A unified approach for combining different formalisms for hardware verification
 PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON FORMAL METHODS IN COMPUTERAIDED DESIGN, VOLUME 1166 OF LECTURE NOTES IN COMPUTER SCIENCE
, 1996
"... Model Checking as the predominant technique for automatically verifying circuits suffers from the wellknown state explosion problem. This hinders the verification of circuits which contain nontrivial data paths. Recently, it has been shown that for those circuits it may be useful to separate the c ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
Model Checking as the predominant technique for automatically verifying circuits suffers from the wellknown state explosion problem. This hinders the verification of circuits which contain nontrivial data paths. Recently, it has been shown that for those circuits it may be useful to separate the control and data part prior to verification. This paper is also based on this idea and presents an approach for combining various proof approaches like model checking and theorem proving in a unifying framework. In contrast to other approaches, special proof procedures are available to verify circuits with data sensitive controllers, where a bidirectional signal flow between controller and data path can be found. Generic circuits can be verified by induction or by model checking finite instantiations. By giving the system `proof hints', also the verification effort for model checking based proofs can be considerably reduced in many cases. The paper presents an introduction to the different proof strategies as well as an algorithm for their combination. The underlying C@S system also allows the efficiency evaluation of different approaches to verify the same circuits. This is shown in different case studies, demonstrating the tradeoff between interaction and verifiable circuit size.
Implementational Issues for Verifying RISCPipeline Conflicts in HOL
, 1994
"... . We outline a general methodology for the formal verification of instruction pipelines in RISC cores. The different kinds of conflicts, i. e. resource, data and control conflicts, that can occur due to the simultaneous execution of the instructions in the pipeline have been formally specified in H ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
. We outline a general methodology for the formal verification of instruction pipelines in RISC cores. The different kinds of conflicts, i. e. resource, data and control conflicts, that can occur due to the simultaneous execution of the instructions in the pipeline have been formally specified in HOL. Based on a hierarchical model for RISC processors, we have developed a constructive proof methodology, i.e. when conflicts at a specific abstraction level are detected, the conditions under which these occur are generated and explicitly output to the designer, thus easing their removal. All implemented specifications and tactics are kept general, so that the implementation could be used for a wide range of RISC cores. In this paper, the described formalization and proof strategies are illustrated via the DLX RISC processor. 1 Introduction In this paper, we concentrate on the formalization and the correctness proofs of instruction pipelines in RISC cores. The previous work (from other re...
A Formalization of a Hierarchical Model for RISC Processors
, 1993
"... . Since microprocessors are used in many areas of realtime control, the use of formal methods provides an alternative approach for achieving high reliability. In this paper, a methodology based on a hierarchical model of interpreters is presented for formalizing RISCs in general. The abstraction le ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
. Since microprocessors are used in many areas of realtime control, the use of formal methods provides an alternative approach for achieving high reliability. In this paper, a methodology based on a hierarchical model of interpreters is presented for formalizing RISCs in general. The abstraction levels used by a designer in the implementation of RISCs, namely the instruction set level, the pipeline stage level, the phase level and the hardware implementation, are mirrored by this hierarchical model. Hence the informal specifications given by the user, at each level of abstraction, can be easily converted into a formal specification, in higher order logic. Such a model is of great use in formal verification and also synthesis using transformational reasoning. 1 Introduction As computer systems are becoming increasingly complex, the trustworthiness of their design is questionable. Conventional approaches such as simulation and testing have a very high cost to confidencegain ratio and ...
Proving properties of multidimensional recurrences with application to regular parallel algorithms
 In FMPPTA’01
, 2001
"... We present a set of verification methods to prove properties of parallel systems described by means of multidimensional affine recurrence equations. We use polyhedral analysis and transformation techniques together with theorem proving. Polyhedral techniques allow us to handle simple but otherwise c ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
We present a set of verification methods to prove properties of parallel systems described by means of multidimensional affine recurrence equations. We use polyhedral analysis and transformation techniques together with theorem proving. Polyhedral techniques allow us to handle simple but otherwise costly proof steps, while theorem proving provides more expressivity and more complex proof techniques. This allows large, generic and structured systems to be verified. These methods are implemented in the MMAlpha environment using the PVS theorem prover. 1