
Formal Verification of Y86-64 Processors - deepaksurti
http://csappbook.blogspot.com/2018/10/formal-verification-of-y86-64-processors.html
======
tyingq
Didn't know what Y86 meant, but found this:

 _' The Y86 is a “toy” machine that is similar to the x86 but much simpler. It
is a gentler introduction to assembly level programming than the x86. Just a
few instructions as opposed to hundreds for the x86. Fewer addressing modes.
Simpler system state. Absolute addressing.'_

~~~
kevintb
Yes, it's widely used among universities teaching intro computer systems, I
believe.

------
jonas_o
Nice! Seems however like there is no obvious approach to scale this proof to a
machine with caches and multicycle memory accesses, where you can not flush
the pipeline quite as conveniently.

~~~
mrefj
That is true. Scaling this to processor with caches and deep pipelines is
completely non-trivial. There has been some attempt to scale to more
"realistic" designs with compositional (stepwise) verification.

[http://www.ccs.neu.edu/home/pete/research/ieee-vlsi-
composit...](http://www.ccs.neu.edu/home/pete/research/ieee-vlsi-
composition.html)

[http://www.ccs.neu.edu/home/pete/research/todaes-safety-
live...](http://www.ccs.neu.edu/home/pete/research/todaes-safety-liveness-
refinement.html)

------
iceninenines
Interesting. Formally-proving a classical processor circuit design (as opposed
to the ISA and RTL) must be fun as sequential and bus logic aren't just 0 and
1, as there's high-impedance, time where a result isn't yet stable and
uninitialized. Also, there are don't care states and values in the design
which aim to reduce circuit complexity and latency.

If/when many qubits circuits can be fabricated, that also sounds like a mucho
fun challenge for formal verification. It's an educated guess that people are
already working/worked on it because the math usually precedes the hardware.

~~~
jonas_o
You can get rid of metastability and high impendance in the proofs provided
cycle time is large enough. Then you have cyclical binary logic. This is a
classical result shown eg in "Computer Architecture" (Müller Paul)

I don't know anyone working on formal verification of quantum hardware, would
be interesting if anyone does it.

~~~
nickpsecurity
It's happening:

[https://www.seas.upenn.edu/~rrand/qpl_2017_talk.pdf](https://www.seas.upenn.edu/~rrand/qpl_2017_talk.pdf)

