Mandayam K. Srivas and Steven P. Miller, Applying Formal Verification to a Commercial Microprocessor, Proceedings of the IFIP International Conference on Computer Hardware Description Languages, Chiba, Japan, 1995.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....A similar program was developed in the early 1980 s to exercise the Digital VAX 11 780 architecture [Karg94] C. Hardware Verificatio There have been some attempts to use formal methods to verify the correct implementation of a processor, such as [Croc88] Cu1189] Hunt87] Joyc88] Levy92] [Sriv95], Wind90] These efforts were directed at overall correct ness, a superset of security correctness. Most of these efforts dealt with processors that are far simpler than modern general purpose microprocessors, and generally employ simplified specifications of these processors. The recent effort ....

....were directed at overall correct ness, a superset of security correctness. Most of these efforts dealt with processors that are far simpler than modern general purpose microprocessors, and generally employ simplified specifications of these processors. The recent effort by SPI and Collins [Sriv95] has demon strated that it is possible to explore complex pipelined architectures with current verification tools and practices. Collins is investigating the further use of verification as a replacement for some design reviews in the development of the AAMP processors. These processors are used ....

Mandayam K. Srivas and Steven P. Miller, Applying Formal Verification to a Commercial Microprocessor, Proceedings of the IFIP International Conference on Computer Hardware Description Languages, Chiba, Japan, 1995.

....y Corresponding author: Gates Building, Room 358. Email: jus cs.stanford.edu. Phone: 650) 725 9046. Fax: 650) 725 6949. 1 1 Introduction Formal verification has been applied successfully to high level models of processors against their Instruction Set Architectures (ISAs) [29, 28, 33, 12], and selected parts thereof, such as pipelines [9, 23] and memory protocols [20, 19, 10, 17] This is a cost effective approach to applying formal methods, since it may reveal errors in the specifications, early in the design process. Unfortunately, these approaches do not fit well with today s ....

M. Srivas and S. P. Miller. Applying formal verification to a commercial microprocessor. In Computer Hardware Description Languages, August 1995.

....verification approaches. In theorem proving, the proof that the design realizes the stated behavior is mechanically checked by a theorem prover. Theorem proving based verification efforts are known to be highly interactive requiring many person months of effort even for moderately sized designs [5, 6, 7]. In addition, theorem provers seem to require considerable time to learn and use. Model checking on the other hand, can be fully automated and require little time to learn. In model checking, a set of desired properties of a model of the design are stated in some form of logic and verified using ....

Mandayam K. Srivas and Steven P. Miller. "Applying Formal Verification to a Commercial Microprocessor". In CHDL'95, pages 493--502, Makuhari,Japan, 1995.

.... FM8502 microprocessor [46] using the Boyer Moore theorem prover nqthm [4] both of these microprocessors are very simple and were specifically designed for formal verification) and, very recently, Srivas and Miller s verification of a half million transistor commercial microprocessor, the AAMP5 [84], using the PVS theorem prover [71, 72] Despite the periodic success stories, proof based methods remain notoriously timeconsuming [60, p. 496] and most of the automated theorem provers available today are semi automated at best. 38, p. 220] Much progress has been made in automating proofs ....

Mandayam K. Srivas and Steven P. Miller. Applying formal verification to a commercial microprocessor. In International Conference on Computer Hardware Description Languages. IFIP, August 1995. BIBLIOGRAPHY 145

....not necessary for verifying processor control. By using a more restricted logic, we can construct a faster validity checker. There is an extensive literature on using general purpose theorem provers to verify processor designs, including recent work on verifying pipelined processors [Cyr93, SB90, SM95, Win95] These methods require significantly more manual effort than our technique. 2 The logic The quantifier free logic of equality with uninterpreted functions is more expressive than propositional logic but less expressive than first order logic. An example of a formula in the logic is: ....

M. Srivas and S. P. Miller. Applying formal verification to a commercial microprocessor. In Computer Hardware Description Languages, August 1995.

....development of programs from specifications for distributed real time systems has been worked out in PVS [Hoo94] In this formalism, an assertional method based on a compositional framework of classical Hoare triples is developed for step wise refinement of specifications into programs. The KIDS [Smi90]system is a program derivation system. High level specifications written in a language called Refine are transformed by data type refinements and optimization transformations such as partial evaluation, finite differencing, into a Refine program. 10 Chapter 2 Overview of SIL The descriptions ....

....[Raj92, RJS93] We have used our integrated system in a variety of examples with dramatic improvements in speed up of propositional reasoning in PVS. This has led to fully automatic proof procedures for many classes of hardware designs including n bit ALUs and pipelined microprocessors [KK94, SM95] We have used the combination of theorem proving and model checking for automatically verifying hardware and software specifications, that would not have been possible by either one of them. The simplified form, we have chosen is the simplest sum of products form. However, further minimization ....

Mandayam K. Srivas and Steven P. Miller. Applying formal verification to a commercial microprocessor. In Johnson [Joh95], pages 493--502.

.... FM8502 microprocessor [46] using the Boyer Moore theorem prover nqthm [4] both of these microprocessors are very simple and were specifically designed for formal verification) and, very recently, Srivas and Miller s verification of a half million transistor commercial microprocessor, the AAMP5 [84], using the PVS theorem prover [71, 72] Despite the periodic success stories, proof based methods remain notoriously timeconsuming [60, p. 496] and most of the automated theorem provers available today are semi automated at best. 38, p. 220] Much progress has been made in automating proofs ....

Mandayam K. Srivas and Steven P. Miller. Applying formal verification to a commercial microprocessor. In International Conference on Computer Hardware Description Languages. IFIP, August 1995. BIBLIOGRAPHY 140

....simplify the interaction that it takes a HOL user to verify a system. 2. 2 Scientific Technological Relevance Using automated theorem provers, like HOL, it is possible to formally verify industrially significant properties of software and hardware, e.g. correctness properties of microprocessors, [Srivas Miller, 1995], or communications hardware, Curzon et al., 1995] However, the user of the prover must be highly skilled and the development time is of the order of man months sometimes man years. Such skill levels and development times preclude widespread industrial use. This has restricted the use of ....

Srivas, M. and Miller, S.P. (1995). Applying formal verification to a commercial microprocessor. In Procs of IFIP International Conference on Computer Hardware Description Languages. CHDL-95.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC