Showing papers on "Promela published in 2023"
TL;DR: In this article , the Spin model checker is used to verify safety properties of a number of futex-based mutex and condition variable implementations, and show how model checking is able to detect bugs that affected real-world implementations and confirm current implementations are correct.
Abstract: The futex Linux system call enables implementing performant inter-thread synchronisation primitives, such as mutexes and condition variables. However, the futex system call is notoriously tricky to use correctly. In this case study, we use the Spin model checker to verify safety properties of a number of futex-based mutex and condition variable implementations. We show how model checking is able to detect bugs that affected real-world implementations, and confirm current implementations are correct. The Promela models we have developed are available as open source, and may be useful as teaching material for classes that cover futex-based synchronisation primitives, and as a template on how to perform formal verification on new synchronisation primitive designs.
15 May 2023
TL;DR: In this paper , the authors combine model checking and auto-tuning to accelerate parallel programs by using a counterexample constructed during the verification of the optimality property of the program.
Abstract: The paper combines research approaches that traditionally have been disjoint: 1) model checking as used in formal verification of programs, and 2) auto-tuning as often used in high-performance computing. Auto-tuning frameworks optimize parallel programs by finding the optimal values of the performance-critical parameters -- so-called tuning parameters -- for a particular high-performance architecture and input data size. As there are many parameters influencing program's performance, finding the optimal parameter configuration is a hardly manageable task even for experts. Auto-tuning automates this process, but it is often time-consuming. We apply model checking for accelerating auto-tuning by using a counterexample constructed during the verification of the optimality property of the program. We describe in detail an implementation of our approach for programs written in OpenCL -- the standard for programming modern high-performance architectures -- using the model representation language Promela and the popular SPIN verification tool, and we report experimental results for an application use case.
01 Jan 2023
TL;DR: In this article , the authors present an approach for model extraction, formal specification, verification and repair of the scheduler of Contiki, which is an event-driven lightweight Operating System for the Internet of Things (IoT).
Abstract: This paper presents an approach for model extraction, formal specification, verification and repair of the scheduler of Contiki, which is an event-driven lightweight Operating System for the Internet of Things (IoT). We first derive a state machine-based abstraction of the scheduler’s modes of operation along with the control flow abstractions of the scheduler’s most important functions. We then use a set of transformation rules to formally specify the scheduler and all its internal functions in Promela. Additional contributions with respect to the conference version of this article include (1) modeling nested function calls in the Promela model of the scheduler using a novel technique amenable to model checking in SPIN; (2) modeling protothreads in Promela; (3) specifying and formally verifying twelve critical requirements of the scheduler; (4) detecting new design flaws in Contiki’s scheduler, for the first time (to the best of our knowledge); (5) repairing the model and the source code of Contiki’s scheduler towards fixing the flaws detected through verification, as well as regression verification of the entire model of the scheduler, and (6) experimentally analyzing the time and space costs of verification before and after repair. The proposed formal model of Contiki’s scheduler along with novel modeling techniques enhance our knowledge regarding the most critical components of Contiki, and provide reusable methods for formal specification and verification of other event-driven operating systems used in Cyber Physical Systems (CPS) and IoT.
01 Jan 2023
TL;DR: In this paper , the authors present a method that automatically generates from Abstract State Machine (ASM) specifications test which fulfils the desired coverage, which is used to predict the expected output under the test.
Abstract: We automatically generate code coverage in the verification phase with the help of PROMELA (a language used by Spin checker). PROMELA is a process metalanguage of the Spin model checker. We are presenting a method that automatically generates from Abstract State Machine (ASM) specifications test which fulfils the desired coverage. ASM is used to predict the expected output under the test. A prototype tool that implements the proposed method. The experiments show comparison of code coverage and random test generation. We discuss the benefits and restrictions of the spin model checker. This work aims to reduce the number of features selected without compromising on delivering comparable accuracy and also performs the task in less time.
TL;DR: In this paper , an automatic verification tool to perform model transformation using a C compiler with NuSMV library included is presented. But this tool does not provide model-based design.
Abstract: Formal verification plays an important role in proving the safety of autonomous vehicles (AV). It is crucial to find errors in the AV system model to ensure safety critical features are not compromised. Model checking is a formal verification method which checks if the finite state machine (FSM) model meets system requirements. These requirements can be expressed as linear Temporal logic (LTL) formulae to describe a sequence of states with linear Temporal properties to be satisfied. NuSMV is a dedicated software for performing model checking based on Temporal logic formulae on FSM models. However, NuSMV does not provide model-based design. On the other hand, Stateflow in MATLAB/SIMULINK is a powerful tool for designing the model and offers an interactive Graphical User Interface (GUI) for the user/verifier but is not as efficient as NuSMV in model checking. Hence, model transformation becomes vital to convert the AV model in Stateflow to an input language of model checking software such as NuSMV. In this paper, we model an AV using Stateflow, which consists of cruise control, lane change/abortion, obstacle avoidance and gap maintenance blocks in the form of FSMs. We design an automatic verification tool to perform model transformation using a C compiler with NuSMV library included. Guard conditions are represented by Boolean expressions to capture the transition sequence between different blocks. LTL specifications of safety critical requirements are verified to guarantee the validity of the AV system design. When guard conditions fail, i.e., system requirements are not met, the verification tool will give a counterexample as the output. A case study is performed to show how this verification tool can help designers to make modifications based on the counterexamples to better meet the system requirements. We also perform a benchmark verification using the design verifier in SIMULINK to compare the performance. 1