| 19 | | The CIVL-C language is primarily intended to be an intermediate representation for verification. A C program using MPI, CUDA, OpenMP, Pthreads, or another API (or even some combination of APIs), will be automatically translated into CIVL-C and then verified. The advantages of such a framework are clear: the developer of a new verification technique could implement it for CIVL-C and then immediately see its impact across a broad range of concurrent programs. Likewise, when a new concurrency API is introduced, one only needs to implement a translator from it to CIVL-C in order to reap the benefits of all the verification tools in the platform. Programmers would have a valuable verification and debugging tool, while API designers could use CIVL as a "sandbox" to investigate possible API modifications, additions, and interactions. |
| | 19 | A user can write programs in CIVL-C directly, or use one of the front-ends that translates from a "real" programming language to CIVL-C. |
| | 20 | |
| | 21 | When used in the first way, CIVL-C may be considered a modeling language, similar to Promela (the language used by the model checker Spin). This is useful for exploring and verifying algorithms, especially concurrent algorithms. The main difference between CIVL-C and Promela is that CIVL-C includes almost all of the language constructs in C, including floating-point numbers, arrays of any type, structs, functions, pointers, dynamic allocation (malloc and free), and pointer arithmetic. Like Spin, the CIVL verifier can be used to perform an exhaustive search of a state space. Unlike Spin, the CIVL verifier uses symbolic execution, so in a CIVL state, variables may be assigned symbolic expressions, not just concrete values. This allows the verifier to check properties of the form ''the assertions hold for all possible inputs'' and ''the two given programs are functionally equivalent.'' |
| | 22 | |
| | 23 | When used in the second way, a C program using MPI, CUDA, OpenMP, or Pthreads, (or even some combination of these APIs), will be automatically translated into CIVL-C and then verified. The advantages of such a framework are clear: the developer of a new verification technique could implement it for CIVL-C and then immediately see its impact across a broad range of concurrent programs. Likewise, when a new concurrency API is introduced, one only needs to implement a translator from it to CIVL-C in order to reap the benefits of all the verification tools in the platform. Programmers would have a valuable verification and debugging tool, while API designers could use CIVL as a "sandbox" to investigate possible API modifications, additions, and interactions. |
