A compositional rule for hardware design refinement

  • K. L. McMillan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1254)


We present an approach to designing verified digital systems by a sequence of small local refinements. Refinements in this approach are not limited to a library of predefined transformations for which theorems have been previously established. Rather, the approach relies on localizing the refinement steps in such a way that they can be verified efficiently by model checking. Toward this end, a compositional rule is proposed by which each design refinement may be verified independently, in an abstract environment. This rule supports the use of downward refinement maps, which translate abstract behavior detailed behavior. These maps may involve temporal transformations, including delay. The approach is supported by a verification tool based on symbolic model checking.


Model Check Temporal Logic Internal Signal Original Specification Abstract Specification 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [AH96]
    R. Alur and T. A. Henzinger. Reactive modules. In 11th annual IEEE symp. Logic in Computer Science (LICS '96), 1996.Google Scholar
  2. [BB94]
    D. L. Beatty and R. E. Bryant. Formally verifying a microprocessor using a simulation methodology. In 31st Design Automation Conference, pages 596–602, 1994.Google Scholar
  3. [BD94]
    J. R. Burch and D. L. Dill. Automatic verification of pipelined microprocessor control. In D. L. Dill, editor, Conf. Computer-Aided Verification (CAV '94), volume 818 of LNCS. Springer-Verlag, 1994.Google Scholar
  4. [BF89]
    S. Bose and A. Fisher. Verifying pipelined hardware using symbolic logic simulation. In IEEE International Conference on Computer Design, 1989.Google Scholar
  5. [Cyr96]
    D. Cyrluk. Inverting the abstraction mapping: a methodology for hardware verification. In M. Srivas and A. Camilleri, editors, Formal Methods in Computer-Aided Design (FMCAD '96), volume 1166 of LNCS. Springer-Verlag, 1996.Google Scholar
  6. [GL94]
    O. Grümberg and D. E. Long. Model checking and modular verification. ACM Trans. Programming Languages and Systems, 16(3):843–871, 1994.Google Scholar
  7. [JDB95]
    R. B. Jones, D. L. Dill, and J. R. Burch. Efficient validity checking for processor verification. In IEEE/ACM Int. Conf. on Computer Aided Design (ICCAD '95), 1995.Google Scholar
  8. [Kur87]
    R. P. Kurshan. Reducibility in analysis of coordination. In LNCS, volume 103, pages 19–39. Springer-Verlag, 1987.Google Scholar
  9. [Kur94]
    R. P. Kurshan. Computer-Aided Verification of Coordinating Processes. Princeton, 1994.Google Scholar
  10. [Lam83]
    L. Lamport. Specifying concurrent program modules. ACM Trans. Programming Languages and Systems, 5:190–222, 1983.Google Scholar
  11. [McM93]
    K. L. McMillan. Symbolic Model Checking. Kluwer, 1993.Google Scholar
  12. [Pnu85]
    A. Pnueli. In transition from global to modular temporal reasoning about programs. In K. Apt, editor, Logics and Models of Concurrent Systems, pages 123–144. Springer-Verlag, 1985.Google Scholar
  13. [Wol83]
    P. Wolper. Temporal logic can be more expressive. Information and Control, 56:72–99, 1983.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1997

Authors and Affiliations

  • K. L. McMillan
    • 1
  1. 1.Cadence Berkeley LabsBerkeley

Personalised recommendations