Cubicle

• Overview
• Download
  • Sources
  • Binaries
  • Installation instructions
• Publications
• Experiments
• Manual
  • Description language
  • Options
• Examples
• Contact

Flash_nodata

Cubicle model

Safety properties

Below are the safety properties we want to verify, in negated form.
∃ p. ( CacheState_home = CACHE_E ∧ CacheState[p] = CACHE_E )

∃ i,j. i≠j ∧ ( CacheState[i] = CACHE_E ∧ CacheState[j] = CACHE_E )

Options used

-brab 2 -forward-depth 6

Inferred invariants

All invariants are shown in their negated form, where #1 and #2 are distinct existentially quantified variables.

CacheState_home = CACHE_I && Dir_Local = True && Dir_Dirty = True

Home <> #1 && Dir_HeadVld = False && UniMsg_Cmd[#1] = UNI_PutX

ProcCmd_home = NODE_Get && Dir_Local = True

CacheState_home = CACHE_E && Dir_Dirty = False

Home <> #1 && Dir_HeadVld = False && CacheState[#1] = CACHE_E

WbMsg_Cmd = WB_Wb && ShWbMsg_Cmd = SHWB_ShWb

UniMsg_Cmd_home = UNI_Put && ShWbMsg_Cmd = SHWB_ShWb

UniMsg_Cmd_home = UNI_PutX && ShWbMsg_Cmd = SHWB_ShWb

Dir_Dirty = False && ShWbMsg_Cmd = SHWB_ShWb

Dir_HeadVld = False && ShWbMsg_Cmd = SHWB_ShWb

Dir_Dirty = False && WbMsg_Cmd = WB_Wb

Dir_HeadVld = False && WbMsg_Cmd = WB_Wb

UniMsg_Cmd_home = UNI_Put && Dir_Dirty = False

UniMsg_Cmd_home = UNI_Put && Dir_HeadVld = False

Home <> #1 && CacheState[#1] = CACHE_E && UniMsg_Cmd[#1] = UNI_PutX

UniMsg_Cmd_home = UNI_PutX && Dir_Dirty = False

UniMsg_Cmd_home = UNI_PutX && Dir_HeadVld = False

Home <> #1 && ShWbMsg_Cmd = SHWB_ShWb && UniMsg_Cmd[#1] = UNI_PutX

Home <> #1 && UniMsg_Cmd_home = UNI_Put && UniMsg_Cmd[#1] = UNI_PutX

Home <> #1 && Home <> #2 && UniMsg_Cmd[#1] = UNI_PutX && UniMsg_Cmd[#2] = UNI_PutX

CacheState_home = CACHE_E && Dir_HeadVld = True

Home <> #1 && UniMsg_Cmd_home = UNI_PutX && UniMsg_Cmd[#1] = UNI_PutX

ShWbMsg_Cmd = SHWB_ShWb && CacheState[#1] = CACHE_E

ShWbMsg_Cmd = SHWB_ShWb && ShWbMsg_Proc = Home

Home <> #1 && Dir_Dirty = False && UniMsg_Cmd[#1] = UNI_PutX

UniMsg_Cmd_home = UNI_Put && CacheState[#1] = CACHE_E

InvMarked_home = True

Home <> #1 && CacheState[#2] = CACHE_E && UniMsg_Cmd[#1] = UNI_PutX

Home <> #1 && CacheState_home = CACHE_E && UniMsg_Cmd[#1] = UNI_PutX

Dir_Dirty = False && CacheState[#1] = CACHE_E
      

You can find the list of all invariants that can be extracted from BRAB here (also in negated form), this collection being inductive.

Search graph

The algorithm starts from the formula located at the bottom, inside a red octagon. Variables #1, #2, … that appear in the nodes are distinct skolem variables so we show a formula φ(#1, #2) as equivalent to ∃ z₁, z₂. z₁ ≠ z₂ ∧ φ(z₁, z₂). Plain black edges represent pre-image relations and are annotated by the transition instance that was considered. Black circles denote nodes that were obtained by pre-image computation and were not covered by already visited nodes. The nodes circled in gray are the one that were not useful because they were subsumed by formulas pointed by the gray dashed arrows. Approximations are shown in blue rectangles. Each approximation originates from the node that connects its rectangle with a bold dashed blue edge.

• Flash_nodata graph in dot format
• Flash_nodata graph in SVG format (2.2 MB)