External Program Model Checking Stefan Edelkamp, Shahid Jabar, Dino Midzic, Daniel Rikowski and...
25
External Program Model Checking Stefan Edelkamp, Shahid Jabar, Dino Midzic, Daniel Rikowski and Damian Sulewski Computer Science Department University of Dortmund Otto-Hahn Straße 14
-
Upload
chrystal-mcdonald -
Category
Documents
-
view
213 -
download
0
Transcript of External Program Model Checking Stefan Edelkamp, Shahid Jabar, Dino Midzic, Daniel Rikowski and...
External Program Model Checking
Stefan Edelkamp, Shahid Jabar, Dino Midzic, Daniel Rikowski and Damian Sulewski
Computer Science Department
University of Dortmund
Otto-Hahn Straße 14
- Why software model checking
- States in our program model checker StEAM
- Externalization Algorithm
- Experimental results
Motivation - Overview
Int main(int argc, char ** argv) {
int a = 0;
int b = 7;
int c = b / a;
}
Int main(int argc, char ** argv) {
int a = 0;
int b = 7;
int c = b / a;
}
Model checker
Formal specification of code
manual rewriting
Checking a software implementation rather then a formal specification
Formal specification of code
manual rewriting
Checking a software implementation rather then a formal specification
Int main(int argc, char ** argv) {
int a = 0;
int b = 7;
int c = b / a;
}
Model checker
Int main(int argc, char ** argv) {
int a = 0;
int b = 7;
int c = b / a;
}
Error trail
manual rewriting
Checking a software implementation rather then a formal specification
Model checker
Int main(int argc, char ** argv) {
int a = 0;
int b = 7;
int c = b / a;
}
Int main(int argc, char ** argv) {
int a = 0;
int b = 7;
int c = b / a;
}
Model checker
Virtual Machine Compiler
Using a virtual machine to explore a model
Int main(int argc, char ** argv) {
int a = 0;
int b = 7;
int c = b / a;
}
Model checker
Virtual Machine
Model checker
Virtual Machine
Assumes an error free virtual machine
+ Can detect errors in the implementation
+ User is not required to be familiar with modeling language
- Exceeds the available memory
- Slows down the exploration
Using a virtual machine to explore a model
Int main(int argc, char ** argv) {
int a = 0;
int b = 7;
int c = b / a;
}
Compiler
Int main(int argc, char ** argv) {
int a = 0;
int b = 7;
int c = b / a;
}
Model checker
Virtual Machine
Techniques for state space compression
- Partial order reduction
- Minimal binary state encoding
- Abstraction methods
- Bit-state hashing
- Search heuristics
External model checking
- Using virtual memory can slow down the performance significantly
- General purpose virtual memory scheme is used
- External memory algorithms are more informed about the states
- Show remarkable performance in the large-scale analysis of games
- Introduced in explicit-state model checker SPIN
=physical memory = VM_memory
PCFPSPR0…
FP0
m1
s1
Obj. file mem. Image(MI)
------------------------zero ebd<_erno>move (4,%r2),%r3……------------------------Int a,b,c …------------------------Int d=12Int e=17Int f=-1…------------------------
Code-Section
BSS-Section
Data-Sectiona=4b=6c=12
BSS-memory
=program memory
dyn. alloc.regions
States in StEAM
PCFPSPR0…
FP0
m2
s2
mn1
mn2
mn3
memory-pool
li1
li2
li3
lock-pool
PCFPSPR0…
FP0
mn
sn
The externalization algorithm
- Relaxed the requirement of a constant main memory
- Mini-states
- Pointer to a full system state on the secondary memory
- Its predecessor information
- Constant size in contrast to a full state
The externalization algorithm
CacheMini-states Secondary memory
Internal memory
The externalization algorithm
Cache Secondary memoryMini-states
Internal memory
The externalization algorithm
Cache Secondary memoryMini-states
Internal memory
The externalization algorithm
Cache Secondary memoryMini-states
Internal memory
The externalization algorithm
Cache Secondary memoryMini-states
Internal memory
The externalization algorithm - external collapse compression
Full stateCaches Files
Data - Section
BSS - Section
Stack
Fixed values
Experimental results
- first running case study: the Dining Philosophers
0
200
400
600
800
1000
1200
1400
25 50 100 150 200 250 300
external
collapse
original
Experimental results – Philosophers using most blocked heuristic
Internal memory in MB
Philosophers
0
50000
100000
150000
200000
250000
300000
350000
400000
50 100 150 200 250 300
external
collapse
original
Experimental results – Philosophers using most blocked heuristic
Time in seconds
Philosophers
0
10000
20000
30000
40000
50000
60000
70000
80000
90000
50 100 150
external
collapse
original
Experimental results – Philosophers using most blocked heuristic
Time in seconds
Philosophers
8
7 6
5
4
3
2 1
Experimental results
- second running case study: the 8-Puzzle
0
10000
20000
30000
40000
50000
60000
70000
15 16 17 18 19 20 21
extern
collapse
original
Experimental results – 8-Puzzle using Breath First Search
Time in seconds
Moves
0
500
1000
1500
2000
2500
15 16 17 18 19 20 21
extern
collapse
original
Experimental results – 8-Puzzle using Breath First Search
Internal memory in MB
Moves
Conclusion and future work
- StEAM is the first external program model checker
- Largest exploration in program model checking
- Software still experimental
- Can be used for non-deterministic programs
- Further information on
http://bugfinder.sourceforge.net
