1. Technical Field
The invention relates generally to debugging a computer program. More specifically, this invention relates to the real-time verification that an implementation of a computer conforms to a given computer architecture.
2. Related Art
The design of a computer architecture implementation must conform to the given computer architecture it will support. This computer architecture defines high-level requirements and features such as the computer's instruction set and alternatives for virtual memory management and cache management. The particular implementation of the computer architecture includes features which are not specified by the computer architecture such as parallelism, pipelining, concurrency, execution order, and response to asynchronous events.
Typically, design verification techniques have modeled the computer architecture with a software simulator. This software simulator, defined as an architectural model, is capable of implementing the high-level requirements of the architecture referred to above. However, it does not model implementation specifics such as a processor pipeline or asynchronous behavior. The designing of an implementation of a computer architecture includes the development of a behavioral model of that implementation which models these details.
Design verification is the process of verifying that the behavioral model is architecturally correct, i.e., the behavioral model's implementation does indeed conform to the requirements of the computer architecture. This is accomplished by comparing the results of simulations using the behavioral model with simulations using the architectural model. In cases where the behavioral model results have different characteristics than the architectural model's, a translator is used to place the behavioral model's results in a form comparable to the architectural model's results so that a comparison may be performed.
Conventional methods of design verification have typically used both an architectural model and a behavioral model, extracting instruction traces from each simulation model, and, after simulation, verifying that the traces agree. When this method is utilized in a pipelined implementation, a depiper has been used to convert the pipelined execution trace of the behavioral model into the instruction trace of the architectural model.
This technique suffers from several difficulties. First, asynchronous events in the implementation modeled by the behavioral model (for example, interrupts) may cause differences in the two traces which are not errors.
Second, once an error has been identified, it may take a considerable amount of time to correct it. If the verification process is continued, these known errors in the behavioral model may mask errors occurring later in the simulation. In some implementations, the architectural model is temporarily modified to mimic the behavioral model's incorrect behavior in these cases so that the trace produced by the architectural model, though incorrect, will match the behavioral model implementation's trace up to the point of a later error. However, the architectural model does not have access to all the implementation details which reside in the behavioral model. It therefore cannot properly compensate for all classes of errors, since some errors depend on information which is not available to the architectural model. For example, if a known error is dependent on the state of the behavioral model implementation's pipeline, the architectural model would not be able to mimic the incorrect behavior and subsequent errors cannot be located until the first error is fixed in the behavior model. This increases the amount of experienced labor required to perform error identification.
Fourth, this technique places a great demand in computer storage space for the traces. Each trace from both models was typically taken and stored. Since each trace can be large in size, this limited the amount of traces that can be saved. This in turn limited the amount of verification that can take place during any single simulation.
Lastly, in the conventional techniques, a simulation could not be halted prior to completion to identify an error. If an error occurred early in the simulation, significant simulation time may be wasted as the simulation needlessly ran to completion.
What is needed is a computer implementation verification technique that will compensate for the occurrence of asynchronous events in the behavioral model in real-time and continue the simulation until an error is encountered. Since some problems may take days or weeks to correct, the verification technique must also be able to compensate for known errors in the behavioral model in a short period of time in order to prevent having to wait until each problem is corrected before testing can continue.