D.L. Dill, S. Park, and A. Nowatzyk. Formal specification of abstract memory models. In Symposium on Research on Integrated Systems. MIT Press, 1993.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....arguably more succinct than any of the six in the Distributed Computing issue [6] 7. RELATED WORK The protocol of G k of Lemma 4 is an example of a maximally general model. Park and Dill have implemented maximally general models for the SPARC architecture memory models (TSO PSO RMO) using murj [16, 17]. The goal of this research is to construct an executable specification which can be used to verify that given parallel code is correct under a memory model, as opposed to verification that a shared memory protocol implements a model. Only two algorithmic schemes for automatic SC verification ....

D. Dill, S. Park, and A. Nowatzyk. Formal specification of abstract memory models. In Proceedings of the 1993.

....[5] for a recent workshop. We showed how to port Collier s architectural testing work [19] to model checking [10] and extend Collier s work to weak memory models [20] In [21] event sequences generated by protocol implementations are verified by a much simpler trustworthy protocol processor. In [22, 23], shared memory consistency models are described in an operational style. In [6] sequential consistency verification, including parameterized model checking is addressed. To our knowledge, we are the first to verify eight di#erent protocols against two di#erent weak memory models using a uniform ....

David L. Dill, Seungjoon Park, and Andreas Nowatzyk. Formal specification of abstract memory models. In Gaetano Borriello and Carl Ebeling, editors, Research on Integrated Systems, pages 38--52. MIT Press, 1993.

....faced in applying it to this protocol. A detailed description of the methodology can be found in [13] 5. 1 The Mur Verification System Mur [7] is a finite state verification tool that has been successfully applied to multiprocessor cache coherence protocols and multiprocessor memory models [23, 24]. The purpose of finite state analysis (also called model checking) is to exhaustively search all possible execution sequences. While this process often reveals errors, failure to find errors does not imply that the protocol is completely correct, because the Mur model may simplify certain ....

D. Dill, S. Park, A. G. Nowatzyk. Formal Specification of Abstract Memory Models. In Symposium on Research on Integrated Systems, pages 38-52, 1993.

....formal JMM specification for (semi) automated reasoning about Java programs. This allows us to verify nontrivial software fragments, which would be extremely cumbersome to perform with human reasoning. Developing executable memory models has been studied in the context of hardware multiprocessors [13, 27]. Similar to Java threads, hardware shared memory multiprocessors also impose a consistency model which dictates the allowed interactions among the processors via a shared memory. 3. THE JAVA MEMORY MODEL In this section, we present the Java Memory Model (JMM) given in [16] The model is ....

D.L. Dill, S. Park, and A. Nowatzyk. Formal specification of abstract memory models. In Symposium on Research on Integrated Systems. MIT Press, 1993.

....to validate a three node system. However, validating the detailed implementation relied on random and directed diagnostics using traditional logic simulators. These diagnostics, although not exhaustive, provided a simple and relatively efficient means of verification. Dill, Park, and Nowatzyk [32] show how Mur can be used to formally verify a memory consistency model. They give a formal specification of the Total Store Ordering (TSO) and Partial Store Ordering (PSO) memory models. Three processors are modeled along with a subset of each processor context, including the program counter, ....

David L. Dill, Seungjoon Park, and Andreas G. Nowatzyk. Formal specification of abstract memory models. In Proceedings of the 1993 Symposium for Research on Integrated Systems, pages 38--52. MIT Press, March 1993.

....2.1. In [PD96] the authors use a method called aggregation on a distributed shared memory coherence protocol used in an experimental multiprocessor, to arrive at a simplified model of system behavior. Their technique involves manually assisted theorem proving. The work in [HMTLB95] as well as [DPN93] are aimed at verifying that synchronization routines work correctly under various memory models, where the memory models themselves are described using finite state operational models. In [GK97, GK94] the authors study the problem of deciding whether a given set of traces are sequentially ....

David L. Dill, Seungjoon Park, and Andreas Nowatzyk. Formal specification of abstract memory models. In Gaetano Borriello and Carl Ebeling, editors, Research on Integrated Systems, pages 38--52. MIT Press, 1993.

....is small, the verification algorithm is explicit state reachability, for which heuristic optimizations are easier to understand than for BDD based methods, and the compiler source code is publicly available. 1 On the other hand, Murj has been widely used for a variety of applications (e.g. [3, 11, 8, 4, 9, 5]) so realistic verification examples exist, and any optimizations we implement are useful. The choice of Murj is fairly arbitrary our ideas should apply in general, although specific optimizations, obviously, apply only to verification tools with similar features. 2. Source Level ....

