## Formal Verif. At AMD.. then and now.. ACL2 or not..

Rob Sumners, Advanced Micro Devices

- Alumni: David Russinoff, Matt Kaufmann, Eric Smith, Art Flatau, Bill Bevier, Hanbing Liu, ...
- ACL2 formal work: primarily floating-point unit verification
- Tools for translating Verilog RTL to ACL2 functions
- Lemmas and libraries for reasoning about rtl operators in ACL2
- Various other pieces of sundry proof work here and there.. dabblings

## Formal Verif. at AMD .. sans ACL2.. then

## **Rob Sumners**

- Various attempts at model checking and functional equivalence checking
- Mostly using industrial model checkers... usual suspects
- Primary focuses have been in cache controllers, "north bridges", etc.
- Safety properties: RTL inline assertions, ordering violations, etc.
- Progress properties: Generally converted into safety properties via measures

## Formal Verif. at AMD now.. well.. just Rob

- Still using model checkers for lower level properties of RTL blocks
- Biggest issues: building/maintaining precise environments for blocks
- Also: debugging when tools diverge and splitting properties into more manageable chunks

Additionally, we have started using ACL2 again for defining and verifying high-level transaction protocol properties. For this work, ACL2 is primarily a tool development and target language for specification and proofs of properties used in the tool.