Using rewriting rules and positive equality to formally verify wide-issue out-of-order microprocessors with a reorder buffer

Rewriting rules and positive equality are combined in an automatic way in order to formally verify out-of-order processors that have a Reorder Buffer and can issue/retire multiple instructions per clock cycle. Only register-register instructions are implemented, and can be executed out-of-order as soon as their data operands can be either read from the Register File, or forwarded as results of instructions ahead in program order in the Reorder Buffer. The verification is based on the Burch and Dill correctness criterion. Rewriting rules are used to prove the correct execution of instructions that are initially in the Reorder Buffer and to remove them from the correctness formula. Positive Equality is then employed to prove the correct execution of newly fetched instructions. The rewriting rules resulted in up to 5 orders of magnitude speedup, compared to using Positive Equality alone. That made it possible to formally verify processors with up to 1,500 instructions in the Reorder Buffer and issue/retire widths of up to 128 instructions per clock cycle.

[1]  Ganesh Gopalakrishnan,et al.  Systematic verification of pipelined microprocessors , 2000 .

[2]  Miroslav N. Velev,et al.  Automatic Abstraction of Memories in the Formal Verification of Superscalar Microprocessors , 2001, TACAS.

[3]  Armin Biere,et al.  Verification of Out-Of-Order Processor Designs Using Model Checking and a Light-Weight Completion Function , 2002, Formal Methods Syst. Des..

[4]  Randal E. Bryant,et al.  Incorporating timing constraints in the efficient memory model for symbolic ternary simulation , 1998, Proceedings International Conference on Computer Design. VLSI in Computers and Processors (Cat. No.98CB36273).

[5]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[6]  Daniel Kroening,et al.  A Rigorous Correctness Proof of a Tomasulo Scheduler Supporting Precise Interrupts , 1999 .

[7]  Sharad Malik,et al.  Efficient conflict driven learning in a Boolean satisfiability solver , 2001, IEEE/ACM International Conference on Computer Aided Design. ICCAD 2001. IEEE/ACM Digest of Technical Papers (Cat. No.01CH37281).

[8]  MASAHIRO FUJITA,et al.  Formal Verification Techniques for Digital Systems , 1998 .

[9]  Amir Pnueli,et al.  Verifying Tomasulo's algorithm by refinement , 1999, Proceedings Twelfth International Conference on VLSI Design. (Cat. No.PR00013).

[10]  David J. Sager,et al.  The microarchitecture of the Pentium 4 processor , 2001 .

[11]  Randal E. Bryant,et al.  Superscalar Processor Verification Using Efficient Reductions of the Logic of Equality with Uninterpreted Functions to Propositional Logic , 1999, CHARME.

[12]  Hai Zhou,et al.  BDD Based Procedures for a Theory of Equality with Uninterpreted Functions , 2003, Formal Methods Syst. Des..

[13]  Thomas A. Henzinger,et al.  You Assume, We Guarantee: Methodology and Case Studies , 1998, CAV.

[14]  Randal E. Bryant,et al.  Boolean satisfiability with transitivity constraints , 2000, TOCL.

[15]  Andrew R. Pleszkun,et al.  Implementing Precise Interrupts in Pipelined Processors , 1988, IEEE Trans. Computers.

[16]  David A. Patterson,et al.  Computer Architecture: A Quantitative Approach , 1969 .

[17]  Sharad Malik,et al.  Chaff: engineering an efficient SAT solver , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[18]  David L. Dill,et al.  Automatic verification of Pipelined Microprocessor Control , 1994, CAV.

[19]  Kunle Olukotun,et al.  Verifying correct pipeline implementation for microprocessors , 1997, ICCAD 1997.

[20]  Kunle Olukotun,et al.  Verifying correct pipeline implementation for microprocessors , 1997, 1997 Proceedings of IEEE International Conference on Computer Aided Design (ICCAD).

[21]  Ganesh Gopalakrishnan,et al.  Proof of Correctness of a Processor with Reorder Buffer Using the Completion Functions Approach , 1999, CAV 1999.

[22]  David A. Patterson,et al.  Computer Architecture - A Quantitative Approach, 5th Edition , 1996 .

[23]  Randal E. Bryant,et al.  EVC: A Validity Checker for the Logic of Equality with Uninterpreted Functions and Memories, Exploiting Positive Equality, and Conservative Transformations , 2001, CAV.

[24]  Miroslav N. Velev,et al.  Formal Verification of VLIW Microprocessors with Speculative Execution , 2000, CAV.

[25]  Randal E. Bryant,et al.  Effective use of Boolean satisfiability procedures in the formal verification of superscalar and VLIW microprocessors , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[26]  S SohiGurindar Instruction Issue Logic for High-Performance, Interruptible, Multiple Functional Unit, Pipelined Computers , 1990 .

[27]  Kenneth L. McMillan,et al.  A methodology for hardware verification using compositional model checking , 2000, Sci. Comput. Program..

[28]  Randal E. Bryant,et al.  Formal verification of superscalar microprocessors with multicycle functional units, exceptions, and branch prediction , 2000, Proceedings 37th Design Automation Conference.

[29]  David L. Dill,et al.  Formal Verification of Out-of-Order Execution Using Incremental Flushing , 1998, CAV.

[30]  Randal E. Bryant,et al.  Processor verification using efficient reductions of the logic of uninterpreted functions to propositional logic , 1999, TOCL.

[31]  Amir Pnueli,et al.  A Comparison of Two Verification Methods for Speculative Instruction Execution , 2000, TACAS.

[32]  Donald S. Fussell,et al.  Formal verification of an advanced pipelined machine , 1999 .

[33]  Jeremy R. Levitt,et al.  Formal verification techniques for digital systems , 1998 .

[34]  Ranjit Jhala,et al.  Microarchitecture Verification by Compositional Model Checking , 2001, CAV.