research-article

Automatic verification of safety and liveness for pipelined machines using WEB refinement

Authors:
Panagiotis Manolios

Northeastern University, Boston, MA

Northeastern University, Boston, MA
View Profile

,
Sudarshan K. Srinivasan

North Dakota State University, Fargo, ND

North Dakota State University, Fargo, ND
View Profile

ACM Transactions on Design Automation of Electronic Systems Volume 13 Issue 3Article No.: 45pp 1–19https://doi.org/10.1145/1367045.1367054

Published:25 July 2008Publication History

ACM Transactions on Design Automation of Electronic Systems

Abstract

We show how to automatically verify that complex pipelined machine models satisfy the same safety and liveness properties as their instruction-set architecture (ISA) models by using well-founded equivalence bisimulation (WEB) refinement. We show how to reduce WEB-refinement proof obligations to formulas expressible in the decidable logic of counter arithmetic with lambda expressions and uninterpreted functions (CLU). This allows us to automate the verification of the pipelined machine models by using the UCLID decision procedure to transform CLU formulas to Boolean satisfiability problems. To relate pipelined machine states to ISA states, we use the commitment and flushing refinement maps. We evaluate our work using 17 pipelined machine models that contain various features, including deep pipelines, precise exceptions, branch prediction, interrupts, and instruction queues. Our experimental results show that the overhead of proving liveness, obtained by comparing the cost of proving both safety and liveness with the cost of only proving safety, is about 17%, but depends on the refinement map used; for example, the liveness overhead is 23% when flushing is used and is negligible when commitment is used.

References

Aagaard, M., Cook, B., Day, N. A., and Jones, R. B. 2001. A framework for microprocessor correctness statements. In Proceedings of the Advanced Research Working Conference on Correct Hardware Design and Verification Methods (CHARME), Livingston, UK. T. Margaria and T. F. Melham, eds. Lecture Notes in Computer Science, vol. 2144. Springer, 433--448.]] Google ScholarDigital Library
Aagaard, M., Cook, B., Day, N. A., and Jones, R. B. 2003. A framework for superscalar microprocessor correctness statements. Int. J. Softw. Tools Technol. Transfer 4, 3, 298--312.]]Google ScholarCross Ref
Abadir, M. S., Albin, K., Havlicek, J., Krishnamurthy, N., and Martin, A. K. 2003. Formal verification successes at Motorola. Formal Meth. Syst. Des. 22, 2, 117--123.]] Google ScholarDigital Library
Arons, T. and Pnueli, A. 2000. A comparison of two verification methods for speculative instruction execution. In Proceedings of the Tools and Algorithms for the Construction and Analysis of Systems (TACAS), Berlin. Lecture Notes in Computer Science, vol. 1785. Springer, 487--502.]] Google ScholarDigital Library
Bentley, B. 2001. Validating the Intel Pentium 4 microprocessor. In Proceedings of the ACM Design Automation Conference (DAC). ACM, 244--248.]] Google ScholarDigital Library
Bentley, B. 2005. Validating a modern microprocessor. http://www.cav2005.inf.ed.ac.uk/bentley_CAV_07_08_2005.ppt.]] Google ScholarDigital Library
Bryant, R. E., German, S., and Velev, M. N. 1999. Exploiting positive equality in a logic of equality with uninterpreted functions. In Proceedings of the Computer-Aided Verification (CAV), Trento, Italy. N. Halbwachs and D. Peled, eds. Lecture Notes in Computer Science, vol. 1633. Springer, 470--482.]] Google ScholarDigital Library
Bryant, R. E., Lahiri, S. K., and Seshia, S. A. 2002. Modeling and verifying systems using a logic of counter arithmetic with lambda expressions and uninterpreted functions. In Proceedings of the Computer-Aided Verification (CAV), E. Brinksma and K. G. Larsen, eds. Lecture Notes in Computer Science, vol. 2404. Springer, 78--92.]] Google ScholarDigital Library
Burch, J. R. and Dill, D. L. 1994. Automatic verification of pipelined microprocessor control. In Proceedings of the Computer-Aided Verification (CAV), D. L. Dill, ed. Lecture Notes in Computer Science, vol. 818. Springer, 68--80.]] Google ScholarDigital Library
de Moura, L. 2006. Yices homepage. http://fm.csl.sri.com/yices.]]Google Scholar
Ganzinger, H., Hagen, G., Nieuwenhuis, R., Oliveras, A., and Tinelli, C. 2004. DPLL(T): Fast decision procedures. In Proceedings of the Computer-Aided Verification (CAV), Boston, MA. R. Alur and D. Peled, eds. Lecture Notes in Computer Science, vol. 3114. Springer, 175--188.]]Google Scholar
Hosabettu, R., Srivas, M., and Gopalakrishnan, G. 1999. Proof of correctness of a processor with reorder buffer using the completion functions approach. In Proceedings of the Computer-Aided Verification (CAV), Trento, Italy. N. Halbwachs and D. Peled, eds. Lecture Notes in Computer Science, vol. 1633. Springer, 686--698.]]Google Scholar
Huggins, J. K. and Campenhout, D. V. 1998. Specification and verification of pipelining in the ARM2 RISC microprocessor. ACM Trans. Des. Autom. Electron. Syst. 3, 4, 563--580.]] Google ScholarDigital Library
Jones, R., Skakkebæk, J., and Dill, D. 1998. Reducing manual abstraction in formal verification of out-of-order execution. In Proceedings of the Formal Methods in Computer-Aided Design (FMCAD), Palo Alto, CA. G. Gopalakrishnan and P. Windley, eds. Lecture Notes in Computer Science, vol. 1522. Springer, 2--17.]] Google ScholarDigital Library
Kane, R., Manolios, P., and Srinivasan, S. K. 2006. Monolithic verification of deep pipelines with collapsed flushing. In Proceedings of the Design Automation and Test in Europe (DATE), Leuven, Belgium. G. G. E. Gielen, ed. European Design and Automation Association, 1234--1239.]] Google ScholarDigital Library
Kaufmann, M., Manolios, P., and Moore, J. S., Eds. 2000a. Computer-Aided Reasoning: ACL2 Case Studies. Kluwer Academic.]] Google ScholarDigital Library
Kaufmann, M., Manolios, P., and Moore, J. S. 2000b. Computer-Aided Reasoning: An Approach. Kluwer Academic.]] Google ScholarDigital Library
Kroening, D. 2001. Formal verification of pipelined microprocessors. Ph.D. thesis, Universität des Saarlandes.]]Google Scholar
Lahiri, S., Seshia, S., and Bryant, R. 2002. Modeling and verification of out-of-order microprocessors using UCLID. In Proceedings of the Formal Methods in Computer-Aided Design (FMCAD), Portland, OR. Lecture Notes in Computer Science, vol. 2517. Springer, 142--159.]] Google ScholarDigital Library
Ludden, J. M., Roesner, W., Heiling, G. M., Reysa, J. R., Jackson, J. R., Chu, B.-L., Behm, M. L., Baumgartner, J., Peterson, R. D., Abdulhafiz, J., Bucy, W. E., Klaus, J. H., Klema, D. J., Le, T. N., Lewis, F. D., Milling, P. E., McConville, L. A., Nelson, B. S., Paruthi, V., Pouarz, T. W., Romonosky, A. D., Stuecheli, J., Thompson, K. D., Victor, D. W., and Wile, B. 2002. Functional verification of the POWER4 microprocessor and POWER4 multiprocessor system. IBM J. Res. Devel. 46, 1, 53--76.]] Google ScholarDigital Library
Manolios, P. 2000. Correctness of pipelined machines. In Proceedings of the Formal Methods in Computer-Aided Design (FMCAD), W. A. H., Jr. and S. D. Johnson, eds. Lecture Notes in Computer Science, vol. 1954. Springer, 161--178.]] Google ScholarDigital Library
Manolios, P. 2001. Mechanical verification of reactive systems. Ph.D. thesis, University of Texas at Austin. http://www.cc.gatech.edu/~manolios/publications.html.]]Google Scholar
Manolios, P. 2003. A compositional theory of refinement for branching time. In Proceedings of the 12th IFIP WG 10.5 Advanced Research Working Conference (CHARME), D. Geist and E. Tronci, eds. Lecture Notes in Computer Science, vol. 2860. Springer, 304--318.]]Google Scholar
Manolios, P. and Srinivasan, S. K. 2003. Automatic verification of safety and liveness for XScale-like processor models using WEB refinements. Tech. Rep. GIT-CERCS-03-17, Georgia Institute of Technology, College of Computing. September.]]Google Scholar
Manolios, P. and Srinivasan, S. K. 2004. Automatic verification of safety and liveness for XScale-like processor models using WEB refinements. In Proceedings of the Design, Automation, and Test in Europe (DATE). IEEE Computer Society, 168--175.]] Google ScholarDigital Library
Manolios, P. and Srinivasan, S. K. 2005a. A complete compositional reasoning framework for the efficient verification of pipelined machines. In Proceedings of the International Conference on Computer-Aided Design (ICCAD), San Jose, CA. IEEE Computer Society, 863--870.]] Google ScholarDigital Library
Manolios, P. and Srinivasan, S. K. 2005b. A computationally efficient method based on commitment refinement maps for verifying pipelined machines. In Proceedings of the International Conference on Formal Methods and Models for Codesign (MEMOCODE). IEEE, 188--197.]] Google ScholarDigital Library
Manolios, P. and Srinivasan, S. K. 2005c. A parameterized benchmark suite of hard pipelined machine verification problems. http://www.cc.gatech.edu/~manolios/benchmarks/charme.html.]]Google Scholar
Manolios, P. and Srinivasan, S. K. 2005d. Refinement maps for efficient verification of processor models. In Proceedings of the Design Automation and Test in Europe (DATE). IEEE Computer Society, 1304--1309.]] Google ScholarDigital Library
McMillan, K. L. 1998. Verification of an implementation of Tomasulo's algorithm by compositional model checking. In Proceedings of the Computer Aided Verification (CAV), Van Couver, British Colombia, Canada. A. J. Hu and M. Y. Vardi, eds. Lecture Notes in Computer Science, vol. 1427. Springer, 110--121.]] Google ScholarDigital Library
Mishra, P. and Dutt, N. D. 2002. Modeling and verification of pipelined embedded processors in the presence of hazards and exceptions. In Proceedings of the IFIP WCC Stream 7 on Distributed and Parallel Embedded Systems (DIPES), Montreal, Qubec, Canada, vol. 219. B. Kleinjohann et al., eds. Kluwer, 81--90.]] Google ScholarDigital Library
Owre, S., Shankar, N., Rushby, J. M., and Stringer-Calvert, D. W. J. 2001. PVS system guide. http://pvs.csl.sri.com/doc/pvs-system-guide.pdf.]]Google Scholar
Patankar, V. A., Jain, A., and Bryant, R. E. 1999. Formal verification of an ARM processor. In Proceedings of the 12th International Conference on VLSI Design, Goa, India. IEEE, 282--287.]] Google ScholarDigital Library
Ryan, L. 2008. Siege homepage. http://www.cs.sfu.ca/~loryan/personal.]]Google Scholar
Sawada, J. 1999. Formal verification of an advanced pipelined machine. Ph.D. thesis, University of Texas at Austin. http://www.cs.utexas.edu/users/sawada/dissertation/.]] Google ScholarDigital Library
Sawada, J. and Hunt, W. A. 2002. Verification of FM9801: An out-of-order microprocessor model with speculative execution, exceptions, and program-modifying capability. Formal Meth. Syst. Des. 20, 2, 187--222.]] Google ScholarDigital Library
Srivas, M. and Bickford, M. 1990. Formal verification of a pipelined microprocessor. IEEE Softw. 7, 5, 52--64.]] Google ScholarDigital Library
Velev, M. N. 2004. Using positive equality to prove liveness for pipelined microprocessors. In Proceedings of the Asia and South Pacific Design Automation Conference (ASPDAC), Yokohama, Japan. M. Imai, ed. IEEE, 316--321.]] Google ScholarDigital Library
Velev, M. N. and Bryant, R. E. 2000. Formal verification of superscalar microprocessors with multicycle functional units, exceptions, and branch prediction. In Proceedings of the ACM Design Automation Conference (DAC), Los Angeles, CA. ACM Press, 112--117.]] Google ScholarDigital Library

