Issue No. 08 - August (2003 vol. 14)
<p><b>Abstract</b>—The memory model of a shared-memory multiprocessor is a contract between the designer and the programmer of the multiprocessor. A memory model is typically implemented by means of a cache-coherence protocol. The design of this protocol is one of the most complex aspects of multiprocessor design and is consequently quite error-prone. However, it is imperative to ensure that the cache-coherence protocol satisfies the shared-memory model. This paper presents a novel technique based on model checking to tackle this difficult problem for the important and well-known shared-memory model of sequential consistency. Surprisingly, verifying sequential consistency is undecidable in general, even for finite-state cache-coherence protocols. The key insight of this paper is that, in practice, cache-coherence protocols satisfy the properties of causality and data independence. Causality is the property that values of read events flow from values of write events. Data independence is the property that all traces can be generated by renaming data values from traces where the written values are pairwise distinct. We show that, if a causal and data independent system also has the property that the logical order of write events to each location is identical to their temporal order, then sequential consistency is decidable. We present a novel model checking algorithm to verify sequential consistency on such systems for a finite number of processors and memory locations and an arbitrary number of data values.</p>
Logic design, verification, multiprocessors, model checking, specifying and verifying and reasoning about programs.
Shaz Qadeer, "Verifying Sequential Consistency on Shared-Memory Multiprocessors by Model Checking", IEEE Transactions on Parallel & Distributed Systems, vol. 14, no. , pp. 730-741, August 2003, doi:10.1109/TPDS.2003.1225053