Reducing Verification Complexity of a Multicore Coherence Protocol Using Assume/Guarantee

Authors:
Xiaofang Chen;Yu Yang;Ganesh Gopalakrishnan;Ching-Tsun Chou
Affiliations:
University of Utah, USA;University of Utah, USA;University of Utah, USA;Intel Corporation
Venue:
FMCAD '06 Proceedings of the Formal Methods in Computer Aided Design
Year:
2006

Citing 0
Cited 8

Multi-core design automation challenges

Proceedings of the 44th annual Design Automation Conference
MCjammer: adaptive verification for multi-core designs

Proceedings of the conference on Design, automation and test in Europe
Extending CC-NUMA systems to support write update optimizations

Proceedings of the 2008 ACM/IEEE conference on Supercomputing
Automatic non-interference lemmas for parameterized model checking

Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
Avoiding cache thrashing due to private data placement in last-level cache for manycore scaling

ICCD'09 Proceedings of the 2009 IEEE international conference on Computer design
Achieving Non-Inclusive Cache Performance with Inclusive Caches: Temporal Locality Aware (TLA) Cache Management Policies

MICRO '43 Proceedings of the 2010 43rd Annual IEEE/ACM International Symposium on Microarchitecture
Exploiting reuse locality on inclusive shared last-level caches

ACM Transactions on Architecture and Code Optimization (TACO) - Special Issue on High-Performance Embedded Architectures and Compilers
Temporal-based multilevel correlating inclusive cache replacement

ACM Transactions on Architecture and Code Optimization (TACO)

Quantified Score

Hi-index	0.00

Visualization

Abstract

We illustrate how to employ metacircular assume/ guarantee reasoning to reduce the verification complexity of finite instances of protocols for safety, using nothing more than an explicit state model checker. The formal underpinnings of our method are based on establishing a simulation relation between the given protocol M, and several overapproximations thereof, \tilde M_1,..., \tilde M_k. Each \tilde M_i simulates M, and represents one "view" of it. The \tilde M_{i}s depend on each other both to define the abstractions as well as to justify them.We show that in case of our hierarchical coherence protocol, its designer could easily construct each of the \tilde M_i in a counterexample guided manner. This approach is practical, considerably reduces the verification complexity, and has been successfully applied to a complex hierarchical multicore cache coherence protocol which could not be verified through traditional model checking.