Skip to main content
SpringerLink
Log in

Utilizing parametric systems for detection of pipeline hazards

  • General
  • Regular Paper
  • Published:
International Journal on Software Tools for Technology Transfer Aims and scope Submit manuscript

Abstract

The current stress on having a rapid development cycle for microprocessors featuring pipeline-based execution leads to a high demand of automated techniques supporting the design, including a support for its verification. We present an automated approach that combines static analysis of data paths, SMT solving, and formal verification of parametric systems in order to discover flaws caused by improperly handled data and control hazards between pairs of instructions. In particular, we concentrate on synchronous, single-pipelined microprocessors with in-order execution of instructions. The paper unifies and better formalizes our previous works on read-after-write, write-after-read, and write-after-write hazards and extends them to be able to handle control hazards in microprocessors with a single pipeline too. The approach has been implemented in a tool called Hades, and we present promising experimental results obtained using the tool on multiple pipelined microprocessors.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Notes

  1. Note that we do not introduce any notion of initial states of the transition system. This is because we will use the notion of transition systems to help us explore which sequences of transitions of the system \((C, \hookrightarrow )\) are possible while restricting the exploration to relevant states externally to the notion of transition systems (as we will later see in Sect. 7.2).

  2. The data that have not been written to its final register.

  3. We assume that the \( Impl \), \( Or \), and \( Not \) vertices of the PSG compute the standard implication \(f_{ impl } :{\mathbb {B}}^2 \rightarrow {\mathbb {B}}\), disjunction \(f_{ or } :{\mathbb {B}}^2 \rightarrow {\mathbb {B}}\), and negation \(f_{ not } :{\mathbb {B}}\rightarrow {\mathbb {B}}\) functions. That is, for instance, \(f_{ impl }(a_0, a_1) := a_0 \Rightarrow a_1\) for \(a_0, a_1 \in {\mathbb {B}}\).

  4. For a full list of pipeline registers, see Table 1 in Sect. 5.1.

  5. Note that, in Eq. 1, we may remove the \(\psi (v_p'.\mathtt {rst})\) conjunct since the constraint \(v_p'.\mathtt {rst}^\star =1\) is not present, and likewise with \(\psi (v_p'.\mathtt {en})\) in Eq. 2.

  6. For WAW hazards, in the final step, we generate maximal store executions instead. In this case, the error caused by the hazard is immediately visible from the programmer’s point of view, and there is no need of its propagation to another architectural register.

  7. Note that the executions can also end by an \(v_k.\mathtt {en}\) edge. However, in this case, no matter what the value of the enable signal is a hazard happens by enabling/not enabling a write of some data into an architectural register. Hence, no further condition is needed in this case.

  8. In our implementation of the approach, we replace the existential quantification by simply pruning away all variables unrelated with any \(e^\star \) for any \(e \in E\) and by renaming the remaining variables in a unique way such that no conflicts arise when constructing more complex formulae on top \( unwind _ h ^\star (q)\).

  9. The entire formula is, of course, much bigger—indeed, it describes the entire transition relation. When the satisfiability checking is done automatically, the solver will consider the entire formula. However, we select its relevant parts only so that the example is readable.

  10. Intuitively, the addition of 1 is needed since the victim starts by one cycle later. Further, note that the gap is appropriately defined also for the case when \(\tau ^{\text {lst}}_ sp = \tau ^{\text {lst}}_ vi \) when a gap window of size 1 is needed to compensate the fact that the victim starts by one cycle later.

  11. The subtraction of 1 comes from that the spoiler starts by one cycle earlier.

  12. For convenience, by a slight abuse of the notation, we let \(( Q ^ h \times ({\mathbb {N}}\cup \{ \bot , \top \})) \times ({\mathbb {N}}\cup \{ \bot , \top \}) = Q ^ h \times ({\mathbb {N}}\cup \{ \bot , \top \}) \times ({\mathbb {N}}\cup \{ \bot , \top \})\) and \(((q,i_1),i_2) = (q,i_1,i_2)\) for any \(q \in Q ^ h \) and \(i_1, i_2 \in {\mathbb {N}}\cup \{ \bot , \top \}\), and likewise for higher values of n.

  13. The converse cannot happen due to the basic consistency checks that we perform.

  14. Most of the processors are available together with our tool. However, SPP8 and Codea2 were provided by the Codasip company [15] and are not publicly available at the time of writing this article—likewise for SPP16, which we derived from SPP8.

  15. The considered processors differ from each other not only in the length of the pipeline but also in the overall structural complexity. However, the overall structural complexity is bigger for those processors that have a longer pipeline. Hence, the influence of solely the length of the pipeline can be even smaller than twofold.

References

  1. Aagaard, M.D.: A hazards-based correctness statement for pipelined circuits. In: Proceedings of Correct Hardware Design and Verification Methods (CHARME’03), LNCS, vol. 2860, pp. 66–68. Springer (2003)

  2. Abdulla, P.A., Haziza, F., Holík, L.: All for the price of few (parameterized verification through view abstraction). In: Proceedings of Verification, Model Checking, and Abstract Interpretation (VMCAI’13), LNCS, vol. 7737, pp .476–495. Springer (2013)

  3. Barrett, C., Conway, C.L., Deters, M., Hadarean, L., Jovanovi’c, D., King, T., Reynolds, A., Tinelli, C.: CVC4. In: Proceedings of the 23rd International Conference on Computer Aided Verification (CAV’11), LNCS, vol. 6806, pp. 171–177. Springer (2011)

  4. Bouajjani, A., Habermehl, P., Vojnar, T.: Abstract regular model checking. In: Proceedings of 16th International Conference on Computer Aided Verification (CAV’04). LNCS, vol. 3114, pp. 197–202. Springer (2004)

