scalable and precise refinement of cache timing analysis via model checking
DESCRIPTION
Scalable And Precise Refinement of Cache Timing Analysis via Model Checking. Sudipta Chattopadhyay Abhik Roychoudhury. Timing analysis. Hard real time systems require absolute timing guarantees System level analysis Single task analysis Worst case execution time (WCET) analysis - PowerPoint PPT PresentationTRANSCRIPT
SCALABLE AND PRECISE REFINEMENT OF CACHE TIMING ANALYSIS VIA MODEL CHECKING
Sudipta Chattopadhyay
Abhik Roychoudhury
1
TIMING ANALYSIS
Hard real time systems require absolute timing guarantees System level analysis Single task analysis
Worst case execution time (WCET) analysis An upper bound on execution time for all
possible inputs Sound over-approximation is obtained by static
analysis
2
Program
Cache analysis
Pipelineanalysis
Branch predictormodeling
WCET of basic blocks
constraints
Infeasible path
constraints
Loop bound
Micro architectural modeling
Path analysis 3
WCET ANALYSIS
IPET = Implicit Path Enumeration Technique
IPET
IMPRECISION IN ABSTRACT INTERPRETATION
p1 p2
Cache state = C1
Cache state = C2
Joined Cache state = C3
4
a
b
b
x
Abstract LRU cache set
Abstract LRU cache set
youngyoung
b Joined cache statePath p1 or path p2?
Joined cache state loses information about path p1 and p2
LRU=Least recently used
MODEL CHECKING ALONE ?
A path sensitive search Path sensitive search is expensive – path
explosion Worse, combined with possible cache states
p1 p2
Cache state = C1
Cache state = C2
5
MODEL CHECKING ALONE ?
A path sensitive search Path sensitive search is expensive – path
explosion Worse, combined with possible cache states
p1p2
6
a
b
young b
x
Abstract LRU cache set
young
a
b
Abstract LRU cache set
young b
xAbstract LRU
cache set
young
State Explosion
COMPARISON
7ILP: Integer Linear Programming, AI: Abstract interpretationMC: Model Checking
Work Micro-arch. level
technique
Program level
technique
Precision Scalability
Classical AI AI AI × √Classical MC MC MC √ ×
RTS’00(aiT,
Chronos)
AI ILP Can be improve
d
√RTSS’10 AI MC Can be
improved
_
Our approach
(AI+MC) ILP > RTS’00
= RTS’00
CACHE ANALYSIS
Program
Pipelineanalysis
Branch predictormodeling
WCET of basic blocks
constraints
Infeasible path
constraints
Loop bound
IPET
Micro architectural modeling
Path analysis
Cache analysis by
abstract interpretatio
n
Analysisoutcome
Refine by model checker
All checked
Timeout
8
Refinement by model checker can be terminated at any point
Model checker refinement steps are inherently parallel
Each model checker refinement step checks light assertion property
MODEL CHECKER REFINEMENT Three different architectural/application settings
Model checker refinements eliminate spurious cache conflicts in all three settings
Intra task(WCET in single core)
Highpriority
Lowpriority
Inter task(Cache Related
Preemption Delay analysis)
cache cache L1 cache L1 cache
Shared L2 cache
Task in Core 1
Task in Core 2
Inter core(WCET in multi-core)
9
AN EXAMPLE
10
Path 1 Path 2
Cache hit Cache missm
m mm m
Two consecutive accesses of a memory block m
Join
Abstract interpretation cannot decide cache hit or miss
Conflict to mm’ x < y
x == y
m’
m
An infeasible path
Infeasible cache conflict
Spurious
REFINEMENT (INTRA-TASK)
11
Path 1 Path 2
Cache hit Cache missm
m m
Conflict to mm’
C_m++ Increment conflict
assert (C_m <= 0)
Property(direct mapped
cache)
x < y
x == y
m’
m
Verified
Infeasible cache
conflict
m m
<=0 cache conflicts
cache hit
Cache hit
REFINEMENT (INTRA-TASK)
12
Path 1
Cache hit Cache missm
m m
m1
C_m++ Increment conflict
assert (C_m <= N-1) Property
(N-way associative cache)
Verified
Conflict to m
m2
C_m++ Increment conflict
Conflict to m
mN
C_m++ Increment conflict
Conflict to m
x < y
x == y
mi
mj
Infeasible cache
conflict
mN
m1
m m
<=N-1 cache conflicts
cache hit
Cache hit
REFINEMENT (INTRA-TASK)
13
Path 2
Cache missm
m
Conflict to mm’
C_m++ Increment conflict
assert (C_m <= 0)
Property(direct mapped
cache)
Does not affect the value of
C_m
x < y
x == y
m’
m
REFINEMENT (INTER-TASK AND INTER-CORE)
14
Highpriority
Lowpriority
cache L1 cache L1 cache
Shared L2 cache
Task in Core 1
Task in Core 2
REFINEMENT (INTER-TASK AND INTER-CORE)
15m
m
Task
Cache hit
start
exit
Conflicting task
Cache miss
m1
m2
m
cache
x < y
x == yInfeasible
m1
m2
Spurious
≠m ≠myoung
REFINEMENT (INTER-TASK AND INTER-CORE)
m
m
Task
start
exit
Conflicting task
m1
m2
m
cache
x < y
x == yInfeasible
m1
m2
C_m++Increment
conflict
C_m++
Increment conflict
assert (C_m <= 1)
Verified
m
A Cache Hit
16
young
REDUCING NUMBER OF MODEL CHECKING CALLS Model checker results can be reused
assert(C <= N) is satisfied assert(C <= N+1), …., assert(C <= ∞) is also
satisfied
assert(C <= N) is violated assert(C <= N-1), …., assert(C <= 1) is also
violated
17
EXPERIMENTAL SETUP (CHRONOS TOOLKIT)
18
C sourceGCC
simplescalar Binary code CFG
Micro architectural
modeling
cache pipeline Branchprediction
Micro-architectural constraints
ILP
Flowconstraints
WCET
CBMC
EXPERIMENTAL RESULT
All possiblerefinements made
Terminate?
Terminate? Model checker is not called
19
EXPERIMENTAL RESULT
20
Intra task(single core WCET)
cache 4-way associative, 8 KBTime = 500 seconds
EXPERIMENTAL RESULT
21
Highpriority
Lowpriority
cache
Cache Related Preemption Delay
4-way associative, 8 KBAverage time = 250 secs
Low priority
tasks
cnt
jfdctint
edn
fir
fdct
ndes
EXPERIMENTAL RESULT
22
L1 cache L1 cache
Shared L2 cache
WCET
4-way associative, 8 KB
Direct-mapped, 256 bytes
Average time = 70 secs
Tasks
cnt
jfdctint
edn
fir
fdct
ndes
SUMMARY A general framework combining abstract
interpretation and model checking for cache timing analysis
Salient features Easy integration with other micro-architectural
modeling Inherent parallelism Model checker task checks light assertion
properties (reduces the time for one call) “Anytime” algorithm Flexibility
Code transformation can easily be fine tuned to target different cache replacement policies (e.g. FIFO)
23
PATH ANALYSIS BY MODEL CHECKING
T NT
NT
T
NT
x == y
x < y
t += c1
t += c2
t += c3
t += c4
t += c5
t += c6
Unroll
Explore the states
c1+c2+c3+c4+c6+c1
c1+c2+c3+c4
c1
c1+c2 c1+c4
c1+c2+c3 c1+c2+c4
assert (t <= make a guess)
Tc1+c2+c3+c4+c6
24
25
QuestionsThank You
STATE EXPLOSION IN MC BASED CACHE ANALYSIS
Why AI + ILP Is Good for WCET, but MC Is Not, Nor ILP Alone VMCAI, 2004
METAMOC: Modular execution time analysis using model checking WCET workshop, 2010 L1 cache analysis for single task. Generates
state space explosion for simple programs.
26