Microarchitecture Verification by Compositional Model Checking

  • Ranjit Jhala1
  • Kenneth L. McMillan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2102)


Compositional model checking is used to verify a processor microarchitecture containing most of the features of a modern microprocessor, including branch prediction, speculative execution, out-of-order execution and a load-store buffer supporting re-ordering and load forwarding. We observe that the proof methodology scales well, in that the incremental proof cost of each feature is low. The proof is also quite concise with respect to proofs of similar microarchitecture models using other methods.


Model Check Reference Model Program Counter Proof Assistant Reservation Station 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. AP99.
    T. Arons and A. Pnueli. Verifying tomasulo’s algorithm by refinement. In 12th Int. Conf. on VLSI Design (VLSI’99), pages 306–309. IEEE Comput. Soc., June 1999.Google Scholar
  2. BD94.
    J. R. Burch and D. L. Dill. Automated verification of pipelined microprocessor control. In D. L. Dill, editor, Computer-Aided Verification (CAV94), LNCS 818, pages 68–80. Springer-Verlag, 1994.Google Scholar
  3. HGS00.
    R. Hosabettu, G. Gopalakrishnan, and M. Srivas. Verifying advanced microarchitectures that support speculation and exceptions. In E. A. Emerson and A. P. Sistla, editors, Computer-Aided Verification (CAV2000), LNCS 1855, pages 521–537. Springer-Verlag, 2000.CrossRefGoogle Scholar
  4. KM96.
    M. Kaufmann and J. S. Moore. ACL2: An industrial strength version of Nqthm. In Conf. on Computer Assurance (COMPASS-96), pages 23–34. IEEE Comp. Soc. Press, 1996.Google Scholar
  5. McM00.
    K. L. McMillan. A methodology for hardware verification using compositional model checking. Sci. of Comp. Prog., 37(1-3):279–309, May 2000.CrossRefGoogle Scholar
  6. ORSvH95.
    S. Owre, J. Rushby, N. Shankar, and F. von Henke. Formal verification for fault tolerant architectures: Prolegomena to the design of PVS. IEEE Trans. on Software Eng., 21(2):17–125, Feb 1995.CrossRefGoogle Scholar
  7. SH98.
    J. Sawada and W. D. Hunt. Processor verification with precise exceptions and speculative execution. In A. J. Hu and M. Y. Vardi, editors, Computer-Aided Verification (CAV98), LNCS 1427, pages 135–146. Springer, 1998.CrossRefGoogle Scholar
  8. Tom67.
    R. M. Tomasulo. An efficient algorithm for exploiting multiple arithmetic units. IBM J. of Research and Development, 11(1):25–33, Jan. 1967.CrossRefGoogle Scholar
  9. VB00.
    M. Velev and R. E. Bryant. Formal verification of superscalar microprocessors with multicycle functional units, exceptions and branch prediction. In 37th Design Automation Conference (DAC 2000). IEEE, June 2000.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Ranjit Jhala1
    • 1
  • Kenneth L. McMillan
    • 2
  1. 1.University of CaliforniaBerkeleyUSA
  2. 2.Cadence Berkeley LabsUSA

Personalised recommendations