Using Flow Specifications of Parameterized Cache Coherence Protocols for Verifying Deadlock Freedom
We consider the problem of verifying deadlock freedom for symmetric cache coherence protocols. While there are multiple definitions of deadlock in the literature, we focus on a specific form of deadlock which is useful for the cache coherence protocol domain and is consistent with the internal definition of deadlock in theMurphi model checker: we refer to this deadlock as a system-wide deadlock (s-deadlock). In s-deadlock, the entire system gets blocked and is unable to make any transition. Cache coherence protocols consist of N symmetric cache agents, where N is an unbounded parameter; thus the verification of s-deadlock freedom is naturally a parameterized verification problem.
Parametrized verification techniques work by using sound abstractions to reduce the unbounded model to a bounded model. Efficient abstractions which work well for industrial scale protocols typically bound the model by replacing the state of most of the agents by an abstract environment, while keeping just one or two agents as is. However, leveraging such efficient abstractions becomes a challenge for s-deadlock: a violation of s-deadlock is a state in which the transitions of all of the unbounded number of agents cannot occur and so a simple abstraction like the one above will not preserve this violation. Authors of a prior paper, in fact, proposed using a combination of over and under abstractions for verifying such properties. While quite promising for a large class of deadlock errors, simultaneously tuning over and under abstractions can become complex.
In this work we address this challenge by presenting a technique which leverages high-level information about the protocols, in the form of message sequence diagrams referred to as flows, for constructing invariants that are collectively stronger than s-deadlock. Further, violations of these invariants can involve only one or two interacting agents: thus they can be verified using efficient abstractions like the ones described above.We show how such invariants for the German and Flash protocols can be successfully derived using our technique and then be verified.
KeywordsModel Check Mutual Exclusion Cache Line Liveness Property Unbounded Number
Unable to display preview. Download preview PDF.
- 5.Arons, T., Pnueli, A., Ruah, S., Xu, J., Zuck, L.D.: Parameterized verification with automatically computed inductive assertions. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 221–234. Springer, Heidelberg (2001), http://dl.acm.org/citation.cfm?id=647770.734120 CrossRefGoogle Scholar
- 8.Bingham, B., Greenstreet, M., Bingham, J.: Parameterized verification of deadlock freedom in symmetric cache coherence protocols. In: Proceedings of the International Conference on Formal Methods in Computer-Aided Design, FMCAD 2011, pp. 186–195. FMCAD Inc, Austin (2011), http://dl.acm.org/citation.cfm?id=2157654.2157683 Google Scholar
- 12.Clarke, E.M., Grumberg, O., Browne, M.C.: Reasoning about networks with many identical finite-state processes. In: Proceedings of the Fifth Annual ACM Symposium on Principles of Distributed Computing, PODC 1986, pp. 240–248. ACM, New York (1986), http://doi.acm.org/10.1145/10590.10611 CrossRefGoogle Scholar
- 13.Clarke, E., Talupur, M., Veith, H.: Proving ptolemy right: the environment abstraction framework for model checking concurrent systems. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 33–47. Springer, Heidelberg (2008), http://portal.acm.org/citation.cfm?id=1792734.1792740 CrossRefGoogle Scholar
- 15.Conchon, S., Goel, A., Krstic, S., Mebsout, A., Zaidi, F.: Invariants for finite instances and beyond. In: Formal Methods in Computer-Aided Design (FMCAD), pp. 61–68 (October 2013)Google Scholar
- 18.Emerson, E.A., Kahlon, V.: Reducing model checking of the many to the few. In: McAllester, D. (ed.) CADE 2000. LNCS, vol. 1831, pp. 236–254. Springer, Heidelberg (2000), http://dl.acm.org/citation.cfm?id=648236.753642
- 23.Ip, C.N., Dill, D.L.: Better verification through symmetry. In: Proc. Conf. on Computer Hardware Description Languages and their Applications, pp. 97–111 (1993)Google Scholar
- 25.Kristic, S.: Parameterized system verification with guard strengthening and parameter abstraction. In: 4th Int. Workshop on Automatic Verification of Finite State Systems (2005)Google Scholar
- 26.Kuskin, J., Ofelt, D., Heinrich, M., Heinlein, J., Simoni, R., Gharachorloo, K., Chapin, J., Nakahira, D., Baxter, J., Horowitz, M., Gupta, A., Rosenblum, M., Hennessy, J.: The stanford flash multiprocessor. In: Proceedings the 21st Annual International Symposium on Computer Architecture, pp. 302–313 (1994)Google Scholar
- 27.Lahiri, S.K., Bryant, R.E.: Predicate abstraction with indexed predicates. ACM Trans. Comput. Logic 9(1) (2007), http://doi.acm.org/10.1145/1297658.1297662
- 31.Murphi source code, https://github.com/dsethi/ProtocolDeadlockFiles
- 32.O’Leary, J., Talupur, M., Tuttle, M.R.: Protocol verification using flows: An industrial experience. In: Formal Methods in Computer-Aided Design, FMCAD 2009, pp. 172–179 (November 2009)Google Scholar
- 33.Park, S., Dill, D.L.: Verification of flash cache coherence protocol by aggregation of distributed transactions. In: SPAA ’96: Proceedings of the eighth annual ACM symposium on Parallel algorithms and architectures, pp. 288–296. ACM Press (1996)Google Scholar
- 37.Sethi, D., Talupur, M., Malik, S.: Using flow specifications of parameterized cache coherence protocols for verifying deadlock freedom. ArXiv:1407.7468Google Scholar
- 38.Talupur, M., Tuttle, M.R.: Going with the flow: Parameterized verification using message flows. In: Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design, FMCAD 2008. FMCAD ’08, pp. 1–10. IEEE Press, Piscataway (2008), http://dl.acm.org/citation.cfm?id=1517424.1517434 Google Scholar