From: phil.clayton@lineone.net
Subject: Re: Verified compilers?
Date: Fri, 9 Mar 2012 15:59:21 -0800 (PST)
Date: 2012-03-09T15:59:21-08:00 [thread overview]
Message-ID: <3398270.1725.1331337561115.JavaMail.geo-discussion-forums@vbgx21> (raw)
In-Reply-To: <jjd26i$k12$1@dont-email.me>
On Friday, March 9, 2012 1:56:34 PM UTC, Brian Drummond wrote:
> On Thu, 08 Mar 2012 23:38:39 +0000, Bill Findlay wrote:
>
> > On 08/03/2012 10:23, in article jja1b4$8q1$1@dont-email.me, "Brian
> > Drummond"
> wrote:
> >
> >> On Thu, 08 Mar 2012 10:04:04 +0100, Jacob Sparre Andersen wrote:
> >>
> >>
> >>> Oh. And who verifies that the silicon is correct?
> >>
> >> VIPER.
> >>
> >> en.wikipedia.org/wiki/VIPER_microprocessor
> >> www.cl.cam.ac.uk/techreports/UCAM-CL-TR-104.pdf
> >
> > Was the 'proof' of VIPER not later shown to have missed serious faults?
>
> Quem vedisti pastores?
>
> That must be the "controversy" hinted at on Viper's Wikipedia page.
> Unfortunately, apart from the Dick Pountain article in Byte, I don't know
> anything about the VIPER, so any further info would be appreciated.
See Donald MacKenzie's excellent book 'Knowing Machines' which makes extensive reference to the VIPER case. (It is a fairly unique example.)
The short chapter covering the VIPER fiasco can (except for the first page) be read here:
http://books.google.co.uk/books?id=c5YaHkcP6DEC&pg=PA160
(Don't let that stop you buying the book though!)
Ultimately the problem seems to be that expectations were set too high: the formal proofs did not say as much about the actual hardware as people may have been led to expect and the commercial prospects were not as great as suggested.
I used to work in the same team as one of the VIPER developers, though many years after VIPER, and it is always interesting to hear parts of the story. One favourite is an early meeting with the lawyers. They sat down and asked
"So, what exactly is boolean algebra?"
> It would be interesting to see verified hardware : maybe even VIPER
> revisited with newer proof tools; and to see if something more like a
> real CPU - say an ARM1 or 2 (let's not be too ambitious!) - would be
> verifiable these days.
I assume you mean a complete CPU verified from design all the way to the gate level. That would be interesting!
The hardware you are using right now almost certainly has some aspect of formal verification already, for example, Intel have been doing this for years. There is plenty of information out there discussing the issues, e.g.
http://www.cl.cam.ac.uk/~jrh13/slides/types-04sep99/slides1.pdf
> While it amuses me to see SPADE references so close to the surface in
> SPARK, it does also make me question how much progress has been made in
> formal verification in the last quarter century. Gut feel says, more than
> AI and flying cars, but not much.
I generally agree. Certainly, much larger systems are now being verified but, when considering the actual advance, one should compensate for simply making use of greater computational resources. Formal verification is fundamentally difficult so it is difficult to advance. There are a lot of people out there trying.
> Which does not negate its value. Rather, I think it points to the fact
> that there is much neglected ground, that could prove fertile.
I very much think so too!
Phil
next prev parent reply other threads:[~2012-03-10 0:15 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-21 15:42 Verified compilers? Yannick Duchêne (Hibou57)
2012-02-24 1:41 ` Shark8
2012-02-24 8:52 ` Georg Bauhaus
2012-02-24 17:36 ` Peter C. Chapin
2012-03-06 1:27 ` Randy Brukardt
2012-03-06 17:24 ` Shark8
2012-03-06 17:43 ` Dmitry A. Kazakov
2012-03-06 19:03 ` Shark8
2012-03-07 5:33 ` Yannick Duchêne (Hibou57)
2012-03-07 9:12 ` Dmitry A. Kazakov
2012-03-07 17:49 ` Niklas Holsti
2012-03-07 20:17 ` Dmitry A. Kazakov
2012-03-07 23:28 ` Usefulness of Formal Notions in Programming (was: Verified compilers?) Georg Bauhaus
2012-03-08 9:24 ` Usefulness of Formal Notions in Programming Dmitry A. Kazakov
2012-03-08 10:30 ` Nasser M. Abbasi
2012-03-08 12:37 ` Dmitry A. Kazakov
2012-03-08 0:42 ` Verified compilers? Randy Brukardt
2012-03-08 9:25 ` Dmitry A. Kazakov
2012-03-08 18:10 ` Niklas Holsti
2012-03-08 20:41 ` Dmitry A. Kazakov
2012-03-08 18:02 ` Niklas Holsti
2012-03-08 20:40 ` Dmitry A. Kazakov
2012-03-09 0:44 ` Georg Bauhaus
2012-03-09 22:13 ` Niklas Holsti
2012-03-10 10:36 ` Dmitry A. Kazakov
2012-03-10 20:35 ` Niklas Holsti
2012-03-11 9:47 ` Dmitry A. Kazakov
2012-03-11 22:22 ` Niklas Holsti
2012-03-12 5:12 ` Niklas Holsti
2012-03-12 9:43 ` Dmitry A. Kazakov
2012-03-14 8:36 ` Niklas Holsti
2012-03-14 9:24 ` Georg Bauhaus
2012-03-14 11:14 ` REAL (was: Verified compilers?) stefan-lucks
2012-03-14 12:59 ` REAL Dmitry A. Kazakov
2012-03-14 13:30 ` REAL Georg Bauhaus
2012-03-14 13:51 ` REAL Dmitry A. Kazakov
2012-03-14 20:37 ` REAL Brian Drummond
2012-03-14 21:52 ` REAL Dmitry A. Kazakov
2012-03-14 13:52 ` REAL georg bauhaus
2012-03-14 17:42 ` REAL Jeffrey Carter
2012-03-14 10:14 ` Verified compilers? Dmitry A. Kazakov
2012-03-14 20:13 ` Niklas Holsti
2012-03-11 10:55 ` Georg Bauhaus
2012-03-10 13:46 ` Brian Drummond
2012-03-07 1:00 ` Randy Brukardt
2012-03-07 12:42 ` Stuart
2012-03-08 1:06 ` Randy Brukardt
2012-03-08 9:04 ` Jacob Sparre Andersen
2012-03-08 9:37 ` Dmitry A. Kazakov
2012-03-08 11:23 ` Simon Wright
2012-03-08 12:27 ` Dmitry A. Kazakov
2012-03-08 10:23 ` Brian Drummond
2012-03-08 23:38 ` Bill Findlay
2012-03-09 13:56 ` Brian Drummond
2012-03-09 14:43 ` Shark8
2012-03-09 21:51 ` Brian Drummond
2012-03-09 15:49 ` Bill Findlay
2012-03-09 20:34 ` Brian Drummond
2012-03-09 19:40 ` Jeffrey Carter
2012-03-09 20:39 ` Brian Drummond
2012-03-09 23:59 ` phil.clayton [this message]
2012-03-08 15:23 ` Peter C. Chapin
2012-03-09 2:04 ` Randy Brukardt
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox