This is a milestone in machine-assisted microprocessor verification. Gordon [20] and Hunt [32] led the way with their verifications of sim ple designs, Cohn [12, 13] followed this with the verification of parts of the VIPER microprocessor. This work illustrates how much these, and other, pioneers achieved in developing tractable models, scalable tools, and a robust methodology. A condensed review of previous re search, emphasising the behavioural model underlying this style of verification is followed by a careful, and remarkably readable, ac count of the SECD architecture, its formalisation, and a report on the organisation and execution of the automated correctness proof in HOL. This monograph reports on Graham's MSc project, demonstrat ing that - in the right hands - the tools and methodology for formal verification can (and therefore should?) now be applied by someone with little previous expertise in formal methods, to verify a non-trivial microprocessor in a limited timescale. This is not to belittle Graham's achievement; the production of this proof, work ing as Graham did from the previous literature, goes well beyond a typical MSc project. The achievement is that, with this exposition to hand, an engineer tackling the verification of similar microprocessor designs will have a clear view of the milestones that must be passed on the way, and of the methods to be applied to achieve them.

This is a milestone in machine-assisted microprocessor verification. Gordon [20] and Hunt [32] led the way with their verifications of sim ple designs, Cohn [12, 13] followed this with the verification of parts of the VIPER microprocessor. This work illustrates how much these, and other, pioneers achieved in developing tractable models, scalable tools, and a robust methodology. A condensed review of previous re search, emphasising the behavioural model underlying this style of verification is followed by a careful, and remarkably readable, ac count of the SECD architecture, its formalisation, and a report on the organisation and execution of the automated correctness proof in HOL. This monograph reports on Graham's MSc project, demonstrat ing that - in the right hands - the tools and methodology for formal verification can (and therefore should?) now be applied by someone with little previous expertise in formal methods, to verify a non-trivial microprocessor in a limited timescale. This is not to belittle Graham's achievement; the production of this proof, work ing as Graham did from the previous literature, goes well beyond a typical MSc project. The achievement is that, with this exposition to hand, an engineer tackling the verification of similar microprocessor designs will have a clear view of the milestones that must be passed on the way, and of the methods to be applied to achieve them.