Ring Establishment Algorithm Barrier Algorithm Formalization and Veri cation of MPD with Spin Formalization and Veri cation of MPD with Otter Results and Comparisons Comparison of Formalizations Performance Comparison A Note on Model Sizes

DISCLAIMER This report was prepared as an account o f w ork sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor The University of Chicago, nor any of their employees or oocers, makes any w arranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately-owned rights. Reference herein to any speciic commercial product, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government o r a n y agency thereof. The views and opinions of document authors expressed herein do not necessarily state or reeect those of the United States Government o r a n y agency thereof. ii Contents Abstract 1 1 Introduction 1 2 The MultiPurpose Daemon 2 2. Abstract We report on an eort to develop methodologies for formal veriication of parts of the MultiPurpose Daemon (MPD) parallel process management system. MPD is a distributed collection of communicating processes. While the individual components of the collection execute simple algorithms, their interaction leads to unexpected errors that are diicult to uncover by conventional means. Two v eriication approaches are discussed here: the standard model checking approach using the software model checker Spin and the nonstandard use of a general-purpose rst-order resolution-style theorem prover Otter to conduct the traditional state space exploration. We compare modeling methodology and analyze performance and scalability of the two methods with respect to veriication of MPD.