Abstract
Theorem proving is a technology where we use logical deduction to prove properties of mathematical artifacts, often assisted by a computer program called a theorem prover. One way to verify computing systems is to model them as mathematical artifacts and then use theorem proving to prove their desired properties as theorems. This approach has in fact been used to verify a wide spectrum of properties of computing systems. In this chapter, we recount the role of theorem proving in microprocessor verification and discuss the scope, applicability, and limits of the technology.
This is a preview of subscription content, log in via an institution to check access.
Notes
- 1.
The work presented in this chapter was done when this author was at Centaur Technology, Inc., and prior to that, The University of Texas at Austin..
References
Aagaard M, Cook B, Day N, Jones RB (2001) A framework for microprocessor correctness statements. In: Margaria T, Melham TF (eds) Proceedings of the 11th International Conference on Correct Hardware Design and Verification Methods (CHARME 2001). LNCS, vol 2144. Springer, Scotland, pp 443–448
Aagard MD, Jones RB, Kaivola R, Kohatsu KR, Seger CH (2000) Formal verification of iterative algorithms in microprocessors. In: Proceedings of the 37th ACM/IEEE Design Automation Conference (DAC 2000). ACM Press, Los Angeles, pp 201–206
ACL2 Books: Codewalker. Online; accessed: Feb 2022. Github, (2014) https://github.com/acl2/acl2/tree/master/books/projects/codewalker
Arm ISA Specifications. Online. https://developer.arm.com/architectures/cpu-architecture/a-profile/exploration-tools
Armstrong A, Bauereiss T, Campbell B, Reid A, Gray KE, Norton RM, Mundkur P, Wassell M, French J, Pulte C, Flur S, Stark I, Krishnaswami N, Sewell P (2019) Isa semantics for armv8-a, risc-v, and cheri-mips. Proc ACM Program Lang 3. pp 1–31, https://doi.org/10.1145/3290384
Bauereiss T, Campbell B, Sewell T, Armstrong A, Esswood L, Stark I, Barnes G, Watson RNM, Sewell P (2021) Verified security for the morello capability-enhanced prototype arm architecture. Technical Report UCAM-CL-TR-959, University of Cambridge, Computer Laboratory
Bevier WR, Hunt WA Jr, Moore JS, Young WD (1989) Special issue on system verification. J Autom Reason 5(4):409–530
Boyer RS, Kaufmann M, Moore JS (1995) The Boyer-Moore theorem prover and its interactive enhancements. Comput Math Appl 29(2):27–62
Boyer RS, Moore JS (1996) Mechanized formal reasoning about programs and computing machines. Automated reasoning and its applications: essays in honor of larry wos, pp 147–176 . https://www.cs.utexas.edu/users/boyer/bm96.pdf
Boyer RS, Moore JS (2002) Single-threaded objects in ACL2. In: Krishnamurthy S, Ramakrishnan CR (eds) Practical Aspects of Declarative Languages (PADL). LNCS, vol 2257. Springer, pp 9–27
Boyer RS, Yu Y (1996) Automated proofs of object code for a widely used microprocessor. J ACM 43(1):166–192. http://dl.acm.org/citation.cfm?id=227603
Bronstein A, Talcott TL (1990) Formal verification of pipelines based on string-functional semantics. In: Claesen LJM (ed) Formal VLSI correctness verification. VLSI design methods II, pp 349–366
Burch JR, Dill DL (1994) Automatic verification of pipelined microprocessor control. In: Dill DL (ed) Proceedings of the 6th International Conference on Computer-Aided Verification (CAV 1994). LNCS, vol 818. Springer, pp 68–80
Chen YA, Bryant RE (1998) Verification of floating-point adders. In: International Conference on Computer Aided Verification. Springer, pp 488–499
Church A, Kleene SC (1937) Formal definitions in the theory of ordinal numbers. Fundam Math 28:11–21
CLHS (Common Lisp HyperSpec) Online; accessed: 2022 http://www.lispworks.com/reference/HyperSpec/index.html
Davis J, Slobodova A, Swords S (2014) Microcode verification–another piece of the microprocessor verification puzzle. In: International Conference on Interactive Theorem Proving. Springer, pp 1–16
Degenbaev U (2012) Formal specification of the x86 instruction set architecture. Ph.D. thesis, Universität des Saarlandes. http://rg-master.cs.uni-sb.de/publikationen/UD11.pdf
Dowek G, Felty A, Huet G, Paulin C, Werner B (1991) The coq proof assistant user guide version 5.6. Technical Report TR 134, INRIA
EXLD: ELF and Mach-O File Parser, Documentation. Online; accessed: 2022. https://www.cs.utexas.edu/users/moore/acl2/manuals/current/manual/?topic=EXLD____EXECLOADER
Floyd R (1967) Assigning meanings to programs. In: Mathematical Aspects of Computer Science, Proceedings of Symposia in Applied Mathematcs, vol XIX. American Mathematical Society, Providence, pp 19–32
Fox A (2015) Improved tool support for machine-code decompilation in HOL4. In: International Conference on Interactive Theorem Proving. Springer, pp 187–202
Goel S (2016) Formal verification of application and system programs based on a validated x86 ISA model. Ph.D. thesis, Department of Computer Science, The University of Texas at Austin. https://repositories.lib.utexas.edu/handle/2152/46437
Goel S, Slobodova A, Sumners R, Swords S (2020) Verifying x86 instruction implementations. In: Proceedings of the 9th ACM SIGPLAN International Conference on Certified Programs and Proofs, CPP 2020. Association for Computing Machinery, New York, pp 47–60. https://doi.org/10.1145/3372885.3373811
Goel S, Slobodova A, Sumners R, Swords S (2021) Balancing automation and control for formal verification of microprocessors. In: Silva A, Leino KRM (eds) Computer Aided Verification. Springer International Publishing, Cham pp 26–45
Goel S, Sumners R (2019) Using x86isa for microcode verification. In: SpISA 2021: Workshop on Instruction Set Architecture Specification. https://www.cl.cam.ac.uk/~jrh13/spisa19/paper_08.pdf
Goldstein HH, von Neumann J (1961) Planning and coding problems for an electronic computing instrument. In: von Neumann J (ed) Collected Works, vol V. Pergamon Press, Oxford
Gordon MJC, Melham TF (eds) (1993) Introduction to HOL: a theorem-proving environment for higher-order logic. Cambridge University Press, ISBN 0-521-44189-7. Journal of Functional Programming, 4(4), pp 557–559. https://doi.org/10.1017/S0956796800001180
Graf S, Saidi H (1997) Construction of abstract state graphs with PVS. In: Grumberg O (ed) Proceedings of the 9th International Conference on Computer-Aided Verification (CAV 1997). LNCS, vol 1254. Springer, pp 72–83
Greve D, Wilding M, Hardin D (2000) High-speed, analyzable simulators. In: Kaufmann M, Manolios P, Moore JS (eds) Computer-aided reasoning: ACL2 case studies, Kluwer Academic Publishers, Boston, pp 89–106
Greve DA (1998) Symbolic simulation of the JEM1 microprocessor. In: Gopalakrishnan G, Windley P (eds) Formal methods in computer-aided design. Lecture notes in computer science, vol 1522. Springer, Berlin/Heidelberg, pp 321–333. https://doi.org/10.1007/3-540-49519-3_21
Greve DA, Kaufmann M, Manolios P, Moore JS, Ray S, Ruize-Reina JL, Sumners R, Vroon D, Wilding M (2008) Efficient execution in an automated reasoning environment. J Funct Program 18(1):15–46
Harrison J (1999) A machine-checked theory of floating point arithmetic. In: International Conference on Theorem Proving in Higher Order Logics. Springer, pp 113–130
He J, Hoare CAR, Fränzle M, Müller-Olm M, Olderog ER, Schenke M, Hansen MR, Ravn AP, Rischel H (1994) Provably correct systems. In: International Symposium on Formal Techniques in Real-Time and Fault-Tolerant Systems. Springer, pp 288–335
Hunt WA Jr (1989)Microprocessor design verification. J Autom Reason 5(4):429–460. http://www.cs.utexas.edu/~boyer/ftp/cli-reports/048.pdf
Hunt WA Jr (1994) FM8501: a verified microprocessor. LNAI, vol 795. Lecture Notes in Artificial Intelligence, Springer, ISBN: 9783540579601
Intel: Pin: A Dynamic Binary Instrumentation Tool. http://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool
Intel Corporation (2021) Intel® Architecture Instruction Set Extensions Programming Reference. Online. Order Number: 319433-044. https://software.intel.com/en-us/articles/intel-sdm
Intel Corporation (2020) Intel® 64 and IA-32 Architectures Software Developer’s Manual Combined Volumes: 1, 2A, 2B, 2C, 2D, 3A, 3B, 3C, 3D, and 4. Online. Order Number: 325462-072USs. https://software.intel.com/en-us/articles/intel-sdm
Kaivola R, Kohatsu K (2003) Proof engineering in the large: formal verification of Pentium® 4 floating-point divider. Int J Softw Tools Technol Transfer 4(3):323–334
Kaivola R, Narasimhan N (2001) Formal verification of the Pentium® 4 multiplier. In: Sixth IEEE International High-Level Design Validation and Test Workshop, pp 115–120. https://doiu.org/10.1109/HLDVT.2001.972817
Kaufmann D, Biere A, Kauers M (2019) Verifying large multipliers by combining sat and computer algebra. In: 2019 Formal Methods in Computer Aided Design (FMCAD). IEEE, pp 28–36
Kaufmann M, Manolios P, Moore JS (eds) (2000a) Computer-aided reasoning: ACL2 case studies. Kluwer Academic Publishers, Boston
Kaufmann M, Manolios P, Moore JS (2000b) Computer-aided reasoning: an approach. Kluwer Academic Publishers, Boston
Kaufmann M, Moore JS (1994) Design goals of ACL2. Technical Report 101, Computational Logic Incorporated (CLI), Austin
Kaufmann M, Moore JS (1997) A precise description of the acl2 logic. See https://www.cs.utexas.edu/users/moore/publications/km97a.pdf
Lahiri SK, Bryant RE, Cook B (2003) A symbolic approach to predicate abstraction. In: Hunt WA Jr, Somenzi F (eds) Proceedings of the 15th International Conference on Computer-Aided Verification. LNCS, vol 2275. Springer, pp 141–153
Leroy X (2006)Formal certification of a compiler back-end, or: programming a compiler with a proof assistant. In: Proceedings of the 33rd Symposium on Principles of Programming Languages (POPL 2006). ACM Press, pp 42–54
Levy HM (1984) Capability-based computer systems. Butterworth-Heinemann, Newton
Liu H, Moore JS (2004) Java program verification via a JVM deep embedding in ACL2. In: International Conference on Theorem Proving in Higher Order Logics. Springer, pp 184–200
Manolios P (2000) Correctness of pipelined machines. In: Hunt WA Jr, Johnson SD (eds) Proceedings of the 3rd International Conference on Formal Methods in Computer-Aided Design (FMCAD 2000), LNCS, vol 1954. Springer, Austin, pp 161–178
Manolios P, Vroon D (2003) Algorithms for ordinal arithmetic. In: Baader F (ed) Proceedings of the 19th International Conference on Automated Deduction (CADE 2003). LNAI, vol 2741. Springer, Miami, pp 243–257
Moore JS (1996) Piton: a mechanically verified assembly-level language. Automated reasoning series, Kluwer Academic Publishers, USA
Moore JS (2003) Proving theorems about Java and the JVM with ACL2. In: Broy M, Pizka M (eds) Models, algebras, and logic of engineering software. IOS Press, pp 227–290
Moore JS, Lynch T, Kaufmann M (1998) A mechanically checked proof of the kernel of the AMD5K86 floating-point division algorithm. IEEE Trans Comput 47(9):913–926
Moore JS, Porter G (2002) The apprentice challenge. ACM Trans Program Lang Syst (ACM TOPLAS) 24(3):1–24
Mukherjee R, Joshi S, Griesmayer A, Kroening D, Melham T (2016) Equivalence checking of a floating-point unit against a high-level c model. In: Fitzgerald J, Heitmeyer C, Gnesi S, Philippou A (eds) FM 2016: Formal Methods. Springer International Publishing, Cham, pp 551–558
Mukherjee R, Kroening D, Melham T, Srivas M (2015) Equivalence checking using trace partitioning. In: 2015 IEEE Computer Society Annual Symposium on VLSI, pp 13–18. https://doi.org/10.1109/ISVLSI.2015.110
Myreen MO, Gordon M, Slind K (2008) Machine-code verification for multiple architectures – An application of decompilation into logic. In: Formal methods in computer-aided design, 2008. FMCAD’08, pp 1–8. https://doi.org/10.1109/FMCAD.2008.ECP.24, http://www.cl.cam.ac.uk/~mom22/decomp.pdf
Nipkow T, Paulson LC, Wenzel M (2002) Isabelle/HOL: a proof assistant for higher-order logic, vol 2283. Springer Science & Business Media, Lecture Notes in Computer Science, Springer Berlin. https://doi.org/10.1007/3-540-45949-9
O’Leary J, Kaivola R, Melham T (2013) Relational ste and theorem proving for formal verification of industrial circuit designs. In: 2013 Formal Methods in Computer-Aided Design. IEEE, pp 97–104
Owre S, Rushby JM, Shankar N (1992) PVS: a prototype verification system. In: Kapur D (ed) 11th International Conference on Automated Deduction (CADE). Lecture notes in artificial intelligence, vol 607. Springer, Saratoga, pp 748–752
Patil H, Cohn R, Charney M, Kapoor R, Sun A, Karunanidhi A (2004) Pinpointing representative portions of large intel ® itanium ® programs with dynamic instrumentation. In: 37th International Symposium on Microarchitecture (MICRO-37’04), pp 81–92. https://doi.org/10.1109/MICRO.2004.28
Paulson L (1993) Set theory for verification: I. From foundations to functions. J Autom Reason 11:353–389
Paulson L (1995) Set theory for verification: II. Induction and recursion. J Autom Reason 15:167–215
Pouarz TW, Agrawal V (2016) Efficient and exhaustive floating point verification using sequential equivalence checking. DVCon
Pratt VR (1995) Anatomy of the pentium bug. In: Proceedings of the 6th International Joint Conference CAAP/FASE on Theory and Practice of Software Development, TAPSOFT’95. Springer, Berlin/Heidelberg, pp 97–107
Ray S, Bhadra J (2007) A mechanized refinement framework for analysis of custom memories. In: Baumgartner J, Sheeran M (eds) Proceedings of the 7th International Conference on Formal Methods in Computer-Aided Design (FMCAD 2007). IEEE Computer Society, Austin, pp 239–242
Ray S. Bhadra J, Portlock T, Syzdek R (2010)Modeling and verification of industrial flash memories. In: Inernational Symposium on Quality Electronic Designs
Ray S, Hunt WA Jr, Matthews J, Moore JS (2008) A mechanical analysis of program verification strategies. J Autom Reason 40(4):245–269
Ray S, Moore JS (2004) Proof styles in operational semantics. In: Hu AJ, Martin AK (eds) Proceedings of the 5th International Conference on Formal Methods in Computer-Aided Design (FMCAD 2004). LNCS, vol 3312. Springer, Austin, pp 67–81
Ray S, Sumners R (2007) Combining theorem proving with model checking through predicate abstraction. IEEE Des Test Comput 24(2):132–139
Ray S, Sumners R (2013) Specification and verification of concurrent programs through refinements. J Autom Reason 51(3):241–280
Reid A (2016) Trustworthy specifications of ARM v8-A and v8-M system level architecture. In: Proceedings of the 16th Conference on Formal Methods in Computer-Aided Design (FMCAD’16)
Reid A, Chen R, Deligiannis A, Gilday D, Hoyes D, Keen W, Pathirane A, Shepherd O, Vrabel P, Zaidi A (2016) End-to-end verification of processors with ISA-formal. In: International Conference on Computer Aided Verification. Springer, pp 42–58
Russinoff D (1992) A mechanical proof of quadratic reciprocity. J Autom Reason 8:3–21
Russinoff D (1994) A mechanically verified incremental garbage collector. Form Asp Comput 6:359–390
Russinoff D (1998) A mechanically checked proof of IEEE compliance of a register-transfer-level specification of the AMD-K7 floating-point multiplication, division, and square root instructions. LMS J Comput Math 1:148–200
Russinoff DM (2000) A case study in formal verification of register-transfer logic with acl2: The floating point adder of the amd athlon tm processor. In: International Conference on Formal Methods in Computer-Aided Design. Springer, pp 22–55
Russinoff DM (2018) Formal verification of floating-point hardware design: a mathematical approach. Springer, Springer International Publishing, ISBN: 9783319955131
Saidi H, Shankar N (1999) Abstract and model check while you prove. In: Halbwacha N, Peled D (eds) Proceedings of the 11th International Conference on Computer-Aided Verification (CAV 1999), LNCS, vol 1633. Springer, pp 443–453
