Kurshan, R. P. and Lamport, L. 1993. Verification of a multiplier: 64 bits and beyond. In Computer-Aided Verification, C. Courcoubetis, Ed. Lecture Notes in Computer Science, vol. 697. Springer-Verlag, Berlin, 166--179. Proceedings of the 5th International Conference, CAV'93.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....verification of finite state systems, and suffer from the state explosion problem, which inhibits its use in very big systems. Combining the two formal verification methods is appealing, as it has the potential of exploiting the strengths of both methods. Prior research in this direction, e.g. [9, 11, 17], has focused on how to decompose a verification problem into parts each of which is manageable by one of the two methods. Although some impressive case studies have been conducted, it is still not clear how practical is the combination of theorem proving and model checking in general. The first ....

R.P. Kurshan and L. Lamport, "Verification of a Multiplier: 64 Bits and Beyond", 5th International Conference on Computer Aided Verification, Elounda, Greece, June/July 1993, LNCS 697, pp.166--179.

.... checkers [5, 3] induction based approaches adapted from software verification [8, 12] and finally approaches based on modeling hardware circuits using higher order logics [6, 11] Despite this widespread interest, verification efforts involving multiplier circuits have been few in comparison[14, 4, 13]. The state based approaches and model checking that employ binary decision diagrams (BDDs) or some variant of these, do not perform well on multiplier circuits due to the associated state explosion (see further discussion on this in the next section on related work) It is possible to verify the ....

R.P. Kurhshan, L. Lamport, "Verification of a Multiplier: 64 Bits and Beyond," Fifth Intl. Conf. on CAV, C. Courcoubetis (editor), LNCS 697, July 1993.

....to have two views of a system specification, and to reason with and refine one view, and to understand the consequences in the other view. 3.3.1 Model Checking and Theorem Proving. One of the most promising directions in method integration is in combining model checking and theorem proving [Kurshan and Lamport 1993; Rajan et al. 1995; Bj rner et al. 1996] ideally to benefit from the advantages of both approaches. One way is to employ model checking as a decision procedure within a deductive framework, as is done in tools such as PVS and STeP. For example, a sufficiently expressive logic can be used to ....

Kurshan, R. and Lamport, L. 1993. Verification of a Multiplier: 64 Bits and Beyond. In C. Courcoubetis Ed., Computer Aided Verification, Volume 697 of Lecture Notes in Computer Science (1993), pp. 166--179. Springer-Verlag.

....and human driven (but mechanically checked) verification (Bradfield, 1992) Although very different from our work, the common theme is that a practical yet rigorous proof management system is very useful in verification. Recent work by Kurshan and Lamport is much closer to our approach (Kurshan Lamport, 1993). They have combined the COSPAN model checker with the TLP theorem prover. The model checker is used to prove properties of components of the system: these properties are then translated into a form suitable for the theorem prover. In order to prove the overall result, a number of sub results need ....

....sequence of states a system may go through. In other words, given that the system is in state s 2 S, we view Y (s) as denoting the least specified state the system can be in one time unit later. Here, least specified is defined in terms of the partial order v . 2 This issue is not discussed in (Kurshan Lamport, 1993) so we are not saying that they can not handle the timing, just that this is not done in this paper. Let S denote the set of all infinite sequences of elements from S. Sequences are useful when reasoning about model behaviours, but not all sequences represent possible behaviours of a model. ....

Kurshan, R.P., & Lamport, L. 1993. Verification of a Multiplier: 64 Bits and Beyond. In: (Courcoubetis, 1993).

No context found.

Kurshan, R. P. and Lamport, L. 1993. Verification of a multiplier: 64 bits and beyond. In Computer-Aided Verification, C. Courcoubetis, Ed. Lecture Notes in Computer Science, vol. 697. Springer-Verlag, Berlin, 166--179. Proceedings of the 5th International Conference, CAV'93.

....the verification of a complex, low level system to proving properties of a higher level specification and properties of one low level component at a time. Decomposing proofs in this way allows us to apply decision procedures to verifications that hitherto required completely hand guided proofs [Kurshan and Lamport 1993]. When specifying a reusable component, without knowing precisely where it will be used, we must make explicit what it assumes of its environment. We therefore assert that the component satisfies a guarantee M only as long as its environment satisfies an assumption E. This assumption guarantee ....

....the Decomposition Theorem to reduce decompositional reasoning to ordinary TLA reasoning. This reduction may seem complicated for so trivial an example as the GCD program. However, it will be insignificant compared to the complexity of the complete proof in any realistic example, such as the one by Kurshan and Lamport [1993], discussed below. 4.3.3 The General Theorem. We sometimes need to prove the correctness of systems defined inductively. At induction stage N 1, the low and high level specifications are defined as the conjunctions of k copies of low and high level specifications of stage N , respectively. For ....

[Article contains additional citation context not shown here]

Kurshan, R. P. and Lamport, L. 1993. Verification of a multiplier: 64 bits and beyond. In Computer-Aided Verification, C. Courcoubetis, Ed. Lecture Notes in Computer Science, vol. 697. Springer-Verlag, Berlin, 166--179. Proceedings of the 5th International Conference, CAV'93.

....the verification of a complex, low level system to proving properties of a higher level specification and properties of one low level component at a time. Decomposing proofs in this way allows us to apply decision procedures to verifications that hitherto required completely hand guided proofs [Kurshan and Lamport 1993]. When specifying a reusable component, without knowing precisely where it will be used, we must make explicit what it assumes of its environment. We therefore assert that the component satisfies a guarantee M only as long as its environment satisfies an assumption E. This assumption guarantee ....

....the Decomposition Theorem to reduce decompositional reasoning to ordinary TLA reasoning. This reduction may seem complicated for so trivial an example as the GCD program. However, it will be insignificant compared to the complexity of the complete proof in any realistic example, such as the one by Kurshan and Lamport [1993], discussed below. 4.3.3 The General Theorem. We sometimes need to prove the correctness of systems defined inductively. At induction stage N 1, the low and high level specifications are defined as the conjunctions of k copies of low and high level specifications of stage N , respectively. For ....

[Article contains additional citation context not shown here]

Kurshan, R. P. and Lamport, L. 1993. Verification of a multiplier: 64 bits and beyond. In Computer-Aided Verification, C. Courcoubetis, Ed. Lecture Notes in Computer Science, vol. 697. Springer-Verlag, Berlin, 166--179. Proceedings of the 5th International Conference, CAV'93.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC