Scientific Computing By: Fatima Hallak To: Dr. Guy Tel-Zur.

Scientific Computing

By: Fatima Hallak

To: Dr. Guy Tel-Zur

SPIN Spin home page

Spin targets efficient software verification. Supports a high level language called

PROMELA (a PROcess MEta LAnguage).ً�Written in ANSI standard C Portable across all versions of Unix, Linux,

cygwin, Plan9, Inferno, Solaris, Mac, and Windows

SPIN V 4 provides direct support for the use

of embedded C code as part of model specifications. To directly verify implementation level software specifications, as a driver and as a logic engine to verify high level temporal properties.

V 5 provides direct support for the use of multi-core computers for model checking runs -- supporting both safety and liveness verifications.

Driver for swarm verification (a new form of swarm computing), which can make optimal use of large numbers of available compute cores to leverage parallelism and search diversification techniques.

SPIN’s Functionality

Used to trace logical design errors in distributed systems design, such as operating systems, data communications protocols, switching systems, concurrent algorithms, railway signaling protocols, etc.

Reports on deadlocks, unspecified receptions, flags incompleteness, race conditions, and unwarranted assumptions about the relative speeds of processes

SPIN Supports Dynamically growing and shrinking numbers of

processes, using a rubber state vector technique. Both rendezvous and buffered message passing,

and communication through shared memory. Mixed systems, using both synchronous and

asynchronous communications. Message channel identifiers for both rendezvous and

buffered channels, can be passed from one process to another in messages.

Spin can be used in four main modes

1. Simulator, allowing for rapid prototyping with a random, guided, or interactive simulations

2. Exhaustive verifier, capable of rigorously proving the validity of user specified correctness requirements (using partial order reduction theory to optimize the search) either depth-first or breadth-first search.

3. Proof approximation system that can validate even very large system models with maximal coverage of the state space.

4. a driver for swarm verification which can make optimal use of large numbers of available compute cores to leverage parallelism and search diversification techniques, which increases the chance of locating defects in very large verification models.

Swarm 3.1 – Verification Script generator for SPIN

Syntax: swarm [config_file] [option] *

Script that performs many small verification jobs in parallel that can increase the problem coverage for very large verification problems by about an order of magnitude compared to standard bitstate verification runs. It is meant to be used on models for which standard verification with exhaustive, bitstate, hash-compaction etc. either runs out of memory, or takes more time than is available (e.g., days or weeks).

swarm3.1.tar Swarm uses parallelism and search diversification to reach

its objectives.The user can use a configuration file to define: how many processing cores are available how much memory can be used how much time is maximally available other optional parameter settings.

Based on this information, swarm generates the script that runs as many independent jobs as possible in parallel, without exceeding any of the user-defined constraints.

Swarm can run jobs using local CPU cores or remote machines in a grid network.

Swarm 3.1 is a reimplementation of the algorithm, making more extensive use of search randomization techniques, and taking advantage of some new features implemented for this purpose in Spin Version 5.2 and up

Nondeterministic Finite Automata (NDFA) problem

Nondeterminism is a central concept in CS that appears frequently in applications: grammars of programming languages, algorithms and the interleaving model of concurrency.

The SPIN semantics is existential (a string is accepted if there exists a computation that terminates in an accepting state after reading the entire string)

A primer on Model checking by Moti Ben-Arihttp://stwww.weizmann.ac.il/g-cs/benari/jspin/

NDFA program Programmed using the guarded if-command for nondeterministic

trasitions.For example: {(q5, a, q7), (q5, a, q3), (q5, b, q5)}.

q5:if:: input == ‘a’ -> input = next-symbol; goto q7:: input == ‘a’ -> input = next-symbol; goto q3:: input == ‘b’ -> input = next-symbol; goto q5fi

Next, add the alternative::: end-of-input -> assert(false)

SPIN modes in NDFA

Random simulation is the execution of the NDFA with arbitrary resolution of nondeterministic transitions.

Interactive simulation is the execution of an NDFA with an oracle ensuring that an accepting computation is found

Verification represents the metalevel determination if there exists an accepting computation or not.

Other examples

The Semantics of LTL

AB¬A

(Not)

A Λ B

(and)

A ν B

(or)

A → B

(Implies)

A ↔ B

(Equivalent)

TTFTTTT

TFFFTFF

FTTFTTF

FFTFFTT

The Semantics of LTL

bool wantP = false, wantQ= false;

Active proctype P() {

do

:: wantP = true;

do

:: wantQ ->

wantP = false;

wantP = true

::else -> break

od;

wantP = false

od

}

Active proctype Q() {

do

:: wantQ = true;

do

:: wantP ->

wantQ = false;

wantQ = true

::else -> break

od;

wantQ = false

od

}