A Grand Challenge Proposal for Formal Methods: A Verified Stack

We propose a grand challenge for the formal methods community: build and mechanically verify a practical computing system, from transistors to software. The challenge is both competitive and collaborative. It is collaborative because practical systems are too large for any one group or tool to handle in isolation: groups will have to team together. Furthermore, the vertical integration of systems at different levels of abstractions – from transistors to software – will encourage the team to adopt different tools for different levels and connect them. It is competitive because there are many systems from which to choose and different teams may form around different target systems.

[1]  J. Strother Moore Piton: A Mechanically Verified Assembly-Level Language , 1996 .

[2]  Amy P. Felty,et al.  The Coq proof assistant user's guide : version 5.6 , 1990 .

[3]  John McCarthy,et al.  A BASIS FOR A MATHEMATICAL THEORY OF COMPUTATION 1) , 2018 .

[4]  Jun Sawada Verification of a simple pipelined machine model , 2000 .

[5]  Robert S. Boyer,et al.  Mechanized formal reasoning about programs and computing machines , 1997 .

[6]  Natarajan Shankar,et al.  Deconstructing Shostak , 2001, Proceedings 16th Annual IEEE Symposium on Logic in Computer Science.

[7]  George Porter,et al.  The apprentice challenge , 2002, TOPL.

[8]  E. Allen Emerson,et al.  From Asymmetry to Full Symmetry: New Techniques for Symmetry Reduction in Model Checking , 1999, CHARME.

[9]  Sérgio Vale Aguiar Campos,et al.  Selective Quantitative Analysis and Interval Model Checking: Verifying Different Facets of a System , 1996, CAV.

[10]  Sérgio Vale Aguiar Campos,et al.  Selective Quantitative Analysis and Interval Model Checking: Verifying Different Facets of a System , 1996, Formal Methods Syst. Des..

[11]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[12]  Sharad Malik,et al.  The Quest for Efficient Boolean Satisfiability Solvers , 2002, CAV.

[13]  Hans Langmaack,et al.  The ProCoS Approach to Correct Systems , 1997, Real-Time Systems.

[14]  Panagiotis Manolios Correctness of Pipelined Machines , 2000, FMCAD.

[15]  M. Gordon,et al.  Introduction to HOL: a theorem proving environment for higher order logic , 1993 .

[16]  Arthur David Flatau,et al.  A verified implementation of an applicative language with dynamic storage allocation , 1992 .

[17]  Toby Walsh,et al.  Automated Deduction—CADE-11 , 1992, Lecture Notes in Computer Science.

[18]  Panagiotis Manolios Mu-calculus model-checking , 2000 .

[19]  Robert S. Boyer,et al.  A verified operating system kernel , 1987 .

[20]  Robert S. Boyer,et al.  A computational logic handbook , 1979, Perspectives in computing.

[21]  Sean W. Smith,et al.  Trusting Trusted Hardware: Towards a Formal Model for Programmable Secure Coprocessors , 1998, USENIX Workshop on Electronic Commerce.

[22]  Randal E. Bryant,et al.  Symbolic Boolean manipulation with ordered binary-decision diagrams , 1992, CSUR.

[23]  Bishop C. Brock,et al.  Formal Analysis of the Motorola CAP DSP , 1999 .

[24]  Matthew Wilding,et al.  High-speed, analyzable simulators , 2000 .

[25]  George J. Milne,et al.  Correct Hardware Design and Verification Methods , 2003, Lecture Notes in Computer Science.

[26]  David M. Russinoff A Mechanically Checked Proof of IEEE Compliance of the Floating Point Multiplication, Division and Square Root Algorithms of the AMD-K7™ Processor , 1998, LMS J. Comput. Math..

[27]  Matthew Wilding,et al.  A Mechanically Verified Application for a Mechanically Verified Environment , 1993, CAV.

[28]  Robert Veroff,et al.  Automated Reasoning and Its Applications: Essays in Honor of Larry Wos , 1997 .

[29]  J. Strother Moore,et al.  A Mechanically Checked Proof of the AMD5K86TM Floating Point Division Program , 1998, IEEE Trans. Computers.

[30]  William McCune,et al.  Ivy: a preprocessor and proof checker for first-order logic , 2000 .

[31]  P. M. Melliar-Smith,et al.  Development and analysis of the Software Implemented Fault-Tolerance (SIFT) computer , 1984 .

[32]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[33]  Warren A. Hunt FM8501: A Verified Microprocessor , 1994, Lecture Notes in Computer Science.

[34]  David M. Russinoff,et al.  RTL verification: a floating-point multiplier , 2000 .

[35]  Andrei Voronkov,et al.  Automated Deduction—CADE-18 , 2002, Lecture Notes in Computer Science.

[36]  Kedar S. Namjoshi,et al.  Linking Theorem Proving and Model-Checking with Well-Founded Bisimulation , 1999, CAV.

[37]  Robert S. Boyer,et al.  Automated proofs of object code for a widely used microprocessor , 1996, JACM.

[38]  Wolfgang Goerigk,et al.  Rigorous Compiler Implementation Correctness: How to Prove the Real Thing Correct , 1998, FM-Trends.

[39]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[40]  J. Shepherdson,et al.  Computer programming and formal systems , 1965 .

[41]  David A. Greve Symbolic Simulation of the JEM1 Microprocessor , 1998, FMCAD.

[42]  Jun Sawada,et al.  Processor Verification with Precise Exeptions and Speculative Execution , 1998, CAV.

[43]  Robert S. Boyer,et al.  A verified code generator for a subset of gypsy , 1988 .

[44]  W. Hunt,et al.  A formal HDL and its use in the FM9001 verification , 1992, Philosophical Transactions of the Royal Society of London. Series A: Physical and Engineering Sciences.

[45]  Paolo Traverso,et al.  Applied Formal Methods — FM-Trends 98 , 1998, Lecture Notes in Computer Science.

[46]  Piergiorgio Bertoli,et al.  Design verification of a safety-critical embedded verifier , 2000 .