This document provides an overview of formal hardware verification approaches, including theorem proving and model checking. It discusses specific theorem proving systems like Nqthm, LCF, HOL, and their underlying logics and inference rules. Examples are given of specifying and verifying an AND gate implementation in HOL. More information is provided on obtaining Nqthm, HOL, and related tools and publications.
Asynchronous Stochastic Optimization, New Analysis and AlgorithmsFabian Pedregosa
As datasets continue to increase in size and multi-core computer architectures are developed, asynchronous parallel optimization algorithms become more and more essential to the field of Machine Learning. In this talk I will describe two of our recent contributions to this topic. First, we highlight an important technical issue present in a large fraction of the recent convergence proofs for asynchronous parallel optimization algorithms and propose a new framework that resolves it [1]. Second, we propose a novel asynchronous variant of SAGA, a stochastic method that combines the low cost per iteration of SGD with the fast convergence rates of gradient descent [2]
[1] Leblond, R., Pedregosa, F., & Lacoste-Julien, S. (2018). Improved asynchronous parallel optimization analysis for stochastic incremental methods. arXiv:1801.03749, https://arxiv.org/pdf/1801.03749.pdf
[2] Pedregosa, F., Leblond, R., & Lacoste-Julien, S. (2017). Breaking the Nonsmooth Barrier: A Scalable Parallel Method for Composite Optimization. In Advances in Neural Information Processing Systems, http://papers.nips.cc/paper/6611-breaking-the-nonsmooth-barrier-a-scalable-parallel-method-for-composite-optimization.pdf
To describe the dynamics taking place in networks that structurally change over time, we propose an approach to search for attributes whose value changes impact the topology of the graph. In several applications, it appears that the variations of a group of attributes are often followed by some structural changes in the graph that one may assume they generate. We formalize the triggering pattern discovery problem as a method jointly rooted in sequence mining and graph analysis. We apply our approach on three real-world dynamic graphs of different natures - a co-authoring network, an airline network, and a social bookmarking system - assessing the relevancy of the triggering pattern mining approach.
Event description:
Why Tangent Works chooses Julia: The Two Language Problem
TIM: Automatic Model Building for Energy Industry
Julia and its major differences to other technical computing languages (R, Matlab, ...)
- Why is vectorized code fast?
- Why is it not as fast as it could be?
Speaker:
Ján Dolinský, Tangent Works (www.tangent.works)
Language of the event: Julia, Slovak & English
------------------------------------
PyData Bratislava [Python Data Enthusiasts and Users, Data Scientists & Statisticians of all levels from Slovakia]
------------------------------------
--
This meetup group is for Data Scientists, Statisticians, Economists and Data Enthusiasts using Python for data analysis and data visualization. The goals are to provide Python enthusiasts a place to share ideas and learn from each other about how best to apply the language and tools to ever-evolving challenges in the vast realm of data management, processing, analytics, and visualization.
--
PyData is a group for users and developers of data analysis tools to share ideas and learn from each other. We gather to discuss how best to apply Python tools, as well as those using R and Julia, to meet the evolving challenges in data management, processing, analytics, and visualization. PyData groups, events, and conferences aim to provide a venue for users acrossall the various domains of data analysis to share their experiences and their techniques. PyData is organized by NumFOCUS.org, a 501(c)3 non-profit in the United States.
------------------------------------
Our Facebook group here: https://www.facebook.com/groups/1813599648877946/
Our Twitter account here: https://twitter.com/PyDataBA
Our LinkedIn group here: https://www.linkedin.com/groups/13506080
All materials from previous meetups on GitHub here: https://github.com/GapData/PyDataBratislava
Recordings of previous meetups on our YouTube here: https://www.youtube.com/watch?v=XYpKpmapqjI&list=PLISV6olKXnd9pE-KPtPgwwLe6qPXvb9K7
------------------------------------
Organizers:
GapData Institute (https://www.gapdata.org/) (GDI) is a nonprofit nonpartisan research institution harnessing power of data & wisdom of economics for public good.
|| Data. Think. Change. ||
--
NumFOCUS (http://www.numfocus.org/) is a 501(c)(3) nonprofit that supports and promotes world-class, innovative, open source scientific computing. The mission of NumFOCUS is to promote sustainable high-level programming languages, open code development, and reproducible scientific research. We accomplish this mission through our educational programs and events as well as through fiscal sponsorship of open source data science projects. We aim to increase collaboration and communication within the scientific computing community.
Temporal logic and functional reactive programmingSergei Winitzki
In my day job, most bugs come from imperatively implemented reactive programs. Temporal Logic and FRP are declarative approaches that promise to solve my problems. I will briey review the motivations behind
and the connections between temporal logic and FRP. I propose a rather "pedestrian" approach to propositional linear-time temporal logic (LTL), showing how to perform calculations in LTL and how to synthesize programs from LTL formulas. I intend to explain why LTL largely failed to
solve the synthesis problem, and how FRP tries to cope.
FRP can be formulated as a -calculus with types given by the propositional intuitionistic LTL. I will discuss the limitations of this approach, and outline the features of FRP that are required by typical application programming scenarios. My talk will be largely self-contained and should be understandable to anyone familiar with Curry-Howard and functional programming.
EuroPython 2017 - PyData - Deep Learning your Broadband Network @ HOMEHONGJOO LEE
45 min talk about collecting home network performance measures, analyzing and forecasting time series data, and building anomaly detection system.
In this talk, we will go through the whole process of data mining and knowledge discovery. Firstly we write a script to run speed test periodically and log the metric. Then we parse the log data and convert them into a time series and visualize the data for a certain period.
Next we conduct some data analysis; finding trends, forecasting, and detecting anomalous data. There will be several statistic or deep learning techniques used for the analysis; ARIMA (Autoregressive Integrated Moving Average), LSTM (Long Short Term Memory).
Asynchronous Stochastic Optimization, New Analysis and AlgorithmsFabian Pedregosa
As datasets continue to increase in size and multi-core computer architectures are developed, asynchronous parallel optimization algorithms become more and more essential to the field of Machine Learning. In this talk I will describe two of our recent contributions to this topic. First, we highlight an important technical issue present in a large fraction of the recent convergence proofs for asynchronous parallel optimization algorithms and propose a new framework that resolves it [1]. Second, we propose a novel asynchronous variant of SAGA, a stochastic method that combines the low cost per iteration of SGD with the fast convergence rates of gradient descent [2]
[1] Leblond, R., Pedregosa, F., & Lacoste-Julien, S. (2018). Improved asynchronous parallel optimization analysis for stochastic incremental methods. arXiv:1801.03749, https://arxiv.org/pdf/1801.03749.pdf
[2] Pedregosa, F., Leblond, R., & Lacoste-Julien, S. (2017). Breaking the Nonsmooth Barrier: A Scalable Parallel Method for Composite Optimization. In Advances in Neural Information Processing Systems, http://papers.nips.cc/paper/6611-breaking-the-nonsmooth-barrier-a-scalable-parallel-method-for-composite-optimization.pdf
To describe the dynamics taking place in networks that structurally change over time, we propose an approach to search for attributes whose value changes impact the topology of the graph. In several applications, it appears that the variations of a group of attributes are often followed by some structural changes in the graph that one may assume they generate. We formalize the triggering pattern discovery problem as a method jointly rooted in sequence mining and graph analysis. We apply our approach on three real-world dynamic graphs of different natures - a co-authoring network, an airline network, and a social bookmarking system - assessing the relevancy of the triggering pattern mining approach.
Event description:
Why Tangent Works chooses Julia: The Two Language Problem
TIM: Automatic Model Building for Energy Industry
Julia and its major differences to other technical computing languages (R, Matlab, ...)
- Why is vectorized code fast?
- Why is it not as fast as it could be?
Speaker:
Ján Dolinský, Tangent Works (www.tangent.works)
Language of the event: Julia, Slovak & English
------------------------------------
PyData Bratislava [Python Data Enthusiasts and Users, Data Scientists & Statisticians of all levels from Slovakia]
------------------------------------
--
This meetup group is for Data Scientists, Statisticians, Economists and Data Enthusiasts using Python for data analysis and data visualization. The goals are to provide Python enthusiasts a place to share ideas and learn from each other about how best to apply the language and tools to ever-evolving challenges in the vast realm of data management, processing, analytics, and visualization.
--
PyData is a group for users and developers of data analysis tools to share ideas and learn from each other. We gather to discuss how best to apply Python tools, as well as those using R and Julia, to meet the evolving challenges in data management, processing, analytics, and visualization. PyData groups, events, and conferences aim to provide a venue for users acrossall the various domains of data analysis to share their experiences and their techniques. PyData is organized by NumFOCUS.org, a 501(c)3 non-profit in the United States.
------------------------------------
Our Facebook group here: https://www.facebook.com/groups/1813599648877946/
Our Twitter account here: https://twitter.com/PyDataBA
Our LinkedIn group here: https://www.linkedin.com/groups/13506080
All materials from previous meetups on GitHub here: https://github.com/GapData/PyDataBratislava
Recordings of previous meetups on our YouTube here: https://www.youtube.com/watch?v=XYpKpmapqjI&list=PLISV6olKXnd9pE-KPtPgwwLe6qPXvb9K7
------------------------------------
Organizers:
GapData Institute (https://www.gapdata.org/) (GDI) is a nonprofit nonpartisan research institution harnessing power of data & wisdom of economics for public good.
|| Data. Think. Change. ||
--
NumFOCUS (http://www.numfocus.org/) is a 501(c)(3) nonprofit that supports and promotes world-class, innovative, open source scientific computing. The mission of NumFOCUS is to promote sustainable high-level programming languages, open code development, and reproducible scientific research. We accomplish this mission through our educational programs and events as well as through fiscal sponsorship of open source data science projects. We aim to increase collaboration and communication within the scientific computing community.
Temporal logic and functional reactive programmingSergei Winitzki
In my day job, most bugs come from imperatively implemented reactive programs. Temporal Logic and FRP are declarative approaches that promise to solve my problems. I will briey review the motivations behind
and the connections between temporal logic and FRP. I propose a rather "pedestrian" approach to propositional linear-time temporal logic (LTL), showing how to perform calculations in LTL and how to synthesize programs from LTL formulas. I intend to explain why LTL largely failed to
solve the synthesis problem, and how FRP tries to cope.
FRP can be formulated as a -calculus with types given by the propositional intuitionistic LTL. I will discuss the limitations of this approach, and outline the features of FRP that are required by typical application programming scenarios. My talk will be largely self-contained and should be understandable to anyone familiar with Curry-Howard and functional programming.
EuroPython 2017 - PyData - Deep Learning your Broadband Network @ HOMEHONGJOO LEE
45 min talk about collecting home network performance measures, analyzing and forecasting time series data, and building anomaly detection system.
In this talk, we will go through the whole process of data mining and knowledge discovery. Firstly we write a script to run speed test periodically and log the metric. Then we parse the log data and convert them into a time series and visualize the data for a certain period.
Next we conduct some data analysis; finding trends, forecasting, and detecting anomalous data. There will be several statistic or deep learning techniques used for the analysis; ARIMA (Autoregressive Integrated Moving Average), LSTM (Long Short Term Memory).
A Unifying Review of Gaussian Linear Models (Roweis 1999)Feynman Liang
Through a linear Gaussian process, we can unify a family of Gaussian linear models including Factor Analysis, PCA, Kalman Filters, Mixture of Gaussians, and Hidden Markov Models.
Introduction to Max-SAT and Max-SAT EvaluationMasahiro Sakai
The slides for my talk on Feb. 27 2014 at ZIB.
Abstract:
Maximum Satisfiability (Max-SAT) and its weighted variants are optimization extension of Boolean Satisfiability (SAT), and it is interesting that technologies from both AI/CP community and OR community are employed to solve Max-SAT problems.
In this talk, I present brief introduction of SAT/Max-SAT problems, some of solving approaches, and my experience of submitting SCIP and my own SAT-based solver "toysat" to the Max-SAT Evaluation 2013; the annual Max-SAT solver competition. After that, I would like to have a discussion on submitting SCIP to the upcoming Max-SAT Evaluation 2014.
Full tutorial to start with OpenFOAM: run tutorials, adapt tutorials, single phase flow, immiscible two-phase flow, grid complex geometries, program equations.
A Unifying Review of Gaussian Linear Models (Roweis 1999)Feynman Liang
Through a linear Gaussian process, we can unify a family of Gaussian linear models including Factor Analysis, PCA, Kalman Filters, Mixture of Gaussians, and Hidden Markov Models.
Introduction to Max-SAT and Max-SAT EvaluationMasahiro Sakai
The slides for my talk on Feb. 27 2014 at ZIB.
Abstract:
Maximum Satisfiability (Max-SAT) and its weighted variants are optimization extension of Boolean Satisfiability (SAT), and it is interesting that technologies from both AI/CP community and OR community are employed to solve Max-SAT problems.
In this talk, I present brief introduction of SAT/Max-SAT problems, some of solving approaches, and my experience of submitting SCIP and my own SAT-based solver "toysat" to the Max-SAT Evaluation 2013; the annual Max-SAT solver competition. After that, I would like to have a discussion on submitting SCIP to the upcoming Max-SAT Evaluation 2014.
Full tutorial to start with OpenFOAM: run tutorials, adapt tutorials, single phase flow, immiscible two-phase flow, grid complex geometries, program equations.
Those slides describe digital design using Verilog HDL,
starting with Design methodologies for any digital circuit then difference between s/w (C/C++) and H/w (Verilog) and the most important constructs that let us start hardware design using Verilog HDL.
The presentation is dedicated to advantages and disadvantages of FPGA (Field-Programmable Gate Array): its construction and speed features, as well as security elements. It also deals with such issues as new devices synthesis and expanding the existing hardware functionality, realisation of microprocessors for specialized tasks, as well as OpenCL, a system for parallel calculations.
This presentation by Andriy Smolskyy (Lead Software Engineer, GlobalLogic) was delivered at Embedded TechTalk Lviv on June 17, 2015.
Lecture 1 from https://irdta.eu/deeplearn/2022su/
Covers concepts from Part 1 of my new book, https://meyn.ece.ufl.edu/2021/08/01/control-systems-and-reinforcement-learning/
Automated commonsense reasoning (CR) is essential for building human-like AI systems featur- ing, for example, explainable AI. Event calculus (EC) is a family of formalisms that model CR with a sound, logical basis. Previous attempts to mechanize reasoning using EC faced difficulties in the treatment of the continuous change in dense domains (e.g. time and other physical quantities), constraints among variables, default negation, and the uniform application of different inference methods, among others. We propose the use of s(CASP), a query-driven, top-down execution model for Predicate Answer Set Programming with Constraints, to model and reason using EC. We show how EC scenarios can be naturally and directly encoded in s(CASP) and how it enables deductive and abductive reasoning tasks in domains featuring constraints involving both dense time and dense fluents.
Provenance for Data Munging EnvironmentsPaul Groth
Data munging is a crucial task across domains ranging from drug discovery and policy studies to data science. Indeed, it has been reported that data munging accounts for 60% of the time spent in data analysis. Because data munging involves a wide variety of tasks using data from multiple sources, it often becomes difficult to understand how a cleaned dataset was actually produced (i.e. its provenance). In this talk, I discuss our recent work on tracking data provenance within desktop systems, which addresses problems of efficient and fine grained capture. I also describe our work on scalable provence tracking within a triple store/graph database that supports messy web data. Finally, I briefly touch on whether we will move from adhoc data munging approaches to more declarative knowledge representation languages such as Probabilistic Soft Logic.
Presented at Information Sciences Institute - August 13, 2015
Seminar giving an overview of quantum programming languages, given in the Programming Languages Group at the University of Waterloo in 2006. [Updated with name change]
A package system for maintaining large model distributions in vle softwareDaniele Gianni
Presentation delivered at the 3rd IEEE Track on
Collaborative Modeling & Simulation - CoMetS'12.
Please see http://www.sel.uniroma2.it/comets12/ for further details.
Modern machine learning methods that could be useful for particle physics.
Personal summary of the "Connecting the dots 2015" conference at Berkeley lab and ideas for what particle physics could try.
Neural ODEs - A state-of-the-art Deep Learning approach to process time serie...Fabian Hadiji
This talk was given at the Cologne AI and Machine Learning Meetup on April 13, 2023 (https://www.meetup.com/de-DE/cologne-ai-and-machine-learning-meetup/events/291513393/) by Philipp Wendland, PhD Student at Koblenz University of Applied Sciences, Group of Prof. Dr. Maik Kschischo: Neural ODEs - A state-of-the-art Deep Learning approach to process time series data
Neural ODEs are a hybrid deep learning approach based on modelling the dynamic of hidden layers of a neural network in a continuous fashion as an Ordinary Differential Equation (ODE). Due to its continuous nature and promising performance Neural ODEs are a state-of-the-art approach to process (unevenly sampled) multivariate time-series data. Further promising and succesful applications of the Neural ODEs are image classifications, density estimation with continuous normalizing flows and the creation of multi-state survival models. In this talk we want to introduce the general framework of Neural ODEs with a particular focus on its applications to patient data. We will present our extension the so-called Multimodel Neural ODEs to generate highly realistic synthetic patient data based on both static and continuous covariates.
Chap 8. Optimization for training deep modelsYoung-Geun Choi
연구실 내부 세미나 자료. Goodfellow et al. (2016), Deep Learning, MIT Press의 Chapter 8을 요약/발췌하였습니다. 깊은 신경망(deep neural network) 모형 훈련시 목적함수 최적화 방법으로 흔히 사용되는 방법들을 소개합니다.
Presentation given at RSDA 2014, Naples, November 3 2014, co-located with ISSRE 2014. The full paper is at
http://www.researchgate.net/publication/265596185_Avoiding_Hardware_Aliasing_Verifying_RISC_Machine_and_Assembly_Code_for_Encrypted_Computing .
Empirical Patterns in Google Scholar Citation Counts (CyberPatterns 2014)Peter Breuer
Presentation given at CyberPatterns 2014, Oxford, April 7 2014. The full paper is at https://www.researchgate.net/profile/Peter_Breuer2/publication/259624940_Empirical_Patterns_in_Google_Scholar_Citation_Counts/file/60b7d52d0d654c3294.pdf .
Certifying (RISC) Machine Code Safe from Aliasing (OpenCert 2013)Peter Breuer
Slide presentation for Certifying (RISC) Machine Code Safe from Aliasing, presented at OpenCert 2013, Madrid. See http://www.academia.edu/3244313/Certifying_Machine_Code_Safe_from_Hardware_Aliasing_RISC_is_not_necessarily_risky.
A Semantic Model for VHDL-AMS (CHARME '97)Peter Breuer
Slides for paper "A Semantic Model for VHDL-AMS", given at CHARME, Montreal, Canada, October 1997. The paper is published in pages 106-126 of "Advances in Hardware Design and Verification", IFIP/Chapman and Hall, 1997. A preprint is available at http://www.academia.edu/1413563/A_semantic_model_for_VHDL-AMS .
The mixed-signal modelling language VHDL-AMS and its semantics (ICNACSA 1999)Peter Breuer
Slides for the paper "The mixed-signal modelling language VHDL-AMS and its semantics", given at 8th International Colloquium NACSA, Plovidiv, Bulgaria, August 1999. A preprint of the paper is available at http://www.academia.edu/2493489/Denotational_semantics_for_core_VHDL-AMS .
Higher Order Applicative XML (Monterey 2002)Peter Breuer
Slides for the paper "Higher Order Applicative XML", given at the Workshop on Radical Innovations of Software and Systems Engineering in the Future, Venice, Italy, October 2002. Published in Springer LNCS 2941, pages 91-107. The Springer URL is http://link.springer.com/chapter/10.1007%2F978-3-540-24626-8_6, with DOI 10.1007/978-3-540-24626-8_6 . A preprint is available at http://www.academia.edu/1413571/Higher_order_applicative_XML_documents .
A presentation I gave in 2006 on my publication "Raiding the Noosphere: the open development of networked RAID support for the Linux kernel", from
Software - Practice and Experience, 36(4) pages 365-395, published April 2006. The preprint of the full paper is available at http://www.academia.edu/1413581/Raiding_the_Noosphere_the_open_development_of_networked_RAID_support_for_the_Linux_kernel .
Abstract Interpretation meets model checking near the 1000000 LOC mark: Findi...Peter Breuer
Slides for presentation on "Abstract Interpretation meets model checking near the 1000000 LOC mark" at 5th International Workshop on Automated Verification of Infinite-State Systems (AVIS'06), Apr 1, 2006. A preprint of the full paper is available at http://www.academia.edu/2494187/Abstract_Interpretation_meets_Model_Checking_near_the_10_6_LOC_mark .
Detecting Deadlock, Double-Free and Other Abuses in a Million Lines of Linux ...Peter Breuer
Presentation at 30th Annual IEEE/NASA Software Engineering Workshop (SEW-30), Loyola College Graduate Center, Columbia, MD, USA, April 25, 2006. The preprint of the paper is at http://www.academia.edu/1413564/Detecting_deadlock_double-free_and_other_abuses_in_a_million_lines_of_linux_kernel_source. DOI 10.1109/SEW.2006.1 .
Open Source Verification under a Cloud (OpenCert 2010)Peter Breuer
Slides of my talk on "Open Source Verification under a Cloud " at OpenCert in Pisa, Italy, September of 2010. The paper appeared in Electronic Communications of the European Association of Software Science and Technology, vol. 33, and a preprint is at http://www.academia.edu/1413629/Open_Source_Verification_under_a_Cloud .
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Thesis Statement for students diagnonsed withADHD.ppt
Tutorial: Formal Methods for Hardware Verification - Overview and Application to VDHL
1. Tutorial ??
Formal Methods for
Hardware Verification:
Overview and Application to VHDL
Carlos Delgado Kloos, Peter T. Breuer
Universidad Polit´ecnica de Madrid
<{cdk,ptb}@dit.upm.es>
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 1
2. Introduction Outline ??
⋆ Formal Hardware Verification Approaches
⋆ Theorem Proving
⋆ Model Checking
⋆ Formal Reasoning with VHDL
⋆ Semantics
⋆ Logic
⋆ Algebra
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 2
3. Motivation Citation ??
“If you are faced by
a difficulty or a controversy in science,
an ounce of algebra is worth a ton of verbal argument.”
J.B.S. Haldane
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 3
4. Motivation Bryants comparison ??
simulate exhaustively a 256 bit RAM
⇒ 1080 possible combinations of input and state
⋆ use all matter in galaxy to build computers (1017 kg)
⋆ let each computer have the size of an electron (10−30 kg)
⋆ let each computer simulate 1012 cases per second
⋆ start simulation at the time of Big Bang (1010 years ago)
by now, we would have simulated 0, 05% of all cases
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 4
5. Motivation Pentium ??
The top ten reasons to buy a PENTIUM Machine:
10. Your current computer is too accurate.
9. You want to get into the Guiness book as
“Owner of Most Expensive Paperweight”.
8. Math errors add zest to life.
7. You need an alibi for the I.R.S.
6. You want to see what all the fuss is about.
5. You’ve always wondered what it would be like to be a plaintiff.
4. The “Intel Inside” logo matches your decor perfectly.
3. You no longer have to worry about CPU overheating.
2. You got a great deal from JPL.
1. It’ll probably work.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 5
6. Motivation Trends ??
⋆ systems are growing larger
⋆ systems are growing more complex
⋆ design teams are growing larger
⋆ time to market is getting more critical
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 6
7. Theorem proving Classification ??
Systems that manipulate an object language
⋆ Term rewrite systems
⋆ Transformational systems
⋆ Theorem provers
There is a convergence of these kinds of systems
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 7
8. Theorem proving Theorem provers ??
Systems that help to prove theorems
⋆ Proof checkers
a posteriori check (eg. MIZAR)
⋆ Proof assistants
user guided proof, strategies can be defined, forward and back-
ward proof
(eg. LCF, HOL, Isabelle, Veritas+)
⋆ Automatic theorem provers
(eg. Nqthm)
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 8
9. Theorem proving Comparison ??
⋆ Degree of interaction
⋆ Object language: underlying logic
⋆ Meta language: command language
⋆ Kinds of proofs
⋆ Proof management
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 9
10. Theorem proving Nqthm ??
The Boyer-Moore Theorem Prover
⋆ Quantifier-free first-order classical logic with equality
(free variables are implicitly universally quantified)
⋆
⋆
⋆
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 10
11. Theorem proving The LCF family ??
LCF = Logic for Computable Functions
⋆ Stanford LCF: proof checker with fixed commands (Scott 71–72)
⋆ Edinburgh LCF: meta-language: ML, object-language: PPλ (Mil-
ner 75–79)
⋆ Cambridge LCF: meta-lenguage: Standard ML, object-language:
PPλ (improved) (Paulson 84)
⋆ G¨oteborg LCF: supports Martin-L¨of’s type theory (Petersson 82)
⋆ Cambridge HOL: meta-lenguage: ML, object-language: Higher-
Order Logic (Gordon 80–)
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 11
12. Theorem proving LCF-related provers ??
⋆ Veritas: meta-language: Miranda, object-language: Higher-Order
Intuitionistic Logic (Hanna, Daeche 85–)
⋆ Isabelle: meta-language: ML, object-language: parametrizable
(Paulson 86–)
⋆ Lambda: meta-language: Poly-ML, object-language: Higher-Order
Polymorphic Predicate Calculus of Partial Terms, interfaced to CAD-
system
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 12
13. Theorem proving Theory ??
A formal logic consists of
⋆ a notation (a set of well-formed formulas)
⋆ a finite set of axioms
⋆ a finite set of inference rules
A formal proof is a sequence of well-formed formulas f1, f2, ..., fn,
such that for all i
⋆ fi is an axiom, or
⋆ fi can be derived from {f1, f2, ..., fn} using an inference rule
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 13
14. Theorem proving HOL expressions ??
The expressions in HOL can be:
⋆ constants 1: num, +: num->num->num
⋆ variables x: num, x: num->bool
⋆ abstractions λx.(λy.x+y)
⋆ applications (λx.(λy.x+y)1)2
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 14
15. Theorem proving HOL types ??
The types in HOL can be:
⋆ atomic types bool, num
⋆ compound types num*bool, num->num->num
⋆ polymorphic types ’a->’b, (’a->bool)->bool
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 15
16. Theorem proving HOL ??
The Object Language HOL comprises
⋆ Typed λ-Calculus (functions, including higher-order)
⋆ Polymorphic objects (parametric polymorphism)
⋆ Higher-order Logic (quantifiers over values, predicates, etc.)
It can be manipulated from the Metalanguage ML (which is quite
similar).
