Learn More
We p r e s e n t a systematic approach t o decompose and incrementally build the proof of correctness of pipelined microprocessors. The central idea is to construct the abstraction function using completion functions, one per unnnished instruction, each o f w h i c h specify the eect (on the observables) of completing the instruction. In addition to(More)
The transaction ordering problem of the original PCI 2.1 standard bus speciication violates the desired correctness property of maintaining the so called`Producer/Consumer' relationship between writers and readers of data. This violation stems mainly from the so called completion stealing problem, rst identiied and solved by Corella et al 4], and supported(More)
The Completion Functions Approach was proposed in HSG98] as a systematic way to decompose the proof of correctness of pipelined microprocessors. The central idea is to construct the abstraction function using completion functions, one per unnnished instruction, each of which speciies the eeect (on the observables) of completing the instruction. In this(More)
The transaction ordering problem of the original PCI 2.1 standard bus speciication violates the desired correctness property of maintaining the so called`Producer/Consumer' relationship between writers and readers. In 3], a correction to this ordering problem was proposed and informally proved (called the \HP solution" here). In this paper, we present a(More)
The degree to which formal veriication methods are adopted in practice depends on concrete demonstrations of their applicability on real-world examples. In this paper, we present our eeorts in this regard involving a commercial high-speed split-transaction bus called the Runway. Modern busses such as the Runway deal with so many intertwined and complex(More)
The Completion Functions Approach was proposed in HSG98] as a systematic way to decompose the proof of correctness of pipelined microprocessors. The central idea is to construct the abstraction function using completion functions, one per unnnished instruction, each of which speciies the eeect (on the observables) of completing the instruction. However, its(More)
  • 1