Formal Verification of the AAMP-FV Microcode

This report describes the experiences of Collins Avionics & Communications and SRI International in formally specifying and verifying the microcode in a Rockwell proprietary microprocessor, the AAMP-FV, using the PVS verification system. This project built extensively on earlier experiences using PVS to verify the microcode in the AAMP5, a complex, pipelined microprocessor designed for use in avionics displays and global positioning systems. While the AAMP5 experiment demonstrated the technical feasibility of formal verification of microcode, the steep learning curve encountered left unanswered the question of whether it could be performed at reasonable cost. The AAMP-FV project was conducted to determine whether the experience gained on the AAMP5 project could be used to make formal verification of microcode cost effective for safety-critical and high volume devices.

[1]  Matthew Wilding,et al.  A Mechanically Verified Application for a Mechanically Verified Environment , 1993, CAV.

[2]  Michael J. C. Gordon,et al.  Why higher-order logic is a good formalism for specifying and verifying hardware , 1985 .

[3]  Robert S. Boyer,et al.  Computational Logic , 1990, ESPRIT Basic Research Series.

[4]  M. Gordon,et al.  Introduction to HOL: a theorem proving environment for higher order logic , 1993 .

[5]  BarrettGeoff Formal Methods Applied to a Floating-Point Number System , 1989 .

[6]  Mary Shaw,et al.  Prospects for an engineering discipline of software , 1990, IEEE Software.

[7]  William R. Bevier,et al.  Kit: A Study in Operating System Verification , 1989, IEEE Trans. Software Eng..

[8]  Phillip J. Windley,et al.  A Correctness Model for Pipelined Multiprocessors , 1994, TPCD.

[9]  Ricky W. Butler,et al.  The infeasibility of experimental quantification of life-critical software reliability , 1991 .

[10]  W. Hunt,et al.  A formal HDL and its use in the FM9001 verification , 1992, Philosophical Transactions of the Royal Society of London. Series A: Physical and Engineering Sciences.

[11]  Stephen J. Garland,et al.  Using transformations and verification in circuit design , 1992, Formal Methods Syst. Des..

[12]  Geoff Barrett,et al.  Formal Methods Applied to a Floating-Point Number System , 1989, IEEE Trans. Software Eng..

[13]  Mandayam K. Srivas,et al.  Formal verification of the AAMP5 microprocessor: a case study in the industrial use of formal methods , 1995, Proceedings of 1995 IEEE Workshop on Industrial-Strength Formal Specification Techniques.

[14]  Mark Utting,et al.  A Layered Real-Time Specification of a RISC Processor , 1994, FTRTFT.

[15]  Phillip John Windley The formal verification of generic interpreters , 1990 .

[16]  R. W. Butler NASA Langley's research program in formal methods , 1991, COMPASS '91, Proceedings of the Sixth Annual Conference on Computer Assurance.

[17]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[18]  M. Wilding A Mechanically Veriied Application for a Mechanically Veriied Environment , 1993 .

[19]  Stephen J. Garland,et al.  PVS: A Prototype . . . , 1992 .

[20]  Mark Bickford,et al.  Formal verification of a pipelined microprocessor , 1990, IEEE Software.

[21]  Mandayam K. Srivas,et al.  Applying formal verification to the AAMP5 microprocessor: A case study in the industrial use of formal methods , 1996, Formal Methods Syst. Des..

[22]  G. B. Finelli,et al.  The infeasibility of experimental quantification of life-critical software reliability , 1991, SIGSOFT '91.

[23]  Robert S. Boyer,et al.  Automated Correctness Proofs of Machine Code Programs for a Commercial Microprocessor , 1992, CADE.

[24]  Mandayam K. Srivas,et al.  Applying Formal Veri cation to a Commercial Microprocessor , 1995 .

[25]  Randal E. Bryant,et al.  Formally Verifying a Microprocessor Using a Simulation Methodology , 1994, 31st Design Automation Conference.

[26]  K Srivas Mandayam,et al.  Formal Verification of an Avionics Microprocessor , 1995 .

[27]  Bev Littlewood,et al.  Validation of ultrahigh dependability for software-based systems , 1993, CACM.

[28]  Natarajan Shankar,et al.  Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS , 1995, IEEE Trans. Software Eng..

[29]  David W. Embley,et al.  Assessing the quality of abstract data types written in Ada , 1988, Proceedings. [1989] 11th International Conference on Software Engineering.

[30]  David L. Dill,et al.  Automatic verification of Pipelined Microprocessor Control , 1994, CAV.

[31]  S. Paul,et al.  A Bitvectors Library for PVS , 1996 .

[32]  David W. Best,et al.  An Advanced-Architectur CMOS/SOS Microprocessor , 1982, IEEE Micro.

[33]  Alexander Birman,et al.  Some Techniques for Microprogram Validation , 1974, IFIP Congress.