Scientific Computing By: Fatima Hallak To: Dr. Guy Tel-Zur

SPIN Spin home pageSpin home page Spin targets efficient software verification. Supports a high level language called PROMELA (a PROcess MEta LAnguage). ًWritten in ANSI standard C Portable across all versions of Unix, Linux, cygwin, Plan9, Inferno, Solaris, Mac, and Windows

SPIN V 4 provides direct support for the use of embedded C code as part of model specifications. To directly verify implementation level software specifications, as a driver and as a logic engine to verify high level temporal properties. V 5 provides direct support for the use of multi-core computers for model checking runs -- supporting both safety and liveness verifications. Driver for swarm verification (a new form of swarm computing), which can make optimal use of large numbers of available compute cores to leverage parallelism and search diversification techniques.swarm verification

SPIN’s Functionality Used to trace logical design errors in distributed systems design, such as operating systems, data communications protocols, switching systems, concurrent algorithms, railway signaling protocols, etc. Reports on deadlocks, unspecified receptions, flags incompleteness, race conditions, and unwarranted assumptions about the relative speeds of processes

SPIN Supports Dynamically growing and shrinking numbers of processes, using a rubber state vector technique. Both rendezvous and buffered message passing, and communication through shared memory. Mixed systems, using both synchronous and asynchronous communications. Message channel identifiers for both rendezvous and buffered channels, can be passed from one process to another in messages.

Spin can be used in four main modes 1. Simulator, allowing for rapid prototyping with a random, guided, or interactive simulations 2. Exhaustive verifier, capable of rigorously proving the validity of user specified correctness requirements (using partial order reduction theory to optimize the search) either depth-first or breadth-first search. 3. Proof approximation system that can validate even very large system models with maximal coverage of the state space. 4. a driver for swarm verification which can make optimal use of large numbers of available compute cores to leverage parallelism and search diversification techniques, which increases the chance of locating defects in very large verification models.swarm verification

Swarm 3.1 – Verification Script generator for SPIN Syntax: swarm [config_file] [option] * Script that performs many small verification jobs in parallel that can increase the problem coverage for very large verification problems by about an order of magnitude compared to standard bitstate verification runs. It is meant to be used on models for which standard verification with exhaustive, bitstate, hash- compaction etc. either runs out of memory, or takes more time than is available (e.g., days or weeks).

swarm3.1.tar Swarm uses parallelism and search diversification to reach its objectives.The user can use a configuration file to define: how many processing cores are available how much memory can be used how much time is maximally available other optional parameter settings. Based on this information, swarm generates the script that runs as many independent jobs as possible in parallel, without exceeding any of the user-defined constraints. Swarm can run jobs using local CPU cores or remote machines in a grid network. Swarm 3.1 is a reimplementation of the algorithm, making more extensive use of search randomization techniques, and taking advantage of some new features implemented for this purpose in Spin Version 5.2 and up

Nondeterministic Finite Automata (NDFA) problem Nondeterminism is a central concept in CS that appears frequently in applications: grammars of programming languages, algorithms and the interleaving model of concurrency. The SPIN semantics is existential (a string is accepted if there exists a computation that terminates in an accepting state after reading the entire string) A primer on Model checking by Moti Ben-Ari

NDFA program Programmed using the guarded if-command for nondeterministic trasitions. For example: {(q5, a, q7), (q5, a, q3), (q5, b, q5)}. q5: if :: input == ‘a’ -> input = next-symbol; goto q7 :: input == ‘a’ -> input = next-symbol; goto q3 :: input == ‘b’ -> input = next-symbol; goto q5 fi Next, add the alternative: :: end-of-input -> assert(false)

SPIN modes in NDFA Random simulation is the execution of the NDFA with arbitrary resolution of nondeterministic transitions. Interactive simulation is the execution of an NDFA with an oracle ensuring that an accepting computation is found Verification represents the metalevel determination if there exists an accepting computation or not.

Other examples

The Semantics of LTL A ↔ B (Equivalent) A → B (Implies) A ν B (or) A Λ B (and) ¬A (Not) BA TTTTFTT FFTFFFT FTTFTTF TTFFTFF

The Semantics of LTL bool wantP = false, wantQ= false; Active proctype P() { do :: wantP = true; do :: wantQ -> wantP = false; wantP = true ::else -> break od; wantP = false od } Active proctype Q() { do :: wantQ = true; do :: wantP -> wantQ = false; wantQ = true ::else -> break od; wantQ = false od }