1 / 24

Better Verification Through Symmetry

Better Verification Through Symmetry. Tintu David Joy . Agenda . Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system Scalarset Construction of Equivalent States Graph Automorphism

walter
Télécharger la présentation

Better Verification Through Symmetry

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Better Verification Through Symmetry Tintu David Joy

  2. Agenda • Motivation • Better Verification Through Symmetry-basic idea • Structural Symmetry and Multiprocessor Systems • Murϕ verification system • Scalarset • Construction of Equivalent States • Graph Automorphism • Representative of the symmetry equivalence class • Practical Results • Conclusion

  3. Motivation • Network and communication protocols in hardware, protocols in large multiprocessors • Protocols are becoming increasingly complex • Proper verification is important • Automatic verification of finite state concurrent systems • State explosion problem • Method to reduce the state space??

  4. Better Verification Through Symmetry • Aim: • Exploit Symmetries in the system • e.g. Mutual exclusion algorithm for 2 processes • Method: • Extending Murϕ verifier by adding scalar set • Murϕ verifier -A verification system • Scalar set- a new data type to detect symmetries • Equivalence relation between the states • Select one state per equivalence class as representative • Result: • Reduction of state space • More efficient verification

  5. Example: Multiprocessor Systems • Data consistency of local caches is important • All processors access a shared global memory • Directory based cache coherence protocol • Set of rules for coordinating processors, cache controllers, memory controllers • Protocol verification need to be done • Without original state space • Reduction of state space desirable

  6. Structural Symmetry in Multiprocessor Systems

  7. Structural Symmetry • Directory tracks the processor • Processors have distinct processor –id’s • Properties of integers are irrelevant in high-level protocol description • Here: ordering of processor id’s irrelevant for correctness of protocol

  8. Structural Symmetry • Standard Verifiers will not detect the symmetries • Inspects symmetrically equivalent states many times • Other symmetries • Addresses, data values,memory module id‘s, message id‘s • Consider multiple kind of symmetries • Two problems: • Detecting structural symmetries • Detecting symmetrically equivalent states

  9. Murϕ Verification System • Formal verification system for finite state concurrent systems • Mainly used in verifying multiprocessor systems and cryptographic protocols • Parts of Murϕ verification system • Description Language • Description of finite state asynchronous concurrent systems • Murϕ Compiler • C++ program, • generates reachable states and checks for execution of error statements, violation of invariants, deadlocks

  10. Murϕ Description Language • Declarations (constant, type, variable, procedure) • Definitions(transition rule) • Rules are guarded commands consisting of a condition and an action • Nondeterministic selection of rules • Atomic execution • Descriptions (start state, invariant)

  11. Example:

  12. Scalarset • New datatype in Murϕ • To facilitate detection of symmetries and testing of equivalent states • Features • Assignment, testing equality/inequality and array indexing supported • No arithmetic and comparison operators (other than equality/inequality testing) • Convert the subrange to scalar set • If numerical value of subrange not important • Enforcing and documenting symmetries • results from permuting members of scalar set

  13. Example:

  14. Construction of Equivalent States • Aim: • Obtain equivalent states • Permuting scalar set entries of the set • Permutation Process • When Permutation applied to scalar set • Value modified to corresponding permuted value • An array indexed by scalar set permuted • Contents of elements are permuted • Elements are rearranged

  15. Example: • Equivalent states are basis for generating a reduced state space

  16. Graph Automorphism • To specify symmetry formally we use notions of state graphs and automorphisms • Can be used to combine abstractly equivalent states • Definition: A graph automorphism on a state graph A = (Q, S,Δ) is a one to one mapping h: A A

  17. Graph Automorphism • The transition relation is preserved • Graph automorphismsclosed under functional composition induces an equivalence relation on states • Theorem: The set of permutations πon the scalar set entries in the states forms a set of graph automorphisms over the state graph. The set is closed under functional composition and the corresponding equivalence relation is a bisimulation

  18. Representative of the symmetry equivalence class • Only change in Murϕ verifier – canonical function is added • Canonical function: determines a unique state to represent the equivalence class • But finding canonical state is hard • The large reduction in state space compensates for the computation load in canonicalization • In complicated state structure the computation load in canonicalization is very high • Observation: Any subset of states in the equivalence class can be used to represent the class and still give sound verification algorithm for safety properties

  19. Normalization • Canonicalization algorithm: all permutations are generated and lexicographically smallest state is used as canonical state • So Normalization Algorithm • Seperates states into two • Part with most significant bits is canonicalized with few canonicalized permutations • Second part is normalized by one permutation used to canonicalize the first part • Result is a normalized state of a small lexicographically value

  20. Practical Results • Symmetry based algorithm in Murϕ verification system • Verified cache coherence protocol on DASH multiprocessor • Processing nodes communicating to memory modules • Each processing nodes have its own processors and caches

  21. Result on Cache coherence protocol • Processing nodes- 2,3,4 • Reduced state space by 90%

  22. Data Saturation • Exploiting data-independence • Theorem: For any finite state system with M scalarsets that are not used as array indexes, there exists finite integers N1...Nm such that the reduced state graph has the same size as the one obtained from the system with the scalar sets of sizes N1...Nm or above, even if the sizes approach infinity. • Reduce the infinite state space to a finite one

  23. Conclusion • Symmetry can be exploited in verification of concurrent systems • Rotational symmetry can also be done in the same way • Can be applied to other high level languages, specifications and models • In several cases more efficient verification due to reduced state space

  24. Thank you for the attention

More Related