Advertisement

FDR3: a parallel refinement checker for CSP

  • Thomas Gibson-RobinsonEmail author
  • Philip Armstrong
  • Alexandre Boulgakov
  • A. W. Roscoe
TACAS 2014

Abstract

Failures divergence refinement 3 (FDR3) is a complete rewrite of the CSP refinement checker FDR2 that incorporates a significant number of enhancements. In this paper, we describe the operation of FDR3 at a high level and give a detailed description of several of the more important innovations. FDR3 has a new parallel refinement-checking algorithm that is able to achieve a near linear speedup as the number of cores increases. This algorithm scales linearly not only on shared-memory systems, but also on distributed systems (i.e. clusters). In particular, this paper presents experimental results that show FDR3 can achieve a speedup factor in excess of 1000 versus the sequential case on a cluster of 64, 16-core machines (i.e. 1024 cores): we obtain similar performance improvements on a supercomputer and, more interestingly, on a commodity cloud computing provider. We also present experimental results that compare FDR3 to related tools, and indicate that (as far as we know) FDR3 is unique in being able to scale beyond the bounds of main memory. This paper also describes the new algorithm that FDR3 uses to construct its internal representation of CSP processes, one of the key problems to solve in order to efficiently model-check process algebras.

Keywords

CSP FDR Model-checking Process algebras  Refinement 

Notes

Acknowledgments

This work has benefitted from many useful conversations with Michael Goldsmith, Colin O’Halloran, Gavin Lowe, and Nick Moffat. Development of FDR3 has, of course, been profoundly influenced by the implementors of FDR2, notably Michael Goldsmith, David Jackson, Paul Gardiner, and Bryan Scattergood. We would also like to thank the anonymous reviewers for their useful comments. The authors would like to acknowledge the use of the Advanced Research Computing (ARC) in carrying out this work. Research into FDR3 has been partially sponsored by DARPA under agreement number FA8750-12-2-0247.

