Skip to main content
SpringerLink
Log in

Correctness of Pipelined Machines

  • Conference paper
  • First Online:
Formal Methods in Computer-Aided Design (FMCAD 2000)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1954))

Included in the following conference series:

Abstract

The correctness of pipelined machines is a subject that has been studied extensively. Most of the recent work has used variants of the Burch and Dill notion of correctness [4]. As new features are modeled, e.g., interrupts, new notions of correctness are developed. Given the plethora of correctness conditions, the question arises: what is a reasonable notion of correctness? We discuss the issue at length and show, by mechanical proof, that variants of the Burch and Dill notion of correctness are flawed. We propose a notion of correctness based on WEBs (Well-founded Equivalence Bisimulations) [16, 19]. Briefly, our notion of correctness implies that the ISA (Instruction Set Architecture) and MA (Micro-Architecture) machines have the same observable in_nite paths, up to stuttering. This implies that the two machines satisfy the same CTL*X properties and the same safety and liveness properties (up to stuttering).

To test the utility of the idea, we use ACL2 to verify several variants of the simple pipelined machine described by Sawada in [22], [23]. Our variants extend the basic machine by adding exceptions (to deal with overflows), interrupts, and fleshed-out 128-bit ALUs (one of which is described in a netlist language). In all cases, we prove the same final theorem. We develop a methodology with mechanical support that we used to verify Sawada’s machine. The resulting proof is substantially shorter than the original and does not require any intermediate abstractions; in fact, given the definitions and some general-purpose books (collections of theorems), the proof is automatic. A practical and noteworthy feature of WEBs is their compositionality. This allows us to prove the correctness of the more elaborate machines in manageable stages.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. B. Brock, M. Kaufmann, and J. S. Moore. ACL2 theorems about commercial microprocessors. In M. Srivas and A. Camilleri, editors, Formal Methods in Computer-Aided Design (FMCAD’96), pages 275–293. Springer-Verlag, 1996.

    Google Scholar 

  2. M. Browne, E. Clarke, and O. Grumberg. Characterizing finite Kripke structures in propositional temporal logic. Theoretical Computer Science, 59, 1988.

    Google Scholar 

  3. R. E. Bryant, S. German, and M. N. Velev. Exploiting positive equality in a logic of equality with uninterpreted functions. In N. Halbwachs and D. Peled, editors, Computer-Aided Verification-CAV’ 99, volume 1633 of LNCS, pages 470–482. Springer-Verlag, 1999.

    Chapter  Google Scholar 

  4. J. R. Burch and D. L. Dill. Automatic veri_cation of pipelined microprocessor control. In Computer-Aided Verification (CAV’ 94), volume 818 of LNCS, pages pp68-80. Springer-Verlag, 1994.

    Google Scholar 

  5. D. Cyrluk. Microprocessor verification in PVS: A methodology and simple example. Technical Report SRI-CSL-93-12, SRI, Dec. 1993.

    Google Scholar 

  6. T. A. Henzinger, S. Qadeer, and S. K. Rajamani. Assume-guarantee refinement between different time scales. In N. Halbwachs and D. Peled, editors, Computer-Aided Verification CAV’ 99, volume 1633 of LNCS, pages 208–221. Springer-Verlag, 19

    Google Scholar 

  7. R. Hosabettu, G. Gopalakrishnan, and M. Srivas. A proof of correctness of a processor implementing Tomasulo’s algorithm without a reorder buffer. In L. Pierre and T. Kropf, editors, Correct Hardware Design and Verification Methods, 10th IFIP WG10.5 Advanced Research Working Conference, (CHARME’ 99), volume 1703 of LNCS, pages 8–22. Springer-Verlag, 1999.

    Google Scholar 

  8. R. Hosabettu, M. Srivas, and G. Gopalakrishnan. Decomposing the proof of correctness of a pileplined microprocessors. In A. J. Hu and M. Vardi, editors, Computer-Aided Verification CAV’ 98, volume 1427 of LNCS. Springer-Verlag, 19

    Google Scholar 

  9. R. Hosabettu, M. Srivas, and G. Gopalakrishnan. Proof of correctness of a processor with reorder buffer using the completion functions approach. In N. Halbwachs and D. Peled, editors, Computer-Aided Verification CAV’ 99, volume 1633 of LNCS. Springer-Verlag, 19

    Google Scholar 

  10. M. Kaufmann, P. Manolios, and J. S. Moore, editors. Computer-Aided Reasoning: ACL2 Case Studies. Kluwer Academic Press, June 2000.

