Mandayam Srivas and Mark Bickford. Verification of the FtCayuga fault-tolerant microprocessor system, volume 1: A case-study in theorem prover-based verification. Contractor Report 4381, NASA Langley Research Center, Hampton, VA, July 1991. (Work performed by ORA Corporation).  Home/Search   Document Not in Database   Summary   Related Articles   Check

....flight control systems (DFCS) 127] contains the formal specification and verification of a model for fault masking and transient recovery in DFCS applications. 129] describes the formal verification of the interactive convergence algorithm for Byzantine fault tolerant clock synchronization. [140] discusses the formal verification of the FtCayuga fault tolerant microprocessor system. It appears that NASA has found this line of investigation fruitful and preferable to experimental quantification of software reliability [23] Another recent project for the FAA, undertaken by Nancy Leveson et ....

SRIVAS, M., and BICKFORD, M.: `Verification of the FtCayuga fault-tolerant microprocessor system, vol 1: a case study in theorem prover-based verification'. Contractor Report 4381, NASA Langley Research Centre, Hampton, Virginia, USA, July 1991 (Work performed by ORA corporation.)

....flightcontrol systems (DFCS) 108]contains the formal specification and verification of a model for fault masking and transient recovery in DFCS applications. 110] describes the formal verification of the interactiveconvergence algorithm for Byzantine fault tolerant clock synchronization. [120] discusses the formal verification of the FtCayuga fault tolerant microprocessor system. It appears that NASA has found this line of investigation fruitful and or verification or both, not whether a method is supported by tools. preferable to experimental quantification of software ....

SRIVAS, M., and BICKFORD, M.: `Verification of the FtCayuga fault-tolerant microprocessor system, vol 1: a case study in theorem prover-based verification'. Contractor Report 4381, NASA Langley ResearchCentre, Hampton, Virginia, USA, July 1991 (Work performed by ORA corporation.)

....simplification. ################################################# Microprogram verification has much in common with processor verification, in that both relate the programmer s view of a processor to its hardware implementation. A number of microprocessor designs have been formally verified [7,8,12,15,22,23,26,27], of which Hunt s FM8501, which is of similar complexity to a PDP 11, is the most substantial [12] However, the AAMP5 is significantly more complex, at both the macro and micro architecture levels, than any other processor for which formal verification has been attempted; it has a large, complex ....

....verification rather than on designing a new product. Also, much of the complexity of an AAMP microprocessor resides in the microcode, and past experience had shown that this is one of the most difficult parts of the microprocessor to get right. Success with formal verification in other projects [12,22,23,27] suggested that this technology might be ready for application to an industrial microprocessor. Due to the importance of the AAMP5 to Collins product line, the formal specification and verification of the AAMP5 was performed as a shadow project and did not replace any of the normal design and ....

Srivas, M., and M. Bickford, Verification of the FtCayuga Fault--Tolerant Microprocessor System, Volume 1: A Case Study in Theorem Prover--Based Verification, NASA Contractor Report 4381, July 1991.

....demonstrate the value of formal verification in clarifying and correcting the underpinnings of difficult and critical algorithms. Others working on NASA contracts have formally verified an algorithm and hardware implementations for the Byzantine fault tolerant distribution of sensor samples [3, 30] and several other facets of the overall problem are under current investigation. Much other work on formal verification in the USA has been concerned with secure computer systems, where formal methods are required for the highest level of certification [11] Elsewhere, HOL has been used in the ....

Mandayam Srivas and Mark Bickford. Verification of the FtCayuga faulttolerant microprocessor system, volume 1: A case-study in theorem proverbased verification. Contractor Report 4381, NASA Langley Research Center, Hampton, VA, July 1991. (Work performed by ORA Corporation).

....2 Some aspects of SIFT which was built for NASA Langley were subjected to formal verification [8] but the treatment was far from complete. 3 CLI Inc. and ORA Corporation also participate in the program, using their own tools. Descriptions of some of their work can be found in [9] and [10], respectively. The overall program is not large; it is equivalent to about three full time staff at NASA, and about one each at CLI, ORA, and SRI. FORMAL VERIFICATION FOR FAULT TOLERANT ARCHITECTURES AND THE DESIGN OF PVS 3 tion language is a higher order logic with a rather rich type system ....

