W. A. Hunt, "A formal HDL and its use in the FM9001 verification," in Mechanized Reasoning in Hardware Design (C. Hoare and M. Gordon, eds.), Prentice-Hall, 1992.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....in certain types. Ports in a behavior table that are connected in a net with ports in other behavior tables must have the same type. Changing the level of data abstraction of a port generates side conditions for all ports in the net. 6 Example Deriving an FM9001 Implementation The FM9001 [19] is a 32 bit microprocessor, the third generation processor description defined by Hunt and mechanically verified at the gate level using the Nqthm theorem prover. Bose has derived an Actel FPGA implementation of the FM9001 using our digital design derivation tool [20] which is adept at handling ....

W. A. Hunt, "A formal HDL and its use in the FM9001 verification," in Mechanized Reasoning in Hardware Design (C. Hoare and M. Gordon, eds.), Prentice-Hall, 1992.

.... correctness across two levels of description (in Occam) of the microcode for the T800 floating point unit using mechanized transformations [56] Similarly, several groups have performed automated verification of nonmicrocoded processors, of which Warren Hunt s FM8501 [57] and subsequent FM9001 [58]) are among the most substantial. However, none of these previous efforts approaches the scale and complexity of the AAMP5. Both the macro and micro architectures of the AAMP5 are complex. The macro architecture is a stack machine with a large and elaborate instruction set: instructions are ....

Warren A. Hunt, Jr. and Bishop C. Brock, "A formal HDL and its use in the FM9001 verification", In Hoare and Gordon [87], pp. 35--47.

....r0 r1 r15 Register file . command . pc 16 inc dec alu op a op b (rn op ins) command (rn op ins) pc (rn op ins) Figure 7: FM9001 register file datapath schematic Let us consider a behavior table description of Hunt s FM9001 microprocessor [11] with instances of value indirection. The FM9001 is a 32 bit microprocessor and mechanically verified at the gate level using the Nqthm theorem prover. It has an internal register file with 16 general purpose registers any one of which can be used as the pc. Modeling all the different operations ....

W. A. Hunt, "A formal HDL and its use in the FM9001 verification," in Mechanized Reasoning in Hardware Design (C. Hoare and M. Gordon, eds.), Prentice-Hall, 1992.

....is also unsuitable for input to CAD tools such as simulators and circuit synthesizers. The work described here aims to support the use of conventional hardware description languages (HDLs) within a general theoremproving environment. The approach taken is semantic embedding in higher order logic [13, 19], and the theorem proving infrastructure is provided by the HOL system [12] Three languages are being investigated by separate teams: ELLA (by Boulton, Harrison and Herbert) Silage (by A. Gordon) and VHDL (by Van Tassel) The HOL ELLA project [1] is the largest effort and has been running ....

W. A. Hunt, Jr. and B. C. Brock, `A Formal HDL and its Use in the FM9001 Verification', in Mechanized Reasoning and Hardware Design, edited by C. A. R. Hoare and M. J. C. Gordon, Prentice-Hall International Series in Computer Science, Prentice-Hall, 1992.

....our approach is followed it is immediately possible to reason about the union of the two models, i.e. about their interactions and relationships. Nqthm has been used (or is being used) to formalize and explicate . a commercial netlist language [6] a gate level description of a microprocessor [7], a model of asynchrony suitable to proving the reliability of communication protocols for independently clocked processors [8] Turing machines [9] Lambda calculus [10] a simple but usable machine code [11] a large part of the machine code for the MC68020 [12] a stack based ....

Warren A. Hunt, Jr. and Bishop Brock , "A Formal HDL and its use in the FM9001 Verification", Proceedings of the Royal Society, 1992, to appear April 1992

....in either the hardware or software domain. In this paper we present an exercise in codesign in the context of developing a hardware prototype for the DDD FM9001 [6] The DDD FM9001 is a 32 bit general purpose microprocessor realized in FPGAs derived from Hunt s Nqthm FM9001 specification [7] us ing the DDD system. Details of the derivation of the DDD FM9001 are reported in [6] The DDD FM9001 experiment provided a context in which we could apply our methodology and illustrate our framework. In the following section we present our methodology. Section 3 details how the DDD FM9001 ....

....with hardware on the Logic Engine Board. The interface provides a transparent cosimulation environment between the hardware components and the executing software model. 3 A Case Study: The DDD FM9001 The DDD FM9001 was a design exercise to construct a hardware implementation of the FM9001 [7] microprocessor description using the DDD system. The FM9001 is a 32 bit general purpose microprocessor mechanically verified by Hunt in the Nqthm theorem prover [9] and realized in LSI Logics gate array technology. Details of the proof are reported in [7] state control operand a operand b ....

[Article contains additional citation context not shown here]

W. A. Hunt, "A formal HDL and its use in the FM9001 verification," in Mechanized Reasoning in Hardware Design (C. Hoare and M. Gordon, eds.), Prentice-Hall, 1992.

....interface entails extraction of a DRAM memory object from a system description that incorporates the read write protocol and accounts for refresh cycles. We apply sequential decomposition to a non trivial example, a formally derived realization of the Nqthm FM9001 microprocessor specification [1], called DDD FM9001 [2] 1 Introduction Derivation is a formalization of synthesis with more emphasis on correct construction than on design automation. Our tools are a set of transformations that are used to engineer an implementation from a specification, with each transformation accumulating ....

....parameter in the decomposition. Research reported herein was supported, in part, by NSF, under grants numbered MIP 89 21842 and MIP 92 08745 and by NASA, under grant number NGT 50861. To appear in Proceedings of ICCD 93, IEEE. y Email: rathk cs.indiana.edu A realization of the Nqthm FM9001 [1] specification, called DDD FM9001 [2] was derived using the DDD [5] system. The derivation involved using system factorization to decompose the memory component. Factorization imposed restrictions on the design limiting the memory to a static RAM realization. We now look at this example in the ....

[Article contains additional citation context not shown here]

W. A. Hunt, "A formal HDL and its use in the FM9001 verification," in Mechanized Reasoning in Hardware Design, Prentice-Hall, 1992.

....used it to design a verified microprocessor. DDD implements a formal design algebra that allows a designer to transform a formal specification into a correct implementation[50] Bose formally derived the DDD FM9001[70] microprocessor from Hunt s toplevel specification of the FM9001 microprocessor[71]. 5 Some Observations Some general conclusions can be drawn from the collective experience of the Langley sponsored projects. First, modern formal specification languages such as PVS, which support higher order logic and a rich type system, provide a means of writing specifications that can be ....

Warren A. Hunt, "A formal HDL and its use in the FM9001 verification", in C.A.R. Hoare and M.J. Gordon, editors, Mechanized Reasoning in Hardware Design. Prentice-Hall, 1992.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC