Formal Verification of Hardware Components in Critical Systems

<table class="algorithm-group"><tr><td><table class="algorithm" id="alg1"><tr><td>(1)</td><td>Inductive Nat : Type :=</td></tr><tr><td>(2)</td><td> |O : Nat</td></tr><tr><td>(3)</td><td> |Succ : Nat ⟶ Nat.</td></tr><tr><td>(4)</td><td>Fixpoint Add (n m: Nat) : Nat :=</td></tr><tr><td>(5)</td><td>match n with</td></tr><tr><td>(6)</td><td> |O ⟹ m</td></tr><tr><td>(7)</td><td> |Succ <svg height="11.4859pt" id="M1" style="vertical-align:-0.04979992pt" version="1.1" viewbox="-0.0498162 -11.4361 11.0328 11.4859" width="11.0328pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M524 0V26C466 32 460 36 460 104V297C460 393 411 449 331 449C302 449 276 437 248 419C223 402 201 387 181 372V451C137 432 90 420 42 411V388C96 378 102 374 102 310V104C102 38 97 33 29 26V0H246V26C187 32 181 36 181 104V339C211 365 250 390 290 390C357 390 381 345 381 276V109C381 40 374 32 315 26V0H524Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,7.138,-5.741)"><path d="M310 541L304 571C290 586 211 619 185 610L80 76L131 52L310 541Z"></path></g></svg> ⟹ S (Add <svg height="11.4859pt" id="M2" style="vertical-align:-0.04979992pt" version="1.1" viewbox="-0.0498162 -11.4361 11.0328 11.4859" width="11.0328pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M524 0V26C466 32 460 36 460 104V297C460 393 411 449 331 449C302 449 276 437 248 419C223 402 201 387 181 372V451C137 432 90 420 42 411V388C96 378 102 374 102 310V104C102 38 97 33 29 26V0H246V26C187 32 181 36 181 104V339C211 365 250 390 290 390C357 390 381 345 381 276V109C381 40 374 32 315 26V0H524Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,7.138,-5.741)"><path d="M310 541L304 571C290 586 211 619 185 610L80 76L131 52L310 541Z"></path></g></svg> m)</td></tr><tr><td>(8)</td><td>end.</td></tr><tr><td>(9)</td><td>Lemma Add_N_O: <svg height="8.58131pt" id="M3" style="vertical-align:-0.04981041pt" version="1.1" viewbox="-0.0498162 -8.5315 7.57657 8.58131" width="7.57657pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M563 650H502L416 416H157L71 650H10L256 -15H317L563 650ZM397 366L287 68H286L176 366H397Z"></path></g></svg> n:Nat, Add n O = n.</td></tr><tr><td>(10)</td><td>Proof.</td></tr><tr><td>(11)</td><td> induction n.</td></tr><tr><td>(12)</td><td> (<svg height="6.01072pt" id="M4" style="vertical-align:-0.04980993pt" version="1.1" viewbox="-0.0498162 -5.96091 7.75925 6.01072" width="7.75925pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M471 153C471 170 463 194 452 212C400 220 373 229 322 255C373 281 400 290 452 298C463 316 471 339 471 357C456 366 431 371 410 370C377 329 356 310 308 279C311 336 317 364 336 413C326 432 310 451 294 459C279 451 262 432 252 413C271 364 277 336 280 279C232 310 211 329 178 370C157 371 132 367 117 357C117 340 125 316 136 298C188 290 215 281 266 255C215 229 188 220 136 212C125 194 117 171 117 153C132 144 157 139 178 140C211 181 232 200 280 231C277 174 271 146 252 97C262 78 278 59 294 51C309 59 326 78 336 97C317 146 311 174 308 231C356 200 377 181 410 140C431 139 456 143 471 153Z"></path></g></svg>CASE 1: n is O<span class="nowrap"><svg height="6.01072pt" id="M5" style="vertical-align:-0.04980993pt" version="1.1" viewbox="-0.0498162 -5.96091 7.75925 6.01072" width="7.75925pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M471 153C471 170 463 194 452 212C400 220 373 229 322 255C373 281 400 290 452 298C463 316 471 339 471 357C456 366 431 371 410 370C377 329 356 310 308 279C311 336 317 364 336 413C326 432 310 451 294 459C279 451 262 432 252 413C271 364 277 336 280 279C232 310 211 329 178 370C157 371 132 367 117 357C117 340 125 316 136 298C188 290 215 281 266 255C215 229 188 220 136 212C125 194 117 171 117 153C132 144 157 139 178 140C211 181 232 200 280 231C277 174 271 146 252 97C262 78 278 59 294 51C309 59 326 78 336 97C317 146 311 174 308 231C356 200 377 181 410 140C431 139 456 143 471 153Z"></path></g></svg>)</span></td></tr><tr><td>(13)</td><td>  reflexivity.</td></tr><tr><td>(14)</td><td> (<svg height="6.01072pt" id="M6" style="vertical-align:-0.04980993pt" version="1.1" viewbox="-0.0498162 -5.96091 7.75925 6.01072" width="7.75925pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M471 153C471 170 463 194 452 212C400 220 373 229 322 255C373 281 400 290 452 298C463 316 471 339 471 357C456 366 431 371 410 370C377 329 356 310 308 279C311 336 317 364 336 413C326 432 310 451 294 459C279 451 262 432 252 413C271 364 277 336 280 279C232 310 211 329 178 370C157 371 132 367 117 357C117 340 125 316 136 298C188 290 215 281 266 255C215 229 188 220 136 212C125 194 117 171 117 153C132 144 157 139 178 140C211 181 232 200 280 231C277 174 271 146 252 97C262 78 278 59 294 51C309 59 326 78 336 97C317 146 311 174 308 231C356 200 377 181 410 140C431 139 456 143 471 153Z"></path></g></svg>CASE 2: n is (S n)<span class="nowrap"><svg height="6.01072pt" id="M7" style="vertical-align:-0.04980993pt" version="1.1" viewbox="-0.0498162 -5.96091 7.75925 6.01072" width="7.75925pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M471 153C471 170 463 194 452 212C400 220 373 229 322 255C373 281 400 290 452 298C463 316 471 339 471 357C456 366 431 371 410 370C377 329 356 310 308 279C311 336 317 364 336 413C326 432 310 451 294 459C279 451 262 432 252 413C271 364 277 336 280 279C232 310 211 329 178 370C157 371 132 367 117 357C117 340 125 316 136 298C188 290 215 281 266 255C215 229 188 220 136 212C125 194 117 171 117 153C132 144 157 139 178 140C211 181 232 200 280 231C277 174 271 146 252 97C262 78 278 59 294 51C309 59 326 78 336 97C317 146 311 174 308 231C356 200 377 181 410 140C431 139 456 143 471 153Z"></path></g></svg>)</span></td></tr><tr><td>(15)</td><td>  simpl. rewrite IHn. auto.</td></tr><tr><td>(16)</td><td>Qed.</td></tr></table></td></tr></table>

<div> Example of interactive formal proof in Coq.</div>

Wireless Communications and Mobile Computing

alg1

Listing 1

Listing 1: Formal Verification of Hardware Components in Critical Systems 