Skip to main content

Verifying Safety of a Token Coherence Implementation by Parametric Compositional Refinement

  • Conference paper
Verification, Model Checking, and Abstract Interpretation (VMCAI 2005)

Abstract

We combine compositional reasoning and reachability analysis to formally verify the safety of a recent cache coherence protocol. The protocol is a detailed implementation of token coherence, an approach that decouples correctness and performance. First, we present a formal and abstract specification that captures the safety substrate of token coherence, and highlights the symmetry in states of the cache controllers and contents of the messages they exchange. Then, we prove that this abstract specification is coherent, and check whether the implementation proposed by the protocol designers is a refinement of the abstract specification. Our refinement proof is parametric in the number of cache controllers, and is compositional as it reduces the refinement checks to individual controllers using a specialized form of assume-guarantee reasoning. The individual refinement obligations are discharged using refinement maps and reachability analysis. While the formal proof justifies the intuitive claim by the designers about the ease of verifiability of token coherence, we report on several bugs in the implementation, and accompanying modifications, that were missed by extensive prior simulations.

This research was partially supported by the NSF award CCR0306382, and a donation from Intel Corporation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Abadi, M., Lamport, L.: Conjoining specifications. ACM Transactions on Programming Languages and Systems 17(3), 507–535 (1995)

    Article  Google Scholar 

  2. Alur, R., Henzinger, T.A.: Reactive modules. In: Proceedings of the 11th Annual IEEE Symposium on Logic in Computer Science, p. 207. IEEE Computer Society, Los Alamitos (1996)

    Chapter  Google Scholar 

  3. Alur, R., Wang, B.: Verifying network protocol implementations by symbolic refinement checking. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, p. 169. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  4. Arons, T., Pnueli, A., Ruah, S., Xu, J., Zuck, L.D.: Parameterized verification with automatically computed inductive assertions. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 221–234. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  5. Arvind, Shen, X.: Using term rewriting systems to design and verify processors. IEEE Micro 19(3), 36–46 (1999)

    Article  Google Scholar 

  6. Berry, G., Boudol, G.: The chemical abstract machine. Theoretical Computer Science 96(1), 217–248 (1992)

    Article  MATH  MathSciNet  Google Scholar 

  7. Burckhardt, S., et al.: Verifying safety of a token coherence implementation by parametric compositional refinement: Extended version (2004), http://www.seas.upenn.edu/~sburckha/token/

  8. Chandy, K.M., Misra, J.: Parallel program design: a foundation. Addison-Wesley Longman Publishing Co., Inc., Amsterdam (1988)

    Google Scholar 

  9. Clarke, E.M., Grumberg, O., Jha, S.: Verifying parameterized networks. ACM Trans. Program. Lang. Syst. 19(5), 726–750 (1997)

    Article  Google Scholar 

  10. Delzanno, G.: Automatic verification of parameterized cache coherence protocols. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 53–68. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  11. Dill, D.L.: The murphi verification system. In: Proceedings of the 8th International Conference on Computer Aided Verification, pp. 390–393. Springer, Heidelberg (1996)

    Google Scholar 

  12. Dill, D.L., Drexler, A.J., Hu, A.J., Yang, C.H.: Protocol verification as a hardware design aid. In: International Conference on Computer Design, pp. 522–525 (1992)

    Google Scholar 

  13. Emerson, E.A., Kahlon, V.: Reducing model checking of the many to the few. In: Conference on Automated Deduction, pp. 236–254 (2000)

    Google Scholar 

  14. German, S.M.: Formal design of cache memory protocols in IBM. Formal Methods in System Design 22(2), 133–141 (2003)

    Article  MATH  Google Scholar 

  15. German, S.M., Sistla, A.P.: Reasoning about systems with many processes. J. ACM 39(3), 675–735 (1992)

    Article  MATH  MathSciNet  Google Scholar 

  16. Holzmann, G.J.: Algorithms for automated protocol verification. AT&T Tech. J. (January/February 1990)

    Google Scholar 

  17. Kesten, Y., Pnueli, A.: Control and data abstraction: The cornerstones of practical formal verification. International Journal on Software Tools for Technology Transfer 2(4), 328–342 (2000)

    Article  MATH  Google Scholar 

  18. Kurshan, R.P.: Computer-aided verification of coordinating processes: the automata-theoretic approach. Princeton University Press, Princeton (1994)

    Google Scholar 

  19. Kurshan, R.P., McMillan, K.: A structural induction theorem for processes. In: Proceedings of the Eighth Annual ACM Symposium on Principles of Distributed Computing, pp. 239–247. ACM Press, New York (1989)

    Chapter  Google Scholar 

  20. Martin, M.M.K.: Token Coherence. PhD thesis, University of Wisconsin-Madison (2003)

    Google Scholar 

  21. Martin, M.M.K., et al.: Protocol specifications and tables for four comparable MOESI coherence protocols: Token coherence, directory, snooping, and hammer (2003), http://www.cs.wisc.edu/multifacet/theses/milo_martin_phd/

  22. Martin, M.M.K., Hill, M.D., Wood, D.A.: Token coherence: decoupling performance and correctness. In: Proceedings of the 30th Annual International Symposium on Computer Architecture, pp. 182–193. ACM Press, New York (2003)

    Google Scholar 

  23. McMillan, K., Schwalbe, J.: Formal verification of the Encore Gigamax cache consistency protocol. In: Proceedings of the International Symposium on Shared Memory Multiprocessing, Tokyo, Japan, pp. 242–251 (1991)

    Google Scholar 

  24. McMillan, K.L.: A compositional rule for hardware design refinement. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 24–35. Springer, Heidelberg (1997)

    Google Scholar 

  25. McMillan, K.L.: Verification of an implementation of tomasulo’s algorithm by compositional model checking. In: Hu, A.J., Vardi, M.Y. (eds.) CAV 1998. LNCS, vol. 1427, pp. 110–121. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  26. Milner, R.: Communicating and Mobile Systems: the π-Calculus. Cambridge University Press, Cambridge (1999)

    Google Scholar 

  27. Park, S., Dill, D.L.: Verification of FLASH cache coherence protocol by aggregation of distributed transactions. In: Proceedings of the Eighth Annual ACM Symposium on Parallel Algorithms and Architectures, pp. 288–296. ACM Press, New York (1996)

    Chapter  Google Scholar 

  28. Pong, F., Dubois, M.: Verification techniques for cache coherence protocols. ACM Computing Surveys 29(1), 82–126 (1997)

    Article  Google Scholar 

  29. Ponse, A., Smolka, S.A., Bergstra, J.A.: Handbook of Process Algebra. Elsevier Science Inc., Amsterdam (2001)

    MATH  Google Scholar 

  30. Sorin, D.J., Plakal, M., Condon, A.E., Hill, M.D., Martin, M.M.K., Wood, D.A.: Specifying and verifying a broadcast and a multicast snooping cache coherence protocol. IEEE Transactions on Parallel and Distributed Systems 13(6), 556–578 (2002)

    Article  Google Scholar 

  31. Sweazey, P., Smith, A.J.: A class of compatible cache consistency protocols and their support by the IEEE futurebus. In: Proceedings of the 13th Annual International Symposium on Computer Architecture, pp. 414–423. IEEE Computer Society Press, Los Alamitos (1986)

    Google Scholar 

  32. Wolper, P.: Expressing interesting properties of programs in propositional temporal logic. In: Proceedings of the 13th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pp. 184–193. ACM Press, New York (1986)

    Chapter  Google Scholar 

  33. Wood, D.A., Gibson, G.A., Katz, R.H.: Verifying a multiprocessor cache controller using random test generation. IEEE Design & Test 7(4), 13–25 (1990)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Burckhardt, S., Alur, R., Martin, M.M.K. (2005). Verifying Safety of a Token Coherence Implementation by Parametric Compositional Refinement. In: Cousot, R. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2005. Lecture Notes in Computer Science, vol 3385. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30579-8_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30579-8_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24297-0

  • Online ISBN: 978-3-540-30579-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics