Proof and specification assisted design environments

Formal hardware verification systems frequently require the use of temporal logic to express desired properties. But temporal logic can be difficult for hardware engineers to learn and use effectively. This result demonstrates a potential solution: automatically translate English specifications into temporal logic. For example, one could use this natural language interface in conjunction with a model checker to automatically verify system properties expressed as sentences of English. The interface could also be used to detect those English sentences which do not have a precise translation into temporal logic-and therefore cannot be used with a verification system based on that logic. The key benefit of this result is the extension of a wide class of formal techniques for hardware verification to users not normally able to exploit them. The result is software, in the form of an experimental prototype. It synthesizes a number of technologies in the field of computational linguistics, notably a statistically-based part-of-speech tagger, a parser, and multiple levels of conversion between semantic representations and formulas of temporal logic.

HolBddLib is a code library that extends the Prosper Core Proof Engine (CPE) with symbolic calculation capabilities using Reduced Ordered Binary Decision Diagrams (ROBDD). The implementation uses the third party tool BuDDy. which is a high performance ROBDDpackage written in C from the IT University, Copenhagen, Denmark. The interface provides a seamless integration with the fully-expansive proof methodology of Hol98, which underlies the CPE. HolBddLib allows efficient state exploration and model checking facilities to be implemented using Prosper tools and tightly integrated with theorem proving. HolBddLib is distributed with Hol98. It is currently in use as a research platform for experiments in combining theorem proving and model checking. HolBddLib is public domain software that implements a new methodology for combining algorithmic verification and fully-expansive user-guided theorem proving. HolBddLib has potential applications to both ECAD and CASE. HolBddLib uses the BuDDy ROBDD package from IT University, Copenhagen, Denmark.

Hol98 is a programmable platform for implementing theorem proving algorithms. It is used in PROSPER to supply the core proof capability. The improvements to Hol98 (and hence the Prosper Core Proof Engine) include: -Enhanced core theorem proving power . -Additional theories and libraries. -Symbolic execution capability (computeLib). -New decision procedures. -Theory database enhancements so external tools can access HOL theories without invoking Hol98.6. New parser front-end to support application specific languages. Hol98 is a general purpose theorem proving engine with applications to both software and hardware verification. The software is in the public domain and freely useable for research and commercial purposes.

The PROSPER Toolkit is a suite of custom-designed middleware software, centred around an open proof tool architecture that allows an expert to easily and flexibly assemble customised software components to provide embedded formal reasoning support inside applications. The aim is to make reasoning and proof support invisible to the end-user, encapsulating it within the interaction model and interface they already know. The purpose of this software is to improve the quality and reliability of the hardware and software design process through the use of formal, mathematical analysis of the system being designed. Formal notations and tools provide specification and analysis at high levels of abstraction, so that designers can express and check a wider range of properties than with conventional approaches (e.g. testing). A developer wishing to incorporate this capability into a CAD or CASE tool, or indeed into any application, faces a difficult choice between creating a verification engine from scratch and adapting parts of existing tools. Developing a new verification engine is time-consuming and means expensive re-implementation, and existing tools are rarely suitable as components that can be patched into other programs. The PROSPER Toolkit aims to address this problem. The PROSPER Toolkit allows tool integrators to assemble a custom-built component, called a �proof engine�, that can be operated by another program through an Application Programming Interface (API). A proof engine built with the PROSPER Toolkit has the functionality of a theorem verifier, with added reasoning capability provided by plug-ins formed from off-the-shelf tools such as model checkers or decision procedures. A well-documented (but unsupported) prototype implementation of the PROSPER Toolkit is available for research experiments, technical assessment, and exploitation under agreed license conditions. The PROSPER Toolkit is a collection of software for integrating existing formal verification tools into end-user applications such as design tools for hardware and software. It includes the PROSPER Integration Interface (PII), a language-independent specification of the data that may be passed between tools (including logical expressions) and the operations for coordinating the exchange of such data. The PII is implemented in C, Java, and Standard ML, allowing tools implemented in these languages to communicate with each other. Systems constructed using the PROSPER Toolkit are usually built around the Hol98 proof assistant, used as a proof engine. The Toolkit also provides support to enable developers of other verification tools to offer them as PROSPER plug-in components.

Although the PROSPER project has ended we maintain this record to provide a link to our still active research group. Please contact us for more details or visit our web page. The hardware verification workbench provides a set of algorithms and tools for hardware verification. The main parts are: - A tool for circuit rectification, which automatically fixes bugs in a combinational circuit such that it behaves according to a given specification; - A tool for checking formally specified properties for descriptions given in SystemC by means of simulation; - A combination of LTL model checking and a natural language interface such that properties given in plain english can be formally verified. It is able to parse circuit implementations given in a restricted subset of VHDL and Verilog. Specifications are either given as Boolean expressions or as a second circuit in case of combinational circuits. For sequential circuits specifications are given either as temporal logic formulas (CTL, LTL) or as temporal properties described in natural language (which is subsequently translated to LTL). The workbench then generates verification tasks by combining implementation and specification. The verification tasks are then handed over to suitable proving tools. Depending on the verification problem this may be the rectification algorithm, binary decision diagrams, the core proof engine or satisfiability checkers. If the verification fails, counterexamples (signal traces) are generated and visualized by a waveform browser. The result of the hardware verification part of the PROSPER project is the hardware verification workbench, a suite of tools and programs which allow the verification of a restricted set of hardware circuits. In order to provide complete functionality, it is necessary to also add external tools, e.g. the natural language interface provided by the University of Edinburgh or the satisfier-ability checker from Prover Technology, a commercial software package. Details of the functionality is given in the summary section 7. of this report.