## Modeling and Verification of Out-of-Order Microprocessors in UCLID (2002)

Citations: | 42 - 13 self |

### BibTeX

@MISC{Lahiri02modelingand,

author = {Shuvendu K. Lahiri and Sanjit A. Seshia and Randal E. Bryant},

title = {Modeling and Verification of Out-of-Order Microprocessors in UCLID},

year = {2002}

}

### Years of Citing Articles

### OpenURL

### Abstract

In this paper, we describe the modeling and verification of out-of-order microprocessors with unbounded resources using an expressive, yet efficiently decidable, quantifier-free fragment of first order logic. This logic includes uninterpreted functions, equality, ordering, constrained lambda expressions, and counter arithmetic. UCLID is a tool for specifying and verifying systems expressed in this logic. The paper makes two main contributions. First, we show that the logic is expressive enough to model components found in most modern microprocessors, independent of their actual sizes. Second, we demonstrate UCLID's verification capabilities, ranging from full automation for bounded property checking to a high degree of automation in proving restricted classes of invariants. These techniques, coupled with a counterexample generation facility, are useful in establishing correctness of processor designs. We demonstrate UCLID's methods using a case study of a synthetic model of an out-of-order processor where all the invariants were proved automatically.

### Citations

1114 | Chaff: Engineering an efficient SAT solver
- Moskewicz, Madigan, et al.
- 2001
(Show Context)
Citation Context ...reg:valid(r2 )) =) (reg:tag(r1 ) 6= reg:tag(r2 ))] 2. rf-rob: 8r[:reg:valid(r) =) rob:dest(reg:tag(r)) = r] The experiments were performed on a 1400MHz Pentium with 256MB memory running Linux. zChaff =-=[15]-=- was used as the SAT solver within UCLID. To compare the performance of UCLID's decision procedure, we also used SVC [3] to decide the CLU formulas. Although SVC's logic is more expressive than CLU (i... |

534 | PVS: A Prototype Verification System
- Owre, Rushby, et al.
- 1992
(Show Context)
Citation Context ...rate it with the verification of an out-of-order unit. Hosabettu et al. [10, 11] use a completion function approach to verify advanced microarchitectures which includes reorder buffers, using the PVS =-=[16]-=- theorem prover. The method requires user ingenuity to construct a completion function for the different instruction types and then composing the different completion functions to obtain the abstracti... |

259 | Automated verification of pipelined microprocessor control
- BURCH, L
- 1994
(Show Context)
Citation Context ...mal verification techniques, including symbolic model checking [4, 12], theorem proving [17, 2, 11], and approaches based on decision procedures for the logic of equality with uninterpreted functions =-=[8, 6, 20]-=- have been used to verify such microarchitectures. In previous work, Bryant et al.[5,6] presented PEUF, a logic of positive equality with uninterpreted functions. PEUF has been shown to be expressive ... |

151 | Validity checking for combinations of theories with equality
- Barrett, Dill, et al.
- 1996
(Show Context)
Citation Context ...ts were performed on a 1400MHz Pentium with 256MB memory running Linux. zChaff [15] was used as the SAT solver within UCLID. To compare the performance of UCLID's decision procedure, we also used SVC =-=[3]-=- to decide the CLU formulas. Although SVC's logic is more expressive than CLU (includes bit-vectors and linear arithmetic in addition to CLU constructs), the decision procedure for CLU outperforms SVC... |

141 | Modeling and verifying systems using a logic of counter arithmetic with lambda expressions and uninterpreted functions
- Bryant, Lahiri, et al.
- 2002
(Show Context)
Citation Context ...bounded queues and reorder buffers, which limits its applicability to processors with bounded resources. To overcome this problem, we have generalized PEUF to yield a more expressive logic called CLU =-=[7]-=-, which is a logic of Counter Arithmetic with Lambda Expressions and Uninterpreted Functions. UCLID is a system for modeling and verifying systems modeled in CLU. It can be used to model a large class... |

90 | Processor verification using efficient reductions of the logic of uninterpreted functions to propositional logic
- Bryant, German, et al.
(Show Context)
Citation Context ...mal verification techniques, including symbolic model checking [4, 12], theorem proving [17, 2, 11], and approaches based on decision procedures for the logic of equality with uninterpreted functions =-=[8, 6, 20]-=- have been used to verify such microarchitectures. In previous work, Bryant et al.[5,6] presented PEUF, a logic of positive equality with uninterpreted functions. PEUF has been shown to be expressive ... |

