Proofs of Correctness of Cache-Coherence Protocols

  • Joseph Stoy
  • Xiaowei Shen
  • Arvind
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2021)


We describe two proofs of correctness for Cachet, an adaptive cache-coherence protocol. Each proof demonstrates soundness (conformance to an abstract cache memory model CRF) and liveness. One proof is manual, based on a term-rewriting system definition; the other is machine-assisted, based on a TLA formulation and using PVS. A two- stage presentation of the protocol simplifies the treatment of soundness, in the design and in the proofs, by separating all liveness concerns. The TLA formulation demands precision about what aspects of the system’s behavior are observable, bringing complication to some parts which were trivial in the manual proof. Handing a completed design over for independent verification is unlikely to be successful: the prover requires detailed insight into the design, and the designer must keep correctness concerns at the forefront of the design process.


Memory Model Distribute Shared Memory Fairness Constraint Cache Coherence Protocol Abstraction Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [ABM93]
    Yehuda Afek, Geoffrey Brown, and Michael Merritt. Lazy Caching. ACM Transactions on Programming Languages and Systems, 15(1):182–205, January 1993.CrossRefGoogle Scholar
  2. [ADH+99]_Homayoon Akhiani, Damien Doligez, Paul Harter, Leslie Lamport, Joshua Scheid, Mark Tuttle, and Yuan Yu. Cache coherence verification with TLA+. In World Congress on Formal Methods in the Development of Computing Systems, Industrial Panel, Toulouse, France, September 1999.Google Scholar
  3. [AG96]
    Sarita V. Adve and Kourosh Gharachorloo. Shared Memory Consistency Models: A Tutorial. IEEE Computer, pages 66–76, December 1996.Google Scholar
  4. [Arc87]
    James K. Archibald. The Cache Coherence Problem in Shared-Memory Multiprocessors. PhD Dissertation, Department of Computer Science, University of Washington, February 1987.Google Scholar
  5. [Bro90]
    Geoffrey M. Brown. Asynchronous Multicaches. Distributed Computing, 4:31–36, 1990.CrossRefGoogle Scholar
  6. [CES86]
    E.M. Clarke, E.A. Emerson, and A.P. Sistla. Automatic Verification of Finite-State Concurrent Systems using Temporal Logic Specifications. ACM Transactions on Programming Languages and Systems, 8(2):244–263, April 1986.zbMATHCrossRefGoogle Scholar
  7. [CGP99]
    Edmund M. Clarke, Orna Grumberg, and Doron A. Peled. Model Checking. MIT Press, 1999.Google Scholar
  8. [CHPS99]
    Anne E. Condon, Mark D. Hill, Manoj Plakal, and Daniel J. Sorin. Using Lamport Clocks to Reason About Relaxed Memory Models. In Proceedings of the 5th International Symposium on High-Performance Computer Architecture, 1999.Google Scholar
  9. [COR+95]
    Judy Crow, Sam Owre, John Rushby, Natarajan Shankar, and Mandayam Srivas. A tutorial introduction to PVS. Presented at WIFT’ 95: Workshop on Industrial-Strength Formal Specification Techniques, Boca Raton, Florida, April 1995. Available, with specification les, at
  10. [Del00]
    Giorgio Delzanno. Automatic Verification of Parameterized Cache Co-herence Protocols. Technical Report DISI-TR-00-1, DISI, University of Genoa, January 2000. Available at
  11. [For]
    Formal Systems (Europe) Limited. Fdr2. Web site. See
  12. [HQR99]
    Thomas A. Henzinger, Shaz Qadeer, and Sriram K. Rajamani. Verifying Sequential Consistency on Shared-Memory Multiprocessor Systems. In Proceedings of the 11th International Conference on Computer-aided Verification (CAV), pages 301–315. Springer-Verlag, 1999. Lecture Notes in Computer Science 1633.Google Scholar
  13. [ID93a]
    C.N. Ip and D.L. Dill. Better Verification Through Symmetry. In Proceedings of the 11th International Symposium on Computer Hardware Description Languages and Their Applications, pages 87–100, April 1993.Google Scholar
  14. [ID93b]
    C.N. Ip and D.L. Dill. Efficient Verification of Symmetric Concurrent Systems. In International Conference on Computer Design: VLSI in Computers and Processors, October 1993.Google Scholar
  15. [KPS93]David R. Kaeli, Nancy K. Perugini, and Janice M. Stone. Literature Survey of Memory Consistency Models. Research Report 18843 (k82385), IBM Research Devision, 1993.Google Scholar
  16. [Lam93]
    Leslie Lamport. How to write a proof. In Global Analysis in Modern Mathematics, pages 311–321. Publish or Perish, Houston, Texas, U.S.A., February 1993. A symposium in honor of Richard Palais’ sixtieth birthday.Google Scholar
  17. [Lam94]
    Leslie Lamport. The temporal logic of actions. ACM Transactions on Programming Languages and Systems, 16(3):872–923, May 1994.CrossRefGoogle Scholar
  18. [Lam96]
    Leslie Lamport. The Module Structure of TLA+. Technical Note 1996-002a, Compaq Systems Research Center, September 1996.Google Scholar
  19. [Lam97]
    Leslie Lamport. The Operators of TLA+. Technical Note 1997-006a, Compaq Systems Research Center, June 1997.Google Scholar
  20. [Laz99]
    Ranko Lazic. A Semantic Study of Data Independence with Applications to Model Checking. PhD thesis, Oxford University Computing Laboratory, 1999.Google Scholar
  21. [McM92]
    K.L. McMillan. Symbolic Model Checking: An Approach to the State Explosion Problem. PhD Dissertation, Carnegie Mellon University, May 1992.Google Scholar
  22. [PD95]
    Fong Pong and Michel Dubois. A New Approach for the Verification of Cache Coherence Protocols. IEEE Transactions on Parallel and Distributed Systems, 6, August 1995.Google Scholar
  23. [PD96a]
    Seungjoon Park and David L. Dill. Protocol Verification by Aggregation of Distributed Transactions. In International Conference on Computer-Aided Verification, July 1996.Google Scholar
  24. [PD96b]
    Seungjoon Park and David L. Dill. Verification of FLASH Cache Coherence Protocol by Aggregation of Distributed Transactions. In Proceedings of the 8th ACM Symposium on Parallel Algorithms and Architectures, June 1996.Google Scholar
  25. [PD96c]
    Fong Pong and Michel Dubois. Formal Verification of Delayed Consistency Protocols. In Proceedings of the 10th International Parallel Processing Symposium, April 1996.Google Scholar
  26. [PNAD95]Fong Pong, Andreas Nowatzyk, Gunes Aybay, and Michel Dubois. Verifying Distributed Directory-based Cache Coherence Protocols:, a Case Study. In Proceedings of the European Conference on Parallel Computing, 1995.Google Scholar
  27. [PSCH98]
    Manoj Plakal, Daniel J. Sorin, Anne E. Condon, and Mark D. Hill. Lamport Clocks: Verifying a Directory Cache-Coherence Protocol. In Proceedings of the 10th ACM Symposium on Parallel Algorithms and Architectures, 1998.Google Scholar
  28. [Ros97]
    A.W. Roscoe. The Theory and Practice of Concurrency. Prentice Hall, 1997.Google Scholar
  29. [SAR99a]
    Xiaowei Shen, Arvind, and Larry Rodolph. CACHET: An Adaptive Cache Coherence Protocol for Distributed Shared-Memory Systems. In Proceedings of the 13th ACM International Conference on Supercomputing, June 1999.Google Scholar
  30. [SAR99b]
    Xiaowei Shen, Arvind, and Larry Rudolph. Commit-Reconcile & Fences (CRF): A New Memory Model for Architects and Compiler Writers. In Proceedings of the 26th International Symposium on Computer Architecture, May 1999.Google Scholar
  31. [SD95]
    Ulrich Stern and David L. Dill. Automatic Verification of the SCI Cache Coherence Protocol. In Correct Hardware Design and Verification Methods: IFIP WG10.5 Advanced Research Working Conference Proceedings, 1995.Google Scholar
  32. [She00]
    Xiaowei Shen. Design and Verification of Adaptive Cache Coherence Protocols. PhD thesis, Massachusetts Institute of Technology, February 2000.Google Scholar
  33. [Sto]
    Joseph E. Stoy. Web sites concerning Cachet, TLA in PVS, and cache protocol verification using FDR. See

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Joseph Stoy
    • 1
  • Xiaowei Shen
    • 2
  • Arvind
    • 2
  1. 1.Oxford University Computing LaboratoryEngland
  2. 2.Laboratory for Computer ScienceMassachusetts Institute of TechnologyCambridgeUSA

Personalised recommendations