Specification and verification of pipelining in the ARM2 RISC microprocessor
ACM Transactions on Design Automation of Electronic Systems (TODAES)
Proceedings of the 37th Annual Design Automation Conference
Validating the intel pentium 4 microprocessor
Proceedings of the 38th annual Design Automation Conference
Computer-Aided Reasoning: An Approach
Computer-Aided Reasoning: An Approach
Formal Verification of a Pipelined Microprocessor
IEEE Software
Formal Verification Successes at Motorola
Formal Methods in System Design
Reducing Manual Abstraction in Formal Verification of Out-of-Order Execution
FMCAD '98 Proceedings of the Second International Conference on Formal Methods in Computer-Aided Design
Correctness of Pipelined Machines
FMCAD '00 Proceedings of the Third International Conference on Formal Methods in Computer-Aided Design
Modeling and Verification of Out-of-Order Microprocessors in UCLID
FMCAD '02 Proceedings of the 4th International Conference on Formal Methods in Computer-Aided Design
Modeling and Verification of Pipelined Embedded Processors in the Presence of Hazards and Exceptions
DIPES '02 Proceedings of the IFIP 17th World Computer Congress - TC10 Stream on Distributed and Parallel Embedded Systems: Design and Analysis of Distributed Embedded Systems
Verification of an Implementation of Tomasulo's Algorithm by Compositional Model Checking
CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
Automatic verification of Pipelined Microprocessor Control
CAV '94 Proceedings of the 6th International Conference on Computer Aided Verification
Formal Verification of an ARM Processor
VLSID '99 Proceedings of the 12th International Conference on VLSI Design - 'VLSI for the Information Appliance'
Formal verification of an advanced pipelined machine
Formal verification of an advanced pipelined machine
Automatic Verification of Safety and Liveness for XScale-Like Processor Models Using WEB Refinements
Proceedings of the conference on Design, automation and test in Europe - Volume 1
Using positive equality to prove liveness for pipelined microprocessors
Proceedings of the 2004 Asia and South Pacific Design Automation Conference
Refinement Maps for Efficient Verification of Processor Models
Proceedings of the conference on Design, Automation and Test in Europe - Volume 2
A complete compositional reasoning framework for the efficient verification of pipelined machines
ICCAD '05 Proceedings of the 2005 IEEE/ACM International conference on Computer-aided design
Monolithic verification of deep pipelines with collapsed flushing
Proceedings of the conference on Design, automation and test in Europe: Proceedings
MEMOCODE '05 Proceedings of the 2nd ACM/IEEE International Conference on Formal Methods and Models for Co-Design
Functional verification of the POWER4 microprocessor and POWER4 multiprocessor systems
IBM Journal of Research and Development
Validating a modern microprocessor
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Verifying deadlock-freedom of communication fabrics
VMCAI'11 Proceedings of the 12th international conference on Verification, model checking, and abstract interpretation
Hi-index | 0.00 |
We show how to automatically verify that complex pipelined machine models satisfy the same safety and liveness properties as their instruction-set architecture (ISA) models by using well-founded equivalence bisimulation (WEB) refinement. We show how to reduce WEB-refinement proof obligations to formulas expressible in the decidable logic of counter arithmetic with lambda expressions and uninterpreted functions (CLU). This allows us to automate the verification of the pipelined machine models by using the UCLID decision procedure to transform CLU formulas to Boolean satisfiability problems. To relate pipelined machine states to ISA states, we use the commitment and flushing refinement maps. We evaluate our work using 17 pipelined machine models that contain various features, including deep pipelines, precise exceptions, branch prediction, interrupts, and instruction queues. Our experimental results show that the overhead of proving liveness, obtained by comparing the cost of proving both safety and liveness with the cost of only proving safety, is about 17%, but depends on the refinement map used; for example, the liveness overhead is 23% when flushing is used and is negligible when commitment is used.