From: Brian Drummond <brian@shapes.demon.co.uk>
Subject: Re: Verified compilers?
Date: Fri, 9 Mar 2012 13:56:34 +0000 (UTC)
Date: 2012-03-09T13:56:34+00:00 [thread overview]
Message-ID: <jjd26i$k12$1@dont-email.me> (raw)
In-Reply-To: CB7EF37F.1184D%yaldnif.w@blueyonder.co.uk
On Thu, 08 Mar 2012 23:38:39 +0000, Bill Findlay wrote:
> On 08/03/2012 10:23, in article jja1b4$8q1$1@dont-email.me, "Brian
> Drummond" <brian@shapes.demon.co.uk> wrote:
>
>> On Thu, 08 Mar 2012 10:04:04 +0100, Jacob Sparre Andersen wrote:
>>
>>
>>> Oh. And who verifies that the silicon is correct?
>>
>> VIPER.
>>
>> en.wikipedia.org/wiki/VIPER_microprocessor
>> www.cl.cam.ac.uk/techreports/UCAM-CL-TR-104.pdf
>
> Was the 'proof' of VIPER not later shown to have missed serious faults?
Quem vedisti pastores?
That must be the "controversy" hinted at on Viper's Wikipedia page.
Unfortunately, apart from the Dick Pountain article in Byte, I don't know
anything about the VIPER, so any further info would be appreciated.
It would be interesting to see verified hardware : maybe even VIPER
revisited with newer proof tools; and to see if something more like a
real CPU - say an ARM1 or 2 (let's not be too ambitious!) - would be
verifiable these days.
While it amuses me to see SPADE references so close to the surface in
SPARK, it does also make me question how much progress has been made in
formal verification in the last quarter century. Gut feel says, more than
AI and flying cars, but not much.
Which does not negate its value. Rather, I think it points to the fact
that there is much neglected ground, that could prove fertile.
One area, directly germane to the question above, is that there is a lot
of commonality between the SPARK subset of Ada, and the synthesisable
subset of VHDL, probably because both share the need for static
elaboration of resources. I would like to see this exploited in several
ways, whether as SystemAda (surely a better alternative to SystemC) for
SW/HW co-verification or ESL design, or as SPARK-like proof tools applied
to VHDL.
VHDL and Ada seem to be following separate but convergent evolution paths
(e.g. VHDL has conditional and case expressions, Ada will. Ada has
inheritance, VHDL doesn't ... yet) and formal proof would appear to be
equally applicable to suitable subsets of both.
> (BTW nice to see that someone else remembers the Rekursiv.)
(well I know a little more about THAT!)
There was a lot of interesting hardware at the time. I was intrigued by
the similarity between Transputer and Lilith instruction formats, which
might be worth re-examining where code density (or making it fit in
cache) is important.
- Brian
next prev parent reply other threads:[~2012-03-09 13:56 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-21 15:42 Verified compilers? Yannick Duchêne (Hibou57)
2012-02-24 1:41 ` Shark8
2012-02-24 8:52 ` Georg Bauhaus
2012-02-24 17:36 ` Peter C. Chapin
2012-03-06 1:27 ` Randy Brukardt
2012-03-06 17:24 ` Shark8
2012-03-06 17:43 ` Dmitry A. Kazakov
2012-03-06 19:03 ` Shark8
2012-03-07 5:33 ` Yannick Duchêne (Hibou57)
2012-03-07 9:12 ` Dmitry A. Kazakov
2012-03-07 17:49 ` Niklas Holsti
2012-03-07 20:17 ` Dmitry A. Kazakov
2012-03-07 23:28 ` Usefulness of Formal Notions in Programming (was: Verified compilers?) Georg Bauhaus
2012-03-08 9:24 ` Usefulness of Formal Notions in Programming Dmitry A. Kazakov
2012-03-08 10:30 ` Nasser M. Abbasi
2012-03-08 12:37 ` Dmitry A. Kazakov
2012-03-08 0:42 ` Verified compilers? Randy Brukardt
2012-03-08 9:25 ` Dmitry A. Kazakov
2012-03-08 18:10 ` Niklas Holsti
2012-03-08 20:41 ` Dmitry A. Kazakov
2012-03-08 18:02 ` Niklas Holsti
2012-03-08 20:40 ` Dmitry A. Kazakov
2012-03-09 0:44 ` Georg Bauhaus
2012-03-09 22:13 ` Niklas Holsti
2012-03-10 10:36 ` Dmitry A. Kazakov
2012-03-10 20:35 ` Niklas Holsti
2012-03-11 9:47 ` Dmitry A. Kazakov
2012-03-11 22:22 ` Niklas Holsti
2012-03-12 5:12 ` Niklas Holsti
2012-03-12 9:43 ` Dmitry A. Kazakov
2012-03-14 8:36 ` Niklas Holsti
2012-03-14 9:24 ` Georg Bauhaus
2012-03-14 11:14 ` REAL (was: Verified compilers?) stefan-lucks
2012-03-14 12:59 ` REAL Dmitry A. Kazakov
2012-03-14 13:30 ` REAL Georg Bauhaus
2012-03-14 13:51 ` REAL Dmitry A. Kazakov
2012-03-14 20:37 ` REAL Brian Drummond
2012-03-14 21:52 ` REAL Dmitry A. Kazakov
2012-03-14 13:52 ` REAL georg bauhaus
2012-03-14 17:42 ` REAL Jeffrey Carter
2012-03-14 10:14 ` Verified compilers? Dmitry A. Kazakov
2012-03-14 20:13 ` Niklas Holsti
2012-03-11 10:55 ` Georg Bauhaus
2012-03-10 13:46 ` Brian Drummond
2012-03-07 1:00 ` Randy Brukardt
2012-03-07 12:42 ` Stuart
2012-03-08 1:06 ` Randy Brukardt
2012-03-08 9:04 ` Jacob Sparre Andersen
2012-03-08 9:37 ` Dmitry A. Kazakov
2012-03-08 11:23 ` Simon Wright
2012-03-08 12:27 ` Dmitry A. Kazakov
2012-03-08 10:23 ` Brian Drummond
2012-03-08 23:38 ` Bill Findlay
2012-03-09 13:56 ` Brian Drummond [this message]
2012-03-09 14:43 ` Shark8
2012-03-09 21:51 ` Brian Drummond
2012-03-09 15:49 ` Bill Findlay
2012-03-09 20:34 ` Brian Drummond
2012-03-09 19:40 ` Jeffrey Carter
2012-03-09 20:39 ` Brian Drummond
2012-03-09 23:59 ` phil.clayton
2012-03-08 15:23 ` Peter C. Chapin
2012-03-09 2:04 ` Randy Brukardt
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox