180 likes | 317 Views
EUROCON 2003. Verification of Bakery algorithm variants for two processes. Robert Meolic Faculty of EE&CS Maribor. David Dedič Nova Vizija d.o.o. Žalec. Verification of Bakery algorithm variants for two processes. About our work on this project mutual exclusion algorithm
E N D
EUROCON 2003 Verification of Bakery algorithm variants for two processes Robert Meolic Faculty of EE&CS Maribor David Dedič Nova Vizija d.o.o. Žalec
Verification of Bakery algorithm variants for two processes About our work on this project • mutual exclusion algorithm • formal verification by checking equivalence relations and model checking with ACTL • free, open-source, written in Maribor About this presentation • does formal verification have sense? • an overview of our paper • demonstration of EST under Windows
Formal verification of hardware Source: from Internet in 2001
Formal verification of software • software is complex • can something goes wrong? - the software will! • a few words from Gerard J. Holzmann, author ofSPIN model checker: Trends in software verification The 12th International FME Symposium, Pisa, Italy, September 8-14, 2003
What is wrong with software? • term software crisis launched in 1968 • first we thought better education of programmers would solve it • the we thought that better programming techniques would solve it • then we thought that investing more money would solve it • but, programming is a human activity, and humans can find ways to make mistakes in any context… Source: Gerard J. Holzmann
Software can be mastered! • do software really get more complexfaster than our ability to analyze it improves? • 1968: OS/360 ~5 million lines of assembly • 2003: Windows XP ~64 million lines of C/C++ • increase of ~64 times (26) in 35 years • Moore's curve: ~223 (> 8 million x) • and • better algorithms • software becomes easier to analyze Source: Gerard J. Holzmann
Mutual exclusion algorithms CS=Critical Section while (true) { outsideCS(); wantToEnterCS(i); insideCS(); finishedInCS(i); }
Wow, so many solutions! • Dijkstra’s algorithm, 1965 • Dekker’s algorithm, 1965 • Knuth’s algorithm, 1966 • Hyman’s algorithm, 1966 • Lamport’s bakery algorithm, 1974 • Peterson’s algorithm, 1981 • Fischer’s algorithm, 1985 • Lamport’s one-bit algorithm, 1986 • there are some more... WRONG! Real-time!
Bakery algorithm • principle of serving customers at a bakery • each process receives a ticket number • the process with the lowest number enter CS no relying on a lower-level mutual exclusion there are some variants of the algorithm
Bakery algorithm PROCESS Pi loop forever i0: <non-critical section> i1: Choosing(i) := 1; i2: Number(i) := 1 + max(Number[1],…,Number[N]); i3: Choosing(i) := 0; for j in 1..N do begin i4:loop exit when Choosing(j) == 0; end loop; i5:loop con: exit when Number(j) == 0 or Number(i) < Number(j) or (Number(i) == Number(j) and i < j); end loop; end; i6: <critical section> i7: Number(i) := 0; end loop; TICKET compare it
Bakery algorithm for 2 processes PROCES P1-BAKERY loop forever a0: <non-critical section> a1: c1 := 1; a2: n1 := n2 + 1; a3: c1 := 0; a4:loop exit when c2==0; end loop; a5:loop con1:exit when n2==0 or n1<=n2; end loop; a6: <critical section> a7: n1 := 0; end loop; PROCES P2-BAKERY loop forever b0: <non-critical section> b1: c2 := 1; b2: n2 := n1 + 1; b3: c2 := 0; b4:loop exit when c1==0; end loop; b5:loop con2:exit when n1==0 or n2<n1; end loop; b6: <critical section> b7: n2 := 0; end loop;
Three variants PROCES P1-BAKERY loop forever a0: <non-critical section> a1: c1 := 1; a2: n1 := n2 + 1; a3: c1 := 0; a4:loop exit when c2==0; end loop; a5:loop con1:exit when n2==0 or n1<=n2; end loop; a6: <critical section> a7: n1 := 0; end loop; PROCES P1-BEN-ARI loop forever a0: <non-critical section> a1: n1 := 1; a2: n1 := n2 + 1; a5:loop con1:exit when n2==0 or n1<=n2; end loop; a6: <critical section> a7: n1 := 0; end loop; PROCES P1-STEP loop forever a0: <non-critical section> a2: n1 := n2 + 1; a5:loop con1:exit when n2==0 or n1<=n2; end loop; a6: <critical section> a7: n1 := 0; end loop;
Simple process algebra Process P1-BAKERY 10 states / 12 transitions • We also need other processes: • P2-BAKERY (11 st / 13 tr) • NPLUS (9 st / 12 tr) • N1 and N2 (3 st / 12 tr each) • C1 and C2 (2 st / 6 tr each) Composition of all processes:218 states / 381 transitions
Testing equivalence • describe the external behaviour with smaller and simpler process • check if the composition and and the given process are testing equivalent
Model checking • a popular verification method • more interesting properties can be proved After process P1 intends to enter its critical section, process P2 can enter its critical section at most once before P1 does AG [request1!] NOTE[{NOTenter1!} U {enter2!} E[{NOTenter1!} U {enter2!}]] TRUE for Bakery algorithm