CN110543353A - MPI program verification method, system and medium combining symbol execution and path model verification - Google Patents
MPI program verification method, system and medium combining symbol execution and path model verification Download PDFInfo
- Publication number
- CN110543353A CN110543353A CN201910837971.4A CN201910837971A CN110543353A CN 110543353 A CN110543353 A CN 110543353A CN 201910837971 A CN201910837971 A CN 201910837971A CN 110543353 A CN110543353 A CN 110543353A
- Authority
- CN
- China
- Prior art keywords
- path
- csp
- mpi
- model
- execution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44589—Program code verification, e.g. Java bytecode verification, proof-carrying code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/448—Execution paradigms, e.g. implementations of programming paradigms
- G06F9/4482—Procedural
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
- G06F9/4806—Task transfer initiation or dispatching
- G06F9/4843—Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
- G06F9/4881—Scheduling strategies for dispatcher, e.g. round robin, multi-level priority queues
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses an MPI program verification method, system and medium combining symbol execution and path model inspection. The method is characterized in that a path space of an MPI program is systematically traversed based on symbol execution, after a normal termination path p is explored by the symbol execution, a CSP model gamma is generated aiming at the equivalent communication behavior of p, and then model checking is used for verifying whether gamma meets the given property, if yes, states to be explored created for different overlapping execution conditions and different matching conditions of the communication behavior in the process of cutting the symbol execution exploration path p are verified; otherwise, finding the counter example of the violation property and generating the corresponding test case. When the path space of the MPI program is explored, a counter-example is found, or a timeout occurs, the verification process terminates. The invention can carry out correctness verification on the actual MPI program containing non-blocking and non-deterministic communication, and the verification result can cover both the input space of the program and the scheduling space of the process.
Description
Technical Field
the invention relates to the field of reliability guarantee of high-performance computing of a computer, in particular to an MPI program verification method, an MPI program verification system and an MPI program verification medium which combine symbolic execution and path model verification.
background
As computer processor architectures evolve toward multi-core and multi-core, parallel program design becomes the mainstream of program development in the high performance computing field. Message Passing Interface (MPI) has become a standard paradigm for parallel programming in the high performance computing domain by virtue of excellent computing performance, and good extensibility and portability. Strictly speaking MPI is a library, not a language, and its parallel language can be implemented based on C, Fortran and so on. Considering that the high-performance MPI calculation program is often applied to security critical fields such as national defense and the like, the method has important significance for ensuring the correctness of the parallel MPI program.
The MPI library provides a rich communication API, with communication operations that may be either blocking or non-blocking. The following describes the core communication operations that are commonly used. For simplicity of description, parameters such as messages and communication domains in operation are hidden here. A representative blocking communication operation is first given:
Ssend (e): and sending the message to the process No. e, and blocking the sending process until the message is received.
send (e): and sending the message to the process with the number e, wherein the sending process blocks until the message is copied to the system buffer.
Recv (e): a message from process number e is received and the receiving process blocks until the message is received.
Recv (.): messages from any process are received and the receiving process blocks until a message is received.
Barrier: the Barrier operates synchronously, processes are blocked until all processes call Barrier.
wait (r): the process is blocked until the non-blocking communication operation identified by the handle r has completed.
to improve the new capabilities of the MPI program, the MPI library provides non-blocking communication operations to enable overlap of communication and computation. Representative non-blocking communication operations are given below:
ISend (e, r): and sending a message to the process No. e, and returning the operation immediately. The parameter r is a handle.
IRecv (e, r): and receiving the message of the process with the number e, and returning the operation immediately. The parameter r is a handle.
IRecv (, r): and receiving a message from any process, and returning the operation immediately. The parameter r is a handle.
complex communication operations may be implemented based on the basic operations described above, such as MPI _ Bcast, MPI _ Gather, and MPI _ Scatter. The complex communication mechanism causes that the correctness of the MPI program is difficult to guarantee. Software validation is a technique used to check whether software satisfies a given specification, i.e., to answer whether the software is correctly implemented, and is of great importance to ensure software reliability during the software development lifecycle. FIG. 1 shows a flow of validation, at a given cost, indicating that the specification is satisfied if all feasible states of the program can be checked and no specification violations are found; otherwise, when the state violating the specification is found, counter-example information is given.
fig. 2 shows an example MPI C program running four processes. The processes P0, P2 and P3 all send a message to P1 and terminate. If the input x is not equal to 'a', process P1 blocks reception of messages for P0, otherwise non-blocking reception of messages for either process is performed, and finally blocking reception of messages from P3. Obviously, when the input x is not equal to 'a', all the blocking reception operations can be matched, and no deadlock exists. When x equals 'a' and any source receive operation IRecv (, req) matches P3, then a deadlock occurs (blocking receive operation Recv (3) of P1 does not have a message match). Therefore, to verify the correctness of the MPI program, it is necessary to cover both the input of the program and the scheduling policy of the process.
