Qian Wang,Xiaoyu Song,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1155/2014/197252

2014-01-01

Journal of Applied Mathematics

Abstract:Addition arithmetic design plays a crucial role in high performance digital systems. The paper proposes a systematic method to formalize and verify adders in a formal proof assistant COQ. The proposed approach succeeds in formalizing the gate-level implementations and verifying the functional correctness of the most important adders of interest in industry, in a faithful, scalable, and modularized way. The methodology can be extended to other adder architectures as well.

Jason Gross,Andres Erbsen,Jade Philipoom,Rajashree Agrawal,Adam Chlipala

DOI: https://doi.org/10.1007/s10817-024-09705-6

2024-08-15

Abstract:We address the challenges of scaling verification efforts to match the increasing complexity and size of systems. We propose a research agenda aimed at building a performant proof engine by studying the asymptotic performance of proof engines and redesigning their building blocks. As a case study, we explore equational rewriting and introduce a novel prototype proof engine building block for rewriting in Coq, utilizing proof by reflection for enhanced performance. Our prototype implementation can significantly improve the development of verified compilers, as demonstrated in a case study with the Fiat Cryptography toolchain. The resulting extracted command-line compiler is about 1000$\times$ faster while featuring simpler compiler-specific proofs. This work lays some foundation for scaling verification efforts and contributes to the broader goal of developing a proof engine with good asymptotic performance, ultimately aimed at enabling the verification of larger and more complex systems.

Programming Languages

张欢欢,邵志清,宋国新

DOI: https://doi.org/10.3969/j.issn.1006-3080.2003.01.016

2003-01-01

Abstract:Based on rewriting induction techniques, an approach automatically verifying adder circuits is proposed. All involved concepts, including bits, gates, bit strings, natural numbers, half adders, full adders and ripple carry adders, are described using rewrite systems. Proofs of various properties are given using rewriting and induction. The correctness of ripple carry adders is established by showing that they actually implement addition on the natural numbers. Finally, a comparison with related works is made and the result shows that our approach has advantages in specifying and verifying hardware circuits.

张欢欢,邵志清,宋国新

DOI: https://doi.org/10.3321/j.issn:0372-2112.2003.06.034

2003-01-01

Abstract:Based on functional specifications of carry lookahead adders,and it directly uses rewriting induction techniques to establish the correctness of these specifications by proving that they actually implement addition on the natural numbers.A brief comparison with related work is made and the results show that this approach has advantages in specifying and verifying hardware circuits.

Gang Chen,Xiaoyu Song,Guowu Yang,Ting Wang,Xiaoqiao Mu,Yongqian Fan

DOI: https://doi.org/10.1109/tcad.2020.3015414

IF: 2.9

2021-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Parallel adders are extensively used in high-performance computer design and hardware acceleration for large-scale data processing. In the adder design theory, a key property of the group propagated carry and the group generated carry is based on the two recurrence equations. The property is fundamental to many parallel prefix adders. However, there is no proof of the property in the literature. This article presents a rigorous and complete proof for it. The proof can leverage a solid ground for a formal verification methodology for parallel adder-based chip design.

Si-min YANG,Zhao-peng LI,Zhong ZHUANG,Zhen-ting ZHANG

2011-01-01

Abstract:Recently,as an important way to build high-confidence software,certifying compiler is becoming the research focus of the compiler and formal verification.In its theoretical framework,the compiler proves the verification conditions and generates the machine-checkable proof automatically with automated theorem prover,so a good automated theorem prover is essential for certifying compiler.This paper describes a linear arithmetic prover based on the Simplex algorithm,and proposes an innovative method of proof generation,which is applied to our automated theorem prover to build the Coq-checkable proof.

