Verifying Parallel Programs

Transcription

1 Verifying Parallel Programs Stephen F. Siegel The Verified Software Laboratory Department of Computer and Information Sciences University of Delaware, Newark, USA SIG-NEWGRAD 5 October

2 1968 NATO Conference on Software Engineering response to software crisis the difficulty of writing correct, understandable and verifiable computer programs (Wikipedia) 2

3 1968 NATO Conference on Software Engineering response to software crisis the difficulty of writing correct, understandable and verifiable computer programs (Wikipedia) birth of software engineering the application of a systematic, disciplined, quantifiable approach to the development, operation and maintenance of software 2

4 1968 NATO Conference on Software Engineering response to software crisis the difficulty of writing correct, understandable and verifiable computer programs (Wikipedia) birth of software engineering the application of a systematic, disciplined, quantifiable approach to the development, operation and maintenance of software...the consequences of software failure in all its aspects are becoming increasingly serious. Particularly alarming is the seemingly unavoidable fallibility of large software, since a malfunction in an advanced hardware-software system can be a matter of life and death, not only for individuals, but also for vehicles carrying hundreds of people and ultimately for nations as well. David and Fraser 2

5 Other Observations on the Software Crisis 1994: Scientific American, Software s Chronic Crisis, by W. Wayt Gibbs 1/4 large software development efforts canceled average development project overshoots schedule by 50% 3/4 of large systems are operating failures do not function as intended or are not used at all 3

6 Other Observations on the Software Crisis 1994: Scientific American, Software s Chronic Crisis, by W. Wayt Gibbs 1/4 large software development efforts canceled average development project overshoots schedule by 50% 3/4 of large systems are operating failures do not function as intended or are not used at all software is expected to fail releases contain long lists of known bugs...you ARE NOT ENTITLED TO ANY DAMAGES, INCLUDING BUT NOT LIMITED TO CONSEQUENTIAL DAMAGES, if the Software does not meet Microsoft s Limited Warranty, and, to the maximum extent allowed by applicable law, even if any remedy fails of its essential purpose... imagine if other engineered products (bridges, cars,...) had similar standards 3

7 Famous Software Failures: Ariane 5 Flight 501 References Ariane 5: Flight 501 Failure: Report by the Inquiry Board, Prof. J. L. Lions, Chairman, July 19, Summary June 4, 1996: first launch of Ariane 5 $10 billion to develop carried four expensive (and uninsured) scientific satellites exploded 37 seconds after lift-off result of software failure: out-of-range cast 4

8 Les Hatton: The Chimera of Software Quality A u g u s t TH E PR OF ESSI ON The Chimera of Software Quality Les Hatton Kingston University Despite years of computing progress, today's systems experience spectacular and all-too-frequent crashes, while many enormously expensive projects fail to produce anything useful. Of equal importance, and potentially more damaging, are the misleading smaller defects we tend to miss. From time to time, we must remind ourselves that the underlying quality of the software that our results and progress increasingly depend on will likely be flawed and even more dependent on independent corroboration than the science itself. Many scientific results are corrupted, perhaps fatally so, by undiscovered mistakes in the software used to calculate and present those results. Commercial application areas I've spent the past 30 years analyzing the quality of software-controlled systems. In every area I've looked at or worked in, often previously undiscovered software defects run rife. In scientific modeling, these defects can lead to highly misleading results. Twelve years ago, with a coauthor, I published the results of a large study of high-quality signal-processing software in the oil industry. Previously undiscovered defects had effectively reduced accuracy in 5this data from six significant figures to between

9 Les Hatton: The Chimera of Software Quality study of signal-processing software in oil industry undiscovered defects had reduced accuracy from 6 significant digits to 1 2 data is used to site oil wells requires at least 3 significant digits daily forecasting model of the UK Meteorological Office undiscovered defects zeroed the nonlinear terms in the Navier-Stokes equations every other time step it turned out to make very little difference 6

10 Parallel Programs two main styles 1. shared-variable multi-threaded programs (Java, C,...) single- or multi-core architectures 2. message-passing scientific programs using MPI distributed systems massively-parallel systems nondeterminism any aspect of program execution not specified by program code multiple interleavings 7

11 Verification Approaches: Testing run program on some input, compare with expected result 8

12 Verification Approaches: Testing run program on some input, compare with expected result weaknesses in general, can only test a tiny fraction of inputs the program will experience in use Program testing can be used to show the presence of bugs, but never to show their absence! Edsger Dijkstra 8