a Communication Sequential Process (CSP) is a formal modeling language for concurrent systems, and can effectively characterize the interaction between concurrent Processes. Fig. 3 shows the syntax of the CSP core, where Σ represents the set of events, C is the set of pipes, and X is the set of variables. P gives the definition of CSP process, where a ∈ Σ, C ∈ C, and X ∈ X. The single event process a terminates immediately after performing action a. CSP has three combinatorial operators: sequential (;), external select (□), and synchronous parallel P □ Q determine whether to execute P or Q by the external environment. P and Q will be performed overlapping, but actions in set X will be synchronized. Process c? x → P reads an element in the pipeline c and stores the variable x, and then executes P. Process c! x → P performs P after writing the value of x to pipe c. The process Skip terminates immediately without performing any action.
disclosure of Invention
the technical problems to be solved by the invention are as follows: aiming at the problems in the prior art, the invention provides an MPI program verification method, a system and a medium combining symbol execution and path model verification for an actual MPI program with communication behavior independent of message content.
in order to solve the technical problems, the invention adopts the technical scheme that:
1) inputting a target MPI program, given properties and a symbol variable set Sym;
2) Initializing a symbol to execute a state list Worklist to be explored as a global initial state init of a target MPI program;
3) Selecting an unprocessed state Sc to be explored from the symbol execution state list Worklist according to a specified path space search strategy;
4) selecting an active process i in a state to be explored Sc according to a polling scheduling strategy, wherein the state of the active process i comprises a variable value mapping relation Mi of the process, a next statement to be executed Stati, a process path condition PCi and a process running state F;
5) Performing symbolic execution on a next statement Stati to be executed of the active process i based on the state Sc to be explored, and updating the state si of the process i; judging whether all the processes in the Sc are terminated, if so, executing a step 6); otherwise, executing step 3);
6) reaching this step indicates that the symbolic execution has explored a path of normal termination, denoted as p; generating a CSP model Γ for accurately simulating an equivalent communication behavior of a Path p from communication behavior information generated by the Path p, where the equivalent communication behavior of the Path p is a communication behavior generated by changing an overlapping execution situation and a message matching situation of a communication operation in p;
7) Calling a model checking tool to verify whether the CSP model gamma meets the property, if so, deleting the states to be explored which are created for different overlapping execution conditions and different matching conditions of the communication behaviors when the symbols are deleted from the Worklist to execute the exploration path p, and continuing to execute the step 8); if not, generating counter-examples violating the property, generating corresponding test cases and ending the exit;
8) judging whether the symbol execution state list Worklist to be explored is not empty or not, and if not, skipping to execute the step 3); otherwise, terminate and exit.
Optionally, the specific step of generating the CSP model Γ for accurately simulating the equivalent communication behavior of the path p in step 6) includes:
6.1) determining an execution path p to be modeled and the number n of MPI processes for generating the path;
6.2) initializing a set PS for storing the CSP process to be an empty set; the initial variable i is 0;
6.3) taking the No. i MPI process as a current modeling process, and determining the lengths m of the MPI communication operation sequences Seqi and Seqi which flow out when the process i explores the path p; the initial variable j is m-1, the initial CSP process Pi is Skip, the step 6.4) is executed to generate a corresponding CSP process Pi for the process i, and the Pi is added into the set PS; judging whether i is equal to n, if so, skipping to execute the step 6.5), otherwise, increasing the value of i by 1 and continuing to execute the step 6.3);
6.4) generating a corresponding CSP event for the type of communication operation opj in the sequence of communication operations Seqi; if opj is a blocking communication operation, combining the sequence of the generated events before Pi to update Pi, otherwise combining the events with Pi in parallel to update Pi; determining whether j is equal to 0, if yes, executing step 6.3), otherwise, reducing the value of j by 1 and continuing to execute step 6.4);
6.5) all CSP processes in the set PS are combined in parallel and are required to be synchronized at an event B, and the finally generated CSP process is the CSP model Γ capable of accurately simulating the equivalent communication behavior of the execution path p;
6.6) outputting the CSP model gamma.
optionally, step 6.4) generates a corresponding CSP event for each communication operation opj according to its type, specifically according to the following categories:
the processing steps for MPI communication operation opj of type ssend (i) include: opj is assigned a unique CSP pipe c1 of size 0, writing element x to pipe c1 to model Ssend (i);
the processing steps for MPI communication operation opj of types send (i) and ISend (i, r) include: opj is assigned a unique CSP pipe c2 of size 1, writing element x to pipe c2 to model Send (i) and ISend (i, r);
The processing steps for MPI communication operation opj of type Barrier include: generating a CSP synchronization event B for opj to model Barrier;
The processing steps for MPI communication operation opj of type Recv (i) or Recv (×) include: firstly, acquiring a set C of pipelines corresponding to sending operations which can be matched in a communication behavior set generated by a path p by a communication operation opj in a static matching operation parameter mode; then, combining the read operations of all the pipelines in the set C by using a CSP external selection operator; finally, the external selection combination model is refined, namely if the sending operations corresponding to the two pipelines in the set C have a completion dependency relationship, the pipelines depended on by the pipelines are sequentially spliced and checked before the pipeline reading event to check whether the pipelines are empty blocking CSP events;
The processing steps for MPI communication operation opj of type IRecv (i, r) or IRecv (, r) include: firstly, acquiring a set C of pipelines corresponding to the communication operation opj which can be matched with the sending operation in the communication behavior set generated by the path p in a static matching operation parameter mode; then, combining the read operations of all the pipelines in the set C by using a CSP external selection operator; then, the external selection combination model is refined, namely if the sending operations corresponding to the two pipelines in the set C have a completion dependency relationship, the pipelines depended on by the pipelines are sequentially spliced and checked before the pipeline reading event to check whether the pipelines are empty blocking CSP events; finally, sequentially splicing a CSP event ew corresponding to the waiting action Wait of the non-blocking receiving operation after the refined CSP model;
the processing steps for MPI communication operation opj of type wait (r) include: a CSP event ew is generated for opj to model wait (r), and only the operation wait (r) corresponding to non-blocking reception is modeled.
Furthermore, the present invention also provides an MPI program verification system incorporating symbol execution and path model verification, comprising a computer device programmed to execute the steps of the MPI program verification method incorporating symbol execution and path model verification, or a storage medium of which a computer program programmed to execute the MPI program verification method incorporating symbol execution and path model verification is stored.
furthermore, the present invention also provides a computer readable storage medium having stored thereon a computer program programmed to execute the MPI program verification method in combination with symbol execution and path model verification.
compared with the prior art, the invention has the following advantages: the invention relates to a first automatic verification technology which is oriented to a non-blocking MPI program and can cover a program input space and a process scheduling space; the invention provides a CSP path modeling method, which can accurately describe the equivalent communication behavior of an execution path p (change the communication behavior generated by the overlapping execution of communication operation and the message matching condition in the path p); the invention organically combines symbol execution and path model inspection, on one hand, the symbol execution can automatically extract an accurate path communication model for the model inspection, on the other hand, the model inspection can also help to cut a redundant path space of the symbol execution, and the verifiable property range is enlarged from the global reachable property to the safety and livelock property in the linear sequential logic.
Drawings
FIG. 1 is a flow chart of software validation.
fig. 2 is an MPI example program.
FIG. 3 is a CSP core syntax.
FIG. 4 is a flow chart illustrating a method according to an embodiment of the present invention.
FIG. 5 is a schematic diagram of the MPI-SV framework in an embodiment of the present invention.
FIG. 6 is a diagram of symbolic execution versus model checking according to an embodiment of the present invention.
FIG. 7 is a CSP modeling algorithm in an embodiment of the invention.
FIG. 8 is a flow chart illustrating modeling of CSP in an embodiment of the present invention.
