Microarchitecture Verification by Compositional Model Checking
Compositional model checking is used to verify a processor microarchitecture containing most of the features of a modern microprocessor, including branch prediction, speculative execution, out-of-order execution and a load-store buffer supporting re-ordering and load forwarding. We observe that the proof methodology scales well, in that the incremental proof cost of each feature is low. The proof is also quite concise with respect to proofs of similar microarchitecture models using other methods.
KeywordsModel Check Reference Model Program Counter Proof Assistant Reservation Station
- AP99.T. Arons and A. Pnueli. Verifying tomasulo’s algorithm by refinement. In 12th Int. Conf. on VLSI Design (VLSI’99), pages 306–309. IEEE Comput. Soc., June 1999.Google Scholar
- BD94.J. R. Burch and D. L. Dill. Automated verification of pipelined microprocessor control. In D. L. Dill, editor, Computer-Aided Verification (CAV94), LNCS 818, pages 68–80. Springer-Verlag, 1994.Google Scholar
- KM96.M. Kaufmann and J. S. Moore. ACL2: An industrial strength version of Nqthm. In Conf. on Computer Assurance (COMPASS-96), pages 23–34. IEEE Comp. Soc. Press, 1996.Google Scholar
- VB00.M. Velev and R. E. Bryant. Formal verification of superscalar microprocessors with multicycle functional units, exceptions and branch prediction. In 37th Design Automation Conference (DAC 2000). IEEE, June 2000.Google Scholar