Chiefly Symmetric: Results on the Scalability of Probabilistic Model Checking for Operating-System Code

Reliability in terms of functional properties from the safety-liveness spectrum is an indispensable requirement of low-level operating-system (OS) code. However, with evermore complex and thus less predictable hardware, quantitative and probabilistic guarantees become more and more important. Probabilistic model checking is one technique to automatically obtain these guarantees. First experiences with the automated quantitative analysis of low-level operating-system code confirm the expectation that the naive probabilistic model checking approach rapidly reaches its limits when increasing the numbers of processes. This paper reports on our work-in-progress to tackle the state explosion problem for low-level OS-code caused by the exponential blow-up of the model size when the number of processes grows. We studied the symmetry reduction approach and carried out our experiments with a simple test-and-test-and-set lock case study as a representative example for a wide range of protocols with natural inter-process dependencies and long-run properties. We quickly see a state-space explosion for scenarios where inter-process dependencies are insignificant. However, once inter-process dependencies dominate the picture models with hundred and more processes can be constructed and analysed.

[1]  Michael L. Scott,et al.  Scalable reader-writer synchronization for shared-memory multiprocessors , 1991, PPOPP '91.

[2]  Thomas E. Anderson,et al.  The Performance of Spin Lock Alternatives for Shared-Memory Multiprocessors , 1990, IEEE Trans. Parallel Distributed Syst..

[3]  Beng-Hong Lim,et al.  Reactive synchronization algorithms for multiprocessors , 1994, ASPLOS VI.

[4]  Joost-Pieter Katoen,et al.  The Ins and Outs of the Probabilistic Model Checker MRMC , 2009, 2009 Sixth International Conference on the Quantitative Evaluation of Systems.

[5]  Christel Baier,et al.  Waiting for Locks: How Long Does It Usually Take? , 2012, FMICS.

[6]  Thomas Wahl,et al.  On Combining Symmetry Reduction and Symbolic Representation for Efficient Model Checking , 2003, CHARME.

[7]  Muffy Calder,et al.  Symmetry in temporal logic model checking , 2006, CSUR.

[8]  David García,et al.  NonStop/spl reg/ advanced architecture , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[9]  Marta Z. Kwiatkowska,et al.  Probabilistic symbolic model checking with PRISM: a hybrid approach , 2004, International Journal on Software Tools for Technology Transfer.

[10]  Jakob Engblom,et al.  The worst-case execution-time problem—overview of methods and survey of tools , 2008, TECS.

[11]  Hermann Härtig,et al.  Who Watches the Watchmen? Protecting Operating System Reliability Mechanisms , 2012, HotDep.

[12]  Alastair F. Donaldson,et al.  Language-Level Symmetry Reduction for Probabilistic Model Checking , 2009, 2009 Sixth International Conference on the Quantitative Evaluation of Systems.

[13]  Guillem Bernat,et al.  Analysis of Probabilistic Hard Real-Time Systems , 2008 .

[14]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[15]  David L. Dill,et al.  Better verification through symmetry , 1996, Formal Methods Syst. Des..

[16]  Alastair F. Donaldson,et al.  Symmetry Reduction for Probabilistic Model Checking Using Generic Representatives , 2006, ATVA.

[17]  Brian N. Bershad,et al.  Improving the reliability of commodity operating systems , 2005, TOCS.

[18]  A. Prasad Sistla,et al.  Symmetry and model checking , 1993, Formal Methods Syst. Des..

[19]  Marta Z. Kwiatkowska,et al.  Symmetry Reduction for Probabilistic Model Checking , 2006, CAV.

[20]  Wolfgang J. Paul,et al.  Realistic Worst-Case Execution Time Analysis in the Context of Pervasive System Verification , 2006, Program Analysis and Compilation.

[21]  E. Allen Emerson,et al.  From Asymmetry to Full Symmetry: New Techniques for Symmetry Reduction in Model Checking , 1999, CHARME.

[22]  Guillem Bernat,et al.  WCET analysis of probabilistic hard real-time systems , 2002, 23rd IEEE Real-Time Systems Symposium, 2002. RTSS 2002..

[23]  Christel Baier,et al.  LiQuor: A tool for Qualitative and Quantitative Linear Time analysis of Reactive Systems , 2006, Third International Conference on the Quantitative Evaluation of Systems - (QEST'06).

[24]  Somesh Jha,et al.  Exploiting symmetry in temporal logic model checking , 1993, Formal Methods Syst. Des..

[25]  Joost-Pieter Katoen,et al.  Bisimulation Minimisation Mostly Speeds Up Probabilistic Model Checking , 2007, TACAS.