Date of this Version
Sebastian Burckhardt, Rajeev Alur, and Milo M.K. Martin, "Verifying Safety of a Token Coherence Implementation by Parametric Compositional Refinement", Lecture Notes in Computer Science: Verification, Model Checking, and Abstract Interpretation 3385, 130-145. January 2005. http://dx.doi.org/10.1007/978-3-540-30579-8_9
We combine compositional reasoning and reachability analysis to formally verify the safety of a recent cache coherence protocol. The protocol is a detailed implementation of token coherence, an approach that decouples correctness and performance. First, we present a formal and abstract specification that captures the safety substrate of token coherence, and highlights the symmetry in states of the cache controllers and contents of the messages they exchange. Then, we prove that this abstract specification is coherent, and check whether the implementation proposed by the protocol designers is a refinement of the abstract specification. Our refinement proof is parametric in the number of cache controllers, and is compositional as it reduces the refinement checks to individual controllers using a specialized form of assume-guarantee reasoning. The individual refinement obligations are discharged using refinement maps and reachability analysis. While the formal proof justifies the intuitive claim by the designers about the ease of verifiability of token coherence, we report on several bugs in the implementation, and accompanying modifications, that were missed by extensive prior simulations.
CPS Formal Methods
Lecture Notes in Computer Science: Verification, Model Checking, and Abstract Interpretation
The original publication is available at www.springerlink.com
Date Posted: 11 September 2005