Innovations in Systems and Software Engineering, 2011
We use the Uppaal model checker for Timed Automata to verify the Timing-Sync time-synchronization... more We use the Uppaal model checker for Timed Automata to verify the Timing-Sync time-synchronization protocol for sensor networks (TPSN), the clocksynchronization algorithm of Lenzen, Locher and Wattenhofer for general distributed systems (LLW), and the clock-thread technique of the Software Monitoring with Controllable Overhead algorithm (SMCO). Clocksynchronization algorithms such as TPSN, LLW, and SMCO must be able to perform arithmetic on clock values in order to calculate clock drift and network propagation delays. They must also be able to read the value of a local clock and assign it to another local clock. Such operations are not directly supported by the theory of Timed Automata. To overcome this formal-modeling obstacle, we augment the Uppaal specification language with the integer clock derived type. Integer clocks, which are essentially integer variables that are periodically incremented by a global pulse generator, greatly facilitate the encoding of the operations required to synchronize clocks as in the TPSN, LLW, and SMCO protocols. With these integer-clock-based models in hand, we use Uppaal to verify a number of key correctness properties, including network-wide time synchronization, bounded clock skew, bounded overhead skew, and absence of deadlock. We also use the Uppaal Tracer tool to illustrate how integer clocks can be used to capture clock drift and resynchronization during protocol execution.
International Journal on Software Tools for Technology Transfer, 2012
We introduce the technique of Software Monitoring with Controllable Overhead (SMCO), which is bas... more We introduce the technique of Software Monitoring with Controllable Overhead (SMCO), which is based on a novel combination of supervisory control theory of discrete event systems and PID-control theory of discrete time systems. SMCO controls monitoring overhead by temporarily disabling monitoring of selected events for as short a time as possible under the constraint of a user-supplied target overhead o t. This strategy is optimal in the sense that it allows SMCO to monitor as many events as possible, within the confines of o t. SMCO is a general monitoring technique that can be applied to any system interface or API. We have applied SMCO to a variety of monitoring problems, including two highlighted in this paper: integer range analysis, which determines upper and lower bounds on integer variable values; and Non-Accessed Period (NAP) detection, which detects stale or underutilized memory allocations. We benchmarked SMCO extensively, using both CPU-and I/O-intensive workloads, which often exhibited highly bursty behavior. We demonstrate that SMCO successfully controls overhead across a wide range of target-overhead levels; its accuracy monotonically increases with the target overhead; and it can be configured to distribute monitoring overhead fairly across multiple instrumentation points.
Electronic Notes in Theoretical Computer Science, 2006
We present GMC 2 , a software model checker for GCC, the opensource compiler from the Free Softwa... more We present GMC 2 , a software model checker for GCC, the opensource compiler from the Free Software Foundation (FSF). GMC 2 , which is part of the GMC static-analysis and model-checking tool suite for GCC under development at SUNY Stony Brook, can be seen as an extension of Monte Carlo model checking to the setting of concurrent, procedural programming languages. Monte Carlo model checking is a newly developed technique that utilizes the theory of geometric random variables, statistical hypothesis testing, and random sampling of lassos in Büchi automata to realize a one-sided error, randomized algorithm for LTL model checking. To handle the function call/return mechanisms inherent in procedural languages such as C/C++, the version of Monte Carlo model checking implemented in GMC 2 is optimized for pushdown-automaton models. Our experimental results demonstrate that this approach yields an efficient and scalable software model checker for GCC. R. Grosu, X. Huang and S. Jain were partially supported by the NSF Faculty Early Career Development Award CCR01-33583.
Proceedings 20th IEEE International Parallel & Distributed Processing Symposium, 2006
We present Protagoras, a new plug-in architecture for the GNU compiler collection that allows one... more We present Protagoras, a new plug-in architecture for the GNU compiler collection that allows one to modify GCC's internal representation of the program under compilation. We illustrate the utility of Protagoras by presenting plug-ins for both compile-time and runtime software verification and monitoring. In the compiletime case, we have developed plug-ins that interpret the GIMPLE intermediate representation to verify properties statically. In the runtime case, we have developed plug-ins for GCC to perform memory leak detection, array bounds checking, and reference-count access monitoring.
Innovations in Systems and Software Engineering, 2011
We use the Uppaal model checker for Timed Automata to verify the Timing-Sync time-synchronization... more We use the Uppaal model checker for Timed Automata to verify the Timing-Sync time-synchronization protocol for sensor networks (TPSN), the clocksynchronization algorithm of Lenzen, Locher and Wattenhofer for general distributed systems (LLW), and the clock-thread technique of the Software Monitoring with Controllable Overhead algorithm (SMCO). Clocksynchronization algorithms such as TPSN, LLW, and SMCO must be able to perform arithmetic on clock values in order to calculate clock drift and network propagation delays. They must also be able to read the value of a local clock and assign it to another local clock. Such operations are not directly supported by the theory of Timed Automata. To overcome this formal-modeling obstacle, we augment the Uppaal specification language with the integer clock derived type. Integer clocks, which are essentially integer variables that are periodically incremented by a global pulse generator, greatly facilitate the encoding of the operations required to synchronize clocks as in the TPSN, LLW, and SMCO protocols. With these integer-clock-based models in hand, we use Uppaal to verify a number of key correctness properties, including network-wide time synchronization, bounded clock skew, bounded overhead skew, and absence of deadlock. We also use the Uppaal Tracer tool to illustrate how integer clocks can be used to capture clock drift and resynchronization during protocol execution.
International Journal on Software Tools for Technology Transfer, 2012
We introduce the technique of Software Monitoring with Controllable Overhead (SMCO), which is bas... more We introduce the technique of Software Monitoring with Controllable Overhead (SMCO), which is based on a novel combination of supervisory control theory of discrete event systems and PID-control theory of discrete time systems. SMCO controls monitoring overhead by temporarily disabling monitoring of selected events for as short a time as possible under the constraint of a user-supplied target overhead o t. This strategy is optimal in the sense that it allows SMCO to monitor as many events as possible, within the confines of o t. SMCO is a general monitoring technique that can be applied to any system interface or API. We have applied SMCO to a variety of monitoring problems, including two highlighted in this paper: integer range analysis, which determines upper and lower bounds on integer variable values; and Non-Accessed Period (NAP) detection, which detects stale or underutilized memory allocations. We benchmarked SMCO extensively, using both CPU-and I/O-intensive workloads, which often exhibited highly bursty behavior. We demonstrate that SMCO successfully controls overhead across a wide range of target-overhead levels; its accuracy monotonically increases with the target overhead; and it can be configured to distribute monitoring overhead fairly across multiple instrumentation points.
Electronic Notes in Theoretical Computer Science, 2006
We present GMC 2 , a software model checker for GCC, the opensource compiler from the Free Softwa... more We present GMC 2 , a software model checker for GCC, the opensource compiler from the Free Software Foundation (FSF). GMC 2 , which is part of the GMC static-analysis and model-checking tool suite for GCC under development at SUNY Stony Brook, can be seen as an extension of Monte Carlo model checking to the setting of concurrent, procedural programming languages. Monte Carlo model checking is a newly developed technique that utilizes the theory of geometric random variables, statistical hypothesis testing, and random sampling of lassos in Büchi automata to realize a one-sided error, randomized algorithm for LTL model checking. To handle the function call/return mechanisms inherent in procedural languages such as C/C++, the version of Monte Carlo model checking implemented in GMC 2 is optimized for pushdown-automaton models. Our experimental results demonstrate that this approach yields an efficient and scalable software model checker for GCC. R. Grosu, X. Huang and S. Jain were partially supported by the NSF Faculty Early Career Development Award CCR01-33583.
Proceedings 20th IEEE International Parallel & Distributed Processing Symposium, 2006
We present Protagoras, a new plug-in architecture for the GNU compiler collection that allows one... more We present Protagoras, a new plug-in architecture for the GNU compiler collection that allows one to modify GCC's internal representation of the program under compilation. We illustrate the utility of Protagoras by presenting plug-ins for both compile-time and runtime software verification and monitoring. In the compiletime case, we have developed plug-ins that interpret the GIMPLE intermediate representation to verify properties statically. In the runtime case, we have developed plug-ins for GCC to perform memory leak detection, array bounds checking, and reference-count access monitoring.
Uploads
Papers by Xiaowan Huang