## Embedded Languages for Describing and Verifying Hardware (2001)

Citations: | 26 - 2 self |

### BibTeX

@TECHREPORT{Claessen01embeddedlanguages,

author = {Koen Claessen},

title = {Embedded Languages for Describing and Verifying Hardware},

institution = {},

year = {2001}

}

### Years of Citing Articles

### OpenURL

### Abstract

Abstract Lava is a system for designing, specifying, verifying and implementing hardware. It is embedded in the functional programming language Haskell, which means that hardware descriptions are first-class objects in Haskell. We are thus able to use modern programming language features, such as higher-order functions, polymorphism, type classes and laziness, in hardware descriptions. We present two rather different versions of Lava. One version realises the embedding by using monads to keep track of the information specified in a hardware description. The other version uses a new language construct, called observable sharing, which eliminates the need for monads so that descriptions are much cleaner. Adding observable sharing to Haskell is a non-conservative extension, meaning that some properties of Haskell are lost. We thus investigate to what extent we are still allowed to use a normal Haskell compiler or interpreter. We also introduce an embedded language for specifying properties. The use of this language is two-fold. On the one hand, we can use it to specify and later formally verify properties of the described circuits. On the other hand, we can use it to specify and randomly test properties of normal Haskell programs. As a bonus, since hardware descriptions are embedded in Haskell, we can also use it to test our circuit descriptions.

### Citations

1354 | Imperative functional programming
- Jones, L, et al.
- 1993
(Show Context)
Citation Context ... MONADS 15 1.7 Monads Using monads is a way of dealing in a purely functional language with computations requiring features that otherwise might be considered impure, such as state or non-determinism =-=[120]-=-. The idea is to express these features in terms of a pure datastructure, the monad, much in the same way as when giving a denotational semantics to these features. There are many different kinds of m... |

337 | Theorems for free
- Wadler
- 1989
(Show Context)
Citation Context ...erate test cases. This turns out to be quite important in the case of overloaded functions. For example, + is associative for the type Int, but not for Double! In some cases, we can use parametricity =-=[121]-=- to argue that a property holds polymorphically. 1100 is a rather arbitrary number, so our library provides a way to specify this as a parameter.s4.2. DEFINING PROPERTIES 81 4.2.2 Functions We are als... |

280 | Software unit test coverage and adequacy
- Zhu, Hall, et al.
- 1997
(Show Context)
Citation Context ... test, a more complex one that every feasible control-flow path (with exceptions for loops) be followed in at least one test. A wide variety of adequacy critera have been proposed; a recent survey is =-=[125]-=-. We have chosen not to base QuickCheck on such an adequacy criterion. In part, this is because many criteria would need reinterpretation before they could be applied to Haskell programs - it is much ... |

256 | MetaML and multi-stage programming with explicit annotations - Taha, Sheard - 2000 |

167 |
G.: Checking safety properties using induction and a SAT-solver
- Sheeran, Singh, et al.
- 2000
(Show Context)
Citation Context ...on 5.7.3). Therefore, we have developed a sequential verification method which is based on propositional logical theorem proving rather than BDDs. The basic method we use is called temporal induction =-=[106]-=-. Temporal induction establishes a circuit property by proving that it holds for the circuit's initial state (base case), and, by assuming it holds for a certain state, proving that it also holds for ... |

121 | Observable properties of higher order functions that dynamically create local names, or: What’s new
- Pitts, Stark
- 1993
(Show Context)
Citation Context ...al extension to the pure lambda calculus with binding constructs for local names, and with equality of names as their only primitive. (Pitts and Stark considered a similar extension for call-by-value =-=[95]-=- lambda calculus.) Because of the call-by-name operational model underlying this work, it is not directly relevant to the applications we have in mind, and the operational theory is somewhat simpler t... |

86 |
et al., “SIS: A System for Sequential Circuit Synthesis
- Sentovich
- 1992
(Show Context)
Citation Context ...duction (when a circuit point provably always has the same value). Sometimes, more rigorous optimisation methods are necessary; in this case we can use external circuit optimisation tools such as SIS =-=[102]-=-. 6.3 Compiling Flash In this section, we will show a slightly bigger example of a language, we will call Flash. It is quite a basic language, but it illustrates many of the issues one encounters when... |

