• Top
  • Documentation
    • Xdoc
    • ACL2-doc
    • Recursion-and-induction
    • Loop$-primer
    • Operational-semantics
      • Operational-semantics-3__annotated-bibliography
        • Bib::bhmy89
        • Bib::liu06
        • Bib::bm96
        • Bib::plotkin04b
        • Bib::bgm90
        • Bib::hkms17
        • Bib::bkm96
        • Bib::moore15
        • Bib::bh99
        • Bib::wilding93
        • Bib::plotkin04a
        • Bib::moore03b
        • Bib::mp02
        • Bib::moore19
        • Bib::manolios00
        • Bib::flatau92
        • Bib::hb92
        • Bib::bm05
        • Bib::goel16
        • Bib::bm73
        • Bib::ghk17
        • Bib::wilding92
        • Bib::moore17
        • Bib::moore96
        • Bib::ghkg14
        • Bib::yu92
        • Bib::hunt85
        • Bib::boh03
        • Bib::mmrv06
        • Bib::bm80
        • Bib::bh97
        • Bib::moore99b
        • Bib::moore14
        • Bib::rm04
        • Bib::by96
        • Bib::sawada00
        • Bib::mccarthy62
        • Bib::bm79
        • Bib::moore99a
        • Bib::sh98
        • Bib::rhmm07
        • Bib::kmm00a
        • Bib::ghk13
        • Bib::moore03a
        • Bib::hk12
        • Bib::mp67
        • Bib::young88
        • Bib::bm97
        • Bib::moore73
        • Bib::kmm00b
        • Bib::bevier87
      • Operational-semantics-1__simple-example
      • Operational-semantics-2__other-examples
      • Operational-semantics-5__history-etc
      • Operational-semantics-4__how-to-find-things
    • Pointers
    • Doc
    • Documentation-copyright
    • Course-materials
    • Args
    • ACL2-doc-summary
    • Finding-documentation
    • Broken-link
    • Doc-terminal-test-2
    • Doc-terminal-test-1
  • Books
  • Boolean-reasoning
  • Projects
  • Debugging
  • Std
  • Proof-automation
  • Macro-libraries
  • ACL2
  • Interfacing-tools
  • Hardware-verification
  • Software-verification
  • Math
  • Testing-utilities

• Operational-semantics-3__annotated-bibliography

Bib::bkm96

B. Brock, M. Kaufmann, and J S. Moore, “ACL2 Theorems about Commercial Microprocessors”, in M. Srivas and A. Camilleri, editors, Formal Methods in Computer-Aided Design (FMCAD'96), Springer-Verlag, LNCS 1166, pp. 275-293, doi 10.1007/BFb0031816, 1996.



Relevance: early (mid-1990s) applications of ACL2 in industry (Motorola CAP DSP via operational semantics and the AMD K5 FDIV via a shallow embedding)

———

Abstract

ACL2 is a mechanized mathematical logic intended for use in specifying and proving properties of computing machines. In two independent projects, industrial engineers have collaborated with researchers at Computational Logic, Inc. (CLI), to use ACL2 to model and prove properties of state-of-the-art commercial microprocessors prior to fabrication. In the first project, Motorola Inc., and CLI collaborated to specify Motorola's complex arithmetic processor (CAP), a single-chip, digital signal processor (DSP) optimized for communications signal processing. Using the specifications, we proved the correctness of several CAP microcode programs. The second industrial collaboration involving ACL2 was between Advanced Micro Devices, Inc. (AMD) and CLI. In this work we proved the correctness of the kernel of the floating-point division operation on AMD's first Pentium-class microprocessor, the AMD5K86. In this paper, we discuss ACL2 and these industrial applications, with particular attention to the microcode verification work.

———

This paper contains a good sketch of the Motorola CAP digital signal processor project, from capturing the design as an ACL2 operational model to proving microcode correct with respect to the model. The paper also includes a timeline describing how long different phases of the project took.

The paper also discusses the first use of ACL2, in 1995, to deal with floating-point arithmetic: verifying microcode for floating-point division on AMD's first Pentium-class microprocessor, the AMD5k86. However, the formalization of the division microcode was not via operational semantics but rather a “shallow embedding” of the microcode into ACL2. So while both the CAP project and floating-point project are of great relevance to the use of formal methods in industry, we have stressed the CAP work in this doc topic on operational semantics. For a technical description of the division proof, see J S. Moore, T. Lynch, and M. Kaufmann, “A Mechanically Checked Proof of the Correctness of the Kernel of the AMD5k86 Floating-Point Division Program”, IEEE Transactions on Computers, 47(9), pp. 913-926, Sep., 1998.