Current Trends in Hardware Verification and Automated Theorem Proving

1. Front Matter

   Pages i-x

   PDF

2. Correctness Properties of the Viper Block Model: The Second Level

   • Avra Cohn

   Pages 1-91

3. Formal Verification of the Sobel Image Processing Chip

   • Paliath Narendran, Jonathan Stillman

   Pages 92-127

4. Specification-driven Design of Custom Hardware in HOP

   • Ganesh C. Gopalakrishnan, Richard M. Fujimoto, Venkatesh Akella, N. S. Mani, Kevin N. Smith

   Pages 128-170

5. Formal Verification of a Microprocessor Using Equational Techniques

   • R. C. Sekar, M. K. Srivas

   Pages 171-218

6. OBJ as a Theorem Prover with Applications to Hardware Verification

   • Joseph A. Goguen

   Pages 219-267

7. Formal Verification in m-EVES

   • Bill Pase, Mark Saaltink

   Pages 268-302

8. The Interactive Proof Editor An Experiment in Interactive Theorem Proving

   • Brian Ritchie, Paul Taylor

   Pages 303-322

9. An Overview of the Edinburgh Logical Framework

   • Arnon Avron, Furio Honsell, Ian A. Mason

   Pages 323-340

10. Automating Recursive Type Definitions in Higher Order Logic

    • Thomas F. Melham

    Pages 341-386

11. Mechanizing Programming Logics in Higher Order Logic

    • Michael J. C. Gordon

    Pages 387-439

12. Automated Theorem Proving for Analysis and Synthesis of Computations

    • David R. Musser

    Pages 440-464

13. What Do Computer Architects Design Anyway?

    • A. L. Davis

    Pages 465-479

14. Back Matter

    Pages 481-489

    PDF

This report describes the partially completed correctness proof of the Viper 'block model'. Viper [7,8,9,11,23] is a microprocessor designed by W. J. Cullyer, C. Pygott and J. Kershaw at the Royal Signals and Radar Establishment in Malvern, England, (henceforth 'RSRE') for use in safety-critical applications such as civil aviation and nuclear power plant control. It is currently finding uses in areas such as the de­ ployment of weapons from tactical aircraft. To support safety-critical applications, Viper has a particulary simple design about which it is relatively easy to reason using current techniques and models. The designers, who deserve much credit for the promotion of formal methods, intended from the start that Viper be formally verified. Their idea was to model Viper in a sequence of decreasingly abstract levels, each of which concentrated on some aspect ofthe design, such as the flow ofcontrol, the processingofinstructions, and so on. That is, each model would be a specification of the next (less abstract) model, and an implementation of the previous model (if any). The verification effort would then be simplified by being structured according to the sequence of abstraction levels. These models (or levels) of description were characterized by the design team. The first two levels, and part of the third, were written by them in a logical language amenable to reasoning and proof.

• computer
• logic
• microprocessor
• programming
• radar

• Department of Computer Science, University of Calgary, Calgary, Canada

  Graham Birtwistle

• AT&T Bell Labs, USA

  P. A. Subrahmanyam

Policies and ethics