Outline Presentation On SPIN Ch.Sudheer Keshav Under the guidence of Prof. Sridhar Iyer and Prof. Krishna S Kanwal Rekhi School of Information Technology IIT Bombay August 30, 2006 Ch.Sudheer Keshav Under the guidence of Prof. Sridhar Iyer and Prof. Krishna SKanwal Rekhi School of Information Technol Presentation On SPIN
Outline SPIN a Model Checker SPIN is a powerful verication system based on model checking. Model Checking: A model-checking tool accepts system requirements or design (called models) and a property (called specification) that the final system is expected to satisfy. Model checking is achieved by verifying if the model, often deriving from a hardware or software design, satisfies a formal specification. The model is given in a specific language, which corresponds to a finite state machine. Ch.Sudheer Keshav Under the guidence of Prof. Sridhar Iyer and Prof. Krishna SKanwal Rekhi School of Information Technol Presentation On SPIN
Outline Success stories of SPIN A common application of PROMELA/SPIN is in modelling and verifying communication protocols In the area of mobile communication, part of the MCNet (Mobile Communication Network) architecture has been simulated and verified in SPIN[3]. Deadlocks have been detected and many problems related to message exchange have been sorted out. SPIN has also been for Formal verification of Ad-Hoc routing protocols[2]. The protocol is proved to be error free. Broadcast systems, Mobility and timers have been modelled. SPIN has been used for Modeling and Formal Verification of DHCP[4]. Some conditions like checking for unique IP, etc are similar to WiFiRe. Many other Network related protocols have also been formally verified using SPIN[1]. Ch.Sudheer Keshav Under the guidence of Prof. Sridhar Iyer and Prof. Krishna SKanwal Rekhi School of Information Technol Presentation On SPIN
Outline Correspondence between MCNet and OSI Layers Figure: Correspondence between MCNet and OSI Layers[3] Ch.Sudheer Keshav Under the guidence of Prof. Sridhar Iyer and Prof. Krishna SKanwal Rekhi School of Information Technol Presentation On SPIN
Outline SPIN’s Reduction Algorithms The validators produced by SPIN are among the most fastest programs for exhaustive searching known[2]. The Validators are used in two modes. For small and medium size models the validators can be used with an exhaustive state space . For systems that are larger, the validators can be used in supertrace mode , with bit state storage technique that can collapse the state space to a small number of bits per reachable state with minimal side-effect. Partial-Order Reduction(Helps in DFS algorithm used by SPIN) is one of SPINs primary weapons against the state explosion problem. Ch.Sudheer Keshav Under the guidence of Prof. Sridhar Iyer and Prof. Krishna SKanwal Rekhi School of Information Technol Presentation On SPIN
Outline SPIN’s Reduction Algorithms Contd.... Idea: If in some global state, a process P can execute only local statements, then all other processes may be deferred until later. State vector compression (zipping the individual states). Dataflow analysis: Dead variable analysis : Variable which can neither influence the control flow nor any variables which occur in atomic propositions. Statement merging : If there are two consecutive local invisible actions in the model then we can statically merge them into one atomic action. Slicing algorithm (give hints of what can be thrown away). Hash Compaction. Ch.Sudheer Keshav Under the guidence of Prof. Sridhar Iyer and Prof. Krishna SKanwal Rekhi School of Information Technol Presentation On SPIN
Outline Comparision study results on different tools The results of the experiments done by Yifei Dong et al. on i-protocol, a protocol that makes for a formidable case study for verication tools using ve of the widely used model checkers, namely, COSPAN, Mur ϕ , SMV, Spin, and XMC are as follows: SPIN and COSPAN ran out of memory. SMVs memory performance was good, but time taken was more. Mur ϕ and XMC performed the best on i-protocol. XMC was faster. Ch.Sudheer Keshav Under the guidence of Prof. Sridhar Iyer and Prof. Krishna SKanwal Rekhi School of Information Technol Presentation On SPIN
Outline Comparision study results on different tools Contd.... Later it was proved[5] that with either default Spin verication running, or with a reasonable choice of parameter settings, the version of Spin used for tests in [6] can outperform the results obtained with XMC to some extent. The new version of SPIN would outperform XMC comprehensively. Ch.Sudheer Keshav Under the guidence of Prof. Sridhar Iyer and Prof. Krishna SKanwal Rekhi School of Information Technol Presentation On SPIN
Outline Working Of System System: L ( S ) (The set of possible behaviours of S) Property: L ( p ) (The set of valid/desirable behaviours) Prove that: L ( S ) ⊆ L ( p ) (Everey thing possible is valid) Method: To prove L ( S ) ⊆ L ( p ) Which is same as proving L ( S ) ∩ L ( ¬ ( p )). SPIN’s verification engine does this. If this is non-empty then a counter example is generated by SPIN. Ch.Sudheer Keshav Under the guidence of Prof. Sridhar Iyer and Prof. Krishna SKanwal Rekhi School of Information Technol Presentation On SPIN
Outline Main DSs SPIN has three main data structures: State vector : Holds values of variables and program counter for each thread Depth-first stack : Holds states (or transitions) encountered during search and used to display the error trace Seen set : Holds states already explored Ch.Sudheer Keshav Under the guidence of Prof. Sridhar Iyer and Prof. Krishna SKanwal Rekhi School of Information Technol Presentation On SPIN
Outline Strengths of SPIN With Java PathFinder, it is possible to translate programs written in JAVA version 1.0 to PROMELA. The tool is specifically designed to scale well, and to handle even very large problem sizes efficiently. SPIN offers the possibility to perform both simulations and verifications. We try to do an exhaustive simulation of WiFiRe and provide verification using correctness properties specified in LTL or any other accepted forms. Ch.Sudheer Keshav Under the guidence of Prof. Sridhar Iyer and Prof. Krishna SKanwal Rekhi School of Information Technol Presentation On SPIN
Outline Strengths of SPIN Contd.... The SPIN verifier accepts models written in Promela(Protocol/Process Meta Language), a specification language with a syntax similar to C. Promela is enriched with a set of primitives allowing the creation and synchronization of processes, including the possibility to use both synchronous and asynchronous communication channels. A specification consists of one or more processes, each describing the behaviour of one component of the system. Processes may communicate via channels by sending and receiving messages. Correctness claims to be checked are expressed as temporal logic formulas. Ch.Sudheer Keshav Under the guidence of Prof. Sridhar Iyer and Prof. Krishna SKanwal Rekhi School of Information Technol Presentation On SPIN
Outline Strengths of SPIN Contd.... Spin works on-the-fly, which means that it avoids the need to preconstruct a global state graph, or Kripke structure, as a prerequisite for the verification of system properties. i.e the automation need not be completely available before checking for emptiness. The tool supports dynamically growing and shrinking numbers of processes, using a rubber state vector technique.( Not explored properly ) The tool supports both rendezvous and buffered message passing, and communication through shared memory. Ch.Sudheer Keshav Under the guidence of Prof. Sridhar Iyer and Prof. Krishna SKanwal Rekhi School of Information Technol Presentation On SPIN
Outline Strengths of SPIN Contd.... The main strength of SPIN is its automatic exhaustive search capabilities. Spin can be used in three basic modes: As a simulator , allowing for rapid prototyping with a random, guided, or interactive simulations As an exhaustive verifier , capable of rigorously proving the validity of user specified correctness requirements (using partial order reduction theory to optimize the search) As proof approximation system that can validate even very large system models with maximal coverage of the state space. Ch.Sudheer Keshav Under the guidence of Prof. Sridhar Iyer and Prof. Krishna SKanwal Rekhi School of Information Technol Presentation On SPIN
Outline Basic Operational Diagram[1] Figure: Exhaustive verifier Ch.Sudheer Keshav Under the guidence of Prof. Sridhar Iyer and Prof. Krishna SKanwal Rekhi School of Information Technol Presentation On SPIN
Outline Things that can be done using SPIN Logic model checkers can catch a range of logic and functional design errors, especially errors related to concurrency and multi-threading. Deadlocks, livelocks, starvation. Race conditions.[Possibility in case of slots due to wrong timing] Locking problems, priority problems. Resource allocation errors.[since resources are limited] Reliance on relative speeds of execution of threads. Violations of known system bounds. Specification incompleteness. Specification redundancy (dead code). Any Missing Critical Sections can be found out. Ch.Sudheer Keshav Under the guidence of Prof. Sridhar Iyer and Prof. Krishna SKanwal Rekhi School of Information Technol Presentation On SPIN
Recommend
More recommend