So many states, so little time: verifying memory coherence in the Cray X1

This paper investigates a complexity-effective technique for verifying a highly distributed directory-based cache coherence protocol. We develop a novel approach called "witness strings" that combines both formal and informal verification methods to expose design errors within the cache coherence protocol and its Verilog implementation. In this approach a formal execution trace is extracted during model checking of the architectural model and re-encoded to provide the input stimulus for a logic simulation of the corresponding Verilog implementation. This approach brings confidence to system architects that the logic implementation of the coherence protocol conforms to the architectural model. The feasibility of this approach is demonstrated by using it to verify the cache coherence protocol of the Cray X1. Using this approach we uncovered three architectural protocol errors and exposed several implementation errors by replaying the witness strings on the Verilog implementation.

[1]  Anoop Gupta,et al.  Memory consistency and event ordering in scalable shared-memory multiprocessors , 1990, ISCA '90.

[2]  Sérgio Vale Aguiar Campos,et al.  Symbolic Model Checking , 1993, CAV.

[3]  Corporate SPARC architecture manual - version 8 , 1992 .

[4]  Ásgeir Th. Eiríksson Integrating formal verification methods with a conventional project design flow , 1996, DAC '96.

[5]  David A. Patterson,et al.  Computer Architecture: A Quantitative Approach , 1969 .

[6]  David J. Lilja,et al.  A balanced approach to high-level verification: performance trade-offs in verifying large-scale multiprocessors , 2000, Proceedings 2000 International Conference on Parallel Processing.

[7]  Leslie Lamport,et al.  How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs , 2016, IEEE Transactions on Computers.

[8]  Michel Dubois,et al.  RPM: A Rapid Prototyping Engine for Multiprocessor Systems , 1995, Computer.

[9]  sgeir Th. Eir ksson Integrating Formal Verification Methods with A Conventional Project Design Flow , 1996 .

[10]  Adrian Moga,et al.  RAPID HARDWARE PROTOTYPING ON RPM-2: METHODOLOGY AND EXPERIENCE , 1998 .

[11]  Anoop Gupta,et al.  Design of scalable shared-memory multiprocessors: the DASH approach , 1990, Digest of Papers Compcon Spring '90. Thirty-Fifth IEEE Computer Society International Conference on Intellectual Leverage.

[12]  Kenneth L. McMillan,et al.  The SMV System , 1993 .

[13]  Paul Feautrier,et al.  A New Solution to Coherence Problems in Multicache Systems , 1978, IEEE Transactions on Computers.

[14]  Mark D. Hill,et al.  Using Lamport clocks to reason about relaxed memory models , 1999, Proceedings Fifth International Symposium on High-Performance Computer Architecture.

[15]  Michel Dubois,et al.  Design Verification of the S3.mp Cache-Coherent Shared-Memory System , 1998, IEEE Trans. Computers.

[16]  Michel Dubois,et al.  Formal verification of complex coherence protocols using symbolic state models , 1998, JACM.

[17]  Alan J. Hu,et al.  Protocol verification as a hardware design aid , 1992, Proceedings 1992 IEEE International Conference on Computer Design: VLSI in Computers & Processors.

[18]  Mark D. Hill,et al.  Lamport clocks: verifying a directory cache-coherence protocol , 1998, SPAA '98.

[19]  Anoop Gupta,et al.  Parallel computer architecture - a hardware / software approach , 1998 .

[20]  John S. Keen,et al.  Origin system design methodology and experience: 1M-gate ASICs and beyond , 1997, Proceedings IEEE COMPCON 97. Digest of Papers.

[21]  Daniel E. Lenoski,et al.  Scalable Shared-Memory Multiprocessing , 1995 .

[22]  D. Lenoski,et al.  The SGI Origin: A ccnuma Highly Scalable Server , 1997, Conference Proceedings. The 24th Annual International Symposium on Computer Architecture.

[23]  Mike Roberts,et al.  Verifying large-scale multiprocessors using an abstract verification environment , 1999, DAC '99.