The Parallel PV Model-checker Robert Palmer and Ganesh Gopalakrishnan School of Computing University...
-
date post
22-Dec-2015 -
Category
Documents
-
view
217 -
download
0
Transcript of The Parallel PV Model-checker Robert Palmer and Ganesh Gopalakrishnan School of Computing University...
The Parallel PV Model-checker
Robert Palmer and Ganesh Gopalakrishnan
School of Computing
University of Utah
Outline
• Background of parallel PV
• Introduction to:– Partial order reduction– The parallel Twophase algorithm
• Parallel PV model-checker
• Some performance statistics
• Conclusions and availability
Background Of Parallel PV
• Nested DFS based Implementation checks LTL-X properties
• Sequential PV implemented by Dr. Ratan Nalumasu
• Extended to parallel safety model-checking
Why use Partial Order Reduction?
• The reduced graph is stutter equivalent to the full state graph.
• The reduced graph can be much smaller (an order of magnitude or more) than the full state graph.
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
Real (Very Small) Example
Proctype foo () { bit[2] counter; do : : counter ++; od}init{ run foo(); run foo();}
<0,0>
<1,0> <0,1>
<1,1><2,0> <0,2>
<0,3><1,2><2,1><3,0>
<3,1> <2,2> <1,3>
<3,2> <2,3>
<3,3>
These statesare
never visited
Parallel Partial Order Reduction
Global State
Local State
State GeneratorProcess i
State Owner Process j
Package and sendthe state to it’sowner.
Parallel PV Model-Checker
• Promela Modeling Language
• Partial Order Reduction
• Selective State Caching
• Bandera / X / Web interface
Results: StatesNodes No PO Reduction With PO Reduction All Opts
1 221239 47086 331662 221239 55694 185784 221239 66279 141958 221239 73967 12713
1 1719197 243704 1696372 1719197 283219 1177324 1719197 335102 791648 1719197 383172 63280
1 nc 1243666 8575542 nc 1426706 5767794 13365379 1694581 3819808 13365379 1917546 266735
8 Processes in the Leader Election Model
7 Processes in the Leader Election Model
6 Processes in the Leader Election Model
Results: TimeNodes No PO Reduction With PO Reduction
1 54.786 4.0062 46.061 3.7834 31.158 3.4228 20.270 4.871
1 569.140 21.1052 432.657 14.0804 282.142 9.5488 162.547 8.007
1 nc 132.5222 nc 77.7444 2712.108 47.0098 1522.699 29.693
6 Processes in the Leader Election Model
7 Processes in the Leader Election Model
8 Processes in the Leader Election Model
Results: Memory (MB)Nodes No PO Reduction With PO Reduction
1 45 222 70 404 120 768 219 148
1 213 422 226 644 276 1008 377 181
1 nc 1662 nc 2124 1590 2948 1700 422
6 Processes in the Leader Election Model
7 Processes in the Leader Election Model
8 Processes in the Leader Election Model
Availability
• Latest Release:
http://www.cs.utah.edu/formal_verification/software
• Contact Information:
Robert Palmer: [email protected]
Ganesh Gopalakrishnan: [email protected]