    Google Scholar 

  11. M. Kaufmann, P. Manolios, and J. S. Moore. Computer-Aided Reasoning: An Approach. Kluwer Academic Press, July 2000.

    Google Scholar 

  12. M. Kaufmann and J. S. Moore. ACL2 homepage. See URL http://www.cs.utexas.edu/users/moore/acl2.

  13. M. Kaufmann and J. S. Moore. Structured theory development for a mechanized logic. Journal of Automated Reasoning, 2000. To appear, See URL http://www.cs.utexas.edu/users/moore/publications/acl2-papers.html#Foundations.

  14. P. Manolios. Homepage of Panagiotis Manolios, 2000. See URL http://www.cs.utexas.edu/users/pete.

  15. P. Manolios. Well-founded equivalence bisimulation. Technical report, Department of Computer Sciences, University of Texas at Austin, 2000. In preparation.

    Google Scholar 

  16. P. Manolios, K. Namjoshi, and R. Sumners. Linking theorem proving and model-checking with well-founded bisimulation. In N. Halbwachs and D. Peled, editors, Computer-Aided Verification CAV’ 99, volume 1633 of LNCS, pages 369–379. Springer-Verlag, 19

    Google Scholar 

  17. K. L. McMillan. Verification of an implementation of Tomasulo’s algorithm by compositional model checking. In A. J. Hu and M. Y. Vardi, editors, Computer Aided Verification (CAV’ 98), volume 1427 of LNCS, pages 110–121. Springer-Verlag, 1998.

    Chapter  Google Scholar 

  18. R. Milner. Communication and Concurrency. Prentice-Hall, 1990.

    Google Scholar 

  19. K. S. Namjoshi. A simple characterization of stuttering bisimulation. In 17th Conference on Foundations of Software Technology and Theoretical Computer Science,volume 1346 of LNCS, pages 284–296, 1997.

    Google Scholar 

  20. D. Park. Concurrency and automata on in_nite sequences. In Theoretical Computer Science, volume 104 of LNCS, pages 167–183. Springer-Verlag, 1981.

    Chapter  Google Scholar 

  21. A. Pnueli, Y. Rodeh, O. Shtrichman, and M. Siegel. Deciding equality formulas by small domain instantiations. In N. Halbwachs and D. Peled, editors, Computer-Aided Verification CAV’ 99, volume 1633 of LNCS, pages 455–469. Springer-Verlag, 19

    Google Scholar 

  22. J. Sawada. Formal Verification of an Advanced Pipelined Machine. PhD thesis, University of Texas at Austin, Dec. 1999. See URL http://www.cs.utexas.edu/users/sawada/dissertation/.

  23. J. Sawada. Verification of a simple pipelined machine model. In M. Kaufmann, P. Manolios, and J. S. Moore, editors, Computer-Aided Reasoning: ACL2 Case Studies, pages 137–150. Kluwer Academic Press, 2000.

    Google Scholar 

  24. J. Sawada and W. A. Hunt, Jr. Trace table based approach for pipelined micro-processor verification. In Computer Aided Verification (CAV’ 97), volume 1254 of LNCS, pages 364–375. Springer-Verlag, 1997.

    Google Scholar 

  25. J. Sawada and W. A. Hunt, Jr. Processor verification with precise exceptions and speculative execution. In A. J. Hu and M. Y. Vardi, editors, Computer Aided Verification (CAV’ 98), volume 1427 of LNCS, pages 135–146. Springer-Verlag, 1998.

    Chapter  Google Scholar 

  26. M. Srivas and M. Bickford. Formal verification of a pipelined microprocessor. IEEE Software, pages 52–64, Sept. 1990.

    Google Scholar 

  27. M. K. Srivas and S. P. Miller. Formal verification of an avionics microprocessor. Technical Report CSL-95-04, SRI International, 1995.

    Google Scholar 

  28. P. J. Windley and M. L. Coe. A correctness model for pipelined microprocessors. In Theorem Provers in Circuit Design, volume 901 of LNCS, pages 33–52. Springer-Verlag, 1994.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Sciences, University of Texas at Austin, USA

    Panagiotis Manolios

Authors
  1. Panagiotis Manolios
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Austin Research Laboratories, IBM Corporation, Mail Stop 9460, Building 904 11501 Burnet Road, 78758, Austin, Texas, USA

    Warren A. Hunt Jr.

  2. Computer Science Department, Indiana University, Lindley Hall, 150 W. Woodlawn Avenue, 47405-7104, Bloomington, Indiana, USA

    Steven D. Johnson

Rights and permissions

Reprints and permissions

Copyright information

© 2000 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Manolios, P. (2000). Correctness of Pipelined Machines. In: Hunt, W.A., Johnson, S.D. (eds) Formal Methods in Computer-Aided Design. FMCAD 2000. Lecture Notes in Computer Science, vol 1954. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-40922-X_11

Download citation

  • DOI: https://doi.org/10.1007/3-540-40922-X_11

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-41219-9

  • Online ISBN: 978-3-540-40922-9

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation