Mercury

Copyright (c) 2008-2017 LAAS-CNRS / Vertics

Mercury is a high performance Model Checker developed for multicore, multiprocessors machine with shared memory. It is a state-of-the art Model Checking playground specially developed to experiment different approaches for  Parallel State Space construction  (graph traversal)  and Parallel Model Checking of temporal formulas.

We classify Mercury as a decent Model checker in terms of memory usage, but also friendly with respect to the work-sharing policies that are used for the state space generation (mercury uses the work-stealing strategy):   at no point, it imposes a restriction on the way work is shared among the processors. This includes both the construction of the state space as the detection of cycles in parallel, which is one of the key points of performance for the evaluation of more complex formulas.

With Mercury, we successfully tested 6 different concurrent data structures for exhaustive parallel state space construction, 3 data structures for probabilistic state space construction and 3 algorithms for parallel model checking. We used Mercury to compare our novel algorithms with classical approaches reported in the literature (see PUBLICATIONS).

Features:

  1. Parallel State Space Exploration
    • Local Sub-CTL Model Checking
  2. Probabilistic State Space Exploration
    • Reachability analysis
  3. NEW: Disc based State Space Exploration
    • Currently, supports only the state space exploration (prints the number of states and transitions);
    • The state space and the exploration stacks are partitioned on the hard disk;
    • Coming soon: Reachability analysis

History and Technical Details

I started developing Mercury in 2009 as part of my Ph.D. thesis at LAAS (Toulouse France) under the supervision of Bernard Berthomieu and Silvano Dal Zilio. My main motivation was to implement a simple but powerful model checker engine to experiment different algorithms for Parallel Model Checking. It is implemented using the C language with Pthreads for concurrency and the Hoard Library for parallel memory allocation.  It uses the work-stealing strategy for work-load and most of the data structures (hash tables, stacks, list, avl trees, etc) were specially developed for Mercury in order to obtain the best performance as possible.

Benchmark (Speedup)

In Figure 1 we give the observed speedup of Mercury on a set of examples. We give the absolute speedup, measured as the ratio between the execution time using n processors (tn) and the time of an optimized, sequential version (ts).  Mercury delivers promising speedups. The results also show different behaviors according to the model. For instance, Mercury efficiency may vary between 90% (Hanoi model) and 51% (Kanban model), whereas the system occupancy is consistently over 95%. Clearly, the algorithm depends on the degree of concurrency of the model — it is not necessary to use lots of processors for a model with few concurrent actions — but this is an inherent limitation with parallel state space construction [EL08], which is an irregular problem.

lt_ratio_speedup

Concerning the use of memory, we can measure the quality of the distribution of the state space using the mean standard deviation (σ) of the number of states among the processors. In our experiments, we observe that the value of σ is quite small and that it stays stable when we change the number of processors. For instance, we have σ ~ 1.5% for the Hanoi model and σ ~ 7% for Kanban. The difference between values of σ can be explained by the difference in the degree of concurrency.  It may also be affected by the processor’s performance, that is, a processor that handles simpler states — states whose transition firing involves a small number of operations — may dynamically assign more states than others. Finally, our experiments are also affected by the Non-Uniform Memory Access (NUMA) architecture of our machine, where the latency and bandwidth characteristics of memory actions depend on the processor or memory region being accessed.

Installation

Mercury is available as an open source project under the MIT Licence. You can download the source from github or use the binary (64bits).

See section Installation to check the dependencies to use Mercury.

Usage

Mercury binary is a command-line program. A normal execution is performed by giving the optional flags followed by a valid input file. As input, it accepts only textual Petri Net models written using the .net format (the same that is used by Tina/LAAS-CNRS). The exploration of a system will normally generate a textual output. A second group of options can be used to define some initial parameters of the algorithm. They are useful when the user can provide an approximate value for the size of the state space and/or a formula to be verified.

See section USAGE for some examples of model checking using Mercury.

Downloads

Check our section DOWNLOADS for the latest build.

License and Copyright

Mercury is distributed under the MIT License. See section license to access the MIT License in details.