Detailed Description
As shown in fig. 4, the steps of implementing the MPI program verification method of this embodiment combining symbol execution and path model verification include:
1) inputting a target MPI program, given properties and a symbol variable set Sym;
2) initializing a symbol execution state list Worklist as a global initial state init of a target MPI program, wherein all process path conditions in the state init are true, statements to be executed are initial statements, and all variables are mapped into unconstrained symbol variables or actual values; this process can be expressed as: worklist ← { init };
3) selecting an unprocessed state Sc to be explored from a symbol execution state list Worklist according to a specified path space search strategy (default is depth-first search); the selection process is expressed as Select method, and is marked as Sc ← Select (Worklist);
4) according to a polling scheduling strategy, selecting an active process i in a global state to be explored Sc, and determining the state of the active process i comprises the following steps: a variable mapping relation Mi, a next execution statement Stati, a process path condition PCi and a process running state F; the process scheduling strategy is expressed as a Scheduler method and is marked as (Mi, Stati, PCi, F) ← Scheduler (Sc);
5) and performing symbolic execution on the next execution statement Stati of the active process i by combining the state Sc to be explored, the next execution statement Stati, the process path condition PCi and the symbolic variable set Sym, and updating the state of the process i. The statement symbolic execution process is denoted as Execute, and is denoted as Execute (Sc, Stati, PCi, Sym); judging whether all the processes in the Sc are terminated, if so, executing a step 6); otherwise, executing step 3);
6) Reaching this step indicates that the symbolic execution has explored a path for normal termination, denoted p. Generating a CSP model Γ for accurately simulating equivalent communication behaviors of the path p according to the communication behavior information generated by the path p, wherein the CSP model Γ is denoted as Γ ← GenerarteCSP (p), and the equivalent communication behaviors of the path p are communication behaviors generated by changing overlapping execution conditions and message matching conditions of communication operations in the path p;
7) Calling a model checking tool to verify whether the CSP model gamma meets the property, if so, clipping off the to-be-explored state (marked as prune (worklist)) created for different overlapping execution conditions and matching conditions of communication behaviors when the symbols execute the exploration path p, and continuing to execute the step 8); if not, generating counter-examples violating the property, generating corresponding test cases and ending the exit;
8) Judging whether the symbol execution state list Worklist to be explored is not empty or not, and if not, skipping to execute the step 3); otherwise, terminate and exit.
Based on the foregoing steps, a symbolic verification technique framework (abbreviated as MPI-SV) combining symbolic execution and path model verification is shown in fig. 5, so that the data of step 1) is actually a parameter of the framework, which can be expressed as MPI-SV (MP, Sym). The MPI-SV performs systematic path space exploration on the MPI program based on an MPI program symbol execution engine. Wherein, the MPI symbol execution comprises the searching strategy of the state to be explored described in the step 3), the process scheduling strategy described in the step 4) and the statement symbol execution described in the step 5); the "CSP path model check" includes the extraction of the path equivalent communication model described in step 6) and the path model check and redundant path clipping described in step 7). The polling process scheduling strategy adopted by the MPI program symbol execution method is actually a partial order reduction technology, so that only the globally reachable property can be verified. The CSP path model encodes all possible overlapping execution conditions of the MPI parallel process under a given path, so that the CSP model test expands the range of verifiable properties of the MPI symbol execution method, namely the security and livelock properties in linear sequential logic are increased from the global reachable properties.
FIG. 6 shows the interrelationship of symbol execution techniques and model checking techniques in the MPI-SV framework. On one hand, the symbolic execution can automatically extract a reliable and complete path model for model checking (the whole modeling of an actual MPI program is difficult to automate, and the cost of directly checking the whole model of the program is huge), and on the other hand, the model checking can help to cut a redundant path space of symbolic execution and increase the verifiable property range, namely, the verifiable property can be extended from the global reachable property to the safety property and the activity property in linear sequential logic.
in the present embodiment, the step of generating the CSP model Γ for accurately simulating the equivalent communication behavior of the execution path p in step 6) is specifically implemented by the subfunction generecsp, which gives how to automatically generate a CSP model Γ to accurately simulate the equivalent communication behavior of p based on a normally terminated execution path p. The equivalent communication behavior of the path p refers to the communication behavior resulting from changing the overlapping execution case of the communication operation in p and the message matching case. The basic idea of CSP path coding mainly consists of four aspects: (1) modeling MPI message receive and send operations using CSP pipe reads and pipe writes, respectively; (2) modeling the non-deterministic matching of MPI using CSP's external selection operators; (3) modeling blocked communication and synchronization of MPI using sequential combination operators and synchronization events of CSP; (4) parallel execution and non-blocking communication of MPI are modeled using parallel combinatorial operators of CSPs.
The detailed algorithm for generating the CSP model Γ for accurately simulating the equivalent communication behavior of the execution path p in step 6) is shown in fig. 7, and the corresponding flowchart is shown in fig. 8. The method comprises the following specific steps:
6.1) determining an execution path p to be modeled (a parameter from a generateCSP) and the number n of MPI processes generating the path (which can be set by a parameter or a global variable);
6.2) initializing a set PS for storing the CSP process to be an empty set; the initial variable i is 0;
6.3) taking the No. i MPI process as a current modeling process, and determining the lengths m of the MPI communication operation sequences Seqi and Seqi which flow out when the process i explores the path p; an initial variable j is m-1, an initial CSP process Pi is Skip, a step 6.4) is executed to generate a corresponding CSP process Pi for the process i, and the process Pi is added into a set PS and is expressed as PS ← PS { Pi }; judging whether i is equal to n, if so, skipping to execute the step 6.5), otherwise, increasing the value of i by 1 and continuing to execute the step 6.3);
6.4) generating a corresponding CSP event for the type of communication operation opj in the sequence of communication operations Seqi; if opj is a blocking communication operation, combining the sequence of the generated events before Pi to update Pi, otherwise combining the events with Pi in parallel to update Pi; determining whether j is equal to 0, if yes, executing step 6.3), otherwise, reducing the value of j by 1 and continuing to execute step 6.4);
6.5) combining all CSP processes in the set PS in parallel and requiring these processes to be synchronized at event B, the resulting CSP process is a CSP model Γ that is capable of accurately modeling the equivalent communication behavior of the execution path p, which may be represented as
6.6) outputting the CSP model gamma.
The core of the model generation algorithm is to generate corresponding CSP events for different types of communication operations to update the corresponding CSP processes, corresponding to Switch statements in the modeling algorithm (fig. 7). Given communication operation opj of process number i, assuming CSP process model Pi was generated for process number i before modeling opj, the modeling of opj is specifically handled in the following categories:
processing steps for communication operation opj of type ssend (i) include (lines 7-9 of fig. 7): assign a unique CSP pipe c1 of size 0, denoted c1 ← chan (opj), to the communication operation opj. Modeling blocked Send by writing element x to pipe c1, i.e., generating c 1! x, updating the CSP process Pi corresponding to the MPI process to be c 1! x → Skip; pi is used.
The processing steps for communication operation opj of types ISend (i, r) and Send (i) include (lines 10-12 of FIG. 7): assign a unique CSP pipe c2 of size 1, denoted c2 ← chan (opj), to the communication operation opj. Modeling non-blocking transmission and standard transmission in unlimited system cache mode by writing elements to pipe c2, i.e., generating c 2! x, updating the CSP process Pi corresponding to the MPI process to be c 2! x → Skip; pi is used.
the processing steps for communication operation opj of type Barrier include (lines 13-14 of FIG. 7): generating a CSP synchronization event B for the communication operation opj to request all CSP processes to synchronize at event B, updating the CSP process Pi corresponding to the MPI process to be B; pi is used.
The processing steps for communication operation opj of type Recv (i) or Recv (, fig. 7 lines 15-18): firstly, a set C of pipelines corresponding to a sending operation can be matched in a communication behavior set generated by a path p by a communication operation opj obtained in a static matching operation parameter mode, and is marked as StaticMatchedChannel (opj, p); the read operations for all the pipes in set C are then combined using CSP external selection operators, denoted □ { C? x → Skip | C ∈ C }; then, refining the external selection combination model to generate a CSP process Q, which is recorded as Q ← Refine (□ { C; finally, updating the CSP process Pi corresponding to the MPI process to be Q; pi is used.
the processing steps for communication operation opj of type IRecv (i, r) or IRecv (, r) include (fig. 7 lines 19-23): firstly, acquiring a set C of pipelines corresponding to a sending operation, which can be matched in a communication behavior set generated by a path p by a communication operation opj in a static matching operation parameter mode, and marking the set C as StaticMatchedChannel (opj, p); then the read operations for all the pipes in set C are combined using CSP external selection operator as □ { C? x → Skip | C ∈ C }; then, refining the external selection combination model to generate a CSP process Q, which is recorded as Q ← Refine (□ { C; then obtaining CSP event ew corresponding to the completion check action wait (r) of the non-blocking receiving action, and recording as ew ← GeneratEvent (opj); finally, updating the CSP process Pi corresponding to the MPI process to be
The processing steps for communication operation opj of type wait (r) include (lines 24-26 of fig. 7): generating a CSP event ew to model the waiting operation (only modeling the Wait operation corresponding to non-blocking receiving), recording as ew ← GeneratEvent (opj), and updating the CSP process Pi corresponding to the MPI process into ew; pi is used.
path modeling is both reliable and complete. Reliability refers to the fact that a path model contains all communication behaviors generated by changing the overlapping execution situation and the message matching situation of communication operation of a given execution path, and completeness refers to the fact that any communication sequence generated by the path model corresponds to one communication behavior generated by changing the overlapping execution situation and the message matching situation of the communication action of the execution path under the MPI semantic. After an execution path of the MPI program is explored, if the path CSP model meets a given specification, the present embodiment may prune the path equivalent to the path in the path space due to the reliability of modeling, and if the path CSP model gives a counter-example of a violating property, the present embodiment may report this counter-example due to the completeness of modeling.
The embodiment specifically realizes the tool prototype MPI-SV based on the open source symbolic execution platform Cloud 9. Cloud9 is a parallel symbolic execution engine that can support a POSIX environment. To make efficient use of the support of Cloud9 for multithreaded programs, the symbolic execution engine employs the multithreaded MPI library Azequia as an external MPI environment model for symbolic execution (providing a simulated implementation of the communication API called in the MPI program). Overall MPI-SV contains three main modules: the device comprises a program preprocessing module, a symbol execution module and a model checking module. The program preprocessing module compiles the MPI C program into LLVM byte codes by using a Clang compiler and then generates input of a symbol execution module by linking with the compiled external MPI library Azequia; the symbolic execution module is responsible for systematically traversing the path space of the program and checking whether the path violates a given property during the path space traversal. In the symbol execution module, the automatic generation of the CSP path model is realized; the model checking module uses the current classical CSP model checking tool PAT to verify that the CSP path model meets the given properties. If the PAT gives a counterexample path, cutting off a state to be explored which is created by a synchronous overlapping execution condition of communication behaviors and a different message matching condition in the current path, otherwise, extracting an MPI process scheduling strategy from the counterexample path, and combining input information executed by symbols to generate a test case capable of triggering property violation. The embodiment has applied MPI-SV to deadlock-free verification that ten parallel processes are run by ten-row-level open-source actual MPI C programs, such as a gene sequencing program Clustalw, a ray tracing program Kfray, a multimedia static solver DepSolver, and the like. The experimental results show the effectiveness and high efficiency of the symbolic verification method MPI-SV provided by the invention.
Furthermore, the present embodiment also provides an MPI program verification system combining symbol execution and path model verification, including a computer device programmed to execute the steps of the aforementioned MPI program verification method combining symbol execution and path model verification, or a storage medium of the computer device having stored thereon a computer program programmed to execute the aforementioned MPI program verification method combining symbol execution and path model verification.
Furthermore, the present embodiment also provides a computer-readable storage medium having stored thereon a computer program programmed to execute the aforementioned MPI program verification method in combination with symbol execution and path model verification.
the above description is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may occur to those skilled in the art without departing from the principle of the invention, and are considered to be within the scope of the invention.
Claims (5)
1. A method of MPI program verification in conjunction with symbol execution and path model verification, characterized by the implementation steps comprising:
1) Inputting a target MPI program, given properties and a symbol variable set Sym;
2) Initializing a symbol to execute a state list Worklist to be explored as a global initial state init of a target MPI program;
3) selecting an unprocessed state Sc to be explored from the symbol execution state list Worklist according to a specified path space search strategy;
4) selecting an active process i in a state to be explored Sc according to a polling scheduling strategy, wherein the state of the active process i comprises a variable value mapping relation Mi of the process, a next statement to be executed Stati, a process path condition PCi and a process running state F;
5) Performing symbolic execution on a statement Stati to be executed of the active process i based on the state Sc to be explored, and updating the state si of the process i; judging whether all the processes in the Sc are terminated, if so, executing a step 6); otherwise, executing step 3);
6) Reaching this step indicates that the symbolic execution has explored a path of normal termination, denoted as p; generating a CSP model Γ for accurately simulating an equivalent communication behavior of a Path p from communication behavior information generated by the Path p, where the equivalent communication behavior of the Path p is a communication behavior generated by changing an overlapping execution situation and a message matching situation of a communication operation in p;
7) calling a CSP model checking tool to verify whether the model gamma meets the property, if so, cutting off symbols from the Worklist to execute the states to be explored created for different overlapping execution conditions and different matching conditions of the communication operation when the exploration path p is executed, and continuing to execute the step 8); if not, generating counter-examples violating the property, generating corresponding test cases and ending the exit;
8) judging whether the symbol execution state list Worklist to be explored is not empty or not, and if not, skipping to execute the step 3); otherwise, terminate and exit.
2. The MPI program verification method in combination with symbol execution and path model verification according to claim 1, wherein the specific step of generating a CSP model Γ for accurately simulating equivalent communication behavior of the path p in step 6) comprises:
6.1) determining an execution path p to be modeled and the number n of MPI processes for generating the path;
6.2) initializing a set PS for storing the CSP process to be an empty set; the initial variable i is 0;
6.3) taking the No. i MPI process as a current modeling process, and determining the lengths m of the MPI communication operation sequences Seqi and Seqi which flow out when the process i explores the path p; the initial variable j is m-1, the initial CSP process Pi is Skip, the step 6.4) is executed to generate a corresponding CSP process Pi for the process i, and the Pi is added into the set PS; judging whether i is equal to n, if so, skipping to execute the step 6.5), otherwise, increasing the value of i by 1 and continuing to execute the step 6.3);
6.4) generating a corresponding CSP event for the type of communication operation opj in the sequence of communication operations Seqi; if opj is a blocking communication operation, combining the sequence of the generated events before Pi to update Pi, otherwise combining the events with Pi in parallel to update Pi; determining whether j is equal to 0, if yes, executing step 6.3), otherwise, reducing the value of j by 1 and continuing to execute step 6.4);
6.5) all CSP processes in the set PS are combined in parallel and are required to be synchronized at an event B, and the finally generated CSP process is the CSP model Γ capable of accurately simulating the equivalent communication behavior of the execution path p;
6.6) outputting the CSP model gamma.
3. The MPI program verification method with symbolic execution and path model checking according to claim 2, characterized in that step 6.4) generates a corresponding CSP event for each communication operation opj according to its type, in particular according to the following categories:
the processing steps for MPI communication operation opj of type ssend (i) include: opj is assigned a unique CSP pipe c1 of size 0, writing element x to pipe c1 to model Ssend (i);
the processing steps for MPI communication operation opj of types send (i) and ISend (i, r) include: opj is assigned a unique CSP pipe c2 of size 1, writing element x to pipe c2 to model Send (i) and ISend (i, r);
The processing steps for MPI communication operation opj of type Barrier include: generating a CSP synchronization event B for opj to model Barrier;
The processing steps for MPI communication operation opj of type Recv (i) or Recv (×) include: firstly, acquiring a set C of pipelines corresponding to sending operations which can be matched in a communication behavior set generated by a path p by a communication operation opj in a static matching operation parameter mode; then, combining the read operations of all the pipelines in the set C by using a CSP external selection operator; finally, the external selection combination model is refined, namely if the sending operations corresponding to the two pipelines in the set C have a completion dependency relationship, the pipelines depended on by the pipelines are sequentially spliced and checked before the pipeline reading event to check whether the pipelines are empty blocking CSP events;
The processing steps for MPI communication operation opj of type IRecv (i, r) or IRecv (, r) include: firstly, acquiring a set C of pipelines corresponding to the communication operation opj which can be matched with the sending operation in the communication behavior set generated by the path p in a static matching operation parameter mode; then, combining the read operations of all the pipelines in the set C by using a CSP external selection operator; then, the external selection combination model is refined, namely if the sending operations corresponding to the two pipelines in the set C have a completion dependency relationship, the pipelines depended on by the pipelines are sequentially spliced and checked before the pipeline reading event to check whether the pipelines are empty blocking CSP events; finally, sequentially splicing a CSP event ew corresponding to the waiting action Wait of the non-blocking receiving operation after the refined CSP model;
The processing steps for MPI communication operation opj of type wait (r) include: a CSP event ew is generated for opj to model wait (r), and only the operation wait (r) corresponding to non-blocking reception is modeled.
4. an MPI program verification system incorporating symbol execution and path model verification comprising a computer device, characterized in that the computer device is programmed to perform the steps of the MPI program verification method incorporating symbol execution and path model verification as claimed in any one of claims 1 to 3, or that a storage medium of the computer device has stored thereon a computer program programmed to perform the MPI program verification method incorporating symbol execution and path model verification as claimed in any one of claims 1 to 3.
