This paper describes a validation methodology for microprocessors based on the generation of suitable test programs. To devise an effective set of test programs, a small number of programs are randomly created and then optimized by an evolutionary core using the feedback information from a logic simulator. The proposed methodology is almost fully automatic, broadly applicable and does not rely on skilled experts. A synthesizable VHDL model of a 32-bit processor conforming to the SPARC V8 standard is used as a case study. Although of moderate size, this case study uncovers several problems that can be found in modern designs. The proposed methodology was exploited to generate a test program aimed at maximizing the RT-level statement coverage; the achieved results are compared with the ones attained with an instruction randomizer, and show the effectiveness of the proposed approach. 1

Abstract not found

We consider models of hardware systems, within a welldeveloped set of mathematical tools based on an equational, algebraic model. We implement these tools using Maude, an equational, algebraic language with strong meta-language tools and an efficient term rewriting implementation. Maude has the same mathematical basis as the existing formal tools and it is fast. We consider the process of verification, and apply it to a simple illustrative pipeline. Microprocessors, and related systems, are modelled as iterated maps. Initialisation functions act as an invariant when applying one-step theorems to reduce formal verification to state exploration.

The hol-4 proof system has been used to formally verify the correctness of the ARM6 micro-architecture. This paper describes the specification and verification of one instructions class, block data transfers; these are a form of load-store instruction in which a set of up to sixteen registers can be transferred atomically. The ARM6 is a commercial RISC microprocessor that has been used extensively in embedded systems – it has a 3-stage pipeline with a multi-cycled execute stage. A list based programmer’s model specification of the block data transfers is compared with the ARM6’s implementation which uses a 16-bit mask. The models are far removed and reasonably complex, and this poses a verification challenge. This paper describes the approach and some key lemmas used in verifying correctness, which is defined using data and temporal abstraction maps. 1

Abstract. The hol-4 proof system has been used to formally verify the correctness of the ARM6 micro-architecture. This paper describes the specification and verification of the multiply instructions. The processor’s implementation is based on the modified Booth’s algorithm. Correctness is defined using data and temporal abstraction maps. The ARM6 is a commercial RISC microprocessor that has been used extensively in embedded systems – it has a 3-stage pipeline with a multi-cycled execute stage. This paper describes the approach used in the formal verification and presents some key lemmas. 1

The paper presents a sequence of three projects on design and formal verification of pipelined and superscalar processors. The projects were integrated—by means of lectures and preparatory homework exercises—into an existing advanced computer architecture course taught to both undergraduate and graduate students in a way that required them to have no prior knowledge of formal methods. The first project was on design and formal verification of a 5-stage pipelined DLX processor, implementing the six basic instruction types—register-register-ALU, registerimmediate-ALU, store, load, jump, and branch. The second project was on extending the processor from project one with ALU exceptions, a return-from-exception instruction, and branch prediction; each of the resulting models was formally verified. The third project was on design and formal verification of a dual-issue superscalar version of the DLX from project one. The preparatory homework problems included an exercise on design and formal verification of a staggered ALU, pipelined in the style of the integer ALUs in the Intel Pentium 4. The processors were described in the high-level hardware description language AbsHDL that allows the students to ignore the bit widths of word-level values and the internal implementations of functional units and memories, while focusing entirely on the logic that controls the pipelined or superscalar execution. The formal verification tool flow included the term-level symbolic simulator TLSim, the decision procedure EVC, and an efficient SAT-checker; this tool flow—combined with the same abstraction techniques for defining processors with exceptions and branch prediction, as used in the projects—was applied at Motorola to formally verify a model of the MCORE processor, and detected bugs. The course went through two iterations—offered at the Georgia Institute of Technology in the summer and fall of 2002—and was taught to 67 students, 25 of whom were undergraduates.

An executable computational logic can provide the desired bridge between formal system properties and formal methods to verify them on the one hand, and executable models of system designs based on programming languages on the other. However, not all such logics are equally well suited for the task. This paper gives some requirements that seem important for a computational logic to be suitable in practice, and discusses the experience with rewriting logic, its Maude language implementation, and its formal tool environment, concluding that they seem to meet well those requirements. 1. The General Idea The present conference explores a convergence of formal methods and programming language based approaches to system design in both hardware and embedded hardwaresoftware systems. There are many practical benefits to be gained from such a convergence and, furthermore, there are important research issues involved. I wish to put forward a simple general idea that in my view provides a conceptual key to exploring a convergence of this kind. As suggested in the title, the idea is that an executable computational logic can provide the desired bridge between formal system properties and formal methods to verify them on the one hand, and executable models of system designs based on programming languages on the other. The general idea as such is hardly new: it has already been demonstrated very successfully by different researchers using different computational logics. There are

In the past performance counters have been available to top-end microprocessors as hardware luxuries for profiling critical applications. Today, on the contrary, several desktop microprocessors contain hardware support for monitoring performance events. This paper proposes a new approach to automatic test program generation that exploits such hardware to monitor specific microarchitectural events. In the approach, the generation tool repeatedly evaluates and improves candidate programs directly running on the target microprocessor: candidate programs are not “simulated”, but rather “executed”. The fast evaluation of candidate tests enables the use of an automatic methodology even on large designs. As a case study, an experiment targeting the Intel ® Pentium ® 4 microprocessor is reported. 1.

Abstract not found

www.cad.polito.it Abstract * Microprocessor soft cores offer today an effective solution to the problem of rapidly developing new systemon-a-chips. However, all the features they offer are rarely used in embedded applications, and thus designers are often involved in the challenging task of soft-core customization to obtain application-specific processors. This paper proposes a novel approach to help designers in the simulation-based validation of application-specific processors. Suitable input stimuli are automatically generated while reasoning only on the software application the processor is intended to execute, while all the details concerning the processor hardware are neglected. Experimental results on a 8051 soft core show the effectiveness of the proposed approach. 1.