Mandayam Srivas

Formal verification of a pipelined microprocessor

The application of modern functional languages and supporting verification technology to a scaled-down but realistic microprocessor is described. The model is of an infinite stream of machine instructions consuming an infinite stream of interrupt signals and is specified at two levels: instruction and hardware design. A correctness criterion is stated for an appropriate sense of equivalent behavior of these levels and proved using a mechanically supported induction argument. The functional-language-based verification system Clio and the Mini Cayuga microprocessor are described. The formal specification and verification process are examined in detail.<<ETX>>

Verification of a Pipelined Microprocessor Using Clio

Clio is a system for verifying properties of expressions written in Caliban, a higher-order polymorphic strongly-typed lazy functional language akin to Turners Miranda. Clio was designed for verifying each step in the implementation of a program: the specification, the high-level language, the assembly language, the microcode, and the hardware. This paper describes the use of Clio for verifying the correctness of an instruction pipelined microprocessor design. The abstract and the realization levels of behavior of the processor are modeled as infinite streams. The abstract specification describes the behavior in terms of a suitably chosen programmers model of the processor. A realization specification gives a description of the design of the processor by describing the activities that happen in the circuit over a single microcycle. We develop a general criterion of correctness to relate the two levels which is verified using a form of fixed-point induction.

A framework for functional specification and transformation of hidden surface elimination algorithms

This paper deals with the theory of hidden surface elimination algorithms in Computer Graphics. A set of functions and abstract data types are defined to help concisely specify a class of hidden surface elimination algorithms in a purely functional language. A formal study of these algorithms is presented here along with theorems of equivalence between some of the specifications. It is shown here that such proofs of equivalence will help in the construction of existing as well as new algorithms. We bring in the importance of such a study to exploit alternative parallel architectures for implementation of these algorithms. The other benefits of formal specification and analysis are due to its use as a teaching aid and effective method for rapid prototyping of these algorithms.

Bridging the formal methods gap: a computer-aided verification tool for hardware designs

The author describes a computer-aided verification tool, called Spectool, for synchronous hardware designs. The tool reduces the effort required for verifying a design in the targeted class by automating most of the routine, but cumbersome, parts of the verification process. The input to the tool is a circuit diagram of the design drawn using the graphical user interface provided by the tool. Spectool has been used on several examples including a large pipelined microprocessor design.<<ETX>>

Formal verification of microprocessors

A general method is presented for formally verifying the correctness of microprocessor designs. The abstract-level specification of the processor defines the effect of every instruction in terms of a suitably chosen programmer model of the processor. The concrete-level specification describes the design of the processor at a synchronous level by defining the behavior over a single microcycle. A general criterion of correctness to relate the two levels of behavior of the processor is developed. An application of the method to a simple processor, Simple, and a larger realistic processor, MiniCayuga, which uses instruction pipelining, is presented. Both designs are completely verified using an applicative-language-based verification system Clio.<<ETX>>