Upload
winifred-george
View
216
Download
0
Embed Size (px)
Citation preview
Scientific Computing
By: Fatima Hallak
To: Dr. Guy Tel-Zur
SPIN Spin home page
Spin targets efficient software verification. Supports a high level language called
PROMELA (a PROcess MEta LAnguage).ً�Written in ANSI standard C Portable across all versions of Unix, Linux,
cygwin, Plan9, Inferno, Solaris, Mac, and Windows
SPIN V 4 provides direct support for the use
of embedded C code as part of model specifications. To directly verify implementation level software specifications, as a driver and as a logic engine to verify high level temporal properties.
V 5 provides direct support for the use of multi-core computers for model checking runs -- supporting both safety and liveness verifications.
Driver for swarm verification (a new form of swarm computing), which can make optimal use of large numbers of available compute cores to leverage parallelism and search diversification techniques.
SPIN’s Functionality
Used to trace logical design errors in distributed systems design, such as operating systems, data communications protocols, switching systems, concurrent algorithms, railway signaling protocols, etc.
Reports on deadlocks, unspecified receptions, flags incompleteness, race conditions, and unwarranted assumptions about the relative speeds of processes
SPIN Supports Dynamically growing and shrinking numbers of
processes, using a rubber state vector technique. Both rendezvous and buffered message passing,
and communication through shared memory. Mixed systems, using both synchronous and
asynchronous communications. Message channel identifiers for both rendezvous and
buffered channels, can be passed from one process to another in messages.
Spin can be used in four main modes
1. Simulator, allowing for rapid prototyping with a random, guided, or interactive simulations
2. Exhaustive verifier, capable of rigorously proving the validity of user specified correctness requirements (using partial order reduction theory to optimize the search) either depth-first or breadth-first search.
3. Proof approximation system that can validate even very large system models with maximal coverage of the state space.
4. a driver for swarm verification which can make optimal use of large numbers of available compute cores to leverage parallelism and search diversification techniques, which increases the chance of locating defects in very large verification models.
Swarm 3.1 – Verification Script generator for SPIN
Syntax: swarm [config_file] [option] *
Script that performs many small verification jobs in parallel that can increase the problem coverage for very large verification problems by about an order of magnitude compared to standard bitstate verification runs. It is meant to be used on models for which standard verification with exhaustive, bitstate, hash-compaction etc. either runs out of memory, or takes more time than is available (e.g., days or weeks).
swarm3.1.tar Swarm uses parallelism and search diversification to reach
its objectives.The user can use a configuration file to define: how many processing cores are available how much memory can be used how much time is maximally available other optional parameter settings.
Based on this information, swarm generates the script that runs as many independent jobs as possible in parallel, without exceeding any of the user-defined constraints.
Swarm can run jobs using local CPU cores or remote machines in a grid network.
Swarm 3.1 is a reimplementation of the algorithm, making more extensive use of search randomization techniques, and taking advantage of some new features implemented for this purpose in Spin Version 5.2 and up
Nondeterministic Finite Automata (NDFA) problem
Nondeterminism is a central concept in CS that appears frequently in applications: grammars of programming languages, algorithms and the interleaving model of concurrency.
The SPIN semantics is existential (a string is accepted if there exists a computation that terminates in an accepting state after reading the entire string)
A primer on Model checking by Moti Ben-Arihttp://stwww.weizmann.ac.il/g-cs/benari/jspin/
NDFA program Programmed using the guarded if-command for nondeterministic
trasitions.For example: {(q5, a, q7), (q5, a, q3), (q5, b, q5)}.
q5:if:: input == ‘a’ -> input = next-symbol; goto q7:: input == ‘a’ -> input = next-symbol; goto q3:: input == ‘b’ -> input = next-symbol; goto q5fi
Next, add the alternative::: end-of-input -> assert(false)
SPIN modes in NDFA
Random simulation is the execution of the NDFA with arbitrary resolution of nondeterministic transitions.
Interactive simulation is the execution of an NDFA with an oracle ensuring that an accepting computation is found
Verification represents the metalevel determination if there exists an accepting computation or not.
Other examples
The Semantics of LTL
AB¬A
(Not)
A Λ B
(and)
A ν B
(or)
A → B
(Implies)
A ↔ B
(Equivalent)
TTFTTTT
TFFFTFF
FTTFTTF
FFTFFTT
The Semantics of LTL
bool wantP = false, wantQ= false;
Active proctype P() {
do
:: wantP = true;
do
:: wantQ ->
wantP = false;
wantP = true
::else -> break
od;
wantP = false
od
}
Active proctype Q() {
do
:: wantQ = true;
do
:: wantP ->
wantQ = false;
wantQ = true
::else -> break
od;
wantQ = false
od
}