  5. Brummayer, R., Biere, A.: Boolector: an efficient SMT solver for bit-vectors and arrays. In: Proceedings of International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’09). LNCS, vol. 5505, pp. 174–177. Springer (2009)

  6. Bryant, R.E.: Formal verification of pipelined Y86-64 microprocessors with UCLID5. Technical Report CMU-CS-18-122 (2018)

  7. Burch, J.R., Dill, D.L.: Automatic verification of pipelined microprocessor control. In: Proceedings of Computer Aided Verification (CAV’94), LNCS, vol. 818, pp. 68–80. Springer (1994)

  8. Cadence: Tensilica Software Development Toolkit (SDK) (2014)

  9. Charvát, L., Smrčka, A., Vojnar, T.: Automatic formal correspondence checking of ISA and RTL microprocessor description. In: Proceedings of Microprocessor Test and Verification (MTV’12), pp. 6–12. IEEE (2012)

  10. Charvát, L., Smrčka, A., Vojnar, T.: Hades Hades Hardware Verification Tool. www.fit.vutbr.cz/research/groups/verifit/tools/hades/ (2014)

  11. Charvát, L., Smrčka, A., Vojnar, T.: Using formal verification of parameterized systems in RAW hazard analysis in microprocessors. In: Proceedings of Microprocessor Test and Verification (MTV’14), pp. 83–89. IEEE (2014)

  12. Charvát, L., Smrčka, A., Vojnar, T.: Hades: microprocessor hazard analysis via formal verification of parameterized systems. In: Proceedings of 11th Doctoral Workshop on Mathematical and Engineering Methods in Computer Science (MEMICS’16), vol. 233, pp. 87–93. EPTCS (2016)

  13. Clarke, E. Talupur, M., Veith, H.: Environment abstraction for parameterized verification. In: Proceedings of Verification, Model Checking, and Abstract Interpretation (VMCAI’06). LNCS, vol. 3855, pp. 126–141. Springer (2006)

  14. CodAL architecture description language. www.codasip.com/custom-processor (2019)

  15. Codasip Studio for rapid processor development. www.codasip.com (2019)

  16. De Moura, L., Bjorner, N.: Z3: an efficient SMT solver. In: Proceedings of International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’08). LNCS, vol. 4963, pp. 337–340. Springer (2008)

  17. Hao, K., Ray, S., Xie, F.: Equivalence checking for function pipelining in behavioral synthesis. In: Proceedings of Design, Automation and Test in Europe (DATE’14)

  18. Jones, R.B., Seger, C.H., Dill, D.L.: Self-consistency checking. In: Proceedings of Formal Methods in Computer-Aided Design (FMCAD’96). LNCS, vol. 1166, pp. 159–171. Springer (1996)

  19. Koelbl, A., Jacoby, R., Jain, H., Pixley, C.: Solver technology for system-level to RTL equivalence checking. In: Proceedings of Design, Automation and Test in Europe (DATE’09), pp. 196–201. IEEE (2009)

  20. Kuhne, U., Beyer, S., Bormann, J., Barstow, J.: Automated formal verification of processors based on architectural models. In: Proceedings of Formal Methods in Computer-Aided Design (FMCAD’10), pp. 129–136. IEEE (2010)

  21. Mishra, P., Tomiyama, H., Dutt, N., Nicolau, A.: Automatic verification of in-order execution in microprocessors with fragmented pipelines and multicycle functional units. In: Proceedings of Design, Automation and Test in Europe (DATE’02), pp. 36–43. IEEE (2002)

  22. Namjoshi, K.S.: Symmetry and completeness in the analysis of parameterized systems. In: Proceedings of Verification, Model Checking, and Abstract Interpretation (VMCAI’07). LNCS, vol. 4349, pp. 299–313. Springer (2007)

  23. Ngyuen, M., Thalmaier, M., Wedler, M., Bormann, J., Stoffel, D., Kunz, W.: Unbounded protocol compliance verification using interval property checking with invariants. IEEE Trans. Comput. Aided Des. Integr. Circuits 27(11), 2068–2082 (2008). https://ieeexplore.ieee.org/document/4655556

  24. Patterson, D.A., Hennessy, J.L.: Computer Organization and Design: The Hardware/Software Interface, fourth edn. Morgan Kaufmann, Boston (2012)

    MATH  Google Scholar 

  25. Van Praet, J., Lanneer, D., Geurts, W., Goossens, G.: nML: A Structural Processor Modeling Language for Retargetable Compilation and ASIP Design. Systems on Silicon, vol. 1, pp. 65–93. Morgan Kaufmannvol, Burlington (2008)

    Google Scholar 

  26. Synopsys: ASIP designer: design tool for application specific instruction-set processors, designer datasheet (2018)

  27. Velev, M.N, Gao, P.: Automatic formal verification of multithreaded pipelined microprocessors. In: Proceedings of International Conference on Computer Aided Design (ICCAD’11), pp. 679–686. IEEE (2011)

Download references

Acknowledgements

This work was supported by the Czech Science Foundation under the project 20-07487S.

Author information

Authors and Affiliations

  1. Faculty of Information Technology, Brno University of Technology, Božetěchova 2, 612 66, Brno, Czech Republic

    Lukáš Charvát, Aleš Smrčka & Tomáš Vojnar

Authors
  1. Lukáš Charvát
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aleš Smrčka
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tomáš Vojnar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lukáš Charvát.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Charvát, L., Smrčka, A. & Vojnar, T. Utilizing parametric systems for detection of pipeline hazards. Int J Softw Tools Technol Transfer 24, 1–28 (2022). https://doi.org/10.1007/s10009-020-00591-y

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10009-020-00591-y

Keywords

Search

Navigation