References

  1. 1.
    Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, Inc., Upper Saddle River (1985)zbMATHGoogle Scholar
  2. 2.
    Roscoe, A.W.: The Theory and Practice of Concurrency. Prentice Hall, New Jersey (1997)Google Scholar
  3. 3.
    Roscoe, A.W.: Understanding Concurrent Systems. Springer, New York (2010)CrossRefzbMATHGoogle Scholar
  4. 4.
    Formal Systems (Europe) Ltd.: Failures-Divergence Refinement–FDR 2 User Manual, (2011)Google Scholar
  5. 5.
    Goldsmith, M.: Operational Semantics for Fun and Profit. In: Communicating Sequential Processes. The First 25 Years, vol. 3525 of LNCS (2005)Google Scholar
  6. 6.
    Lawrence, J.: Practical Application of CSP and FDR to Software Design. In: Communicating Sequential Processes. The First 25 Years, vol. 3525 of LNCS (2005)Google Scholar
  7. 7.
    Mota, A.: Model-checking CSP-Z: strategy, tool support and industrial application. Sci. Comput. Program. 40(1), 59–96 (2001)CrossRefzbMATHGoogle Scholar
  8. 8.
    Fischer, C., Wehrheim, H.: Model-checking CSP-OZ specifications with FDR. In: IFM’99. Springer, New York (1999)Google Scholar
  9. 9.
    Lowe, G.: Casper: a compiler for the analysis of security protocols. J. Comput. Secur. 6(1—-2), 53–84 (1998)Google Scholar
  10. 10.
    Roscoe, A.W., Hopkins, D.: SVA, a tool for analysing shared-variable programs. In: Proceedings of AVoCS 2007 (2007)Google Scholar
  11. 11.
    Holzmann, G.: Spin Model Checker: The Primer and Reference Manual. Addison-Wesley Professional, Boston (2003)Google Scholar
  12. 12.
    Barnat, J., Brim, L., Havel, V., Havlíček, J., Kriho, J., Lenčo, M., Ročkai, P., Štill, V., Weiser, J.: DiVinE 3.0: an explicit-state model checker for multithreaded C & C++ Programs. In: CAV, vol. 8044 of LNCS (2013)Google Scholar
  13. 13.
    Laarman, A., Pol, J.V.D., Weber, M.: Multi-core LTSmin: marrying modularity and scalability. In: NASA Formal Methods, vol. 6617 of LNCS (2011)Google Scholar
  14. 14.
    Boulgakov, A., Gibson-Robinson, T., Roscoe, A.W.: Computing maximal bisimulations. In: Formal Methods and Software Engineering, vol. 8829 of LNCS (2014)Google Scholar
  15. 15.
    Gibson-Robinson, T., Roscoe, A.W., Hansen, H., Wang, X.: Practical partial order reduction for CSP. In: NASA Formal Methods (2015)Google Scholar
  16. 16.
    Gibson-Robinson, T., Armstrong, P., Boulgakov, A., Roscoe, A.W.: FDR3: a modern model checker for CSP. In: TACAS, vol. 8413 of LNCS (2014)Google Scholar
  17. 17.
    Gibson-Robinson, T., Roscoe, A.W.: FDR into the cloud. In: Communicating Process Architectures (2014)Google Scholar
  18. 18.
    University of Oxford, libcspm. https://github.com/tomgr/libcspm (2013)
  19. 19.
    Reed, G.M., Roscoe, A.W.: A timed model for communicating sequential processes. Theor. Comput. Sci. 58, 249–261 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Armstrong, P., Lowe, G., Ouaknine, J., Roscoe, A.W.: Model checking timed CSP. In: Proceedings of HOWARD (Festschrift for Howard Barringer) (2012)Google Scholar
  21. 21.
    Ouaknine, J.: Discrete analysis of continuous behaviour in real-time concurrent systems. DPhil Thesis (2001)Google Scholar
  22. 22.
    Barringer, H., Kuiper, R., Pnueli, A.: A really abstract concurrent model and its temporal logic. In: Proceedings of the 13th ACM SIGACT-SIGPLAN symposium on Principles of programming languages. ACM, New York (1986)Google Scholar
  23. 23.
    Roscoe, A.W., Hopcroft, P.J.: Slow abstraction via priority. In: Theories of Programming and Formal Methods, vol. 8051 of LNCS (2013)Google Scholar
  24. 24.
    Roscoe, A.W.: Model-checking CSP. A Classical Mind: Essays in Honour of CAR Hoare (1994)Google Scholar
  25. 25.
    Goldsmith, M., Martin, J.: The parallelisation of FDR. In: Proceedings of the Workshop on Parallel and Distributed Model Checking (2002)Google Scholar
  26. 26.
    Leiserson, C.E., Schardl, T.B.: A work-efficient parallel breadth-first search algorithm (or how to cope with the nondeterminism of reducers). In: Proc. 22nd ACM Symposium on Parallelism in Algorithms and Architectures (2010)Google Scholar
  27. 27.
    Korf, R.E., Schultze, P.: Large-scale parallel breadth-first search. In: Proc. 20th National Conference on Artificial Intelligence, vol. 3, AAAI (2005)Google Scholar
  28. 28.
    Holzmann, G.J.: Parallelizing the spin model checker. In: Model Checking Software, vol. 7385 of LNCS (2012)Google Scholar
  29. 29.
    Laarman, A., van de Pol, J., Weber, M.: Boosting multi-core reachability performance with shared hash tables. In: Formal Methods in Computer-Aided Design (2010)Google Scholar
  30. 30.
    Barnat, J., Brim, L., Simecek, P.: Cluster-based I/O-efficient LTL model checking. In: ASE, pp. 635–639. IEEE (2009)Google Scholar
  31. 31.
    Verstoep, K., Bal, H.E., Barnat, J., Brim, L.: Efficient large-scale model checking. In: IPDPS, pp. 1–12. IEEE (2009)Google Scholar
  32. 32.
    Hughes, J.: Graph reduction with super-combinators. Tech. Rep. PRG28, OUCL (1982)Google Scholar
  33. 33.
    Leuschel, M., Butler, M.: ProB: An automated analysis toolset for the B method. Softw. Tools Technol. Transf. (STTT) 10(2), 185–203 (2008)CrossRefGoogle Scholar
  34. 34.
    Sun, J., Liu, Y., Dong, J.S., Pang, J.: Pat: Towards flexible verification under fairness, vol. 5643 of Lecture Notes in Computer Science, pp. 709–714. Springer, New York (2009)Google Scholar
  35. 35.
    Lowe, G.: Concurrent depth-first search algorithms. In: TACAS, pp. 202–216 (2014)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  • Thomas Gibson-Robinson
    • 1
    Email author
  • Philip Armstrong
    • 1
  • Alexandre Boulgakov
    • 1
  • A. W. Roscoe
    • 1
  1. 1.Department of Computer ScienceUniversity of Oxford Wolfson BuildingOxfordUK

Personalised recommendations