The existence of refinement mappings
Theoretical Computer Science
Distributed computing: models and methods
Handbook of theoretical computer science (vol. B)
The PowerPC architecture: a specification for a new family of RISC processors
The PowerPC architecture: a specification for a new family of RISC processors
Efficient validity checking for processor verification
ICCAD '95 Proceedings of the 1995 IEEE/ACM international conference on Computer-aided design
Techniques for verifying superscalar microprocessors
DAC '96 Proceedings of the 33rd annual Design Automation Conference
Memory systems and pipelined processors
Memory systems and pipelined processors
Computer architecture (2nd ed.): a quantitative approach
Computer architecture (2nd ed.): a quantitative approach
Bit-Level Abstraction in the Verfication of Pipelined Microprocessors by Correspondence Checking
FMCAD '98 Proceedings of the Second International Conference on Formal Methods in Computer-Aided Design
FMCAD '98 Proceedings of the Second International Conference on Formal Methods in Computer-Aided Design
Hardware Modeling Using Function Encapsulation
FMCAD '00 Proceedings of the Third International Conference on Formal Methods in Computer-Aided Design
Verifying out-of-order executions
Proceedings of the IFIP WG 10.5 International Conference on Correct Hardware Design and Verification Methods: Advances in Hardware Design and Verification
Trace Table Based Approach for Pipeline Microprocessor Verification
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
Formal Verification of Out-of-Order Execution Using Incremental Flushing
CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
Verification of an Implementation of Tomasulo's Algorithm by Compositional Model Checking
CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
You Assume, We Guarantee: Methodology and Case Studies
CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
Processor Verification with Precise Exeptions and Speculative Execution
CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
Decomposing the Proof of Correctness of pipelined Microprocessors
CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
Automatic verification of Pipelined Microprocessor Control
CAV '94 Proceedings of the 6th International Conference on Computer Aided Verification
A Correctness Model for Pipelined Multiprocessors
TPCD '94 Proceedings of the Second International Conference on Theorem Provers in Circuit Design - Theory, Practice and Experience
Efficient formal verification of pipelined processors with instruction queues
Proceedings of the 14th ACM Great Lakes symposium on VLSI
Challenges in the Formal Verification of Complete State-of-the-Art Processors
ICCD '05 Proceedings of the 2005 International Conference on Computer Design
Using Abstraction for Efficient Formal Verification of Pipelined Processors with Value Prediction
ISQED '06 Proceedings of the 7th International Symposium on Quality Electronic Design
Automatic verification of safety and liveness for pipelined machines using WEB refinement
ACM Transactions on Design Automation of Electronic Systems (TODAES)
Formal verification of backward compatibility of microcode
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
CALCO'05 Proceedings of the First international conference on Algebra and Coalgebra in Computer Science
| Hi-index | 0.00 |
We have verified the FM9801, a microprocessor design whose features include speculative execution, out-of-order issue and completion of instructions using Tomasulo's algorithm, and precise exceptions and interrupts. As a correctness criterion, we used a commutative diagram that compares the result of the pipelined execution from a flushed state to another flushed state with that of the sequential execution. Like many pipelined microprocessors, the FM9801 may not operate correctly if the executed program modifies itself. We discuss the condition under which the processor is guaranteed to operate correctly. In order to show that the correctness criterion is satisfied, we introduce an intermediate abstraction that records the history of executed instructions. Using this abstraction, we define a number of invariant properties that must hold during the operation of the FM9801. We verify these invariant properties, and then derive the proof of the commutative diagram from them. The proof has been mechanically checked by the ACL2 theorem prover.