To read the full-text of this research, you can request a copy directly from the author.
In this tutorial we present the area of formal verification of systems on Chips. The paper discuses the following topics: different approaches of formal logic such as first order bgic, high order logic, temporal logic. A case study of object-oriented paradigm is presented. A survey of the current research status is presented. The paper concludes with a section on the future directions.
Several proposals were made in the last few years to extend the hardware description language VHDL and to add mechanisms like inheritance from the object oriented domain to the language. This paper illuminates the principle problems arising when an inheritance concept for data types is added to VHDL. Solutions to these problems are proposed with an example of an inheritance mechanism for signals within an object-oriented extension to VHDL
Over the last few years, temporal logic has been investigated as a tool for reasoning about computer programs, digital circuits and message-passing systems. In the case of programs, the general feeling has been that temporal logic is an adjunct to existing languages. For example, one might use temporal logic to specify and prove properties about a program written in, say, CSP. This leads to the annoyance of having to simultaneously use two separate notations.
In earlier work we proposed that temporal logic itself directly serve as the basis for a programming language. Since then we have implemented an interpreter for such a language called Tempura. We are developing Tempura as a tool for directly executing suitable temporal logic specifications of digital circuits and other discrete-time systems. Since every Tempura statement is also a temporal formula, we can use the entire temporal logic formalism for our assertion language and semantics. Tempura has the two seemingly contradictory properties of being a logic programming language and having imperative constructs such as assignment statements.
The presentation given here first describes the syntax and semantics of a first-order temporal logic having the operators ⊗ (next) and □ (always). This serves as the basis for the Tempura programming language. The lesser known temporal operator chop is subsequently introduced, resulting in Interval Temporal Logic. We then show how to incorporate chop and related constructs into Tempura.
A new formal hardware verification approach for digital signal
processing architectures based on a production system environment is
introduced. The PROVER system (PROduction system for hardware
VERification) is implemented using CLIPS (C Language Integrated
Production System). A cell library of different hardware components has
been implemented. Components in the cell library are described at the
transistor level, circuit level, gate level, logical level, and
functional level. An example of carry select adder using PROVER is given
The use of temporal logic for the specification of hardware modules is explored. Temporal logic is an extension of conventional logic. While traditional logic is useful for specifying combinational circuits, it is shown how the extensions of temporal logic apply to the specification of memory, as well as the safeness and liveness properties of active circuits representing processes. These ideas are demonstrated by the example of a self-timed arbiter. An implementation of the arbiter is also given, and its formal verification by a kind of reachability analysis is discussed. This verification approach is also useful for finding design errors, as demonstrated by an example.
The Viper microprocessor designed at the Royal Signals and Radar Establishment (RSRE) is one of the first commercially produced computers to have been developed using modern formal methods. Viper is specified in a sequence of decreasingly abstract levels. In this paper a mechanical proof of the equivalence of the first two of these levels is described. The proof was generated using a version of Robin Milner’s LCF system.
Mike Gordon has described the specification and verification of a microcoded computer using the LCF_LSM hardware verification system . We have subsequently redone this example in higher-order logic using the HOL system . In this paper we present the specification of Gordon’s computer in higherorder logic and a brief explanation of its formal verification. A more detailed discussion of the formal verification may be found in . We also describe several related examples of hardware verification based on Gordon’s computer and other microprocessor designs. Finally, we report experience in using a formal specification to implement Gordon’s computer as a 5,000 transistor CMOS microchip.
The paper describes how higher-order predicate logic may be used to specify both the structure and the behaviour of a digital system, and to reason about their interrelationship. The overall approach is named VERITAS; the paper concentrates particularly on describing its methodological aspects. The behaviour of a system is specified by a predicate on the analogue waveforms at the ports of the system. In general, behavioural specifications are partial. The internal structure of a system is defined by a set of projection functions that yield its component parts, together with a set of equations describing their interconnections. Reasoning about the behavioural properties of digital systems is carried out within the framework of an axiomatic theory that describes relevant properties of arithmetic, time, waveforms and structures. The logic is embedded within a programming language, MV, whose data types include signature, term and derivation. This allows inferencing to be carried out computationally, which in turn guarantees its correctness.
Term rewriting systems have been used in automatic theorem proving. A canonical term rewriting system for boolean algebra recently discovered, and a refutation technique using Knuth-Bendix completion procedure can be used to prove boolean formulas arising in logic verification. In this paper a design verification system based on term rewriting techniques is presented. It can prove total correctness of combinational circuits without exhaustive simulation. A prototype system implemented on a Motorola 68010 based workstation shows that the system performs favorably compared to a simulator.
The importance of reusability of hardware models for the necessary
increase in design productivity are explained for different modelling
problems. Methods having previously been proven to be successful in
software engineering are analysed with respect to their applicability to
hardware design. It is shown that object-oriented modelling techniques
do potentially increase design productivity, but that VHDL in its
current version does not support object oriented modelling. Possible
subjects to object-orientation are discussed
This paper describes a Higher Order Logic (HOL) theory formalizing an extended version of the Gong, Needham, Yahalom (GNY) belief logic, a theory used by software that automatically proves authentication properties of cryptographic protocols. The theory's extensions to the GNY logic include being able to specify protocol properties at intermediate stages and being able to specify protocols that use multiple encryption and hash operations, message authentication codes, computed values (e.g., hash codes) as keys, and key-exchange algorithms
The Knowledge Acquisition and Representation Language (KARL)
combines a description of a knowledge based system at the conceptual
level (a so called model of expertise) with a description at a formal
and executable level. Thus, KARL allows the precise and unique
specification of the functionality of a knowledge based system
independent of any implementation details. A KARL model of expertise
contains the description of domain knowledge, inference knowledge, and
procedural control knowledge. For capturing these different types of
knowledge, KARL provides corresponding modeling primitives based on
Frame Logic and Dynamic Logic. A declarative semantics for a complete
KARL model of expertise is given by a combination of these two types of
logic. In addition, an operational definition of this semantics, which
relies on a fixpoint approach, is given. This operational semantics
defines the basis for the implementation of the KARL interpreter, which
includes appropriate algorithms for efficiently executing KARL
specifications. This enables the evaluation of KARL specifications by
means of testing
This paper presents a methodology for microprocessor verification
that significantly reduces the learning curve for performing
verification. The methodology is formalized in the HOL theorem-proving
system. The paper includes a description of a large case study performed
to evaluate the methodology. The novel aspects of this research include
the use of abstract theories to formalize hardware models. Because our
model is described using abstract theories, it provides a framework for
both the specification and the verification. This framework reduces the
number of ad hoc modeling decisions that must be made to complete the
verification. Another unique aspect of our research is the use of
hierarchical abstractions to reduce the number of difficult lemmas in
completing the verification. Our formalism frees the user from directly
reasoning about the difficult aspects of modeling the hierarchy, namely
the temporal and data abstractions. We believe that our formalism,
coupled with case studies and tools, allows microprocessor verification
to be done by engineers with relatively little experience in
microprocessor specification or logic. We are currently testing that
hypothesis by using the methodology to teach graduate students formal
The authors consider the state machine language (SML) for
describing complex finite state hardware controllers. It provides many
of the standard control structures found in modern programming
languages. The state tables produced by the SML compiler can be used as
input to a temporal logic model checker that can automatically determine
whether a specification in the logic CTL is satisfied. The authors
describe extensions to SML for the design of modular controllers. These
extensions allow a compositional approach to model checking which can
substantially reduce its complexity. To demonstrate these methods, the
authors discuss the specification and verification of a simple
central-processing-unit (CPU) controller
Because digital systems operate over time, hardware descriptions should be based on formalisms suited to temporal reasoning. One such notation, interval temporal logic, offers a natural basis for the specification of devices and digital signals. The approach unifies, in a single notation, digital circuit behavior that is generally described by means of the following techniques: register transfer operations, flowgraphs and transition tables, tables of functions, timing diagrams, and schematics and block diagrams.