

# Formal verification Verification of *small* microprocessor

CERN training - July 2025

#### Context

A team has been developing a micro-coded processor, able to count the number of 1s found on an input bus of 64 bits. This processor is decomposed into various modules and we would like to formally verify this design.

Let's dispatch the work onto the team.

## 1 Full processor

The general architecture is the following <sup>1</sup>:



<sup>1.</sup> Yes, there is some french on the figures, but I guess you'll figure out what's happening.

It is however decomposed into a control and a datapath modules:



The control part is itself decomposed into a program counter and a ROM memory.

## 2 Datapath

The datapath is decomposed into a bank register, an Arithmetic Logic Unit (ALU) and the rest of the parts (mux + D latch).

The datapath corresponds to the low part of the following schematic:



## 3 Arithmetic Logic Unit

The ALU does offer the following interface:



Depending on the OP, the operation is the following:

$$\begin{array}{c|cccc} {\rm ADD} & \overline{000} & Y = A + B \\ {\rm SHR} & 001 & Y = A \gg 1 \\ {\rm EQ} & 010 & F = (A == B) \\ {\rm AND} & 011 & Y = A \ and \ B \\ {\rm MOV} & 100 & Y = A \end{array}$$

## 4 Register bank

The register bank corresponds to the following module:



It contains 16 elements of 8 bits. Two read ports, A and B, allow simultaneous reading of data stored at addresses RAA and RAB respectively. Reads are asynchronous, et write operations are synchronous, activated by the WEN signal, allowing to write data W at address WA.

#### 5 Program counter

The program counter contains the counter and the logic allowing jumps and conditional jumps. By default it incrments, but if start is high ('1'), it is synchronously set to 0. If this is not the case, if Flag is active and that JF is also active, the it is loaded with the address supplied. Such operation is also performed if JP is active.



## 6 Modules to verify

The following modules can be individually verified:

- 1. Program counter
- 2. ALU
- 3. Register bank
- 4. Datapath
- 5. Everything except the ROM
- 6. The entire block (the ROM contains a program to count the number of '1's)