formal specification and verification of the fm9001
play

Formal Specification and Verification of the FM9001 Microprocessor - PowerPoint PPT Presentation

Nov 23, 2022 •368 likes •883 views

Formal Specification and Verification of the FM9001 Microprocessor Using the DE System Cuong Chau ckcuong@cs.utexas.edu Department of Computer Science The University of Texas at Austin May 23, 2017 Cuong Chau (UT Austin) FM9001 Specification

  1. Formal Specification and Verification of the FM9001 Microprocessor Using the DE System Cuong Chau ckcuong@cs.utexas.edu Department of Computer Science The University of Texas at Austin May 23, 2017 Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 1 / 22

  2. Outline Introduction 1 The DE System 2 Monotonicity of DE 3 Conclusion 4 Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 2 / 22

  3. Outline Introduction 1 The DE System 2 Monotonicity of DE 3 Conclusion 4 Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 3 / 22

  4. Introduction FM9001 is a general-purpose 32-bit microprocessor whose gate-level netlist was originally specified and verified in the Nqthm logic using the DUAL-EVAL system [Brock & Hunt:1997]. We re-specify and re-verify the FM9001 netlist in the ACL2 logic using the DE system. Motivation: This work provides a library of verified hardware circuit generators that can be applied when reasoning about the synthesis of hardware circuits using DE. Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 4 / 22

  5. FM9001 Specification Levels Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 5 / 22

  6. Block Diagram of the FM9001 Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 6 / 22

  7. FM9001 Verification The proof of correctness of the FM9001 gate-level design consists of three major lemmas: 1 The FM9001 can be forced to a known state, i.e., reset, from any initial state by a suitable sequence of inputs. 2 Given a set of initial conditions, the gate-level model correctly implements the high-level instruction interpreter. 3 The state at the end of the reset sequence satisfies the initial conditions for the previous lemma. Strategy: Prove that the desired reset state can be reached from an initial state of all X (unknown) values. By monotonicity of the DE semantics, we then prove that the desired reset state can be reached from any initial state . Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 7 / 22

  8. FM9001 Verification The proof of correctness of the FM9001 gate-level design consists of three major lemmas: 1 The FM9001 can be forced to a known state, i.e., reset, from any initial state by a suitable sequence of inputs. 2 Given a set of initial conditions, the gate-level model correctly implements the high-level instruction interpreter. 3 The state at the end of the reset sequence satisfies the initial conditions for the previous lemma. Strategy: Prove that the desired reset state can be reached from an initial state of all X (unknown) values. By monotonicity of the DE semantics, we then prove that the desired reset state can be reached from any initial state . Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 7 / 22

  9. FM9001 Verification The proof of correctness of the FM9001 gate-level design consists of three major lemmas: 1 The FM9001 can be forced to a known state, i.e., reset, from any initial state by a suitable sequence of inputs. 2 Given a set of initial conditions, the gate-level model correctly implements the high-level instruction interpreter. 3 The state at the end of the reset sequence satisfies the initial conditions for the previous lemma. Strategy: Prove that the desired reset state can be reached from an initial state of all X (unknown) values. By monotonicity of the DE semantics, we then prove that the desired reset state can be reached from any initial state . Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 7 / 22

  10. Challenge The original work modeled the memory model using Nqthm’s shell principle. There is no such principle in ACL2. Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 8 / 22

  11. Challenge The original work modeled the memory model using Nqthm’s shell principle. There is no such principle in ACL2. Need a different approach to formalizing the memory model for FM9001. Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 8 / 22

  12. Approach The original work used Nqthm’s shell principle to introduce three new data structures for a memory cell: 1 ROM tags read-only locations of the memory. 2 RAM tags read-write locations of the memory. 3 STUB represents “unimplemented” portions. Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 9 / 22

  13. Approach The original work used Nqthm’s shell principle to introduce three new data structures for a memory cell: 1 ROM tags read-only locations of the memory. 2 RAM tags read-write locations of the memory. 3 STUB represents “unimplemented” portions. Our approach: Represent a memory cell as a proper list of two elements: 1 The first element is a flag specifying the memory type of the cell (i.e., ROM, or RAM, or STUB). 2 The second element is the value of the cell. Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 9 / 22

