ABSTRACT
In parallel systems, memory consistency models and cache coherence protocols establish the rules specifying which values will be visible to each instruction of parallel programs. Despite their central importance, verifying their correctness has remained a major challenge, due both to informal or incomplete specifications and to difficulties in scaling verification to cover their operations comprehensively. While coherence and consistency are often specified and verified independently at an architectural level, many systems implement performance enhancements that tightly interweave coherence and consistency at a microarchitectural level in ways that make verification of consistency difficult.
This paper introduces CCICheck, a tool and technique supporting static verification of the coherence-consistency interface (CCI). CCICheck enumerates and checks families of microarchitectural happens-before (µhb) graphs that describe how a particular coherence protocol combines with a particular processor's pipelines and memory hierarchy to enforce the requirements of a given consistency model. To support tractable CCI verification, CCICheck introduces the ViCL (Value in Cache Lifetime), an abstraction which allows the µhb graphs to cleanly represent CCI events relevant to consistency verification, including demand fetching, cache line invalidation, coherence protocol windows of vulnerability, and partially incoherent cache hierarchies. We implement CCICheck as an automated tool and demonstrate its use on a number of case studies. We also show its tractability across a wide range of litmus tests.
- A. Adir, H. Attiya, and G. Shurek, "Information-flow models for shared memory with an application to the PowerPC architecture," IEEE Transactions on Parallel and Distributed Systems (TPDS), vol. 14, no. 5, pp. 502--515, 2003. Google ScholarDigital Library
- S. Adve and M. Hill, "Weak ordering: a new definition," ISCA, 1990. Google ScholarDigital Library
- J. Alglave, "A formal hierarchy of weak memory models," Formal Methods in System Design (FMSD), vol. 41, no. 2, pp. 178--210, 2012. Google ScholarDigital Library
- J. Alglave, M. Batty, A. Donaldson, G. Gopalakrishnan, J. Ketema, D. Poetzl, T. Sorensen, and J. Wickerson, "GPU concurrency: Weak behaviours and programming assumptions," ASPLOS, 2015. Google ScholarDigital Library
- J. Alglave, A. Fox, S. Ishtiaq, M. O. Myreen, S. Sarkar, P. Sewell, and F. Z. Nardelli, "The semantics of Power and ARM machine code,"Workshop on Declarative Aspects of Multicore Programming (DAMP), 2009. Google ScholarDigital Library
- J. Alglave, L. Maranget, S. Sarkar, and P. Sewell, "Fences in weak memory models," CAV, 2010. Google ScholarDigital Library
- J. Alglave, L. Maranget, and M. Tautschnig, "Herding cats: Modelling, simulation, testing, and data-mining for weak memory," ACM Transactions on Programming Languages and Systems (TOPLAS), vol. 36, July 2014. Google ScholarDigital Library
- AMD, "Revision guide for AMD family 10h processors," August 2011. {Online}. Available: http://developer.amd.com/wordpress/media/2012/10/41322.pdfGoogle Scholar
- AMD, "AMD64 architecture programmer's manual," 2013.Google Scholar
- Arvind and J.-W. Maessen, "Memory model = instruction reordering + store atomicity," ISCA, 2006. Google ScholarDigital Library
- T. J. Ashby, P. Diaz, and M. Cintra, "Software-based cache coherence with hardware-assisted selective self-invalidations using bloom filters," IEEE Transactions on Computers, vol. 60, no. 4, pp. 472--483, 2011. Google ScholarDigital Library
- B. Choi, R. Komuravelli, H. Sung, R. Smolinski, N. Honarmand, S. V. Adve, V. S. Adve, N. P. Carter, and C.-T. Chou, "DeNovo: Rethinking the memory hierarchy for disciplined parallelism," PACT, 2011. Google ScholarDigital Library
- E. M. Clarke, O. Grumberg, H. Hiraishi, S. Jha, D. E. Long, K. L. McMillan, and L. A. Ness, "Verification of the futurebus+ cache coherence protocol," in International Conference on Computer Hardware Description Languages and their Applications (CHDL), 1993, pp. 15--30. Google ScholarDigital Library
- F. Corella, J. M. Stone, and C. M. Barton, "A formal specification of the PowerPC shared memory architecture," CS Tech. Report RC 18638 (81566), IBM Research Division, TJ Watson Research Center, 1993.Google Scholar
- Digital Equipment Corporation, "Alpha architecture reference manual," 1992. Google ScholarDigital Library
- M. Dubois, C. Scheurich, and F. Briggs, "Memory access buffering in multiprocessors," ISCA, 1986. Google ScholarDigital Library
- M. Elver, "TSO-CC specification," 2015. {Online}. Available: http://homepages.inf.ed.ac.uk/s0787712/res/research/tsocc/tso-cc spec.pdfGoogle Scholar
- M. Elver and V. Nagarajan, "TSO-CC: consistency directed cache coherence for TSO," in HPCA, 2014.Google Scholar
- H. D. Foster, "Trends in functional verification: A 2014 industry study," DAC, 2015. Google ScholarDigital Library
- K. Gharachorloo, A. Gupta, and J. Hennessy, "Two techniques to enhance the performance of memory consistency models," International Conference on Parallel Processing (ICPP), 1991.Google Scholar
- K. Gharachorloo, D. Lenoski, J. Laudon, P. Gibbons, A. Gupta, and J. Hennessy, "Memory consistency and event ordering in scalable shared-memory multiprocessors," ISCA, 1990. Google ScholarDigital Library
- J. R. Goodman, "Cache consistency and sequential consistency," SCI Committee, Tech. Rep., March 1989, tech Report 61. {Online}. Available: ftp://ftp.cs.wisc.edu/pub/techreports/1991/TR1006.pdfGoogle Scholar