71 | Deriving a lazy abstract machine
- Sestoft
- 1997
(Show Context)
Citation Context ...riable arguments. Such syntactic restrictions are common in compilation schemes. In this particular case we follow its use in the core language of the Glasgow Haskell compiler, e.g., [90, 91], and in =-=[65, 103]-=-. Indeed, our language is essentially an untyped core of the intermediate language of the Glasgow Haskell Compiler, extended with immutable references and equality testing on references.s66 CHAPTER 3.... |

71 | Constructive analysis of cyclic circuits
- Shiple, Berry, et al.
- 1996
(Show Context)
Citation Context ...mbinational loops. However, these combinational loops are not bad, in the sense that the actual circuit never produces undefined outputs. In this case, the combinational loops are called constructive =-=[112]-=-. Even when all combinational loops in a given circuit are constructive, most of the external formal verification tools that Lava is connected to, are not able to deal with these loops. Fortunately, t... |

67 |
A system for determining propositional logic theorems by applying values and rules to triplets that are generated from a formula,1989. Swedish patent no. 467 076(1992), U.S. patent no. 5 276 897(1994), European patent no
- STÅLMARCK
(Show Context)
Citation Context ...mally verify the properties about the circuits described above, we can use existing verification tools. We have connected several tools to Lava, such as several implementations of St*almarck's method =-=[115, 44]-=- for combinational verification, and model checking tools such as SMV [79] and VIS [119] for sequential verification. Most current model checking tools use Binary Decision Diagrams (BDDs) [20] to veri... |

33 | Reasoning about local variables with operationally-based logical relations
- Pitts
- 1997
(Show Context)
Citation Context ...Induction principles would be useful - and seem straightforward to adapt from [81]. For techniques more specific to the subtleties of references, work on parametricity properties of local names e.g., =-=[94]-=-, might also be adaptable to the current setting. 3.5 Conclusions We have motivated a small extension to Haskell which provides a practical solution to a common problem when manipulating data structur... |

30 |
muFP, a language for VLSI design
- Sheeran
- 1984
(Show Context)
Citation Context ... embedded language is quite similar to the Lustre synchronous dataflow language [47]. The idea of using a functional programming language to describe hardware was first proposed in the early eighties =-=[108, 109, 60]-=-, and there has been quite a lot of work in the area since then [110, 105, 68, 85, 28, 40]. Our intention in building the Lava system (together with Singh) is to provide a tool that demonstrates the f... |

24 | A Prettier Printer
- Wadler
- 1998
(Show Context)
Citation Context ...4.5. SOME CASE STUDIES 97 4.5.4 Pretty Printing Andy Gill reported an interesting story about using QuickCheck to us. He used it in developing a variant of Wadler's pretty printing combinator library =-=[122]-=- in Java. First, he implemented his variant functionally, using Haskell. Then, still using Haskell, he used a state monad with exceptions to develop an imperative implementation of the same library. T... |

21 |
µFP: An algebraic VLSI design language
- Sheeran
- 1983
(Show Context)
Citation Context ...omponents is called a connection pattern. Connection patterns frequently occur when describing regularly structured circuits. We can realise them using higher-order functions, also called combinators =-=[108, 85]-=-. A very simple connection pattern is serial composition, denoted by the binary operator -?-. It is realised as a circuit description parametrised by two circuits: (-?-) :: (a -? b) -? (b -? c) -? a -... |

18 | Recognizing regular expressions by means of dataflows networks
- Raymond
- 1996
(Show Context)
Citation Context ...e) -- containsEmpty e = simplify e -- otherwise = EmptyString :+: simplify e simplify (Star (Star e)) = simplify (Star e) : : : Another useful algorithm which can be expressed is the one presented in =-=[98]-=-, which reduces (in linear time) a regular expression e to another one f such that the empty string does not occur in f and e\Lambdasis the same language as f \Lambda . Thus, from now on, we assume th... |

18 |
a Lustre-based hardware design environment
- Rocheteau, Halbwachs
- 1991
(Show Context)
Citation Context ...ataflow components, called nodes, by means of structural composition. Lustre's nodes are very reminiscent of synchronous hardware components, and ideed there exists a variant of Lustre, called Pollux =-=[99]-=-, which can be used to describe hardware. To aid regular circuit descriptions, Pollux offers arrays and recursion. One powerful feature, which Pollux inherited from Lustre, is the when construct, whic... |

