## Proving existential theorems when importing results from MDG to HOL (2001)

Venue: | TPHOLS 2001 SUPPLEMENTAL PROCEEDINGS, INFORMATIC RESEARCH REPORT EDI-INF-RR-0046 |

Citations: | 4 - 3 self |

### BibTeX

@INPROCEEDINGS{Xiong01provingexistential,

author = {Haiyan Xiong and Paul Curzon and Sofiène Tahar and Ann Blandford},

title = {Proving existential theorems when importing results from MDG to HOL},

booktitle = {TPHOLS 2001 SUPPLEMENTAL PROCEEDINGS, INFORMATIC RESEARCH REPORT EDI-INF-RR-0046},

year = {2001},

pages = {384--399},

publisher = {}

}

### OpenURL

### Abstract

An existential theorem, for the specification or implementation of hardware, states that for any inputs there must exist at least one output which is consistent with it. It is proved to prevent an inconsistent model being produced and it is required to formally import the verification result from one verification system to another system. In this paper, we investigate the verification of the existential theorems of hardware specifications and implementations. Whilst much of the approach is generally applicable, we specifically consider a hybrid system linking the MDG hardware verification system with the HOL interactive proof system. We investigate existential theorems based on the syntax and semantics of the MDG input language (MDG-HDL) in HOL. We define an output representation for each component in the MDG-HDL component library. We summarize a general method which is used to prove the existential theorem for any MDG-HDL program. The method can also be used to solve other existentially quantified goals.

### Citations

908 | Symbolic boolean manipulation with ordered binary-decision diagrams
- Bryant
- 1992
(Show Context)
Citation Context ...ction 5. 2 The MDG system The MDG system is a hardware verication system based on Multiway Decision Graphs (MDGs). MDGs subsume the class of Bryant's Reduced Ordered Binary Decision Diagrams (ROBDD) [=-=-=-2] while accommodating abstract sorts and uninterpreted function symbols. The system combines a variety of dierent hardware verication applications implemented using MDGs [13]. The applications develo... |

78 | Multiway Decision Graphs for Automated Hardware Verification
- Corella, Zhou, et al.
- 1997
(Show Context)
Citation Context ...st is high. The HOL-MDG hybrid system uses another way to make the linkage more natural and trustworthy. The MDG system is a symbolic state enumeration system based on Multiway Decision Graphs (MDGs) =-=[4-=-]. The linkage between the two systems is based on a series of importing theorems [11], which formally convert the formalized MDG verication results in a form usable in a traditional HOL hardware veri... |

44 | Integrating Gandalf and HOL
- Hurd
- 1999
(Show Context)
Citation Context ... not only could the standard state algorithms be eciently and safely programmed in HOL, but it also made it possible to achieve the advantages of both theorem proving tools and state algorithms. Hurd =-=[7-=-] used a dierent method to combine the strengths of two theorem-prover systems{ Gandalf and HOL. He wrote functions to simulate the Gandalf proof according to the Gandalf logged 2 H. Xiong, P. Curzon,... |

35 |
Linking BDD-based symbolic evaluation to interactive theorem-proving
- Joyce, Seger
- 1993
(Show Context)
Citation Context ... systems with symbolic state enumeration systems opens a way for theorem proving systems to be applied more widely to the real world. Many hybrid tools have been developed such as the Hol-Voss system =-=[8-=-], Forte [1], HOL-MDG [9] etc. Normally, the verication results from one system are translated to another system. In other words, there is a linkage between the two systems. How can we ensure that thi... |

34 | Lifted-FL: A Pragmatic Implementation of Combined Model Checking and Theorem Proving
- Aagaard, Jones, et al.
- 1999
(Show Context)
Citation Context ...th symbolic state enumeration systems opens a way for theorem proving systems to be applied more widely to the real world. Many hybrid tools have been developed such as the Hol-Voss system [8], Forte =-=[1-=-], HOL-MDG [9] etc. Normally, the verication results from one system are translated to another system. In other words, there is a linkage between the two systems. How can we ensure that this linkage c... |

30 |
Hardware verification using Higher-Order Logic
- Camilleri, Gordon, et al.
- 1986
(Show Context)
Citation Context ...ments its specification as shown in (1). This representation might meet an inconsistent model that trivially satisfies any specification. This is sometimes called “The false implies anything problem” =-=[4]-=-. If the implementation of a design (IMPL ip op) is false for all the inputs and outputs, then this implication is a theorem, no matter what constraint is imposed on the variables by its specification... |

28 |
Higher Order Logic and Hardware Verification, Cambridge Tracts
- Melham
- 1993
(Show Context)
Citation Context ...e a theorem like this provides no meaning to ensure the correctness of the circuit. One solution to this problem is to verify a stronger consistency theorem against the implementation as suggested in =-=[11]-=-, which has the form: ⊢thm ∀ ip. ∃ op. IMPL ip op (3) This means that for any set of input values ip there is a set of output values op which is consistent with it. This shows that the model does not ... |

15 |
Reachability Programming in HOL98 Using BDDs
- Gordon
- 2000
(Show Context)
Citation Context ... words, there is a linkage between the two systems. How can we ensure that this linkage can be trusted? Many dierent technologies have been used to link two dierent systems in a trusted way. Gordon [6=-=] in-=-tegrated the BDD based verication system BuDDY into HOL by implementing BDD-based verication algorithms inside HOL building on top of primitives provided. Since \LCF-Style" general infrastructure... |

12 |
new theory ‘HOL’;; An Introduction to Hardware Verification
- Birtistle, Chin, et al.
- 1994
(Show Context)
Citation Context ... a component represents an output function of this component, which depends on its input value and output value at the current time or an earlier time instance. There is a HOL tactic, EXISTS ELIM TAC =-=[2]-=-, which is used to eliminate existentially quantified variables in a goal. This tactic corresponds to a theorem EXISTS ELIM given below. ⊢thm (∃x. (x = t) ∧ (A x)) = A t (5) In other words, if the exi... |

8 | Hierarchical Verification Using an MDG-HOL Hybrid Tool
- Kort, Tahar, et al.
- 2001
(Show Context)
Citation Context ...tate enumeration systems opens a way for theorem proving systems to be applied more widely to the real world. Many hybrid tools have been developed such as the Hol-Voss system [9], Forte [1], HOL-MDG =-=[10]-=- etc. Normally, the verification results from one system are translated to another system. In other words, there is a linkage between the two systems. How can we ensure that this linkage can be truste... |

7 | Verification of the MDG components library in HOL
- Curzon, Tahar, et al.
- 1998
(Show Context)
Citation Context ...) which are not represented as (x = t), we need tosnd their output representations. In this paper, we concentrate on proving the existential theorems based on the syntax and semantics of MDG-HDL [12] =-=[5-=-]. However, a similar method can be used to solve other existentially quantied goals. This is because we provide the output representation for each component (mainly logic gates andsip- ops). The exis... |

4 |
Higher Order Logic and Hardware Veri Cambridge Tracts in Theoretical Computer Science 31
- Melham
- 1993
(Show Context)
Citation Context ...e a theorem like this provides no meaning to ensure the correctness of the circuit. One solution to this problem is to verify a stronger consistency theorem against the implementation as suggested in =-=[10]-=-, which has the form: `thm 8 ip. 9 op. IMPL ip op (3) This means that for any set of input values ip there is a set of output values op which is consistent with it. This shows that the model does not ... |

3 |
Hierarchical Veri Using an MDG-HOL Hybrid Tool
- Kort, Tahar, et al.
- 2001
(Show Context)
Citation Context ...tate enumeration systems opens a way for theorem proving systems to be applied more widely to the real world. Many hybrid tools have been developed such as the Hol-Voss system [8], Forte [1], HOL-MDG =-=[9-=-] etc. Normally, the verication results from one system are translated to another system. In other words, there is a linkage between the two systems. How can we ensure that this linkage can be trusted... |

3 |
Importing MDG veri results into HOL
- Xiong, Curzon, et al.
- 1999
(Show Context)
Citation Context ...ral and trustworthy. The MDG system is a symbolic state enumeration system based on Multiway Decision Graphs (MDGs) [4]. The linkage between the two systems is based on a series of importing theorems =-=-=-[11], which formally convert the formalized MDG verication results in a form usable in a traditional HOL hardware verication, i.e., the structural specication implements the behavioral specication. Th... |

3 | Importing MDG verification results into HOL
- Xiong, Curzon, et al.
- 1999
(Show Context)
Citation Context ...ral and trustworthy. The MDG system is a symbolic state enumeration system based on Multiway Decision Graphs (MDGs) [5]. The linkage between the two systems is based on a series of importing theorems =-=[12]-=-, which formally convert the formalized MDG verification results in a form usable in a traditional HOL hardware verification, i.e., the structural specification implements the behavioral specification... |

2 |
Hardware veri using HigherOrder Logic
- Camilleri, Gordon, et al.
- 1986
(Show Context)
Citation Context ...plements its specication as shown in (1). This representation might meet an inconsistent model that trivially satises any specication. This is sometimes called \The false implies anything problem"=-=; [3-=-]. If the implementation of a design (IMPL ip op) is false for all the inputs and outputs, then this implication is a theorem, no matter what constraint is imposed on the variables by its specication ... |

1 |
Embedding and veri of an MDG-HDL translator
- Xiong, Curzon, et al.
(Show Context)
Citation Context ...ing Results from MDG to HOL 3 In this paper, we investigate a way of proving the additional assumption and the stronger consistency theorem based on the syntax and semantics of the MDG input language =-=[12]-=-. As we mentioned above, we prove the additional assumption because we want to make the linking process easier and remove the burden from the user of the hybrid system. We prove the stronger consisten... |

1 |
Embedding and verification of an MDG-HDL translator
- Xiong, Curzon, et al.
(Show Context)
Citation Context ...urzon, S. Tahar, A. Blandford In this paper, we investigate a way of proving the additional assumption and the stronger consistency theorem based on the syntax and semantics of the MDG input language =-=[13]-=-. As we mentioned above, we prove the additional assumption because we want to make the linking process easier and remove the burden from the user of the hybrid system. We prove the stronger consisten... |