- S. Hangal, D. Vahia, C. Manovit, and J.-Y. J. Lu, "Tsotool: A program for verifying memory systems using the memory consistency model," in ISCA, 2004. Google ScholarDigital Library
- Intel, "Intel Itanium architecture software developer's manual, revision 2.3," 2010. {Online}. Available: http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdfGoogle Scholar
- Intel, "Intel 64 and IA-32 architectures software developer's manual," 2013. {Online}. Available: http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdfGoogle Scholar
- Intel, "Intel Xeon processor E3-1200 v3 product family, specification update," April 2015. {Online}. Available: http://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/xeon-e3-1200v3-specupdate.pdfGoogle Scholar
- L. Kontothanassis, M. Scott, and R. Bianchini, "Lazy release consistency for hardware-coherent multiprocessors," in SC, 1995. Google ScholarDigital Library
- J. Kubiatowicz, D. Chaiken, and A. Agarwal, "Closing the window of vulnerability in multiphase memory transactions," in ASPLOS, 1992. Google ScholarDigital Library
- L. Lamport, "How to make a multiprocessor computer that correctly executes multiprocess programs," IEEE Transactions on Computing, vol. 28, no. 9, pp. 690--691, 1979. Google ScholarDigital Library
- D. Lustig, M. Pellauer, and M. Martonosi, "PipeCheck: Specifying and verifying microarchitectural enforcement of memory consistency models," MICRO, 2014. Google ScholarDigital Library
- D. Lustig, M. Pellauer, and M. Martonosi, "Verifying correct microarchitectural enforcement of memory consistency models," IEEE Micro (Top Picks of 2014), vol. 35, no. 3, 2015.Google Scholar
- S. Mador-Haim, L. Maranget, S. Sarkar, K. Memarian, J. Alglave, S. Owens, R. Alur, M. M. K. Martin, P. Sewell, and D. Williams, "An axiomatic memory model for POWER multiprocessors," CAV, 2012. Google ScholarDigital Library
- M. M. K. Martin, "Formal verification and its impact on the snooping versus directory protocol debate," IEEE International Conference on Computer Design (ICCD), 2005. Google ScholarDigital Library
- K. McMillan, "Parameterized verification of the FLASH cache coherence protocol by compositional model checking," in Correct Hardware Design and Verification Methods (CHARME), 2001. Google ScholarDigital Library
- A. Meixner and D. Sorin, "Dynamic verification of memory consistency in cache-coherent multithreaded computer architectures," IEEE Transactions on Dependable and Secure Computing (TDSC), 2009. Google ScholarDigital Library
- S. Owens, S. Sarkar, and P. Sewell, "A better x86 memory model: x86-TSO," Conference on Theorem Proving in Higher Order Logics (TPHOLs), 2009. Google ScholarDigital Library
- A. Ros and S. Kaxiras, "Complexity-effective multicore coherence," in PACT, 2012. Google ScholarDigital Library
- S. Sarkar, P. Sewell, J. Alglave, L. Maranget, and D. Williams, "Understanding POWER microprocessors," PLDI, 2011. Google ScholarDigital Library
- D. Sorin, M. Hill, and D. Wood, A Primer on Memory Consistency and Cache Coherence, ser. Synthesis Lectures on Computer Architecture, M. Hill, Ed. Morgan & Claypool Publishers, 2011. Google ScholarDigital Library
- SPARC, "SPARC architecture manual, version 9," 1994. Google ScholarDigital Library
- The Coq development team, The Coq proof assistant reference manual, version 8.0, LogiCal Project, 2004. {Online}. Available: http://coq.inria.frGoogle Scholar
- The diy development team, A don't (diy) tutorial, version 5.01, 2012. {Online}. Available: http://diy.inria.fr/doc/index.htmlGoogle Scholar
- Y. Yang, G. Gopalakrishnan, G. Lindstrom, and K. Slind, "Analyzing the Intel Itanium memory ordering rules using logic programming and SAT," in Correct Hardware Design and Verification Methods (CHARME), 2003.Google Scholar
- M. Zhang, J. Bingham, J. Erickson, and D. Sorin, "PVCoherence: Designing at coherence protocols for scalable verification," in HPCA, 2014.Google Scholar
- M. Zhang, A. R. Lebeck, and D. J. Sorin, "Fractal coherence: Scalably verifiable cache coherence," in MICRO, 2010. Google ScholarDigital Library
- M. Zhang, A. Lebeck, and D. Sorin, "Fractal consistency: Architecting the memory system to facilitate verification," Computer Architecture Letters (CAL), 2010. Google ScholarDigital Library
- CCICheck: using µhb graphs to verify the coherence-consistency interface
Recommendations
Efficient Verification of Sequential and Concurrent C Programs
There has been considerable progress in the domain of software verification over the last few years. This advancement has been driven, to a large extent, by the emergence of powerful yet automated abstraction techniques such as predicate abstraction. ...
Formal verification of ASMs using MDGs
We present a framework for the formal verification of abstract state machine (ASM) designs using the multiway decision graphs (MDG) tool. ASM is a state based language for describing transition systems. MDG provides symbolic representation of transition ...
Transition predicate abstraction and fair termination
POPL '05: Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languagesPredicate abstraction is the basis of many program verification tools. Until now, the only known way to overcome the inherent limitation of predicate abstraction to safety properties was to manually annotate the finite-state abstraction of a program. We ...
Comments