By Avra Cohn (auth.), Graham Birtwistle, P. A. Subrahmanyam (eds.)

This file describes the partly accomplished correctness evidence of the Viper 'block model'. Viper [7,8,9,11,23] is a microprocessor designed by means of W. J. Cullyer, C. Pygott and J. Kershaw on the Royal indications and Radar institution in Malvern, England, (henceforth 'RSRE') to be used in safety-critical purposes corresponding to civil aviation and nuclear strength plant regulate. it truly is at present discovering makes use of in components resembling the de­ ployment of guns from tactical airplane. To help safety-critical purposes, Viper has a particulary easy layout approximately which it's fairly effortless to cause utilizing present ideas and versions. The designers, who deserve a lot credits for the advertising of formal tools, meant from the beginning that Viper be officially proven. Their notion was once to version Viper in a chain of decreasingly summary degrees, each one of which targeting a few point ofthe layout, akin to the circulate ofcontrol, the processingofinstructions, and so forth. that's, each one version will be a specification of the following (less summary) version, and an implementation of the former version (if any). The verification attempt could then be simplified by means of being established in keeping with the series of abstraction degrees. those types (or degrees) of description have been characterised by way of the layout group. the 1st degrees, and a part of the 3rd, have been written through them in a logical language amenable to reasoning and proof.







