Using Flow Specifications of Parameterized Cache Coherence Protocols for Verifying Deadlock Freedom

We consider the problem of verifying deadlock freedom for symmetric cache coherence protocols. In particular, we focus on a specific form of deadlock which is useful for the cache coherence protocol domain and consistent with the internal definition of deadlock in the Murphi model checker: we refer to this deadlock as a system- wide deadlock (s-deadlock). In s-deadlock, the entire system gets blocked and is unable to make any transition. Cache coherence protocols consist of N symmetric cache agents, where N is an unbounded parameter; thus the verification of s-deadlock freedom is naturally a parameterized verification problem. Parametrized verification techniques work by using sound abstractions to reduce the unbounded model to a bounded model. Efficient abstractions which work well for industrial scale protocols typically bound the model by replacing the state of most of the agents by an abstract environment, while keeping just one or two agents as is. However, leveraging such efficient abstractions becomes a challenge for s-deadlock: a violation of s-deadlock is a state in which the transitions of all of the unbounded number of agents cannot occur and so a simple abstraction like the one above will not preserve this violation. In this work we address this challenge by presenting a technique which leverages high-level information about the protocols, in the form of message sequence dia- grams referred to as flows, for constructing invariants that are collectively stronger than s-deadlock. Efficient abstractions can be constructed to verify these invariants. We successfully verify the German and Flash protocols using our technique

AN ABSTRACTION TECHNIQUE FOR REAL-TIME VERIFICATION

Abstract In real-time systems, correctness depends on the time at which events occur. Examples of real-time systems include timed protocols and many embedded system controllers. Timed automata are an extension of finite-state automata that include real-valued clock variables used to measure time. Given a timed automaton, an equivalent finite-state region automaton can be constructed, which guarantees decidability. Timed model checking tools like Uppal, Kronos, and Red use specialized data structures to represent the real-valued clock variables. A different approach, called integer-discretization, is to define clock variables that can assume only integer values, but, in general, this does not preserve continuous-time semantics. This paper describes an implicit representation of the region automaton to which ordinary model checking tools can be applied directly. This approach differs from integer discretization because it is able to handle real-valued clock variables using a finite representation and preserves the continuous-time semantics of timed automata. In this framework, we introduce the GoAbstraction, a technique to reduce the size of the state space. Based on a conservative approximation of the region automaton, GoAbstraction makes it possible to verify larger systems. In order to make the abstraction precise enough to prove meaningful properties, we introduce auxiliary variables, called Go variables, that limit the drifting of clock variables in the abstract system. The paper includes preliminary experimental results showing the effectiveness of our technique using both symbolic and bounded model checking tools

La vaccination contre le HPV diminue-t-elle le risque du cancer du col de l’utérus ?

ANALYSE DE : Lei J, Ploner A, Elfström KM, et al. HPV vaccination and the risk of invasive cervical cancer. N Engl J Med 2020;383:1340-8. DOI: 10.1056/NEJMoa1917338 CONCLUSION : Cette étude observationnelle et rétrospective, de bonne qualité, présente cependant des limites inhérentes à ce type de design. Cette étude suggère que le vaccin tétravalent protège du cancer du col de l’utérus. Les patientes recevant le vaccin avant leurs 17 ans bénéficieraient d’une protection plus grande. Des études complémentaires évaluant l’effet protecteur des vaccins bivalent et nonavalent contre le cancer du col de l’utérus sont souhaitées