Formal Verification of the VAMP Microprocessor Project Status

Microprocessors are in use in many safety-critical environments, such as cars or planes. We therefore consider the correctness of such components as a matter of vital importance. Testing microprocessors is limited by the huge state space of modern microprocessors. We therefore think formal verification is the sole way to obtain a correctness guarantee. At Saarland University, we are currently working on a project aiming to formally verify the correctness of a complete microprocessor called VAMP. The VAMP (Verified Architecture Microprocessor) is a variant of the DLX processor [11]. It features a Tomasulo-scheduled 5-stage pipeline, precise interrupts, delayed branch, virtual memory management, cache memory, and a fully IEEE compliant dual-precision floating point unit that handles denormals and exceptions entirely in hardware. The specification and verification is performed on the gate level using the PVS theorem proving system [25]. Our group has developed a tool which automatically translates hardware specifications from the PVS language to Verilog HDL. This enables us to translate the VAMP to Verilog and synthesize it on a Xilinx FPGA [7]. This paper provides an overview of the VAMP project. We sketch the proof techniques used in the verification of the different VAMP components.