  14. Approach The original work used Nqthm’s shell principle to introduce three new data structures for a memory cell: 1 ROM tags read-only locations of the memory. 2 RAM tags read-write locations of the memory. 3 STUB represents “unimplemented” portions. Our approach: Represent a memory cell as a proper list of two elements: 1 The first element is a flag specifying the memory type of the cell (i.e., ROM, or RAM, or STUB). 2 The second element is the value of the cell. This change does not affect the proof strategy for FM9001 created in the previous work, except for establishing the monotonicity property for DE, which is part of the FM9001 verification procedure. Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 9 / 22

  15. Outline Introduction 1 The DE System 2 Monotonicity of DE 3 Conclusion 4 Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 10 / 22

  16. The DE Language DE is a formal occurrence-oriented hardware description language developed in ACL2 for describing Mealy machines [Hunt:2000]. Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 11 / 22

  17. The DE Language DE is a formal occurrence-oriented hardware description language developed in ACL2 for describing Mealy machines [Hunt:2000]. A DE description is an ACL2 constant containing an ordered list of modules, which we call a netlist. Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 11 / 22

  18. The DE Language DE is a formal occurrence-oriented hardware description language developed in ACL2 for describing Mealy machines [Hunt:2000]. A DE description is an ACL2 constant containing an ordered list of modules, which we call a netlist. The operational semantics for the DE language is implemented as an output evaluator , se , and a state evaluator , de . Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 11 / 22

  19. The DE Language DE is a formal occurrence-oriented hardware description language developed in ACL2 for describing Mealy machines [Hunt:2000]. A DE description is an ACL2 constant containing an ordered list of modules, which we call a netlist. The operational semantics for the DE language is implemented as an output evaluator , se , and a state evaluator , de . The se function evaluates a module and returns its outputs as a function of its inputs and its internal state. Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 11 / 22

  20. The DE Language DE is a formal occurrence-oriented hardware description language developed in ACL2 for describing Mealy machines [Hunt:2000]. A DE description is an ACL2 constant containing an ordered list of modules, which we call a netlist. The operational semantics for the DE language is implemented as an output evaluator , se , and a state evaluator , de . The se function evaluates a module and returns its outputs as a function of its inputs and its internal state. The de function evaluates a module and returns its next state ; this state will be structurally identical to the module’s current state, but with updated values. Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 11 / 22

  21. Outline Introduction 1 The DE System 2 Monotonicity of DE 3 Conclusion 4 Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 12 / 22

  22. FM9001 Verification The proof of correctness of the FM9001 gate-level design consists of three major lemmas: 1 The FM9001 can be forced to a known state, i.e., reset, from any initial state by a suitable sequence of inputs. 2 Given a set of initial conditions, the gate-level model correctly implements the high-level instruction interpreter. 3 The state at the end of the reset sequence satisfies the initial conditions for the previous lemma. Strategy: Prove that the desired reset state can be reached from an initial state of all X (unknown) values. By monotonicity of the DE semantics, we then prove that the desired reset state can be reached from any initial state . Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 13 / 22

  23. Monotonicity We define a partial ordering with a binary relation ≤ over the four-valued constants: a ≤ b if a = b or a = X . T NIL Z X Cuong Chau (UT Austin) FM9001 Specification and Verification May 23, 2017 14 / 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica

Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica

Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Until now Logic Formal specification (generalities) Algebraic specification Transition systems 2

798 views • 62 slides
Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica

Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica

Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Until now Logic Formal specification (generalities) Algebraic specification 2 Formal

627 views • 19 slides
Formal Specification and Verification Formal specification Temporal logic 12.06.2012

Formal Specification and Verification Formal specification Temporal logic 12.06.2012

Formal Specification and Verification Formal specification Temporal logic 12.06.2012 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Formal specification Specification for program/system Specification for

443 views • 21 slides
Formal Specification and Verification of Avionics Software Claus Wonnemann June 7th, 2006 Claus

Formal Specification and Verification of Avionics Software Claus Wonnemann June 7th, 2006 Claus

Introduction Specification of the Java Flight Manager Runtime Assertion Checking and Verification Conclusions Formal Specification and Verification of Avionics Software Claus Wonnemann June 7th, 2006 Claus Wonnemann Formal Specification and

708 views • 54 slides
Formal Specification and Verification 8.11.2016 Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification 8.11.2016 Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification 8.11.2016 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Mathematical foundations Formal logic: Syntax: a formal language (formula expressing facts) Semantics: to define the meaning

740 views • 54 slides
Formal Specification and Verification 23.04.2013 Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification 23.04.2013 Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification 23.04.2013 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Mathematical foundations Formal logic: Syntax: a formal language (formula expressing facts) Semantics: to define the

811 views • 68 slides
Formal Specification Techniques Knowledge of typical approaches to formal software specification

Formal Specification Techniques Knowledge of typical approaches to formal software specification

Goals Understanding of the motivation of mathematical approaches to software specification Formal Specification Techniques Knowledge of typical approaches to formal software specification CAS 707 and verification McMaster University, Winter

106 views • 6 slides
Formal Formal Specif Specification ication and Verific and Verification ation of Solid of

Formal Formal Specif Specification ication and Verific and Verification ation of Solid of

Presented at FMBC 2020 Formal Formal Specif Specification ication and Verific and Verification ation of Solid of Solidity ity Contracts Contracts with E with Events vents kos Hajdu 1 , Dejan Jovanovi 2 , Gabriela Ciocarlie 2 1

298 views • 14 slides
Specification and verification in the field: Applying formal methods to BPF just-in-time

Specification and verification in the field: Applying formal methods to BPF just-in-time

Specification and verification in the field: Applying formal methods to BPF just-in-time compilers in the Linux kernel Luke Nelson, Jacob Van Geffen, Emina Torlak, and Xi Wang University of Washington Goal: formally verified (e)BPF JITs in the

267 views • 22 slides
Formal Specification and Verification Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de Some of the slides are based on or inspired by material by Wolfgang Ahrendt, Bernhard Beckert, Reiner H ahnle, Andreas Podelski 1 Motivation

1.11k views • 55 slides
Formal Specification and Verification Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de Some of the slides are based on or inspired by material by Wolfgang Ahrendt, Bernhard Beckert, Reiner H ahnle, Andreas Podelski 1 Motivation

899 views • 54 slides
Formal Specification and Verification Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de Some of the slides are based on or inspired by material by Wolfgang Ahrendt, Bernhard Beckert, Reiner H ahnle, Andreas Podelski 1 Motivation

715 views • 45 slides
Title: Formal Specification and Verification of a Communication Protocol (temporary) Author:

Title: Formal Specification and Verification of a Communication Protocol (temporary) Author:

Title: Formal Specification and Verification of a Communication Protocol (temporary) Author: Hojung Bang Affiliation: KAIST Address: 373-1, Kuseong-dong, Yuseong-gu, Daejeon, 305-701, Korea Abstract: In this paper, we summarized our experience

285 views • 6 slides
Formal Specification and Verification of Voting Software Bernhard Beckert | ComSoC, 14.04.13 K

Formal Specification and Verification of Voting Software Bernhard Beckert | ComSoC, 14.04.13 K

Formal Specification and Verification of Voting Software Bernhard Beckert | ComSoC, 14.04.13 K ARLSRUHE I NSTITUTE OF T ECHNOLOGY | D EPARTMENT OF C OMPUTER S CIENCE www.kit.edu KIT University of the State of Baden-Wuerttemberg and National

791 views • 67 slides
Functional Correctness Specification Formal Verification 15-214 Unit Testing Type

Functional Correctness Specification Formal Verification 15-214 Unit Testing Type

Functional Correctness Specification Formal Verification 15-214 Unit Testing Type Checking Statistic Analysis Requirements definition Inspections, Reviews 15-313 Integration/System/Acceptance/Regression/GUI/Bl

608 views • 45 slides
Formal Specification and Verification Classical logic (4) 13.05.2014 Viorica

Formal Specification and Verification Classical logic (4) 13.05.2014 Viorica

Formal Specification and Verification Classical logic (4) 13.05.2014 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Limitations of Propositional Logic Fixed, finite number of objects Cannot express: let G be group with

898 views • 68 slides
Functions, Abstraction & Faculty of Computer Science Dalhousie University Recursion Winter

Functions, Abstraction & Faculty of Computer Science Dalhousie University Recursion Winter

CSCI 2132: Software Development Norbert Zeh Functions, Abstraction & Faculty of Computer Science Dalhousie University Recursion Winter 2019 Building Abstractions Large projects are built in layers of abstraction! Example: Computer We

941 views • 66 slides
Lecture 2 Review Path Intergrals over Complex Plane Let : ( *

Lecture 2 Review Path Intergrals over Complex Plane Let : ( *

Lecture 2 Review Path Intergrals over Complex Plane Let : ( * = ? ( ) Lecture 2 Review Question #1: Express XOR using only NAND and NOT gates A A B B Y Y A A B B rgans&theorem!&

775 views • 16 slides
Digital Logic CombinaAonal Circuits 2 Homework Notes

Digital Logic CombinaAonal Circuits 2 Homework Notes

Computer Systems and Networks ECPE 170 Jeff Shafer University of the Pacific Digital Logic CombinaAonal Circuits 2 Homework Notes

452 views • 27 slides
Unit 12 Adders & Arithmetic Circuits 12.2 Learning Outcomes I understand what gates are

Unit 12 Adders & Arithmetic Circuits 12.2 Learning Outcomes I understand what gates are

12.1 Unit 12 Adders & Arithmetic Circuits 12.2 Learning Outcomes I understand what gates are used to design half and full adders I can build larger arithmetic circuits from smaller building blocks 12.3 ADDERS 12.4 Adder Intro

771 views • 40 slides
Figure5.2 Half-adder x i y i c 00 01 11 10 i 1 1 0 c i x i y c s i i + 1 i 1 1

Figure5.2 Half-adder x i y i c 00 01 11 10 i 1 1 0 c i x i y c s i i + 1 i 1 1

x 0 0 1 1 + y + 0 + 1 + 0 + 1 c s 0 0 0 1 0 1 1 0 Carry Sum (a) The four possible cases Carry Sum x y c s 0 0 0 0 0 1 0 1 1 0 0 1 1 1 1 0 (b) Truth table x s y x s HA y c c (c) Circuit (d)

232 views • 7 slides
Digitalteknik & Datorarkitektur vren 2009 Rkna med grindar Frelsning 2 mndag 23

Digitalteknik & Datorarkitektur vren 2009 Rkna med grindar Frelsning 2 mndag 23

Digitalteknik & Datorarkitektur vren 2009 Rkna med grindar Frelsning 2 mndag 23 mars karl.marklund@it.uu.se Gates and Boolean Algebra Some logical functions for two variables. x y x AND y x OR y x XOR y 0 0 0 0 0 0 1

484 views • 32 slides
Carbon Nanotube Imperfection-Immune Digital VLSI Subhasish Mitra Robust Systems Group

Carbon Nanotube Imperfection-Immune Digital VLSI Subhasish Mitra Robust Systems Group

Carbon Nanotube Imperfection-Immune Digital VLSI Subhasish Mitra Robust Systems Group Department of EE & Department of CS Stanford University H. Chen, J. Deng, A. Hazeghi, A. Lin, N. Patil, M. Shulaker, L. Wei, H. Wei, Prof. H.-S. P. Wong,

731 views • 60 slides
Normal-Conducting Photoinjector for High Power CW FEL Sergey Kurennoy, LANL, Los Alamos, NM An RF

Normal-Conducting Photoinjector for High Power CW FEL Sergey Kurennoy, LANL, Los Alamos, NM An RF

LA-UR-04-2768,-5617,-5808, & 05-3172 www.arXiv.org: physics/0404109 Normal-Conducting Photoinjector for High Power CW FEL Sergey Kurennoy, LANL, Los Alamos, NM An RF photoinjector capable of producing high continuous average current with low

404 views • 25 slides

More recommend