Results 1  10
of
36
Multiway Decision Graphs for Automated Hardware Verification
, 1996
"... Traditional ROBDDbased methods of automated verification suffer from the drawback that they require a binary representation of the circuit. To overcome this limitation we propose a broader class of decision graphs, called Multiway Decision Graphs (MDGs), of which ROBDDs are a special case. With MDG ..."
Abstract

Cited by 91 (15 self)
 Add to MetaCart
Traditional ROBDDbased methods of automated verification suffer from the drawback that they require a binary representation of the circuit. To overcome this limitation we propose a broader class of decision graphs, called Multiway Decision Graphs (MDGs), of which ROBDDs are a special case. With MDGs, a data value is represented by a single variable of abstract type, rather than by 32 or 64 boolean variables, and a data operation is represented by an uninterpreted function symbol. MDGs are thus much more compact than ROBDDs, and this greatly increases the range of circuits that can be verified. We give algorithms for MDG manipulation, and for implicit state enumeration using MDGs. We have implemented an MDG package and provide experimental results.
The Notion of Proof in Hardware Verification
, 1989
"... : Recent advances in the field of hardware verification have raised some fresh (and some familiar) issues to do with the scope and limitations of formal proof. In this note, some of these are considered in the context of the Viper verification project. Viper is a microprocessor designed by W. J. Cu ..."
Abstract

Cited by 49 (0 self)
 Add to MetaCart
: Recent advances in the field of hardware verification have raised some fresh (and some familiar) issues to do with the scope and limitations of formal proof. In this note, some of these are considered in the context of the Viper verification project. Viper is a microprocessor designed by W. J. Cullyer, C. Pygott and J. Kershaw, of the Royal Signals and Radar Establishment of the U.K. Ministry of Defense, for use in safetycritical applications. Much to their credit, the designers intended from the start that Viper be formally verified; they presented Viper's more abstract specifications in a language suitable for formal reasoning, and they placed the design in the public domain. Viper microprocessors are currently being marketed as verified chips. The formal proof aspects of the verification work have been carried out at the Computer Laboratory of the University of Cambridge. To date, some important properties of a registertransfer level model of Viper, relative to a more abstract ...
NonRestoring Integer Square Root: A Case Study in Design by Principled Optimization
 IN INTERNATIONAL CONFERENCE ON THEOREM PROVING & CIRCUIT DESIGN
, 1994
"... Theorem proving techniques are particularly well suited for reasoning about arithmetic above the bit level and for relating different levels of abstraction. In this paper we show how a nonrestoring integer square root algorithm can be transformed to a very efficient hardware implementation. The to ..."
Abstract

Cited by 29 (4 self)
 Add to MetaCart
Theorem proving techniques are particularly well suited for reasoning about arithmetic above the bit level and for relating different levels of abstraction. In this paper we show how a nonrestoring integer square root algorithm can be transformed to a very efficient hardware implementation. The top level is a Standard ML function that operates on unbounded integers. The bottom level is a structural description of the hardware consisting of an adder/subtracter, simple combinational logic and some registers. Looking at the hardware, it is not at all obvious what function the circuit implements. At the top level, we prove that the algorithm correctly implements the square root function. We then show a series of optimizing transformations that refine the top level algorithm into the hardware implementation. Each transformation can be verified, and in places the transformations are motivated by knowledge about the operands that we can guarantee through verification. By decom...
Hardware Verification using Monadic SecondOrder Logic
 IN COMPUTER AIDED VERIFICATION : 7TH INTERNATIONAL CONFERENCE, CAV '95, LNCS 939
, 1995
"... We show how the secondorder monadic theory of strings can be used to specify hardware components and their behavior. This logic admits a decision procedure and countermodel generator based on canonical automata for formulas. We have used a system implementing these concepts to verify, or find e ..."
Abstract

Cited by 26 (10 self)
 Add to MetaCart
We show how the secondorder monadic theory of strings can be used to specify hardware components and their behavior. This logic admits a decision procedure and countermodel generator based on canonical automata for formulas. We have used a system implementing these concepts to verify, or find errors in, a number of circuits proposed in the literature. The techniques we use make it easier to identify regularity in circuits, including those that are parameterized or have parameterized behavioral specifications. Our proofs are semantic and do not require lemmas or induction as would be needed when employing a conventional theory of strings as a recursive data type.
Combining WS1S and HOL
 Frontiers of Combining Systems 2, volume 7 of Studies in Logic and Computation
, 1998
"... We investigate the combination of the weak secondorder monadic logic of one successor (WS1S) with higherorder logic (HOL). We show how these two logics can be combined, how theorem provers based on them can be safely integrated, and how the result can be used. In particular, we present an embeddin ..."
Abstract

Cited by 26 (4 self)
 Add to MetaCart
We investigate the combination of the weak secondorder monadic logic of one successor (WS1S) with higherorder logic (HOL). We show how these two logics can be combined, how theorem provers based on them can be safely integrated, and how the result can be used. In particular, we present an embedding of the semantics of WS1S in HOL that provides a basis for coupling the MONA system, a decision procedure for WS1S, with an implementation of HOL in the Isabelle system. Afterwards, we describe methods that reduce problems formalized in HOL to problems in the language of WS1S. We present applications to arithmetic reasoning and proving properties of parameterized sequential systems.
Automata Based Symbolic Reasoning in Hardware Verification
, 1998
"... . We present a new approach to hardware verification based on describing circuits in Monadic Secondorder Logic (M2L). We show how to use this logic to represent generic designs like nbit adders, which are parameterized in space, and sequential circuits, where time is an unbounded parameter. M2L ad ..."
Abstract

