1,187 research outputs found
The 'test model-checking' approach to the verification of formal memory models of multiprocessors
technical reportWe offer a solution to the problem of verifying formal memory models of processors by com bining the strengths of model checking and a formal testing procedure for parallel machines We characterize the formal basis for abstracting the tests into test automata and associated memory rule safety properties whose violations pinpoint the ordering rule being violated Our experimen tal results on Verilog models of a commercial split transaction bus demonstrates the ability of our method to e??ectively debug design models during early stages of their developmen
The 'Test model-checking' approach to the verification of formal memory models of multiprocessors
technical reportWe offer a solution to the problem of verifying formal memory models of processors by combining the strengths of model-checking and a formal testing procedure for parallel machines. We characterize the formal basis for abstracting the tests into test automata and associated memory rule safety properties whose violations pinpoint the ordering rule being violated. Our experimental results on Verilog models of a commercial split transaction bus demonstrates the ability of our method to effectively debug design models during early stages of their development
Formal Modelling, Testing and Verification of HSA Memory Models using Event-B
The HSA Foundation has produced the HSA Platform System Architecture
Specification that goes a long way towards addressing the need for a clear and
consistent method for specifying weakly consistent memory. HSA is specified in
a natural language which makes it open to multiple ambiguous interpretations
and could render bugs in implementations of it in hardware and software. In
this paper we present a formal model of HSA which can be used in the
development and verification of both concurrent software applications as well
as in the development and verification of the HSA-compliant platform itself. We
use the Event-B language to build a provably correct hierarchy of models from
the most abstract to a detailed refinement of HSA close to implementation
level. Our memory models are general in that they represent an arbitrary number
of masters, programs and instruction interleavings. We reason about such
general models using refinements. Using Rodin tool we are able to model and
verify an entire hierarchy of models using proofs to establish that each
refinement is correct. We define an automated validation method that allows us
to test baseline compliance of the model against a suite of published HSA
litmus tests. Once we complete model validation we develop a coverage driven
method to extract a richer set of tests from the Event-B model and a user
specified coverage model. These tests are used for extensive regression testing
of hardware and software systems. Our method of refinement based formal
modelling, baseline compliance testing of the model and coverage driven test
extraction using the single language of Event-B is a new way to address a key
challenge facing the design and verification of multi-core systems.Comment: 9 pages, 10 figure
Prototyping Formal System Models with Active Objects
We propose active object languages as a development tool for formal system
models of distributed systems. Additionally to a formalization based on a term
rewriting system, we use established Software Engineering concepts, including
software product lines and object orientation that come with extensive tool
support. We illustrate our modeling approach by prototyping a weak memory
model. The resulting executable model is modular and has clear interfaces
between communicating participants through object-oriented modeling.
Relaxations of the basic memory model are expressed as self-contained variants
of a software product line. As a modeling language we use the formal active
object language ABS which comes with an extensive tool set. This permits rapid
formalization of core ideas, early validity checks in terms of formal invariant
proofs, and debugging support by executing test runs. Hence, our approach
supports the prototyping of formal system models with early feedback.Comment: In Proceedings ICE 2018, arXiv:1810.0205
A wide-spectrum language for verification of programs on weak memory models
Modern processors deploy a variety of weak memory models, which for
efficiency reasons may (appear to) execute instructions in an order different
to that specified by the program text. The consequences of instruction
reordering can be complex and subtle, and can impact on ensuring correctness.
Previous work on the semantics of weak memory models has focussed on the
behaviour of assembler-level programs. In this paper we utilise that work to
extract some general principles underlying instruction reordering, and apply
those principles to a wide-spectrum language encompassing abstract data types
as well as low-level assembler code. The goal is to support reasoning about
implementations of data structures for modern processors with respect to an
abstract specification.
Specifically, we define an operational semantics, from which we derive some
properties of program refinement, and encode the semantics in the rewriting
engine Maude as a model-checking tool. The tool is used to validate the
semantics against the behaviour of a set of litmus tests (small assembler
programs) run on hardware, and also to model check implementations of data
structures from the literature against their abstract specifications
GPUVerify: A Verifier for GPU Kernels
We present a technique for verifying race- and divergence-freedom of GPU kernels that are written in mainstream ker-nel programming languages such as OpenCL and CUDA. Our approach is founded on a novel formal operational se-mantics for GPU programming termed synchronous, delayed visibility (SDV) semantics. The SDV semantics provides a precise definition of barrier divergence in GPU kernels and allows kernel verification to be reduced to analysis of a sequential program, thereby completely avoiding the need to reason about thread interleavings, and allowing existing modular techniques for program verification to be leveraged. We describe an efficient encoding for data race detection and propose a method for automatically inferring loop invari-ants required for verification. We have implemented these techniques as a practical verification tool, GPUVerify, which can be applied directly to OpenCL and CUDA source code. We evaluate GPUVerify with respect to a set of 163 kernels drawn from public and commercial sources. Our evaluation demonstrates that GPUVerify is capable of efficient, auto-matic verification of a large number of real-world kernels
Parallelization of cycle-based logic simulation
Verification of digital circuits by Cycle-based simulation can be performed in parallel. The parallel implementation requires two phases: the compilation phase, that sets up the data needed for the
execution of the simulation, and the simulation phase, that consists in executing the parallel simulation of the considered circuit for a certain number of cycles. During the early phase of design, compilation phase has to be repeated each time a bug is found. Thus, if the time of the compilation phase is too high, the advantages stemming from the parallel approach may be lost. In this work we propose an
effective version of the compilation phase and compute the corresponding execution time. We also analyze the percentage of execution time required by the different steps of the compilation phase for
a set of literature benchmarks. Further, we implemented the simulation phase exploiting the GPU architecture, and we computed the execution times for a set of benchmarks obtaining values comparable
with literature ones. Finally, we implemented the sequential version of the Cycle-based simulation in such a way that the execution time is optimized. We used the sequential values to compute the speedup
of the parallel version for the considered set of benchmarks
Nemos: a framework for axiomatic and executable specifications of memory consistency models
technical reportConforming to the underlying memory consistency rules is a fundamental require- ment for implementing shared memory systems and writing multiprocessor programs. In order to promote understanding and enable automated verification, it is highly desir- able that a memory model specification be both declarative and executable. We have developed a specification framework called Nemos (Non-operational yet Executable Memory Ordering Specifications), which employs a uniform notation based on predi- cate logic to define shared memory semantics in an axiomatic as well as compositional style. In this paper, we present this framework and discuss how constraint logic pro- gramming and SAT solving can be used to make these axiomatic specifications exe- cutable for memory model analysis, thus supporting precise specification and automatic execution in the same framework. To illustrate our approach, this paper formalizes a collection of well known memory models, including sequential consistency, coherence, PRAM, causal consistency, and processor consistency
CheckFence: Checking Consistency of Concurrent Data Types on Relaxed Memory Models
Concurrency libraries can facilitate the development of multithreaded programs by providing concurrent implementations of familiar data types such as queues or sets. There exist many optimized algorithms that can achieve superior performance on multiprocessors by allowing concurrent data accesses without using locks. Unfortunately, such algorithms can harbor subtle concurrency bugs. Moreover, they require memory ordering fences to function correctly on relaxed memory models. To address these difficulties, we propose a verification approach that can exhaustively check all concurrent executions of a given test program on a relaxed memory model and can verify that they are observationally equivalent to a sequential execution. Our Check- Fence prototype automatically translates the C implementation code and the test program into a SAT formula, hands the latter to a standard SAT solver, and constructs counterexample traces if there exist incorrect executions. Applying CheckFence to five previously published algorithms, we were able to (1) find several bugs (some not previously known), and (2) determine how to place memory ordering fences for relaxed memory models
- …