Create Presentation
Download Presentation

Download Presentation
## Distributed Symbolic Model Checking

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -

**Distributed Symbolic Model Checking**Tamir Heyman Advisors Orna Grumberg and Assaf Schuster Technion Haifa**The Size Problem**• Model Checking takes a model and a specification • This presentation focus on the sub problem known as reachability analysis (RA) • The number of states/vertices is exponential in the number of model variables**The Sequential Solution**• Symbolic Model Checking • Computation is done over sets of states, usually represented as BDDs • Representation size may be polynomial • Memory requirements still a problem • limits model size to ~300 state variables (Bits)**Distributed Method**• The goal is to solve verification problems that cannot fit into the memory of a single machine • We use a large cluster of nodes as if they were one big node. • Each node contributes a local memory and a processor**Distributed Challenges**• What Distributed has to do with NP problems? • We keep the representation efficient as in the sequential algorithm therefore works on polynomial problems. • Why not a single node with larger memory? • The cluster’s memory capacity is proportional to the cluster CPU power. • What is required in order to handle any size? • Keep the efficiency while the system is growing.**W2**S W3 W1 Distributed Symbolic Method • A Complete set of window functions: W1…Wn, defines for each process the part of the state space it owns • S is partitioned to Si=S/\Wi • The parts Si are smaller than the whole set S**Elements of Distributed Symbolic Model Checking [HGGS**CAV00] • Developed for reachability analysis, extended to full model checking • Slicing algorithm • Exchange algorithm • Balance algorithm**W2**W1 Slicing algorithm • Given a set S, the slicing algorithm computes window functions S**Slicing algorithm**• Slicing S according to window functions S1 S2 P1 P2**S2**S2 S1 S1 Exchange algorithm • During a calculation, states may be found that belong to other window • Exchange a set according to window functions**S2**S1 S2 S1 S2 S2 S1 S1 Memory balance • During calculation, the sets that distributed based on current window function may be unbalanced • Balance window functions and exchange the set accordingly**What a Researcher Needs?**• Get a Sequential model checker, implement message passing interface, implement transmission of objects, implement transmission of sets of states represented as BDDs Or • Use the Division system ,under construction. • By Tamir Heyman and Amnon Heyman**What is in the Division?**• Open source • Platform for research • General system • Supporting distributed model checking • Special support in distributed symbolic model checking**The Division’s Structure**Model Checking Mu-Calculus Basic Model Checking Operations Distributed Tool Kit Standard Building Blocks Infrastructure**Infrastructure**• Operating system • Communication • Distributed files system**Standard Building Blocks**• Message Passing Interface (MPI) • Standard Template Library (STL) • Symbolic Model Checker (SMC) • Interface implemented by the SMC MPI STL SMC Standard Building Blocks DTK Interface**Division tool kit**• Collection of independent tools for: • Distributed computation • Distributed model checking • Distributed symbolic model checking**Basic Model Checking Operation**• Exchange • Termination detection • Split**Model Checking Mu-calculus**• Distributed fixpoint • Distributed Reachability analysis • Distributed Full Mu-Calculus**Focus on DTK**Model Checking Mu-Calculus Basic Model Checking Operations Distributed Tool Kit Standard Building Blocks Infrastructure**DTK for distributed Algorithm**• Distributed output • Collected from many processes • Filtered • Transmission of objects • Like in CORBA • Transmission of commands • Executing remote code**DTK for Model Checking**• Interface for model checking engine • Simple, short, hid the complexity • Manager for Pool of processes • Response to partners requests • Collect Idle processes calls**DTK for Symbolic MC**• Transmitting BDDs • Save/load BDD from Disk • Set of states that uses BDD • Implicit mark/release BDD • Implementation of operators: +,-,*,==,!,=**Results**• Slicing is effective at least with 512 slices • Model checking is effective at least using 32 machines • Finds bugs that could not be found by single machine running the sequential algorithm**Future work**• Massive parallelism using hundreds of nodes • Including known orthogonal optimizations to further reduce memory requirements • Improve speedup, by further optimizations**Future Development**• Distributed Reorder • Force the same order in all process • Let Each process choose locally • Do something in between • New fixpoint algorithm • To better utilize O(100) nodes