Coquet: A Coq Library for Verifying Hardware

Braibant, Thomas

doi:10.1007/978-3-642-25379-9_24

Cited by 18 publications

(10 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Formal verification using proof assistant is very tedious and requires expertise; however, many researchers have recently used proof assistants to build formal languages and frameworks for hardware verification [49][50][51][52][53]. Proof assistants include benefits of both manual and automated theorem provers and are more powerful and expressive [50].…”

Section: Evaluation and Discussionmentioning

confidence: 99%

Formal Verification of Hardware Components in Critical Systems

Khan

Kamran

Naqvi

et al. 2020

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

Hardware components, such as memory and arithmetic units, are integral part of every computer-controlled system, for example, Unmanned Aerial Vehicles (UAVs). The fundamental requirement of these hardware components is that they must behave as desired; otherwise, the whole system built upon them may fail. To determine whether or not a component is behaving adequately, the desired behaviour of the component is often specified in the Boolean algebra. Boolean algebra is one of the most widely used mathematical tools to analyse hardware components represented at gate level using Boolean functions. To ensure reliable computer-controlled system design, simulation and testing methods are commonly used to detect faults; however, such methods do not ensure absence of faults. In critical systems’ design, such as UAVs, the simulation-based techniques are often augmented with mathematical tools and techniques to prove stronger properties, for example, absence of faults, in the early stages of the system design. In this paper, we define a lightweight mathematical framework in computer-based theorem prover Coq for describing and reasoning about Boolean algebra and hardware components (logic circuits) modelled as Boolean functions. To demonstrate the usefulness of the framework, we (1) define and prove the correctness of principle of duality mechanically using a computer tool and all basic theorems of Boolean algebra, (2) formally define the algebraic manipulation (step-by-step procedure of proving functional equivalence of functions) used in Boolean function simplification, and (3) verify functional correctness and reliability properties of two hardware components. The major advantage of using mechanical theorem provers is that the correctness of all definitions and proofs can be checked mechanically using the type checker and proof checker facilities of the proof assistant Coq.

show abstract

Section: Evaluation and Discussionmentioning

confidence: 99%

Formal Verification of Hardware Components in Critical Systems

Khan

Kamran

Naqvi

et al. 2020

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

show abstract

“…Unfortunately, such a model is a prerequisite to verify a computing platform in terms of architectural attacks. The Coq proof assistant [14] has proven to be effective to model specific hardware components [15,16,13,17]. It provides a rich specification language, tools to write machine-checked proofs and a mechanism to derive executable programs to experimentally validate models.…”

Section: Fig 1: Idealized X86 Computing Platformmentioning

confidence: 99%

Modular Verification of Programs with Effects and Effect Handlers in Coq

et al. 2018

View full text Add to dashboard Cite

Modern computing systems have grown in complexity, and the attack surface has increased accordingly. Even though system components are generally carefully designed and even verified by different groups of people, the composition of these components is often regarded with less attention. This paves the way for "architectural attacks", a class of security vulnerabilities where the attacker is able to threaten the security of the system even if each of its components continues to act as expected. In this article, we introduce FreeSpec, a formalism built upon the key idea that components can be modelled as programs with algebraic effects to be realized by other components. FreeSpec allows for the modular modelling of a complex system, by defining idealized components connected together, and the modular verification of the properties of their composition. In addition, we have implemented a framework for the Coq proof assistant based on FreeSpec. OSApp Execution Unit MMU Cache APIC IOMMU MCH Management Engine DRAM Controller VGA Controller SENTER Sandman [6], SpeedRacer [5] SMRAM cache poisoning [2,3] DMA Attacks [7] Sinkhole [4]

show abstract

“…In λπ-Ware, however, we can perform inductive verification of our circuits. Existing embeddings in most theorem provers, such as Coquet (Braibant 2011) and Π -Ware (Pizani Flor et al 2016), have a more limited treatment of variable scoping and types. More recent work by Choi et al (2017) is higher level, but sacrifices the ability to be simulated directly (using denotational semantics) in the theorem prover.…”

Section: Related Workmentioning

confidence: 99%

“…Also interactive theorem proving and programming with dependent types have been fruitfully used to support hardware verification efforts, with some based on HOL (Melham 1993;Boulton et al 1992), some on Coq (Braibant 2011;Braibant and Chlipala 2013) and some on Martin-Löf Type Theory (Brady et al 2007) Following this line of research, we utilize a dependently-typed programming language (Agda) as the host of our hardware EDSL, for its proving capabilities and convenience of embedding.…”

Section: Introductionmentioning

confidence: 99%

Verified Timing Transformations in Synchronous Circuits with $$\lambda \pi $$ -Ware

Flor

Swierstra

2018

Interactive Theorem Proving

View full text Add to dashboard Cite

Abstract. We define a DSL for hardware description, called λπ-Ware, embedded in the dependently-typed language Agda, which makes the DSL well-scoped and well-typed by construction. Other advantages of dependent types are that circuit models can be simulated and verified in the same language, and properties can be proven not only of specific circuits, but of circuit generators describing (infinite) families of circuits. This paper focuses on the relations between circuits computing the same values, but with different levels of statefulness. We define common recursion schemes, in combinational and sequential versions, and express known circuits using these recursion patterns. Finally, we define a notion of convertibility between circuits with different levels of statefulness, and prove the core convertibility property between the combinational and sequential versions of our vector iteration primitive. Circuits defined using the recursion schemes can thus have different architectures with a guarantee of functional equivalence up to timing.

show abstract

Coquet: A Coq Library for Verifying Hardware

Cited by 18 publications

References 15 publications

Formal Verification of Hardware Components in Critical Systems

Formal Verification of Hardware Components in Critical Systems

Modular Verification of Programs with Effects and Effect Handlers in Coq

Verified Timing Transformations in Synchronous Circuits with $$\lambda \pi $$ -Ware

Contact Info

Product

Resources

About