Using SPIN to Model Check Concurrent Algorithms, using a ...
Recommend Documents
We sugges the ÷-calculus is not an ideal model for building a concurrent language ... ÷-calculus is synchronous, so the process putting a value in a channel must wait until ...... In Proceedings of ECOOP'91, P.America (ed.), LNCS 512, pp.133-. 147.
programs). In the model-checking literature, parameterized programs have been ... However, the fact that Eve declares the global state one thread at a time can.
model through java programming. Keywordsâ ... period of time. Java is just a computer language [5] that has secure, .... Tamil Nadu, India in the year 1979.
Markus Lumpe, Jean-Guy Schneider, Oscar Nierstrasz. Software ... Pierce and Turner's encoding of objects as processes in the experimental PICT program-.
Evans et al. actually propose ..... [4] S. Brodsky, T. Clark, S. Cook, A. S. Evans, and S. Kent, ... [15] J. Derrick, D. Akehurst, and E. Boiten, "A framework for UML ...
Second, a formal model must contain things that are typ- ... A data object with global scope can be referred to by all processes. .... A message field of type chan, can be used to pass a channel identifier through a channel from one process.
such as Java, C# and VB. ... This is an issue because in concurrent programs threads compete against each other for ..... this issue by associating a colour to each object. ... The Thread State Diagram consists of six interconnected states ..... Lear
domain. We propose two types of marginal histogram models: the fixed-width histogram .... probability density of bin where the best solution is located.
Apr 16, 2009 - Acknowledgement ll praise and thanks are due to Almighty Allah, Most Gracious; Most Merciful, ... Faris for being there for me in good and bad.
Regression Model Selection Using Genetic Algorithms. SANDRA PATERLINIa and TOMMASO MINERVAb a Dept. of Political Economics, Univ. of Modena and ...
r18 â¡ [z4]2 â b.. ..... JGAP, a Java Genetic Algorithms Package [16]. .... ited, July 2011) JGAP - Java Genetic Algorithms and Genetic Programming.
itself to software model checking using a virtual machine approach. C ... rithm in Java, and use the richer feature set of a Java model checker, ..... Microsoft Visual C# .NET Language Reference. Microsoft. Press, Redmond, USA, 2002. 23.
Among existing software model checkers for multi-threaded programs, ... reachable system state [10], accounting for non-determinism in external inputs, such as ...
Jan 8, 2013 - Model Development. Porting ..... maximum community production rate dâ1 Ï ..... ing, edited by: Arge, E., Bruaset, A. M., and Langtangen, H. P.,.
Assessing Principles of Set-‐Based Concurrent Engineering. Using a ...
Concurrent engineering, using the Delta Design Game by L.Bucciarelli.
FRANCESC ...
A Model for Predicting Ischemic Stroke Using Data Mining. Algorithms. BALAR Khalid1 and NAJI Abdelwahab2. 1 Department of Computer Science, Hassan II ...
The NSL-KD data set was used which consisted of 25,192 entries with 22 different types of data .... higher efficiency and lower false using the NSL-KDD data set.
In the write-back stage all the store data (including target stores) in the memory buffer will be committed and written to the cache memory. The write-back stages ...
Nov 27, 2005 - Rabbat's technique is intended to facilitate the .... [21] S. B. Michael Grant and Y. Ye. ... [24] M. Rabbat, J. Haupt, A. Singh, and R. D. Nowak.
represented as a set of hierarchical states instead of processes. ... Reset Input Flows. 3 .... supervision purposes, a device to measure the quantity of water in the ... Control Level performs the main actions by opening and closing the pumps ...
The main function of the continuation stage is to compute recurrence variables ..... 512KB, 4-way associative, with a block size of 128 bytes, although we do ...
How to Check-out EBooks Using a Computer.pdf. How to Check-out EBooks Using a Computer.pdf. Open. Extract. Open with. Si
Equation 3(a,b) calculate the saturation vapor pressure for iron above and below its ... The model was applied to planet HD 209458b, as this planet has been ...
Precipitation of phosphate minerals from liquid swine manure is an established ... demonstrated that Visual Minteq can be used to pre-determine the concentration of ... appropriate base and Mg2+ dose requires jar testing, which is .... the presence o
Using SPIN to Model Check Concurrent Algorithms, using a ...
Model checking. • SPIN model checker and Promela. 1.2 Motivation. • Use SPIN
to automatically analyze concurrent algorithms written in (a significant subset of)
...
Using SPIN to Model Check Concurrent Algorithms, using a translation from C to Promela
Ke Jiang Bengt Jonsson Uppsala University
1. Introduction 1.1 Background
Informationsteknologi
•
To achieve performance, complex concurrent algorithms have been developed, but are hard to get correct, e.g. concurrent queue algorithms
•
Model checking
•
SPIN model checker and Promela
1.2 Motivation •
Use SPIN to automatically analyze concurrent algorithms written in (a significant subset of) C
•
Automatically abstract Promela models from input C codes
1.3 Related works Modex and our previous paper [Bengt Jonsson, MCC 08]
Institutionen för informationsteknologi | www.it.uu.se
2. A motivating example
Informationsteknologi
Concurrent queue algorithms Translation from peudocode of Michael and Scott's blocking queue algorithm (also in our previous work) Such algorithms will likely cause bottlenecks in concurrent programs
Institutionen för informationsteknologi | www.it.uu.se
struct node_t { int value; struct node_t *next; };
Informationsteknologi
struct queue_t { struct node_t *Head; struct node_t *Tail; int H_lock; int T_lock; };
node_t and queue_t are used to create linked lists
value Head
7
The two locks in queue_t allow concurrent access
3
Other algorithms might use CAS instead of locks
9 Tail
Institutionen för informationsteknologi | www.it.uu.se
5
next
3. Promela
Informationsteknologi
Promela is a modeling language designed for state space exploration of finite-state models
Promela has C-like syntax Processes Basic data types Control flows Communications No dynamically allocated data structures No functions and function calls
Institutionen för informationsteknologi | www.it.uu.se
4. Implementation CIL (C Intermediate Language): the carrier of our translator
Informationsteknologi
•
Handles the parsing and semantic analysis of C programs
•
Compiles valid C programs into core constructs (e.g. the loops)
•
Can be guided to perform user defined transformation (e.g. the translator we developed)
•
Provides C syntax trees for our translator
Institutionen för informationsteknologi | www.it.uu.se
4. Implementation The whole translation flow
Informationsteknologi Institutionen för informationsteknologi | www.it.uu.se
5. Syntax-directed translation 5.1 Data Structures and Statements
Informationsteknologi
Translate in a straight-forward fashion:
Simple statements and control structures Integers and arrays Pointers and structures
Institutionen för informationsteknologi | www.it.uu.se
struct record{ int min; int max; };
Informationsteknologi
... struct record r; for(x=0; x break :: else -> y = 0; do :: (!(y < 4)) -> break :: else -> if :: (a[y] > a[(y + 1)]) -> temp = a[(y + 1)]; a[(y + 1)] = a[y]; a[y] = temp :: else fi; y ++ od; x ++ od; r.min = a[0]; r.max = a[4]; ...
Dynamically allocated memory simulated by dedicated array Integers and structures One array per data type All memory operations must be type-respecting Pointer arithmetic is not supported
Institutionen för informationsteknologi | www.it.uu.se
Dynamically allocated memory simulated by dedicated array Integers and structures One array per data type All memory operations must be type-respecting
2
Pointer arithmetic is not supported 5 1
A example of a “static” list in Promela
0 4 3
Institutionen för informationsteknologi | www.it.uu.se
Pointer assignments will be translated into integer assignments
•
Assignments to the original variable by pointers will be translated to assignments corresponding positions of memory arrays
struct person{ int age; }; ... struct person *ptr; struct person *temp; ... ptr = temp; ... temp->age = 24; ...
Institutionen för informationsteknologi | www.it.uu.se
typedef person { int age; } person person_mem[9]; int person_valid[9]; ... int ptr; int temp; ... ptr = temp; ... person_mem[temp].age = 24; ...
5. Syntax-directed translation
Informationsteknologi
Memory allocations using malloc are simulated
Memory releases using free are analogous
struct person{ int age; }; ... struct person *ptr; ptr = malloc(sizeof(struct person)); ... free(ptr); ...
Institutionen för informationsteknologi | www.it.uu.se
typedef person { int age; } person person_mem[9]; int person_valid[9]; ... int ptr; $$$ //person_ct gets first available position of person_valid ptr = person_ct; ... d_step { person_valid[ptr] = 0; person_mem[ptr].age = 0 }; ...
No function concept in Promela! Need to be emulated
•
Use process to simulate functions
Function definitions: parameters and function body Function calls: into 3 steps. Exceptions: lock and unlock Return statements: emulate the two properties of return. Recursive functions: are automatically handled. Recursion depth need to be noticed
Institutionen för informationsteknologi | www.it.uu.se
Informationsteknologi
int test(int a, int b){ if(a >= b) return a; else return b; } ... int x = 2; int y = 3; test(x, y); ...
proctype test(chan in_test; int a; int b){ if :: (a >= b) -> in_test ! a; goto end :: else -> in_test ! b; goto end fi; end : printf ("End of test") } ... chan ret_test = [0] of { int }; int x; int y; int tmp; x = 2; y = 3; run test(ret_test, x, y); ret_test ? tmp; ...
Institutionen för informationsteknologi | www.it.uu.se
6. Experiments
Informationsteknologi
•
We denote test harnesses using a sequence of E (enqueue) and D (dequeue) in threads separated by I, e.g. EE|DD.
•
Two verification modes: Exhaustive and Bitstate
•
The following experiments were performed using Exhaustive mode
Institutionen för informationsteknologi | www.it.uu.se
6. Experiments
Informationsteknologi
•
We denote test harnesses using a sequence of E (enqueue) and D (dequeue) in threads separated by I, e.g. EE|DD.
•
Two verification modes: Exhaustive and Bitstate
•
The following experiments were performed using Exhaustive mode 900
100,000 Institutionen för informationsteknologi | www.it.uu.se
7. Conclusion
Informationsteknologi
Automatic translation from C to Promela makes model checking C programs using SPIN possible.
Innovative solutions for “untranslatable” structures in previous works, e.g. pointers and functions.
Still does not have the same capabilities comparing to our manual work, e.g. no impact of weak memory models, not as efficient.
Institutionen för informationsteknologi | www.it.uu.se
8. Future works
Informationsteknologi
•
Add the impact of weak memory models
•
Optimize the current translation – Better output layout – Support more complex C structures, e.g. multi-dimensional arrays, pointer to pointers – Divide necessary statements into atomic parts, e.g. x++
•
Garbage collection
Institutionen för informationsteknologi | www.it.uu.se