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 16
17. Theorem proving Axioms ??
There are only 5 axioms in HOL: 4 for the theory of bool
⋆ ⊢ ∀t. (t=T) ∨ (t=F)
⋆ ⊢ ∀t1 t2. (t1⇒t2)⇒(t2⇒t1)⇒(t1=t2)
⋆ ⊢ ∀t. (λx. t x)=t
⋆ ⊢ ∀P x. P x ⇒P(ǫ P)
and one for the theory of ind
⋆ ⊢ ∃f. ONE ONE f ∧ ¬ ONTO f
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 17
18. Theorem proving Inference rules ??
There are only 8 primitive inference rules:
{t} ⊢ t ⊢ t=t ⊢ (λx.t1)t2 = t1[t2/x]
Γ1 ⊢ t1 ⇒ t2 Γ2 ⊢ t1
Γ1 ∪ Γ2 ⊢ t2
Γ ⊢ t1=t2
Γ ⊢ (λx.t1)=(λx.t2)
Γ ⊢ t2
Γ − {t1} ⊢ t1 ⇒ t2
Γ1 ⊢ t1=t2 Γ2 ⊢ t[t1]
Γ1 ∪ Γ2 ⊢ t[t2]
Γ ⊢ t
Γ ⊢ t[s1, ... sn/’a, ... ’n]
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 18
19. Theorem proving Theories ??
All information (types, constants, axioms, theorems, etc.)
is hierarchically structured in theories:
⋆ pairs
⋆ natural numbers
⋆ lists
⋆ primitive recursion
⋆ arithmetic
⋆ trees
⋆ etc.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 19
20. Theorem proving Proof styles ??
There are essentially two ways to proceed:
⋆ Forward proof:
(Primitive or derived) inference rules are applied to (axioms or)
theorems until the desried theorem is proved
⋆ Backward proof:
A goal (a sequent to be proved into a theorem) is successively
decomposed into subgoals, until there are already proved theo-
rems
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 20
21. Theorem proving Example (J. Joyce) ??
i1
i2
x o2
⋆ specify behavioural models for NAND and NOT
⋆ specify intended behaviour of AND
⋆ specify implementation of AND in terms of NAND and NOT
⋆ prove that implementation satisfies intended behaviour for AND
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 21
22. Theorem proving Example (Specs) ??
Behaviours:
⊢def NAND(i1,i2,o1) ≡ o1 = ¬(i1∧i2)
⊢def NOT(i1,o1) ≡ o1 = ¬ i1
⊢def ANDspec(i1,i2,o1) ≡ o1 = i1∧i2
Structure:
⊢def ANDimpl(i1,i2,o1) ≡ ∃x. NAND(i1,i2,x) ∧ NOT(x,o1)
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 22
23. Theorem proving Example (Correctness) ??
⋆ Strong correctness
ANDimpl(i1,i2,o1) ≡ ANDspec(i1,i2,o1)
⋆ Weaker correctness
ANDimpl(i1,i2,o1) ⇒ ANDspec(i1,i2,o1)
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 23
24. Theorem proving Example (Proof) ??
1) ANDimpl(i1,i2,o1) {initial formula}
2) ∃x. NAND(i1,i2,x) ∧ NOT(x,o1) {def ANDimp}
3) NAND(i1,i2,x) ∧ NOT(x,o1) {strip off ∃x}
4) NAND(i1,i2,x) {left conjunt of 3)}
5) x=¬(i1∧i2) {def NAND}
6) NOT(x,o1) {right conjunt of 3)}
7) o1=¬x {def NOT}
8) o1=¬(¬(i1∧i2)) {subst. 5) in 7)}
9) o1=(i1∧i2) {simplify ¬¬t=t}
10) AND(i1,i2,o1) {def AND}
11) ANDimpl(i1,i2,o1) ⇒ AND(i1,i2,o1) {discharge assumption 1)}
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 24
25. Theorem proving Pros ??
⋆ generality
⋆ flexibility
⋆ expresiveness
⋆ exploitation of regularity, hierarchy and abstraction
⋆ proof security
⋆ user extensibility
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 25
26. Theorem proving Cons ??
⋆ long learning curve
⋆ large expertise needed
⋆ requires deep knowledge of mathematics and logic
⋆ tedious proofs
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 26
27. Theorem proving Achievements ??
Several microprocessors have been verified
⋆ FM8501 (Nqthm, Warren Hunt, Univ. Texas, 1986)
⋆ Viper (HOL, Avra Cohn, Univ. Cambridge, 1988)
⋆ Tamarack-3 (HOL, Jeff Joyce, Univ. Cambridge, 1989)
⋆ AVM–1 (HOL, Phil Windley, Univ. California, Davis, 1990)
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 27
28. Theorem proving The future ??
⋆ higher temporal complexity (pipelines, asynch. systems, real-time)
⋆ higher data complexity (IEEE floating point std, ...)
⋆ higher-level specifications (hardware/software verification, ...)
⋆ verification of classes of designs (microproc. families, ...)
⋆ verification of an ATM network (Fairisle)
⋆ TkHolWorkbench (a GUI for HOL)
⋆ BDDs in HOL
⋆ HOL 2000 initiative
⋆ several logic embeddings (CCS, TLA, Unity, Noden, ...)
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 28
29. Theorem proving More info about Nqthm ??
⋆ Computational Logic Inc.
1717 W. 6th St., Suite 290
Austin, TX 78703-4776, USA
⋆ <Software-Request@cli.com>
http://www.cli.com/
⋆ R.S. Boyer, J.S. Moore: A Computational Logic Handbook,
Academic Press 1988
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 29
30. Theorem proving More info about HOL ??
⋆ Cambridge Univ. Computer Laboratory
Pembroke Street, GB–Cambridge CB2 3QG, England (UK)
⋆ Sara Kalvala <sk@cl.cam.ac.uk>
http://www.comlab.ox.ac.uk/archive/formal-methods/hol.html (info)
http://lal.cs.byu.edu/lal/getting-hol.html (tool)
⋆ M. Gordon, T. Melham (eds.): Intr. to HOL: A Theorem Proving
Environment for Higher Order Logic, Cambridge Univ. Press 93
⋆ 8th International Workshop on Higher Order Logic Theorem Prov-
ing and its Applications, Utah September 11–14, 1995
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 30
31. Theorem proving More info about LAMBDA ??
⋆ LAMBDA: Logic and Mathematics Behind Design Automation
⋆ Abstract Hardware Ltd.
The Howell Building, Brunel University Science Park
GB–Uxbridge UB8 3PH, England (UK)
⋆ <lambda@ahl.co.uk>
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 31
32. Model checking Model of Computation ??
⋆ Finite state systems are modeled by labelled state-transition graphs
(Kripke structures)
⋆ Given an initial state, the structure can be unwound to an in-
finite tree (computation tree), whose paths represent possible
behaviours
⋆ A temporal logic is used to express properties of behaviours
⋆ Verification is carried out by exhaustive search of the state space
⋆ To speed up verification, efficient representation techniques are
used based on binary decision diagrams.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 32
33. Model checking Temporal Logics ??
⋆ In a linear temporal logic, the operators describe events along a
single computation path
⋆ In a branching temporal logic, the operators describe events along
several computation paths
⋆ path quantifiers:
A (for every path), E: there exists a path
⋆ linear time operators:
Xf (f holds next time)
Ff (f holds sometime in the future)
Gf (f holds globally in the future)
fUg (f holds until g holds)
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 34
34. Model checking CTL: theory ??
Every atomic formula is a CTL formula.
If f and g are CTL formulae, then so are
¬f (not f)
f ∧ g (f and g)
AXf (for all paths, f holds in the next state)
EXf (for some path, in which f holds in the next state)
AFf (for all paths, f holds eventually)
EFf (for some path, in which f holds eventually)
AGf (for all paths, f holds in every state)
EGf (for some path, in which f holds in every state)
A(fUg) (for all paths, f holds until g holds)
E(fUg) (for some path, f holds until g holds)
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 35
35. Model checking CTL: some operators ??
M, s AF x M, s EF x M, s EG x
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 36
36. Model checking CTL: examples ??
⋆ AG(EF greenNS): always it is possible to get to the greenNS
state (at a traffic light) [liveness property]
⋆ AG(¬(greenNS∧greenEW )): never both greenNS and greenEW
hold (both lights are green)[safety property]
⋆ AG(req ⇒ AF ack): if a request occurs, it will be eventually
acknowledged
⋆ EF(started∧¬ready): it is possible to get to a state where started
holds, but ready does not hold.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 37
37. Model checking Model Checking Problem ??
⋆ Let M be the Kripke structure representing the behaviour of a
system,
⋆ let f be a temporal logic formula representing a property to check,
⋆ the objective is to find all states s of M that satisfy the formula
f: M, s f
⋆ in fact, there exist very efficient algorithms for the logic CTL
(Clarke, Emerson and Sistla, ACM TOPLAS 8:2, 1986)
⋆ complexity linear in size of M and f
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 38
38. Model checking Model Checking Algorithm ??
M, s0 EGa ∧ AFb?
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 39
39. Model checking OBDDs ??
DAG-representation of Boolean functions
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 40
40. Model checking OBDDs ??
The importance of the variable ordering
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 41
41. Model checking OBDDs ??
⋆ S. Akers: Binary Decision Diagrams, IEEE Trans. Computers C–
27:6, June 78
⋆ R. Bryant: Graph-Based Algorithms for Boolean Function Ma-
nipulation, IEEE Trans. Computers C–35:8, August 86
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 42
42. Model checking Symbolic Model Checking ??
⋆ Representing state-transition graphs with OBDDs
⋆ The transition relation can be seen as a boolean formula
⋆ T(v1, ..., vn, v′
1, ..., v′
n), where (v1, ..., vn) represents the current state
and (v′
1, ..., v′
n) the next state
⋆ T is represented by a OBDD.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 43
43. Model checking Pros ??
⋆ decision procedure completely automated: no proofs!
⋆ fast
⋆ counter-examples
⋆ symbolic techniques allow to handle a big number of states
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 44
44. Model checking Cons ??
⋆ specification is enumeration of desired properties
⋆ completeness problem
⋆ state explosion problem
⋆ large data paths can introduce many states
⋆ no taking advantage of parametrization
⋆ temporal formulas can be difficult to understand
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 45
45. Model checking Achievements ??
⋆ Formal verification of the IEEE Futurebus+ cache consistency
protocol
(precise model defined, bugs found) Clarke et al. 93
⋆
⋆
⋆
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 46
46. Model checking Some references ??
⋆ J. Burch, E. Clarke, et al.: Symbolic Model Checking: 1020 States
and Beyond, Conf. Logic in Computer Science 1990.
⋆ O. Coudert, J.C. Madre, C. Berthet: Verifying Teporal Properties
of Sequential Machines without Building their State Diagram,
DIMACS Worksh. Computer-Aided Verification, June 1990
⋆ Th. Filkorn: A Method for Symbolic Verification of Synchronous
Circuits, CHDL’91, April 1991
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 47
47. Conclusion Other approaches ??
⋆ Symbolic trajectory evaluation
similar to conventional simulation
considers symbols rather than actual values
VOSS, COSMOS
⋆ Automata-based Systems
COSPAN
⋆ Tautology checkers
Checking of combinational circuits
TACHE
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 48
48. Conclusion Combining approaches ??
⋆ HOL with a model checker
⋆ HOL with COSMOS [Bryant, Seger]
⋆ HOL with VOSS [Joyce, Seger]
⋆ embedding VHDL in HOL [van Tassel, Kropf]
⋆ a VDHL simulator in Acl2 [Boyer, Hunt]
⋆ interfacing HOL to GENESIL (silicon compiler) [Rushby]
⋆ Prevail calling Nqthm or Tache [Borrione, Pierre]
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 49
49. Conclusion Conclusions ??
⋆ the field of formal methods is old
⋆ first breakthroughs obtained recently
⋆ still primarily academic work
⋆ increasing interest of industry (Siemens, Bull, some CAD vendors)
⋆ still a long way to go
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 50
50. Conclusion Citation ??
“It is now a well-established phenomenon
that what is highly abstract
for a generation of mathematicians
is just commonplace for the next one.”
J. Dieudonn´e
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 51
51. Semantics Classical VHDL simulations ??
A VHDL signal is associated with a driver.
0 1 2 3 4 . . . future time →
Signal
VHDL signal assignments write to the driver.
VHDL wait statements read the driver and suspend execution of the
process until a time determined by the evolving condition of the driver.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 52
52. Semantics Example 1 ??
Initial driver.
0 1 2 3 4 ...
Signal
future time
X <= transport 1.0 after 3 ns
Driver is altered.
0 1 2 3 4 ...
Signal
future time
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 53
53. Semantics Example 2 ??
Initial driver.
0 1 2 3 4 ...
Signal
future time
wait until X=1
Final driver:
0 1 2 3 4 ...
Signal
future time
Driver is essentially unaltered, but time has moved on.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 54
54. Semantics Semantics of VHDL ??
VHDL statements relate:
1. an old driver set to a new driver set;
2. an old current timepoint to a new current timepoint;
3. a previous history to an extended history.
H × DS × T ↔ H × DS × T
The combination of history plus driver set is called a ‘world line’.
WL × T ↔ WL × T
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 55
55. Semantics Example 3 ??
X=0
X=0
X=0
X=0
X=1
T=1
T=2
T=3
X=0X=0 T=0
X=0X=0 T=-1
X <= transport 1.0 after 2 ns
X=1
Time
Initial WL Final WL
⋆ A transport assignment re-
lates two worldlines and two
current timepoints.
⋆ The timepoint has to be the
same either side, because the
statement takes no physical
time to execute.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 56
56. Semantics Example 4 ??
X=0X=0
X=1
T=1
T=2
T=3
X=0X=0 T=0
X=0X=0 T=-1
X=1
Time
Initial WL Final WL
wait until X=1
X=1
X=1
⋆ A wait statement relates two
worldlines with the same sig-
nal values – for the signals of
the controlling process.
⋆ Other signals may differ in any
way possible.
⋆ But time moves on.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 57
57. Semantics Example 5 ??
X=0
X=1
X=0
X=0
X=1
Final WL
wait until X=1
X=0 T=1
T=2
T=3
X=0 T=0
X=0 T=-1
X=1
X=1
X=0 T=1
T=2
T=3
X=0 T=0
X=0 T=-1
Time
Initial WL Intermediate WL
X=0
X=0
X<=1 after 2 ns;
⋆ Two statements in se-
quence compose via re-
lational composition.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 58
58. Semantics Process semantics ??
A process relates:
⋆ An initial worldline to a final worldline.
Note that:
⋆ The initial timepoint is zero. The final timepoint is ∞
⋆ The body of the process repeats ad infinitum.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 59
59. Semantics A simple oscillator circuit ??
?
?
