DFTCalc: a tool for efficient fault tree analysis (extended version)

Effective risk management is a key to ensure that our nuclear power plants, medical equipment, and power grids are dependable; and is often required by law. Fault Tree Analysis (FTA) is a widely used methodology here, computing important dependability measures like system reliability. This paper presents DFTCalc, a powerful tool for FTA, providing (1) efficient fault tree modelling via compact representations; (2) effective analysis, allowing a wide range of dependability properties to be analysed (3) efficient analysis, via state-of-the-art stochastic techniques; and (4) a flexible and extensible framework, where gates can easily be changed or added. Technically, DFTCalc is realised via stochastic model checking, an innovative technique offering a wide plethora of pow- erful analysis techniques, including aggressive compression techniques to keep the underlying state space small

Concurrent chaining hash maps for software model checking

Stateful model checking creates numerous states which need to be stored and checked if already visited. One option for such storage is a hash map and this has been used in many model checkers. In particular, we are interested in the performance of concurrent hash maps for use in multi-core model checkers with a variable state vector size. Previous research claimed that open addressing was the best performing method for the parallel speedup of concurrent hash maps. However, here we demonstrate that chaining lends itself perfectly for use in a concurrent setting.We implemented 12 hash map variants, all aiming at multicore efficiency. 8 of our implementations support variable-length key-value pairs. We compare our implementations and 22 other hash maps by means of an extensive test suite. Of these 34 hash maps, we show the representative performance of 11 hash maps. Our implementations not only support state vectors of variable length, but also feature superior scalability compared with competing hash maps. Our benchmarks show that on 96 cores, our best hash map is between 1.3 and 2.6 times faster than competing hash maps, for a load factor under 1. For higher load factors, it is an order of magnitude faster

SpinS: Extending LTSmin with Promela through SpinJa

We show how PROMELA can be supported by the high-performance generic model checking tools of LTSMIN. The success of the SPIN model checker has made PROMELA an important modeling language. SPINJA was created as a Java implementation of SPIN, in an effort to make the model checker easily extendible and reusable while maintaining some of its efficiency. While these goals where certainly met, the downside of SPINJA remained its dependability on Java, degrading performance with a factor 5 and obstructing support for embedded C code in PROMELA models. LTSMIN aims at language-independence through the definition of the generic PINS interface. The toolset has shown that a generic model checker can indeed be competitive in terms of efficiency by supporting several languages from different paradigms and implementing many analysis algorithms that compete with other state-of-the-art model checkers. We extended SPINJA to emit C code that implements the PINS interface. We also improved PROMELA support in SPINJA, greatly extending the support of models beyond toy and academic examples. In this paper, we demonstrate the usage of LTSMIN’s analysis algorithms: multi-core model checking of assertion violations, deadlocks and never claims (full LTL), inspection of error trails, partial order reduction, state compression, symbolic reachability and distributed reachability. Our experiments show that the performance of these methods beats other leading model checkers