## Model Checking Concurrent Assembly Algorithms

### BibTeX

@MISC{Cordina_modelchecking,

author = {Joseph Cordina and Stephen Fenech and Gordon J. Pace},

title = {Model Checking Concurrent Assembly Algorithms},

year = {}

}

### OpenURL

### Abstract

Abstract. Model checking has been used in various domains, to enable automatic verification of properties for a given model. Especially in cases when the correctness of the the model is not evident due to the complex nature of the description, model checking can be an indispensable tool. One such domain is the use of concurrent assembly algorithms for lowlevel synchronisation, which can be notoriously difficult to check their correctness or even test. In this paper we look at this domain, and explore the use of model-checking in verifying a number of such algorithms, such as barrier synchronisation and wait-free CSP channel communication. We tackle the state explosion problem inherent in model checking by making use of abstraction techniques to remove rendundant information in the the model, and partial-order techniques to remove redundant interleavings of actions. Finally, we also investigate the use of structural induction to reason about families of systems of arbitrary size. Making use of symmetry and induction, we verify algorithms with an unbounded number of identical participating tasks. 1

### Citations

3973 |
Computer Architecture: A Quantitative Approach, 3 rd ed
- Hennessy, Patterson, et al.
- 2002
(Show Context)
Citation Context ...c Multi-Processor (SMP) and Asymmetric Multi-Processor (ASMP), with the main focus on the ASMP. In the SMP architecture, the processors are identical and share the same clock so they are synchronised =-=[HP02]-=-. On the other hand the ASMP architecture does not have such a constraint and thus we cannot know how long an instruction will take to execute on different processors. In particular, we look into wait... |

623 | Model Checking and Abstraction
- Clarke, Grumberg, et al.
- 1994
(Show Context)
Citation Context ...oach to ours was taken by Basin et al [BFG03] in order to model check bytecode instructions. There is also a great deal of work concerning abstraction in order to prove properties over larger systems =-=[CGL94]-=-. We made use of symbolic methods of abstractions but another type of abstraction is abstract model checking as in [CC99,Gra94,Gra99]. Partial-order abstraction similar to the one employed here is als... |

101 | Synchronous observers and the verification of reactive systems
- Halbwachs, Lagnier, et al.
- 1993
(Show Context)
Citation Context ...n), and constrain the model checking tool to work on paths for which α satisfies π. In general this is not straightforward to do, but by limiting ourselves to safety properties expressed as observers =-=[HLR94]-=-, which take the input and output of the system and return one output stating whether or note the system is running correctly, we can reason about the weakest system directly, proving that if the obse... |

40 |
The Kent Retargetable occam Compiler
- Welch, Wood
- 1996
(Show Context)
Citation Context ...a constraint and thus we cannot know how long an instruction will take to execute on different processors. In particular, we look into wait-free algorithms used in the core of the KRoC Occam compiler =-=[WW96]-=-, to handle communication between different threads. As with most real-life applications of model checking, the main challenge issprimarily that of controlling the state explosion problem. Due to the ... |

34 | Refining model checking by abstract interpretation - Cousot, Cousot - 1999 |

30 | Verification of a distributed cache memory by using abstractions - Graf - 1994 |

26 | Characterization of a sequentially consistent memory and verification of a cache memory by abstraction - Graf - 1999 |

18 |
Seamless Parallel Computing on Heterogeneous Networks of Multiprocessor Workstations
- Vella
- 1998
(Show Context)
Citation Context ...resent the application of these techniques for the verification of the algorithms used internally by KRoC to handle thread barrier synchronisation and channel communication using wait-free algorithms =-=[Vel98]-=-. In both cases, we use inductive reasoning with model checking to prove the correctness of the algorithms for any number of processes taking part in the synchronisation. 2 Background A Kripke structu... |

11 | Semmetry and Induction in Model Checking
- Jha
- 1996
(Show Context)
Citation Context ...99]. Partial-order abstraction similar to the one employed here is also employed in StEAM [Meh06]. Structural induction, as used in our approach, has also employed in a in [McM92] and is discussed in =-=[Jha96]-=- as employing symmetry. In our case studies, we have looked at LTL properties of these systems. Clearly, concurrency introduces various issues which require a branching time logic to express. Certain ... |

8 | Bytecode Verification by Model Checking
- Basin, Friedrich, et al.
(Show Context)
Citation Context ... checking of assembly code where instead of creating a model they make use of a virtual processor to avoid any potential errors in the translation. A similar approach to ours was taken by Basin et al =-=[BFG03]-=- in order to model check bytecode instructions. There is also a great deal of work concerning abstraction in order to prove properties over larger systems [CGL94]. We made use of symbolic methods of a... |

8 | Directed error detection in c++ with the assembly-level model checker StEAM - Leven, Mehler, et al. |

4 |
Symbolic model-checking—an approach to the state explosion problem
- McMillan
- 1992
(Show Context)
Citation Context ...ecking as in [CC99,Gra94,Gra99]. Partial-order abstraction similar to the one employed here is also employed in StEAM [Meh06]. Structural induction, as used in our approach, has also employed in a in =-=[McM92]-=- and is discussed in [Jha96] as employing symmetry. In our case studies, we have looked at LTL properties of these systems. Clearly, concurrency introduces various issues which require a branching tim... |

1 |
Peled Edmund M. Clarke Jr., Orna Grumberg. Model Checking
- Doron
- 1999
(Show Context)
Citation Context ... transitions taken, and the basic definitions of instruction semantics. The state explosion problem unfortunately limits the size of the model which can be model checked in a tractable amount of time =-=[EMCJ99]-=-. Many techniques have been devised in order to be able to enable model checking of larger systems. We will now explain some domain specific optimisation we performed on the models produced. The state... |

1 |
Challenges and applications of assembly level software model checking
- Mehler
- 2006
(Show Context)
Citation Context ...bolic methods of abstractions but another type of abstraction is abstract model checking as in [CC99,Gra94,Gra99]. Partial-order abstraction similar to the one employed here is also employed in StEAM =-=[Meh06]-=-. Structural induction, as used in our approach, has also employed in a in [McM92] and is discussed in [Jha96] as employing symmetry. In our case studies, we have looked at LTL properties of these sys... |