Abstract
There is a large class of circuits (including pipeline and out-of-order execution components) which can be formally verified while completely ignoring the precise characteristics (e.g. word-size) of the data manipulated by the circuits. In the literature, this is often described as the use of uninterpreted functions, implying that the concrete operations applied to the data are abstracted into unknown and featureless functions. In this paper, we briefly introduce an abstract unifying model for such datainsensitive circuits, and claim that the development of such models, perhaps even a theory of circuit schemas, can significantly contribute to the development of efficient and comprehensive verification algorithms combining deductive as well as enumerative methods.
As a case study, we present in this paper an algorithm for out-of-order execution with in-order retirement and show it to be a refinement of the sequential instruction execution algorithm. Refinement is established by deductively proving (using pvs) that the register files of the out-of-order algorithm and the sequential algorithm agree at all times if the two systems are synchronized at instruction retirement time.
This research was supported in part by a gift from Intel, a grant from the Minerva foundation, and an Infrastructure grant from the Israeli Ministry of Science.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
M. Abadi and L. Lamport. Composing specifications. Stepwise Refinement of Distributed Systems: Models, Formalism, Correctness, LNCS-430:1–41, 1990.
T. Arons and A. Pnueli. Verifying tomasulo’s algorithm by refinement. Technical report, Weizmann Institute, 1998.
S. Bensalem, A. Bouajjani, C. Loiseaux, and J. Sifakis. Properties preserving simulations. CAV’92:251–263, 1992.
N. BjØrner, I.A. Browne, and Z. Manna. Automatic generation of invariants and intermediate assertions. 1st Intl. Conf. on Principles and Practice of Constraint Programming, LNCS-976:589–623, 1995.
J. R. Burch, E. M. Clarke, K. L. McMillan, D. L. Dill, and J. Hwang. Symbolic model checking: 1020 states and beyond. Inf. and Comp., 98(2):142–170, 1992.
J. R. Burch and D. L. Dill. Automatic verification of pipelined microprocessor control. CAV’94:68–80, 1994.
G. Barrett and A. McIsaac. Model-checking in a microprocessor design project. CAV’97, 1997.
R. E. Bryant and M. Velev. Deciding a theory of positive equality with uninterpreted functions. This volume.
P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. POPL’77.
Y. A. Chen, E. M. Clarke, P.-H. Ho, Y. Hoskote, T. Kam, M. Khaira, J. OLeary, and X. Zhao. Verification of all circuits in a floating point unit using word-level modelchecking. FMCAD’96:1–18, 1996.
E. M. Clarke, O. Grumberg, and S. Jha. Verifying parametrized networks using abstraction and regular languages. CONCUR’95:395–407, 1995.
E. M. Clarke, O. Grumberg, and D. E. Long. Model checking and abstraction. ACM Trans. Prog. Lang. Sys., 16(5):1512–1542, 1994.
E. M. Clarke, D. E. Long, and K. L. McMillan. Compositional model checking. Proc. 4th IEEE Symp. Logic in Comp. Sci.:353–362, 1989.
D. Cyrluk and P. Narendran. Ground temporal logic: A logic for hardware verification. CAV’94:247–259, 1994.
D. Dams, R. Gerth, and O. Grumberg. Abstract interpretation of reactive systems. ACM Trans. Prog. Lang. Sys., 19(2), 1997.
W. Damm and A. Pnueli. Verifying out-of-order executions. CHARME’97:23–47, Montreal, 1997. Chapmann & Hall.
W. Damm, A. Pnueli, and S. Ruah. Herbrand automata for hardware verification. CONCUR’98, 1998.
S. Greibach. Theory of program structures: schemes, semantics, verification, volume 36 of Lect. Notes in Comp. Sci. Springer-Verlag, Heidelberg, 1975.
R. Hojati, A. Isles, D. Kirkpatrick, and R.K. Brayton. Verification using uninterpreted functions and finite instantiations. FMCAD’96:218–232, 1996.
N. Halbwachs, F. Lagnier, and C. Ratel. An experience in proving regular networks of processes by modular model checking. Acta Informatica, 29(6/7):523–543, 1992.
J. L. Hennessy and D. A. Patterson. Computer Architecture: A Quantitative Approach. Morgan Kaufmann Publishers Inc., 1996.
K. Keutzer. The need for formal methods for integrated circuit design. FMCAD’96:1–18, 1996.
R. P. Kurshan and K. L. McMillan. A structural induction theorem for processes. Information and Computation, 117:1–11, 1995.
Y. Kesten and A. Pnueli. An αsts-based common semantics for signal, statechart, dc+, and C. Tech. report, Weizmann Institute, 1996.
Gwennap L. Intel’s p6 uses decoupled superscalar design. Microprocessor Report, 9(2):9–15, 1995.
D. C. Luckham, D. M. R. Park, and M. S. Paterson. On formalized computer programs. J. Comp. Sys. Sci., 4(3):220–249, 1970.
K. L. McMillan. A compositional rule for hardware design refinement. CAV’97.
K. L. McMillan. Verification of an implementation of Tomasulo’s algorithm by compositional model checking. CAV’98:110–121, 1998.
Z. Manna and A. Pnueli. Clocked transition systems. Logic and Software Engineering:3–42. World Scientific, Singapore, 1996.
S. Owre, J. M. Rushby, N. Shankar, and M. K. Srivas. A tutorial on using PVS for hardware verification. Proceedings of the Second Conference on Theorem Provers in Circuit Design:167–188. FZI Publication, UniversitÄt Karlsruhe, 1994.
E. Clarke S. Berezin, A. Biere and Y. Zhu. Combining symbolic model checking with uninterpreted functions for out-or-order processor verification. This volume.
J. U. Skakkebaek, R. B. Jones, and D. L. Dill. Formal verification of out-of-order execution using incremental flushing. CAV’98:pp 98–110, 1998.
J. Sawada and Jr. W. A. Hunt. Processor verification with precise exceptions and speculative execution flushing. CAV’98:135–146, 1998.
R. M. Tomasulo. An efficient algorithm for exploiting multiple arithmetic units. IBM J. of Research and Development, 11(1):25–33, 1967.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pnueli, A., Arons, T. (1998). Verification of Data-Insensitive Circuits: An In-Order-Retirement Case Study. In: Gopalakrishnan, G., Windley, P. (eds) Formal Methods in Computer-Aided Design. FMCAD 1998. Lecture Notes in Computer Science, vol 1522. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-49519-3_23
Download citation
DOI: https://doi.org/10.1007/3-540-49519-3_23
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65191-8
Online ISBN: 978-3-540-49519-2
eBook Packages: Springer Book Archive