- Author:
- Ravi Mohan Hosabettu,
- Adviser:
- Ganesh Gopalakrishnan
This dissertation addresses the problem of formally verifying the correctness of pipelined microprocessors at the micro-architectural level of abstraction. Contemporary processor designs are highly complex, employing sophisticated performance enhancing techniques such as superscalar pipelining, out-of-order execution, branch prediction and speculative execution. Traditional simulation based validation methods do not guarantee that they uncover all the complex design bugs, and hence there is a need for formally verifying the correctness of these designs.
We propose a systematic approach called the Completion Functions Approach to decompose and incrementally build the proof of correctness of pipelined microprocessors. The central idea is to construct the abstraction function using completion functions, one per unfinished instruction, each of which specifies the effect on the programmer visible state components of completing the instruction. This construction of the abstraction function leads to a very natural decomposition of the proof into proving a series of verification conditions. The approach prescribes a systematic way to generate these verification conditions which can then be discharged with a high degree of automation using techniques based on decision procedures and rewriting. The approach does not involve the construction of an explicit intermediate abstraction, supports incremental verification facilitating debugging and error localization, and is applicable uniformly on a wide variety of pipelined processor designs.
The methodology is implemented in PVS (a theorem prover from SRI International), which supports many decision procedures and rewriting, and has been applied to many example processor designs with reasonable manual effort. The most involved design verified is an example out-of-order execution processor with a reorder buffer, a store buffer, branch prediction, speculative execution and exceptions. The verification was completed in 34 person days, which we believe, is a modest investment in return for the significant benefits of formal verification.
Cited By
- Velev M Using Abstraction for Efficient Formal Verification of Pipelined Processors with Value Prediction Proceedings of the 7th International Symposium on Quality Electronic Design, (51-56)
Mishra P and Dutt N (2004). Modeling and validation of pipeline specifications, ACM Transactions on Embedded Computing Systems (TECS), 3:1, (114-139), Online publication date: 1-Feb-2004.- Hosabettu R, Gopalakrishnan G and Srivas M (2019). Formal Verification of a Complex Pipelined Processor, Formal Methods in System Design, 23:2, (171-213), Online publication date: 1-Sep-2003.
Recommendations
Automatic formal verification of multithreaded pipelined microprocessors
ICCAD '11: Proceedings of the International Conference on Computer-Aided DesignWe present highly automatic techniques for formal verification of pipelined microprocessors with hardware support for multithreading. The processors are modeled at a high level of abstraction, using a subset of Verilog, in a way that allows us to ...
Formal Verification of Pipelined Microprocessors with Delayed Branches
ISQED '06: Proceedings of the 7th International Symposium on Quality Electronic DesignPresented is an approach for formal verification of pipelined microprocessors with delayed branches, i.e., branch instructions whose immediately following instruction is always executed regardless of whether the branch is taken. Delayed branches are ...