W. A. Hunt, Jr. FM8501: A verified microprocessor. Technical Report 47, University of Texas at Austin, Institute for Computing Science, Dec. 1985.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....recent analyse of related works in formal methods can be found in [28] In this section, we just mention some of the most known theorem provers used nowadays in hardware verification and we provide some references. ffl Nqthm, the Boyer Moore theorem prover [7] has been investigated in this field [32] [43] Working in a first order logic, this prover has had a lot of success due to its automatization. ffl The Larch Prover [20] is also based on a first order logic. It involves powerful rewriting rules. Some works and references about LP in hardware can be found in [47] 36] and [2] ffl HOL ....

W.A. Hunt. FM8501: A Verified Microprocessor. PhD thesis, Institute for Computing Science, University of Texas at Austin, February 1986.

....layout) and dioeerent classes of hardware (combinational or sequential circuits, synchronous or asynchronous circuits) Here we address the problem of formally verifying synchronous processor functionalities. The verication of processors was rst tackled using theorem proving techniques [22, 27, 17]. Impressive proofs were performed [28, 32, 31] but in our opinion these proofs required to much user guidance from specialized experts. Some interesting results have been obtained using more automatic techniques [18, 13] but they do not verify operative parts of processors. Therefore they cannot ....

W. Hunt Jr. FM8501: a Veried Microprocessor. PhD thesis, Institute for Computing Science, University of Texas at Austin, 1986.

....components. The Piton [Moore 88] assembly language, developed by J Moore at Computational Logic, Inc. is a high 4 level assembly language with a verified implementation on the FM8502 microprocessor. This is an extension of the microprocessor design verified to the gate level by Warren Hunt [Hunt 85] Building the Micro Gypsy code generator on top of Piton gives us the ability to verify certain Gypsy 2.05 programs using the Gypsy Verification Environment, compile these programs with the Micro Gypsy code generator described in this dissertation into Piton assembly language code, and assemble ....

....It is this interpreter which is the target level interpreter for our Micro Gypsy to Piton interpreter equivalence proof. Piton has been implemented on the FM8502, a general purpose microprocessor whose gate level design has been mechanically proved to implement its machine code interpreter. Hunt 85] The FM8502 implementation of Piton is via a function in the Boyer Moore logic which maps a Piton initial state into an FM8502 binary core image. The compiler, assembler and linker are all defined as functions in the logic. The implementation has been mechanically proved correct. In particular, ....

[Article contains additional citation context not shown here]

Warren A. Hunt. FM8501: A Verified Microprocessor. Technical Report ICSCA-CMP-47, Institute for Computing Science, University of Texas at Austin, December, 1985.

....become the indeterminates of the polynomials. Now, the original set of formulae is satisfyable if and only if the set of polynomials has a solution. This method has been implemented in the Rewrite Rule Laboratory (RRL) 1.2. 2 FM8501 FM8501 is a sixteen bit micro processor designed by Hunt [Hun85] He proved that a high level (block diagram) description correctly implemented the specification of the processor. From this high level implementation a lower level (register transfer level) implementation was derived, by expanding the definitions of the building blocks (e.g. adders) to their ....

Warren A Hunt, Jr. FM8501: A verified microprocessor. Technical Report 47, Institute for Computing Science. The University of Texas at Austin, December 1985. Dissertation.

....work is discussed in Section 4. Other Boyer Moore work provides interpretations such as the one given above; the hardware description is a recursive function which is intended to model the behaviour of the design. The use of tail recursion to represent the advance of time was introduced by Hunt [45], and has generally been used by hardware verification research based on the Boyer Moore theorem prover. For a general account of this method see [64] In higher order logic proof assistants such as Lambda 3 [28] and hol [36] nearly all work has been in terms of similar direct interpretations ....

Warren A Hunt, Jr. FM8501: A verified microprocessor. Technical Report 47, Institute for Computing Science. The University of Texas at Austin, December 1985. Dissertation.

....Hardware Verification The formal verification of hardware attracted interest in the early 1980s in response to the concerns discussed in the previous section. Formal notations and automated proof systems have been used in a variety of methodologies. These include formal logics (e.g. first order [98,34], higher order [84,79] temporal [139,171] type theory [102] state machines and automata [81,28,15] process algebras (e.g. Circal [132] hop [74] and others [56,155,165] Many other formalisms and systems have been studied, some of which are reviewed in [66,35] The avoidance of the ....

....Their work will be discussed below, in Section 2.3. Other Boyer Moore work provides interpretations such as the one given above. The hardware description is a recursive function which is intended to model the behaviour of the design. Hunt first used tail recursion to represent the advance of time [98]. The same idea has been used by later hardware verification research based on the Boyer Moore theorem prover; for a general account of this method see [146] In the hol proof assistant [79] nearly all work has been in terms of similar direct interpretations [83, e.g. Section 4] The exceptions ....

[Article contains additional citation context not shown here]

Warren A Hunt, Jr. FM8501: A verified microprocessor. Technical Report 47, Institute for Computing Science. The University of Texas at Austin, December 1985. Dissertation.