Cited by 20 (11 self)
 Add to MetaCart
. We present a new approach to hardware verification based on describing circuits in Monadic Secondorder Logic (M2L). We show how to use this logic to represent generic designs like nbit adders, which are parameterized in space, and sequential circuits, where time is an unbounded parameter. M2L admits a decision procedure, implemented in the Mona tool [17], which reduces formulas to canonical automata. The decision problem for M2L is nonelementary decidable and thus unlikely to be usable in practice. However, we have used Mona to automatically verify, or find errors in, a number of circuits studied in the literature. Previously published machine proofs of the same circuits are based on deduction and may involve substantial interaction with the user. Moreover, our approach is orders of magnitude faster for the examples considered. We show why the underlying computations are feasible and how our use of Mona generalizes standard BDDbased hardware reasoning. 1. Introduction Correctnes...
Parametric Circuit Representation Using Inductive Boolean Functions
 In Computer Aided Verification, CAV '93, LNCS 697
, 1993
"... . We have developed a methodology based on symbolic manipulation of inductive Boolean functions (IBFs) for formal verification of inductivelydefined hardware. This methodology combines the techniques of reasoning by induction and symbolic tautologychecking in an automated and potentially efficient ..."
Abstract

Cited by 17 (2 self)
 Add to MetaCart
(Show Context)
. We have developed a methodology based on symbolic manipulation of inductive Boolean functions (IBFs) for formal verification of inductivelydefined hardware. This methodology combines the techniques of reasoning by induction and symbolic tautologychecking in an automated and potentially efficient way. In this paper, we describe a component of this methodology that regards various mechanisms used to represent inductivelydefined circuits in the form of IBFs. The focus is on general parameterization issues, such as multiple parameter functions, multiple output functions, interaction of different parameters for supporting compositions etc. These mechanisms, which may be useful in other applications involving parametric circuit descriptions, are illustrated through practical circuit examples along with preliminary results. We also describe an application of our formal verification methodology, where a proof by induction is performed by automatic symbolic manipulation of parametric circuit...
Overview of Hydra: A concurrent language for synchronous digital circuit design
 In Proceedings of the 16th International Parallel and Distributed Processing Symposium. IEEE Computer
, 2002
"... www.dcs.gla.ac.uk/∼jtod/ Hydra is a computer hardware description language that integrates several kinds of software tool (simulation, netlist generation and timing analysis) within a single circuit specification. The design language is inherently concurrent, and it offers black box abstraction and ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
(Show Context)
www.dcs.gla.ac.uk/∼jtod/ Hydra is a computer hardware description language that integrates several kinds of software tool (simulation, netlist generation and timing analysis) within a single circuit specification. The design language is inherently concurrent, and it offers black box abstraction and general design patterns that simplify the design of circuits with regular structure. Hydra specifications are concise, allowing the complete design of a computer system as a digital circuit within a few pages. This paper discusses the motivations behind Hydra, and illustrates the system with a significant portion of the design of a basic RISC processor.
A Framework for Program Development Based on Schematic Proof
, 1993
"... Often, calculi for manipulating and reasoning about programs can be recast as calculi for synthesizing programs. The difference involves often only a slight shift of perspective: admitting metavariables into proofs. We propose that such calculi should be implemented in logical frameworks that suppor ..."
Abstract

Cited by 13 (5 self)
 Add to MetaCart
Often, calculi for manipulating and reasoning about programs can be recast as calculi for synthesizing programs. The difference involves often only a slight shift of perspective: admitting metavariables into proofs. We propose that such calculi should be implemented in logical frameworks that support this kind of proof construction and that such an implementation can unify program verification and synthesis. Our proposal is illustrated with a worked example developed in Paulson's Isabelle system. We also give examples of existent calculi that are closely related to the methodology we are proposing and others that can be profitably recast using our approach.
Verifying a logic synthesis tool in nuprl: a case study in software veri cation
 In Bochmann and Probst [3
"... Abstract. We have proved a logic synthesis tool with the Nuprl proof development system. The logic synthesis tool, Pbs, implements the weak division algorithm, and is part of the Bedroc hardware synthesis system. Our goal was to develop a proven and usable implementation of a hardware synthesis too ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
Abstract. We have proved a logic synthesis tool with the Nuprl proof development system. The logic synthesis tool, Pbs, implements the weak division algorithm, and is part of the Bedroc hardware synthesis system. Our goal was to develop a proven and usable implementation of a hardware synthesis tool. Pbs consists of approximately 1000 lines of code implemented in a functional subset of Standard ML. The program was verified by embedding this subset of SML in Nuprl and then verifying the correctness of the implementation of Pbs in Nuprl. In the process of doing the proof we learned many lessons which can be applied to efforts in verifying functional software. In particular, we were able to safely perform several optimizations to the program. In addition, we have invested effort into verifying software which will be used many times, rather than verifying the output of that software each time the program is used. The work required to verify hardware design tools and other similar software is worthwhile because the results of the proofs will be used many times.