Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications

PPT

advertisement 
Tintu David Joy
Agenda










Motivation
Better Verification Through Symmetry-basic idea
Structural Symmetry and Multiprocessor Systems
Murϕ verification system
Scalarset
Construction of Equivalent States
Graph Automorphism
Representative of the symmetry equivalence class
Practical Results
Conclusion
2
Motivation
 Network and communication protocols in hardware,
protocols in large multiprocessors
 Protocols are becoming increasingly complex
 Proper verification is important
 Automatic verification of finite state concurrent
systems
 State explosion problem
 Method to reduce the state space??
3
Better Verification Through
Symmetry
• Aim:
– Exploit Symmetries in the system
– e.g. Mutual exclusion algorithm for 2 processes
• Method:
– Extending Murϕ verifier by adding scalar set
–
–
Murϕ verifier -A verification system
Scalar set- a new data type to detect symmetries
– Equivalence relation between the states
– Select one state per equivalence class as representative
• Result:
– Reduction of state space
– More efficient verification
4
Example: Multiprocessor Systems
 Data consistency of local caches is important
 All processors access a shared global memory
 Directory based cache coherence protocol
 Set of rules for coordinating processors, cache
controllers, memory controllers
 Protocol verification need to be done
 Without original state space
 Reduction of state space desirable
5
Structural Symmetry in
Multiprocessor Systems
6
Structural Symmetry
 Directory tracks the
processor
 Processors have distinct
processor –id’s
 Properties of integers are
irrelevant in high-level
protocol description
 Here: ordering of
processor id’s irrelevant
for correctness of
protocol
7
Structural Symmetry
 Standard Verifiers will not detect the symmetries
 Inspects symmetrically equivalent states many times
 Other symmetries
 Addresses, data values,memory module id‘s, message
id‘s
 Consider multiple kind of symmetries
 Two problems:
 Detecting structural symmetries
 Detecting symmetrically equivalent states
8
Murϕ Verification System
• Formal verification system for finite state concurrent
systems
• Mainly used in verifying multiprocessor systems and
cryptographic protocols
• Parts of Murϕ verification system
– Description Language
• Description of finite state asynchronous concurrent systems
– Murϕ Compiler
• C++ program,
• generates reachable states and checks for execution of error
statements, violation of invariants, deadlocks
9
Murϕ Description Language
 Declarations (constant, type, variable, procedure)
 Definitions(transition rule)
 Rules are guarded commands consisting of a condition
and an action
 Nondeterministic selection of rules
 Atomic execution
 Descriptions (start state, invariant)
10
Example:
11
Scalarset
 New datatype in Murϕ
 To facilitate detection of symmetries and testing of equivalent
states
 Features
 Assignment, testing equality/inequality and array indexing
supported
 No arithmetic and comparison operators (other than
equality/inequality testing)
 Convert the subrange to scalar set
 If numerical value of subrange not important
 Enforcing and documenting symmetries

results from permuting members of scalar set
12
Example:
13
Construction of Equivalent States
 Aim:
 Obtain equivalent states

Permuting scalar set entries of the set
 Permutation Process
 When Permutation applied to scalar set

Value modified to corresponding permuted value
 An array indexed by scalar set permuted


Contents of elements are permuted
Elements are rearranged
14
Example:
 Equivalent states are basis for generating a reduced state
space
15
Graph Automorphism
 To specify symmetry formally we use notions of state
graphs and automorphisms
 Can be used to combine abstractly equivalent states
 Definition: A graph automorphism on a state graph
A = (Q, S,Δ) is a one to one mapping h: A
A
16
Graph Automorphism
 The transition relation is preserved
 Graph automorphisms closed under functional
composition induces an equivalence relation on states
 Theorem: The set of permutations π on the scalar set
entries in the states forms a set of graph automorphisms
over the state graph. The set is closed under functional
composition and the corresponding equivalence relation is a
bisimulation
17
Representative of the symmetry
equivalence class
 Only change in Murϕ verifier – canonical function is added
 Canonical function: determines a unique state to represent




the equivalence class
But finding canonical state is hard
The large reduction in state space compensates for the
computation load in canonicalization
In complicated state structure the computation load in
canonicalization is very high
Observation: Any subset of states in the equivalence class
can be used to represent the class and still give sound
verification algorithm for safety properties
18
Normalization
 Canonicalization algorithm: all permutations are
generated and lexicographically smallest state is used
as canonical state
 So Normalization Algorithm
 Seperates states into two
 Part with most significant bits is canonicalized with few
canonicalized permutations
 Second part is normalized by one permutation used to
canonicalize the first part
 Result is a normalized state of a small lexicographically
value
19
Practical Results
 Symmetry based algorithm in Murϕ verification
system
 Verified cache coherence protocol on DASH
multiprocessor
 Processing nodes communicating to memory modules
 Each processing nodes have its own processors and
caches
20
Result on Cache coherence
protocol
 Processing nodes- 2,3,4
 Reduced state space by 90%
21
Data Saturation
 Exploiting data-independence
 Theorem: For any finite state system with M scalarsets
that are not used as array indexes, there exists finite
integers N1...Nm such that the reduced state graph has the
same size as the one obtained from the system with the
scalar sets of sizes N1...Nm or above, even if the sizes
approach infinity.

Reduce the infinite state space to a finite one
22
Conclusion
 Symmetry can be exploited in verification of
concurrent systems
 Rotational symmetry can also be done in the same way
 Can be applied to other high level languages,
specifications and models
 In several cases more efficient verification due to
reduced state space
23
Thank you for the attention
Related documents
Identity verification in the private sector
Identity verification in the private sector
PPT
PPT
What is Verification (PPT, 3683 kB )
What is Verification (PPT, 3683 kB )
Symmetry & boundary conditions
Symmetry & boundary conditions
Verification principle - mrslh Philosophy & Ethics
Verification principle - mrslh Philosophy & Ethics
1101213423_刘星 - 北京大学互联网信息工程研发中心
1101213423_刘星 - 北京大学互联网信息工程研发中心
Awakening the Sleeping Giant
Awakening the Sleeping Giant
DO-178B and DO-178C Software Considerations in Airborne
DO-178B and DO-178C Software Considerations in Airborne
MATH 343: Introduction to Algebraic Structures
MATH 343: Introduction to Algebraic Structures
modulo generates
modulo generates
Symmetry Breaking Constraints in Constraint Programming
Symmetry Breaking Constraints in Constraint Programming
Symmetry Groups
Symmetry Groups
Physical Symmetries, Overarching Symmetries - PhilSci
Physical Symmetries, Overarching Symmetries - PhilSci
Download
advertisement