Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.

Slides:

Advertisements

Similar presentations

Aaron Johnson with Joan Feigenbaum Paul Syverson

Advertisements

1 Verification by Model Checking. 2 Part 1 : Motivation.

A Polynomial-Time Algorithm for Global Value Numbering SAS 2004 Sumit Gulwani George C. Necula.

Path-Sensitive Analysis for Linear Arithmetic and Uninterpreted Functions SAS 2004 Sumit Gulwani George Necula EECS Department University of California,

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.

Fundamentals of Probability

Constraint Satisfaction Problems

Analysis of Computer Algorithms

1 Verification of Infinite State Systems by Compositional Model Checking Ken McMillan Cadence Berkeley Labs.

Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.

By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Title Subtitle.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

ADDING INTEGERS 1. POS. + POS. = POS. 2. NEG. + NEG. = NEG. 3. POS. + NEG. OR NEG. + POS. SUBTRACT TAKE SIGN OF BIGGER ABSOLUTE VALUE.

SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION

MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

Relational data objects 1 Lecture 6. Relational data objects 2 Answer to last lectures activity.

Query optimisation.

Making the System Operational

Automata Theory Part 1: Introduction & NFA November 2002.

Implementation and Verification of a Cache Coherence protocol using Spin Steven Farago.

1 Data Link Protocols By Erik Reeber. 2 Goals Use SPIN to model-check successively more complex protocols Using the protocols in Tannenbaums 3 rd Edition.

Reductions Complexity ©D.Moshkovitz.

Correctness of Gossip-Based Membership under Message Loss Maxim GurevichIdit Keidar Technion.

PARIXIT PRASAD December 4, 2013 Parixit Prasad | CSA - IISC 1 Deciding Presburger Arithmetic Using Automata Department of Computer Science and Automaton.

Addison Wesley is an imprint of © 2010 Pearson Addison-Wesley. All rights reserved. Chapter 10 Arrays and Tile Mapping Starting Out with Games & Graphics.

1 Verification of Parameterized Systems Reducing Model Checking of the Few to the One. E. Allen Emerson, Richard J. Trefler and Thomas Wahl Junaid Surve.

1 Software Unit Test Coverage And Test Adequacy Hong Zhu, Patrick A. V. Hall, John H.R. May Presented By: Arpita Gandhi.

Parallel List Ranking Advanced Algorithms & Data Structures Lecture Theme 17 Prof. Dr. Th. Ottmann Summer Semester 2006.

David Luebke 1 6/7/2014 ITCS 6114 Skip Lists Hashing.

ABC Technology Project

Chapter 9 -- Simplification of Sequential Circuits.

Copyright  2003 Dan Gajski and Lukai Cai 1 Transaction Level Modeling: An Overview Daniel Gajski Lukai Cai Center for Embedded Computer Systems University.

Vasileios Germanos 1, Stefan Haar 2, Victor Khomenko 1, and Stefan Schwoon 2 1 School of Computing Science, Newcastle University, UK 2 INRIA & LSV (ENS.

Processes Management.

6.4 Best Approximation; Least Squares

CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.

Addition 1’s to 20.

25 seconds left…...

We will resume in: 25 Minutes.

SE-292 High Performance Computing Memory Hierarchy R. Govindarajan

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Data Structures Using C++ 2E

1 Programming Languages (CS 550) Mini Language Interpreter Jeremy R. Johnson.

1 ECE734 VLSI Arrays for Digital Signal Processing Loop Transformation.

The University of Adelaide, School of Computer Science

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,

Timed Automata.

6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.

1 Concurrency Specification. 2 Outline 4 Issues in concurrent systems 4 Programming language support for concurrency 4 Concurrency analysis - A specification.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.

Counterexample Guided Invariant Discovery for Parameterized Cache Coherence Verification Sudhindra Pandav Konrad Slind Ganesh Gopalakrishnan.

1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.

1/25 Pointer Logic Changki PSWLAB Pointer Logic Daniel Kroening and Ofer Strichman Decision Procedure.

Regular Model Checking Ahmed Bouajjani,Benget Jonsson, Marcus Nillson and Tayssir Touili Moran Ben Tulila

A Simple Method for Extracting Models from Protocol Code David Lie, Andy Chou, Dawson Engler and David Dill Computer Systems Laboratory Stanford University.

CS6133 Software Specification and Verification

1 Symmetry Symmetry Chapter 14 from “Model Checking” by Edmund M. Clarke Jr., Orna Grumberg, and Doron A. Peled presented by Anastasia Braginsky March.

Automatic Verification

Presentation transcript:

Tintu David Joy

Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system Scalarset Construction of Equivalent States Graph Automorphism Representative of the symmetry equivalence class Practical Results Conclusion 2

Motivation Network and communication protocols in hardware, protocols in large multiprocessors Protocols are becoming increasingly complex Proper verification is important Automatic verification of finite state concurrent systems State explosion problem Method to reduce the state space?? 3

Better Verification Through Symmetry Aim: – Exploit Symmetries in the system – e.g. Mutual exclusion algorithm for 2 processes Method: – Extending Mur ϕ verifier by adding scalar set – Mur ϕ verifier -A verification system – Scalar set- a new data type to detect symmetries – Equivalence relation between the states – Select one state per equivalence class as representative Result: – Reduction of state space – More efficient verification 4

Example: Multiprocessor Systems Data consistency of local caches is important All processors access a shared global memory Directory based cache coherence protocol Set of rules for coordinating processors, cache controllers, memory controllers Protocol verification need to be done Without original state space Reduction of state space desirable 5

Structural Symmetry in Multiprocessor Systems 6

Structural Symmetry Directory tracks the processor Processors have distinct processor –ids Properties of integers are irrelevant in high-level protocol description Here: ordering of processor ids irrelevant for correctness of protocol 7

Structural Symmetry Standard Verifiers will not detect the symmetries Inspects symmetrically equivalent states many times Other symmetries Addresses, data values,memory module ids, message ids Consider multiple kind of symmetries Two problems: Detecting structural symmetries Detecting symmetrically equivalent states 8

Murϕ Verification System Formal verification system for finite state concurrent systems Mainly used in verifying multiprocessor systems and cryptographic protocols Parts of Mur ϕ verification system – Description Language Description of finite state asynchronous concurrent systems – Mur ϕ Compiler C++ program, generates reachable states and checks for execution of error statements, violation of invariants, deadlocks 9

Murϕ Description Language Declarations (constant, type, variable, procedure) Definitions(transition rule) Rules are guarded commands consisting of a condition and an action Nondeterministic selection of rules Atomic execution Descriptions (start state, invariant) 10

Example: 11

Scalarset New datatype in Mur ϕ To facilitate detection of symmetries and testing of equivalent states Features Assignment, testing equality/inequality and array indexing supported No arithmetic and comparison operators (other than equality/inequality testing) Convert the subrange to scalar set If numerical value of subrange not important Enforcing and documenting symmetries results from permuting members of scalar set 12

Example: 13

Construction of Equivalent States Aim: Obtain equivalent states Permuting scalar set entries of the set Permutation Process When Permutation applied to scalar set Value modified to corresponding permuted value An array indexed by scalar set permuted Contents of elements are permuted Elements are rearranged 14

Example: Equivalent states are basis for generating a reduced state space 15

Graph Automorphism To specify symmetry formally we use notions of state graphs and automorphisms Can be used to combine abstractly equivalent states Definition : A graph automorphism on a state graph A = (Q, S,Δ) is a one to one mapping h: A A 16

Graph Automorphism The transition relation is preserved Graph automorphisms closed under functional composition induces an equivalence relation on states Theorem: The set of permutations π on the scalar set entries in the states forms a set of graph automorphisms over the state graph. The set is closed under functional composition and the corresponding equivalence relation is a bisimulation 17

Representative of the symmetry equivalence class Only change in Mur ϕ verifier – canonical function is added Canonical function: determines a unique state to represent the equivalence class But finding canonical state is hard The large reduction in state space compensates for the computation load in canonicalization In complicated state structure the computation load in canonicalization is very high Observation: Any subset of states in the equivalence class can be used to represent the class and still give sound verification algorithm for safety properties 18

Normalization Canonicalization algorithm: all permutations are generated and lexicographically smallest state is used as canonical state So Normalization Algorithm Seperates states into two Part with most significant bits is canonicalized with few canonicalized permutations Second part is normalized by one permutation used to canonicalize the first part Result is a normalized state of a small lexicographically value 19

Practical Results Symmetry based algorithm in Mur ϕ verification system Verified cache coherence protocol on DASH multiprocessor Processing nodes communicating to memory modules Each processing nodes have its own processors and caches 20

Result on Cache coherence protocol Processing nodes- 2,3,4 Reduced state space by 90% 21

Data Saturation Exploiting data-independence Theorem : For any finite state system with M scalarsets that are not used as array indexes, there exists finite integers N 1...N m such that the reduced state graph has the same size as the one obtained from the system with the scalar sets of sizes N 1...N m or above, even if the sizes approach infinity. Reduce the infinite state space to a finite one 22

Conclusion Symmetry can be exploited in verification of concurrent systems Rotational symmetry can also be done in the same way Can be applied to other high level languages, specifications and models In several cases more efficient verification due to reduced state space 23

Thank you for the attention