INVARIANTS FOR FINITE INSTANCES AND BEYOND October, 21 st 2013 - - PowerPoint PPT Presentation

invariants for finite instances and beyond
SMART_READER_LITE
LIVE PREVIEW

INVARIANTS FOR FINITE INSTANCES AND BEYOND October, 21 st 2013 - - PowerPoint PPT Presentation

Sep 01, 2022 187 likes •951 views

INVARIANTS FOR FINITE INSTANCES AND BEYOND October, 21 st 2013 Sylvain Conchon, Amit Goel, Sava Kristi c, Alain Mebsout , Fatiha Za di LRI, Universit e Paris-Sud Strategic CAD Labs, Intel Corporation Challenge How to prove safety of

slide-1
SLIDE 1

INVARIANTS FOR FINITE INSTANCES AND BEYOND

October, 21st 2013 Sylvain Conchon, Amit Goel, Sava Kristi´ c, Alain Mebsout, Fatiha Za¨ ıdi

LRI, Universit´ e Paris-Sud Strategic CAD Labs, Intel Corporation

slide-2
SLIDE 2

Challenge How to prove safety of industrial size protocols like FLASH for an arbitrary number of processes ?

2

slide-3
SLIDE 3

Challenge How to prove safety of industrial size protocols like FLASH for an arbitrary number of processes ?

◮ automatically

2

slide-4
SLIDE 4

The FLASH protocol

Stanford FLASH multiprocessor architecture (1994)

◮ Cache-coherence shared memory ◮ High-performance message passing ◮ Industrial size: 67 million states for 4 processes (28,000

states for German)

3

slide-5
SLIDE 5

The FLASH protocol

Stanford FLASH multiprocessor architecture (1994)

◮ Cache-coherence shared memory ◮ High-performance message passing ◮ Industrial size: 67 million states for 4 processes (28,000

states for German) Who proved the protocol?

◮ Park and Dill, 1996, PVS proof ◮ Das, Dill and Park, 1999, by predicate abstraction ◮ McMillan, 2001, by compositional model checking ◮ Chou, Mannava, Park, 2004, CMP method inspired by

McMillan’s work

◮ Talapur and Tuttle, 2008, message-flows extension of CMP

None of these proofs are purely automatic

3

slide-6
SLIDE 6

Solutions

◮ Model checking of parameterized systems ◮ Decidable fragment ◮ Cubicle implements backward reachability

4

slide-7
SLIDE 7

Solutions

◮ Model checking of parameterized systems ◮ Decidable fragment ◮ Cubicle implements backward reachability

Does it work ?

4

slide-8
SLIDE 8

Some benchmarks

Cubicle CMurphi Szymanski at 0.30s 8.04s (8) 5m12s (10) 2h50m (12) German Baukus 7.03s 0.74s (4) 19m35s (8) 4h49m (10) German.CTC 3m23s 1.83s (4) 43m46s (8) 12h35m (10) German pfs 3m58s 0.99s (4) 22m56s (8) 5h30m (10) Chandra-Toueg 2h01m 5.68s (4) 2m58s (5) 1h36m (6)

5

slide-9
SLIDE 9

Some benchmarks

Cubicle CMurphi Szymanski at 0.30s 8.04s (8) 5m12s (10) 2h50m (12) German Baukus 7.03s 0.74s (4) 19m35s (8) 4h49m (10) German.CTC 3m23s 1.83s (4) 43m46s (8) 12h35m (10) German pfs 3m58s 0.99s (4) 22m56s (8) 5h30m (10) Chandra-Toueg 2h01m 5.68s (4) 2m58s (5) 1h36m (6) Szymanski na T.O. 0.88s (4) 8m25s (6) 7h08m (8) Flash nodata O.M. 4.86s (3) 3m33s (4) 2h46m (5) Flash O.M. 1m27s (3) 2h15m (4) O.M. (5)

O.M. > 20 GB T.O. > 20 h

5

slide-10
SLIDE 10

How to scale ?

◮ Reduce the state space to explore ◮ Invariants for parameterized case ◮ Interesting behaviors often observable on small instances

6

slide-11
SLIDE 11

Invariants inference

Problem: Invariants often harder to prove than original property

7

slide-12
SLIDE 12

Invariants inference

Problem: Invariants often harder to prove than original property Idea: use finite instances to infer invariants for parametrized case

◮ Insert and check on the fly in backward reachability loop ◮ Backtrack if necessary

BRAB: Backward Reachability with Approximations and Backtracking

7

slide-13
SLIDE 13

Backward reachability algorithm

I U 8

slide-14
SLIDE 14

Backward reachability algorithm

V Q I U 8

slide-15
SLIDE 15

Backward reachability algorithm

V Q I U 8

slide-16
SLIDE 16

Backward reachability algorithm

V Q I U 8

slide-17
SLIDE 17

Backward reachability algorithm

V Q I U 8

slide-18
SLIDE 18

Backward reachability algorithm

V Q I U 8

slide-19
SLIDE 19

Backward reachability algorithm

V Q I U 8

slide-20
SLIDE 20

Backward reachability algorithm

V Q I U 8

slide-21
SLIDE 21

Backward reachability algorithm

V I U 8

slide-22
SLIDE 22

BRAB: intuition

I U

9

slide-23
SLIDE 23

BRAB: intuition

I U 2

9

slide-24
SLIDE 24

BRAB: intuition

I U 2 2

9

slide-25
SLIDE 25

BRAB: intuition

V Q I U 2 2

9

slide-26
SLIDE 26

BRAB: intuition

V Q ϕ I U 2 2

9

slide-27
SLIDE 27

BRAB: intuition

V Q candidate I U 2 2

9

slide-28
SLIDE 28

BRAB: intuition

V Q I U 2 2

9

slide-29
SLIDE 29

BRAB: intuition

V Q V Q I U 2 2

9

slide-30
SLIDE 30

BRAB: intuition

V Q V Q ϕ I U 2 2

9

slide-31
SLIDE 31

BRAB: intuition

V Q V Q I U 2 2

9

slide-32
SLIDE 32

BRAB: intuition

V Q I U 2 2

9

slide-33
SLIDE 33

BRAB: intuition

V Q I U 2 2

9

slide-34
SLIDE 34

BRAB: intuition

V Q I U 2 2

9

slide-35
SLIDE 35

BRAB: intuition

V Q I U 2 2

9

slide-36
SLIDE 36

BRAB: intuition

I U 2 2

9

slide-37
SLIDE 37

BRAB: intuition

V Q I U 2 2

9

slide-38
SLIDE 38

BRAB: intuition

V Q I U 2 2

9

slide-39
SLIDE 39

BRAB: intuition

V Q I U 2 2

9

slide-40
SLIDE 40

BRAB: intuition

V Q I U 2 2

9

slide-41
SLIDE 41

BRAB: intuition

V I U 2 2

9

slide-42
SLIDE 42

Framework

◮ Symbolic framework for parameterized systems ◮ States : formulas in a decidable fragment of FOL ◮ Pre-image effectively computable ◮ Post-image effectively computable for a finite instance

10

slide-43
SLIDE 43

Framework

◮ Symbolic framework for parameterized systems ◮ States : formulas in a decidable fragment of FOL ◮ Pre-image effectively computable ◮ Post-image effectively computable for a finite instance

In Cubicle → array-based transition systems

10

slide-44
SLIDE 44

Example: German-ish cache coherence protocol

Client i:

Cache[i] ∈ {E, S, I}

Directory:

Cmd ∈ {rs, re, ǫ} Ptr ∈ proc Shr[i] ∈ {true, false} Exg ∈ {true, false}

E S I Shr[i] := true Exg := true Exg := true Shr[i] := true Shr[i] := false Exg := false Exg := false Shr[i] := false

Initial states:

∀i. Cache[i] = I ∧ ¬Shr[i] ∧ ¬Exg ∧ Cmd = ǫ

Unsafe states:

∃i, j. i = j ∧ Cache[i] = E ∧ Cache[j] = I ?

