The 'Test model-checking' approach to the verification of formal memory models of multiprocessors

technical reportWe offer a solution to the problem of verifying formal memory models of processors by combining the strengths of model-checking and a formal testing procedure for parallel machines. We characterize the formal basis for abstracting the tests into test automata and associated memory rule safety properties whose violations pinpoint the ordering rule being violated. Our experimental results on Verilog models of a commercial split transaction bus demonstrates the ability of our method to effectively debug design models during early stages of their development

The 'test model-checking' approach to the verification of formal memory models of multiprocessors

technical reportWe offer a solution to the problem of verifying formal memory models of processors by com bining the strengths of model checking and a formal testing procedure for parallel machines We characterize the formal basis for abstracting the tests into test automata and associated memory rule safety properties whose violations pinpoint the ordering rule being violated Our experimen tal results on Verilog models of a commercial split transaction bus demonstrates the ability of our method to e??ectively debug design models during early stages of their developmen

Symbolic Reachability Analysis of B through ProB and LTSmin

We present a symbolic reachability analysis approach for B that can provide a significant speedup over traditional explicit state model checking. The symbolic analysis is implemented by linking ProB to LTSmin, a high-performance language independent model checker. The link is achieved via LTSmin's PINS interface, allowing ProB to benefit from LTSmin's analysis algorithms, while only writing a few hundred lines of glue-code, along with a bridge between ProB and C using ZeroMQ. ProB supports model checking of several formal specification languages such as B, Event-B, Z and TLA. Our experiments are based on a wide variety of B-Method and Event-B models to demonstrate the efficiency of the new link. Among the tested categories are state space generation and deadlock detection; but action detection and invariant checking are also feasible in principle. In many cases we observe speedups of several orders of magnitude. We also compare the results with other approaches for improving model checking, such as partial order reduction or symmetry reduction. We thus provide a new scalable, symbolic analysis algorithm for the B-Method and Event-B, along with a platform to integrate other model checking improvements via LTSmin in the future

06121 Abstracts Collection -- Atomicity: A Unifying Concept in Computer Science

From 19.03.06 to 24.03.06, the Dagstuhl Seminar 06121 ``Atomicity: A Unifying Concept in Computer Science\u27\u27 was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

A symbolic partial order reduction algorithm for rule based transition systems

technical reportPartial order reductions are a class of methods that attempt to reduce the state space that must be explored to verify systems by explicit state enumeration. Partial order reduction algorithms have been successfully incorporated into tools such as Spin and VFSM-valid. However, current partial order algorithms assume that the concurrency model is based on processes. Rule based formalisms, such as Unity and Murphi, are another important and widely used class of modeling techniques. Many important types of systems, such as distributed shared memory (DSM) protocols, are best modeled as a set of global transitions. Rule-based systems require a new approach to implementing partial order reduction, since traditional heuristics are not applicable. Also, the traditional methods of computing the dependence relation give approximations that cause many potential reductions to be missed. We propose a novel algorithm based on using a SAT solver to compute the dependence relation, and a new heuristic for computing ample sets for rule based formalisms

Rigorous Design of Distributed Transactions

Database replication is traditionally envisaged as a way of increasing fault-tolerance and availability. It is advantageous to replicate the data when transaction workload is predominantly read-only. However, updating replicated data within a transactional framework is a complex affair due to failures and race conditions among conflicting transactions. This thesis investigates various mechanisms for the management of replicas in a large distributed system, formalizing and reasoning about the behavior of such systems using Event-B. We begin by studying current approaches for the management of replicated data and explore the use of broadcast primitives for processing transactions. Subsequently, we outline how a refinement based approach can be used for the development of a reliable replicated database system that ensures atomic commitment of distributed transactions using ordered broadcasts. Event-B is a formal technique that consists of describing rigorously the problem in an abstract model, introducing solutions or design details in refinement steps to obtain more concrete specifications, and verifying that the proposed solutions are correct. This technique requires the discharge of proof obligations for consistency checking and refinement checking. The B tools provide significant automated proof support for generation of the proof obligations and discharging them. The majority of the proof obligations are proved by the automatic prover of the tools. However, some complex proof obligations require interaction with the interactive prover. These proof obligations also help discover new system invariants. The proof obligations and the invariants help us to understand the complexity of the problem and the correctness of the solutions. They also provide a clear insight into the system and enhance our understanding of why a design decision should work. The objective of the research is to demonstrate a technique for the incremental construction of formal models of distributed systems and reasoning about them, to develop the technique for the discovery of gluing invariants due to prover failure to automatically discharge a proof obligation and to develop guidelines for verification of distributed algorithms using the technique of abstraction and refinement