Technical reports
Multi-level verification of microprocessor-based systems
Jeffrey J. Joyce
May 1990, 163 pages
This technical report is based on a dissertation submitted December 1989 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Pembroke College.
DOI: 10.48456/tr-195
Abstract
The idea of using formal logic to reason about small fragments or single layers of a software/hardware system is well-established in computer science and computer engineering. Recently, formal logic has been used to establish correctness properties for several realistic systems including a commercially-available microprocessor designed by the British Ministry of Defence for life-critical applications. A challenging area of new research is to verify a complete system by linking correctness results for multiple layers of software and hardware into a chain of logical dependencies.
This dissertation focuses specifically on the use of formal proof and mechanical proof-generation techniques to verify microprocessor-based systems. We have designed and verified a complete system consisting of a simple compiler for a hierarchically structured programming language and a simple microprocessor which executes code generated by this compiler. The main emphasis of our discussion is on the formal verification of the microprocessor. The formal verification of the compiler is described in a separate paper included as an appendix to this dissertation.
Combining correctness results for the compiler with correctness results for the microprocessor yields a precise and rigorously established link between the formal semantics of the programming language and the execution of compiled code by a model of the hardware. The formal proof also links the hardware model to the behavioural specification of an asynchronous memory interface based on a four-phase handshaking protocol.
The main ideas of this research are (1) the use of generic specification to filter out non-essential detail, (2) embedding natural notations from special-purpose formalisations such as temporal logic and denotational description, and (3) the use of higher-order logic as a single unifying framework for reasoning about complete systems.
Generic specification, in addition to supporting fundamental principles of modularity, abstraction and reliable re-usability, provides a mechanism for enforcing a sharp distinction between what has and what has not been formally considered in a proof of corectness. Furthermore, it is possible to create generic specifications in a pure formalism with the expressive power of higher-order logic without inventing new constructs.
Natural notations from special-purpose formalisms offer the advantage of concise and meaningful specifications when applied to particular areas of formal description. Semantic gaps between different notations are avoided by embedding them in a single logic. Special-purpose rules based on these notations can be derived as theorems with the aim of implementing more efficient proof strategies.
Finally it is argued that the primary purpose of using mechanical proof generation techniques to reason about software and hardware is to support the intelligent participation of a human verifier in the rigorous analysis of a design at a level which supports clear thinking.
Full text
PDF (11.3 MB)
BibTeX record
@TechReport{UCAM-CL-TR-195,
author = {Joyce, Jeffrey J.},
title = {{Multi-level verification of microprocessor-based systems}},
year = 1990,
month = may,
url = {https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-195.pdf},
institution = {University of Cambridge, Computer Laboratory},
doi = {10.48456/tr-195},
number = {UCAM-CL-TR-195}
}