D. L. Dill, S. Park, and A. G. Nowatzyk. Formal specification of abstract memory models. Research on Integrated Systems: Proc of the 1993 Symp, pp. 38--52. MIT Press, 1993.

....detailed in Section 3.1. In [25] the authors use a method called aggregation on a distributed shared memory coherence protocol used in an experimental multiprocessor, to arrive at a simplified model of system behavior. Their technique involves manual theorem proving. The work in [17] as well as [10] are aimed at verifying that synchronization routines work correctly under various memory models, where the memory models themselves are described using finite state operational models. They do not address the problem of establishing the memory models provided by detailed memory subsystem designs, ....

David L. Dill, Seungjoon Park, and Andreas Nowatzyk. Formal specification of abstract memory models. In Gaetano Borriello and Carl Ebeling, editors, Research on Integrated Systems, pages 38--52. MIT Press, 1993.

....they return negative results before the entire reachability graph has been generated. MurOE has been used to analyze several real world hardware designs, such as a cache coherence protocol [11] a data link level communication protocol [11] and synchronization routines for shared memory models [12, 30]; in one case study that analyzed a spin lock synchronization routine (involving three processors and a store buffer size of three) it took MurOE less than 200 seconds to explore 81,185 states [12] Although on the fly model checkers perform better on average, if the formula being verified is ....

.... level communication protocol [11] and synchronization routines for shared memory models [12, 30] in one case study that analyzed a spin lock synchronization routine (involving three processors and a store buffer size of three) it took MurOE less than 200 seconds to explore 81,185 states [12]. Although on the fly model checkers perform better on average, if the formula being verified is true, then the formula is tested with respect to every reachable state. Symbolic model checkers attempt to avoid the state explosion problem by reasoning about sets of reachable states rather than ....

D.L. Dill, S. Park, and A. Nowatzyk. "Formal Specification of Abstract Memory Models". In Research on Integrated Systems: Proceedings of the 1993 Symposium, pages 38--52, 1993.

....would have been discovered in the original state graph will still be discovered in the reduced state graph. The techniques are based on certain protocol properties that we have identified as characteristic of security protocols. We have implemented both techniques in the Mur verification system [3] and have evaluated them on the SSL [4] and Kerberos [5] protocols. The first technique is to let the intruder always intercept messages sent by the honest participants (instead of making such interception optional) This technique has resulted in a very large reduction in both the number of ....

....Mur by a factor of four. 2 Overview of Mur Mur [2] is a protocol or, more generally, finite state machine verification tool. It has been successfully applied to several industrial protocols, especially in the domains of multiprocessor cache coherence protocols and multiprocessor memory models [3, 10, 11] and in the domain of security protocols [7, 8] The purpose of finite state analysis, commonly called model checking, is to exhaustively search all execution sequences. To verify a security protocol using Mur , one has to model both the protocol and the intruder (or adversary) in the Mur ....

D. L. Dill, S. Park, and A. G. Nowatzyk. Formal specification of abstract memory models. In Symposium on Research on Integrated Systems, pages 38--52, 1993.

....In [PD96] the authors use a method called aggregation on a distributed shared memory coherence protocol used in an experimental multiprocessor, to arrive at a simplified model of system behavior. Their technique involves manually assisted theorem proving. The work in [HMTLB95] as well as [DPN93] are aimed at verifying that synchronization routines work correctly under various memory models, where the memory models themselves are described using finite state operational models. In [GK97, GK94] the authors study the problem of deciding whether a given set of traces are sequentially ....

David L. Dill, Seungjoon Park, and Andreas Nowatzyk. Formal specification of abstract memory models. In Gaetano Borriello and Carl Ebeling, editors, Research on Integrated Systems, pages 38--52. MIT Press, 1993.

....in [8, 11] 2.1 The Mur verification system Mur [3] is a protocol or, more generally, finitestate machine verification tool. It has been successfully applied to several industrial protocols, especially in the domains of multiprocessor cache coherence protocols and multiprocessor memory models [4, 12, 15]. The purpose of finite state analysis, commonly called model checking, is to exhaustively search all execution sequences. While this process often reveals errors, failure to find errors does not imply that the protocol is completely correct, because the Mur model may simplify certain details ....

D. L. Dill, S. Park, and A. G. Nowatzyk. Formal specification of abstract memory models. In Symposium on Research on Integrated Systems, pages 38--52, 1993.

....there are some differences between Mur and FDR. 2. 1 The Mur verification system Mur [1] is a protocol verification tool that has been successfully applied to several industrial protocols, especially in the domains of multiprocessor cache coherence protocols and multiprocessor memory models [2, 16, 19]. To use Mur for verification, one has to model the protocol in the Mur language and augment this model with a specification of the desired properties. The Mur system automatically checks, by explicit state enumeration, if all reachable states of the model satisfy the given specification. For ....

D. L. Dill, S. Park, and A. G. Nowatzyk. Formal specification of abstract memory models. In Symposium on Research on Integrated Systems, pages 38--52, 1993.

....public key protocol [65] 2.1 The Mur Verification System 2.1. 1 Basics Mur [17] is a protocol verification tool that has been successfully applied to several industrial protocols, especially in the domains of multiprocessor cache coherence protocols and multiprocessor memory models [18, 19, 46, 68, 76, 92]. To use Mur for verification, one has to model the protocol in the Mur language and augment this model with a specification of the desired properties. The Mur system automatically checks, by explicit state enumeration, if all reachable states of the model satisfy the given specification. For ....

D. L. Dill, S. Park, and A. G. Nowatzyk. Formal specification of abstract memory models. In Symposium on Research on Integrated Systems, pages 38--52, 1993.

....Moreover, the different behavior between the memory models is important to the users, especially to programmers, because the outputs of programs could be different depending on the modes the multiprocessor is running in. We have previously developed executable descriptions of memory models [4, 12], derived from axiomatic specifications of memory models. We can apply the same technique for this protocol using the reduced behavior of the FLASH protocol in Table 1. The executable description automatically generates all the possible outcomes of test programs so that we can analyze the programs ....

David Dill, Seungjoon Park, and Andreas Nowatzyk. Formal specification of abstract memory models. In Research on Integrated Systems: Proceedings of the 1993.

....often unmanageably huge number of reachable states the state explosion problem . We are currently using the Mur verification system developed at Stanford to find errors in the SCI cache coherence protocol. In prior work, the Mur system was successfully applied to several industrial protocols [2, 3, 9, 14]. For verifying the SCI cache coherence protocol, the typical set protocol was modeled with the Mur description language. This model was augmented with a specification of A preliminary version of this paper was presented at the 2nd International Workshop on SCI based High Performance Low Cost ....

D. L. Dill, S. Park, and A. G. Nowatzyk. Formal specification of abstract memory models. In Symposium on Research on Integrated Systems, pages 38--52, 1993.

No context found.

D.L. Dill, S. Park, and A. Nowatzyk. Formal specification of abstract memory models. In Symposium on Research on Integrated Systems. MIT Press, 1993.

No context found.

D. Dill, S. Park, and A. Nowatzyk. Formal specification of abstract memory models. In the 1993.

No context found.

D. Dill, S. Park, and A. Nowatzyk. Formal specification of abstract memory models. In the 1993.

No context found.

D. Dill, S. Park, and A. Nowatzyk. Formal specification of abstract memory models. In the 1993 Symposium for Research on Integrated Systems, pages 38-52, 1993.

No context found.

D. Dill, S. Park, and A. Nowatzyk. Formal specification of abstract memory models. In the 1993.

No context found.

David L. Dill, Seungjoon Park, and Andreas Nowatzyk. Formal specification of abstract memory models. In Gaetano Borriello and Carl Ebeling, editors, Research on Integrated Systems, pages 38--52. MIT Press, 1993.

No context found.

David L. Dill, Seungjoon Park, and Andreas Nowatzyk. Formal specification of abstract memory models. In Gaetano Borriello and Carl Ebeling, editors, Research on Integrated Systems, pages 38--52. MIT Press, 1993.

No context found.

David L. Dill, Seungjoon Park, and Andreas G. Nowatzyk. Formal specification of abstract memory models. In Research on Integrated Systems: Proceedings of the 1993.

No context found.

David L. Dill, Seungjoon Park, and Andreas G. Nowatzyk. Formal specification of abstract memory models. In Research on Integrated Systems: Proceedings of the 1993 Symposium, pages 38 52. MIT Press, March 1993.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC