1 Reducing Verification Complexity of a Multicore Coherence Protocol Using Assume/Guarantee Xiaofang Chen 1, Yu Yang 1, Ganesh Gopalakrishnan 1, Ching-Tsun.

Slides:



Advertisements
Similar presentations
Functional Decompositions for Hardware Verification With a few speculations on formal methods for embedded systems Ken McMillan.
Advertisements

ABSTRACT Due to the Internets sheer size, complexity, and various routing policies, it is difficult if not impossible to locate the causes of large volumes.
Implementation and Verification of a Cache Coherence protocol using Spin Steven Farago.
Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.
Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.
Hierarchical Cache Coherence Protocol Verification One Level at a Time through Assume Guarantee Xiaofang Chen, Yu Yang, Michael Delisi, Ganesh Gopalakrishnan.
Department of Computer Sciences Revisiting the Complexity of Hardware Cache Coherence and Some Implications Rakesh Komuravelli Sarita Adve, Ching-Tsun.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Model-based reasoning meets code verification Michael Butler 21 May 2014 WG 2.3 Meeting 55, Orlando.
Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by SRC Contract.
Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by Intel.
Compositional reasoning for Parameterized Verification Murali Talupur Joint work with Sava Krstic, John O’leary, Mark Tuttle.
Model Checking : Making Automatic Formal Verification Scale Shaz Qadeer EECS Department University of California at Berkeley.
6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.
Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.
1 Scaling Formal Methods toward Hierarchical Protocols in Shared Memory Processors: Annual Review Presentation – April 2007 Presenters: Ganesh Gopalakrishnan.
STARI: A Case Study in Compositional and Hierarchical Timing Verification Serdar Tasiran, Prof. Robert K. Brayton Department of Electrical Engineering.
Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,
1 A Compositional Approach to Verifying Hierarchical Cache Coherence Protocols Xiaofang Chen 1 Yu Yang 1 Ganesh Gopalakrishnan 1 Ching-Tsun Chou 2 1 University.
Abstractions. Outline Informal intuition Why do we need abstraction? What is an abstraction and what is not an abstraction A framework for abstractions.
Formalizing Alpha: Soundness and Completeness Bram van Heuveln Dept. of Cognitive Science RPI.
Thread-modular Abstraction Refinement Tom Henzinger Ranjit Jhala Rupak Majumdar [UC Berkeley] Shaz Qadeer [Microsoft Research]
Synergy: A New Algorithm for Property Checking
Verification of Hierarchical Cache Coherence Protocols for Future Processors Student: Xiaofang Chen Advisor: Ganesh Gopalakrishnan.
Scaling Formal Methods toward Hierarchical Protocols in Shared Memory Processors Intel SRC Customization Award 2005-TJ-1318 Ganesh Gopalakrishnan* School.
Transaction Ordering Verification using Trace Inclusion Refinement Mike Jones 11 January 2000.
1 Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Joint work with Xiaofang Chen (PhD student) Ching-Tsun Chou (Intel Corporation,
Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,
Utah Verifier Group Research Overview Robert Palmer.
Counterexample Guided Invariant Discovery for Parameterized Cache Coherence Verification Sudhindra Pandav Konrad Slind Ganesh Gopalakrishnan.
Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by SRC Contract.
Slide 0 FMCAD 2004 A Simple Method for Parameterized Verification of Cache Coherence Protocols Ching-Tsun Chou Phanindra K. Mannava Seungjoon Park Microprocessor.
Formal verification Marco A. Peña Universitat Politècnica de Catalunya.
Dynamic Runtime Testing for Cycle-Accurate Simulators Saša Tomić, Adrián Cristal, Osman Unsal, Mateo Valero Barcelona Supercomputing Center (BSC) Universitat.
By D. Beyer et. al. Simon Fraser University (Spring 09) Presentation By: Pashootan Vaezipoor.
A Simple Method for Extracting Models from Protocol Code David Lie, Andy Chou, Dawson Engler and David Dill Computer Systems Laboratory Stanford University.
Lifecycle Verification of the NASA Ames K9 Rover Executive Dimitra Giannakopoulou Mike Lowry Corina Păsăreanu Rich Washington.
1 Automatic Non-interference Lemmas for Parameterized Model Checking Jesse Bingham, Intel DEG FMCAD 2008.
The supercompiler SCP 4 verification. Alexei P. Lisitsa The University of Liverpool. Andrei P. Nemytykh Program System Institute, Russian Academy of Sciences.
B. Fernández, D. Darvas, E. Blanco Formal methods appliedto PLC code verification Automation seminar CERN – IFAC (CEA) 02/06/2014.
Yang Liu, Jun Sun and Jin Song Dong School of Computing National University of Singapore.
On Reducing the Global State Graph for Verification of Distributed Computations Vijay K. Garg, Arindam Chakraborty Parallel and Distributed Systems Laboratory.
Logical Reasoning:Proof Prove the theorem using the basic axioms of algebra.
Ronny Krashinsky Erik Machnicki Software Cache Coherent Shared Memory under Split-C.
Going with the Flow Parameterized Verification using Message Flows Murali Talupur & Mark Tuttle SCL, Intel Corporation.
Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL
HARD: Hardware-Assisted lockset- based Race Detection P.Zhou, R.Teodorescu, Y.Zhou. HPCA’07 Shimin Chen LBA Reading Group Presentation.
SAT-Based Model Checking Without Unrolling Aaron R. Bradley.
Synergy: A New Algorithm for Property Checking Bhargav S. Gulavani (IIT Bombay)‏ Yamini Kannan (Microsoft Research India)‏ Thomas A. Henzinger (EPFL)‏
Parosh Aziz Abdulla 1, Mohamed Faouzi Atig 1, Zeinab Ganjei 2, Ahmed Rezine 2 and Yunyun Zhu 1 1. Uppsala University, Sweden 2. Linköping University, Sweden.
Automated Formal Verification of PLC (Programmable Logic Controller) Programs
/ PSWLAB Thread Modular Model Checking by Cormac Flanagan and Shaz Qadeer (published in Spin’03) Hong,Shin Thread Modular Model.
A Calculus of Atomic Actions Tayfun Elmas, Shaz Qadeer and Serdar Tasiran POPL ‘ – Seminar in Distributed Algorithms Cynthia Disenfeld 27/05/2013.
September 1999Compaq Computer CorporationSlide 1 of 16 Verification of cache-coherence protocols with TLA+ Homayoon Akhiani, Damien Doligez, Paul Harter,
Gauss Students’ Views on Multicore Processors Group members: Yu Yang (presenter), Xiaofang Chen, Subodh Sharma, Sarvani Vakkalanka, Anh Vo, Michael DeLisi,
Compositional Verification part II Dimitra Giannakopoulou and Corina Păsăreanu CMU / NASA Ames Research Center.
Verifying Component Substitutability Nishant Sinha Sagar Chaki Edmund Clarke Natasha Sharygina Carnegie Mellon University.
Symbolic Model Checking of Software Nishant Sinha with Edmund Clarke, Flavio Lerda, Michael Theobald Carnegie Mellon University.
1 Lecture 8: Snooping and Directory Protocols Topics: 4/5-state snooping protocols, split-transaction implementation details, directory implementations.
Xiaofang Chen1 Yu Yang1 Ganesh Gopalakrishnan1 Ching-Tsun Chou2
Opeoluwa Matthews, Jesse Bingham, Daniel Sorin
Michael D. Jones, Ganesh Gopalakrishnan
Automating Induction for Solving Horn Clauses
Property Directed Reachability with Word-Level Abstraction
Over-Approximating Boolean Programs with Unbounded Thread Creation
Automated Extraction of Inductive Invariants to Aid Model Checking
Using Formal Coverage Analyzer for Code Coverage improvement
CSCI1600: Embedded and Real Time Software
Predicate Abstraction
Presentation transcript:

1 Reducing Verification Complexity of a Multicore Coherence Protocol Using Assume/Guarantee Xiaofang Chen 1, Yu Yang 1, Ganesh Gopalakrishnan 1, Ching-Tsun Chou 2 1 University of Utah, 2 Intel Corporation

2 Hierarchical Cache Coherence Protocols Chip-level protocols Inter-cluster protocols Intra-cluster protocols dir mem dir mem …

3 Verification Challenges More complicated –More corner cases –More state space No public domain benchmarks

4 A Multicore Coherence Protocol RAC L2 Cache+Local Dir L1 Cache L1 Cache Global Dir Main Memory Home ClusterRemote Cluster 1Remote Cluster 2 RAC L2 Cache+Local Dir L1 Cache L1 Cache RAC L2 Cache+Local Dir L1 Cache L1 Cache

5 Protocol Features Modeling one address Both levels use MESI protocols –Level-1: Flash –Level-2: Dash Silent drop on non-Modified cache lines Network channels are non-FIFO

6 An Example Scenario Excl: 1 Home Cluster Remote Cluster 1Remote Cluster 2 Excl Invld dst Req_Ex 2 Req_Ex 3 Fwd_ReqEx 4.1 Fwd_ReqEx 4.2 Silent-drop 5 NACK

7 Complexity of the Protocol Multiplicative effect of four protocols running concurrently Model check failed after 161,876,000 of states

8 Intuitively, We Want to … Compositional approach –Split a large protocol into several smaller ones –Verify correctness of smaller protocols –Using compositional methods to prove the correctness of the large protocol

9 For the 2-Level Protocol Build two simpler protocols M 1 and M 2 from M By model checking M 1 and M 2, we can conclude if M is coherent

10 Abstracted Protocol #1 RAC L2 Cache+Local Dir’ Global Dir Main Memory Home Cluster Remote Cluster 1Remote Cluster 2 RAC L2 Cache+Local Dir L1 Cache L1 Cache RAC L2 Cache+Local Dir’

11 Abstracted Protocol #2 RAC L2 Cache+Local Dir’ Global Dir Main Memory Home Cluster Remote Cluster 1 Remote Cluster 2 RAC L2 Cache+Local Dir L1 Cache L1 Cache RAC L2 Cache+Local Dir’

12 Methodology Abstraction –Simple projection Fixing real bugs in M Refinement –Counter-example guided refinement –Adding new verification obligations (VO)

13 Abstraction on States: Projection Intra-cluster details Inter-cluster details

14 Abstracting Transitions Rule-based system: guard  action; Abstraction = overapproximation –Relaxing guards –Relaxing expr values –Remove stmt –…

15 Example of Abstracting Transitions Procs[p].WbMsg.Cmd = WB_Wb → Procs[p].L2.Data := Procs[p].WbMsg.Data; Procs[p].L2.HeadPtr := L2; … true → Procs[p].L2.Data := d; …

16 Detecting Bugs in M When a real error is found in M i –Fix bug in M –Regenerate Mi’s –Iterate the process

17 Refinement When a bogus error found in M i –Analyze and find out problem rule g → a –Locate original rule in M G → A –Add new lemma in one abstracted protocol G => I –Strengthen rule into g Λ I → a

18 Home Cluster Remote Cluster 1 Remote Cluster 2 1 M1M1 1. False alarm found –Remote cluster-1 can modify its L2 line arbitrarily true → … Details of Refinement (I)

19 Home Cluster Remote Cluster 1 Remote Cluster 2 1 M1M1 2. Locate the original rule in M before abstraction –It is only enabled when the local dir receives a WB from an L1 cache Procs[p].WbMsg.Cmd = WB → … Details of Refinement (II)

20 Home Cluster Remote Cluster 1 Remote Cluster 2 1 M1M1 3. Strengthen problematic rule in 1. –Only when local dir is exclusive, could L2 modify its line 3 Procs[p].L2.State = Excl → … Details of Refinement (III)

21 Home Cluster Remote Cluster 1 Remote Cluster 2 1 M1M1 4. Why strengthening is sound? –Need to prove whenever local dir receives WB, L2 cache is exclusive –But how? 3 Details of Refinement (IV)

22 Home Cluster Remote Cluster 1 Remote Cluster 2 Home Cluster Remote Cluster 1 Remote Cluster 2 1 M1M1 M2M2 4. We can add a new VO (lemma) in M 2, Procs[p].WbMsg.Cmd = WB Procs[p].L2.State = Excl 3 4 Details of Refinement (V)

23 Experiment Results A real bug found 10 iterations of refinements –The size of each error trace is < 12 –One human/day of work

24 Soundness of the Approach Theorem –If M 1 and M 2 can be model checked correct w.r.t. the coherence property Ф in M, M must also be correct w.r.t Ф

25 Soundness Proof Temporal Induction –Initial states Each var has the same value in M, M 1 and M 2 Each newly added VO is checked in M 1 and M 2 Refinement is sound –Suppose soundness in state s –For every next state s’ of s, easy to prove Each var has the same value Refinement is sound

26 Reduction ProtocolNumber of states M > 161,876,000 M1M1 31,919,219 M2M2 78,689, bit Murphi, with 16GB of memory

27 More Reduction Another 2-level hierarchical cache coherence protocol ProtocolNumber of states M> 1,521,900,000 M1M1 234,478,105 M2M2 283,124,383

28 Conclusion Developed a 2-level hierarchical protocol Proposed a compositional approach –Abstraction –Bug fixing –Refinement Proved the soundness

29 Thank you!

30 Outline Background Benchmarks Abstraction Counter-example guided refinement Experiments Soundness Conclusion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.