From Windley 09 Feb 89
To: info-hol@clover.ucdavis.edu
Subject: Bibliography
Date: Thu, 09 Feb 89 21:20:51 -0800
From: Phil Windley <windley%cheetah.ucdavis.edu@munnari.oz>
Status: RO


I've been trying to keep a bibliography of papers relevant to HOL and
hardware verification.  I'm including that in this message.  Its in refer
format (sorry to you bibtex fans).

I know that its far from complete; it doesn't even contain all of the
relevant Cambridge Tech Reports. I'm hoping that in making this
available, I can enlist the help of others in making it more complete.  If
you will make submissions to me (preferably in bib format, I'll try to
maintain a complete copy that can be mailed out from time to time. (I'd
make it available for anonymous ftp, but ours has been turned off due to a
security bug.  No word on when it will be turned back on.)

On most UNIX systems, this can be printed using the command

  sortbib filename |roffbib

where filename is the name you give this file.

--phil--

P.S.  Don't make fun of me if I've misinterpreted some of the papers when I
give an abstract; kindly send a gentle correction ;-)


%A Sumit Ghosh
%T Using Ada as an HDL
%J IEEE Design & Test of Computers
%P 30 - 42
%I IEEE
%D February, 1988
%K HDL, Ada, programming languages, hardware
%X Ada may be used as both a hardware description language and a distributed
simulation environment, resulting in a uniform approach to digital
designs.


%A M. C. Browne
%A E. M. Clarke
%E D. Borrione
%T SML - A High Level Language for the Design and Verification of Finite State Machines
%J From HDL Descriptions to Guaranteed Correct Circuit Designs
%P 269-292
%I Elsevier Science Publishers B. V. (North-Holland)
%D 1987
%K finite state machines, verification, HDL
%X Language for laying out PLA's and other finite state machine based circuits.  Verification by enumeration.



%A Albert Camilleri
%A Mike Gordon
%A Tom Melham
%E D. Borrione
%T Hardware Verification using Higher-Order Logic
%J From HDL Descriptions to Guaranteed Correct Circuit Designs
%P 43-67
%I Elsevier Science Publishers B. V. (North-Holland)
%D 1987
%K hardware verification, logic
%X Use of higher-order logic to verify circuits.  It seems that it basically reduces everything to recursive function theory and then proves things about different sets of recursive functions that represent specification and implementation.

%A Bruce S. Davie
%A George J. Milne
%E D. Borrione
%T The Role of Behavior in VLSI Design Languages
%J From HDL Descriptions to Guaranteed Correct Circuit Designs
%P 3-20
%I Elsevier Science Publishers B. V. (North-Holland)
%D 1987
%K hardware verification, VLSI, behavior, HDL
%X Hardware description languages are beginning to replace computer
graphics as the preferred medium in which to perform VLSI design.  Current
hardware design languages deal primarily with structure, this paper
examines the role of behavior in HDLs.

%A Warren J. Hunt
%E D. Borrione
%T The Mechanical Verification of a Microprocessor Design
%J From HDL Descriptions to Guaranteed Correct Circuit Designs
%P 89-129
%I Elsevier Science Publishers B. V. (North-Holland)
%D 1987
%K hardware verification, VLSI, behavior, HDL, FM8501
%X The complete verification of a 16-bit microprocessor using the
Boyer-Moore theorem prover is given.  Induction and recursion are used
extensively in the proof and specification.

%A W. J. Cullyer
%R VIPER - Correspondence Between the Specification and the ``Major State Machine''
%I Royal Signals and Radar Establishment
%N 86004
%D January, 1986
%C Malvern, Worchestershire, England
%K VIPER, hardware, verification, LCF
%X A 32-bit microprocessor is specified and the implementation is proven
correct using the language LCF-LSM.

%A W. J. Cullyer
%A C. H. Pygott
%R Hardware Proofs Using LCF-LSM and Ella
%I Royal Signals and Radar Establishment
%N 3832
%D September, 1985
%C Malvern, Worchestershire, England
%K hardware, verification, LCF-LSM, Ella
%X A long paper that gives a methodology for using LCF-LSM and
Ella to verify hardware.