(cubes)

11

slide-45
SLIDE 45

Example: German-ish cache coherence protocol

Client i:

Cache[i] ∈ {E, S, I}

Directory:

Cmd ∈ {rs, re, ǫ} Ptr ∈ proc Shr[i] ∈ {true, false} Exg ∈ {true, false}

E S I Shr[i] := true Exg := true Exg := true Shr[i] := true Shr[i] := false Exg := false Exg := false Shr[i] := false

t5 : ∃i. Ptr = i ∧ Cmd = rs ∧ ¬Exg ∧ Cmd′ = ǫ ∧ Shr′[i] ∧ Cache′[i] = S

11

slide-46
SLIDE 46

BRAB algorithm

I : inital states U : unsafe states (cubes)

T : transitions

BRAB ():

B := ∅; Kind(U) := Orig; From(U) := U; M := FWD(dmax, k) ;

while BWDA() = unsafe do if Kind(F) = Orig then return unsafe

B := B ∪ { From(F) };

return safe

12

slide-47
SLIDE 47

BRAB algorithm

I : inital states U : unsafe states (cubes)

T : transitions

BWD ():

V := ∅ ;

push(Q, U ) ; while not empty(Q) do

ϕ := pop(Q);

if ϕ ∧ I sat then return unsafe if ¬(ϕ |

=

ψ∈V ψ) then

V := V ∪ {ϕ};

push(Q, preT (ϕ)); return safe

13

slide-48
SLIDE 48

BRAB algorithm

I : inital states U : unsafe states (cubes)

T : transitions

BWDA ():

V := ∅ ;

push(Q, U ) ; while not empty(Q) do

ϕ := pop(Q);

if ϕ ∧ I sat then return unsafe if ¬(ϕ |

=

ψ∈V ψ) then

V := V ∪ {ϕ};

push(Q, ApproxT (ϕ) ); return safe

13

slide-49
SLIDE 49

BRAB algorithm

I : inital states U : unsafe states (cubes)

T : transitions

ApproxT (ϕ): foreach ψ in candidates(ϕ) do if ψ ∈ B ∧ M ψ then

Kind(ψ) := Appr ;

. . . return ψ . . . return preT (ϕ)

14

slide-50
SLIDE 50

Example: BRAB on German-ish

¬Exg Cmd = ǫ ∀i. Cache[i] = I ¬Shr[i] t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1)

∃i = j. Cache[i] = E Cache[j] = I

15

slide-51
SLIDE 51

Example: BRAB on German-ish

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1)

∃i = j. Cache[i] = E Cache[j] = I

15

slide-52
SLIDE 52

Example: BRAB on German-ish

. . .

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = re Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = re Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = rs Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = rs

Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = E ¬Shr[#1] Shr[#2] Exg Cmd = ǫ Ptr = #1 Cache[#1] = E Cache[#2] = I Shr[#1] ¬Shr[#2] ¬Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = S ¬Shr[#1] Shr[#2] Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1) ∃i = j. Cache[i] = E Cache[j] = I

15

slide-53
SLIDE 53

Example: BRAB on German-ish

. . .

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = re Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = re Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = rs Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = rs

Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = E ¬Shr[#1] Shr[#2] Exg Cmd = ǫ Ptr = #1 Cache[#1] = E Cache[#2] = I Shr[#1] ¬Shr[#2] ¬Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = S ¬Shr[#1] Shr[#2] Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1) ∃i = j. Cache[i] = E Cache[j] = I

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j]

pre(t4(j))

15

slide-54
SLIDE 54

Example: BRAB on German-ish

. . .

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = re Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = re Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = rs Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = rs

Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = E ¬Shr[#1] Shr[#2] Exg Cmd = ǫ Ptr = #1 Cache[#1] = E Cache[#2] = I Shr[#1] ¬Shr[#2] ¬Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = S ¬Shr[#1] Shr[#2] Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1) ∃i = j. Cache[i] = E Cache[j] = I

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E

pre(t4(j)) pre(t5(j))

15

slide-55
SLIDE 55

Example: BRAB on German-ish

. . . . . .

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = re Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = re Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = rs Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = rs

Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = E ¬Shr[#1] Shr[#2] Exg Cmd = ǫ Ptr = #1 Cache[#1] = E Cache[#2] = I Shr[#1] ¬Shr[#2] ¬Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = S ¬Shr[#1] Shr[#2] Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1) ∃i = j. Cache[i] = E Cache[j] = I

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E

pre(t4(j)) pre(t5(j)) pre(t6(i))

15

slide-56
SLIDE 56

Example: BRAB on German-ish

. . . . . .

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = re Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = re Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = rs Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = rs

Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = E ¬Shr[#1] Shr[#2] Exg Cmd = ǫ Ptr = #1 Cache[#1] = E Cache[#2] = I Shr[#1] ¬Shr[#2] ¬Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = S ¬Shr[#1] Shr[#2] Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1) ∃i = j. Cache[i] = E Cache[j] = I

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E

∃i. Cmd = rs Cache[i] = E pre(t4(j)) pre(t5(j)) pre(t6(i))

15

slide-57
SLIDE 57

Example: BRAB on German-ish

. . . . . .

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = re Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = re Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = rs Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = rs

Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = E ¬Shr[#1] Shr[#2] Exg Cmd = ǫ Ptr = #1 Cache[#1] = E Cache[#2] = I Shr[#1] ¬Shr[#2] ¬Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = S ¬Shr[#1] Shr[#2] Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1) ∃i = j. Cache[i] = E Cache[j] = I

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E

∃i. Cmd = rs Cache[i] = E pre(t4(j)) pre(t5(j)) pre(t6(i))

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j]

∃i. Cmd = rs Cache[i] = E

Extracting a candidate (ApproxT )

15

slide-58
SLIDE 58

Example: BRAB on German-ish

. . . . . .

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = re Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = re Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = rs Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = rs

Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = E ¬Shr[#1] Shr[#2] Exg Cmd = ǫ Ptr = #1 Cache[#1] = E Cache[#2] = I Shr[#1] ¬Shr[#2] ¬Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = S ¬Shr[#1] Shr[#2] Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1) ∃i = j. Cache[i] = E Cache[j] = I

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E

∃i. Cmd = rs Cache[i] = E pre(t4(j)) pre(t5(j)) pre(t6(i))

15

slide-59
SLIDE 59

Example: BRAB on German-ish

. . . . . .

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = re Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = re Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = rs Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = rs

Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = E ¬Shr[#1] Shr[#2] Exg Cmd = ǫ Ptr = #1 Cache[#1] = E Cache[#2] = I Shr[#1] ¬Shr[#2] ¬Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = S ¬Shr[#1] Shr[#2] Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1) ∃i = j. Cache[i] = E Cache[j] = I

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E

∃i. Cmd = rs Cache[i] = E pre(t4(j)) pre(t5(j)) pre(t6(i))

Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

∃i. Cmd = rs Cache[i] = E

Checking candidate

15

slide-60
SLIDE 60

Example: BRAB on German-ish

. . . . . .

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = re Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = re Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = rs Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = rs

Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = E ¬Shr[#1] Shr[#2] Exg Cmd = ǫ Ptr = #1 Cache[#1] = E Cache[#2] = I Shr[#1] ¬Shr[#2] ¬Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = S ¬Shr[#1] Shr[#2] Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1) ∃i = j. Cache[i] = E Cache[j] = I

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E

∃i. Cmd = rs Cache[i] = E pre(t4(j)) pre(t5(j)) pre(t6(i))

| =

Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

∃i. Cmd = rs Cache[i] = E

Checking candidate

15

slide-61
SLIDE 61

Example: BRAB on German-ish

| =

. . . . . .

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = re Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = re Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = rs Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = rs

Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = E ¬Shr[#1] Shr[#2] Exg Cmd = ǫ Ptr = #1 Cache[#1] = E Cache[#2] = I Shr[#1] ¬Shr[#2] ¬Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = S ¬Shr[#1] Shr[#2] Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1) ∃i = j. Cache[i] = E Cache[j] = I

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E

∃i. Cmd = rs Cache[i] = E pre(t4(j)) pre(t5(j)) pre(t6(i))

15

slide-62
SLIDE 62

Example: BRAB on German-ish

| =

. . . . . .

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = re Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = re Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = rs Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = rs

Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = E ¬Shr[#1] Shr[#2] Exg Cmd = ǫ Ptr = #1 Cache[#1] = E Cache[#2] = I Shr[#1] ¬Shr[#2] ¬Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = S ¬Shr[#1] Shr[#2] Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1) ∃i = j. Shr[j] Cache[i] = E ∃i = j. Cache[i] = E Cache[j] = I

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E

∃i. Cmd = rs Cache[i] = E pre(t4(j)) pre(t5(j)) pre(t6(i))

15

slide-63
SLIDE 63

Example: BRAB on German-ish

| =

. . . . . .

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = re Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = re Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = rs Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = rs

Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = E ¬Shr[#1] Shr[#2] Exg Cmd = ǫ Ptr = #1 Cache[#1] = E Cache[#2] = I Shr[#1] ¬Shr[#2] ¬Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = S ¬Shr[#1] Shr[#2] Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1) ∃i = j. Shr[j] Cache[i] = E ∃i = j. Cache[i] = E Cache[j] = I

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E

∃i. Cmd = rs Cache[i] = E ¬Exg Cmd = rs pre(t4(j)) pre(t5(j)) pre(t6(i))

15

slide-64
SLIDE 64

Example: BRAB on German-ish

| = | =

. . . . . .

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = re Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = re Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = rs Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = rs

Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = E ¬Shr[#1] Shr[#2] Exg Cmd = ǫ Ptr = #1 Cache[#1] = E Cache[#2] = I Shr[#1] ¬Shr[#2] ¬Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = S ¬Shr[#1] Shr[#2] Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1) ∃i = j. Shr[j] Cache[i] = E ∃i = j. Cache[i] = E Cache[j] = I

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E

∃i. Cmd = rs Cache[i] = E ¬Exg Cmd = rs pre(t4(j)) pre(t5(j)) pre(t6(i))

15

slide-65
SLIDE 65

Example: BRAB on German-ish

| = | =

. . . . . .

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = re Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = re Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = rs Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = rs

Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = E ¬Shr[#1] Shr[#2] Exg Cmd = ǫ Ptr = #1 Cache[#1] = E Cache[#2] = I Shr[#1] ¬Shr[#2] ¬Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = S ¬Shr[#1] Shr[#2] Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1) ∃i = j. Cache[i] = E Cache[j] = I

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E

Cache[i] = E ∃i. ¬Exg ∃i. Cmd = rs Cache[i] = E ¬Exg Cmd = rs ∃i = j. Shr[j] Cache[i] = E pre(t4(j)) pre(t5(j)) pre(t6(i))

15

slide-66
SLIDE 66

Example: BRAB on German-ish

| = | =

. . . . . .

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = re Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = re Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = rs Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = rs

Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = E ¬Shr[#1] Shr[#2] Exg Cmd = ǫ Ptr = #1 Cache[#1] = E Cache[#2] = I Shr[#1] ¬Shr[#2] ¬Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = S ¬Shr[#1] Shr[#2] Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1) ∃i = j. Cache[i] = E Cache[j] = I

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E

Cache[i] = E ∃i. ¬Exg ∃i. Cmd = rs Cache[i] = E ¬Exg Cmd = rs ∃i = j. Shr[j] Cache[i] = E pre(t4(j)) pre(t5(j)) pre(t6(i)) pre(t5(j))

15

slide-67
SLIDE 67

Example: BRAB on German-ish

| = | =

. . . . . .

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = re Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = re Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = rs Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = rs

Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = E ¬Shr[#1] Shr[#2] Exg Cmd = ǫ Ptr = #1 Cache[#1] = E Cache[#2] = I Shr[#1] ¬Shr[#2] ¬Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = S ¬Shr[#1] Shr[#2] Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1) ∃i = j. Cache[i] = E Cache[j] = I

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E

Cache[i] = E ∃i. ¬Exg ∃i. Cmd = rs Cache[i] = E ¬Exg Cmd = rs ∃i = j. Shr[j] Cache[i] = E pre(t4(j)) pre(t5(j)) pre(t6(i)) pre(t5(j))

15

slide-68
SLIDE 68

Example: BRAB on German-ish

| = | =

. . . . . .

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = re Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = re Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = rs Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = rs

Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = E ¬Shr[#1] Shr[#2] Exg Cmd = ǫ Ptr = #1 Cache[#1] = E Cache[#2] = I Shr[#1] ¬Shr[#2] ¬Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = S ¬Shr[#1] Shr[#2] Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1) ∃i = j. Cache[i] = E Cache[j] = I

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E

Cache[i] = E

∃i = j. Cmd = re Cache[i] = E Shr[j]

∃i. ¬Exg ∃i. Cmd = rs Cache[i] = E ¬Exg Cmd = rs ∃i = j. Shr[j] Cache[i] = E pre(t4(j)) pre(t5(j)) pre(t6(i)) pre(t5(j)) pre(t3(j))

15

slide-69
SLIDE 69

Example: BRAB on German-ish

| = | =

. . . . . .

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = re Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = re Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = rs Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = rs

Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = E ¬Shr[#1] Shr[#2] Exg Cmd = ǫ Ptr = #1 Cache[#1] = E Cache[#2] = I Shr[#1] ¬Shr[#2] ¬Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = S ¬Shr[#1] Shr[#2] Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1) ∃i = j. Cache[i] = E Cache[j] = I

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E

Cache[i] = E

∃i = j. Cmd = re Cache[i] = E Shr[j]

∃i. ¬Exg ∃i. Cmd = rs Cache[i] = E ¬Exg Cmd = rs ∃i = j. Shr[j] Cache[i] = E pre(t4(j)) pre(t5(j)) pre(t6(i)) pre(t5(j)) pre(t3(j))

15

slide-70
SLIDE 70

Example: BRAB on German-ish

| = | =

. . . . . .

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = re Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = re Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = rs Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = rs

Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = E ¬Shr[#1] Shr[#2] Exg Cmd = ǫ Ptr = #1 Cache[#1] = E Cache[#2] = I Shr[#1] ¬Shr[#2] ¬Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = S ¬Shr[#1] Shr[#2] Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1) ∃i = j. Cache[i] = E Cache[j] = I

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E

Cache[i] = E

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. Cmd = re Cache[i] = E Shr[j]

∃i. ¬Exg ∃i. Cmd = rs Cache[i] = E ¬Exg Cmd = rs ∃i = j. Shr[j] Cache[i] = E pre(t4(j)) pre(t5(j)) pre(t6(i)) pre(t5(j)) pre(t4(j)) pre(t3(j))

15

slide-71
SLIDE 71

Example: BRAB on German-ish

| = | =

. . . . . .

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = re Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = re Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = rs Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = rs

Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = E ¬Shr[#1] Shr[#2] Exg Cmd = ǫ Ptr = #1 Cache[#1] = E Cache[#2] = I Shr[#1] ¬Shr[#2] ¬Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = S ¬Shr[#1] Shr[#2] Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1) ∃i = j. Cache[i] = E Cache[j] = I

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E

Cache[i] = E

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. Cmd = re Cache[i] = E Shr[j]

∃i. ¬Exg ∃i. Cmd = rs Cache[i] = E ¬Exg Cmd = rs ∃i = j. Shr[j] Cache[i] = E pre(t4(j)) pre(t5(j)) pre(t6(i)) pre(t5(j)) pre(t4(j)) pre(t3(j))

15

slide-72
SLIDE 72

Example: BRAB on German-ish

| = | =

. . . . . .

¬Exg Cmd = ǫ Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = re Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = re Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] ¬Exg Cmd = rs Ptr = #2 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2]

¬Exg Cmd = rs

Ptr = #1 Cache[#1] = I Cache[#2] = I ¬Shr[#1] ¬Shr[#2] Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = E ¬Shr[#1] Shr[#2] Exg Cmd = ǫ Ptr = #1 Cache[#1] = E Cache[#2] = I Shr[#1] ¬Shr[#2] ¬Exg Cmd = ǫ Ptr = #2 Cache[#1] = I Cache[#2] = S ¬Shr[#1] Shr[#2] Exg

Cmd = rs

Ptr = #2

Cache[#1] = E

Cache[#2] = I Shr[#1] ¬Shr[#2]

t2(#2) t2(#1) t1(#2) t1(#1) t6(#2) t6(#1) t5(#2) t5(#1) t2(#1) t1(#1) t2(#2) t1(#2) t2(#2) t2(#1) t1(#1) ∃i = j. Cache[i] = E Cache[j] = I

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E ∃i = j. ¬Exg Cmd = rs Ptr = j Cache[i] = E

Cache[i] = E

∃i = j. Exg Cmd = rs Cache[i] = E Shr[j] ∃i = j. Cmd = re Cache[i] = E Shr[j]

∃i. ¬Exg ∃i. Cmd = rs Cache[i] = E ¬Exg Cmd = rs ∃i = j. Shr[j] Cache[i] = E pre(t4(j)) pre(t5(j)) pre(t6(i)) pre(t5(j)) pre(t4(j)) pre(t3(j))

15

slide-73
SLIDE 73

Some benchmarks

BRAB Cubicle CMurphi Szymanski at 0.14s 0.30s 8.04s (8) 5m12s (10) 2h50m (12) German Baukus 0.25s 7.03s 0.74s (4) 19m35s (8) 4h49m (10) German.CTC 0.29s 3m23s 1.83s (4) 43m46s (8) 12h35m (10) German pfs 0.34s 3m58s 0.99s (4) 22m56s (8) 5h30m (10) Chandra-Toueg 2m17s 2h01m 5.68s (4) 2m58s (5) 1h36m (6) Szymanski na 0.19s T.O. 0.88s (4) 8m25s (6) 7h08m (8) Flash nodata 0.36s O.M. 4.86s (3) 3m33s (4) 2h46m (5) Flash 5m40s O.M. 1m27s (3) 2h15m (4) O.M. (5)

O.M. > 20 GB T.O. > 20 h

16

slide-74
SLIDE 74

Remarks

◮ BRAB is complete only if the framework admits a complete

Backward Reachability

◮ Cubicle goes beyond decidable fragment of array-based

systems

◮ FLASH is expressed outside of this fragment ◮ BRAB remains safe

17

slide-75
SLIDE 75

Future work

Improvements:

◮ Experiment with real size industrial protocols ◮ Improve backtracking ◮ Difficult to discover candidates for numerical invariants

Certification:

◮ Deductive program verification (with Why3 and Alt-Ergo) and

code extraction

◮ Goal: obtain a certified and efficient model checker

18

slide-76
SLIDE 76

Thank you

Visit our web site

http://cubicle.lri.fr

19