M. Srivas and S. Miller. Applying formal verification to the AAMP5 microprocessor: A case study in the industrial use of formal methods. J. on Formal Methods in System Design, 8:153--188, 1996.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....fm9001 [21, 22, 23] and Windley [36, 38] All these processors were simple uniprocessor fetch decode execute engines specifically designed for formal verification. Following this work, Miller and Srivas verified the implementation of some of the instructions of a simple real processor called aamp5 [27, 28]. A simplified version of the arm2 processor was verified in [20] Processors became much more complex from the later 1980s due to the addition of such features as complex multi stage pipelines, out of order execution and co processors. Architectures like Alpha, mips, Pentium, and Powerpc were ....

Steven P. Miller and Mandayam K. Srivas. Applying formal verification to the AAMP5 microprocessor: A case study in the industrial use of formal methods. Formal Methods in Systems Design, 8(2):153--188, March 1996.

....dependent verification methodologies are not examined in any detail within this report. Other significant work on microprocessor specification and verification includes: work on the SECD chip by Graham and Birtwistle [14] the verification of the AAMP5 avionics processor by Srivas and Miller [27]; the FM8501 processor verification by Hunt [19] work on the VIPER microprocessor (reviewed in [1] Windley s work on Generic Interpreters [31] and the correctness of pipelined processors with Coe [32] Gordon s work with HOL and LCF LSM, for example [11, 12] and Melham s work on abstraction ....

Mandayam K. Srivas and Steven P. Miller. Applying formal verification to the AAMP5 microprocessor: A case study in the industrial use of formal methods. Formal Methods in Systems Design, 8(2):153--188, March 1996.

....of the actual design, errors found in the abstraction can reveal errors in the actual design. Many theorem prover based verifications model functional units at the register transfer level; the gateand transistor level models of the design are validated only through simulation and informal reviews [48]. We make two uses of informal rules. First, an informal rule can provide an algorithmic encoding of domain knowledge where a formalization in logic would be unacceptably time consuming. For example, we used a timing analysis procedure that derives a graph whose nodes correspond to the channel ....

Mandayam K. Srivas and Steven P. Miller. Applying formal verification to the AAMP5 microprocessor: A case study in the industrial use of formal methods. Formal Meth. System Design, 8(2):153--188, March 1996.

....of the actual design, errors found in the abstraction can reveal errors in the actual design. Many theorem prover based verifications model functional units at the register transfer level: the gate and transistor levels of the design are validated only through simulation and informal reviews [23]. We make two uses of informal rules. First an informal rule can provide an algorithmic encoding of domain knowledge where a formalization in logic would be unacceptably time consuming. For example, the timing analysis procedure that we used derives a graph whose nodes correspond to the channel ....

Mandayam K. Srivas and Steven P. Miller. Applying formal verification to the AAMP5 microprocessor: A case study in the industrial use of formal methods. Formal Meth. System Design, 8(2):153--188, March 1996.

....languages, deductive analysis using powerful theorem provers is often considered less attractive than the special purpose methods. In this paper we present experimental results showing that theorem proving can be applied effectively to requirements analysis. Previous technology insertion efforts [3,20] convinced us that problem domain experts can easily learn to read formal specifications, and with a little more effort, can learn to write them. Gaining theorem proving skills, however, takes a much larger training investment. For proverbased requirements analysis to enter common practice, high ....

M. K. Srivas and S. P. Miller. Applying formal verification to the AAMP5 microprocessor: A case study in the industrial use of formal methods. Formal Methods in Systems Design, 8(2):153--188, March 1996.

.... model checking in terms of industrial acceptance, there is evidence of growing interest, including anecdotal evidence of theorem proving experts being hired by major companies such as Intel (who are rather secretive about their verification work) and some impressive published case studies (e.g. [19]) A key factor in the effectiveness of an interactive theorem prover is the expressive power of its logic. For example, it is important for users to be able to concisely express specifications, system descriptions and proof concepts, to formulate abstractions, and to declaratively state derived ....

Mandayam K. Srivas and Steven P. Miller. Applying formal verification to the AAMP5 microprocessor: A case study in the industrial use of formal methods. Formal Methods in Systems Design, 8(2):153--188, March 1996.

....M has property P , use ffl induction, ffl open up definitions in P and M , and ffl apply known lemmas (as rewrite rules) Ripple carry adder proof is quite typical. Same methodology applies to invariance simulation proofs demonstrating cache consistency [PD96] and microcode or pipeline correctness [Cyr96, SM96]. 13 Deductive Verification Technology Ground decision procedures: For the combination of quantifier free theories of ffl Equality with uninterpreted functions ffl Linear arithmetic equalities and inequalities ffl Arrays with update and selection Simplification: Using decision ....

.... Processor Microcode Verification Theorem provers (Nqthm, HOL, PVS) have been used for microcode verification. Correspondence proofs involve symbolic execution (rewriting with decision procedures) Verified examples include: ffl Cyrluk [Cyr96] DLX and superscalar DLX. ffl Srivas Miller [SM96]: Rockwell Collins AAMP5 and AAMP FV. 23 A Pipelined Microprocessor [Burch, Clarke, Dill, McMillan] stall REGFILE opcode U L A CONTROL dsntdd dstnd stalld stalldd wbreg opreg2 opreg1 dstn opcoded src2 src1 Presented as a datapath oriented benchmark for model checkers 24 ....

Mandayam K. Srivas and Steven P. Miller. Applying formal verification to the AAMP5 microprocessor: A case study in the industrial use of formal methods. Formal Methods in Systems Design, 8(2):153--188, March 1996. 33

.... for first order logic [3] 9] have gained high attention due to their ability to naturally cope with abstractions from data computations when analyzing complex control circuitry while allowing full automation of the proof (in contrast to approaches relying on interactive theorem proving such as [6, 13, 15]) In this paper we introduce the new computational model of Execution Automata and the model of Herbrand Engines based on it. This model combines finite state control with uninterpreted data and function registers, thus yielding a finite representation of infinite state machines. Herbrand engines ....

M. Srivas and S. Miller. Applying formal verification to the aamp5 microprocessor: A case study in the industrial use of formal methods. J. on Formal Methods in

....languages, deductive analysis using powerful theorem provers is often considered less practical than the special purpose methods. In this paper we present experimental results showing that theorem proving can be applied effectively to requirements analysis. Previous technology insertion efforts [3,18] convinced us that problem domain experts can easily learn to read formal specifications, and with a little more effort, can learn to write them. Gaining theorem proving skills, however, takes a much larger training investment. For proverbased requirements analysis to enter common practice, high ....

M. K. Srivas and S. P. Miller. Applying formal verification to the AAMP5 microprocessor: A case study in the industrial use of formal methods. Formal Methods in Systems Design, 8(2):153--188, March 1996.

....grant from the Israeli Ministry of Science and the Arts. y OFFIS, Oldenburg, Germany z Weizmann Institute of Science, Rehovot, Israel complex control circuitry while allowing full automation of the proof (in contrast to approaches relying on interactive theorem proving such as [GM93, ORSS94, SM96] In this paper we propose a proof method for proving correctness of such processor designs based on refinement , and illustrate it by showing correctness of the Tomasulo algorithm [HP96] supporting out of order execution of floating point instructions. The key features of our approach are ffl ....

M. Srivas and S. Miller. Applying formal verification to the aamp5 microprocessor: A case study in the industrial use of formal methods. J. on Formal Methods in System Design, 8:153--188, 1996.

No context found.

Mandayam K. Srivas and Steven P. Miller. Applying formal verification to the AAMP5 microprocessor: A case study in the industrial use of formal methods. Formal Methods in Systems Design, 8(2):153--188, March 1996. 11

....paths in the commutative diagram which will then be tested for equivalence. An automatic way to perform this equivalence testing is to use ground decision procedures for equality with uninterpreted functions such as the ones in PVS. This strategy has been used to verify several processors in PVS [5, 4, 15]. Some of the approaches to pipelined processor verification rely on the user providing the definition for the abstraction function. Burch and Dill in [3] observed that the This work was done in part when Ravi Hosabettu was visiting SRI International in summer 1997. The work done by the ....

Mandayam K. Srivas and Steven P. Miller. Applying formal verification to the AAMP5 microprocessor: A case study in the industrial use of formal methods. Formal Methods in Systems Design, 8(2):153--188, March 1996.

No context found.

M. Srivas and S. Miller. Applying formal verification to the AAMP5 microprocessor: A case study in the industrial use of formal methods. J. on Formal Methods in System Design, 8:153--188, 1996.

No context found.

Mandayam K. Srivas and Steven P. Miller. Applying formal verification to the AAMP5 microprocessor: A case study in the industrial use of formal methods. Formal Methods in Systems Design, 8(2):153--188, March 1996.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC