Abstract
We combine compositional reasoning and reachability analysis to formally verify the safety of a recent cache coherence protocol. The protocol is a detailed implementation of token coherence, an approach that decouples correctness and performance. First, we present a formal and abstract specification that captures the safety substrate of token coherence, and highlights the symmetry in states of the cache controllers and contents of the messages they exchange. Then, we prove that this abstract specification is coherent, and check whether the implementation proposed by the protocol designers is a refinement of the abstract specification. Our refinement proof is parametric in the number of cache controllers, and is compositional as it reduces the refinement checks to individual controllers using a specialized form of assume-guarantee reasoning. The individual refinement obligations are discharged using refinement maps and reachability analysis. While the formal proof justifies the intuitive claim by the designers about the ease of verifiability of token coherence, we report on several bugs in the implementation, and accompanying modifications, that were missed by extensive prior simulations.
This research was partially supported by the NSF award CCR0306382, and a donation from Intel Corporation.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Abadi, M., Lamport, L.: Conjoining specifications. ACM Transactions on Programming Languages and Systems 17(3), 507–535 (1995)
Alur, R., Henzinger, T.A.: Reactive modules. In: Proceedings of the 11th Annual IEEE Symposium on Logic in Computer Science, p. 207. IEEE Computer Society, Los Alamitos (1996)
Alur, R., Wang, B.: Verifying network protocol implementations by symbolic refinement checking. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, p. 169. Springer, Heidelberg (2001)
Arons, T., Pnueli, A., Ruah, S., Xu, J., Zuck, L.D.: Parameterized verification with automatically computed inductive assertions. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 221–234. Springer, Heidelberg (2001)
Arvind, Shen, X.: Using term rewriting systems to design and verify processors. IEEE Micro 19(3), 36–46 (1999)
Berry, G., Boudol, G.: The chemical abstract machine. Theoretical Computer Science 96(1), 217–248 (1992)
Burckhardt, S., et al.: Verifying safety of a token coherence implementation by parametric compositional refinement: Extended version (2004), http://www.seas.upenn.edu/~sburckha/token/
Chandy, K.M., Misra, J.: Parallel program design: a foundation. Addison-Wesley Longman Publishing Co., Inc., Amsterdam (1988)
Clarke, E.M., Grumberg, O., Jha, S.: Verifying parameterized networks. ACM Trans. Program. Lang. Syst. 19(5), 726–750 (1997)
Delzanno, G.: Automatic verification of parameterized cache coherence protocols. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 53–68. Springer, Heidelberg (2000)
Dill, D.L.: The murphi verification system. In: Proceedings of the 8th International Conference on Computer Aided Verification, pp. 390–393. Springer, Heidelberg (1996)
Dill, D.L., Drexler, A.J., Hu, A.J., Yang, C.H.: Protocol verification as a hardware design aid. In: International Conference on Computer Design, pp. 522–525 (1992)
Emerson, E.A., Kahlon, V.: Reducing model checking of the many to the few. In: Conference on Automated Deduction, pp. 236–254 (2000)
German, S.M.: Formal design of cache memory protocols in IBM. Formal Methods in System Design 22(2), 133–141 (2003)
German, S.M., Sistla, A.P.: Reasoning about systems with many processes. J. ACM 39(3), 675–735 (1992)
Holzmann, G.J.: Algorithms for automated protocol verification. AT&T Tech. J. (January/February 1990)
Kesten, Y., Pnueli, A.: Control and data abstraction: The cornerstones of practical formal verification. International Journal on Software Tools for Technology Transfer 2(4), 328–342 (2000)
Kurshan, R.P.: Computer-aided verification of coordinating processes: the automata-theoretic approach. Princeton University Press, Princeton (1994)
Kurshan, R.P., McMillan, K.: A structural induction theorem for processes. In: Proceedings of the Eighth Annual ACM Symposium on Principles of Distributed Computing, pp. 239–247. ACM Press, New York (1989)
Martin, M.M.K.: Token Coherence. PhD thesis, University of Wisconsin-Madison (2003)
Martin, M.M.K., et al.: Protocol specifications and tables for four comparable MOESI coherence protocols: Token coherence, directory, snooping, and hammer (2003), http://www.cs.wisc.edu/multifacet/theses/milo_martin_phd/
Martin, M.M.K., Hill, M.D., Wood, D.A.: Token coherence: decoupling performance and correctness. In: Proceedings of the 30th Annual International Symposium on Computer Architecture, pp. 182–193. ACM Press, New York (2003)
McMillan, K., Schwalbe, J.: Formal verification of the Encore Gigamax cache consistency protocol. In: Proceedings of the International Symposium on Shared Memory Multiprocessing, Tokyo, Japan, pp. 242–251 (1991)
McMillan, K.L.: A compositional rule for hardware design refinement. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 24–35. Springer, Heidelberg (1997)
McMillan, K.L.: Verification of an implementation of tomasulo’s algorithm by compositional model checking. In: Hu, A.J., Vardi, M.Y. (eds.) CAV 1998. LNCS, vol. 1427, pp. 110–121. Springer, Heidelberg (1998)
Milner, R.: Communicating and Mobile Systems: the π-Calculus. Cambridge University Press, Cambridge (1999)
Park, S., Dill, D.L.: Verification of FLASH cache coherence protocol by aggregation of distributed transactions. In: Proceedings of the Eighth Annual ACM Symposium on Parallel Algorithms and Architectures, pp. 288–296. ACM Press, New York (1996)
Pong, F., Dubois, M.: Verification techniques for cache coherence protocols. ACM Computing Surveys 29(1), 82–126 (1997)
Ponse, A., Smolka, S.A., Bergstra, J.A.: Handbook of Process Algebra. Elsevier Science Inc., Amsterdam (2001)
Sorin, D.J., Plakal, M., Condon, A.E., Hill, M.D., Martin, M.M.K., Wood, D.A.: Specifying and verifying a broadcast and a multicast snooping cache coherence protocol. IEEE Transactions on Parallel and Distributed Systems 13(6), 556–578 (2002)
Sweazey, P., Smith, A.J.: A class of compatible cache consistency protocols and their support by the IEEE futurebus. In: Proceedings of the 13th Annual International Symposium on Computer Architecture, pp. 414–423. IEEE Computer Society Press, Los Alamitos (1986)
Wolper, P.: Expressing interesting properties of programs in propositional temporal logic. In: Proceedings of the 13th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pp. 184–193. ACM Press, New York (1986)
Wood, D.A., Gibson, G.A., Katz, R.H.: Verifying a multiprocessor cache controller using random test generation. IEEE Design & Test 7(4), 13–25 (1990)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Burckhardt, S., Alur, R., Martin, M.M.K. (2005). Verifying Safety of a Token Coherence Implementation by Parametric Compositional Refinement. In: Cousot, R. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2005. Lecture Notes in Computer Science, vol 3385. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30579-8_9
Download citation
DOI: https://doi.org/10.1007/978-3-540-30579-8_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24297-0
Online ISBN: 978-3-540-30579-8
eBook Packages: Computer ScienceComputer Science (R0)