Invariants for finite instances and beyond

Conchon, Sylvain; Goel, Amit; Krstić, Sava; Mebsout, Alain; Zaïdi, Fatiha

doi:10.1109/fmcad.2013.6679392

Cited by 30 publications

(26 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is an advantage since development of automatic and scalable over-abstraction based parameterized safety verification techniques is a promising area of ongoing research (e.g. [15]) which our approach directly benefits from.…”

Section: Methodsmentioning

confidence: 99%

Using Flow Specifications of Parameterized Cache Coherence Protocols for Verifying Deadlock Freedom

Sethi

Talupur

Malik

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We consider the problem of verifying deadlock freedom for symmetric cache coherence protocols. While there are multiple definitions of deadlock in the literature, we focus on a specific form of deadlock which is useful for the cache coherence protocol domain and consistent with the internal definition of deadlock in the Murphi model checker: we refer to this deadlock as a systemwide deadlock (s-deadlock). In s-deadlock, the entire system gets blocked and is unable to make any transition. Cache coherence protocols consist of N symmetric cache agents, where N is an unbounded parameter; thus the verification of s-deadlock freedom is naturally a parameterized verification problem. Parametrized verification techniques work by using sound abstractions to reduce the unbounded model to a bounded model. Efficient abstractions which work well for industrial scale protocols typically bound the model by replacing the state of most of the agents by an abstract environment, while keeping just one or two agents as is. However, leveraging such efficient abstractions becomes a challenge for s-deadlock: a violation of s-deadlock is a state in which the transitions of all of the unbounded number of agents cannot occur and so a simple abstraction like the one above will not preserve this violation. Authors of a prior paper, in fact, proposed using a combination of over and under abstractions for verifying such properties. While quite promising for a large class of deadlock errors, simultaneously tuning over and under abstractions can become complex. In this work we address this challenge by presenting a technique which leverages high-level information about the protocols, in the form of message sequence diagrams referred to as flows, for constructing invariants that are collectively stronger than s-deadlock. Further, violations of these invariants can involve only one or two interacting agents: thus they can be verified using efficient abstractions like the ones described above. We show how such invariants for the German and Flash protocols can be successfully derived using our technique and then be verified.

show abstract

Section: Methodsmentioning

confidence: 99%

Using Flow Specifications of Parameterized Cache Coherence Protocols for Verifying Deadlock Freedom

Sethi

Talupur

Malik

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…In the evaluation, the resulting CHCs are solved by a CHC solver Spacer [19,18]. This combination is similar to the MCMT [14] approach, and, in particular, to the Barb algorithm [10] of Cubicle [9]. The key similarities and differences are highlighted below.…”

Section: Related Workmentioning

confidence: 99%

SMT-based verification of parameterized systems

Gurfinkel

Shoham

Meshman

2016

Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering

View full text Add to dashboard Cite

It is well known that verification of safety properties of sequential programs is reducible to satisfiability modulo theory of a first-order logic formula, called a verification condition (VC). The reduction is used both in deductive and automated verification, the difference is only in whether the user or the solver provides candidates for inductive invariants. In this paper, we extend the reduction to parameterized systems consisting of arbitrary many copies of a user-specified process, and whose transition relation is definable in firstorder logic modulo theory of linear arithmetic and arrays. We show that deciding whether a parameterized system has a universally quantified inductive invariant is reducible to satisfiability of (non-linear) Constraint Horn Clauses (CHC). As a consequence of our reduction, we obtain a new automated procedure for verifying parameterized systems using existing PDR and CHC engines. While the new procedure is applicable to a wide variety of systems, we show that it is a decision procedure for several decidable fragments.

show abstract

“…For instance, FLASH protocol is the cache coherence protocol of the Stanford FLASH mutlitprocessor [1]. This protocol is so complex that only a few approaches [2], [3], [4], [5] have successfully verified it so far. Furthermore, all existing successful verification approaches have their downsides.…”

Section: Introductionmentioning

confidence: 99%

“…The cases of [3] and [4] are similar to [2] that hand-crafted invariants are required to provide by human experts. As a contrast, [5] is a model checking based approach which can be carried out automatically. However, the formal proof can not be obtained from the work of [5].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A novel approach to parameterized verification of cache coherence protocols

Duan

et al. 2016

2016 IEEE 34th International Conference on Computer Design (ICCD)

View full text Add to dashboard Cite

Parameterized verification of parameterized protocols like cache coherence protocols is an important but hard problem. Our tool paraVerifier handles this hard problem in a unified framework: (1) it automatically discovers auxiliary invariants and the corresponding causal relations from a small reference instance of the verified protocol; (2) the above invariants and causal relation information are automatically generalized into a parameterized form to construct a parameterized formal proof in a theorem prover (e.g., Isabelle). Our method is successfully applied to typical benchmarks including snooping and directory cache coherence protocol benchmarks. The correctness of these protocols is guaranteed by a formal and readable proof which is automatically generated. The notoriously hard FLASH protocol, which is at an industrial scale, is also verified.

show abstract

Invariants for finite instances and beyond

Cited by 30 publications

References 38 publications

Using Flow Specifications of Parameterized Cache Coherence Protocols for Verifying Deadlock Freedom

Using Flow Specifications of Parameterized Cache Coherence Protocols for Verifying Deadlock Freedom

SMT-based verification of parameterized systems

A novel approach to parameterized verification of cache coherence protocols

Contact Info

Product

Resources

About