Efficient methods for formally verifying safety properties of hierarchical cache coherence protocols

Multicore architectures are considered inevitable, given that sequential processing hardware has hit various limits. Unfortunately, the memory system of multicore processors is a huge bottleneck. To combat this problem, one needs to design aggressively optimized cache coherence protocols. This introduces the design correctness problem for advanced cache coherence protocols which will be hierarchically organized for scalable designs. Experiences show that monolithic formal verification will not scale to hierarchical designs. Hence, one needs to handle the complexity of several coherence protocols running concurrently, i.e. hierarchical protocols, using compositional techniques.To solve the problem, we develop a family of compositional approaches all based on assume-guarantee reasoning to reducing the verification complexity. We show that for the three hierarchical protocols with certain realistic features that we developed for multiple chip-multiprocessors, more than a 20-fold improvement in terms of the number of states visited can be achieved. Also, to avoid false alarms wasting designer time, we have developed an error trace justification method to eliminate false alarms using heuristics that also capitalize on our assume-guarantee approaches. Our techniques need no special tool support. They can be carried out using the widely used Murphi model checker along with support tools for abstraction and error trace justification that we have built.

[1]  Mark R. Tuttle,et al.  Going with the Flow: Parameterized Verification Using Message Flows , 2008, 2008 Formal Methods in Computer-Aided Design.

[2]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[3]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[4]  David Gao,et al.  System design methodology of ultraSPARC-I , 1995, DAC '95.

[5]  Yu Yang,et al.  Hierarchical cache coherence protocol verification one level at a time through assume guarantee , 2007, 2007 IEEE International High Level Design Validation and Test Workshop.

[6]  Alan J. Hu,et al.  Protocol verification as a hardware design aid , 1992, Proceedings 1992 IEEE International Conference on Computer Design: VLSI in Computers & Processors.

[7]  R. BurchJ.,et al.  Symbolic model checking , 1992 .

[8]  K. Mani Chandy,et al.  Parallel program design - a foundation , 1988 .

[9]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[10]  Anoop Gupta,et al.  The directory-based cache coherence protocol for the DASH multiprocessor , 1990, ISCA '90.

[11]  Alan J. Hu,et al.  Improving multiple-CMP systems using token coherence , 2005, 11th International Symposium on High-Performance Computer Architecture.

[12]  Sérgio Vale Aguiar Campos,et al.  Symbolic Model Checking , 1993, CAV.

[13]  Janak H. Patel,et al.  A low-overhead coherence solution for multiprocessors with private cache memories , 1984, ISCA '84.

[14]  Yongjian Li,et al.  Mechanized proofs for the parameter abstraction and guard strengthening principle in parameterized verification of cache coherence protocols , 2007, SAC '07.

[15]  Luiz André Barroso,et al.  Piranha: a scalable architecture based on single-chip multiprocessing , 2000, Proceedings of 27th International Symposium on Computer Architecture (IEEE Cat. No.RS00201).

[16]  Larry Rudolph,et al.  CACHET: an adaptive cache coherence protocol for distributed shared-memory systems , 1999, ICS '99.

[17]  Steven M. German,et al.  Formal Design of Cache Memory Protocols in IBM , 2003, Formal Methods Syst. Des..

[18]  Vineet Kahlon,et al.  Reducing Model Checking of the Many to the Few , 2000, CADE.

[19]  Susan S. Owicki,et al.  A consistent and complete deductive system for the verification of parallel programs , 1976, STOC '76.

[20]  Kenneth L. McMillan,et al.  Parameterized Verification of the FLASH Cache Coherence Protocol by Compositional Model Checking , 2001, CHARME.

[21]  Leslie Lamport,et al.  Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers [Book Review] , 2002, Computer.

[22]  Sava Krstić Parametrized System Verification with Guard Strengthening and Parameter Abstraction , 2005 .

[23]  Maurice Clint Program proving: Coroutines , 2004, Acta Informatica.

[24]  Leslie Lamport,et al.  High-Level Specifications: Lessons from Industry , 2002, FMCO.

[25]  Jesse D. Bingham Automatic Non-Interference Lemmas for Parameterized Model Checking , 2008, 2008 Formal Methods in Computer-Aided Design.

[26]  L. McMillanmcmillan Circular Compositional Reasoning about Liveness , 1999 .

[27]  David A. Wood,et al.  LogTM: log-based transactional memory , 2006, The Twelfth International Symposium on High-Performance Computer Architecture, 2006..

[28]  David J. Lilja,et al.  Toward Complexity-Effective Verification: A Case Study of the Cray SV2 Cache Coherence Protocol , 2000 .

[29]  R. Rajamony,et al.  References 1 , 1961 .

[30]  Stefan Edelkamp,et al.  Directed explicit model checking with HSF-SPIN , 2001, SPIN '01.

[31]  Karthik Ramani,et al.  Interconnect-Aware Coherence Protocols for Chip Multiprocessors , 2006, 33rd International Symposium on Computer Architecture (ISCA'06).

[32]  F. Baskett,et al.  The 4D-MP graphics superworkstation: computing+graphics=40 MIPS+MFLOPS and 100000 lighted polygons per second , 1988, Digest of Papers. COMPCON Spring 88 Thirty-Third IEEE Computer Society International Conference.

[33]  Mark D. Hill,et al.  Cache coherence techniques for multicore processors , 2008 .

[34]  Helmut Veith,et al.  Counterexample-guided abstraction refinement for symbolic model checking , 2003, JACM.

[35]  Shuvendu K. Lahiri,et al.  Constructing Quantified Invariants via Predicate Abstraction , 2004, VMCAI.

[36]  K. Gharachorloo,et al.  Architecture and design of AlphaServer GS320 , 2000, ASPLOS IX.

[37]  Seungjoon Park,et al.  A Simple Method for Parameterized Verification of Cache Coherence Protocols , 2004, FMCAD.

[38]  David L. Dill,et al.  Verifying Systems with Replicated Components in Murphi , 1996, CAV.

[39]  Anoop Gupta,et al.  The Stanford FLASH multiprocessor , 1994, ISCA '94.