[libre-riscv-dev] POWER9 formal correctness proofs collaboration

Luke Kenneth Casson Leighton lkcl at lkcl.net
Wed May 27 14:12:34 BST 2020



one of the critical aspects of LibreSOC is that we do not want to be the
ones who declare our code to be "correct" to our customers: we want our
customers to be in a position to independently confirm it for themselves,
at every level.

consequently, we have to develop Formal Correctness proofs not as an
afterthought but as part of the real time day to day development process.

this leaves behind a morass of code that, strategically, is of enormous
value to other teams.

yet because of there being no defined interfaces, we are "getting on with
it" and consequently the code is designed to interface to LibreSOC's
internal data structures.

as thinge stand, other teams, therefore, would need to do quite a lot of
work before being able to take advantage of the proofs.

in RISC-V, SymbioticEDA set about defining a de-facto industry standard
interface, through which access to the internals of the core to be tested
could "plug in" any given Formal Proof. full access to registers,
pipelines, instructions, memory subsystem, everything, in a well-defined


would anyone like to collaborate on defining a similar such interface, for
POWER9 teams to be able to formally validate their cores?

if so, we have tax deductible donations from NLNet if code is written that
happens to be directly useable for our project.  if we take EUR as the
unit, i believe there are up to around 9,000 such gifts available :)

also, second question, has a Compliance Working Group (and mailing list)
been established, as this is the kind of thing that should probably be
raised there (defining an interface, that is).


crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68

More information about the libre-riscv-dev mailing list