Design and Verification of Adaptive Cache Coherence Protocols ...

More documents

Recommendations

Info

s0 A1 B1 s s 1 2 s3 A2 B1 B1 A1 B2 s 4 A1 s5 (a) (b) A2 B2 s s 6 7 B2 A2 s8 A1 s s 1 2 s3 A2 B1 Figure 2.12: Combination of Forward and Backward Draining Show that the draining rules are strongly terminating and con uent, that is, rewriting a term with respect to the draining rules always terminates and reachs the same normal form, regardless of the order in which the rules are applied. This ensures the existence of a unique drained term for each implementation term. De ne a mapping function that maps an implementation term to a speci cation term. The mapping function can often be speci ed as a projection function that removes un- necessary states from drained terms. Show that the mapping function maps the initial implementation term to the initial speci cation term. Prove that the speci cation can simulate the implementation with respect to the mapping function. That is, if s1 can be rewritten to s2 in the implementation, then the corresponding term of s1 can be rewritten to the corresponding term of s2 in the speci cation. 2.5.2 Veri cation of Liveness We use temporal logic to reason about time-varying behaviors and liveness properties. An execution of a system can be described as a sequence of rewriting steps, each producing a new term by applying a rewriting rule on the current term. A sequence is a sequence of terms hs1, s2, s3, :::i where s1 is a legal term (that is, s0 ! s1 where s0 is the initial term) and si ! si+1 (for i =1,2,:::). A predicate can be de ned using boolean operators and the temporal operator \2" (always). It can be a predicate for terms whichcontains no temporal operator, or a predicate for sequences of terms which contains some temporal operators. We say a sequence satis es a term predicate if the rst term of the sequence satis es the predicate, and a sequence satis es a rewriting rule if the rst term of the sequence can be rewritten to the second term of the sequence according to the rule. Since all the boolean operators can be de ned in terms of \:" and \^", it su ces to de ne the semantics of predicates as follows: (:P )( ) :P ( ) (P ^Q )( ) P ( ) ^ Q ( ) (2P )( ) 8i 2f1 2:::g P (hsi, si+1, si+2, :::i) 40 s0 B1 B1 A1 B2 s 4 s5 A2 B2 A1 s s 6 7 B2 A2 s8
Intuitively, \2P " means that \P is true all the times". We can de ne temporal operators such as\3" (eventually) and \" (leads-to) using the operator \2". 3P : 2: P . This predicate asserts that P will be true at some future time (that is, P is not always false). Note that by \future time" we also include the \present time". PQ 2(P ) 3Q ). This predicate asserts that whenever P is true, Q will be true at some later time. This operator is transitive, meaning that any sequence satisfying \PQ "and\QG " also satis es \PG ". To ensure liveness, we need to enforce some fairness throughout the system execution. Intuitively, fairness means that if a rule is applicable, it must be applied eventually. The fairness of concurrent systems can be expressed in terms of weak fairness and strong fairness conditions. Weak fairness means that if a rule is applicable, it must be applied eventually or will become impossible to apply at some later time. Strong fairness means that if a rule is applicable, it must be applied eventually or will become impossible to apply forever. Let Enabled(R) be the predicate that determines whether the rule R is applicable. We can de ne weak fairness and strong fairness as follows: WF(R) (23R) _ (23:Enabled(R)) SF(R) (23R) _ (32:Enabled(R)) The fairness of a rule actually refers to the fairness of the application of the rule on a speci c redex. Note that a rule can often be applied on di erent redexes at the same time. Unless otherwise speci ed, weak or strong fairness of a rule means the application of the rule on any redex is weakly or strongly fair. Theorem-WF Given predicates P and Q , PQ if the following conditions are true: 8s (P (s) )9R 9s 0 (WF(R) ^ s R !s 0 ^ Q (s 0 ))) 8s (P (s) )8R 8s 0 (s R !s 0 ) (Q (s 0 ) _ P (s 0 )))). Theorem-SF Given predicates P and Q , PQ if the following conditions are true: 8s (P (s) )9R 9s 0 (SF(R) ^ s R !s 0 ^ Q (s 0 ))) 8s (P (s) )8R 8s 0 (s R !s 0 ) (Q (s 0 ) _9G (G (s 0 ) ^ (GP ))))). Although the operator \2" can be used to specify properties such as what will happen eventually, it does not allow us to express properties such as what will happen in the next term of a sequence. This constraint is deliberate because an implementation can often take various number of steps to achieve the semantic e ect of a single step in a speci cation. Therefore, it makes little sense for a speci cation to require that something must happen in the next step of an execution. However, some additional temporal operators can be used to simplify the liveness proof. The operator \ " (next) is introduced for this purpose: the predicate ( P )(hs1, s2, s3, :::i) 41
Page 1: CSAIL Computer Science and Artifici
Page 5: Design and Veri cation of Adaptive
Page 8 and 9: I am truly grateful to my parents f
Page 10 and 11: 4 The Base Cache Coherence Protocol
Page 13 and 14: List of Figures 1.1 Impact of Archi
Page 15 and 16: Chapter 1 Introduction Shared memor
Page 17 and 18: transparent and exposed only for lo
Page 19 and 20: Example 1: Can both registers r1 an
Page 21 and 22: and release locks, which guard ever
Page 23 and 24: that are interconnected with an o -
Page 25 and 26: although various techniques have be
Page 27 and 28: y showing that each processor can a
Page 29 and 30: s1 if p (s1) ! s2 where s1 and s2 a
Page 31 and 32: Program counter (pc) +1 Instruction
Page 33 and 34: Branch target buffer (btb) Program
Page 35 and 36: instruction is waiting to be dispat
Page 37 and 38: Current State: Proc(ia, rf , rob, b
Page 39 and 40: Rule Name mem pmb mpb Next mem Next
Page 41: Specification Implementation t 1 B
Page 45 and 46: (a) (b) PC 1005 PC 2000 Instruction
Page 47 and 48: ewritten to s2 according to rule R.
Page 49 and 50: It can be shown that the relaxed di
Page 51 and 52: Chapter 3 The Commit-Reconcile & Fe
Page 53 and 54: Producer Storel(a,v) Commit(a) Cons
Page 55 and 56: Commit/Reconcile Purge Loadl/Commit
Page 57 and 58: instructions, because of the lack o
Page 59 and 60: CRF-Relaxed-Commit Rule Site(sache,
Page 61 and 62: 3.4 Universality of the CRF Model M
Page 63 and 64: Translation from CRF to PSO: The Fe
Page 65 and 66: proc proc proc pmb mpb pmb mpb pmb
Page 67 and 68: Chapter 4 The Base Cache Coherence
Page 69 and 70: can be classi ed into two non-overl
Page 71 and 72: arbitrarily in an outgoing queue (t
Page 73 and 74: 4.3 The Imperative Rules of the Bas
Page 75 and 76: Imperative Processor Rules Instruct
Page 77 and 78: Figure 4.5 de nes the rules of the
Page 79 and 80: 4.5.2 Mapping from Base to CRF We d
Page 81 and 82: Base Imperative Rule CRF Rule IP1 (
Page 83 and 84: Base Rule Base Imperative Rule P1 I
Page 85 and 86: eceives a CacheReq message, it will
Page 87 and 88: e completed if it has an in nite nu
Page 89 and 90: SYS Sys(MSITE, SITEs) System MSITE
Page 91 and 92: Commit/Reconcile C-Receive-WbAck Ru
Page 93 and 94:
message can be resumed eventually.
Page 95 and 96:
If the memory state shows that the
Page 97 and 98:
5.3.3 FIFO Message Passing The live
Page 99 and 100:
Figure 5.7 gives the M-engine rules
Page 101 and 102:
Backward-Message-Cache-to-Mem-for-W
Page 103 and 104:
5.4.3 Simulation of WP in CRF Theor
Page 105 and 106:
WP Imperative Rule CRF Rules IP1 (L
Page 107 and 108:
WP Rule WP Imperative & Directive R
Page 109 and 110:
(4) Msg(H,id ,Cache,a,-)" 2 Cin id(
Page 111 and 112:
This completes the proof according
Page 113 and 114:
emains as CachePending, there mustb
Page 115 and 116:
M-engine Rules Msg from id Mstate A
Page 117 and 118:
Chapter 6 The Migratory Cache Coher
Page 119 and 120:
Commit/Reconcile Send Purge Loadl/C
Page 121 and 122:
Mandatory Processor Rules Instructi
Page 123 and 124:
while the memory sends a FlushReq m
Page 125 and 126:
Lemma 38 D is strongly terminating
Page 127 and 128:
Migratory Imperative Rule CRF Rules
Page 129 and 130:
Cell(a,v,C[id ]) 2 Mem(s) _ Cell(a,
Page 131 and 132:
According to Theorem-C and Lemma 45
Page 133 and 134:
CacheReq message. In the latter cas
Page 135 and 136:
Chapter 7 Cachet: A Seamless Integr
Page 137 and 138:
7.1.1 Putting Things Together It is
Page 139 and 140:
Writeback Operations In Cachet, a w
Page 141 and 142:
Composite Message Equivalent Sequen
Page 143 and 144:
Imperative Processor Rules Instruct
Page 145 and 146:
Invalid Commit/Reconcile Receive Ca
Page 147 and 148:
Composite Imperative C-engine Rules
Page 149 and 150:
7.4 The Cachet Cache Coherence Prot
Page 151 and 152:
Voluntary C-engine Rules Cstate Act
Page 153 and 154:
The memory processes an incoming Ca
Page 155 and 156:
The inaccuracy of memory states can
Page 157 and 158:
C-engine Rule of Cachet Deriving Im
Page 159 and 160:
Composite Mandatory Processor Rules
Page 161 and 162:
memory regions simultaneously. In a
Page 163 and 164:
Chapter 8 Conclusions This thesis h
Page 165 and 166:
and heuristic policies. Mandatory r
Page 167 and 168:
technique can be used to allow a ca
Page 169 and 170:
Voluntary C-engine Rules Cstate Act
Page 171 and 172:
FIFO Message Passing msg1 msg2 msg2
Page 173 and 174:
[13] J. K. Archibald. The Cache Coh
Page 175 and 176:
[41] A. Erlichson, N. Nuckolls, G.
Page 177 and 178:
[71] J. Kuskin, D. Ofelt, M. Heinri
Page 179 and 180:
[101] F. Pong and M. Dubois. A New
show all

Design and Verification of Adaptive Cache Coherence Protocols ...

Create successful ePaper yourself

Delete template?

Save as template?