Floating Point Units (FPUs) pose a singular challenge for traditional verification methods, such as coverage driven simulation, given the large and complex data paths and intricate control structures which renders those methods incomplete and error prone. Formal verification (FV) has been successfully leveraged to achieve the high level of quality desired of these critical logics. Typically, FV-based approaches to verify FPUs rely on introducing higher level abstractions to allow reasoning. This however has to be done manually, and quickly becomes tedious for optimized bit level implementations on board high performance microprocessors. Automated formal methods working directly on the bit level and providing a full end-to-end check exist but are limited to single instructions (issued in an empty pipeline), hence lack in checking control aspects related to inter-instruction interactions, or pipeline control. In this paper we present an approach based on equivalence checking to overcome the single instruction limitation for automated bit level proofs in the formal verification of FPUs. The sequential execution of instructions is modeled by two instances of the design-under-test. One of the instances acts as a reference model for the other. This allows for large numbers of internal equivalences to be leveraged by equivalence checking techniques. We show that this method is capable of proving instruction sequences for industrial FPU designs. Together with a proof of correctness of individual instructions it guarantees correctness of the FPU design as a whole. In our experience this is a one of a kind approach to perform automated end-to-end verification of FPUs.
[1]
Emanuel Gofman,et al.
Injecting Floating-Point Testing Knowledge into Test Generators
,
2011,
Haifa Verification Conference.
[2]
Kwang-Ting Cheng,et al.
Self-referential verification for gate-level implementations of arithmetic circuits
,
2004,
IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.
[3]
Peter-Michael Seidel,et al.
The Floating-Point Unit of the Jaguar x86 Core
,
2013,
2013 IEEE 21st Symposium on Computer Arithmetic.
[4]
Jason Baumgartner,et al.
Scalable Automated Verification via Expert-System Guided Transformations
,
2004,
FMCAD.
[5]
Jason Baumgartner,et al.
Automatic formal verification of fused-multiply-add FPUs
,
2005,
Design, Automation and Test in Europe.
[6]
Aarti Gupta,et al.
Symbolic Trajectory Evaluation: The primary validation Vehicle for next generation Intel® Processor Graphics FPU
,
2012,
2012 Formal Methods in Computer-Aided Design (FMCAD).
[7]
Peter-Michael Seidel,et al.
Formal Verification of an Iterative Low-Power x86 Floating-Point Multiplier with Redundant Feedback
,
2011,
ACL2.
[8]
Jason Baumgartner,et al.
Scalable conditional equivalence checking: An automated invariant-generation based approach
,
2009,
2009 Formal Methods in Computer-Aided Design.
[9]
Anna Slobodová,et al.
Replacing Testing with Formal Verification in Intel CoreTM i7 Processor Execution Engine Validation
,
2009,
CAV.