by John Rushby
In Proceedings of the 16th Conference on the Foundations of Software Technology and Theoretical Computer Science, Lecture Notes in Computer Science #1180
http://www.csl.sri.com/reports/postscript/fsttcs96.ps.gz
Add To MetaCart
Abstract:
Abstract. In the decade of the 1990s, formal methods have progressed from an academic curiosity at best, and a target of ridicule at worst, to a point where the leading manufacturer of microprocessors has indicated that its next design will be formally verified. In this short paper, I sketch a plausible history of the developments that led to this transformation, present a snapshot of the current state of the practice, and indicate some promising directions for the future. Mindful of the title of this conference, I suggest how formal methods might have an impact on software similar to that which they have had on hardware. 1 The Past In their early days (the 1970s---though continuing to the present in some places), formal methods were associated with proofs of program correctness. This is not only a very costly and difficult exercise---it requires formalizing the semantics of real programming languages, and dealing with the scale and characteristics of real imperative programs---but it also adds very little value: traditional methods
Citations
|
1128
|
Symbolic Model Checking
– McMillan
- 1993
|
|
993
|
The Z notation: a reference manual
– Spivey
- 1992
|
|
724
|
Symbolic boolean manipulation with Ordered Binary Decision Diagrams
– Bryant
- 1992
|
|
592
|
Systematic Software Development Using VDM
– Jones
- 1986
|
|
295
|
Formal verification for fault-tolerant architectures: Prolegomena to the design of PVS
– Owre, Rushby, et al.
- 1995
|
|
205
|
Protocol verification as a hardware design aid
– Dill, Drexler, et al.
- 1992
|
|
172
|
PVS: Combining specification, proof checking, and model checking
– Owre, Rajan, et al.
- 1996
|
|
88
|
Completeness and consistency in hierarchical state-base requirements
– Heimdahl, Leveson
- 1996
|
|
86
|
An Integration of Model-checking with Automated Proof Checking
– Rajan, Shankar, et al.
- 1995
|
|
83
|
Verification of the futurebus+ cache coherence protocol
– Clarke, Grumberg, et al.
- 1995
|
|
78
|
Analyzing Software Requirements Errors in Safety-Critical, Embedded Systems
– Lutz
- 1993
|
|
77
|
Experiments in theorem proving and model checking for protocol verification
– Havelund, Shankar
- 1996
|
|
65
|
Elements of style: Analyzing a software design feature with a counterexample detector
– Jackson, Damon
- 1996
|
|
62
|
Applying formal verification to the AAMP5 microprocessor: A case study in the industrial use of formal methods
– Miller, Srivas
- 1996
|
|
55
|
Formal Methods Reality Check: Industrial Usage
– Craigen, Gerhart, et al.
- 1995
|
|
54
|
ACL2 Theorems about Commercial Microprocessors
– Brock, Kaufmann, et al.
- 1996
|
|
32
|
Verification of FLASH cache coherence protocol by aggregation of distributed transactions
– Park, Dill
- 1996
|
|
27
|
Feasibility of model checking software requirements: A case study
– Sreemani, Atlee
- 1996
|
|
25
|
Verifying the srt division algorithm using theorem proving techniques
– Clarke, German, et al.
- 1996
|
|
22
|
Bit-level analysis of an srt divider circuit
– Bryant
- 1996
|
|
16
|
Using formal verification/analysis methods on the critical path in system design: A case study
– Eiriksson, McMillan
- 1995
|
|
16
|
Anatomy of the Pentium bug
– PRATT
- 1995
|
|
15
|
An Executable Specification, Analyzer and Verifier for RMO (Relaxed Memory Order
– Park, Dill
- 1995
|
|
12
|
Srivas. Modular verification of SRT division
– Rue, Shankar, et al.
- 1996
|
|
12
|
Automated deduction and formal methods
– Rushby
- 1996
|
|
11
|
Verification of IEEE compliant subtractive division algorithms
– Miner, Leathrum
- 1996
|
|
5
|
Experiences and lessons from the analysis of TCAS II
– Heimdahl
- 1996
|
|
5
|
Using PVS to analyze hierarchical state-based requirements for completeness and consistency
– Heimdahl, Czerny
- 1996
|
|
4
|
Theorem proving: Not an esoteric diversion, but the unifying framework for industrial verification
– Cyrluk, Srivas
- 1995
|
|
4
|
Computer-aided computing
– Shankar
- 1995
|
|
4
|
Unifying verification paradigms
– Shankar
- 1996
|
|
3
|
Calculating with Requirements
– Rushby
- 1997
|
|
2
|
Manpreet Khaira, and Xudong Zhao. Word level symbolic model checking---avoiding the Pentium FDIV error
– Clarke
- 1996
|