90 | Verification of an implementation of Tomasulo’s algorithm by compositional model checking
- MCMILLAN
- 1998
(Show Context)
Citation Context ...fication is automatically performed using Cadence SMV. The out-of-order processor we verify is similar in complexity to the model of Tomasulo algorithm McMillan verified using compositional reasoning =-=[14]-=-. The author acknowledges that the proof is not automatic and substantial human effort is required to decompose the proof into lemmas about small components of states. The main advantage of using mode... |

54 | M.N.: Exploiting Positive Equality in a Logic of Equality with Uninterpreted Functions
- Bryant, German, et al.
- 1999
(Show Context)
Citation Context ... 2, 11], and approaches based on decision procedures for the logic of equality with uninterpreted functions [8, 6, 20] have been used to verify such microarchitectures. In previous work, Bryant et al.=-=[5,6]-=- presented PEUF, a logic of positive equality with uninterpreted functions. PEUF has been shown to be expressive enough to model pipelined processors and also has a very efficient decision procedure b... |

53 | Cha#: Engineering an e#cient sat solver - Moskewicz, Madigan, et al. - 2001 |

49 | PVS: A prototype veri system - Owre, Rushby, et al. - 1992 |

45 | Processor verification with precise exceptions and speculative execution
- Sawada, Hunt
- 1998
(Show Context)
Citation Context ...lining, speculative, out-of-order execution, register-renaming, exceptions, and multi-level caching. Several formal verification techniques, including symbolic model checking [4, 12], theorem proving =-=[17, 2, 11]-=-, and approaches based on decision procedures for the logic of equality with uninterpreted functions [8, 6, 20] have been used to verify such microarchitectures. In previous work, Bryant et al.[5,6] p... |

43 | Formal Verification of Superscalar Microprocessors with Multicycle Functional Units
- Velev, Bryant
- 2000
(Show Context)
Citation Context ...ng those of the MIPS R10000, PowerPC 620, and Pentium Pro [18]. 3.1 Terms, Uninterpreted Functions and Data Abstraction Microprocessors are described using the standard term-level modeling primitives =-=[17, 12, 21]-=-, where data-words and bit-vectors are abstracted with terms, and functional units abstracted with uninterpreted functions. 3.2 Memories In this section, we look at a few different formulations of mem... |

35 | Proof of Correctness of a Processor with Reorder Buffer Using the Completion Functions Approach
- Hosabettu, Srivas, et al.
- 1999
(Show Context)
Citation Context ...hat automating the proof of the lemmas would make the verification easier. Automating proof is central to our work and we illustrate it with the verification of an out-of-order unit. Hosabettu et al. =-=[10, 11]-=- use a completion function approach to verify advanced microarchitectures which includes reorder buffers, using the PVS [16] theorem prover. The method requires user ingenuity to construct a completio... |

33 | Combining Symbolic Model Checking with Uninterpreted Functions for Out-of-order Processor Verification
- Berezin, Biere, et al.
(Show Context)
Citation Context ...ing features such as pipelining, speculative, out-of-order execution, register-renaming, exceptions, and multi-level caching. Several formal verification techniques, including symbolic model checking =-=[4, 12]-=-, theorem proving [17, 2, 11], and approaches based on decision procedures for the logic of equality with uninterpreted functions [8, 6, 20] have been used to verify such microarchitectures. In previo... |

31 | Microarchitecture verification by compositional model checking
- Jhala, McMillan
- 2001
(Show Context)
Citation Context ...ing features such as pipelining, speculative, out-of-order execution, register-renaming, exceptions, and multi-level caching. Several formal verification techniques, including symbolic model checking =-=[4, 12]-=-, theorem proving [17, 2, 11], and approaches based on decision procedures for the logic of equality with uninterpreted functions [8, 6, 20] have been used to verify such microarchitectures. In previo... |

25 |
Formal verification of out-of-order execution using incremental flushing
- Skakkebaek, Jones, et al.
- 1998
(Show Context)
Citation Context ...ondence with a sequential ISA. The model verified in [1] is similar in complexity to ours but once again substantial manual assistance is required to prove the invariants using PVS. Skakkebaek et al. =-=[19]-=- manually transform an out-of-order model of a processor to an intermediate inorder model, and use incremental flushing to show the correspondence of the intermediate model with the ISA model. The man... |

