Verification techniques for cache coherence protocols

Pong, Fong; Dubois, Michel

doi:10.1145/248621.248624

Cited by 83 publications

(56 citation statements)

References 73 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Different from the above, our method employs a specialized form of symmetry reduction and deals with the abstract transition system only and requires no annotations. Additionally, a number of works on combining abstraction and fairness, were presented in [6,22,29,4,25]. Our work explores one particular kind of abstraction and shows that it works with fairness with a simple twist.…”

Section: Discussion and Related Workmentioning

confidence: 99%

Fair Model Checking with Process Counter Abstraction

Sun

Liu

Roychoudhury

et al. 2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Parameterized systems are characterized by the presence of a large (or even unbounded) number of behaviorally similar processes, and they often appear in distributed/concurrent systems. A common state space abstraction for checking parameterized systems involves not keeping track of process identifiers by grouping behaviorally similar processes. Such an abstraction, while useful, conflicts with the notion of fairness. Because process identifiers are lost in the abstraction, it is difficult to ensure fairness (in terms of progress in executions) among the processes. In this work, we study the problem of fair model checking with process counter abstraction. Even without maintaining the process identifiers, our on-the-fly checking algorithm enforces fairness by keeping track of the local states from where actions are enabled / executed within an execution trace. We enhance our home-grown PAT model checker with the technique and show its usability via the automated verification of several real-life protocols.

show abstract

Section: Discussion and Related Workmentioning

confidence: 99%

Fair Model Checking with Process Counter Abstraction

Sun

Liu

Roychoudhury

et al. 2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Two only caches and two only memory addresses can be seen as a too simplistic model. However, as Pong and Dubois wrote in [23] "several studies have demonstrated that most design errors can be found quickly in small-scale models, which suggests that this method [of state enumeration] is a useful debugging tool in the early design phase. "…”

Section: Level 1 Modelmentioning

confidence: 99%

Model Checking TLR* Guarantee Formulas on Infinite Systems

Martín

Verdejo

Martí-Oliet

2014

Specification, Algebra, and Software

View full text Add to dashboard Cite

Autorización de difusiónEl abajo firmante, matriculado en el Máster en Investigación en Informática de la Facultad de Informática, autoriza a la Universidad Complutense de Madrid (UCM) a difundir y utilizar con fines académicos, no comerciales y mencionando expresamente a su autor el presente Trabajo de Fin de Máster: "Model Checking TLR* Guarantee Formulas on Infinite Systems", realizado durante el curso académico 2012-2013 bajo la dirección de Alberto Verdejo y Narciso Martí en el Departamento de Sistemas Informáticos y Computación, y a la Biblioteca de la UCM a depositarlo en el Archivo Institucional EPrints Complutense con el objeto de incrementar la difusión, uso e impacto del trabajo en Internet y garantizar su preservación y acceso a largo plazo. Óscar Martín Julio de 2013 i ii ResumenPresentamos la implementación de un model checker para sistemas con una cantidad de estados potencialmente infinita. Se ha desarrollado sobre el lenguaje y el sistema Maude, basado en lógica de reescritura. Los sistemas que se quieran analizar también han de estar especificados como módulos Maude. El model checker funciona con estados explícitos. Así, en sistemas infinitos, no podemos esperar que la comprobación acabe en todos los casos. De hecho, solo proporciona un semi-algoritmo para validar fórmulas de garantía (o, equivalentemente, para invalidar fórmulas de seguridad). Para evitar entrar en caminos infinitos, las búsquedas siempre se llevan a cabo con profundidad acotada.La lógica temporal que usamos es TLR* (Temporal Logic of Rewriting). Esta lógica es una generalización de CTL* que usa proposiciones atómicas no solo sobre estados, sino también sobre transiciones, proporcionando así una mayor potencia expresiva. Como paso intermedio, presentamos un lenguaje de estrategias para Maude. Las fórmulas de garantía se traducen primero a expresiones de estrategia y, entonces, se hace evolucionar en paralelo al sistema y a la estrategia para buscar cómputos que satisfagan la estrategia y, por tanto, la fórmula.Se incluyen varios ejemplos para mostrar la utilidad de nuestra herramienta. En particular, se presenta un ejemplo más largo, relativo a protocolos de coherencia de caché.Las tres ideas en las que se basa este trabajo -el model checker, TLR* y el lenguaje de estrategias-son propuestas tomadas de [21]. Palabras claveSistema de infinitos estados, lógica de reescritura, Maude, model checking, estrategia, lógica temporal, TLR*, fórmula de garantía, protocolo de coherencia de caché.iii iv AbstractWe present the implementation of a model checker for systems with a potentially infinite number of states. It has been developed in the rewriting-logic language and system Maude. The systems to be analysed need also be specified as Maude modules. The model checker is explicit-state, that is, not symbolic. Thus, in infinite systems, we cannot expect it to finish in every case. Indeed, it only provides a semi-decision algorithm to validate guarantee formulas (or, equivalently, to falsify safety ones). To avoid getting lost in infinite ...

show abstract

“…These algorithms, however, do not synthesize network topologies. Reduced reachability analysis has been used in the verification of cache coherence protocols [11], using a global FSM model. We adopt a similar FSM model and extend it for our approach in this study.…”

Section: Related Workmentioning

confidence: 99%

“…the number of topologies synthesized, state transitions traversed and faults covered. We are also investigating complexity reduction techniques by introducing equivalence classes of states and topologies, using counting equivalence and repetition constructors [11].…”

Section: Summary and Future Workmentioning

confidence: 99%

Fault-Oriented Test Generation for Multicast Routing Protocol Design

Estrin

Gupta

1998

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Abstract:We present a new algorithm for automatic test generation for multicast routing. Our algorithm processes a finite state machine (FSM) model of the protocol and uses a mix of forward and backward search techniques to generate the tests. The output tests include a set of topologies, protocol events and network failures, that lead to violation of protocol correctness and behavioral requirements. We target protocol robustness in specific, and do not attempt to verify other properties in this paper. We apply our method to a multicast routing protocol; PIM-DM, and investigate its behavior in the presence of selective packet loss on LANs and router crashes. Our study unveils several robustness violations in PIM-DM, for which we suggest fixes with the aid of the presented algorithm.

show abstract

Verification techniques for cache coherence protocols

Cited by 83 publications

References 73 publications

Fair Model Checking with Process Counter Abstraction

Fair Model Checking with Process Counter Abstraction

Model Checking TLR* Guarantee Formulas on Infinite Systems

Fault-Oriented Test Generation for Multicast Routing Protocol Design

Contact Info

Product

Resources

About