On characterizing hardware platforms Ganesh Gopalakrishnan Lecture of 2-9-09, Week 5, CS 5966/6966
Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh...
-
date post
19-Dec-2015 -
Category
Documents
-
view
213 -
download
0
Transcript of Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh...
![Page 1: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/1.jpg)
Scaling Formal Methods Toward Hierarchical Protocols
in Shared Memory Processors
Presenters: Ganesh Gopalakrishnan and Xiaofang ChenSchool of Computing , University of Utah, Salt Lake City, UT 84112
{ganesh, xiachen}@cs.utah.edu
http://www.cs.utah.edu/formal_verification
GRC CADTS Review, Berkeley, March 18, 2008
Supported by SRC Contract TJ-1318 (Intel Customization)
![Page 2: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/2.jpg)
2
Multicores are the future!Their caches are visibly central…
(photo courtesy of
Intel Corporation.)
> 80% of chipsshipped will bemulti-core
![Page 3: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/3.jpg)
3
Hierarchical Cache Coherence Protocols will play a major role in multi-core processors
Chip-level protocols
Inter-cluster protocols
Intra-cluster protocols
dirmem dirmem
…
State Space grows multiplicatively across the hierarchy!
Verification will become harder
![Page 4: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/4.jpg)
4
Protocol design happens in “the thick of things” (many interfaces, constraints of performance, power, testability).
From “High-throughput coherence control and hardware messaging in Everest,” by Nanda et.al., IBM J.R&D 45(2), 2001.
![Page 5: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/5.jpg)
5
Future Coherence Protocols
Cache coherence protocols that are tuned for the contexts in which they are operating can significantly increase performance and reduce power consumption [Liqun Cheng]
Producer-consumer sharing pattern-aware protocol [Cheng et.al, HPCA07] 21% speedup and 15% reduction in network traffic
Interconnect-aware coherence protocols [Cheng et.al., ISCA06] Heterogeneous Interconnect Improve performance AND reduce power 11% speedup and 22% wire power savings
Bottom-line: Protocols are going to get more complex!
![Page 6: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/6.jpg)
6
Main Result #1 : Hierarchical
RAC
L2 Cache+Local Dir
L1 Cache
Main Mem
Home ClusterRemote Cluster 1
Remote Cluster 2
L1 Cache
Global Dir
RAC
L2 Cache+Local Dir
L1 Cache
L1 Cache
RAC
L2 Cache+Local Dir
L1 Cache
L1 Cache
Intra-cluster
Inter-cluster
Developed way to reduce verification complexity
of hierarchical (CMP) protocols using A/G
![Page 7: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/7.jpg)
7
Main Result #2 : Refinement
Developed way to Verify a Proposed Refinement of
ONE unit into its low level (RTL) implementation
![Page 8: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/8.jpg)
8
Main Result #2 : Refinement
Developed way to Verify a Proposed Refinement of
ONE unit into its low level (RTL) implementation
Murphi
![Page 9: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/9.jpg)
9
Main Result #2 : Refinement
Developed way to Verify a Proposed Refinement of
ONE unit into its low level (RTL) implementation
Murphi
![Page 10: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/10.jpg)
10
Main Result #2 : Refinement
Developed way to Verify a Proposed Refinement of
ONE unit into its low level (RTL) implementation
Murphi
HMurphi
![Page 11: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/11.jpg)
11
Differences in Modeling: Specs vs. Impls
home remote
One step in high-level
Multiple steps in low-level
an atomic guarded/command
home
router
buf
remote
![Page 12: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/12.jpg)
12
Our Refinement Check
Spec(I)
I
Spec(I’)Spec
transition
Multi-step Impl
transactionI’
Guard for Spec transition must
hold
I is a reachable Impl state
Observable vars changed
by either must match
![Page 13: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/13.jpg)
13
Workflow of Our Refinement Check
Hardware Murphi
Impl model
Product model in
Hardware Murphi
Product model in VHDL
MurphiSpec model
Property check
Muv
Check implementation meets specification
![Page 14: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/14.jpg)
14
Anticipated Future Result
Developed way to Verify a Proposed Refinement of
the ENTIRE hierarchy
![Page 15: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/15.jpg)
15
Anticipated Future Result
Deal with pipelining
Sequential InteractionPipelined Interaction
![Page 16: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/16.jpg)
16
Anticipated Future Result
Develop ways to “tease apart” protocols that are “blended in”
e.g. for power-down or post-si observability enhancement
More protocols…
.. do they interfere?
