A Comparison of Two Verification Methods for Speculative Instruction Execution

In this paper we describe and compare two methodologies for verifying the correctness of a speculative out-of-order execution system with interrupts. Both methods are deductive (we use PVS) and are based on refinement. The first proof is by direct refinement to a sequential system; the second proof combines refinement with induction over the number of retirement buffer slots.

[1]  Kenneth L. McMillan,et al.  Verification of an Implementation of Tomasulo's Algorithm by Compositional Model Checking , 1998, CAV.

[2]  David A. Patterson,et al.  Computer Architecture: A Quantitative Approach , 1969 .

[3]  R. M. Tomasulo,et al.  An efficient algorithm for exploiting multiple arithmetic units , 1995 .

[4]  Amir Pnueli,et al.  Verifying Tomasulo's algorithm by refinement , 1999, Proceedings Twelfth International Conference on VLSI Design. (Cat. No.PR00013).

[5]  Natarajan Shankar,et al.  A Tutorial on Using PVS for Hardware Verification , 1994, TPCD.

[6]  Amir Pnueli,et al.  Verifying out-of-order executions , 1997, CHARME.

[7]  Ganesh Gopalakrishnan,et al.  A Proof of Correctness of a Processor Implementing Tomasulo's Algorithm without a Reorder Buffer , 1999, CHARME.

[8]  Jun Sawada,et al.  Processor Verification with Precise Exeptions and Speculative Execution , 1998, CAV.

[9]  Martín Abadi,et al.  The existence of refinement mappings , 1988, [1988] Proceedings. Third Annual Information Symposium on Logic in Computer Science.

[10]  Armin Biere,et al.  Combining Symbolic Model Checking with Uninterpreted Functions for Out-of-Order Processor Verification , 1998, FMCAD.

[11]  David A. Patterson,et al.  Computer architecture (2nd ed.): a quantitative approach , 1996 .

[12]  David L. Dill,et al.  Formal Verification of Out-of-Order Execution Using Incremental Flushing , 1998, CAV.

[13]  Amir Pnueli,et al.  Verification of Data-Insensitive CIrcuits: An In-Order-Retirement Case Study , 1998, FMCAD.