Mikhail Chupilko, Alexander Kamkin , and Dmitry Vorobyev Institute for System Programming of RAS

1. Simulation-Based Verification of Microprocessor Units Based on Cycle-Accurate Contract Specifications Mikhail Chupilko, Alexander Kamkin, and Dmitry Vorobyev Institute for System Programming of RAS

2. Cost of microprocessor error • Pentium FDIV Bug (Intel, 1994) • The cost is475 000 000 $ • Phenom (9x00 Stepping B2) L3 Cache’s TLB Errata (AMD, 2007) • Implicit negative profit • Design new microprocessor • The cost is about 100 000 000 $ SYRCoSE'2008

3. Levels of verification • System-level verification • Unit-level verification Target system Test action Target system Test action Target unit SYRCoSE'2008

4. Operation execution Clock Operation Operands Executing 1st stage 2nd stage Time SYRCoSE'2008

5. A2 stage Bubble A1 stage B1 stage B2 stage Pipelined operations execution Clock OperationA OperationB Operands Operands Executing Executing Time SYRCoSE'2008

6. Contract specifications pre(input) // obligation for client output = operation(input) post(intput, output) // benefit for client • If a client meets the precondition, then the component must fulfill the postcondition SYRCoSE'2008

7. Specification of operations OperationA Contracts of A’s stages Contract of A pre(A) guard(A1) post(A1) A1 … … guard(AN) post(AN) AN SYRCoSE'2008

8. A1 A2 … AN B1 B2 … BN Idea of the approach post(A2) post(B1) OperationA OperationB Test Oracle … Time 1 2 3 SYRCoSE'2008

9. Requirements Requirement is a formal atomic predicate constructed on the defined functions. Types: • Pre – req. on microoperation precondition • Guard – req. on microoperation guard condition • Update – implicit requirements on microoperation functionality • Post – explicit requirements on microoperation functionality SYRCoSE'2008

10. Tool support • The approach is integrated into the CTESK tool from the UniTESK toolkit • Special library is developed to simplify the creation of specifications and tests for Verilog designs using CTESK http://www.unitesk.com SYRCoSE'2008

11. Specification example Floating-point adder Stage 0: alignment of exponent Stage 1: addition of fractions Stage 2: normalization of result SYRCoSE'2008

12. Catalogue example SYRCoSE'2008

13. Precondition pre { return (isZero(op1) || isNormalized(op1)) && (isZero(op2) || isNormalized(op2)); } SYRCoSE'2008

14. Postcondition (for stage 3) post { return result == op1 + op2; } SYRCoSE'2008

15. Case study • The approach was applied to several units of MIPS64-compatible microprocessor: • TLB (Translation Lookaside Buffer) • L2 Cache SYRCoSE'2008

16. TLB requirements Pre Guard Update Post Total • Read 5 0 0 2 7 • Write 5 0 2 2 9 • Probe 5 0 0 3 8 • Translate (Data) 5 0 3 30 38 • Translate (Instruction) 5 3 2 27 37 • Total 25 3 7 64 99 SYRCoSE'2008

17. TLB verification results • Specification consists 2.5 KLOC • Labor-costs of testbench development is about 2.5 man-months • We have found 9 errors SYRCoSE'2008

18. L2 cache requirements Pre Guard Update Post Total • Load 4 10 7 4 24 • Loadi 2 5 0 2 9 • Store 6 13 77 15 111 • Cache 5 3 20 6 34 • Load (DSP) 1 0 0 1 2 • Store (DSP) 1 0 1 0 2 • Total 18 31 27 105 181 SYRCoSE'2008

19. L2cache verification results • Specifications consists 3 KLOC • Labor-costs of testbench development is about 4 man-months • We have found 6 errors SYRCoSE'2008

20. Future work • Generalization for branching pipelines, pipelines with cycles, etc. • Improvement of tool support for specification and tests development SYRCoSE'2008

21. Contacts • Institute for System Programming of RAShttp://www.ispras.ru • UniTESK Technologyhttp://www.unitesk.com • Alexander Kamkin, Dmitry Vorobyev, Mikhail Chupilko{kamkin, vorobyev, chupilko}@ispras.ru SYRCoSE'2008

22. Thank You!Questions? SYRCoSE'2008