Skip to main content
SpringerLink
Log in
Book cover

International Conference on Verification, Model Checking, and Abstract Interpretation

VMCAI 2016: Verification, Model Checking, and Abstract Interpretation pp 311–327Cite as

Cloud-Based Verification of Concurrent Software

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9583))

Abstract

Logic model checkers are unparalleled in their ability to reveal subtle bugs in multi-threaded software systems. The underlying verification procedure is based on a systematic search of potentially faulty system behaviors, which can be computationally expensive for larger problem sizes. In this paper we consider if it is possible to significantly reduce the runtime requirements of a verification with cloud computing techniques. We explore the use of large numbers of CPU-cores, that each perform small, fast, independent, and randomly different searches to achieve the same problem coverage as a much slower stand-alone run on a single CPU. We present empirical results to demonstrate what is achievable.

G.J. Holzmann—This research was carried out at the Jet Propulsion Laboratory, California Institute of Technology, under a contract with the National Aeronautics and Space Administration.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Bloom, B.H.: Space/Time trade-offs in hash coding with allowable errors. Comm. ACM 13(7), 422–426 (1970)

    Article  MATH  Google Scholar 

  2. Adsul, B., Flood, C.H., Garthwaite, A.T., Martin, P.A., Shavit, N.N., Steele Jr., G.L.: Even better DCAS-based concurrent deques. In: Herlihy, M.P. (ed.) DISC 2000. LNCS, vol. 1914, pp. 59–73. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  3. Doherty, S., Detlefs, D.L., Groves, L., et al.: DCAS is not a silver bullet for nonblocking algorithm design. In: Gibbons, P.B., Adler, M. (eds.) Proceedings of Sixteenth Annual ACM Symposium on Parallel Algorithms, pp. 216–224, Barcelona (2004)

    Google Scholar 

  4. Dwyer, M.B., Elbaum, S.G., et al.: Parallel randomized state-space search. In: Proceedings of ICSE 2007, pp. 3–12 (2007)

    Google Scholar 

  5. Havelund, K.: Mechanical verification of a garbage collector. In: Proceedings of International Workshop on High-Level Parallel Programming Models and Supportive Environments, pp. 1258–1283, Puerto Rico (1999)

    Google Scholar 

  6. Holzmann, G.J.: On limits and possibilities of automated protocol analysis. In: Proceedings of 6th International Conference on Protocol Specification, Testing and Verification INWG IFIP, pp. 339–344 (1987)

    Google Scholar 

  7. Holzmann, G.J., Smith, M.H.: Automating software feature verification. Bell Labs Tech. J. 5(2), 72–87 (2000). Special Issue on Software Complexity

    Article  Google Scholar 

  8. Holzmann, G.J.: The Spin Model Checker - Primer and Reference Manual. Addison-Wesley, Reading (2004)

    Google Scholar 

  9. Holzmann, G.J., Joshi, R., Groce, A.: Swarm verification techniques. IEEE Trans. Softw. Eng. 37(6), 845–857 (2011)

    Article  Google Scholar 

  10. Holzmann, G.J., Florian, M.: Model checking with bounded context switching. Formal Aspects Comput. 23(3), 365–389 (2001)

    Article  Google Scholar 

  11. Holzmann, G.J.: Mars code. Commun. ACM 57(2), 64–73 (2014)

    Article  Google Scholar 

  12. Erratum to [11]. http://spinroot.com/dcas/

  13. Joshi, R., Holzmann, G.J.: A mini challenge: build a verifiable filesystem. In: Proceedings of Verified Software: Theories, Tools, Experiments, Formal Aspects of Computing, vol. 19(2), pp. 269–272 (2007)

    Google Scholar 

  14. Modex, a model extractor for C code. http://spinroot.com/modex/

  15. Penix, J., Visser, W., Pasareanu, C., et al.: Verifying time partitioning in the DEOS scheduling kernel. Formal Meth. Syst. Des. J. 26(2), 103–135 (2005)

    Article  MATH  Google Scholar 

  16. The logic model checker Spin. http://spinroot.com/

  17. The Fleet distributed system. https://github.com/coreos/fleet/

Download references

Author information

Authors and Affiliations

  1. NASA Jet Propulsion Laboratory, California Institute of Technology, Pasadena, CA, USA

    Gerard J. Holzmann

Authors
  1. Gerard J. Holzmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gerard J. Holzmann .

Editor information

Editors and Affiliations

  1. EPFL IC-DO, Lausanne, Switzerland

    Barbara Jobstmann

  2. Microsoft Research, Redmond, Washington, USA

    K. Rustan M. Leino

A Appendix: Bitstate Hash Storage

A Appendix: Bitstate Hash Storage

The bitstate hash storage method [6] can most easily be understood as an application of the theory of Bloom filters [1]. The storage method is used in explicit state on-the-fly model checkers, such as Spin [8], for fast approximate searches in statespaces that are too large to be explored exhaustively. The method uses one or more hash functions with uniform random distribution to compute 64-bit signatures of each newly generated reachable state.

A hash-arena of, say, 32 GB (\(2^{35}{} \) bytes) contains \(2^{38}{} \)  addressable bits. If using a single hash-function, we can use the 64 available bits from the hash signature to produce a 35-bit address into the hash-arena. If the bit at this address is at its initial value of zero, then we know that the newly generated state was not visited before in the search. We now record the fact that the state has been explored by setting that bit position to a one, so that the next time this state shows up in the search we know that we do not have to explore it again.

If the size of a single state descriptor for this example is \(2^{10}{} \) bytes, we would not be able to store more than \(2^{35}/2^{10}=2^{25}{} \)  unique states in 32 GB (about 33.5 million). The bitstate storage method on the other hand, can in principle store up to \(2^{38}{} \)  or 275 billion unique states, for an increase of almost four orders of magnitude.

In sufficiently many bits are used to index the hash-arena, the probability of hash collisions can be very small. A hash collision would happen if two states that are not equal produce the same 35-bit hash signature. The search truncates in this case, which means that it is no longer guaranteed to be exhaustive. We can reduce the probability of hash collisions effectively by using multiple hash-functions for each state, which then corresponds to checking and setting multiple bit-positions. If \(h\) hash-functions are used, for instance, a hash-collision must now occur on all \(h\) bit-positions for the state to be affected. The Spin model checker uses three hash-functions per state by default, but the number is user-selectable.

For large state spaces, or large state descriptors, where exhaustive storage of a complete statespace with a traditional method is infeasible, the bitstate storage method is an attractive alternative to increase problem coverage, by a significant margin. Another advantage of the use of a bistate storage method for large problem sizes is that for a given size of the hash-arena, the maximal runtime of the algorithm is fixed and known, independent of the actual statespace size.

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Holzmann, G.J. (2016). Cloud-Based Verification of Concurrent Software. In: Jobstmann, B., Leino, K. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2016. Lecture Notes in Computer Science(), vol 9583. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-49122-5_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-49122-5_15

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-49121-8

  • Online ISBN: 978-3-662-49122-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation