Formal verification of pipelined processors with load-value prediction

The formal verification of pipelined processors with load-value prediction is studied. The formal verification is done by abstractions with the logic of equality with uninterpreted functions and memories (EUFM), using an automatic tool flow. Applying special abstractions in previous work had resulted in EUFM correctness formulas where most of the terms (abstract word-level values) appear in only positive equations (equality comparisons) or as arguments of uninterpreted functions and uninterpreted predicates, allowing us to treat such terms as distinct constants - a property we call positive equality. That property resulted in orders of magnitude speedup. However, the mechanism for correcting load-value mispredictions introduces both positive and negated equations between the actual and predicted load values, thus reducing significantly the potential for exploiting positive equality. The contributions of the paper are: 1) modeling and formal verification of a pipelined processor with load-value prediction and a fully implemented mechanism for correcting load-value mispredictions, and comparison with the formal verification of a variant of the design where the load values are not predicted, such that the data hazards are avoided by stalling the dependent instruction; and 2) a way to abstract the mechanism for detecting load-value mispredictions, thus allowing the use of positive equality, at the cost of enriching the specification processor with the abstracted mechanism for detecting load-value mispredictions.