PVCoherence: Designing flat coherence protocols for scalable verification

Zhang, Meng; Bingham, Jesse; Erickson, John; Sorin, Daniel J.

doi:10.1109/hpca.2014.6835949

Cited by 17 publications

(6 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In order to verify cache-coherence protocols with arbitrary numbers of cores (but no hierarchy), parameterization has been used in designing and modelchecking the protocols [2,35,36]. Since Hemiola is built on Coq, we can take full advantage of parameterization, and indeed the framework supports verification of cache-coherence protocols with an arbitrary tree shape as a parameter.…”

Section: Related Workmentioning

confidence: 99%

Hemiola: A DSL and Verification Tools to Guide Design and Proof of Hierarchical Cache-Coherence Protocols

Choi¹,

Chlipala²,

Arvind³

2022

Computer Aided Verification

View full text Add to dashboard Cite

Cache-coherence protocols have been one of the greatest challenges in formal verification of hardware, due to their central complication of executing multiple memory-access transactions concurrently within a distributed message-passing system. In this paper, we introduce Hemiola, a framework embedded in Coq that guides the user to design protocols that never experience inconsistent interleavings while handling transactions concurrently. The framework provides a DSL, where any protocol designed in the DSL always satisfies the serializability property, allowing a user to verify the protocol assuming that transactions are executed one-at-a-time. Hemiola also provides a novel invariant proof method, for protocols designed in Hemiola, that only requires considering execution histories without interleaved memory accesses. We used Hemiola to design and prove hierarchical MSI and MESI protocols as case studies. We also demonstrated that the case-study protocols are hardware-synthesizable, by using a compilation/synthesis toolchain targeting FPGAs.

show abstract

Section: Related Workmentioning

confidence: 99%

Hemiola: A DSL and Verification Tools to Guide Design and Proof of Hierarchical Cache-Coherence Protocols

Choi¹,

Chlipala²,

Arvind³

2022

Computer Aided Verification

View full text Add to dashboard Cite

show abstract

“…There are many abstraction techniques to reduce parameterized designs to finite state spaces, which can be explored exhaustively. Optimizations on symbolic model checking (e.g., partial order reduction [Bhattacharya et al 2005], symmetry reduction [Bhattacharya et al 2006;Chen et al 2010;Chou et al 2004;Emerson and Kahlon 2003;Ip et al 1996;Zhang et al 2014], compositional reasoning [Jhala and McMillan 2001;McMillan 1999McMillan , 2001], extended-FSM [Delzanno 2000], etc.) further scale the approach.…”

Section: Related Workmentioning

confidence: 99%

“…They also acknowledge (in their CAV'16 paper) that they would need invariants to get proofs of infinite families of designs, while our technique already admits such proofs. Chou et al [2004]; Matthews et al [2016]; Talupur and Tuttle [2008]; Zhang et al [2014Zhang et al [ , 2010 have all verified cache-coherence protocols using model checking in settings where the number of cores, number of levels in the hierarchy, etc. have been parameterized, by relying on paper-and-pencil proofs for properties about compositions and supplying the invariants manually.…”

Section: Related Workmentioning

confidence: 99%

Kami: a platform for high-level parametric hardware specification and its modular verification

Choi

Vijayaraghavan

Sherman

et al. 2017

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

It has become fairly standard in programming-languages research to verify functional programs in proof assistants using induction, algebraic simplification, and rewriting. In this paper, we introduce Kami, a Coq library that uses labeled transition systems to enable similar expressive and modular reasoning for hardware designs expressed in the style of the Bluespec language. We can specify, implement, and verify realistic designs entirely within Coq, ending with automatic extraction into a pipeline that bottoms out in FPGAs. Our methodology has been evaluated in a case study verifying an infinite family of multicore systems, with cache-coherent shared memory and pipelined cores implementing (the base integer subset of) the RISC-V instruction set. CCS Concepts: • Hardware → Theorem proving and SAT solving; Hardware description languages and compilation; High-level and register-transfer level synthesis;

show abstract

“…Early work in this realm explored the verification of the Fu-tureBus+ protocol [13], while subsequent efforts used formal languages like Murphi to check the FLASH coherence protocols [34]. More recently, Zhang et al [44,45] proposed techniques for designing cache coherence protocols that are more amenable to formal verification. In all these cases, however, consistency is not verified, thus retaining the isolation of coherence and consistency and ignoring the CCI.…”

Section: Privl1sonly Sharedl1onlymentioning

confidence: 99%

“…Generally, coherence protocols and consistency models are verified independently [6,7,13,34,44,45], with coherence verifiers ignoring consistency implications and consistency verifiers making assumptions about coherence. However, coherence and consistency are often tightly interwoven at the implementation level, commonly for the sake of aggressive performance optimizations such as speculative load reordering, but even in simpler microarchitectures as well [9,20,25,40].…”

Section: Introductionmentioning

confidence: 99%

CCICheck

Manerkar

Lustig

Pellauer³

et al. 2015

Proceedings of the 48th International Symposium on Microarchitecture

View full text Add to dashboard Cite

In parallel systems, memory consistency models and cache coherence protocols establish the rules specifying which values will be visible to each instruction of parallel programs. Despite their central importance, verifying their correctness has remained a major challenge, due both to informal or incomplete specifications and to difficulties in scaling verification to cover their operations comprehensively. While coherence and consistency are often specified and verified independently at an architectural level, many systems implement performance enhancements that tightly interweave coherence and consistency at a microarchitectural level in ways that make verification of consistency difficult. This paper introduces CCICheck, a tool and technique supporting static verification of the coherenceconsistency interface (CCI). CCICheck enumerates and checks families of microarchitectural happens-before (µhb) graphs that describe how a particular coherence protocol combines with a particular processor's pipelines and memory hierarchy to enforce the requirements of a given consistency model. To support tractable CCI verification, CCICheck introduces the ViCL (Value in Cache Lifetime), an abstraction which allows the µhb graphs to cleanly represent CCI events relevant to consistency verification, including demand fetching, cache line invalidation, coherence protocol windows of vulnerability, and partially incoherent cache hierarchies. We implement CCICheck as an automated tool and demonstrate its use on a number of case studies. We also show its tractability across a wide range of litmus tests.

show abstract

PVCoherence: Designing flat coherence protocols for scalable verification

Cited by 17 publications

References 31 publications

Hemiola: A DSL and Verification Tools to Guide Design and Proof of Hierarchical Cache-Coherence Protocols

Hemiola: A DSL and Verification Tools to Guide Design and Proof of Hierarchical Cache-Coherence Protocols

Kami: a platform for high-level parametric hardware specification and its modular verification

CCICheck

Contact Info

Product

Resources

About