Mandayam Srivas and Mark Bickford, "Verification of the FtCayuga fault-tolerant microprocessor system, volume 1: A casestudy in theorem prover-based verification", Contractor Report 4381, NASA Langley Research Center, Hampton, VA, July 1991, (Work performed by ORA Corporation).

.... algorithms [11, 20, 12] as well as verified specifications of high level system descriptions [6, 7, 16, 23] In addition, there have been exercises demonstrating the application of mechanical theorem provers to the verification of hardware components realizing faulttolerant algorithms [22, 1, 13]. The difficulty with these verified components is that each proof involves simplifying assumptions concerning the rest of the architecture. In particular, they assume that the redundant computing elements are operating in lock step synchrony. While it is possible to achieve this using existing ....

Mandayam Srivas and Mark Bickford. Verification of the FtCayuga fault-tolerant microprocessor system: Volume 1: A case study in theorem prover-based verification. Contractor Report 4381, NASA, July 1991. Authors' affiliation: ORA Corporation, Ithaca, NY.

....simplification. 2.3 Historical Perspective Scale of the Challenge Microprogram verification has much in common with processor verification, in that both relate the programmer s view of a processor to its hardware implementation. A number of microprocessor designs have been formally verified [2,3,10,11,15,16,18,25,26,27,30,31,33]. However, the AAMP5 is significantly more complex, at both the macro and micro architecture levels, than any other processor for which formal verification has been attempted; it has a large, complex instruction set, multiple data types and addressing modes, and a microcoded, pipelined ....

Srivas, M. and M. Bickford, Verification of the FtCayuga Fault--Tolerant Microprocessor System, Volume 1: A Case StudyinTheoremProver--BasedVerification,NASAContrac- tor Report 4381, July 1991.

....flight control systems (DFCS) 108] contains the formal specification and verification of a model for fault masking and transient recovery in DFCS applications. 110] describes the formal verification of the interactive convergence algorithm for Byzantine fault tolerant clock synchronization. [120] discusses the formal verification of the FtCayuga fault tolerant microprocessor system. It appears that NASA has found this line of investigation fruitful and or verification or both, not whether a method is supported by tools. preferable to experimental quantification of software reliability ....

SRIVAS, M., and BICKFORD, M.: `Verification of the FtCayuga fault-tolerant microprocessor system, vol 1: a case study in theorem prover-based verification'. Contractor Report 4381, NASA Langley Research Centre, Hampton, Virginia, USA, July 1991 (Work performed by ORA corporation.)

....flight control systems (DFCS) 127] contains the formal specification and verification of a model for fault masking and transient recovery in DFCS applications. 129] describes the formal verification of the interactive convergence algorithm for Byzantine fault tolerant clock synchronization. [140] discusses the formal verification of the FtCayuga fault tolerant microprocessor system. It appears that NASA has found this line of investigation fruitful and preferable to experimental quantification of software reliability [23] Another recent project for the FAA, undertaken by Nancy Leveson et ....

SRIVAS, M., and BICKFORD, M.: `Verification of the FtCayuga fault-tolerant microprocessor system, vol 1: a case study in theorem prover-based verification'. Contractor Report 4381, NASA Langley Research Centre, Hampton, Virginia, USA, July 1991 (Work performed by ORA corporation.)

....mechanical proof of the oral messages algorithm was also developed by SRI[55] ORA also investigated the formal verification of Byzantine Generals algorithms. They focused on the practical implementation of a Byzantine resilient communications mechanism between Mini Cayuga microprocessors [56, 57]. The Mini Cayuga is a small but formally verified microprocessor developed by ORA. It is a research prototype and has not been fabricated. The communications circuitry would serve as a foundation for a fault tolerant architecture. It was designed assuming that the underlying processors were ....

Mandayam Srivas and Mark Bickford, "Verification of the FtCayuga fault-tolerant microprocessor system (Volume 1: A case study in theorem prover-based verification)", NASA CR-4381, July 1991.

No context found.

Mandayam Srivas and Mark Bickford. Verification of the FtCayuga fault-tolerant microprocessor system, volume 1: A case-study in theorem prover-based verification. Contractor Report 4381, NASA Langley Research Center, Hampton, VA, July 1991. (Work performed by ORA Corporation).

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC