Cache-coherence protocols have been one of the greatest correctness challenges of the hardware world. A memory subsystem usually consists of several caches and the main memory, and a cache-coherence protocol defined in such a system allows multiple memory-access transactions to execute in a distributed manner, across the levels of a cache hierarchy. This source of concurrency is the most challenging part in formal verification of cache coherence.
In this dissertation, we introduce Hemiola, a framework embedded in Coq to design, prove, and synthesize cache-coherence protocols in a structural way. The framework guides the user to design protocols that never experience inconsistent interleavings while handling transactions concurrently. Any protocol designed in Hemiola always satisfies the serializability property, allowing a user to prove the protocol assuming that transactions are executed one-at-a-time. The proof relies on conditions on the protocol topology and state-change rules, but we have designed a domain-specific protocol language that guides the user to design protocols that satisfy these properties by construction.
The framework also provides a novel way to design and prove invariants by adding predicates to messages in the system, called predicate messages. On top of serializability, it is much simpler to prove a predicate message, since it is guaranteed that the predicate is not spuriously broken by other messages. We used Hemiola to design and prove hierarchical MSI and MESI protocols, in both inclusive and noninclusive variants, as case studies. We also demonstrated that the case-study protocols are indeed hardware-synthesizable, by using a compilation/synthesis toolchain in the framework.
Thesis Supervisors: Prof. Adam Chlipala and Prof. Arvind
To attend this defense, please contact the doctoral candidate at joonwonc at mit dot edu