scalable multi-core model checking fairness enhanced systems
DESCRIPTION
Scalable Multi-core Model Checking Fairness Enhanced Systems. Yang Liu, Jun Sun and Jin Song Dong School of Computing National University of Singapore. Outline. General Introduction to PAT http://pat.comp.nus.edu.sg Motivation: Parallel Model Checking Model Checking with Fairness - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Scalable Multi-core Model Checking Fairness Enhanced Systems](https://reader036.vdocuments.mx/reader036/viewer/2022062323/568164c8550346895dd6e0d0/html5/thumbnails/1.jpg)
Scalable Multi-core Model Checking Fairness Enhanced Systems
Yang Liu, Jun Sun and Jin Song Dong School of Computing
National University of Singapore
![Page 2: Scalable Multi-core Model Checking Fairness Enhanced Systems](https://reader036.vdocuments.mx/reader036/viewer/2022062323/568164c8550346895dd6e0d0/html5/thumbnails/2.jpg)
2
OutlineGeneral Introduction to PAT
http://pat.comp.nus.edu.sgMotivation: Parallel Model Checking Model Checking with FairnessExperiment ResultsConclusion
![Page 3: Scalable Multi-core Model Checking Fairness Enhanced Systems](https://reader036.vdocuments.mx/reader036/viewer/2022062323/568164c8550346895dd6e0d0/html5/thumbnails/3.jpg)
3
Model CheckingDetermining whether a model satisfies a
property by the means of exhaustive searching.
Model
Model Checker
PropertyCounterexample!
![Page 4: Scalable Multi-core Model Checking Fairness Enhanced Systems](https://reader036.vdocuments.mx/reader036/viewer/2022062323/568164c8550346895dd6e0d0/html5/thumbnails/4.jpg)
4
Model Checking Works!Three researchers won Turing Award 2007
for their pioneer work on model checking! Intel Core i7 processor is verified by symbolic
model checking completely without executing a single test case!
The Slam project from Microsoft successfully detected many bugs in many driver software!
![Page 5: Scalable Multi-core Model Checking Fairness Enhanced Systems](https://reader036.vdocuments.mx/reader036/viewer/2022062323/568164c8550346895dd6e0d0/html5/thumbnails/5.jpg)
5
PAT: MotivationWe aim to develop a self-contained
framework for formal specification and verification of compositional systems which involves,concurrency, real-time,complex data structures and operations,complicated control flows,and etc.
![Page 6: Scalable Multi-core Model Checking Fairness Enhanced Systems](https://reader036.vdocuments.mx/reader036/viewer/2022062323/568164c8550346895dd6e0d0/html5/thumbnails/6.jpg)
6
PAT: Architecture
![Page 7: Scalable Multi-core Model Checking Fairness Enhanced Systems](https://reader036.vdocuments.mx/reader036/viewer/2022062323/568164c8550346895dd6e0d0/html5/thumbnails/7.jpg)
7
MotivationModel checking is
limited by state space explosion.
We do have multiple cores nowadays!
![Page 8: Scalable Multi-core Model Checking Fairness Enhanced Systems](https://reader036.vdocuments.mx/reader036/viewer/2022062323/568164c8550346895dd6e0d0/html5/thumbnails/8.jpg)
8
Safety“Something bad
never happens”Reachability analysis
Depth-first searchBreadth-first search
![Page 9: Scalable Multi-core Model Checking Fairness Enhanced Systems](https://reader036.vdocuments.mx/reader036/viewer/2022062323/568164c8550346895dd6e0d0/html5/thumbnails/9.jpg)
9
Liveness“Something good
eventually happens”Liveness checking =
bad loop searchingNested depth-first-
searchSCC-based
algorithms
![Page 10: Scalable Multi-core Model Checking Fairness Enhanced Systems](https://reader036.vdocuments.mx/reader036/viewer/2022062323/568164c8550346895dd6e0d0/html5/thumbnails/10.jpg)
FairnessLiveness often requires fairness!
Process level weak/strong fairnessEvent level weak/strong fairnessStrong global fairness
![Page 11: Scalable Multi-core Model Checking Fairness Enhanced Systems](https://reader036.vdocuments.mx/reader036/viewer/2022062323/568164c8550346895dd6e0d0/html5/thumbnails/11.jpg)
Verification under FairnessAutomata-based LTL model checking
weak fairness: SCC search strong fairness: strongly connected sub-graph
searchstrong global fairness = terminal SCC search
![Page 12: Scalable Multi-core Model Checking Fairness Enhanced Systems](https://reader036.vdocuments.mx/reader036/viewer/2022062323/568164c8550346895dd6e0d0/html5/thumbnails/12.jpg)
Verification under FairnessA lasso is counterexample if and only if the
loop is fair and it fails the liveness property.It is (process-level) weak fair iff there is NO
process which is always enabled during the loop and never made any progress.
It is (process-level) strong fair iff there is NO process which is enabled during the loop and never made any progress.
It is strong global fairness iff …
![Page 13: Scalable Multi-core Model Checking Fairness Enhanced Systems](https://reader036.vdocuments.mx/reader036/viewer/2022062323/568164c8550346895dd6e0d0/html5/thumbnails/13.jpg)
13
Sequential AlgorithmA: Find SCC-0
B: Check if SCC-0 is fair
Is Not Fair
C: Generate Counterexample
True
Is Fair
![Page 14: Scalable Multi-core Model Checking Fairness Enhanced Systems](https://reader036.vdocuments.mx/reader036/viewer/2022062323/568164c8550346895dd6e0d0/html5/thumbnails/14.jpg)
14
Parallel AlgorithmThread 1Thread 2
Thread 4
Thread 3
A0 B0
A1 B1 A2 B2
![Page 15: Scalable Multi-core Model Checking Fairness Enhanced Systems](https://reader036.vdocuments.mx/reader036/viewer/2022062323/568164c8550346895dd6e0d0/html5/thumbnails/15.jpg)
15
Parallel AlgorithmThread 1Thread 2
Thread 4
Thread 3
A0
B0
A1
B1
A2
B2
![Page 16: Scalable Multi-core Model Checking Fairness Enhanced Systems](https://reader036.vdocuments.mx/reader036/viewer/2022062323/568164c8550346895dd6e0d0/html5/thumbnails/16.jpg)
16
EffectivenessOverhead – negligible
Based on shared-memory architecture.Depends on how expensive checking whether
a SCC satisfies the fairness constraintWeak fairness: linear in the number of
transitionsStrong fairness: bounded by #states *
#transitionsGlobal fairness: linear in the number of
transitions
![Page 17: Scalable Multi-core Model Checking Fairness Enhanced Systems](https://reader036.vdocuments.mx/reader036/viewer/2022062323/568164c8550346895dd6e0d0/html5/thumbnails/17.jpg)
17
Experiment A
![Page 18: Scalable Multi-core Model Checking Fairness Enhanced Systems](https://reader036.vdocuments.mx/reader036/viewer/2022062323/568164c8550346895dd6e0d0/html5/thumbnails/18.jpg)
18
Experiment B
![Page 19: Scalable Multi-core Model Checking Fairness Enhanced Systems](https://reader036.vdocuments.mx/reader036/viewer/2022062323/568164c8550346895dd6e0d0/html5/thumbnails/19.jpg)
19
Experiment (cont’d)
![Page 20: Scalable Multi-core Model Checking Fairness Enhanced Systems](https://reader036.vdocuments.mx/reader036/viewer/2022062323/568164c8550346895dd6e0d0/html5/thumbnails/20.jpg)
20
ConclusionA simple way of making use of multi-cores for
model checking with fairness.The technique is available in PAT.
http://pat.comp.nus.edu.sgRelated work
Spin’s liveness checking algorithm for dual-core systems
Barnat et al. multi-core LTL model checkingMAP, OWCTY, NEGC, OBF