![Page 17: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/17.jpg)
17
Basics
PI : Ganesh Gopalakrishnan Industrial Liaisons : Ching Tsun Chou (Intel), Steven M. Geman (IBM), John
W. O’Leary (Intel), Jayanta Bhadra (Freescale), Alper Sen (Freescale), Aseem Maheshwari (TI)
Primary Student : Xiaofang Chen Graduation Date : Writing PhD Dissertation; in the market Other Students: Yu Yang (PhD), Guodong Li (PhD), Michael DeLisi (BS/MS) Anticipated Results:
Hierarchical : Methodology for Hierarchical (Cache Coherence) Protocol Verification, with Emphasis on Complexity Reduction (was in original SRC proposal)
Refinement : Methodology for Expressing and Verifying Refinement of Higher Level Protocol Descriptions (not in original SRC proposal)
![Page 18: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/18.jpg)
18
Basics
Deliverables (Papers, Software, Xiaofang’s Dissertation) Hierarchical:
Methodology for Applying A/G Reasoning for Complexity Reduction Verified Protocol Benchmarks – Inclusive, Non-Inclusive, Snoopy
(Large Benchmarks) Automatic Abstraction Tool in support of A/G Reasoning
Refinement: Muv Language Design (for expressing Designs) Refinement Checking Theory and Methodology Complete Muv tool implementation
![Page 19: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/19.jpg)
19
What’s Going On
Accomplishments during the past year Hierarchical:
Finishing Non-inclusive Hierarchical Protocol Verif
Developing and Verifying a Hier. Protocol with a
Snoopy First Level
![Page 20: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/20.jpg)
20
Insert Table of Hier + Snoopy Here
![Page 21: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/21.jpg)
21
What’s Going On
Accomplishments during the past year (contd.) Refinement:
HMurphi was fleshed out in great detail
Most of Muv was implemented (a large portion during
IBM T.J. Watson Internship) – joint work with Steven
German and Geert Janssen
![Page 22: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/22.jpg)
22
What’s Going On
Future directions Hierarchical + Refinement
Develop ways to verify hierarchies of HMurphi modules interacting Pipelining Teasing out protocols supporting non-functional aspects
Power-down protocols Protocols to enhance Post-si Observability
Architectural Characterization How do we describe the “ISA” of future multi-core
machines? How do we make sure that this ISA has no hidden
inconsistencies
![Page 23: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/23.jpg)
23
What’s Going On
Technology Transfer & Industrial Interactions With Liaisons
Publications FMCAD 06, 07, HLDVT 07, TECHCON 07 (best
session paper award), Journal paper (under prep),
Dissertation (under prep)
Request to IBM for Open-sourcing Muv has been
placed
![Page 24: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/24.jpg)
24
Overview of “Hierarchical”
Given a protocol to verify, create a
verification model that models a small
number of clusters acting on a single
cache line Verification Model
Inv P
Home
Remote
Global directory
![Page 25: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/25.jpg)
25
2. Exploit Symmetries
Model “home” and the two “remote”s
(one remote, in case of symmetry)
Verification Model
Inv P
![Page 26: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/26.jpg)
26
4. Initial abstraction will be extreme; slowly back-off from this extreme…
Inv P1 Inv P2
Inv P3
P1 fails
Diagnose failure
Bug
report to user
False Alarm
Diagnose where guard
is overly weak
Add Strengthening Guard
Introduce Lemma to ensure
Soundness of Strengthening
![Page 27: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/27.jpg)
27
Overview of Theory Involved
rule g1 ==> a1;
rule g2 ==> a2;
invariant P;rule g1 ==> a1;
rule g2 /\ cond2 ==> a2;
invariant P /\ (g1 => cond1);
rule g1 /\ cond1 ==> a1;
rule g2 ==> a2;
invariant P /\ (g2 => cond2);
![Page 28: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/28.jpg)
28
3. Create Abstract Models (three models in this example)
Inv P
Inv P1 Inv P2
Inv P3
![Page 29: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/29.jpg)
29
Step 1 of Refinement
Inv P1 Inv P2
Inv P3
Inv P1 Inv P2
Inv P3’
![Page 30: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/30.jpg)
30
Step 2 of Refinement
Inv P1 Inv P2
Inv P3
Inv P1 Inv P2
Inv P3’
Inv P1 Inv P2’
Inv P3’
![Page 31: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/31.jpg)
31
Final Step of Refinement
Inv P1 Inv P2
Inv P3
Inv P1 Inv P2
Inv P3’
Inv P1’ Inv P2’
Inv P3’
Inv P1 Inv P2’
Inv P3’’
![Page 32: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/32.jpg)
32
Detailed Presentation of Refinement
Note: Three examples have been presented in full detail at
http://www.cs.utah.edu/formal_verification/muv
![Page 33: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/33.jpg)
33
Here, arrange the rest of the slides + the new ones you are making as you feel best. Most of the remaining slides are quite good, so your work need not include any “clean-up” but just delete those already covered…
![Page 34: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/34.jpg)
34
Project Summary: Year 2
Verification of hierarchical cache coherence protocols Non-inclusive multicore benchmark Compositional approach one level a time Can reduce >95% explicit state space
Refinement check: protocol RTL Impls vs. Specs Refinement theory and methodology Compositional approach theory
Publications FMCAD 2007, HLDVT 2007 TECHCON 2007 (best session paper award)
![Page 35: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/35.jpg)
35
Yearly Summary: 2007 - 2008
Refinement check: protocol RTL Impls vs. Specs A comprehensive tool path
Can find bugs on RTL protocols with realistic features
A simple pipelined stack example Verification of hierarchical cache coherence protocols
A snoop multicore protocol benchmark
![Page 36: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/36.jpg)
36
A Simple Snoop Multicore Protocol
Motivation: Snoop protocols commonly used in 1st level of caches
Have applied our approach on directory protocols
How about snoop protocols?
L1 Cache
L2 Cache
RAC
Global Dir
Main Mem
Cluster 1
L1 Cache L1 Cache
L2 Cache
RAC
Cluster 2
L1 Cache
![Page 37: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/37.jpg)
37
Applying Our Approach
L1 Cache
L2 Cache
Global Dir
Main Mem
Cluster 1
L1 Cache L2 Cache
RAC
Cluster 2
L2 Cache
RAC
Cluster 1
Abstracted protocols
Model checking results
Model checkpassed
Use mem (GB)
1.8
1.8
1.8
Model check time (sec)
86
6
7
# of states
552,375
474
15,371
Original model
Abs. intra
Abs. inter
Monolithicapproach
Our approach
Yes
Yes
Yes
![Page 38: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/38.jpg)
38
Cycle accurate RTL level
Refinement Check Spec vs. Impl
Specification
Abstraction level
Model size
![Page 39: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/39.jpg)
39
Differences in Execution: Specs vs. Impls
Interleaving in HL
Concurrency in LL
![Page 40: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/40.jpg)
40
Our Approach of Refinement Check
Modeling
Specification: Murphi
Implementation: Hardware Murphi
Use transactions in Impl to relate to Spec
Verification
Muv: Hardware Murphi synthesizable VHDL
Tool: IBM SixthSense and RuleBase
![Page 41: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/41.jpg)
41
What Are Transactions?
Group a multi-step execution in implementations
Spec
Impl
![Page 42: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/42.jpg)
42
Outline
Project background
Extensions to the tool path
Experimental results
Future work
![Page 43: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/43.jpg)
43
Tool Path
Initial efforts from IBM By German and Janssen Hardware Murphi language
Muv: Hardware Murphi Synthesizable VHDL
Our extensions -- enable refinement check Language extensions
Muv extensions
![Page 44: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/44.jpg)
44
Basic Features of Hardware Murphi vs Murphi
…
signal s1, s2 …
s1 <= …
chooserule rules; end; …
firstrule rules; end; …
transaction
rule-1; rule-2; …
end; …
![Page 45: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/45.jpg)
45
Language Extensions to Hardware Murphi (I)
--include spec.m
correspondence
u1[0..7] :: v1[1..8]; u1 :: v2; end;
Directives
Joint variables correspondence
![Page 46: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/46.jpg)
46
Language Extensions to Hardware Murphi (II)
transactionset p1:T1; p2:T2 do
transaction …
end;
Transactionset
rule:id guard ==> action;
ruleset p1:T1; p2:T2 do
rule:id …
end;
Rules with IDs
![Page 47: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/47.jpg)
47
Language Extensions to Hardware Murphi (III)
<< id.guard() >>;
<< id.action() >>;
<< id[v1][v2].guard() >>; …
Execute a rule by ID
var[i] <:= data;
Fine-grained assignments for write-write conflicts
![Page 48: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/48.jpg)
48
How to Annotate an Impl Model with Spec?
…
transaction
rule-1 g1 a1;
rule-2 g2 a2;
end;
…
…
rule:id g a;
…
impl.m
spec.m
![Page 49: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/49.jpg)
49
How to Annotate an Impl Model with Spec?
--include spec.m
correspondence
u1 :: v1; …
end; …
transaction
rule-1 g1 a1;
<< id.guard() >>;
<< id.action() >>;
rule-2 g2 a2;
end; …
…
rule:id g a;
…
impl.m
spec.m
![Page 50: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/50.jpg)
50
The Framework of Muv
Hardware Murphi model AST
parserAST’
pre-processor
AST’’
refinement
check analysis
VHDL modeltranslator
Constant propagation
rule:id, <<id.guard()>>
ruleset, transactionset …
![Page 51: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/51.jpg)
51
Our Extensions to Muv
Language extension support
Refinement check assertions generation Ensure exclusive write to a variable
Serializability for Spec rules
Enableness for Spec rules
Joint variables equivalence when inactive
Mostly done with static analysis
![Page 52: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/52.jpg)
52
Refinement Extensions to Muv (I)
v := d;
for i: s1..s2 do
assert (update_bits[i] = false);
end;
v := d;
for i: s1..s2 do
update_bits[i] := true;
end;
No write-write conflicts
![Page 53: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/53.jpg)
53
Refinement Extensions to Muv (II)
Serializability for specification rules
S0 S1 S0 S1
t1
t2
t3S’1 S’2
t1 t2 t3
Obtain read and write sets of variables of each rule
Analyze read-write dependency
Check for cycles
![Page 54: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/54.jpg)
54
Check for Dependency Cycles
S0 S1 S0 S1
t1
t2
t3S’1 S’2
t1 t2 t3
t3 write v2
t3 read v1
r(v1)w(v3)
t2 write v1
t2 read v2
t1
![Page 55: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/55.jpg)
55
Refinement Extensions to Muv (III)
rule:id
guard action;
bool function id_guard() {…}
void procedure id_action(…) {…}
Enableness of specification rules
<< id.guard() >>;
<< id.action() >>;
assert id_guard();
id_action();
![Page 56: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/56.jpg)
56
Refinement Extensions to Muv (IV)
Joint variables equivalence when inactive
For each joint variable v When all transactions that write to v are inactive
v must be equivalent in Impl and Spec
…
Transaction T1 …
Transaction T2 …
…
Assert
inactive(T1) & inactive(T2)
=>
v = v’;
![Page 57: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/57.jpg)
57
Outline
Project background
Extensions to the tool path
Experimental results
Future work
![Page 58: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/58.jpg)
58
A Driving Protocol Benchmark
S. German and G. Janssen, IBM Research Tech Report 2006
Buf
Buf
Buf Remote
Dir Cache
Mem
Router
Buf
Buf
Buf
Local
Home
Remote
Dir Cache
Mem
Local
Home
![Page 59: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/59.jpg)
59
More Detail of the Cache Example
Hardware Murphi model ~2500 LOC
15 transactionsets
Generated VHDL ~1800 assertions, of which ~1600 are write-write
conflicts check assertions
Took ~16min with SixthSense for all assertions
Took ~13min w/o write-write conflicts check
![Page 60: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/60.jpg)
60
Bugs Found with Refinement Check
Benchmark satisfies cache coherence already
Bugs still found Bug 1: router unit loses messages
Bug 2: home unit replies twice for one request
Bug 3: cache unit gets updated twice from 1 reply
Refinement check is an automatic way of
constructing such checks
![Page 61: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/61.jpg)
61
Model Checking Approaches
Monolithic Straightforward property check
Compositional Divide and conquer
![Page 62: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/62.jpg)
62
Compositional Refinement Check
Reduce the verification complexity
Basic Techniques Abstraction
Removing details to make verification easier
Assume guarantee A simple form of induction which introduces
assumptions and justifies them
![Page 63: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/63.jpg)
63
Experimental Results
Verification Time
1-bit 10-bit
1-day
Datapath
Configurations 2 nodes, 2 addresses, SixthSense
30 min
Monolithic approach
Compositional approach
![Page 64: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/64.jpg)
64
A Simple 2-Stage Pipelined Stack
pipelined pushes pipelined pops
overlapped pop & push
Push: push data + increase counter
Pop: decrease counter + pop data
![Page 65: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/65.jpg)
65
Outline
Project background
Extensions to the tool path
Experimental results
Future work
![Page 66: Scaling Formal Methods Toward Hierarchical Protocols in Shared Memory Processors Presenters: Ganesh Gopalakrishnan and Xiaofang Chen School of Computing,](https://reader030.fdocuments.us/reader030/viewer/2022032800/56649d3b5503460f94a16129/html5/thumbnails/66.jpg)
66
Future Work
Muv-like refinement check for interaction modules RTL modules interaction via communication
protocols
Interfaces involving buffers and pipelining
Refinement of initial RTL protocols Power-down issues
Post-silicon validation support
Runtime verification support
Safe augmentation of verified protocols
Cheap re-verification