Results 1 
9 of
9
On embedding a microarchitectural design language within Haskell
 In Proceedings of the ACM SIGPLAN International Conference on Functional Programming (ICFP ’99
, 1999
"... Based on our experience with modelling and verifying microarchitectural designs within Haskell, this paper examines our use of Haskell as host for an embedded language. In particular, we highlight our use of Haskell's lazy lists, type classes, lazy state monad, and unsafePerformIO, and point to ..."
Abstract

Cited by 39 (4 self)
 Add to MetaCart
Based on our experience with modelling and verifying microarchitectural designs within Haskell, this paper examines our use of Haskell as host for an embedded language. In particular, we highlight our use of Haskell's lazy lists, type classes, lazy state monad, and unsafePerformIO, and point to several areas where Haskell could be improved in the future. We end with an example of a benefit gained by bringing the functional perspective to microarchitectural modelling.
Microprocessor Specification in Hawk
 In Proceedings of the 1998 International Conference on Computer Languages
, 1998
"... Modern microprocessors require an immense investment of time and effort to create and verify, from the highlevel architectural design downwards. We are exploring ways to increase the productivity of design engineers by creating a domainspecific language for specifying and simulating processor arch ..."
Abstract

Cited by 34 (2 self)
 Add to MetaCart
Modern microprocessors require an immense investment of time and effort to create and verify, from the highlevel architectural design downwards. We are exploring ways to increase the productivity of design engineers by creating a domainspecific language for specifying and simulating processor architectures. We believe that the structuring principles used in modern functional programming languages, such as static typing, parametric polymorphism, firstclass functions, and lazy evaluation provide a good formalism for such a domainspecific language, and have made initial progress by creating a library on top of the functional language Haskell. We have specified the integer subset of an outoforder, superscalar DLX microprocessor, with registerrenaming, a reorder buffer, a global reservation station, multiple execution units, and speculative branch execution. Two key abstractions of this library are the signal abstract data type (ADT), which models the simulation history of a wire, and the transaction ADT, which models the state of an entire instruction as it travels through the microprocessor. 1
Formal verification of complex outoforder pipelines by combining modelchecking and theoremproving
 In Computer Aided Verification (CAV), volume 2404 of LNCS
, 2002
"... Abstract. We describe a methodology for the formal verification of complex outoforder pipelines as they may be used as execution units in outoforder processors. The pipelines may process multiple instructions simultaneously, may have branches and cycles in the pipeline structure, may have variab ..."
Abstract

