joseph cordina 1/11 the use of model-checking for the verification of concurrent algorithms joseph...
TRANSCRIPT
![Page 1: Joseph Cordina 1/11 The Use of Model-Checking for the Verification of Concurrent Algorithms Joseph Cordina Department of C.S.&A.I](https://reader036.vdocument.in/reader036/viewer/2022082818/56649edc5503460f94bec7be/html5/thumbnails/1.jpg)
Joseph Cordina1/11
The Use of Model-Checking for the Verification of Concurrent Algorithms
Joseph Cordina
Department of C.S.&A.I.
![Page 2: Joseph Cordina 1/11 The Use of Model-Checking for the Verification of Concurrent Algorithms Joseph Cordina Department of C.S.&A.I](https://reader036.vdocument.in/reader036/viewer/2022082818/56649edc5503460f94bec7be/html5/thumbnails/2.jpg)
Joseph Cordina2/11
Problems
Designing Concurrent Algorithms – Complex algorithms that have multiple concurrent counter-parts– Usually designed using complex atomic instructions making it
difficult to reason with– Increasing number of concurrent tasks make algorithm difficult to
predict– Guarantees are necessary if used in critical scenarios
Typical Verification– Dry-run on paper– Tested extensively on hardware– No guarantees of any sort
Simple algorithms like semaphore implementations take long hours to verify, our aim is to verify wait-free algorithms.
![Page 3: Joseph Cordina 1/11 The Use of Model-Checking for the Verification of Concurrent Algorithms Joseph Cordina Department of C.S.&A.I](https://reader036.vdocument.in/reader036/viewer/2022082818/56649edc5503460f94bec7be/html5/thumbnails/3.jpg)
Joseph Cordina3/11
Model-Checking
Automated technique allowing verification of properties according to the given model
Several tools are available that try to minimise the state space
– Main problem with verification is state-explosion
SMV is a project that provides tools free– Accepts a model written in SMV language– Verifies properties in temporal logic– Outputs counter-examples of negated properties
![Page 4: Joseph Cordina 1/11 The Use of Model-Checking for the Verification of Concurrent Algorithms Joseph Cordina Department of C.S.&A.I](https://reader036.vdocument.in/reader036/viewer/2022082818/56649edc5503460f94bec7be/html5/thumbnails/4.jpg)
Joseph Cordina4/11
Verification of Algorithms
Verification Model in SMV language– Model CPU characteristics (PC, registers,etc)– Moving PC from one instruction to the next in
each time step– Current PC determines next state of registers and
memory locations– Signal to start algorithm is un-deterministic
Multiple instances of algorithm are verified for all legal permutations of execution
![Page 5: Joseph Cordina 1/11 The Use of Model-Checking for the Verification of Concurrent Algorithms Joseph Cordina Department of C.S.&A.I](https://reader036.vdocument.in/reader036/viewer/2022082818/56649edc5503460f94bec7be/html5/thumbnails/5.jpg)
Joseph Cordina5/11
Execution Models
We have constructed two models– Uni-processor model with un-deterministic
scheduler Multiple instances of an algorithm are executed as
separate tasks Each task is modelled through the use of a task
descriptor
– Multi-processor model Multiple CPU descriptions each running some part of the
algorithms Start of execution is un-deterministic
![Page 6: Joseph Cordina 1/11 The Use of Model-Checking for the Verification of Concurrent Algorithms Joseph Cordina Department of C.S.&A.I](https://reader036.vdocument.in/reader036/viewer/2022082818/56649edc5503460f94bec7be/html5/thumbnails/6.jpg)
Joseph Cordina6/11
SMV language
Designer of algorithm– Supplies each instruction in SMV– Encodes the properties– SMV provides verification
Each algorithm and property needs to be translated to SMV language– A cumbersome task– Requires designer to learn SMV
![Page 7: Joseph Cordina 1/11 The Use of Model-Checking for the Verification of Concurrent Algorithms Joseph Cordina Department of C.S.&A.I](https://reader036.vdocument.in/reader036/viewer/2022082818/56649edc5503460f94bec7be/html5/thumbnails/7.jpg)
Joseph Cordina7/11
Pre-Processing
We built a parser in FLEX– Takes a description of the algorithm– Translates it to SMV language
Easier to specify algorithm No need to learn SMV Description keywords
– CPUs, REGISTERS, MEMORY, STATEVARS– LABELS, CODE, ASSERTIONS, TRIGGER, START– PERCPUASSUMPTIONS, EXCLUSIVEINSTRUCTIONS– PROVE
Properties are specified in temporal logic with optimisations in terms of expressiveness
![Page 8: Joseph Cordina 1/11 The Use of Model-Checking for the Verification of Concurrent Algorithms Joseph Cordina Department of C.S.&A.I](https://reader036.vdocument.in/reader036/viewer/2022082818/56649edc5503460f94bec7be/html5/thumbnails/8.jpg)
Joseph Cordina8/11
Results
Automation for the generation of the SMV model from an input concurrent algorithm
Verification of concurrent algorithms– Framework allows very complex algorithms as
long as no complex communication primitives are assumed
Guarantees given for a limited number of concurrent resources– Limited by SMV– Assumptions can be given to limit the state space
![Page 9: Joseph Cordina 1/11 The Use of Model-Checking for the Verification of Concurrent Algorithms Joseph Cordina Department of C.S.&A.I](https://reader036.vdocument.in/reader036/viewer/2022082818/56649edc5503460f94bec7be/html5/thumbnails/9.jpg)
Joseph Cordina9/11
Future Work
Coalesce the uni-processor model with the multi-processor model
Make use of alternate model-checkers allowing CSP communication
Implement more complex instructions allowing verification of wait-free algorithms
Parse SMV output allowing visual representation dependant on input description
![Page 10: Joseph Cordina 1/11 The Use of Model-Checking for the Verification of Concurrent Algorithms Joseph Cordina Department of C.S.&A.I](https://reader036.vdocument.in/reader036/viewer/2022082818/56649edc5503460f94bec7be/html5/thumbnails/10.jpg)
Joseph Cordina10/11
Conclusion
This work is a proof-of-concept showing the possibility of verification of concurrent algorithms using model-checking
Our solution– Model using SMV language– Pre-processor
Constructs model Creates algorithm instructions in SMV Generates properties and assumptions
Algorithm designers can now have guarantees within a reasonable amount of time
![Page 11: Joseph Cordina 1/11 The Use of Model-Checking for the Verification of Concurrent Algorithms Joseph Cordina Department of C.S.&A.I](https://reader036.vdocument.in/reader036/viewer/2022082818/56649edc5503460f94bec7be/html5/thumbnails/11.jpg)
Joseph Cordina11/11
Thank You
Questions?