X <=not X after 2 ns
wait on X
begin
X <= transport not X after 2 ns
wait on X
end
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 60
60. Semantics Example 6 ??
X=0
X=1
X=0
X=0
X=1
Final WL
X=0 T=1
T=2
T=3
X=0 T=0
X=0 T=-1
X=1
X=1
X=0 T=1
T=2
T=3
X=0 T=0
X=0 T=-1
Time
Initial WL Intermediate WL
X=0
X=0
X<=not X after 2 ns; wait on X
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 61
61. Semantics Example 7 ??
X=0
X=1
X=0
X=0
X=1
X=0 T=1
T=2
T=3
X=0 T=0
X=0 T=-1
X=1
X=1
X=0 T=1
T=2
T=3
X=0 T=0
X=0 T=-1
Time
Initial WL
X=0
X=0
X=0
Final WL
X=0
Initial WL
X=1
X<=¬ X after 2 ns;
X <=¬ X after 2 ns;
X=1
X=1
X=1
X=0
X=0
X=0
X=0
X=1
X=1
process
begin X <= transport ¬ X after 2 ns ; wait on X ; end
wait on X
wait on X
T=1
T=2
T=3
T=4
T=5 T=5
T=4
T=3
T=2
T=1
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 62
62. Semantics Time and processes ??
A process relates the initial world line with T=0 and the ultimate
world line with T=∞, but we are interested in what happens before
then.
A logical treatment will require two kinds of logic:
⋆ execution until termination;
⋆ execution until suspension.
Suspension corresponds to looking at intermediate worldlines.
Pressing ‘Ctrl-Z’.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 63
64. Semantics Processes and parallelism ??
⋆ Processes in parallel have the semantics of the intersection of
relations.
⋆ They have to agree on how world lines change and how long the
change takes.
⋆ Knowledge of the driver set, history, and time are all shared ‘in-
stantaneously’ between processes.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 65
65. Semantics A simple follower circuit ??
?
?
Y <= X after 1 ns
wait on X
wait on X;
Y <= transport X after 1 ns;
process begin
end
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 66
66. Semantics Oscillator and follower in parallel ??
?
?
?
?
wait on X
Y <= X after 1 ns
wait on X
process
begin
X <= not X after 2 ns;
end
process
begin
Y <= X after 1 ns;
wait on X;
end
wait on X;
X <= not X after 2 ns
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 67
67. Semantics Example 8 ??
X=0
X=1
X=0
X=1
Final WL
X=0 T=1
T=2
T=3
X=0 T=0
T=-1
X=1
X=1
X=0 T=1
T=2
T=3
X=0 T=0
T=-1
Time
Initial WL Intermediate WL
wait on XY<= X after 1 ns;
X<= ¬X after 2 lns; wait on X
X=1
X=1
X=1
X=1 X=1
Y=1
Y=1 Y=1
Y=1
Y=0
Y=0
Y=0
Y=1
Y=1
Y=1
Y=1
Y=1
Y=0
Y=0
Y=0
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 68
68. Semantics A useful theorem ??
⋆ Take the ultimate world line and feed it back in again to a process
as its initial world line, then the same world line comes out again.
⋆ So, look for invariant world lines.
⋆ Especially helpful when calculating for parallel processes.
⋆ A world line developed by process 1 can be used as a background
against which process 2 is evaluated.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 69
69. Logic Plan ??
⋆ Insert predicative assertions and timing information in the gaps
between VHDL statements.
⋆ Predicates contain temporal modalities: “it will rain tomorrow”.
⋆ ⊙(x = 1) means “x = 1 will hold in the next instant”. This is the
same as ⊙x = 1.
⋆ x = ⊙x means “x will change in the next instant”.
⋆ Timed pre- and post- assertions {p, t1} s {q, t2} across statements
s are connected via a formal programming logic of triples.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 70
70. Logic Meaning ??
The Hoare triple
Sρ : {P, T1} a {Q, T2}
means
if a begins to execute at time T1 and condition P holds then,
then, if it finishes at time T2, Q will hold then.
This is the logic of termination, denoted by S.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 71
71. Logic Example 9 ??
Look at the oscillator process using the logic of termination.
{X= ⊙X,T}
X <= transport (not X) after 2 ns ;
{X= ⊙X= ⊙2X= ⊙3X,T}
wait on X ;
{⊙−2X= ⊙−1X=X= ⊙X,T+2}
The final condition (X has been stable and now will be stable with
a different value) has been forced by the initial condition (X is mo-
mentarily stable).
Note that the initial condition is re-established as the second part of
the final condition.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 72
72. Logic Meaning ??
The Hoare triple
S′ρ : {P, T1} a {Q, T2}
means
if a begins to execute at time T1 and condition P holds then,
then, if it is suspended at time T2, Q will hold then.
This is the logic of suspension, denoted by S′.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 73
73. Logic Example 10 ??
Now look using the logic of suspension. Suspension can only happen
in a blocked wait statement; everything else takes zero time.
Start with the condition established under the logic of termination.,
{⊙−2X= ⊙−1X=X= ⊙X,T}
X <= transport (not X) after 2 ns ;
{⊙−2X= ⊙−1X=X= ⊙X= ⊙2X= ⊙3X,T}
wait on X ;
{⊙−2X= ⊙−1X=X= ⊙X,T} ∨
{⊙−2X= ⊙−1X=X= ⊙X,T+1}
The final condition is that X either has just changed or is just about
to change.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 74
74. Logic Process logic ??
A process never terminates; it can only be suspended.
Suspension occurs within the process body, after some non-negative
number of executions of the body to termination.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 75
75. Logic Example 11 ??
Each oscillator cycle takes 2ns. At this time, termination establishes
and thereafter re-establishes the condition:
{⊙−2X= ⊙−1X=X= ⊙X,T}
and then suspension sets up
{⊙−2X= ⊙−1X=X= ⊙X,T} ∨ {⊙−2X= ⊙−1X=X= ⊙X,T+1}
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 76
76. Logic The use of a useful theorem ??
{⊙−2X= ⊙−1X=X= ⊙X ∧ even(T)} ∨ {⊙−2X= ⊙−1X=X= ⊙X ∧ odd(T)}
is an invariant of the oscillator process body under the termination
and suspension semantics.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 77
77. Logic Logical Rules ??
We reason by deriving one Hoare triple of the programming logic from
earlier derived Hoare triples.
The rules of reasoning take the form of
top
bottom
[condition]
in which the bottom is allowed to be derived from the top when
condition holds. Several hypotheses may appear:
top1 top2 top3 . . .
bottom
[condition]
or none
bottom
[condition]
in which case the rule represents an axiom.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 78
78. Logic The S-logic for termination - seq ??
[∀T ∈ [T1, T2]]
Sρ : {P, T1} a {QAT, T} Sρ : {QBT, T} b {R, T2}
Sρ : {P, T1} a ; b {R, T2}
[QA → QB] (1)
If a sequence a;b runs to termination between times T1 and T2, then
it does so by running a from T1 to termination at some intermediate
time T, then running b to termination at T2.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 79
79. Logic Example 12 ??
Take two consecutive signal assignments, each delayed by 1ns.
After the second, it will be the case that x is planned to be equal to
2 next.
Sx : {true, 3} x <= 1 after 1ns {⊙x = 1, 3} Sx : {true, 3} x <= 2 after 1ns {⊙x = 2, 3}
Sx : {true, 3} x <= 1 after 1ns ; x <= 2 after 1ns {⊙x = 2, 3}
The precondition for the second assignment is true, so it does not
matter what condition the first statement sets up.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 80
80. Logic Example 13 ??
Waiting for 1ns makes the things that are promised to happen next,
happen.
Sx : {⊙x = 1, 3} null {⊙x = 1, 3}
Sx : {⊙x = 1, 3} wait for 1 {x = 1, 4}
Waiting for 2ns is waiting for 1ns twice.
Sx : {⊙x = 1, 3} wait for 1 ; wait for 1 {⊙−1x = 1, 5}
Sx : {⊙x = 1, 3} wait for 2 {⊙−1x = 1, 5}
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 81
81. Logic The S-logic for termination - wait for ??
Sρ : {⊙P, T1} null {⊙Q, T2 − 1}
Sρ : {P, T1} wait for 1 {Q, T2}
Sρ : {P, T1} wait for 1 ; wait for n {Q, T2}
Sρ : {P, T1} wait for n + 1 {Q, T2}
(2)
A wait for 1ns will terminate (in 1ns). The (local) conditions that
hold then are those that are promised to hold now.
Longer waits are sequences of shorter ones.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 82
82. Logic The S-logic for termination - wait on ??
A wait on can be viewed as a loop:
wait on x = do wait for 1ns while x = ⊙−1x
Sρ : {P∧x=⊙x, T1} wait for 1; wait on x {Q, T2} Sρ : {P∧x=⊙x, T1} wait for 1 {Q, T2}
Sρ : {P, T1} wait on x {Q, T2}
(3)
To run a wait to termination between times T1 and T2 either the
waited on variable has to be about to change, in which case we do
a wait for 1ns and terminate at T2=T1+1, or it isn’t, in which case we
have to wait for 1ns and then wait longer.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 83
83. Logic The S-logic for termination - if ??
This logic requires us to be able to get to a desired postcondition
along either path down an if. In each branch we can assume the
appropriate extra precondition.
Sρ : {P ∧ c, T1} b1 {Q, T2} Sρ : {P ∧ ¬c, T1} b0 {Q, T2}
Sρ : {P, T1}if c then b1 else b0{Q, T2}
(4)
Example:
Sxy : {true ∧ x = 0, 4} y <= 1 after 1ns {y = 0, 4}
Sxy : {true ∧ x = 0, 4} y <= 2 after 1ns {y = 0, 4}
Sxy : {true, 4}if x = 0 then y <= 1 after 1ns else y <= 2 after 1ns{y = 0, 4}
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 84
84. Logic The S-logic for termination - while ??
While loops can be read as sequences of if branches.
while c do b = if c then b; while c do b else null
Sρ : {P ∧ c, T1} b; while x do b {Q, T2} Sρ : {P ∧ ¬c, T1} null {Q, T2}
Sρ : {P, T1}while c do b{Q, T2}
(5)
Example:
Sx : {true ∧ x = 0, 4} wait on x; while x = 0 do wait on x {x = 0, 5}
Sx : {true ∧ x = 0, 4} null {x = 0, 5}
Sx : {true, 4}while x = 0 do wait on x{x = 0, 5}
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 85
85. Logic The S-logic for termination - null ??
The simplest things are the hardest!
A null command won’t execute over a non-zero time, so anything we
care to say about this (impossible) situation is valid.
Sρ : {P, T1} null {Q, T2}
[T1 = T2] (6)
Over a zero time interval, a null command does nothing, so getting
from precondition P to postcondition Q requires that P entails Q at
that time.
Sρ : {P, T} null {Q, T}
[⊙T(P → Q)] (7)
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 86
86. Logic The S′-logic for suspension - seq ??
[∀T ∈ [T1, T2]]
Sρ : {P, T1} a {QT, T} S′ρ : {QT, T} b {R, T2}
S′ρ : {P, T1} a {R, T2}
S′ρ : {P, T1} a ; b {R, T2}
(8)
If a sequence a;b runs to suspension between times T1 and T2, then
it does so by either
1. running a from T1 to suspension at T2, or
2. running a to completion at some intermediate time T, then running
b to suspension at T2.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 87
87. Logic Other parts of the S′-logic for suspension ??
The sequence logic of suspension is the only part that refers back to
the termination logic.
In general, suspension logic is simpler than termination logic.
⋆ Many constructs cannot suspend at all, so have no rules for rea-
soning about suspensions!
NULL and signal assignment are examples of constructs that can-
not suspend. WHILE loops can only suspend in the body.
⋆ WAIT statements cannot exit under suspension logic. They have
to be suspended strictly before they exit.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 88
88. Logic The S′-logic for suspension - wait for ??
S′ρ : {P, T} wait for 1 {Q, T}
[⊙T(P → Q)] (9)
Example:
S′x : {x = 1, 3} wait for 1 {x = 0, 3}
[⊙3(x = 1 → x = 0)]
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 89
89. Logic Summary ??
The logic used here is weak in the sense that if we prove
S′ : {P, T1}foo{Q, T2}
then we have not proved that statement foo will suspend at time T2.
We have proved that if it is suspended at time T2, then condition Q
will hold then.
(Ditto for termination).
But processes can be suspended at any time. So the logic is always
applicable.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 90
90. Logic Conclusion ??
Logic is useful for reasoning about the properties of VHDL descrip-
tions.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 91
91. Algebra Another approach ??
Another approach to VHDL is to construct a process algebra.
An algebra is a set of equations asserting behavioural equivalences
between different code fragments.
For example:
x <= 2 after 3ns; x <= 1 after 2ns = x <= 1 after 2ns
The algebra can be used to prove or disprove equivalences between
different formulations.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 92
92. Algebra Synthesis ??
The algebra has a “pure” component that only refers to events and
processes, and a “code” component that contains only VHDL.
Generally, algebra expressions are mixed (impure).
A pure process algebra description can be represented as a state
transition diagram.
The diagram can be transformed slowly via the algebraic laws into
VHDL code.
What comes out is code that implements the state transition diagram.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 93
94. Algebra Code/diagram equivalence ??
-
??
?
?
C!0 C!0
C!1
C!1 C!0
[C!
0
0];a
=
[C!
0
1];a
=
[C!
0
0];a
=
a = C = not C after 1ns; wait on C; a
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 95
95. Algebra Summary ??
Algebras make reasoning about VHDL programs via equalities possi-
ble.
The transformation can go in both directions.
We are beginning to find that algebra/transition diagram specifica-
tions are useful starting points for the synthesis of VHDL code.
The VHDL code can be formally derived by a calculus of refinement
from the initial diagram.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 96
96. Conclusion Conclusion ??
Formal methods allow VHDL to be handled in ways that correspond
to classical activities, but based on secure foundations.
VDHL-Forum for CAD in Europe – Nantes, 24 April 1995 97