Abstract
Software verification is an important stage of the software development process, particularly for mission-critical systems. As the traditional methodology of using unit tests falls short of verifying complex software, developers are increasingly relying on formal verification methods, such as explicit state model checking, to automatically verify that the software functions properly. However, due to the ever-increasing complexity of software designs, model checking cannot be performed in a reasonable amount of time when running on general-purpose cores, leading to the exploration of hardware-accelerated model checking. FPGAs have been demonstrated to be promising verification accelerators, exhibiting nearly three orders of magnitude speedup over software. Unfortunately, the “FPGA programmability wall,” particularly the long synthesis and place-and-route times, block the general adoption of FPGAs for model checking.
To address this problem, we designed a runtime-programmable pipeline specifically for model checkers on FPGAs to minimize the “preparation time” before a model can be checked. Our design of the successor state generator and the state validator modules enables FPGA-acceleration of model checking without incurring the time-consuming FPGA implementation stages, reducing the preparation time before checking a model from hours to less than a minute, while incurring only a 26% execution time overhead compared to model-specific implementations.
- J. Barnat, P. Bauch, L. Brim, and M. Ceska. 2010. Employing multiple CUDA devices to accelerate LTL model checking. In Proceedings of the IEEE 16th International Conference on Parallel and Distributed Systems. 259–266. DOI:DOI:https://doi.org/10.1109/ICPADS.2010.82 Google Scholar
Digital Library
- Jiri Barnat, Lubos Brim, and Milan Ceska. 2009. DiVinE-CUDA – A tool for GPU accelerated LTL model checking. In Proceedings of the 8th International Workshop on Parallel and Distributed Methods in Verification (PDMC’09).107–111. DOI:DOI:https://doi.org/10.4204/EPTCS.14.8 Google Scholar
Digital Library
- Ezio Bartocci, Richard DeFrancisco, and Scott A. Smolka. 2014. Towards a GPGPU-parallel SPIN model checker. In Proceedings of the International SPIN Symposium on Model Checking of Software (SPIN’14). ACM, New York, NY, 87–96. DOI:DOI:https://doi.org/10.1145/2632362.2632379 Google Scholar
Digital Library
- Dragan Bošnački, Stefan Edelkamp, Damian Sulewski, and Anton Wijs. 2011. Parallel probabilistic model checking on general purpose graphics processors. Int. J. Softw. Tools Technol. Transf. 13, 1 (01 Jan. 2011), 21–35. DOI:DOI:https://doi.org/10.1007/s10009-010-0176-4Google Scholar
Cross Ref
- S. Cho, M. Ferdman, and P. Milder. 2018. FPGASwarm: High throughput model checking on FPGAs. In 28th International Conference on Field Programmable Logic and Applications (FPL’18). 435–442. DOI:DOI:https://doi.org/10.1109/FPL.2018.00080Google Scholar
- Stefan Edelkamp and Damian Sulewski. 2010. Efficient explicit-state model checking on general purpose graphics processors. In Model Checking Software, Jaco van de Pol and Michael Weber (Eds.). Springer Berlin, 106–123. Google Scholar
Digital Library
- Tony Field, Peter G. Harrison, Jeremy Bradley, and Uli Harder (Eds.). 2002. PRISM: Probabilistic Symbolic Model Checker. Springer Berlin. DOI:DOI:https://doi.org/10.1007/3-540-46029-2_13Google Scholar
- M. E. Fuess, M. Leeser, and T. Leonard. 2008. An FPGA implementation of explicit-state model checking. In 16th International Symposium on Field-programmable Custom Computing Machines. 119–126. DOI:DOI:https://doi.org/10.1109/FCCM.2008.36 Google Scholar
Digital Library
- Gerard Holzmann. 2011. The SPIN Model Checker: Primer and Reference Manual (1st ed.). Addison-Wesley Professional. Google Scholar
Digital Library
- G. J. Holzmann. 1997. The model checker SPIN. IEEE Trans. Softw. Eng. 23, 5 (May 1997), 279–295. DOI:DOI:https://doi.org/10.1109/32.588521 Google Scholar
Digital Library
- G. J. Holzmann, R. Joshi, and A. Groce. 2011. Swarm verification techniques. IEEE Trans. Softw. Eng. 37, 6 (Nov. 2011), 845–857. DOI:DOI:https://doi.org/10.1109/TSE.2010.110 Google Scholar
Digital Library
- K. Jiang. 2009. Model checking C programs by translating C to Promela.Google Scholar
- Modex 2018. Modex - Model Extraction. Retrieved from http://spinroot.com/modex/.Google Scholar
- M. Patel, S. Cho, M. Ferdman, and P. Milder. 2019. Runtime-Programmable pipelines for model checkers on FPGAs. In 29th International Conference on Field Programmable Logic and Applications (FPL’19). 51–58.Google Scholar
- Radek Pelánek. 2007. BEEM: benchmarks for explicit model checkers. In Model Checking Software, Dragan Bošnački and Stefan Edelkamp (Eds.). Google Scholar
Digital Library
- Neil R. Storey. 1996. Safety Critical Computer Systems. Addison-Wesley Longman Publishing Co., Inc., Boston, MA. Google Scholar
Digital Library
- SwarmWeb 2017. Swarm Verification Website. Retrieved from http://spinroot.com/swarm/.Google Scholar
Index Terms
Practical Model Checking on FPGAs
Recommendations
An FPGA Implementation of Explicit-State Model Checking
FCCM '08: Proceedings of the 2008 16th International Symposium on Field-Programmable Custom Computing MachinesWe present PHAST, a pipelined hardware accelerated explicit-state model checker. The algorithms and methodologies used to perform the state checking in PHAST are based on the Murphi verifier, developed at Stanford University. Murphi has been used to ...
Conditional model checking: a technique to pass information between verifiers
FSE '12: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software EngineeringSoftware model checking, as an undecidable problem, has three possible outcomes: (1) the program satisfies the specification, (2) the program does not satisfy the specification, and (3) the model checker fails. The third outcome usually manifests itself ...
Model checking for the practical verificationist: a user's perspective on SAL
AFM '07: Proceedings of the second workshop on Automated formal methodsSRI's Symbolic Analysis Laboratory (SAL) is a high-level language-interface to a collection of state-of-the-art model checking tools. SAL contains novel and powerful features, many of which are not available in other model checkers. In this experience ...






Comments