1 / 165

Structuring instruction-sets with higher-order functions

Structuring instruction-sets with higher-order functions. Byron Cook Advisor: John Launchbury. Microprocessor correctness. ISA: Simple machine. Lots of microarchitectural tricks. Microprocessor correctness. Speculative. Out-of-order. Superscalar. Pipelined. Microprocessor correctness.

sutton
Download Presentation

Structuring instruction-sets with higher-order functions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Structuring instruction-sets with higher-order functions Byron Cook Advisor: John Launchbury

  2. Microprocessor correctness ISA: Simple machine Lots of microarchitectural tricks

  3. Microprocessor correctness Speculative. Out-of-order. Superscalar. Pipelined.

  4. Microprocessor correctness ?

  5. FV for microprocessor correctness • Approach to improving microprocessor quality: • Model the systems in logic • Prove that the microarchitecture implements the ISA. • Rich mixtures of automatic and manual proof strategies are common.

  6. FV for microprocessor correctness • Research community has found many techniques to solve this problem. • Several papers prove correctness of “superscalar, out-of-order, and speculative” implementations of RISC ISAs.

  7. The twist: ISAs are evolving • Domain-specific extensions. • example: MMX • Predication. • example: ARM • Concurrency instructions: • Example: IA-64 • Speculative instructions: • Example: IA-64

  8. The twist: ISAs are evolving

  9. The twist: ISAs are evolving

  10. The twist: ISAs are evolving Extra structure to leverage

  11. The twist: ISAs are evolving Should be carefully presented

  12. The twist: ISAs are evolving • Opportunity for new axis of proof decomposition: • MMX: Can we first prove that the MMX execution unit correctly implements MMX • Predication: Can we prove just the MA predication machinery correct? • Concurrency instructions: Can we abstract over the underlying pipelines? • Speculative instructions: …………

  13. Question that the dissertation answers Can higher-order functions help? • Facilitate architectural extension design? • Microarchitectural modeling of extensions? • Facilitate the correctness proof?

  14. Overview • Background • Extensions and higher-order functions • Conclusion

  15. Overview • Background • Extensions and higher-order functions • Conclusion

  16. Overview • Background • Models and specifications • Correctness • Formal verification techniques • Extensions and higher-order functions • Conclusion

  17. Models and specifications • In the literature: transition systems are used. • A transition system is a structure with: • A set of initial states. • A next state relation. • An “observation” function.

  18. Models and specifications Let’s see an example………

  19. Models and specifications

  20. Models and specifications

  21. Models and specifications

  22. Models and specifications

  23. Models and specifications t = (init,next,obs) init represents the initial states: init :: {s} next represents the next state relation: next :: i -> s -> {s} obs is the observation function: obs :: s -> o

  24. Models and specifications type TS i s o = ( {s} , i->s->{s} , s->o ) t :: TS i s o t = (init,next,obs)

  25. Models and specifications • {s} can sometimes mean a finite set of elements of s. • Sometimes infinite sets are used. • Sometimes, sets are not used at all.

  26. Models and specifications type TS c i s o = ( c s , i->s->c s , s->o )

  27. Models and specifications • Finite sets • t :: TS FSet i s o. • t :: ( FSet s , i->s->FSet s , s->o ) • Infinite sets: • t :: TS Set i s o. • t :: ( Set s , i->s->Set s , s->o ) • No sets: • t :: TS Id i s o. • t :: ( s , i->s->s , s->o )

  28. Models and specifications data OPCODE = ADD Reg Reg Reg | SUB Reg Reg Reg . . Example: ADD r1 r2 r5 :: OPCODE

  29. Example: An ISA specification risc :: TS FSet OPCODE RegFile (Obs RegFile) risc = (risc_init,risc_next,risc_obs) where risc_init = unit i_rf risc_next instr state = ……… risc_obs s = ………

  30. Models and specifications data Obs x = Ready x | Busy | Stalled

  31. Example: A pipelined model pipe :: TS FSet OPCODE (RegFile,PipeReg,PipeReg,PipeReg) (Obs RegFile) pipe = (pipe_init,pipe_next,pipe_obs) where pipe_init = unit (i_rf,empty,empty,empty) pipe_next instr (rf,r1,r2,r3) = ……… pipe_obs (rf,r1,r2,r3) = ………

  32. Overview • Background • Models and specifications • Correctness • Formal verification techniques • Extensions and higher-order functions • Conclusion

  33. What is correctness? n ? m

  34. What is correctness? • Often a preorder relationship: • Bisimulation (BISIM). • Simulation (SIM). • Flush-point correctness (FP).

  35. What is simulation? “m” is the implementation, “n” is the specification. There exists an R such that

  36. What is simulation? “m” is the implementation, “n” is the specification. There exists an R such that init m

  37. What is simulation? “m” is the implementation, “n” is the specification. There exists an R such that init m init n

  38. What is simulation? “m” is the implementation, “n” is the specification. There exists an R such that init m R init n

  39. What is simulation? “m” is the implementation, “n” is the specification. There exists an R such that next m i init m R R init n

  40. What is simulation? “m” is the implementation, “n” is the specification. There exists an R such that next m i init m R R init n next n i

  41. next m i R R next n i What is simulation? “m” is the implementation, “n” is the specification. There exists an R such that init m R init n

  42. next m i R R next n i What is simulation? “m” is the implementation, “n” is the specification. There exists an R such that init m R R init n

  43. next m i R R next n i What is simulation? “m” is the implementation, “n” is the specification. There exists an R such that obs m init m R R init n obs n

  44. What is simulation? • (m,n)SIM iff R. • ainit m, binit n. (a,b)R • (a,b)R, i, a’next m i a. b’next n i b and (a’,b’)R • (a,b)R. obs m a = obs n b

  45. What is bisimulation? “m” is the implementation, “n” is the specification. There exists an R such that, the same as before AND:

  46. What is bisimulation? “m” is the implementation, “n” is the specification. There exists an R such that, the same as before AND: init n

  47. What is bisimulation? “m” is the implementation, “n” is the specification. There exists an R such that, the same as before AND: init m init n

  48. What is bisimulation? “m” is the implementation, “n” is the specification. There exists an R such that, the same as before AND: init m R init n

  49. What is bisimulation? “m” is the implementation, “n” is the specification. There exists an R such that, the same as before AND: init m R R init n next n i

  50. What is bisimulation? “m” is the implementation, “n” is the specification. There exists an R such that, the same as before AND: next m i init m R R init n next n i

More Related