Using abstraction for efficient formal verification of pipelined processors with value prediction

Presented are abstraction techniques that accelerate the formal verification of pipelined processors with value prediction. The formal verification is done by modeling based on the logic of equality with uninterpreted functions and memories (EUFM), and using an automatic tool flow. Applying special abstractions in previous work had resulted in EUFM correctness formulas where most of the terms (abstract word-level values) appear in only positive equations (equality comparisons) or as arguments of uninterpreted functions and uninterpreted predicates, allowing such terms to be treated as distinct constants - a property called positive equality. That property produced orders of magnitude speedup. However, in processors with value prediction, the mechanism for correcting value mispredictions introduces both positive and negated equations between the actual and predicted values, thus reducing significantly the potential for exploiting positive equality. The contributions of this paper are: 1) modeling and formal verification of pipelined processors with load-value prediction and fully implemented mechanism for correcting load-value mispredictions; 2) an approach to abstract the mechanism for detecting load-value mispredictions, thus allowing the use of positive equality, at the cost of enriching the specification processor with the abstracted mechanism for detecting load-value mispredictions; and 3) the observation that this abstraction technique is general and applicable to the formal verification of pipelined processors with other forms of value prediction, e.g., branch prediction, as illustrated with experimental results. The presented abstraction technique produced an order of magnitude speedup when formally verifying a 5-stage pipelined processor with load-value prediction. It can be expected that the speedup would be significantly greater for more complex processors with value prediction