Constraint-based verification of parameterized cache coherence Protocols

We propose a new method for the parameterized verification of formal specifications of cache coherence protocols. The goal of parameterized verification is to establish system properties for an arbitrary number of caches. In order to achieve this purpose we define abstractions that allow us to reduce the original parameterized verification problem to a control state reachability problem for a system with integer data variables. Specifically, the methodology we propose consists of the following steps. We first define an abstraction in which we only keep track of the number of caches in a given state during the execution of a protocol. Then, we use linear arithmetic constraints to symbolically represent infinite sets of global states of the resulting abstract protocol. For reasons of efficiency, we relax the constraint operations by interpreting constraints over real numbers. Finally, we check parameterized safety properties of abstract protocols using symbolic backward reachability, a strategy that allows us to obtain sufficient conditions for termination for an interesting class of protocols. The latter problem can be solved by using the infinite-state model checker HYTECH: Henzinger, Ho, and Wong-Toi, "A model checker for hybrid systems," Proc. of the 9th International Conference on Computer Aided Verification ( CAV' 97), Lecture Notes in Computer Science, Springer, Haifa, Israel, 1997, Vol. 1254, pp. 460 - 463. HYTECH handles linear arithmetic constraints using the polyhedra library of Halbwachs and Proy, " Verification of real-time systems using linear relation analysis," Formal Methods in System Design, Vol. 11, No. 2, pp. 157 - 185, 1997. By using this methodology, we have automatically validated parameterized versions of widely implemented write-invalidate and write-update cache coherence protocols like Synapse, MESI, MOESI, Berkeley, Illinois, Firefly and Dragon ( Handy, The Cache Memory Book, Academic Press, 1993). With this application, we have shown that symbolic model checking tools like HYTECH, originally designed for the verification of hybrid systems, can be applied successfully to new classes of infinite-state systems of practical interest.