MODELLING AND VERIFICATION OF CONCURRENT PROGRAMS USING UPPAAL Franco Cicirelli, Libero Nigro, Francesco Pupo Laboratorio di Ingegneria del Software Dipartimento di Elettronica Informatica e Sistemistica Università della Calabria 87036 Rende (CS) – Italy Email: f.cicirelli@deis.unical.it, {l.nigro,f.pupo}@unical.it KEYWORDS Modelling and verification, simulation, concurrency, mutual exclusion, synchronizers, timed automata, UPPAAL, Java. ABSTRACT This paper describes the design and implementation of a library of reusable UPPAAL template processes which support reasoning and property checking of concurrent programs, e.g. to be realized in the Java programming language. The stimulus to the development of the library originated in the context of a systems programming undergraduate course. The library, though, can be of help to general practitioners of concurrent programming which nowadays are challenged to exploiting the potentials of modern multi- core architectures. The paper describes the library and demonstrates its usage to modelling and exhaustive verification of mutual exclusion and common concurrent structures and synchronizers. UPPAAL was chosen because it is a popular and continually improved toolbox based on timed automata and model checking and it is provided of a user-friendly graphical interface which proves very important for debugging and property assessment of concurrent models. Java was considered as target implementation language because of its diffusion among application developers. INTRODUCTION Current technological trend on multi-core machines challenges developers to exploit concurrency in general purpose applications which can have a performance gain from the computational parallelism offered by modern personal computers. However, as students and developers know, concurrent programs are hard to design and difficult to debug. Common experimented problems include race conditions, deadlocks and starvation (Stallings, 2005)(Silberschatz et al, 2010). Motivated by the desire to help students of a systems programming undergraduate course to have a more critical approach to concurrent programming, authors have designed and prototyped a reausable library of UPPAAL (Bengtsson and Yi, 2003)(Behrmann et al., 2004) template processes. The library enables a concurrent solution to be formally modelled as a network of timed automata (Alur and Dill, 1994), to animate it in simulation to check qualitative behaviour thus making a preliminary debug, and to prove (provided the model is not too large) functional/temporal properties of the system at hand through model checking (Clarke et al., 2000)(Cicirelli et al., 2007)(Cicirelli et al., 2009)(Furfaro and Nigro, 2007). The approach is similar but independent and original with respect to that described in (Hamber and Vaandrager, 2008). A key factor of the work described in this paper concerns the development of concurrent structures and synchronizers which are inspired by the concurrent package of the Java programming language. The UPPAAL toolbox was chosen because it is popular, it is continually improved and it is efficient (in space and time) in the handling of large model state graphs. Moreover, the toolbox offers a friendly graphical user interface which facilitates reasoning upon model behaviour. This paper describes (part of) the developed library and demonstrates its usefulness by studying mutual exclusion algorithms and by showing some common concurrent synchronizers which are available in the Java programming language. Concurrent models are then applied to a sample problem. The approach makes it simple to transform a concurrent solution model into a corresponding Java implementation. The solutions, though, can be ported to other languages as well. Finally, conclusions are drawn with an indication of further work. MUTUAL EXCLUSION ALGORITHMS Concurrent processes accessing shared data require two kinds of mechanisms (see e.g. (Stallings, 2005)(Silberschatz et al., 2010)): mutual exclusion which guarantees only one process at a time can enter its critical section, and synchronization, i.e. the possibility for a process in a critical section to suspend its execution when the data values do not permit the process to complete its operations. In this section the focus is on mutual exclusion based on busy-waiting by “pure software” solutions (other solutions can be based on the hardware support, e.g. test and set instructions or the interrupt system). Such mutual exclusion algorithms are normally discussed in a systems programming course for introducing students to race conditions and Proceedings 25th European Conference on Modelling and Simulation ©ECMS Tadeusz Burczynski, Joanna Kolodziej Aleksander Byrski, Marco Carvalho (Editors) ISBN: 978-0-9564944-2-9 / ISBN: 978-0-9564944-3-6 (CD)