Results 1 
7 of
7
A Case Study in Formal Verification of RegisterTransfer Logic with ACL2: The Floating Point Adder of the AMD Athlon
"... . As an alternative to commercial hardware description languages, AMD 1 has developed an RTL language for microprocessor designs that is simple enough to admit a clear semantic definition, providing a basis for formal verification. We describe a mechanical proof system for designs represented in t ..."
Abstract

Cited by 21 (2 self)
 Add to MetaCart
. As an alternative to commercial hardware description languages, AMD 1 has developed an RTL language for microprocessor designs that is simple enough to admit a clear semantic definition, providing a basis for formal verification. We describe a mechanical proof system for designs represented in this language, consisting of a translator to the ACL2 logical programming language and a methodology for verifying properties of the resulting programs using the ACL2 prover. As an illustration, we present a proof of IEEE compliance of the floatingpoint adder of the AMD Athlon processor. 1 Introduction The formal hardware verification effort at AMD has emphasized theorem proving using ACL2 [3], and has focused on the elementary floatingpoint operations. One of the challenges of our earlier work was to construct accurate formal models of the targeted circuit designs. These included the division and square root operations of the AMDK5 processor [4, 6], which were implemented in microcode, a...
Robust Computer System Proofs in PVS
 LFM97: FOURTH NASA LANGLEY FORMAL METHODS WORKSHOP. NASA CONFERENCE PUBLICATION NO. 3356
, 1997
"... Practical formal verification of complex computer systems requires proof robustness and efficiency to protect against inevitable mistakes and system specification and design changes. PVS is a theoremproving system based on higherorder logic with which we demonstrate the kind of robust code proofs n ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
Practical formal verification of complex computer systems requires proof robustness and efficiency to protect against inevitable mistakes and system specification and design changes. PVS is a theoremproving system based on higherorder logic with which we demonstrate the kind of robust code proofs needed for verification of realisticsized computing systems.
Verification of Pipeline Circuits
 In ACL2 Workshop 2000 (proceedings are available as UTCS
, 2000
"... The use of pipelines is an important technique in contemporary hardware design, particularly at the level of registertransfer logic (RTL). Earlier formal analysis (e.g., [4]) using the ACL2 theorem prover showed correctness of pipelined floatingpoint RTL. This paper extends that work by consid ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
The use of pipelines is an important technique in contemporary hardware design, particularly at the level of registertransfer logic (RTL). Earlier formal analysis (e.g., [4]) using the ACL2 theorem prover showed correctness of pipelined floatingpoint RTL. This paper extends that work by considering a notion of a conditional pipeline, essentially the result of sharing hardware among several distinct pipelines. We have employed a pipeline tool, written in ACL2 but completely unverified, to find a pipelinerelated bug in an industrial hardware design, which has since been corrected.
Formal Verification of Microprocessors at AMD
, 2002
"... Formal Verification History We have emphasized automated theorem proving. 199596: Division and square root algorithms for AMDK5 microcode[3, 5] 1997present: Proofs of floatingpoint algorithms and actual RTL that use ACL2 on the AMD Athlon processor and its derivatives [6, 7, 8] \Gamma ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
Formal Verification History We have emphasized automated theorem proving. 199596: Division and square root algorithms for AMDK5 microcode[3, 5] 1997present: Proofs of floatingpoint algorithms and actual RTL that use ACL2 on the AMD Athlon processor and its derivatives [6, 7, 8] \Gamma We have a translator from our proprietary RTL to ACL2 [7] that enables RTL proofs. 2001: Completed some protocollevel proofs 5 A natural target for theorem provers [10, 4] Concise formal specifications relating outputs to inputs The RTL is relatively tractable. \Gamma While the size of an FPU may be substantial, the logic tends to decompose by operation. \Gamma The interfaces with other modules are smaller and simpler. Complexity of floatingpoint designs causes problems for other verification approaches. \Gamma Testing alone may be inadequate. \Gamma Decision procedures used in formal verification traditionally have capacity limitations, for example for multiplication and shiftin
Formal Verification of FloatingPoint RTL at AMD Using the ACL2 Theorem Prover
"... Abstract We describe a methodology for the formal verification of the correctness, including IEEEcompliance, of registertransfer level models of floatingpoint hardware designs, and its application to the floatingpoint units of a series of commercial microprocessors produced by Advanced Micro De ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract We describe a methodology for the formal verification of the correctness, including IEEEcompliance, of registertransfer level models of floatingpoint hardware designs, and its application to the floatingpoint units of a series of commercial microprocessors produced by Advanced Micro Devices, Inc. The methodology is based on a mechanical translator from a synthesizable subset of the Verilog hardware description language, in which the models are coded, to the formal logic of the ACL2 theorem prover. Behavioral specifications of correctness, coded in essentially the same language as the designs, are translated as well, and ultimately checked with the ACL2 prover. Keywords — Formal verification, Floatingpoint arithmetic, IEEEcompliance, Theorem proving, ACL2
A precision and range independent tool for testing floatingpoint arithmetic I: basic operations, square root and remainder
, 1999
"... This paper introduces a precision and range independent tool for testing the compliance of hardware or software implementations of (multiprecision) floatingpoint arithmetic with the principles of the IEEE standards 754 and 854. The tool consists of a driver program, o#ering many options to test onl ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
This paper introduces a precision and range independent tool for testing the compliance of hardware or software implementations of (multiprecision) floatingpoint arithmetic with the principles of the IEEE standards 754 and 854. The tool consists of a driver program, o#ering many options to test only specific aspects of the IEEE standards, and a large set of test vectors, encoded in a precision independent syntax to allow the testing of basic and extended hardware formats as well as multiprecision floatingpoint implementations.
London Mathematical Society ISSN 1461–1570 A MECHANICALLY CHECKED PROOF OF IEEE COMPLIANCE OF THE FLOATING POINT MULTIPLICATION, DIVISION AND SQUARE ROOT ALGORITHMS OF THE AMDK7 TM PROCESSOR
"... We describe a mechanically verified proof of correctness of the floating point multiplication, division, and square root instructions of the AMDK7 microprocessor. The instructions are implemented in hardware and represented here by registertransfer level specifications, the primitives of which are ..."
Abstract
 Add to MetaCart
We describe a mechanically verified proof of correctness of the floating point multiplication, division, and square root instructions of the AMDK7 microprocessor. The instructions are implemented in hardware and represented here by registertransfer level specifications, the primitives of which are logical operations on bit vectors. On the other hand, the statements of correctness, derived from IEEE Standard 754, are arithmetic in nature and considerably more abstract. Therefore, we begin by developing a theory of bit vectors and their role in floating point representations and rounding. We then present the hardware model and a rigorous proof of its correctness. All of our definitions, lemmas and theorems have been formally encoded in the ACL2 logic, and every step in the proof has been mechanically checked with the ACL2 prover. 1.