U. Stern and D. L. Dill, " Automatic Verification of the SCI Cache Coherence Protocol", In Correct Hardware Design and Verification Methods: IFIP WG10.5 Advanced Research Working Conference Proceedings, 1995  Home/Search   Document Details and Download   Summary   Related Articles   Check

....faced in applying it to this protocol. A detailed description of the methodology can be found in [13] 5. 1 The Mur Verification System Mur [7] is a finite state verification tool that has been successfully applied to multiprocessor cache coherence protocols and multiprocessor memory models [23, 24]. The purpose of finite state analysis (also called model checking) is to exhaustively search all possible execution sequences. While this process often reveals errors, failure to find errors does not imply that the protocol is completely correct, because the Mur model may simplify certain ....

U. Stern, D. Dill. Automatic Verification of the SCI Cache Coherence Protocol. In Advanced Research Working Conference on Correct Hardware Design and Verification Methods, pages 21-34, 1995.

....statements that are evaluated every time a new state is found. When Mur# detects an error, it outputs a counter example that indicates the states it traversed to reach the error state. Mur# has been successfully used in other work to verify both security protocols [17, 22] and computer hardware [13, 25], but this is the first instance we are aware of where it has been used to verify tamper resistance. Model checkers, in general, have some limitations. First, they verify models of systems, not the systems themselves. Models abstract details of the system to make the size of the state space ....

U. Stern and D. Dill. Automatic verification of the SCI cache coherence protocol. In Correct Hardware Design and Verification Methods: IFIP WG10.5 Advanced Research Working Conference Proceedings, 1995.

....DARPA contract MDA904 98 C A933 and by a Terman Fellowship. Code that does not obey these rules can degrade performance or crash the system. There are several methods to find violations of system rules. A rigorous way is to build an abstract specification of the code and then use model checkers [23, 32] or theorem provers checkers [2, 11, 25] to check that the specification is internally consistent. When applicable, formal verification finds errors that are difficult to detect by other means. However, specifications are difficult and costly to construct. Further, specifications do not ....

U. Stern and D.L. Dill. Automatic verification of the SCI cache coherence protocol. In Correct Hardware Design and Verification Methods: IFIP WG10.5 Advanced Research Working Conference Proceedings, 1995.

....Specifications. Another approach is to specify code and then check this specification for errors. An extreme example of this approach is formal verification. It gains richness by allowing the programmer to express invariants in a general specification, which is then checked using a model checker [20, 23], theorem provers, or checkers [13, 21] While formal verification can find deep errors, it is so difficult and costly that it is rarely used for software. Further, specifications do not necessarily mirror the code they abstract and suffer from missing features and over simplifications in ....

U. Stern and D.L. Dill. Automatic verification of the SCI cache coherence protocol. In Correct Hardware Design and Verification Methods: IFIP WG10.5 Advanced Research Working Conference Proceedings, 1995.

....be extremely complicated, especially in the presence of various optimizations. It often takes much more time to verify their correctness than to design them, and the problem of their verification has gained considerable attention in recent years [ABM93,Arc87,Bro90,PD95,PD96a] PD96b,PD96c,PNAD95,SD95,HQR99,Del00] Formal methods provide the only way to avoid subtle errors in sophisticated protocols. This paper addresses the task of implementing CRF in its own right. As part of this task, we propose a cache coherence protocol, Cachet [SAR99a,She00] which is adaptive in the sense that it can ....

....widely used approach to formal verification is model checking [CGP99] which uses state enumeration [ID93a,ID93b] sometimes with symbolic techniques [CES86,McM92] to check the correctness of assertions by exhaustively exploring all reachable states of the system. For example, Stern and Dill [SD95] used the Mur system to check that all reachable states satisfied certain properties attached to protocol specifications. Generally speaking, the major difference among these techniques is the representation of protocol states and the pruning method adopted in the state expansion process. ....

Ulrich Stern and David L. Dill. Automatic Verification of the SCI Cache Coherence Protocol. In Correct Hardware Design and Verification Methods: IFIP WG10.5 Advanced Research Working Conference Proceedings, 1995.

....their generalization in MC. Systems for finding software errors. The problem of finding software errors is an old one. Most approaches center around either formal verification or type checking. We discuss each below. Formal verification uses theorem provers checkers [2, 12, 24] or model checkers [22, 29] to check that a specification is internally consistent. When applicable, it finds errors difficult to reach by other means. However, specifications are difficult and costly to construct. While recent work has begun attacking these problems [6, 17] it is extremely rare for software to be ....

U. Stern and D.L. Dill. Automatic verification of the SCI cache coherence protocol. In Correct Hardware Design and Verification Methods: IFIP WG10.5 Advanced Research Working Conference Proceedings, 1995.

....example partly because its complexity is representative of the scale of algorithms which can be currently handled by mechanized tools. Model checking systems that have been applied to the protocol suffer from state explosion at a small number of processors, though even so some bugs have been found [11]. A second reason for choosing it is that a proof method and supported invariants have already been worked out [3] Our work has been to improve Nuprl for these kinds of applications without compromising existing advantages of the system by, e.g. adding restrictions to the logic. There are three ....

....For example, there are 6 predicates on processors indicating their degree of progress in getting on or off the doubly linked list. The most complex concept is a function called rank whose value reflects how close a process is to getting permission to write. In related work, Stern and Dill [11] use MurOE, a verification system that employs explicit state enumeration, to analyze SCI cache coherence. Their largest example included three processors with one cache line each, one memory with one address and two data values, and they reported finding several errors using a smaller example. ....

U. Stern and D. L. Dill. Automatic verification of the SCI cache coherence protocol. In Correct Hardware Design and Verification Methods, 1995.

....of abstraction and functions are defined which map one level to the next. The lowest level of formal description is comparable with the C code specification in the SCI document. This formalization work is part of an ongoing effort to fully verify the SCI cache coherence protocol. Stern and Dill [36] describe an ongoing project of automatically verifying the SCI protocol. They have discovered several errors in the C code which defines that protocol. An overview of the SCI protocol and related projects can be found in [12] There is a vast amount of work done on other cache coherence ....

U. Stern and D. L. Dill. Automatic verification of the SCI cache coherence protocol. In Correct Hardware Design and Verification Methods: IFIP WG10.5 AdvancedResearch Working Conference Proceedings, 1995.

....of abstraction and functions are defined which map one level to the next. The lowest level of formal description is comparable with the C code specification in the SCI document. This formalization work is part of an ongoing effort to fully verify the SCI cache coherence protocol. Stern and Dill [38] describe another ongoing project of automatically verifying the SCI protocol. They have discovered several errors in the C code which defines that protocol. An overview of the SCI protocol and related projects can be found in [14] There is a vast amount of work done on other cache coherence ....

Ulrich Stern and David L. Dill. Automatic verification of the SCI cache coherence protocol. In Correct Hardware Design and Verification Methods: IFIP WG10.5 Advanced Research Working Conference Proceedings, 1995.

No context found.

U. Stern and D.L. Dill. Automatic verification of the SCI cache coherence protocol. In Correct Hardware Design and Verification Methods: IFIP WG10.5 Advanced Research Working Conference Proceedings, 1995.

....days or weeks of continuous execution. When detected, such problems are often very di#cult to diagnose because the errors are not reproducible and the sequence of events leading to them cannot be reconstructed. Formal verification methods are a possible way to find and diagnose such deep errors [23, 24, 29]. One option is explicit model checking, which systematically enumerates the possible states of the system. A basic model checker starts from an initial state and recursively generates successive system states by executing the nondeterministic events of the system. States are stored in a hash ....

U. Stern and D.L. Dill. Automatic verification of the SCI cache coherence protocol. In Correct Hardware Design and Verification Methods: IFIP WG10.5 Advanced Research Working Conference Proceedings, 1995.

....of Cache Coherence Protocols. One widely used technique for validating cache coherence protocols is finite state methods (e.g. model checking) Finitestate methods enumerate the states of the reachable state graph of the system, searching for states that violate a specified property [31] 5] [40], 32] 17] 19] These methods suffer from the state explosion problem: the number of states for nontrivial numbers of processors and cache lines is very large. Another problem with model checkers is that it is very difficult to specify correctness conditions of the protocol using notations ....

U. Stern and D. L. Dill. Automatic verification of the SCI cache coherence protocol. In Correct Hardware Design and Verification Methods. IFIP WG 10.5 Advanced Research Working Conference, CHARME 95, pages 21--34, 1995.

....at the expensive of some probability of producing a false positive result. The key is to find a bound on this probability, as Leroy and Wolper did. We have found several ways to reduce this bound, by changing the search and hashing algorithms and doing a more refined analysis of the probability [SD95a, SD95b, SD96]. This work has culminated in a factor of four reduction in the number of bits required per state, compared with Wolper and Leroy s original result, while guaranteeing the same or lower probability of missing an error, Liveness A few years ago, we implemented a version of Mur which could verify ....

U. Stern and D. L. Dill. Automatic verification of the SCI cache coherence protocol. In IFIP WG 10.5 Advanced Research Working Conference on Correct Hardware Design and Verification Methods, pages 21--34, 1995.

....However, it becomes exponentially more difficult to fully exercise a system through testing as the number of control paths and corner cases increases. The result is increased system cost and decreased system reliability. The use of formal verification methods are an attempt to solve this problem [17, 18, 21]. One option is model checking, which is the systematic and exhaustive exploration of the system state space. The computational complexity of model checking makes it impractical for full system descriptions, so it is common to abstract system behavior (which means to suppress implementation ....

U. Stern and D. L. Dill. Automatic verification of the SCI cache coherence protocol. In Correct Hardware Design and Verification Methods: IFIP WG10.5 Advanced Research Working Conf. Proc., 1995.

....trials. However, it becomes exponentially more difficult to fully exercise a system through testing as the number of control paths and corner cases increases. The result is increased system cost and decreased system reliability. Formal verification methods are an attempt to solve this problem [17, 18, 21]. One option is model checking, which is the systematic and exhaustive exploration of the system state space. The computational complexity of model checking makes it impractical for full system models, so it is common to abstract system behavior (which means to suppress implementation details) or ....

U. Stern and D. L. Dill. Automatic verification of the SCI cache coherence protocol. In Correct Hardware Design and Verification Methods: IFIP WG10.5 Advanced Research Working Conf. Proc., 1995.

....Mur by a factor of four. 2 Overview of Mur Mur [2] is a protocol or, more generally, finite state machine verification tool. It has been successfully applied to several industrial protocols, especially in the domains of multiprocessor cache coherence protocols and multiprocessor memory models [3, 10, 11] and in the domain of security protocols [7, 8] The purpose of finite state analysis, commonly called model checking, is to exhaustively search all execution sequences. To verify a security protocol using Mur , one has to model both the protocol and the intruder (or adversary) in the Mur ....

U. Stern and D. L. Dill. Automatic verification of the SCI cache coherence protocol. In Advanced Research Working Conference on Correct Hardware Design and Verification Methods, pages 21-- 34, 1995.

No context found.

U. Stern and D. L. Dill, " Automatic Verification of the SCI Cache Coherence Protocol", In Correct Hardware Design and Verification Methods: IFIP WG10.5 Advanced Research Working Conference Proceedings, 1995

No context found.

U. Stern and D. L. Dill, " Automatic Verification of the SCI Cache Coherence Protocol", In Correct Hardware Design and Verification Methods: IFIP WG10.5 Advanced Research Working Conference Proceedings, 1995

No context found.

U. Stern and D. L. Dill, " Automatic Verification of the SCI Cache Coherence Protocol", In Correct Hardware Design and Verification Methods: IFIP WG10.5 Advanced Research Working Conference Proceedings, 1995

No context found.

U. Stern and D. L. Dill. Automatic verification of the SCI cache coherence protocol. In Conference on Correct Hardware Design and Verification Methods, October 1995.

No context found.

U. Stern and D. Dill. Automatic verification of the SCI cache coherence protocol. In Correct Hardware Design and Verification Methods: IFIP WG10.5 Advanced Research Working Conference Proceedings, 1995. 5.4.1

No context found.

U. Stern and D. L. Dill. Automatic verification of the SCI cache coherence protocol. In Conference on Correct Hardware Design and Verification Methods, October 1995.

No context found.

U. Stern and D. L. Dill. Automatic verification of the SCI cache coherence protocol. In Conference on Correct Hardware Design and Verification Methods, October 1995.

No context found.

U. Stern and D.L. Dill. Automatic verification of the SCI cache coherence protocol. In Correct Hardware Design and Verification Methods: IFIP WG10.5 Advanced Research Working Conference Proceedings, 1995.

No context found.

U. Stern and D. L. Dill. Automatic verification of the SCI cache coherence protocol. In Conference on Correct Hardware Design and Verification Methods, October 1995.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC