Refinement and Theorem Proving

In this chapter, we describe the ACL2 theorem proving system and show how it can be used to model and verify hardware using refinement. This is a timely problem, as the ever-increasing complexity of microprocessor designs and the potentially devastating economic consequences of shipping defective products has made functional verification a bottleneck in the microprocessor design cycle, requiring a large amount of time, human effort, and resources [1, 58]. For example, the 1994 Pentium FDIV bug cost Intel $475 million and it is estimated that a similar bug in the current generation Intel Pentium processor would cost Intel $12 billion [2].

[1]  Panagiotis Manolios Correctness of Pipelined Machines , 2000, FMCAD.

[2]  Manolios Sudarshan Srinivasan,et al.  A Suite of Hard ACL 2 Theorems Arising in Refinement-Based Processor Verification , 2004 .

[3]  Panagiotis Manolios,et al.  Refinement maps for efficient verification of processor models , 2005, Design, Automation and Test in Europe.

[4]  Robert S. Boyer,et al.  Functional Instantiation in First-Order Logic , 1991, Artificial and Mathematical Theory of Computation.

[5]  Robert S. Boyer,et al.  A computational logic handbook , 1979, Perspectives in computing.

[6]  George J. Milne,et al.  Correct Hardware Design and Verification Methods , 2003, Lecture Notes in Computer Science.

[7]  Robert S. Boyer,et al.  Single-Threaded Objects in ACL2 , 2002, PADL.

[8]  Panagiotis Manolios,et al.  Automatic verification of safety and liveness for XScale-like processor models using WEB refinements , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[9]  Sanjit A. Seshia,et al.  Modeling and Verifying Systems Using a Logic of Counter Arithmetic with Lambda Expressions and Uninterpreted Functions , 2002, CAV.

[10]  Panagiotis Manolios,et al.  A computationally ef~cient method based on commitment re~nement maps for verifying pipelined machines. , 2005, Proceedings. Second ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2005. MEMOCODE '05..

[11]  Panagiotis Manolios A Compositional Theory of Refinement for Branching Time , 2003, CHARME.

[12]  Bob Bentley Validating a Modern Microprocessor , 2005, CAV.

[13]  Panagiotis Manolios,et al.  Ordinal Arithmetic: Algorithms and Mechanization , 2005, Journal of Automated Reasoning.

[14]  Bob Bentley,et al.  Validating the Intel(R) Pentium(R) 4 microprocessor , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[15]  W. Hunt,et al.  A formal HDL and its use in the FM9001 verification , 1992, Philosophical Transactions of the Royal Society of London. Series A: Physical and Engineering Sciences.

[16]  Bishop Brock,et al.  Formally specifying and mechanically verifying programs for the Motorola complex arithmetic processor DSP , 1997, Proceedings International Conference on Computer Design VLSI in Computers and Processors.

[17]  Panagiotis Manolios,et al.  Verification of executable pipelined machines with bit-level interfaces , 2005, ICCAD-2005. IEEE/ACM International Conference on Computer-Aided Design, 2005..

[18]  Donald S. Fussell,et al.  Formal verification of an advanced pipelined machine , 1999 .

[19]  Piergiorgio Bertoli,et al.  Design verification of a safety-critical embedded verifier , 2000 .

[20]  J. Strother Moore,et al.  A Mechanically Checked Proof of the AMD5K86TM Floating Point Division Program , 1998, IEEE Trans. Computers.

[21]  Kedar S. Namjoshi A Simple Characterization of Stuttering Bisimulation , 1997, FSTTCS.

[22]  Jun Sawada Verification of a simple pipelined machine model , 2000 .

[23]  Panagiotis Manolios Mechanical verification of reactive systems , 2001 .

[24]  David M. Russinoff,et al.  RTL verification: a floating-point multiplier , 2000 .

[25]  Kedar S. Namjoshi,et al.  Linking Theorem Proving and Model-Checking with Well-Founded Bisimulation , 1999, CAV.

[26]  David M. Russinoff A Mechanically Checked Proof of Correctness of the AMD K5 Floating Point Square Root Microcode , 1999, Formal Methods Syst. Des..

[27]  Panagiotis Manolios,et al.  Algorithms for Ordinal Arithmetic , 2003, CADE.

[28]  Panagiotis Manolios,et al.  Monolithic Verification of Deep Pipelines with Collapsed Flushing , 2006, Proceedings of the Design Automation & Test in Europe Conference.

[29]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[30]  Panagiotis Manolios,et al.  Ordinal Arithmetic in ACL2 , 2003 .

[31]  Stephan Merz,et al.  Model Checking , 2000 .

[32]  Guy L. Steele,et al.  Common Lisp the Language , 1984 .

[33]  Vladimir Lifschitz,et al.  Artificial intelligence and mathematical theory of computation: papers in honor of John McCarthy , 1991 .

[34]  Matthew Wilding,et al.  Transforming the Theorem Prover into a Digital Design Tool: From Concept Car to Off-Road Vehicle , 1998, CAV.

[35]  J. Strother Moore Piton: A Mechanically Verified Assembly-Level Language , 1996 .

[36]  David L. Dill,et al.  Automatic verification of Pipelined Microprocessor Control , 1994, CAV.

[37]  Matt Kaufmann,et al.  Structured Theory Development for a Mechanized Logic , 2001, Journal of Automated Reasoning.

[38]  J. S. Moore,et al.  A Precise Description of the ACL2 Logic , 1998 .

[39]  Elizabeth M. Rudnick,et al.  Microprocessor Design Verification , 2000, The VLSI Handbook.

[40]  Bishop Brock,et al.  The DUAL-EVAL Hardware Description Language and Its Use in the Formal Specification and Verification of the FM9001 Microprocessor , 1997, Formal Methods Syst. Des..

[41]  Bob Bentley Validating the Intel(R) Pentium(R) 4 microprocessor , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[42]  David M. Russinoff A Mechanically Checked Proof of IEEE Compliance of the Floating Point Multiplication, Division and Square Root Algorithms of the AMD-K7™ Processor , 1998, LMS J. Comput. Math..

[43]  Bishop Brock,et al.  ACL2 Theorems About Commercial Microprocessors , 1996, FMCAD.

[44]  Warren A. Hunt,et al.  Linear and Nonlinear Arithmetic in ACL2 , 2003, CHARME.

[45]  Jr. Guy L. Steele,et al.  Common LISP: the language (2nd ed.) , 1990 .

[46]  Panagiotis Manolios,et al.  Integrating Reasoning About Ordinal Arithmetic into ACL2 , 2004, FMCAD.

[47]  Panagiotis Manolios,et al.  A complete compositional reasoning framework for the efficient verification of pipelined machines , 2005, ICCAD-2005. IEEE/ACM International Conference on Computer-Aided Design, 2005..

[48]  David A. Greve Symbolic Simulation of the JEM1 Microprocessor , 1998, FMCAD.

[49]  Jun Sawada,et al.  Processor Verification with Precise Exeptions and Speculative Execution , 1998, CAV.

[50]  Edmund M. Clarke,et al.  Characterizing Finite Kripke Structures in Propositional Temporal Logic , 1988, Theor. Comput. Sci..

[51]  Jun Sawada,et al.  Trace Table Based Approach for Pipeline Microprocessor Verification , 1997, CAV.

[52]  Matthew Wilding,et al.  High-speed, analyzable simulators , 2000 .

[53]  Panagiotis Manolios,et al.  Termination Analysis with Calling Context Graphs , 2006, CAV.

[54]  Jacques D. Fleuriot,et al.  IsaPlanner: A Prototype Proof Planner in Isabelle , 2003, CADE.