18 | Automatic veri of pipelined microprocessor control - Burch, Dill - 1994 |

16 | The decision problem for standard classes
- Gurevich
- 1976
(Show Context)
Citation Context ...n \Psi (x 1 ; : : : ; xm ) and \Phi(y 1 ; : : : ; y k ) respectively. In general, the problem of checking validity of first-order formulas of the form (1), with uninterpreted functions is undecidable =-=[9]-=-. Note that this class of formulas cannot be expressed in CLU, since CLU is a quantifier-free logic. However, UCLID has a preprocessor for formulas of the form (1), which are translated to a CLU formu... |

12 |
Verifying Tomasulo’s algorithm by Refinement
- ARONS, A
- 1999
(Show Context)
Citation Context ...mplexity as that in their original work [10], we shall show that the invariants required in our verification are few and simple, and they are discharged in a completely automatic manner. Arons et al. =-=[1, 2]-=- also verify out-of-order processors using refinement within PVS theorem prover. Our verification scheme is very similar to their approach as it also uses prediction to establish the correspondence wi... |

12 | Using rewriting rules and positive equality to formally verify wide-issue out-of-order microprocessors with a reorder buffer
- Velev
- 2002
(Show Context)
Citation Context ...mal verification techniques, including symbolic model checking [4, 12], theorem proving [17, 2, 11], and approaches based on decision procedures for the logic of equality with uninterpreted functions =-=[8, 6, 20]-=- have been used to verify such microarchitectures. In previous work, Bryant et al.[5,6] presented PEUF, a logic of positive equality with uninterpreted functions. PEUF has been shown to be expressive ... |

9 |
A comparison of two verification methods for speculative instruction execution
- Arons, Pnueli
- 2000
(Show Context)
Citation Context ...lining, speculative, out-of-order execution, register-renaming, exceptions, and multi-level caching. Several formal verification techniques, including symbolic model checking [4, 12], theorem proving =-=[17, 2, 11]-=-, and approaches based on decision procedures for the logic of equality with uninterpreted functions [8, 6, 20] have been used to verify such microarchitectures. In previous work, Bryant et al.[5,6] p... |

7 | Verifying advanced microarchitectures that support speculation and exceptions
- Hosabettu, Gopalakrishnan, et al.
- 2000
(Show Context)
Citation Context ...lining, speculative, out-of-order execution, register-renaming, exceptions, and multi-level caching. Several formal verification techniques, including symbolic model checking [4, 12], theorem proving =-=[17, 2, 11]-=-, and approaches based on decision procedures for the logic of equality with uninterpreted functions [8, 6, 20] have been used to verify such microarchitectures. In previous work, Bryant et al.[5,6] p... |

6 |
Experience with term level modeling and verification of the M•CORE ™ microprocessor core
- Lahiri, Pixley, et al.
- 2001
(Show Context)
Citation Context ...ity with uninterpreted functions. PEUF has been shown to be expressive enough to model pipelined processors and also has a very efficient decision procedure based on Boolean techniques. Lahiri et al. =-=[13]-=- demonstrate the use of this technique for the verification of the superscalar, deeply pipelined MCORE 1 processor, by 1 MCORE is a registered trademark of Motorola Inc. finding bugs in the real desig... |

6 | Processor veri using ecient reductions of the logic of uninterpreted functions to propositional logic - Bryant, German, et al. - 2001 |

6 | Processor veri with precise exceptions and speculative execution - Sawada, Hunt - 1998 |

4 | Formal Veri of Superscalar Microprocessors with Multicycle Functional Units, Exceptions and Branch Predication - Velev, Bryant - 2000 |

3 | A comparison of two veri methods for speculative instruction execution - Arons, Pnueli - 2000 |

3 | Microarchitecture veri by compositional model checking - Jhala, McMillan - 2001 |

3 | Formal veri of out-of-order execution using incremental - Skakkaebaek, Jones, et al. - 1998 |

2 |
Fundamentals of Superscalar Processor Design
- Shen, Lipasti
- 2001
(Show Context)
Citation Context ...es of modern superscalar processor designs. Primitive constructs have been drawn from a wide spectrum of industrial processor designs, including those of the MIPS R10000, PowerPC 620, and Pentium Pro =-=[18]-=-. 3.1 Terms, Uninterpreted Functions and Data Abstraction Microprocessors are described using the standard term-level modeling primitives [17, 12, 21], where data-words and bit-vectors are abstracted ... |

2 | Experience with term level modeling and veri of the MCORE microprocessor core - Lahiri, Pixley, et al. - 2001 |

1 | Verifying Tomasulo's algorithm by Re - Arons, Pnueli - 1999 |