1) Overview of the UV Group 2) Gauss: A Framework for Verifying Scientific Computing Software 3) Random things (perhaps more useful than 1 or 2) 2

nd

presented by Ganesh Gopalakrishnan at the annual Utah Regional Verification Workshop

School of Computing, University of Utah, Salt Lake City, UT * Past work supported in part by SRC Contract 1031.001, NSF Award 0219805 and an equipment grant from Intel Corporation

1) Overview of the UV Group

People affiliated with the UV group:

• Recent alumni : Yue Yang (PhD, Microsoft), (PhD, Atilim, Turkey), Ali Sezgin Hemanthkumar Sivaraj Sudhindra Pandav (MS, Intel, Hillsboro) (MS, Intel, Bangalore), • Updates on alumni: Robert Palmer Ravi Hosabettu going to Intel Hillsboro for a 6-month internship, Ritwik Bhattacharya (finishing up fast), ( Ratan, Prosenjit, Mike, Annette now at Juniper Networks, still where they were.) • New members: • Yu Yang (Jason took the “e”), PhD • • • • Xiaofang Chen , PhD Steve Barrus Geof Sawaya Eun Yong Kang (BS/MS) (BS) (BS/MS) • Igor Melatti (potential 6-month postdoc) • Collaborations with faculty: Konrad Slind, Gary Lindstrom, Mike Kirby, John Regehr , Priyank Kalla, Chris Myers (during SRC meetings  ) • Industrial collaborators: Ching Tsun Chou and SeungJoon Park (Intel), Steven German (IBM) 3

Things we’ve dabbled in of late…

Distributed model-checking Verifying hierarchical cache coherence protocols (abstraction methods) SAT methods for shared memory consistency model conformance testing … mem dir dir mem Verifying shared thread programs (e.g. Posix) Verifying distributed memory programs (such as MPI) 4

2) Gauss: A Framework for Verifying Scientific Computing Software

Gauss: A framework for verifying scientific computing software

#include #include #include int main(int argc, char** argv){ int myid; int numprocs; MPI_Init(&argc, &argv); MPI_Comm_size(MPI_COMM_WORLD, &numprocs); MPI_Comm_rank(MPI_COMM_WORLD, &myid); int i; for(i = 1; i < numprocs; ++i){ MPI_Send(&i, 1, MPI_INT, i, 0, MPI_COMM_WORLD); } printf("%d Value: %d\n", myid, myid); } else { int val; } MPI_Status s; MPI_Recv(&val, 1, MPI_INT, 0, 0, MPI_COMM_WORLD, &s); printf("%d Value: %d\n", myid, val); } MPI_Finalize(); return 0; CIL / MPICC Model Extractor 10010101000101010001010100101010010111 00100100111010101101101001001001001100 10011100100100001111001011001111000111 10010101000101010001010100101010010111 00100100111010101101101001001001001100 10011100100100001111001011001111000111 10010101000101010001010100101010010111 00100100111010101101101001001001001100 10011100100100001111001011001111000111 10010101000101010001010100101010010111 MPI Binary 10011100100100001111001011001111000111 10010101000101010001010100101010010111 00100100111010101101101001001001001100 10011100100100001111001011001111000111 10010101000101010001010100101010010111 00100100111010101101101001001001001100 10011100100100001111001011001111000111 00100100111010101101101001001001001100 } int y; active proctype T1(){ int x; x = 1; if :: x = 0; :: x = 2; fi; Program } active proctype T2(){ int x; x = 2; if fi; Model :: y = x + 1; :: y = 0; assert( y == 0 );

+

proctype MPI_Send(chan out, int c){ out!c; } … } proctype MPI_Bsend(chan out, int c){ out!c; } MPI Library proctype MPI_Isend(chan out, int c){ out!c; } Model int MPI_SOURCE; int MPI_TAG; int MPI_ERROR; Environment Model Error Visualization & Simulation Abstraction Refinement

OK

Result Analyzer MC Server Zing MC Client MC Client MC Client MC Client MC Client MC Client … MC Client MC Client MC Client 6

3) Random things (perhaps more useful than 1 or 2)

Tools you can download from the UV page:

• Distributed BFS Murphi and Parallel Random-walk Murphi • MPEC (MP Execution Checker – currently for Itanium) • POeM (Partial Order enabled Murphi) 8

Recent “trends” seen / heard :

• Considerable emphasis on Requirements Engineering for embedded systems Avrunin’s PROPEL Language (also “Lil-Jill”) for modeling and verifying workflow during blood transfusions - Modeling requirements for cardiac pacemakers and defibrillators (work sponsored by Guidant Inc. – Jeff Thompson - Minnesota) - Garlan’s model-driven architectures work (CMU) – connectors… . Nebraska / Kansas powerhouse on many things (Java slicer, Bogor, …) • Hybrid / dynamical system verification Bruce Kroge, Goran Frehse - precision “on demand” • Testing!

Rance Cleveland and Scott Smolka’s “Reactis” company (test automation that saves 10x effort for auto companies…) • Positions for PhDs still available (e.g. Intel) 9

“Cool papers” read recently

• A Survey of Recent Advances in SAT-based Formal Verification Prasad, Biere, Gupta • Concrete Model Checking with Abstract Matching and Refinement Pasareanu, Pelanek, Visser 10

Education Resources

• Patrick Cousot’s notes on abstract interpretation (with code) from MIT • Daniel Jackson’s “Alloy” • Bogor • Esterel / SCADE 11

Conclusion:

Doing just one or two things would have been smarter (but *very* risky in today’s funding climate – hence forced to dip many fingers in many pies … not very conducive to obtaining really deep results…

12

3) Projects in “backburner”

Projects in “back-burner” : Conformance Testing based on Limited Observations Spec Specification Validation Design Verification

Pre-manufacture

Testing for Fabrication Faults

Post-manufacture

Post-Silicon Verification product Does functionality match designed behavior ?

(conformance testing) 14

Post-Si Verification for Cache Protocol Execution • Future • CANNOT Assume there is a “front-side bus” • CANNOT Record all link traffic • CAN ONLY Generate sets of possible cache states • HOW BEST can one match against designed behavior?

cpu cpu cpu cpu Invisible “miss” traffic Visible “miss” traffic 15

Back to our specific problem domain...

Verify the operation of systems at runtime when we can’t see all transactions Could also be offline analysis of a partial log of activities a b x y a x c d y b … c d 16

Required Constraint-Solving Approaches Constraint Solving in the context of Coupled Reactive Processes Likely cause e d c b a e e d c b a d c b a e d c b a Observed event 17