Sawada J, Hunt WA Jr (2002a) Verification of FM 9801: An out-of-order microprocessor model with speculative execution, exceptions, and program-modifying capability. Formal Meth Syst Des 20(2):187–222
Sawada J, Hunt WA Jr (2002b) Verification of FM 9801: An Out-of-Order Microprocessor Model with Speculative Execution, Exceptions, and Program-Modifying Capability. Formal Meth Syst Des 20(2):187–222 http://dl.acm.org/citation.cfm?id=584665
Shankar N (1997) Metamathematics, machines, and gödel’s proof. Cambridge Tracts in Theoretical Computer Science, Cambridge University Press. ISBN: 9780521585330
Srivas M, Bickford M (1990) Formal verification of a pipelined microprocessor. IEEE Softw 7(5):52–64
SV Documentation: A Hardware Verification Library. Online (Accessed: 2022). http://www.cs.utexas.edu/users/moore/acl2/manuals/current/manual/?topic=ACL2____SV
SV: A Hardware Verification Library. Online (Accessed: 2022). https://github.com/acl2/acl2/tree/master/books/centaur/sv
SVTV: A Structure for Simulation Pattern of a Hardware Design. Online (Accessed: 2022). http://www.cs.utexas.edu/users/moore/acl2/manuals/current/manual/?topic=ACL2____DEFSVTV
Swords S (2010) A verified framework for symbolic execution in the ACL2 theorem prover. Ph.D. thesis, Department of Computer Science, The University of Texas at Austin. http://repositories.lib.utexas.edu/handle/2152/ETD-UT-2010-12-2210
Swords S (2020) New rewriter features in fgl. Electronic Proceedings in Theoretical Computer Science 327:32–46. https://doi.org/10.4204/eptcs.327.3
Swords S, Davis J (2011) Bit-blasting ACL2 theorems. In: Proceedings of the 10th International Workshop on the ACL2 Theorem Prover and its Applications, ACL2 2011, Austin, 3–4 Nov 2011, pp 84–102. https://doi.org/10.4204/EPTCS.70.7
Talupur M, Ray S, Erickson J (2015) Transaction flows and executable models: Formalization and analysis of message passing protocols. In: Formal Methods in Computer-Aided Design, FMCAD 2015, Austin, 27–30 Sept 2015, pp 168–175
Temel M, Hunt WA (2021) Sound and automated verification of real-world rtl multipliers. In: 2021 Formal Methods in Computer Aided Design (FMCAD). IEEE, pp 53–62
VL Verilog Toolkit: Documentation. Online (Accessed: 2022). http://www.cs.utexas.edu/users/moore/acl2/manuals/current/manual/?topic=ACL2____VL
VL Verilog Toolkit. Online (Accessed: 2022). https://github.com/acl2/acl2/tree/master/books/centaur/vl
R.N.M. Watson, P.G. Neumann, J. Woodruff, M. Roe, J. Anderson, D. Chisnall, B. Davis, A. Joannou, B. Laurie, S.W. Moore, others (2016) Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture (Version 5). Technical Report UCAM-CL-TR-891. University of Cambridge, Computer Laboratory
Wilding MM, Greve DA, Richards RJ, Hardin DS (2010) Formal verification of partition management for the AAMP7G microprocessor. In: Design and verification of microprocessor systems for high-assurance applications. Springer, Springer, Boston, MA, pp 175–191
Winwood S, Klein G, Andronick J, Elphinstone K, Heiser G, Cock D, Derrin P, Elkaduwe D, Engelhardt K, Kolanski R, Norrish M, Sewell T, Tuch H (2010) seL4: Formal verification of an operating-system kernel. Commun ACM 53(6):107–115
x86isa: Documentation. Online; accessed: 2022. http://www.cs.utexas.edu/users/moore/acl2/manuals/current/manual/?topic=ACL2____X86ISA
Young WD (1989) A mechanically verified code generator. J Autom Reason 5(4):493–518
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Section Editor information
Rights and permissions
Copyright information
© 2022 Springer Nature Singapore Pte Ltd.
About this entry
Cite this entry
Goel, S., Ray, S. (2022). Microprocessor Assurance and the Role of Theorem Proving. In: Chattopadhyay, A. (eds) Handbook of Computer Architecture. Springer, Singapore. https://doi.org/10.1007/978-981-15-6401-7_38-1
Download citation
DOI: https://doi.org/10.1007/978-981-15-6401-7_38-1
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-6401-7
Online ISBN: 978-981-15-6401-7
eBook Packages: Springer Reference EngineeringReference Module Computer Science and Engineering