....the verification of a portion of the security kernel of UCLA Secure Unix. Rushby [Rushby 81a] described an approach to kernel verification similar to ours. Several other research efforts have used the Boyer Moore logic and theorem prover to specify and verify components of computing systems. Hunt [Hunt 85] proved an interpreter equivalence theorem to establish the correctness of the FM8501 microprocessor. A successor to FM8501, called FM8502, has also been verified. Moore [Moore 88] proved the correctness of the translator of a high level assembly language called Piton. The Piton assembler is ....

....proof of a correct implementation of that specification at the machine code level. We chose the Boyer Moore logic for two reasons: first, our previous expertise in the logic, and second, the existence of the Boyer Moore theorem prover. Previous work with the Boyer Moore theorem prover [Shankar 86, Hunt 85] had demonstrated that it could be guided through very large and complex proofs. We attempted no comparison of Kit s specification in the Boyer Moore logic with a specification in a different language. One technical advantage in pushing operational specifications to an abstract level in the ....

W.A. Hunt, Jr. FM8501: A Verified Microprocessor. Technical Report 47, Institute for Computing Science, University of Texas at Austin, December, 1985.

....It provides mechanical assistance to the proof process, ensuring mistakes are not made. The system will only call something a theorem if it has been rigorously proved. There has been much work in the area of formal hardware verification, most notably in the area of microprocessor verification [1, 11]. There has been some previous work on the formal verification of network components. For example, Herbert initially used LCM LSM and later HOL to formally verify an ECL chip: a local area network interface used as part of the Cambridge Fast Ring [9, 8] It is of a similar complexity to our ....

Warren A. Hunt Jr. FM8501: A verified microprocessor. Technical report, Institute for Computing Science, University of Texas at Austin, September 1985.

....was verified by Warren Hunt as part of the verification of the FM8501 microprocessor. This processing unit is verified in 3 theorems corresponding to the word, natural number, and two s complement interpretations. It took about 2 months effort, runs in a few seconds 5 , and used about 53 lemmas [11]. Although the processor unit reported here is less complicated than FM8501 s because we don t include the two s complement interpretation, we use just 2 lemmas in its proof planning. 5 Personal communication As an experiment, some of these circuits were re implemented in Nqthm by a newcomer ....

Warren Hunt. FM8501: A Verified Microprocessor. Technical report 47, Institute for Computing Science, University of Texas at Austin, 1986.

....contribution of this work is to provide a way to perform substantial partial verification in the absence of a functional specification. The second problem is that the verification task is far too complex for current tools and techniques. A large variety of research attempts to address this problem [BD94b, BD94a, Cyr93, Hun85, SGGH91, Win95]. Our approach complements other methods by easing the difficulty of creating the specification itself and reducing the complexity of the ensuing property verification. We report results applying our technique to industrial circuits with many thousands of latches significantly larger circuits ....

W. A. Hunt, Jr. FM8501: A verified microprocessor. Technical Report 47, University of Texas at Austin, Institute for Computing Science, December 1985.

....aspects of the design that are most susceptible to errors, be relatively fast and require little labor, and provide information to help pinpoint design errors. The best known examples of formally verified processors have been extremely simple processor designs, which were generally unpipelined [7, 8, 15, 16]. The ver ification methods used rely on theorem provers that require a great deal of very skilled human guidance (the practical unit of for measuring labor in these studies seems to be the person month) Furthermore, the processor implementations that were verified were so simple that they were ....

W. A. Hunt, Jr. FM8501: A verified microprocessor. Technical Report 47, University of Texas at Austin, Institute for Computing Science, Dec. 1985.

....y Corresponding author: Gates Building, Room 358. Email: jus cs.stanford.edu. Phone: 650) 725 9046. Fax: 650) 725 6949. 1 1 Introduction Formal verification has been applied successfully to high level models of processors against their Instruction Set Architectures (ISAs) [29, 28, 33, 12], and selected parts thereof, such as pipelines [9, 23] and memory protocols [20, 19, 10, 17] This is a cost effective approach to applying formal methods, since it may reveal errors in the specifications, early in the design process. Unfortunately, these approaches do not fit well with today s ....

W. A. Hunt, Jr. FM8501: A verified microprocessor. Technical Report 47, University of Texas at Austin, Institute for Computing Science, December 1985.

....designs can utilize inductive techniques. The increased complexity of VLSI circuits has produced the demand for logicians to create practical proof systems that can be applied to complex systems. Several logic systems have been used to verify hardware, including the BoyerMoore Theorem Prover [Hun86] and higher order logic (HOL) Sys89, GM93, Gra92, CHAPTER 1. INTRODUCTION 14 Mel88, Coh88] The complex fine grain logic models have been successful in accurately verifying data path and leaf cells, but are cumbersome for coarser block level verifications. Hardware designers and engineers ....

W. A. Hunt. FM8501, A Verified Microprocessor. PhD thesis, Institute for Computing Science, University of Texas, Austin, February 1986.

No context found.

W.A. Hunt, Jr. FM8501: A Verified Microprocessor. Technical Report 47, Institute for Computing Science, University of Texas at Austin, December, 1985.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC