Formal Verification of Programs That Use MPI One-Sided Communication

We used formal-verification methods based on model checking to analyze the correctness properties of one existing and two new distributed-locking algorithms implemented by using MPI's one-sided communication. Model checking exposed an overlooked correctness issue with the first algorithm, which had been developed by relying only on manual reasoning. Model checking helped confirm the basic correctness properties of the two new algorithms, while also identifying the remaining problems in them. Our experience is that MPI-based programming, especially the tricky and relatively poorly understood one-sided communication features, stand to gain immensely from model checking. Considering that many other areas of concurrent hardware and software design now routinely employ model checking, our experience confirms that the MPI community can benefit greatly from the use of formal verification.

[1]  Andrew S. Tanenbaum,et al.  Distributed operating systems , 2009, CSUR.

[2]  Alex Rapaport,et al.  Mpi-2: extensions to the message-passing interface , 1997 .

[3]  Dieter Kranzlmuller,et al.  Event Graph Analysis for Debugging Massively Parallel Programs , 2000 .

[4]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[5]  William McCune,et al.  SPINning Parallel Systems Software , 2002, SPIN.

[6]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[7]  Robert B. Ross,et al.  Using MPI-2: Advanced Features of the Message Passing Interface , 2003, CLUSTER.

[8]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[9]  Marina Kraeva,et al.  The performance and scalability of SHMEM and MPI-2 one-sided routines on a SGI Origin 2000 and a Cray T3E-600: Performances , 2004 .

[10]  Sriram K. Rajamani,et al.  SLAM and Static Driver Verifier: Technology Transfer of Formal Methods inside Microsoft , 2004, IFM.

[11]  George S. Avrunin,et al.  Verification of MPI-Based Software for Scientific Computation , 2004, SPIN.

[12]  Marina Kraeva,et al.  The performance and scalability of SHMEM and MPI‐2 one‐sided routines on a SGI Origin 2000 and a Cray T3E‐600 , 2004, Concurr. Pract. Exp..

[13]  Rajeev Thakur,et al.  An Evaluation of Implementation Options for MPI One-Sided Communication , 2005, PVM/MPI.

[14]  Rajeev Thakur,et al.  Optimizing the Synchronization Operations in MPI One-Sided Communication∗ , 2005 .

[15]  George S. Avrunin,et al.  Modeling wildcard-free MPI programs for verification , 2005, PPOPP.

[16]  Rajeev Thakur,et al.  Optimizing the Synchronization Operations in Message Passing Interface One-Sided Communication , 2005, Int. J. High Perform. Comput. Appl..

[17]  Robert Latham,et al.  Implementing Byte-Range Locks Using MPI One-Sided Communication , 2005, PVM/MPI.

[18]  George S. Avrunin,et al.  Using model checking with symbolic execution to verify parallel numerical programs , 2006, ISSTA '06.

[19]  Andreas Podelski,et al.  ACSAR: Software Model Checking with Transfinite Refinement , 2007, SPIN.

[20]  Jack Dongarra,et al.  Recent Advances in Parallel Virtual Machine and Message Passing Interface, 15th European PVM/MPI Users' Group Meeting, Dublin, Ireland, September 7-10, 2008. Proceedings , 2008, PVM/MPI.