Saranyu Chattopadhyay,Florian Lonsing,Luca Piccolboni,Deepraj Soni,Peng Wei,Xiaofan Zhang,Yuan Zhou,Luca Carloni,Deming Chen,Jason Cong,Ramesh Karri,Zhiru Zhang,Caroline Trippel,Clark Barrett,Subhasish Mitra

DOI: https://doi.org/10.34727/2021/isbn.978-3-85448-046-4_12

2021-01-01

Abstract:Hardware accelerators (HAs) are essential building blocks for fast and energy-efficient computing systems. Accelerator Quick Error Detection (A-QED) is a recent formal technique which uses Bounded Model Checking for pre-silicon verification of HAs. A-QED checks an HA for self-consistency, i.e., whether identical inputs within a sequence of operations always produce the same output. Under modest assumptions, A-QED is both sound and complete. However, as is well-known, large design sizes significantly limit the scalability of formal verification, including A-QED. We overcome this scalability challenge through a new decomposition technique for A-QED, called A-QED with Decomposition $(A-Q E D^{2})$. A-QED 2 systematically decomposes an HA into smaller, functional sub-modules, called sub-accelerators, which are then verified independently using A-QED. We prove completeness of $A-QED^{2} $; in particular, if the full HA under verification contains a bug, then $A-QED^{2}$ ensures detection of that bug during A-QED verification of the corresponding subaccelerators. Results on over 100 (buggy) versions of a wide variety of HAs with millions of logic gates demonstrate the effectiveness and practicality of $A-QED^{2}$.

Stephen Wong,Jing Sun,Ian Warren,Jun Sun

DOI: https://doi.org/10.1109/ICECCS.2008.16

2008-01-01

Abstract:The ideal of verified software has long been the goal of research in Computer Science. This paper argues that the time is ripe to embark on a Grand Challenge project to construct a program verifier, based on a sound and complete theory of programming, ...

Eyad Alkassar,Sascha Böhme,Kurt Mehlhorn,Christine Rizkallah

DOI: https://doi.org/10.48550/arXiv.1301.7462

2013-01-31

Abstract:Formal verification of complex algorithms is challenging. Verifying their implementations goes beyond the state of the art of current automatic verification tools and usually involves intricate mathematical theorems. Certifying algorithms compute in addition to each output a witness certifying that the output is correct. A checker for such a witness is usually much simpler than the original algorithm - yet it is all the user has to trust. The verification of checkers is feasible with current tools and leads to computations that can be completely trusted. We describe a framework to seamlessly verify certifying computations. We use the automatic verifier VCC for establishing the correctness of the checker and the interactive theorem prover Isabelle/HOL for high-level mathematical properties of algorithms. We demonstrate the effectiveness of our approach by presenting the verification of typical examples of the industrial-level and widespread algorithmic library LEDA.

Logic in Computer Science,Data Structures and Algorithms,Formal Languages and Automata Theory

Qinhan Tan,Yuheng Yang,Thomas Bourgeat,Sharad Malik,Mengjia Yan

2024-07-17

Abstract:Modern out-of-order processors face speculative execution attacks. Despite various proposed software and hardware mitigations to prevent such attacks, new attacks keep arising from unknown vulnerabilities. Thus, a formal and rigorous evaluation of the ability of hardware designs to deal with speculative execution attacks is urgently desired. This paper proposes a formal verification technique called Contract Shadow Logic that can considerably improve RTL verification scalability while being applicable to different defense mechanisms. In this technique, we leverage computer architecture design insights to improve verification performance for checking security properties formulated as software-hardware contracts for secure speculation. Our verification scheme is accessible to computer architects and requires minimal formal-method expertise. We evaluate our technique on multiple RTL designs, including three out-of-order processors. The experimental results demonstrate that our technique exhibits a significant advantage in finding attacks on insecure designs and deriving complete proofs on secure designs, when compared to the baseline and two state-of-the-art verification schemes, LEAVE and UPEC.

Hardware Architecture

Yun-min ZHU,Li-wei ZHANG,Sheng-yuan WANG,Yuan DONG,Su-qin ZHANG

DOI: https://doi.org/10.3321/j.issn:0372-2112.2009.z1.001

2009-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:2 Abstract As the multi-core processor is widely used and advanced high-trusted software is required, the verification of parallel programs for multi-core processor becomes more and more important. This paper presents a proof framework about the verification of parallel programs, including the definition of our abstract machine, the formal specification for object code, logic inference rules and the proof of soundness theory. We certify the code at an assembly-level directly in order to disregard the correctness of compilers. The classic spin-lock technology is introduced to implement the mutually exclusive access to shared memory. Our proof framework supports Hoare-logic style reasoning. In addition, we use high-order logic to describe both operational semantics and security-policy, so the partial correctness of multi-core parallel programs can be verified in our system.

Thomas Braibant

DOI: https://doi.org/10.48550/arXiv.1108.4253

2011-08-22

Abstract:We propose a new library to model and verify hardware circuits in the Coq proof assistant. This library allows one to easily build circuits by following the usual pen-and-paper diagrams. We define a deep-embedding: we use a (dependently typed) data-type that models the architecture of circuits, and a meaning function. We propose tactics that ease the reasoning about the behavior of the circuits, and we demonstrate that our approach is practicable by proving the correctness of various circuits: a text-book divide and conquer adder of parametric size, some higher-order combinators of circuits, and some sequential circuits: a buffer, and a register.

Logic in Computer Science

Guo Li,Chen Yiyun,Li Long,Li Zhaopeng

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.21.019

2006-01-01

Abstract:As the high-trusted software plays more and more important role in today's information society,the requirement of sound programs greatly increases.To improve software soundness and security,it is a feasible approach for developers to strictly specify and prove programs safety properties based on formal proof tool.This paper describes the process and experience of building such security programs using proof assistant Coq.

Junyan Qian,Baowen Xu

2007-01-01

Abstract:we present a methodology for automatically verifying programs against safety specifications based on finite state machine. Firstly, computing the abstract transition between abstract states is done by calling a theorem prover, and then an initial abstract model automatically is extracted from concrete program using predicate abstraction. However, the process of abstraction can be exponential in the number of predicates used. Program slicing, predicate inference and partitioning the set of candidate predicates into subsets make abstract model construction effective. By counterexample-guided abstraction refinement scheme, the abstraction refines incrementally until the specification is either satisfied or refuted. Finally, our methods can be extended to verifying concurrency programs by parallel composition.

Jingyuan Cao,Ming Fu,Xinyu Feng

DOI: https://doi.org/10.1145/2676724.2693162

2015-01-01

Abstract:Proof automation is essential for large scale proof development such as OS kernel verification. An effective approach is to develop tactics and SMT solvers to automatically prove verification conditions. However, for complex systems, it is almost impossible to achieve fully automated verification and human interactions are unavoidable. So the key challenge here is, on the one hand, to reduce manual proofs as much as possible, and on the other hand, to provide user-friendly error messages when the automated verification fails, so that users could adjust specifications or the code accordingly, or to do part of the proofs manually.In this paper we propose a set of practical tactics for verifying C programs in Coq, including both tactics for automatically proving separation logic assertions and ones for automatic verification condition generation. In particular, we develop special tactics for verifying programs manipulating singly-linked lists. Using our tactics we are able to verify several C programs with one-line proof script. Another key feature of our tactics is that, if the tactics fail, they allow users to easily locate problems causing the failure by looking into the remaining subgoals, which greatly improves the usability when human interaction is necessary.

Jiawei Wang,Ming Fu,Lei Qiao,Xinyu Feng

DOI: https://doi.org/10.1016/j.scico.2019.102371

IF: 1.039

2020-01-01

Science of Computer Programming

Abstract:The SPARCv8 instruction set architecture (ISA) has been widely used in various processors for workstations, embedded systems, and space missions. In order to formally verify the correctness of embedded operating systems running on SPARCv8 processors, one has to formalize the semantics of SPARCv8 ISA. In this article, we present our formalization of SPARCv8 ISA, which is faithful to the realistic design of SPARCv8. We also prove the determinacy and isolation properties with respect to the operational semantics of our formal model. In addition, we have verified that two trap handlers handling window overflow and window underflow satisfy the user's specifications based on our formal model. All of the formalization and proofs have been mechanized in Coq.

Rajdeep Mukherjee,Saurabh Joshi,Andreas Griesmayer,Daniel Kroening,Tom Melham

DOI: https://doi.org/10.48550/arXiv.1609.00169

2016-09-01

Abstract:Semiconductor companies have increasingly adopted a methodology that starts with a system-level design specification in C/C++/SystemC. This model is extensively simulated to ensure correct functionality and performance. Later, a Register Transfer Level (RTL) implementation is created in Verilog, either manually by a designer or automatically by a high-level synthesis tool. It is essential to check that the C and Verilog programs are consistent. In this paper, we present a two-step approach, embodied in two equivalence checking tools, VERIFOX and HW-CBMC, to validate designs at the software and RTL levels, respectively. VERIFOX is used for equivalence checking of an untimed software model in C against a high-level reference model in C. HW-CBMC verifies the equivalence of a Verilog RTL implementation against an untimed software model in C. To evaluate our tools, we applied them to a commercial floating-point arithmetic unit (FPU) from ARM and an open-source dual-path floating-point adder.

Software Engineering,Logic in Computer Science

WENG Yan-ling,GE Hai-tong,YAN Xiao-lang,ZHENG Fei-jun

DOI: https://doi.org/10.3785/j.issn.1008-973x.2008.08.012

2008-01-01

Abstract:A new approach was proposed to improve the overall performance of equivalence checking with complicate arithmetic circuits.The synthesis engine was made to replay the optimizations of arithmetic circuit.The algorithm combines the recognition technique of different coding methods in multiplier,the extraction technique of half adder graph(HAG) in addition circuit,and the recognition technique of half adder tree structure of partial product addition circuit.With the extracted information,the register transfer level(RTL) synthesis engine can generate a gate netlist that is logically correct and structurally similar to the implementation.Due to the similarity of arithmetic circuits,only the lower bits' outputs need analyz-ing,which decreases the algorithm complexity.Compared with the traditional verification algorithms of arithmetic circuits,the proposed algorithm can be easily incorporated into the existing RTL-gate equivalence checking frameworks and increase the robustness of the equivalence checking for arithmetic circuits,thus the verification performance is improved.

Milad K. Ghale,Rajeev Goré,Dirk Pattinson,Mukesh Tiwari

DOI: https://doi.org/10.1007/978-3-030-00419-4_4

2018-01-01

Abstract:We introduce a formal, modular framework that captures a large number of different instances of the Single Transferable Vote (STV) counting scheme in a uniform way. The framework requires that each instance defines the precise mechanism of counting and transferring ballots, electing and eliminating candidates. From formal proofs of basic sanity conditions for each mechanism inside the Coq theorem prover, we then synthesise code that implements the given scheme in a provably correct way and produces a universally verifiable certificate of the count. We have applied this to various variations of STV, including several used in Australian parliamentary elections and demonstrated the feasibility of our approach by means of real-world case studies.

Li Zhou,Gilles Barthe,Pierre-Yves Strub,Junyi Liu,Mingsheng Ying

DOI: https://doi.org/10.1145/3571222

2023-01-01

Proceedings of the ACM on Programming Languages

Abstract:CoqQ is a framework for reasoning about quantum programs in the Coq proof assistant. Its main components are: a deeply embedded quantum programming language, in which classic quantum algorithms are easily expressed, and an expressive program logic for proving properties of programs. CoqQ is foundational: the program logic is formally proved sound with respect to a denotational semantics based on state-of-art mathematical libraries (MathComp and MathComp Analysis). CoqQ is also practical: assertions can use Dirac expressions, which eases concise specifications, and proofs can exploit local and parallel reasoning, which minimizes verification effort. We illustrate the applicability of CoqQ with many examples from the literature.