5. a computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a computer program programmed to execute the MPI program verification method in combination with symbol execution and path model verification as claimed in any one of claims 1 to 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910837971.4A CN110543353B (en) | 2019-09-05 | 2019-09-05 | MPI program verification method, system and medium combining symbolic execution and path model verification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910837971.4A CN110543353B (en) | 2019-09-05 | 2019-09-05 | MPI program verification method, system and medium combining symbolic execution and path model verification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110543353A true CN110543353A (en) | 2019-12-06 |
| CN110543353B CN110543353B (en) | 2022-05-06 |
Family
ID=68712658
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910837971.4A Active CN110543353B (en) | 2019-09-05 | 2019-09-05 | MPI program verification method, system and medium combining symbolic execution and path model verification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110543353B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112162745A (en) * | 2020-10-29 | 2021-01-01 | 中国人民解放军国防科技大学 | Program synthesis method based on API (application programming interface) use probability model |
| CN112162746A (en) * | 2020-10-29 | 2021-01-01 | 中国人民解放军国防科技大学 | Automatic program construction method based on network knowledge convergence and iterative search |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060156284A1 (en) * | 2002-10-07 | 2006-07-13 | Edss., Inc. | Architecture of Ticc-Ppde, a new paradigm for parallel programming |
| US20070168988A1 (en) * | 2006-01-11 | 2007-07-19 | International Business Machines Corporation | Software verification using hybrid explicit and symbolic model checking |
| CN102282542A (en) * | 2008-10-14 | 2011-12-14 | 奇托尔·V·斯里尼瓦桑 | TICC-paradigm to build formally verified parallel software for multi-core chips |
| CN106294148A (en) * | 2016-08-08 | 2017-01-04 | 清华大学 | C programmer software verification method based on escape character transition system and device |
-
2019
- 2019-09-05 CN CN201910837971.4A patent/CN110543353B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060156284A1 (en) * | 2002-10-07 | 2006-07-13 | Edss., Inc. | Architecture of Ticc-Ppde, a new paradigm for parallel programming |
| US20070168988A1 (en) * | 2006-01-11 | 2007-07-19 | International Business Machines Corporation | Software verification using hybrid explicit and symbolic model checking |
| CN102282542A (en) * | 2008-10-14 | 2011-12-14 | 奇托尔·V·斯里尼瓦桑 | TICC-paradigm to build formally verified parallel software for multi-core chips |
| CN106294148A (en) * | 2016-08-08 | 2017-01-04 | 清华大学 | C programmer software verification method based on escape character transition system and device |
Non-Patent Citations (3)
| Title |
|---|
| B. KRAMMER: "MARMOT: An MPI analysis and checking tool", 《 ADVANCES IN PARALLEL COMPUTING 》 * |
| GANESH GOPALAKRISHNAN: "Formal analysis of MPI-based parallel programs", 《COMMUNICATIONS OF THE ACM》 * |
| 何炎祥: "基于SMT求解器的路径敏感程序验证", 《软件学报》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112162745A (en) * | 2020-10-29 | 2021-01-01 | 中国人民解放军国防科技大学 | Program synthesis method based on API (application programming interface) use probability model |
| CN112162746A (en) * | 2020-10-29 | 2021-01-01 | 中国人民解放军国防科技大学 | Automatic program construction method based on network knowledge convergence and iterative search |
| CN112162745B (en) * | 2020-10-29 | 2022-06-21 | 中国人民解放军国防科技大学 | API (application program interface) -based program synthesis method using probability model |
| CN112162746B (en) * | 2020-10-29 | 2022-07-05 | 中国人民解放军国防科技大学 | Automatic program construction method based on network knowledge convergence and iterative search |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110543353B (en) | 2022-05-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20230057419A1 (en) | System and method for compiling high-level language code into a script executable on a blockchain platform | |
| US8683441B2 (en) | Software equivalence checking | |
| EP2420931B1 (en) | Solving hybrid constraints to generate test cases for validating a software module | |
| EP2420932B1 (en) | Solving hybrid constraints to validate a security software module for detecting injection attacks | |
| EP2407887B1 (en) | Solving hybrid constraints to validate specification requirements of a software module | |
| Grishchenko et al. | Ethertrust: Sound static analysis of ethereum bytecode | |
| Choi | Model checking trampoline OS: a case study on safety analysis for automotive software | |
| CN110543353B (en) | MPI program verification method, system and medium combining symbolic execution and path model verification | |
| Qi et al. | Modeling software execution environment | |
| Girol et al. | Not all bugs are created equal, but robust reachability can tell the difference | |
| Wang et al. | Verifying full regular temporal properties of programs via dynamic program execution | |
| US9430595B2 (en) | Managing model checks of sequential designs | |
| US9064042B2 (en) | Instrumenting computer program code by merging template and target code methods | |
| Li et al. | Formal Methods and Software Engineering: 24th International Conference on Formal Engineering Methods, ICFEM 2023, Brisbane, QLD, Australia, November 21–24, 2023, Proceedings | |
| Chen et al. | Design and implementation of a dynamic symbolic execution tool for windows executables | |
| Lugou et al. | Toward a methodology for unified verification of hardware/software co-designs | |
| US11321218B1 (en) | Automated generation of source code models from machine code for code analysis | |
| Windsor et al. | High‐coverage metamorphic testing of concurrency support in C compilers | |
| Bartoletti et al. | Towards benchmarking of Solidity verification tools | |
| Gonzalez-de-Aledo et al. | An approach to static-dynamic software analysis | |
| Rosa et al. | A simple model of communication apis-application to dynamic partial-order reduction | |
| Chen et al. | The essence of Verilog: A tractable and tested operational semantics for Verilog | |
| Kaestner et al. | Model-driven code generation and analysis | |
| Deniz et al. | Verification and coverage of message passing multicore applications | |
| Yu et al. | SEnFuzzer: Detecting SGX Memory Corruption via Information Feedback and Tailored Interface Analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |