Hewlett-Packard
WW
Search
Assistance
HP Labs Home
Spacer
Research
News
Job Openings
Technical Reports
Spacer
Locations
Palo Alto, USA
Bristol, UK
Japan
Israel
Spacer
 

HP Labs Technical Reports



Click here for full text: PDF

Formal Automatic Verification of Cache Coherence in Multiprocessors with Relaxed Memory Models

Pong, Fong; Dubois, Michel

HPL-2000-33

Keyword(s): shared-memory mulitprocessor; relaxed memory consistency models; delayed consistency; verification; symbolic state model

Abstract: State-based, formal methods have been successfully applied to the automatic verification of cache coherence in sequentially consistent systems. However, coherence in shared-memory multiprocessors under a relaxed memory model is much more complex to verify automatically. With relaxed memory models, incoming invalidations and outgoing updates can be delayed in each cache while processors are allowed to race ahead. This buffering of memory accesses considerably increases the amount of state in each cache and the complexity of protocol interactions. Moreover, because caches can hold inconsistent copies of the same data for long periods of time, coherence cannot be verified by simply checking that cached copies are identical at all times. This paper makes two major contributions. First, we demonstrate how to model and verify cache coherence under a relaxed memory model in the context of state-based verification methods. Frameworks for modeling the hardware and for generating correct memory access sequences driving the hardware model are developed. We also show correctness properties which must be verified on the hardware model. Second, we demonstrate a successful application of a state-based verification tool called SSM for the verification of delayed protocol, an aggressive protocol for relaxed memory models. SSM is based on an abstraction technique preserving the properties to verify. We show that with classical, explicit approaches the verification of cache coherence is realistically unfeasible because of the state space explosion problem whereas SSM is able to verify protocols both at both behavioral and message-passing levels.

42 Pages

Back to Index


HP Bottom Banner
Terms of Use Privacy Statement