Advertisement

Verification of Data-Insensitive Circuits: An In-Order-Retirement Case Study

  • Amir Pnueli
  • T. Arons
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1522)

Abstract

There is a large class of circuits (including pipeline and out-of-order execution components) which can be formally verified while completely ignoring the precise characteristics (e.g. word-size) of the data manipulated by the circuits. In the literature, this is often described as the use of uninterpreted functions, implying that the concrete operations applied to the data are abstracted into unknown and featureless functions. In this paper, we briefly introduce an abstract unifying model for such datainsensitive circuits, and claim that the development of such models, perhaps even a theory of circuit schemas, can significantly contribute to the development of efficient and comprehensive verification algorithms combining deductive as well as enumerative methods.

As a case study, we present in this paper an algorithm for out-of-order execution with in-order retirement and show it to be a refinement of the sequential instruction execution algorithm. Refinement is established by deductively proving (using pvs) that the register files of the out-of-order algorithm and the sequential algorithm agree at all times if the two systems are synchronized at instruction retirement time.

Keywords

Model Check Functional Unit Program Counter Observation Function Symbolic Model Check 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    M. Abadi and L. Lamport. Composing specifications. Stepwise Refinement of Distributed Systems: Models, Formalism, Correctness, LNCS-430:1–41, 1990.Google Scholar
  2. 2.
    T. Arons and A. Pnueli. Verifying tomasulo’s algorithm by refinement. Technical report, Weizmann Institute, 1998.Google Scholar
  3. 3.
    S. Bensalem, A. Bouajjani, C. Loiseaux, and J. Sifakis. Properties preserving simulations. CAV’92:251–263, 1992.Google Scholar
  4. 4.
    N. BjØrner, I.A. Browne, and Z. Manna. Automatic generation of invariants and intermediate assertions. 1st Intl. Conf. on Principles and Practice of Constraint Programming, LNCS-976:589–623, 1995.Google Scholar
  5. 5.
    J. R. Burch, E. M. Clarke, K. L. McMillan, D. L. Dill, and J. Hwang. Symbolic model checking: 1020 states and beyond. Inf. and Comp., 98(2):142–170, 1992.zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    J. R. Burch and D. L. Dill. Automatic verification of pipelined microprocessor control. CAV’94:68–80, 1994.Google Scholar
  7. 7.
    G. Barrett and A. McIsaac. Model-checking in a microprocessor design project. CAV’97, 1997.Google Scholar
  8. 8.
    R. E. Bryant and M. Velev. Deciding a theory of positive equality with uninterpreted functions. This volume.Google Scholar
  9. 9.
    P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. POPL’77.Google Scholar
  10. 10.
    Y. A. Chen, E. M. Clarke, P.-H. Ho, Y. Hoskote, T. Kam, M. Khaira, J. OLeary, and X. Zhao. Verification of all circuits in a floating point unit using word-level modelchecking. FMCAD’96:1–18, 1996.Google Scholar
  11. 11.
    E. M. Clarke, O. Grumberg, and S. Jha. Verifying parametrized networks using abstraction and regular languages. CONCUR’95:395–407, 1995.Google Scholar
  12. 12.
    E. M. Clarke, O. Grumberg, and D. E. Long. Model checking and abstraction. ACM Trans. Prog. Lang. Sys., 16(5):1512–1542, 1994.CrossRefGoogle Scholar
  13. 13.
    E. M. Clarke, D. E. Long, and K. L. McMillan. Compositional model checking. Proc. 4th IEEE Symp. Logic in Comp. Sci.:353–362, 1989.Google Scholar
  14. 14.
    D. Cyrluk and P. Narendran. Ground temporal logic: A logic for hardware verification. CAV’94:247–259, 1994.Google Scholar
  15. 15.
    D. Dams, R. Gerth, and O. Grumberg. Abstract interpretation of reactive systems. ACM Trans. Prog. Lang. Sys., 19(2), 1997.Google Scholar
  16. 16.
    W. Damm and A. Pnueli. Verifying out-of-order executions. CHARME’97:23–47, Montreal, 1997. Chapmann & Hall.Google Scholar
  17. 17.
    W. Damm, A. Pnueli, and S. Ruah. Herbrand automata for hardware verification. CONCUR’98, 1998.Google Scholar
  18. 18.
    S. Greibach. Theory of program structures: schemes, semantics, verification, volume 36 of Lect. Notes in Comp. Sci. Springer-Verlag, Heidelberg, 1975.zbMATHGoogle Scholar
  19. 19.
    R. Hojati, A. Isles, D. Kirkpatrick, and R.K. Brayton. Verification using uninterpreted functions and finite instantiations. FMCAD’96:218–232, 1996.Google Scholar
  20. 20.
    N. Halbwachs, F. Lagnier, and C. Ratel. An experience in proving regular networks of processes by modular model checking. Acta Informatica, 29(6/7):523–543, 1992.zbMATHCrossRefGoogle Scholar
  21. 21.
    J. L. Hennessy and D. A. Patterson. Computer Architecture: A Quantitative Approach. Morgan Kaufmann Publishers Inc., 1996.Google Scholar
  22. 22.
    K. Keutzer. The need for formal methods for integrated circuit design. FMCAD’96:1–18, 1996.Google Scholar
  23. 23.
    R. P. Kurshan and K. L. McMillan. A structural induction theorem for processes. Information and Computation, 117:1–11, 1995.zbMATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    Y. Kesten and A. Pnueli. An αsts-based common semantics for signal, statechart, dc+, and C. Tech. report, Weizmann Institute, 1996.Google Scholar
  25. 25.
    Gwennap L. Intel’s p6 uses decoupled superscalar design. Microprocessor Report, 9(2):9–15, 1995.Google Scholar
  26. 26.
    D. C. Luckham, D. M. R. Park, and M. S. Paterson. On formalized computer programs. J. Comp. Sys. Sci., 4(3):220–249, 1970.zbMATHMathSciNetGoogle Scholar
  27. 27.
    K. L. McMillan. A compositional rule for hardware design refinement. CAV’97.Google Scholar
  28. 28.
    K. L. McMillan. Verification of an implementation of Tomasulo’s algorithm by compositional model checking. CAV’98:110–121, 1998.Google Scholar
  29. 29.
    Z. Manna and A. Pnueli. Clocked transition systems. Logic and Software Engineering:3–42. World Scientific, Singapore, 1996.Google Scholar
  30. 30.
    S. Owre, J. M. Rushby, N. Shankar, and M. K. Srivas. A tutorial on using PVS for hardware verification. Proceedings of the Second Conference on Theorem Provers in Circuit Design:167–188. FZI Publication, UniversitÄt Karlsruhe, 1994.Google Scholar
  31. 31.
    E. Clarke S. Berezin, A. Biere and Y. Zhu. Combining symbolic model checking with uninterpreted functions for out-or-order processor verification. This volume.Google Scholar
  32. 32.
    J. U. Skakkebaek, R. B. Jones, and D. L. Dill. Formal verification of out-of-order execution using incremental flushing. CAV’98:pp 98–110, 1998.Google Scholar
  33. 33.
    J. Sawada and Jr. W. A. Hunt. Processor verification with precise exceptions and speculative execution flushing. CAV’98:135–146, 1998.Google Scholar
  34. 34.
    R. M. Tomasulo. An efficient algorithm for exploiting multiple arithmetic units. IBM J. of Research and Development, 11(1):25–33, 1967.zbMATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Amir Pnueli
    • 1
  • T. Arons
    • 1
  1. 1.Weizmann Institute of ScienceRehovotIsrael

Personalised recommendations