Presentation is loading. Please wait.

Presentation is loading. Please wait.

Yang Liu, Jun Sun and Jin Song Dong School of Computing National University of Singapore.

Published byAbner Wade Modified over 9 years ago

Similar presentations

Presentation on theme: "Yang Liu, Jun Sun and Jin Song Dong School of Computing National University of Singapore."— Presentation transcript:

1 Yang Liu, Jun Sun and Jin Song Dong School of Computing National University of Singapore

2 Outline General Introduction to PAT http://pat.comp.nus.edu.sg Motivation: Parallel Model Checking Model Checking with Fairness Experiment Results Conclusion 2

3 Model Checking Determining whether a model satisfies a property by the means of exhaustive searching. 3 Model Model Checker Property Counterexample!

4 Model Checking Works! Three researchers won Turing Award 2007 for their pioneer work on model checking! Intel Core i7 processor is verified by symbolic model checking completely without executing a single test case! The Slam project from Microsoft successfully detected many bugs in many driver software! 4

5 PAT: Motivation We aim to develop a self-contained framework for formal specification and verification of compositional systems which involves, concurrency, real-time, complex data structures and operations, complicated control flows, and etc. 5

6 PAT: Architecture 6

7 Motivation Model checking is limited by state space explosion. We do have multiple cores nowadays! 7

8 Safety “Something bad never happens” Reachability analysis Depth-first search Breadth-first search 8

9 Liveness “Something good eventually happens” Liveness checking = bad loop searching Nested depth-first- search SCC-based algorithms 9

10 Fairness Liveness often requires fairness! Process level weak/strong fairness Event level weak/strong fairness Strong global fairness

11 Verification under Fairness Automata-based LTL model checking weak fairness: SCC search strong fairness: strongly connected sub-graph search strong global fairness = terminal SCC search

12 Verification under Fairness A lasso is counterexample if and only if the loop is fair and it fails the liveness property. It is (process-level) weak fair iff there is NO process which is always enabled during the loop and never made any progress. It is (process-level) strong fair iff there is NO process which is enabled during the loop and never made any progress. It is strong global fairness iff …

13 Sequential Algorithm 13 A: Find SCC-0 B: Check if SCC-0 is fair Is Not Fair C: Generate Counterexample True Is Fair

14 Parallel Algorithm 14 Thread 1 Thread 2 Thread 4 Thread 3 A0 B0 A1 B1 A2 B2

15 Parallel Algorithm 15 Thread 1 Thread 2 Thread 4 Thread 3 A0 B0 A1 B1 A2 B2

16 Effectiveness Overhead – negligible Based on shared-memory architecture. Depends on how expensive checking whether a SCC satisfies the fairness constraint Weak fairness: linear in the number of transitions Strong fairness: bounded by #states * #transitions Global fairness: linear in the number of transitions 16

17 Experiment A 17

18 Experiment B 18

19 Experiment (cont’d) 19

20 Conclusion 20 A simple way of making use of multi-cores for model checking with fairness. The technique is available in PAT. http://pat.comp.nus.edu.sg Related work Spin’s liveness checking algorithm for dual-core systems Barnat et al. multi-core LTL model checking MAP, OWCTY, NEGC, OBF

Download ppt "Yang Liu, Jun Sun and Jin Song Dong School of Computing National University of Singapore."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Modeling issues Book: chapters 4.12, 5.4, 8.4, 10.1.

Modeling issues Book: chapters 4.12, 5.4, 8.4, 10.1.
A Technique for Parallel Reachability Analysis of Java Programs Raghuraman R. Sridhar Iyer G. Sajith.

A Technique for Parallel Reachability Analysis of Java Programs Raghuraman R. Sridhar Iyer G. Sajith.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Partial Order Reduction: Main Idea

Partial Order Reduction: Main Idea
Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.

Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.
A university for the world real R © 2009, www.yawlfoundation.org Chapter 3 Advanced Synchronization Moe Wynn Wil van der Aalst Arthur ter Hofstede.

A university for the world real R © 2009, Chapter 3 Advanced Synchronization Moe Wynn Wil van der Aalst Arthur ter Hofstede.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
Parallel Programming Motivation and terminology – from ACM/IEEE 2013 curricula.

Parallel Programming Motivation and terminology – from ACM/IEEE 2013 curricula.
Chair of Software Engineering Software Verification Stephan van Staden Lecture 10: Model Checking.

Chair of Software Engineering Software Verification Stephan van Staden Lecture 10: Model Checking.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking.

Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking.
Process Analysis Toolkit PAT is A SPIN-like self-contained environment for system specification, visualized simulation and automated verification. PAT.

Process Analysis Toolkit PAT is A SPIN-like self-contained environment for system specification, visualized simulation and automated verification. PAT.
Towards a Model Checker for NesC and Wireless Sensor Networks Manchun Zheng 1, Jun Sun 2, Yang Liu 1, Jin Song Dong 1, and Yu Gu 2 1 National University.

Towards a Model Checker for NesC and Wireless Sensor Networks Manchun Zheng 1, Jun Sun 2, Yang Liu 1, Jin Song Dong 1, and Yu Gu 2 1 National University.
1 Temporal Logic u Classical logic:  Good for describing static conditions u Temporal logic:  Adds temporal operators  Describe how static conditions.

1 Temporal Logic u Classical logic:  Good for describing static conditions u Temporal logic:  Adds temporal operators  Describe how static conditions.
Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.

Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.
Progress Guarantee for Parallel Programs via Bounded Lock-Freedom Erez Petrank – Technion Madanlal Musuvathi- Microsoft Bjarne Steensgaard - Microsoft.

Progress Guarantee for Parallel Programs via Bounded Lock-Freedom Erez Petrank – Technion Madanlal Musuvathi- Microsoft Bjarne Steensgaard - Microsoft.

Similar presentations

Ads by Google