Project : vasy
Section: Contracts and Grants with Industry
The FormalFame Contract
Since 1995, there has been a long-standing collaboration between Vasy and Bull, to which the former Pampa team of Inria Rennes participated until December 2000. This collaboration aims at demonstrating that the formal methods and tools developed at Inria for validating and testing telecommunication protocols can also be successfully applied to Bull's multiprocessor architectures. The long-term objective is to develop a complete and integrated solution supporting formal specification, simulation, rapid prototyping, verification, test generation, and test execution.
A first phase of this collaboration took place from 1995 to 1998 in the framework of the Dyade joint venture between Bull and Inria. Two case studies were successfully tackled: the PowerScale bus arbitration protocol  and the PolyKid multiprocessor architecture . The feasibility of the proposed approach was established and Bull expressed its interest in pursuing the collaboration for its new architectures.
Since October 1998, we have been working on Fame, the Cc-Numa multiprocessor architecture developed by Bull for its NovaScale series of high-performance servers based on Intel Itanium 64 bits processors. Initially informal, this collaboration was officialized in 1999 as a Dyade action named FormalFame, which lasted until the end of Dyade in March 2001. The collaboration went on under the form of a Bull-Inria contract, for which we kept the name FormalFame. In 2004, the collaboration was extended until March 2005 by a followup contract named FormalFame Plus.
FormalFame successively focused on several critical components of the Fame architecture: the Ccs circuit that manages communications for a group of four processors and the Ncs circuit that manages network communications (from October 1998 to November 1999), the B-sps circuit – also referred to as Fss (Fame Scalability Switch) – that implements the cache coherency protocol (from December 1999 to March 2002), and, since then, the Prr block and the Ilu unit, which are two sub-components of the B-sps circuit to which a particular attention is drawn. For each of these components, Lotos descriptions were written, which provided a formal basis for testing and verification.
Compared to the previous years, the nature of the Bull/Inria collaboration evolved, for at least two reasons: first, the NovaScale servers went to market successfully, meaning that the development of the cache coherence protocol is over; second, Bull has acquired a sufficient autonomy in formal methods to maintain by itself the Lotos specifications developed for Ilu and Prr. In this context, the contributions of Inria in 2004 were the following:
expertise regarding some involved aspects of Lotos and Cadp,
support for migration to the latest versions of Cadp,
compatibility patches allowing Cadp to run on the old version of Linux (RedHat 7.3) for which Cadence's tools are available,
enhancements of Cadp tools to address issues detected in previous years, and
two case-studies on the formal verification of cache coherency protocols (see § 6.3).