Abstract
Verification coverage is an important metric in any hardware verification effort. Coverage models are proposed as a set of events the hardware may exhibit, intended to be possible under a test scenario. At the system level, these events each correspond to a visited state or taken transition in a transition system that represents the underlying hardware. A more sophisticated approach is to check that tests exercise specific sequences of events, corresponding to traces through the transition system. However, such trace-based coverage models are inherently expensive to consider in practice, as the number of traces is exponential in trace length. We present a novel framework that combines the approaches of conservative abstraction with rewriting to construct a concise trace-based coverage model of a class of parameterized symmetric systems. First, we leverage both symmetry and rewriting to construct abstractions that can be tailored by users’ defined rewriting. Then, under this abstraction, a coverage model for a larger system can be generated from traces for a smaller system. This coverage model is of tractable size, is tractable to generate and can be used to identify coverage holes in large systems. Our experiments on the cache-coherence protocol implementation from the multi-billion transistors IBM POWER\(^{\mathrm{TM}}\) Processor demonstrate the viability and effectiveness of this approach.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Other systems that focus on different abstractions require their own tailored restrictions and proof of Theorem 1.
Recall, \(\tau _n\) is trace rewriting; \(\delta _n\) is trace abstraction; \(\gamma \) is abstract trace rewriting.
All permutations of \(\mathbf{r }\) are reachable iff \(\mathbf{r }\) is reachable by Proposition 1.
A cache line is in state \(\mathbf{M}\) when it is has been modified; \(\mathbf{I}\) when invalidated; \(\mathbf{S}\) when shared; and, \(\mathbf{T}\) when the dirty cache line is possibly being shared with other nodes while this owner is responsible for servicing requests for sharing the cache line.
This constraint technically precludes some implementations of protocols with state \(\mathbf{E}\), but such systems are handled with small tweaks to the CS and \(\theta \); see Sect. 5.7.
References
Miller JC, Maloney CJ (1963) Systematic mistake analysis of digital computer programs. Commun ACM 6(2):58–63
Dwyer MB, Avrunin GS, Corbett JC (1999) Patterns in property specifications for finite-state verification. In: ICSE. IEEE, pp 411–420
Hong HS, Lee I, Sokolsky O, Ural H (2002) A temporal logic based theory of test coverage and generation. In: TACAS. Springer, Berlin, p 327–341
Ziv A (2003) Cross-product functional coverage measurement with temporal properties-based assertions. In: DATE. IEEE, p 10834
Chockler H, Kupferman O, Vardi M (2006) Coverage metrics for formal verification. STTT 8(4–5):373–386
Piziali A (2004) Functional verification coverage measurement and analysis, 1st edn. Springer, Berlin Incorporated
Czemerinski H, Braberman V, Uchitel S (2013) Behaviour abstraction coverage as black-box adequacy criteria. In: ICST. IEEE, pp 222–231
Castillos KC, Dadeau F, Julliand J (2014) Coverage criteria for model-based testing using property patterns. In: Proceedings of \(9{\rm th}\) MBT workshop, pp 29–43
Papamarcos MS, Patel JH (1984) A low-overhead coherence solution for multiprocessors with private cache memories. In: Proceedings of of the 11th annual international symposium on computer architecture, New York, NY, USA. ACM pp 348–354
De Paula FM, Haran A, Bingham B (2018) An efficient rewriting framework for trace coverage of symmetric systems. In: NASA formal methods symposium. Springer, pp 95–112
Chou CT, Mannava PK, Park S (2004) A simple method for parameterized verification of cache coherence protocols. In: FMCAD. Springer, pp 382–398
Book RV, Otto F (1993) String-rewriting systems. Springer, Berlin
Baader F, Nipkow T (1998) Term rewriting and all that. Camb. Univ Press, Cambridge
Sinharoy B et al (2011) IBM POWER7 multicore server processor. IBM J Res Dev 55(3):191–219
Starke WJ et al (2015) The cache and memory subsystems of the IBM POWER8 processor. IBM J Res Dev 59(1):3:1–3:13
Sweazey P, Smith AJ (1986) A class of compatible cache consistency protocols and their support by the ieee futurebus. ACM SIGARCH Comput Archit News 14(2):414–423
Shimizu Kanna et. al (2006) Verification of the cell broadband engine; processor. In: Proceedings of the 43rd annual DAC. ACM, pp 338–343
Ludden JM et al (2002) Functional verification of the POWER4 microprocessor and POWER4 multiprocessor system. IBM J Res Dev 46(1):53–76
Adir A et al (2004) Genesys-pro: innovations in test program generation for functional processor verification. Des Test Comput IEEE 21(2):84–93
GCC: Gcov—a Test Coverage Program. https://gcc.gnu.org/onlinedocs/gcc/Gcov.html. Retrieved on 30 Sept 2018
Yang Q, Bhuyan LN, Liu BC (1989) Analysis and comparison of cache coherence protocols for a packet-switched multiprocessor. IEEE Trans Comput 38(8):1143–1153
Shen J, Abraham JA (2000) An RTL abstraction technique for processor microarchitecture validation and test generation. J Electronic Test 16:67–81
Arvind, Shen X (1999) Using term rewriting systems to design and verify processors. IEEE Micro 19(3):36–46
Morra C, Becker J, Ayala-Rincon M, Hartenstein R (09 2005) Felix: using rewriting-logic for generating functionally equivalent implementations, vol 2005, pp 25–30
Chandrasekhar MS, Privitera JP, Conradt KW (1987) Application of term rewriting techniques to hardware design verification. In: Proceedings of the 24th ACM/IEEE design automation conference. DAC ’87, New York, NY, USA. ACM, pp 277–282
Marathe J, Mueller F, Mohan T, Mckee SA, Supinski BRD, Yoo A (2007) Metric: memory tracing via dynamic binary rewriting to identify cache inefficiencies. ACM Tran Program Lang Syst 29:12
McMillan KL (1999) Verification of infinite state systems by compositional model checking. In: Proceedings of the 10th IFIP WG 10.5 advanced research working conference on correct hardware design and verification methods. CHARME ’99, London, UK, UK. Springer, pp 219–234
McMillan KL (2001) Parameterized verification of the flash cache coherence protocol by compositional model checking. In: Proceedings of the 11th IFIP WG 10.5 advanced research working conference on correct hardware design and verification methods. CHARME ’01, Berlin, Heidelberg. Springer, pp 179–195
Krstić S (2005) Parametrized system verification with guard strengthening and parameter abstraction. In: Automated verification of infinite-state systems
Owre S, Rushby JM, Shankar N (jun 1992) PVS: A prototype verification system. In: Kapur D (ed) 11th international conference on automated deduction (CADE). Volume 607 of Lecture Notes in artificial intelligence, Saratoga, NY. Springer, pp 748–752
Durán F, Rocha C, Álvarez JM (2011) Towards a maude formal environment. In: Agha G, Meseguer J, Danvy O (eds) Formal modeling. Springer, Berlin, pp 329–351
Acknowledgements
The authors thank Viresh Paruthi and Jesse Bingham for valuable suggestions that helped with clarity of this paper.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
De Paula, F.M., Haran, A. & Bingham, B. Rewriting toward trace coverage analysis of symmetric systems. Innovations Syst Softw Eng 15, 191–206 (2019). https://doi.org/10.1007/s11334-019-00348-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11334-019-00348-0