13 Verification Approaches: Testing run program on some input, compare with expected result weaknesses in general, can only test a tiny fraction of inputs the program will experience in use Program testing can be used to show the presence of bugs, but never to show their absence! Edsger Dijkstra nondeterminism a correct result on a test execution does not guarantee a correct result on another execution with the same input 8

14 Verification Approaches: Testing run program on some input, compare with expected result weaknesses in general, can only test a tiny fraction of inputs the program will experience in use Program testing can be used to show the presence of bugs, but never to show their absence! Edsger Dijkstra nondeterminism a correct result on a test execution does not guarantee a correct result on another execution with the same input requires a test oracle what if you don t know the correct result? 8

15 Verification Approaches: Testing run program on some input, compare with expected result weaknesses in general, can only test a tiny fraction of inputs the program will experience in use Program testing can be used to show the presence of bugs, but never to show their absence! Edsger Dijkstra nondeterminism a correct result on a test execution does not guarantee a correct result on another execution with the same input requires a test oracle what if you don t know the correct result? consumes an enormous portion of development effort 50%? 8

16 Verification Approaches: Finite-State Verification (FSV) encompasses a wide variety of techniques state space reachability analysis temporal logic model checking symbolic model checking (e.g., with Binary Decision Diagrams) Boolean Satisfiability (SAT) checking Integer Linear Programming (ILP) dataflow analysis symbolic execution 10

17 The Three Tasks Involved in an FSV Technique 11

18 The Three Tasks Involved in an FSV Technique 1. construct a model of the program using only a finite number of states 11

19 The Three Tasks Involved in an FSV Technique 1. construct a model of the program using only a finite number of states 2. formalize correctness properties for the model 11

20 The Three Tasks Involved in an FSV Technique 1. construct a model of the program using only a finite number of states 2. formalize correctness properties for the model 3. use automated algorithmic techniques to verify that all executions of the model satisfy the properties 11

21 The Three Tasks Involved in an FSV Technique 1. construct a model of the program using only a finite number of states 2. formalize correctness properties for the model 3. use automated algorithmic techniques to verify that all executions of the model satisfy the properties What is a model? a simplified or abstract version of the program, often written in a modeling language for a particular FSV tool impose small bounds on configuration (L, N, M 6) floating-point variables are usually not used in models Small Configuration Hypothesis defects almost always manifest themselves in small configurations 11

22 The Three Tasks Involved in an FSV Technique 1. construct a model of the program using only a finite number of states 2. formalize correctness properties for the model 3. use automated algorithmic techniques to verify that all executions of the model satisfy the properties What is a state of the model? a vector with one component for each variable in the model 11

23 The Three Tasks Involved in an FSV Technique 1. construct a model of the program using only a finite number of states 2. formalize correctness properties for the model 3. use automated algorithmic techniques to verify that all executions of the model satisfy the properties What are typical properties of models? freedom from deadlock assertions about the state assert(x==y*z); assertions about the order of events (temporal logic) ((x==1) = (y==1)) 11

24 Example: Shared Resource boolean x; proc rw0 { while (true) { x := 0; synch(); if (x == 0) use_resource(); proc rw1 { while (true) { x := 1; synch(); if (x == 1) use_resource();

25 Example: Shared Resource Property 1: Freedom from deadlock The program does not deadlock Property 2: Mutual exclusion It is never the case that both processes use the resource 032 at020 the same102 time. 123 Property 3: Liveness The resource 002will eventually 030 be 103used. 120 State: [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); if (x == 0) use_resource(); proc rw1 { while (true) { x := 1; synch(); if (x == 1) use_resource();

26 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); if (x == 0) use_resource(); proc rw1 { while (true) { x := 1; synch(); if (x == 1) use_resource();

27 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); if (x == 0) use_resource(); proc rw1 { while (true) { x := 1; synch(); if (x == 1) use_resource();

28 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); 2 if (x == 0) use_resource(); proc rw1 { while (true) { 0 x := 1; 1 synch(); if (x == 1) use_resource();

29 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); 2 if (x == 0) use_resource(); proc rw1 { while (true) { 0 x := 1; 1 synch(); if (x == 1) use_resource();

30 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); 2 if (x == 0) use_resource(); proc rw1 { while (true) { 0 x := 1; 1 synch(); if (x == 1) use_resource();

31 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); 2 if (x == 0) use_resource(); proc rw1 { while (true) { 0 x := 1; 1 synch(); if (x == 1) use_resource();

32 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); 2 if (x == 0) use_resource(); proc rw1 { while (true) { 0 x := 1; 1 synch(); if (x == 1) use_resource();

33 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); 2 if (x == 0) use_resource(); proc rw1 { while (true) { 0 x := 1; 1 synch(); if (x == 1) use_resource();

34 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); 2 if (x == 0) use_resource(); proc rw1 { while (true) { 0 x := 1; 1 synch(); if (x == 1) use_resource();

35 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); 2 if (x == 0) use_resource(); proc rw1 { while (true) { 0 x := 1; 1 synch(); if (x == 1) use_resource();

36 Example: Shared Resource [x, pc 0, pc 1 ] boolean x; proc rw0 { while (true) { x := 0; synch(); 2 if (x == 0) use_resource(); proc rw1 { while (true) { 0 x := 1; 1 synch(); if (x == 1) use_resource();

37 FSV: Strengths and Weaknesses strengths can prove things about all possible executions of a program can be (close to) fully automated produces a trace as counterexample when property does not hold 14

38 FSV: Strengths and Weaknesses strengths can prove things about all possible executions of a program can be (close to) fully automated produces a trace as counterexample when property does not hold weaknesses model construction problems the result is only as good as the model state space explosion problem the number of states typically grows exponentially with the number of processes 14

39 FSV: Strengths and Weaknesses strengths can prove things about all possible executions of a program can be (close to) fully automated produces a trace as counterexample when property does not hold weaknesses model construction problems the result is only as good as the model state space explosion problem the number of states typically grows exponentially with the number of processes progress in automatic model extraction development of techniques to combat state explosion industrial use Intel, Motorola, Microsoft,... 14

40 Model Checking for Scientific Computing questions what does it mean for a scientific program to be correct? how does one model floating-point computation? 15

41 Correctness assume we are given 1. a trusted sequential version of the program, and 2. a parallel version of the program our approach prove the two versions are functionally equivalent produce the same output for any given input 16

42 How do we model floating-point computation? one double-precision floating-point variable has 2 64 possible states abstraction? 17

43 How do we model floating-point computation? one double-precision floating-point variable has 2 64 possible states abstraction? Input: symbolic constants x 0, x 1,... Output: symbolic expressions in the x i x 0 x 4 + x 1 x 6 = x 1 x 6 x 0 x (x 0 x 4 ) + x 1 x 6 = (0.0 + (x 0 x 4 )) + x 1 x 6 17

44 How do we represent symbolic expressions? Value numbering place all symbolic expressions in an expression table every expression has a unique ID number 18

45 How do we represent symbolic expressions? Value numbering place all symbolic expressions in an expression table every expression has a unique ID number in the model... replace all floating-point values with ID numbers 18

46 How do we represent symbolic expressions? Value numbering place all symbolic expressions in an expression table every expression has a unique ID number in the model... replace all floating-point values with ID numbers replace all floating-point operations with symbolic operations to evaluate x + y: is x + y already in the table? if yes, return its ID number if no, create new table entry and return new ID number 18

47 i e i 19

48 i e i 0 (, 0.0) (, 1.0)

49 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x C = =

50 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x C = =

51 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x C = x0 x =

52 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x C = x0 x =

53 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x C = 0 0 (0.0+x0 x = 4 )+x 1 x

54 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x C = 0 0 (0.0+x0 x = 4 )+x 1 x

55 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x C = 0 0 (0.0+x0 x = 4 )+x 1 x x 0 x

56 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x 5 16 (, 3, 9) x 1 x C = 0 0 (0.0+x0 x = 4 )+x 1 x x 0 x

57 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x 5 16 (, 3, 9) x 1 x 7 17 (, 15, 16) (0.0+x 0 x 5 )+x 1 x C = 0 0 (0.0+x0 x = 4 )+x 1 x 6 (0.0+x 0 x 5 )+x 1 x

58 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x 5 16 (, 3, 9) x 1 x 7 17 (, 15, 16) (0.0+x 0 x 5 )+x 1 x 7 18 (, 4, 6) x 2 x C = 0 0 (0.0+x0 x = 4 )+x 1 x 6 (0.0+x 0 x 5 )+x 1 x

59 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x 5 16 (, 3, 9) x 1 x 7 17 (, 15, 16) (0.0+x 0 x 5 )+x 1 x 7 18 (, 4, 6) x 2 x 4 19 (, 0, 12) 0.0+x 2 x C = 19 0 (0.0+x0 x = 4 )+x 1 x 6 (0.0+x 0 x 5 )+x 1 x x 2 x

60 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x 5 16 (, 3, 9) x 1 x 7 17 (, 15, 16) (0.0+x 0 x 5 )+x 1 x 7 18 (, 4, 6) x 2 x 4 19 (, 0, 12) 0.0+x 2 x 4 20 (, 5, 8) x 3 x C = 19 0 (0.0+x0 x = 4 )+x 1 x 6 (0.0+x 0 x 5 )+x 1 x x 2 x

61 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x 5 16 (, 3, 9) x 1 x 7 17 (, 15, 16) (0.0+x 0 x 5 )+x 1 x 7 18 (, 4, 6) x 2 x 4 19 (, 0, 12) 0.0+x 2 x 4 20 (, 5, 8) x 3 x 6 21 (, 19, 20) (0.0+x 2 x 4 )+x 3 x C = 21 0 (0.0+x0 x = 4 )+x 1 x 6 (0.0+x 0 x 5 )+x 1 x 7 (0.0+x 2 x 4 )+x 3 x

62 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x 5 16 (, 3, 9) x 1 x 7 17 (, 15, 16) (0.0+x 0 x 5 )+x 1 x 7 18 (, 4, 6) x 2 x 4 19 (, 0, 12) 0.0+x 2 x 4 20 (, 5, 8) x 3 x 6 21 (, 19, 20) (0.0+x 2 x 4 )+x 3 x 6 22 (, 4, 7) x 2 x C = 21 0 (0.0+x0 x = 4 )+x 1 x 6 (0.0+x 0 x 5 )+x 1 x 7 (0.0+x 2 x 4 )+x 3 x

63 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x 5 16 (, 3, 9) x 1 x 7 17 (, 15, 16) (0.0+x 0 x 5 )+x 1 x 7 18 (, 4, 6) x 2 x 4 19 (, 0, 12) 0.0+x 2 x 4 20 (, 5, 8) x 3 x 6 21 (, 19, 20) (0.0+x 2 x 4 )+x 3 x 6 22 (, 4, 7) x 2 x 5 23 (, 0, 22) 0.0+x 2 x C = (0.0+x0 x = 4 )+x 1 x 6 (0.0+x 0 x 5 )+x 1 x 7 (0.0+x 2 x 4 )+x 3 x x 2 x 5 19

64 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x 5 16 (, 3, 9) x 1 x 7 17 (, 15, 16) (0.0+x 0 x 5 )+x 1 x 7 18 (, 4, 6) x 2 x 4 19 (, 0, 12) 0.0+x 2 x 4 20 (, 5, 8) x 3 x 6 21 (, 19, 20) (0.0+x 2 x 4 )+x 3 x 6 22 (, 4, 7) x 2 x 5 23 (, 0, 22) 0.0+x 2 x 5 24 (, 5, 9) x 3 x C = (0.0+x0 x = 4 )+x 1 x 6 (0.0+x 0 x 5 )+x 1 x 7 (0.0+x 2 x 4 )+x 3 x x 2 x 5 19

65 i e i 0 (, 0.0) (, 1.0) (, 0) x 0 3 (, 1) x 1 4 (, 2) x 2 5 (, 3) x 3 6 (, 4) x 4 7 (, 5) x 5 8 (, 6) x 6 9 (, 7) x 7 10 (, 2, 6) x 0 x 4 11 (, 0, 10) 0.0+x 0 x 4 12 (, 3, 8) x 1 x A = 4 5 x0 x = 1 x 2 x B = 8 9 x4 x = 5 x 6 x 7 i e i 13 (, 11, 12) (0.0+x 0 x 4 )+x 1 x 6 14 (, 2, 7) x 0 x 5 15 (, 0, 14) 0.0+x 0 x 5 16 (, 3, 9) x 1 x 7 17 (, 15, 16) (0.0+x 0 x 5 )+x 1 x 7 18 (, 4, 6) x 2 x 4 19 (, 0, 12) 0.0+x 2 x 4 20 (, 5, 8) x 3 x 6 21 (, 19, 20) (0.0+x 2 x 4 )+x 3 x 6 22 (, 4, 7) x 2 x 5 23 (, 0, 22) 0.0+x 2 x 5 24 (, 5, 9) x 3 x 7 25 (, 23, 24) (0.0+x 2 x 5 )+x 3 x C = (0.0+x0 x = 4 )+x 1 x 6 (0.0+x 0 x 5 )+x 1 x 7 (0.0+x 2 x 4 )+x 3 x 6 (0.0+x 2 x 5 )+x 3 x 7 19

66 Current Projects tools MPI-Spin Mover(coming soon...) a number of case studies ECCSVM/BlobFlow vortex method fluid dynamics code Prof. Lou Rossi, Math Dept. a number of techniques for mitigating state explosion abstractions for scientific computing 20