the parallel pv model-checker robert palmer and ganesh gopalakrishnan school of computing university...
Post on 22-Dec-2015
218 views
TRANSCRIPT
The Parallel PV Model-checker
Robert Palmer and Ganesh Gopalakrishnan
School of Computing
University of Utah
Outline
• Background of parallel PV
• Introduction to:– Partial order reduction– The parallel Twophase algorithm
• Parallel PV model-checker
• Some performance statistics
• Conclusions and availability
Background Of Parallel PV
• Nested DFS based Implementation checks LTL-X properties
• Sequential PV implemented by Dr. Ratan Nalumasu
• Extended to parallel safety model-checking
Why use Partial Order Reduction?
• The reduced graph is stutter equivalent to the full state graph.
• The reduced graph can be much smaller (an order of magnitude or more) than the full state graph.
Partial Order Reduction
Global State
Local State
Partial Order Reduction
Global State
Local State
Partial Order Reduction
Global State
Local State
Partial Order Reduction
Global State
Local State
Partial Order Reduction
Global State
Local State
Partial Order Reduction
Global State
Local State
Partial Order Reduction
Global State
Local State
Partial Order Reduction
Global State
Local State
Partial Order Reduction
Global State
Local State
Partial Order Reduction
Global State
Local State
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
These statesare
never visited
Parallel Partial Order Reduction
Global State
Local State
Parallel Partial Order Reduction
Global State
Local State
Determine the owner of this state.
Parallel Partial Order Reduction
Global State
Local State
State GeneratorProcess i
State Owner Process j
Package and sendthe state to it’sowner.
Selective State Caching
Global State
Local State
Parallel PV Model-Checker
• Promela Modeling Language
• Partial Order Reduction
• Selective State Caching
• Bandera / X / Web interface
Results: StatesNodes No PO Reduction With PO Reduction All Opts
1 221239 47086 331662 221239 55694 185784 221239 66279 141958 221239 73967 12713
1 1719197 243704 1696372 1719197 283219 1177324 1719197 335102 791648 1719197 383172 63280
1 nc 1243666 8575542 nc 1426706 5767794 13365379 1694581 3819808 13365379 1917546 266735
8 Processes in the Leader Election Model
7 Processes in the Leader Election Model
6 Processes in the Leader Election Model
Results: TimeNodes No PO Reduction With PO Reduction
1 54.786 4.0062 46.061 3.7834 31.158 3.4228 20.270 4.871
1 569.140 21.1052 432.657 14.0804 282.142 9.5488 162.547 8.007
1 nc 132.5222 nc 77.7444 2712.108 47.0098 1522.699 29.693
6 Processes in the Leader Election Model
7 Processes in the Leader Election Model
8 Processes in the Leader Election Model
Results: Memory (MB)Nodes No PO Reduction With PO Reduction
1 45 222 70 404 120 768 219 148
1 213 422 226 644 276 1008 377 181
1 nc 1662 nc 2124 1590 2948 1700 422
6 Processes in the Leader Election Model
7 Processes in the Leader Election Model
8 Processes in the Leader Election Model
Availability
• Latest Release:
http://www.cs.utah.edu/formal_verification/software
• Contact Information:
Robert Palmer: [email protected]
Ganesh Gopalakrishnan: [email protected]