%A Harry G. Barrow
%T VERIFY: A Program for Proving Correctness of Digital Hardware Designs
%J Artificial Intelligence
%D 1984
%V 24
%P 437-491
%K hardware, verification, PROLOG
%X VERIFY is a program written in PROLOG that attempts to show that the
behavior of a circuit, as inferred from its structure, is equivalent to it
specification.


%A George Milne
%A Robin Milner
%T Concurrent Processes and Their Syntax
%J Journal of the Association for Computing Machinery
%V 26
%P 302-321
%I ACM
%D April, 1979
%K concurrency, process, semantics, syntax, algebraic semantics, communicating processes
%X A mathematical model of concurrent computation is presented.  Starting from
synchronized communication as the only primitive notion, a process is defined
as a set of communication capabilities.  A minimal set of operations for
composing processes is defined.

%A George Milne
%T CIRCAL and the Representation of Communication, Concurrency, and Time
%J ACM Transactions on Programming Languages and Systems
%V 7(2)
%P 270-298
%I ACM
%D April, 1985
%K model of concurrency, correctness, verification, specification
%X The CIRCAL calculus is presented as a mathematical framework in which to
describe
and analyze concurrent systems, whether hardware or software.  The dot operator
is used to compose CIRCAL descriptions and it is this operator that allows the
natural modeling of asynchronous and synchronous behavior, thus allowing the
analysis of system timing properties.

%A George Milne
%T The Correctness of a Simple Silicon Compiler
%J Computer Hardware Description Languages and their Applications
%P 1-12
%I North-Holland Publishing Company
%D 1983
%K verification, hardware, CIRCAL, specification
%X The calculus CIRCAL is illustrated by verifying the correctness of a simple silicon
compiler.  A behavior specification and structural specification are given
in CIRCAL and the correctness of the compiler is shown by showing these two
specifications to be the same.

%A Robin Milne
%T Calculi for Synchrony and Asynchrony
%J Theoretical Computer Science
%V 25
%P 267-310
%I North-Holland
%D 1983
%K specification, hardware, verification, concurrency, algebreic theory
%X A calculus of distributed computation is studied based on four combinators.
A central idea is the Abelian group of actions which models the interferences
between the components of a distributed agent.  The calculus models both
synchronous and asynchronous computation.

%A C. A. R. Hoare
%T An Axiomatic Basis for Computer Programming
%J Communications of the ACM
%V 12(10)
%P 576-583
%I ACM
%D 1969
%K program verification, axiomatic method
%X An attempt to explore the logical foundations of computer programming by use
of techniques which were first applied to geometry and later applied to other
branches of mathematics.  This includes the elucidation of sets of axioms and
rules of inference which can be used in proofs of the properties of computer
programs.


%A Nicolas Halbwachs
%A Anne Lonchampt
%A Daniel Pilaud
%T Describing and Designing Circuits by Means of a Synchronous Declarative Language
%E D. Borrione
%J From HDL Descriptions to Guaranteed Correct Circuit Designs
%I Elsevier Science Publishers B. V. (North-Holland)
%D 1987
%P 255-268
%K hardware, verification, design, description language, LUCID, LUSTRE
%X This paper illustrates the use of LUSTRE, a real-time data-flow programming
language, for circuit description, simulation, proof and design.


%A Wolfgang Rosenstiel
%A Raul Camposano
%T The Karlsruhe DSL Synthesis System
%E D. Borrione
%J From HDL Descriptions to Guaranteed Correct Circuit Designs
%I Elsevier Science Publishers B. V. (North-Holland)
%D 1987
%P 155-168
%K hardware, specification, design, description language, hardware synthesis
%X Discussion of DSL and its use in the synthesis of circuits from
behavioral descriptions.


%A Stephen D. Crocker
%A Eve Cohen
%A Sue Landauer
%A Hilarie Orman
%T Reverification of a Microprocessor
%J 1988 IEEE Symposium on Security and Privacy
%P 166-176
%I IEEE
%D April, 1988
%K verification, security, FM8501, SDVS
%X A reverification of the FM8501 microprocessor originally verified by Hunt
using the Boyer-Moore theorem prover.  This work uses the State Delta
Verification System (SDVS) to do the same work which correlates nicely with
Hunt's.

%A Susan S. Owicki
%T Specification and Verification of a Network Mail System
%P 199-234
%K verification, specification, mail system
%X Techniques for describing and verifying modular systems are illustrated
using a simple network mail problem.  The design is presented in a
top-down style.  At each level of refinement, the specifications of the higher
level are verified from the specifications of the lower level components.

%A Leslie Lamport
%A Fred Schneider
%T Formal Foundation for Specification and Verification
%P 203-285
%K specification, verification, concurrent programming
%X Discussion of the specification and verification of concurrent systems.
Recap of most major methods.

%A David K. Probst
%A Hon F. Li
%T Abstract Specification of Synchronous Data Types for VLSI and Proving the Correctness of Systolic Network Implementations
%J IEEE Transactions on Computers
%V 37(6)
%P 710-720
%I IEEE
%D 1986
%K specification, verification, hardware, trace specification
%X Presents a combined methodology for specifying abstract synchronous data
types and proving the correctness of systolic network implementations.

%A B. Cohen
%A W. T. Harwood
%A M. I. Jackson
%T The Specification of Complex Systems
%P 77-93
%I Addison-Wesley
%K specification, verification, concurrent systems, SCCS
%X  Chapter 6 contains a discussion of the Synchronous Calculus of Concurrent
Systems developed by Milner at the University of Edinburgh.  In SCCS, a
complex system is defined as a collection of agents which communicate with
each other.  The viewpoint supports an 'operational' style of
decomposition.

%A Mark Moriconi
%A Richard L. Schwartz
%T Automatic Construction of Verification Condition Generators from Hoare Logics
%P 333-359
%K verification condition generators, Hoare Logic
%X  Defines a method for mechanically constructing verification condition
generators from a useful class of Hoare logics.  Any verification condition
generator constructed using the method in the paper is shown to be sound
and deduction-complete with respect to the associated Hoare logic.  The
method has been implemented.

%A Valdis Berzins
%T On Merging Software Extensions
%J Acta Informatica
%V 23
%P 607-619
%I Springer-Verlag
%D 1986
%K software engineering, merging, SCCS
%X The problem of combining independent updates to a program us examined in
the context of applicative programs.  A partial semantic merge rule is
given together with the conditions under which it is guaranteed to be
correct and the conditions under which a string merge corresponds to a
semantic merge are examined.

%A Brent Hailpern
%A Susan Owicki
%T Modular Verification of Concurrent Programs
%J 9th Annual Symposium on POPAL
%P 322-336
%D January, 1982
%K verification, concurrent systems, modular
%X Proposes a technique to simplify the task of verifying concurrent systems
by using modular composition of sequential proofs.

%A Graham Birtwhistle
%A Jeff Joyce
%A Breen Liblong
%A Tom Melham
%A Rick Schediwy
%T Specification and VLSI Design
%J Formal Aspects of VLSI Design
%P 83-97
%I Elsevier Publishers (North-Holland)
%D 1986
%K Calgary, VLSI, Specification, EDICT, verification
%X Describes research into specification-based VLSI design.  Long-term
goals are directed to building specification-based design environments
(EDICT) to support interactive, hierarchic design methodology.  Current
research involves: 1) the SHIFT high-level design capture format,
gaining experience with verifying large designs, and building a
specification library.  Paper describes two large proofs: an elimination
unit for a local area network device and  a design of Landin's SECD
machine.

%A Richard A. De Millo
%A Richard J. Lipton
%A Alan J. Perlis
%T Social Processes and Proofs of Theorems and Programs
%J Communications of the ACM
%V 22(5)
%P 271-280
%I ACM
%D May 1979
%K formal mathematics, mathematical proofs, program verification, program specification
%X It is argued that formal verifications of programs, no matter how obtained,
not play the same key role in the development of computer science and
software engineering as proofs do in mathematics.  Furthermore, the absence
of continuity, the inevitability of change, and the complexity of
specification of significantly many real programs make the formal
verification process difficult to justify and manage.  It is felt that ease
of formal verification should not dominate program language design.

%A James H. Fetzer
%T Program Verification: the Very Idea
%J Communications of the ACM
%V 31(9)
%P 1048-1063
%I ACM
%D September 1988
%K program verification, formal mathematics, specification
%X The notion of program verification appears to trade upon the equivocation
Algorithms, as logical structures, are appropriate subjects for deductive
verification.  Programs as casual models of those structures are not.
The success of program verification as a generally applicable and
completely reliable method for guaranteeing program performance is not even
a theoretical possibility.

%A Larry Paulson
%T A Higher Order Implementation of Rewriting
%J Science of Computer Programming
%V 3
%P 119-149
%I North-Holland
%D 1983
%K LCF, higher order, rewriting
%X Many automatic theorem provers rely on rewriting.  Using theorems as
rewrite rules helps to simplify the subgoals that arise during a proof.
The approach involves programming with higher-order functions.  Rewriting
functions are data values, produced by computation on other rewriting
functions.


%A Peter B. Andrews
%T An Introduction to Mathematical Logic and Type Theory: To Truth through Proof
%I Academic Press
%D 1986
%K higher-order logic, predicate logic, type theory
%X A mathematical introduction to type theory, predicate and higher-order logic

%A Mike Gordon
%T Why Higher Order Logic is a Good Formalism for Specifying and Verifying Hardware
%J Formal Aspects of VLSI Design
%I Elsevier Scientific Publishers
%D 1986
%K higher-order logic, HOL, verification, hardware
%X Introduction to the proof methodology used in HOL and the HOL system.

%A W. F. Clocksin
%T Logic Programming and Digital Circuit Analysis
%J The Journal of Logic Programming
%V 4
%P 59-82
%D 1987
%K Prolog, logic design, hardware verification
%X Uses of Prolog in the design and specification of hardware.

%A Joseph A. Gougen
%T OBJ as a Theorem Prover with Applications to Hardware Verification
%J SRI International, Computer Science Lab Technical Report SRI-CSL-88-4R2
%D 1988
%K OBJ3, theorem proving, verification, hardware
%X Another in the "OBJ as a..." series.  Discusses the use of algebreic
rewriting in a theorem proving system and gives some simple hardware
verifications.

%A Mike Gordon
%T A Proof Generating System for Higher-Order Logic
%J University of Cambridge Computer Laboratory Technical Report No. 103
%D 1987
%K HOL, higher-order logic, hardware verification
%X Description of the theory behind HOL and how it can be used in
hardware verification.

%A Jeffery Joyce
%T Using Higher-Order Logic to Specify Computer Hardware and Architecture
%J Proceedings of the IFIP TC10 Working Conference on Design Methodology in VLSI and Computer Architecture
%I North-Holland
%C Amsterdam
%D 1988
%K specification, verification, hardware
%X The specification and verification of computer hardware using HOL.

%A Avra Cohn
%T A Proof of Correctness of the VIPER Microprocessor: The First Level
%J VLSI Specification, Verification, and Synthesis
%I Kluwer Academic Publishers
%C Boston
%D 1988
%K VIPER, hardware verification
%X The proof of correctness of the VIPER state machine is presented.

%A Jeffery J. Joyce
%T Formal Verification and Implementation of a Microprocessor
%J VLSI Specification, Verification, and Synthesis
%I Kluwer Academic Publishers
%C Boston
%D 1988
%K microprocessor, verification, specification
%X Presents an overview of the specification and verification of the
Tamarak microprocessor.

%A Albert Camilleri
%T Executing Behavioral Definitions in Higher-Order Logic
%J University of Cambridge Computer Laboratory Technical Report No. 140
%D 1988
%K higher-order logic, execution, validation, specification
%X Presents a method for executing specifications expressed in higher-order logic.
The methods uses translation of HOL specifications into ML functions.


%A Victoria Stavridou
%A Howard Barringer
%A Doug Edwards
%T Formal Specification and Verification of Hardware: A Case Study
%J University of Manchester Department of Computer Science Technical Report UMCS-87-11-1
%D 1987
%K specification, verification, hardware
%X A case study of formal methods in hardware verification and specification.



