Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Reducing Verification Complexity of a Multicore Coherence Protocol Using Assume/Guarantee Xiaofang Chen 1, Yu Yang 1, Ganesh Gopalakrishnan 1, Ching-Tsun.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Reducing Verification Complexity of a Multicore Coherence Protocol Using Assume/Guarantee Xiaofang Chen 1, Yu Yang 1, Ganesh Gopalakrishnan 1, Ching-Tsun."— Presentation transcript:

1 1 Reducing Verification Complexity of a Multicore Coherence Protocol Using Assume/Guarantee Xiaofang Chen 1, Yu Yang 1, Ganesh Gopalakrishnan 1, Ching-Tsun Chou 2 1 University of Utah, 2 Intel Corporation

2 2 Hierarchical Cache Coherence Protocols Chip-level protocols Inter-cluster protocols Intra-cluster protocols dir mem dir mem …

3 3 Verification Challenges More complicated –More corner cases –More state space No public domain benchmarks

4 4 A Multicore Coherence Protocol RAC L2 Cache+Local Dir L1 Cache L1 Cache Global Dir Main Memory Home ClusterRemote Cluster 1Remote Cluster 2 RAC L2 Cache+Local Dir L1 Cache L1 Cache RAC L2 Cache+Local Dir L1 Cache L1 Cache

5 5 Protocol Features Modeling one address Both levels use MESI protocols –Level-1: Flash –Level-2: Dash Silent drop on non-Modified cache lines Network channels are non-FIFO

6 6 An Example Scenario Excl: 1 Home Cluster Remote Cluster 1Remote Cluster 2 Excl Invld dst 1 23 4.1 4.2 5 1 Req_Ex 2 Req_Ex 3 Fwd_ReqEx 4.1 Fwd_ReqEx 4.2 Silent-drop 5 NACK

7 7 Complexity of the Protocol Multiplicative effect of four protocols running concurrently Model check failed after 161,876,000 of states

8 8 Intuitively, We Want to … Compositional approach –Split a large protocol into several smaller ones –Verify correctness of smaller protocols –Using compositional methods to prove the correctness of the large protocol

9 9 For the 2-Level Protocol Build two simpler protocols M 1 and M 2 from M By model checking M 1 and M 2, we can conclude if M is coherent

10 10 Abstracted Protocol #1 RAC L2 Cache+Local Dir’ Global Dir Main Memory Home Cluster Remote Cluster 1Remote Cluster 2 RAC L2 Cache+Local Dir L1 Cache L1 Cache RAC L2 Cache+Local Dir’

11 11 Abstracted Protocol #2 RAC L2 Cache+Local Dir’ Global Dir Main Memory Home Cluster Remote Cluster 1 Remote Cluster 2 RAC L2 Cache+Local Dir L1 Cache L1 Cache RAC L2 Cache+Local Dir’

12 12 Methodology Abstraction –Simple projection Fixing real bugs in M Refinement –Counter-example guided refinement –Adding new verification obligations (VO)

13 13 Abstraction on States: Projection Intra-cluster details Inter-cluster details

14 14 Abstracting Transitions Rule-based system: guard  action; Abstraction = overapproximation –Relaxing guards –Relaxing expr values –Remove stmt –…

15 15 Example of Abstracting Transitions Procs[p].WbMsg.Cmd = WB_Wb → Procs[p].L2.Data := Procs[p].WbMsg.Data; Procs[p].L2.HeadPtr := L2; … true → Procs[p].L2.Data := d; …

16 16 Detecting Bugs in M When a real error is found in M i –Fix bug in M –Regenerate Mi’s –Iterate the process

17 17 Refinement When a bogus error found in M i –Analyze and find out problem rule g → a –Locate original rule in M G → A –Add new lemma in one abstracted protocol G => I –Strengthen rule into g Λ I → a

18 18 Home Cluster Remote Cluster 1 Remote Cluster 2 1 M1M1 1. False alarm found –Remote cluster-1 can modify its L2 line arbitrarily true → … Details of Refinement (I)

19 19 Home Cluster Remote Cluster 1 Remote Cluster 2 1 M1M1 2. Locate the original rule in M before abstraction –It is only enabled when the local dir receives a WB from an L1 cache Procs[p].WbMsg.Cmd = WB → … Details of Refinement (II)

20 20 Home Cluster Remote Cluster 1 Remote Cluster 2 1 M1M1 3. Strengthen problematic rule in 1. –Only when local dir is exclusive, could L2 modify its line 3 Procs[p].L2.State = Excl → … Details of Refinement (III)

21 21 Home Cluster Remote Cluster 1 Remote Cluster 2 1 M1M1 4. Why strengthening is sound? –Need to prove whenever local dir receives WB, L2 cache is exclusive –But how? 3 Details of Refinement (IV)

22 22 Home Cluster Remote Cluster 1 Remote Cluster 2 Home Cluster Remote Cluster 1 Remote Cluster 2 1 M1M1 M2M2 4. We can add a new VO (lemma) in M 2, Procs[p].WbMsg.Cmd = WB Procs[p].L2.State = Excl 3 4 Details of Refinement (V)