18 |
Hardware compilation: translating programs into circuits,” Computer, pp 25–31
- Wirth
- 1998
(Show Context)
Citation Context ...e introduction of programmable circuits. The compilation for various languages have since appeared in the literature, see e.g. [77, 87, 86, 10]. An introductory overview of the methodology appears in =-=[124]-=-. It is widely recognised that different styles of synchronous languages lend themselves more easily to different applications. In [72, 73], Maraninchi and R'emond present Mode-Automata -- a combinati... |

16 |
Designing regular array architectures using higher order functions
- Sheeran
- 1985
(Show Context)
Citation Context ...iption languages has its basis in earlier work by Sheeran on _FP, an extension of Backus' FP language to synchronous streams, designed particularly for describing and reasoning about regular circuits =-=[110]-=-. Like Backus' original FP, _FP advocates descriptions only using built-in connection patterns; one is not allowed to give names to inputs and outputs of circuits. This is one particular style of circ... |

13 | Transformational rewriting with Ruby
- Sharp, Rasmussen
- 1993
(Show Context)
Citation Context ...f algebraic reasoning about circuit descriptions: Every built-in connection pattern comes with a set of algebraic laws. This idea is taken further in the relational hardware description language Ruby =-=[105, 63, 104]-=-, which can be seen as the successor of _FP. In Ruby, circuits and circuit specifications are seen as relations on streams. This allows for a clean treatment of concepts like delay and anti-delay, non... |

10 | On the combination of synchronous languages
- Poigné, Holenderski
(Show Context)
Citation Context ...d reason about the new language at the same level as our base HDL Lava. This allows a much more versatile approach to language combination.s168 CHAPTER 6. HARDWARE COMPILATION Poign'e and Holenderski =-=[96]-=- present a theoretical framework for combining synchronous languages by using synchronous automata as the common semantic level. These ideas have been implemented in the Synchrony Workbench where prog... |

8 |
Formally-based profiling for higher-order functional languages
- Sansom, Peyton-Jones
- 1997
(Show Context)
Citation Context ...s are established in a reasonably straightforward way by induction on the length of the computations. The last property of the list, reordering, can be established along the lines of Theorem 3.5.1 of =-=[100]-=-. Note that the reordering property would not hold if we had updatable references. Let us illustrate the use of the context lemma and some of the properties above in a sketch proof of the strictness i... |

6 |
A tutorial on Stalmarck's method of propositional proof
- Sheeran, Stalmarck
(Show Context)
Citation Context ...which means we have to build a quadratic number of BDDs. We will now focus on trying to solve these problems by using a SAT method instead of BDDs. St*almarck's method. St*almarck's saturation method =-=[115, 107]-=- is a patented algorithm that is used for satisfiability checking. The method has been successfully applied in an wide range of industrial formal verification applications. The algorithm takes a set o... |

6 | How to prove properties of recursively defined circuits using Stalmarck's method - Sheeran, Boralv - 1998 |

5 |
Analysis of Hardware Description Languages
- Singh
- 1991
(Show Context)
Citation Context ...dware description langauge is, of course, not new, and the work described here builds on our earlier work on _FP [110] and Ruby [62], and on the use of non-standard interpretation in circuit analysis =-=[113]-=-. What is new about Lava is that we have built a complete system in which real circuits can be described, verified, and implemented. An earlier version of the system was used to generate filters and B... |

5 |
PamDC: a C++ library for the simulation and generation of Xilinx FPGA designs. http://research.compaq.com/SRC/pamette/PamDC.pdf
- Touati, Shand
- 1999
(Show Context)
Citation Context ...be and verify circuits. ACL2 actually provides a link from its description language to real hardware. PamDC. PamDC is a hardware description language, embedded in the popular programming language C++ =-=[118, 12]-=-. It is mainly used for simulating and generating configurations for Xilinx FPGAs. It uses C++ syntax overloading in a very elegant way to make descriptions look nice. For example, the assignment symb... |

2 | Provably correct hardware compilation using timing diagrams. Available from http://semantik.Informatik.Uni-Oldenburg.DE/ persons/michael.schenke
- Schenke, Dossis
- 1997
(Show Context)
Citation Context ... of a dataflow network. One of the important issues that we have not discussed in this paper is the question of the correctness of the compilation procedure. A number of approaches have been proposed =-=[53, 101, 10]-=- which are applicable to our compilation scheme. We are currently exploring how such proofs can also be presented uniformly within our framework. Preliminary work is encouraging and it is not difficul... |