Refining specifications to programmable logic (original) (raw)
Related papers
Structured Assertion Design Verification for Complex Safety-Critical Hardware
Previously we have proposed an approach to meet the certification requirements for the highest design assurance levels for complex safety-critical hardware in avionics. We named this the Overlapped Layered Modular Methodology (OLMM), which involved the use of assertions for both Formal Verification (FV) and simulation- based verification.
Issues in Tool Qualification for Safety-Critical Hardware: What Formal Approaches Can and Cannot Do
Lecture Notes in Computer Science, 2009
Technology has improved to the point that system designers have the ability to trade-off implementing complex functions in either hardware or software. However, clear distinctions exist in the design tools. This paper examines what is unique to hardware design, areas where formal methods can be applied to advantage in hardware design and how errors can exist in the hardware even if formal methods are used to prove the design is correct.
Proving Safety Properties of FPGAs
2000
ABSTRACT FPGAs are increasing in complexity and being used as important components of safety-critical systems. Emerging safety standards require analytic reasoning to demonstrate the safety of FPGAs in such systems. This report describes a method which uses a synchronous process algebra to produce formal proof that an FPGA program satisfies safety properties, and demonstrates its use in the specification of safety functions for a safety-critical system.
The Notion of Proof in Hardware Verification
2015
Recent advances in the field of hardware verification have raised some fresh (and some familiar) issues to do with the scope and limitations of formal proof. In this note, some of these are considered in the context of the Viper verification project. Viper is a microprocessor designed by W. J. Cullyer, C. Pygott and J. Kershaw, of the Royal Signals and Radar Establishment of the U.K. Ministry of Defense, for use in safety-critical applications. Much to their credit, the designers intended from the start that Viper be formally verified; they presented Viper's more abstract specifications in a language suitable for formal reasoning, and they placed the design in the public domain. Viper microprocessors are currently being marketed as verified chips. The formal proof aspects of the verication work have been carried out at the Computer Laboratory of the University of Cambridge. To date, some important properties of a register-transfer level model of Viper, relative to a more abstra...
Real-Time Safety Critical Systems series, 1994
As the complexity of embedded computer-controlled systems increases, the present industrial practice for their development gives cause for concern, especially for safety-critical applications where human lives are at stake. The use of software in such systems has increased enormously in the last decade. Formal methods, based on rm mathematical foundations, provide one means to help with reducing the risk of introducing errors during speci cation and development. There is currently much interest in both academic and industrial circles concerning the issues involved, but the techniques still need further investigation and promulgation to make their widespread use a reality. This book presents some results of research into techniques to aid the formal veri cation of mixed hardware/software systems. Aspects of system speci cation and veri cation from requirements down to the underlying hardware are addressed, with particular regard to real-time issues. The work presented is largely based around the Occam programming language and Transputer microprocessor paradigm. The HOL theorem prover, based on higher order logic, has mainly been used in the application of machine-checked proofs. The book describes research work undertaken on the collaborative UK DTI/SERC funded Information Engineering Directorate SAFEMOS project. The partners were Inmos Ltd, Cambridge SRI, the Oxford University Computing Laboratory and the University of Cambridge Computer Laboratory, who investigated the problems of formally verifying embedded systems. The most important results of the project are presented in the form of a series of interrelated chapters by project members and associated personnel. In addition, overviews of two other ventures with similar objectives are included as appendices. The material in this book is intended for computing science researchers and advanced industrial practitioners interested in the application of formal methods to real-time safety-critical systems at all levels of abstraction from requirements to hardware. In addition, Chapters 1 and 11 contain material of a more general nature which may be of interest to managers in charge of projects applying formal methods, especially for safety-critical systems, and others who are considering their use. Book on the SAFEMOS project. Other contributors: Juanito Camilleri, Rachel Cardell-Oliver, Mike Gordon, Roger Hale, Hans Langmaack, C.A.R. Hoare, John Herbert, He Jifeng, Ian Page, Paritosh Pandya, Andrew Pitts, Anders Ravn, David Shepherd, Victoria Stavridou and Bill Young.
A core calculus for secure hardware: its formal semantics and proof system
Proceedings of the 15th ACM-IEEE International Conference on Formal Methods and Models for System Design, 2017
Constructing high assurance, secure hardware remains a challenge, because to do so relies on both a verifiable means of hardware description and implementation. However, production hardware description languages (HDL) lack the formal underpinnings required by formal methods in security. Still, there is no such thing as high assurance systems without high assurance hardware. We present a core calculus of secure hardware description with its formal semantics, security type system and mechanization in Coq. This calculus is the core of the functional HDL, ReWire, shown in previous work to have useful applications in reconfigurable computing. This work supports a full-fledged, formal methodology for producing high assurance hardware.
Formal Verification of Safety Automation Logic Designs
In safety critical processes, especially in nuclear power plants, the new digitalized automation (I&C) systems have brought out new needs for safety evaluation. The programmable digital logic controllers can perform complicated control tasks and, thus, their comprehensive verification against safety requirements is a difficult task. Model checking is a promising approach that enables complete verification of a logic design when a finite state machine model of the control logic is available. The paper describes the use of model checking for the verification of an arc protection system and summarizes experiences of utilizing model checking in automation design and verification. For the verification of the arc protection system, it was necessary to model the overall design of the system and its operation environment. The environment model could be kept relatively simple while covering the essential behaviour of the environment. The results show that it is possible to reliably verify th...
Introduction to Formal Hardware Verification
1999
Formal hardware veri cation has recently attracted considerable interest. The need for \correct" designs in safety-critical applications, coupled with the major cost associated with products delivered late, are two of the main factors behind this. In addition, as the complexity o f t h e designs increase, an ever smaller percentage of the possible behaviors of the designs will be simulated. Hence, the con dence in the designs obtained by s i m ulation is rapidly diminishing. This paper provides an introduction to the topic by describing three of the main approaches to formal hardware veri cation: theorem-proving, model checking, and symbolic simulation. We outline the underlying theory behind each approach, we illustrate the approaches by applying them to simple examples, and we discuss their strengths and weaknesses. We conclude the paper by describing current on-going work on combining the approaches to achieve m ulti-level veri cation approaches.