Index Terms

Automatic verification of safety and liveness for pipelined machines using WEB refinement
1. Applied computing
  1. Physical sciences and engineering
    1. Engineering

Recommendations

A Framework for Verifying Bit-Level Pipelined Machines Based on Automated Deduction and Decision Procedures

We describe an approach to verifying bit-level pipelined machine models using a combination of deductive reasoning and decision procedures. While theorem-proving systems such as ACL2 have been used to verify bit-level designs, they typically require ...
Read More
Automatic formal verification of multithreaded pipelined microprocessors
ICCAD '11: Proceedings of the International Conference on Computer-Aided Design

We present highly automatic techniques for formal verification of pipelined microprocessors with hardware support for multithreading. The processors are modeled at a high level of abstraction, using a subset of Verilog, in a way that allows us to ...
Read More
Beyond safety: customized SAT-based model checking
DAC '05: Proceedings of the 42nd annual Design Automation Conference

Model checking of safety properties has taken a significant lead over non-safety properties in recent years. To bridge the gap, we propose dedicated SAT-based model checking algorithms for properties beyond safety. Previous bounded model checking (BMC) ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in

ACM Transactions on Design Automation of Electronic Systems Volume 13, Issue 3
July 2008
370 pages
ISSN:1084-4309
EISSN:1557-7309
DOI:10.1145/1367045
Issue’s Table of Contents

Copyright © 2008 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States

Journal Family
ACM Journals for the Design of Smart and Connected Systems
Publication History
- Published: 25 July 2008
- Accepted: 1 November 2007
- Revised: 1 September 2006
- Received: 1 December 2005
Published in todaes Volume 13, Issue 3

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Refinement maps
SAT
bisimulation
commitment
flushing
liveness
pipelined machines
refinement
verification
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 9
  Total Citations
  View Citations
- 240
  Total Downloads
- Downloads (Last 12 months)4
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Automatic verification of safety and liveness for pipelined machines using WEB refinement

ACM Transactions on Design Automation of Electronic Systems

Abstract

References

Cited By

Index Terms

Recommendations

A Framework for Verifying Bit-Level Pipelined Machines Based on Automated Deduction and Decision Procedures

Automatic formal verification of multithreaded pipelined microprocessors

Beyond safety: customized SAT-based model checking

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Journal Family

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Automatic verification of safety and liveness for pipelined machines using WEB refinement

ACM Transactions on Design Automation of Electronic Systems

Abstract

References

Cited By

Index Terms

Recommendations

A Framework for Verifying Bit-Level Pipelined Machines Based on Automated Deduction and Decision Procedures

Automatic formal verification of multithreaded pipelined microprocessors

Beyond safety: customized SAT-based model checking

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Journal Family

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media