23 23 Experiment Results A real bug found 10 iterations of refinements –The size of each error trace is < 12 –One human/day of work

24 24 Soundness of the Approach Theorem –If M 1 and M 2 can be model checked correct w.r.t. the coherence property Ф in M, M must also be correct w.r.t Ф

25 25 Soundness Proof Temporal Induction –Initial states Each var has the same value in M, M 1 and M 2 Each newly added VO is checked in M 1 and M 2 Refinement is sound –Suppose soundness in state s –For every next state s’ of s, easy to prove Each var has the same value Refinement is sound

26 26 Reduction ProtocolNumber of states M > 161,876,000 M1M1 31,919,219 M2M2 78,689,678 64-bit Murphi, with 16GB of memory

27 27 More Reduction Another 2-level hierarchical cache coherence protocol ProtocolNumber of states M> 1,521,900,000 M1M1 234,478,105 M2M2 283,124,383

28 28 Conclusion Developed a 2-level hierarchical protocol Proposed a compositional approach –Abstraction –Bug fixing –Refinement Proved the soundness

29 29 Thank you!

30 30 Outline Background Benchmarks Abstraction Counter-example guided refinement Experiments Soundness Conclusion

Download ppt "1 Reducing Verification Complexity of a Multicore Coherence Protocol Using Assume/Guarantee Xiaofang Chen 1, Yu Yang 1, Ganesh Gopalakrishnan 1, Ching-Tsun."

Similar presentations

Functional Decompositions for Hardware Verification With a few speculations on formal methods for embedded systems Ken McMillan.

Functional Decompositions for Hardware Verification With a few speculations on formal methods for embedded systems Ken McMillan.
ABSTRACT Due to the Internets sheer size, complexity, and various routing policies, it is difficult if not impossible to locate the causes of large volumes.

ABSTRACT Due to the Internets sheer size, complexity, and various routing policies, it is difficult if not impossible to locate the causes of large volumes.
Implementation and Verification of a Cache Coherence protocol using Spin Steven Farago.

Implementation and Verification of a Cache Coherence protocol using Spin Steven Farago.
Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.

Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.
Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.

Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.
Hierarchical Cache Coherence Protocol Verification One Level at a Time through Assume Guarantee Xiaofang Chen, Yu Yang, Michael Delisi, Ganesh Gopalakrishnan.

Hierarchical Cache Coherence Protocol Verification One Level at a Time through Assume Guarantee Xiaofang Chen, Yu Yang, Michael Delisi, Ganesh Gopalakrishnan.
Department of Computer Sciences Revisiting the Complexity of Hardware Cache Coherence and Some Implications Rakesh Komuravelli Sarita Adve, Ching-Tsun.

Department of Computer Sciences Revisiting the Complexity of Hardware Cache Coherence and Some Implications Rakesh Komuravelli Sarita Adve, Ching-Tsun.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Model-based reasoning meets code verification Michael Butler 21 May 2014 WG 2.3 Meeting 55, Orlando.

Model-based reasoning meets code verification Michael Butler 21 May 2014 WG 2.3 Meeting 55, Orlando.
Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by SRC Contract.

Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by SRC Contract.
Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by Intel.

Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by Intel.
Compositional reasoning for Parameterized Verification Murali Talupur Joint work with Sava Krstic, John O’leary, Mark Tuttle.

Compositional reasoning for Parameterized Verification Murali Talupur Joint work with Sava Krstic, John O’leary, Mark Tuttle.
Model Checking : Making Automatic Formal Verification Scale Shaz Qadeer EECS Department University of California at Berkeley.

Model Checking : Making Automatic Formal Verification Scale Shaz Qadeer EECS Department University of California at Berkeley.
6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.

6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.
Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu

Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.
1 Scaling Formal Methods toward Hierarchical Protocols in Shared Memory Processors: Annual Review Presentation – April 2007 Presenters: Ganesh Gopalakrishnan.

1 Scaling Formal Methods toward Hierarchical Protocols in Shared Memory Processors: Annual Review Presentation – April 2007 Presenters: Ganesh Gopalakrishnan.
STARI: A Case Study in Compositional and Hierarchical Timing Verification Serdar Tasiran, Prof. Robert K. Brayton Department of Electrical Engineering.

STARI: A Case Study in Compositional and Hierarchical Timing Verification Serdar Tasiran, Prof. Robert K. Brayton Department of Electrical Engineering.
Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,

Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,
1 A Compositional Approach to Verifying Hierarchical Cache Coherence Protocols Xiaofang Chen 1 Yu Yang 1 Ganesh Gopalakrishnan 1 Ching-Tsun Chou 2 1 University.

1 A Compositional Approach to Verifying Hierarchical Cache Coherence Protocols Xiaofang Chen 1 Yu Yang 1 Ganesh Gopalakrishnan 1 Ching-Tsun Chou 2 1 University.

Similar presentations

Ads by Google