Institute for System Programming of the Russian Academy of Sciences
A Survey of High-Performance
Computing for Software
Verification
2017, Moscow, Russia
Ilja Zakharov
[email protected]
Slide 2
Slide 2 text
2
Software Verification
Static verification of
C programs
(CEGAR, BMC, ...)
LTL model checking
Static analysis
Slide 3
Slide 3 text
3
Linux Drivers Verification
catc.ko cdrom.ko usbcore.ko
raid1.ko etx2.ko ext3.ko rtc-lib.ko
The Linux Kernel
catc.ko
catc.ko
env
env
catc.ko
env
catc.ko
env
catc.ko
linux:mutex
generic:memory
linux:clock
Extract a module source code
Generate an environment model
Add a safety property specification
Slide 4
Slide 4 text
4
Linux Drivers Verification
Verification task
Verification task
Verification task
Linux
Slide 5
Slide 5 text
5
Static Verification of C Programs
void main()
{
int x = nondet();
int y = nondet();
int z = nondet();
L1: if (x > y) {
L2: z = y - x;
} else {
L3: z = x - y;
}
L4: if (z < 0)
ERR: goto ERR;
L5: }
Enter main()
x = nondet();
y = nondet();
z = nondet();
assume(x > y)
z = x - y;
assume(z < 0)
ERR;
Slide 6
Slide 6 text
6
Linux Driver Verification
Slide 7
Slide 7 text
7
Verification Tasks
4500 Modules
30 Safety properties
2 Verification tool configurations
50 Sec of CPU time
per verification task
*
*
*
= ?
11
Distributed Verification
● Verification of a single task using several
nodes
● Distributing tasks into several nodes
Slide 12
Slide 12 text
12
Distributed Verification of a
Single Task
● Nodes explore parts of the state space
● Data transfer has high latency
● Modern work stations are used inefficiently
Murφ
SPIN
ARMC
DiVinE
Slide 13
Slide 13 text
13
Distributed Verification of a
Single Task
● Nodes explore parts of the state space
● Data transfer has high latency
● Modern work stations are used inefficiently
Speedup
ThreadNums
1
Slide 14
Slide 14 text
14
Distributed Verification of
Several Tasks
● VerifierCloud for SV-COMP annual
competition
Program Verdict
4 days
787 463 verification tasks,
CPU wall time of 3a 27d 15h 49min 35s
Slide 15
Slide 15 text
15
Platform as a Service
● Platforms create application instances
depending on current workload
● An application must use the platform API
● Platforms imply hard restrictions on task
pending time and task solution time
Slide 16
Slide 16 text
16
CPAchecker in GAE
● Faster application startup
● Pure Java SMT interpolating Solver
● Specific API to access file system
● Restricted time for task solution and pending
Slide 17
Slide 17 text
17
Infrastructure as a Service
● EC2, OpenStack, …
● Clouds provide virtual machines
● Users can adjust VM characteristics
19
Multi-Core Verification
● Parallel state space exploration
● Lockless hash tables to store state space
● Cache coherence may introduce significant
latency
DiVinE, SPIN, LTSmin
BOLT (Map-Reduce)
Slide 20
Slide 20 text
20
Multi-Core Verification
● Parallel state space exploration
● Lockless hash tables to store state space
● Cache coherence may introduce significant
latency
DiVinE, SPIN, LTSmin
BOLT (Map-Reduce)
Speedup
ThreadNums
1
Slide 21
Slide 21 text
21
GPU Computing
● Hundreds cores organized as SMX
● GPU Memory hierarchy
● Longer clock cycle
● Separated code for GPU and CPU
Slide 22
Slide 22 text
22
GPU Verification
● Linear arithmetic
● Sparse matrixes
● Less system calls
● CPU and GPU combination
GPU-PRISM
CADP
DiVinE
SPIN
LTSmin
100 times faster than
CPU using Kepler
Architecture
Slide 23
Slide 23 text
23
Few High Performance Static
Verifiers
● Proof of concepts available
● No best solution
● Difficulty of tools comparison
from different classes
25
Ongoing Work
VM VM
VM VM
VM
Consul, DockerSwarm
OpenStack
CPAchecker
BenchExec
CPAchecker
BenchExec
CPAchecker
BenchExec
Master
Scheduler
Web-Interface
VM
TaskGenerator
RunExec
Client
Client
Slide 26
Slide 26 text
26
Linux Driver Verification
Slide 27
Slide 27 text
Institute for System Programming of the Russian Academy of Sciences
Thank you
[email protected]