Cited by 12 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We describe a methodology for the formal verification of complex outoforder pipelines as they may be used as execution units in outoforder processors. The pipelines may process multiple instructions simultaneously, may have branches and cycles in the pipeline structure, may have variable latency, and may reorder instructions internally. The methodology combines modelchecking for the verification of the pipeline control, and theorem proving for the verification of the pipeline functionality. In order to combine both techniques, we formally verify that the FairCTL operators defined in µcalculus match their intended semantics expressed in a form where computation traces are explicit, since this form is better suited for theorem proving. This allows the formally safe translation of modelchecked properties of the pipeline control into a theoremproving friendly form, which is used for the verification of the overall correctness, including the functionality. As an example we prove the correctness of the pipeline of a multiplication/division floating point unit with all the features mentioned above. 1
A Practical Methodology for the Formal Verification of RISC Processors
, 1995
"... In this paper a practical methodology for formally verifying RISC cores is presented. This methodology is based on a hierarchical model of interpreters which reflects the abstraction levels used by a designer in the implementation of RISC cores, namely the architecture level, the pipeline stage leve ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
In this paper a practical methodology for formally verifying RISC cores is presented. This methodology is based on a hierarchical model of interpreters which reflects the abstraction levels used by a designer in the implementation of RISC cores, namely the architecture level, the pipeline stage level, the clock phase level and the hardware implementation. The use of this model allows us to successively prove the correctness between two neighbouring levels of abstractions, so that the verification process is simplified. The parallelism in the execution of the instructions, resulting from the pipelined architecture of RISCs is handled by splitting the proof into two independent steps. The first step shows that each architectural instruction is implemented correctly by the sequential execution of its pipeline stages. The second step shows that the instructions are correctly processed by the pipeline in that we prove that under certain constraints from the actual architecture, no conflic...
A Correctness Proof for Pipelining in RISC Architectures
, 1996
"... We describe a technique for specifying and verifying the control of pipelined microprocessors which can be used where traditional or purely automatic methods do not scale up to complex commercial microprocessor design. We illustrate our approach through a formal specification of Hennessy's and ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
We describe a technique for specifying and verifying the control of pipelined microprocessors which can be used where traditional or purely automatic methods do not scale up to complex commercial microprocessor design. We illustrate our approach through a formal specification of Hennessy's and Patterson's RISC processor DLX [HP90] for which we prove the correctness of its pipelined model with respect to the sequential model. First we concentrate our attention on the provably correct refinement of the sequential ground model DLX to the pipelined parallel version DLX p in which structural hazards (resource conflicts) are eliminated. Then we extend the result to the model DLX data in which also data hazards for not jump instructions are treated. The next step consists of building the model DLX ctrl in which control hazards are eliminated. In the last step we define DLX pipe and prove that it refines DLX ctrl correctly and takes care also of data hazards relative to jump instruct...
Combining streambased and statebased verification techniques for microarchitectures
 In Formal Methods in ComputerAided Design, volume 1954 of Lecture Notes in Computer Science
, 2000
"... Abstract Algebraic verification techniques manipulate the structure of a circuit while preserving its behavior. Algorithmic verification techniques verify properties about the behavior of a circuit. These two techniques have complementary strengths: algebraic techniques are largely independent of th ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Abstract Algebraic verification techniques manipulate the structure of a circuit while preserving its behavior. Algorithmic verification techniques verify properties about the behavior of a circuit. These two techniques have complementary strengths: algebraic techniques are largely independent of the size of the state space, and algorithmic techniques are highly automated. It is desirable to exploit both in the same verification. However, algebraic techniques often use streambased models of circuits, while algorithmic techniques use statebased models. We prove the consistency of stream and statebased interpretations of circuit models, and show how streambased verification results can be used handinhand with statebased verification results. Our approach allows us to combine streambased algebraic rewriting and statebased reasoning, using SMV and SVC, to verify a pipelined microarchitecture with speculative execution. 1 Introduction Hardware verification techniques can be broadly grouped into those that reason about both the behavior and structure of circuits, and those that reason just about the behavior. Algebraic techniques, such as retiming (e.g., [29,18]), manipulate the structure of the circuit while preserving its behavior. They have the advantage of being largely independent of the size of the state space. Algebraic techniques often manipulate streambased models of circuits, i.e., they treat circuits as functions (streams of values). Algorithmic verification techniques, such as model checking [10,30], verify properties about the behavior of a statebased model, i.e., a state transition system, and have the advantage of being highly automated. In this work, we bridge the gap between these two forms of models by proving that verification results in the streambased world correspond to correctness criteria of statebased models. We use O'Donnell's method to provide both streamand statebased interpretations of circuit descriptions [24]. We use the notation f[\Delta]g for the streambased interpretation, and [[\Delta]] for the statebased interpretation.
A Correctness Proof of a Speculative, Superscalar, OutofOrder, Renaming Microarchitecture
, 1998
"... Microarchitects are increasingly using techniques such as speculation, register renaming, and superscalar outoforder execution to make use of instructionlevel parallelism. However, the growing complexity of modern microprocessors exacerbates the difficulty of relating them to the simple machines ..."
Abstract
 Add to MetaCart
Microarchitects are increasingly using techniques such as speculation, register renaming, and superscalar outoforder execution to make use of instructionlevel parallelism. However, the growing complexity of modern microprocessors exacerbates the difficulty of relating them to the simple machines that they emulate. Flaws found later in lowerlevel validation are often microarchitectural in nature. In this paper we provide highlevel mathematical specifications for a basic machine and for a speculative, superscalar, outoforder, renaming machine based on the Intel P6 microarchitecture. We then prove that the visible outputs of the two machines are equivalent.
A Hardware Combinator For TreeShaped Circuits
, 1998
"... A great deal of research effort has been recently spent in the areas of formal hardware verification. Several approaches have been proposed using model checkers, inductionbased approaches and higherorder logics. Three problems common to all these approaches, however, include the ad hoc nature of ..."
Abstract
 Add to MetaCart
A great deal of research effort has been recently spent in the areas of formal hardware verification. Several approaches have been proposed using model checkers, inductionbased approaches and higherorder logics. Three problems common to all these approaches, however, include the ad hoc nature of proof organization, the lack of generalized hardware theories and the lack of support for modular verification. We address the last two problems by extending the idea of hardware combinators to structures that are treelike in shape and develop general proof methods using these hardware combinators. The combinators provide support for modular design and verification and may be incorporated into larger verification tools while the general proof strategies reduce the verification effort required of the tool's user.