UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin. Formal Methods & Tools.

Similar documents
Multi-core Model Checking with LTSmin

FORMAL MODELING AND VERIFICATION OF MULTI-AGENTS SYSTEM USING WELL- FORMED NETS

Comparing Model Checkers Through Sokoban

Timed Games UPPAAL-TIGA. Alexandre David

Formal Composition for. Time-Triggered Systems

Shuffled Complex Evolution

Intelligent Agents & Search Problem Formulation. AIMA, Chapters 2,

Scheduling. Radek Mařík. April 28, 2015 FEE CTU, K Radek Mařík Scheduling April 28, / 48

How Much Memory is Needed to Win in Partial-Observation Games

Game Tree Search. CSC384: Introduction to Artificial Intelligence. Generalizing Search Problem. General Games. What makes something a game?

Business Process Management

Contribution to the Smecy Project

Practice Session 2. HW 1 Review

Compressing Pattern Databases

Distributed Systems Programming (F21DS1) Formal Methods for Distributed Systems

Adversarial Search. Robert Platt Northeastern University. Some images and slides are used from: 1. CS188 UC Berkeley 2. RN, AIMA

On Variable Dependencies and Compressed Pattern Databases

UNIT-III LIFE-CYCLE PHASES

Towards Verification of a Service Orchestration Language. Tan Tian Huat

General Game Playing (GGP) Winter term 2013/ Summary

Planning and Optimization

Mixed Synchronous/Asynchronous State Memory for Low Power FSM Design

5.1 State-Space Search Problems

OSPF Domain / OSPF Area. OSPF Advanced Topics. OSPF Domain / OSPF Area. Agenda

THERE is a growing need for high-performance and. Static Leakage Reduction Through Simultaneous V t /T ox and State Assignment

Games and Adversarial Search II

Characteristics of Routes in a Road Traffic Assignment

Analysis of Workflow Graphs through SESE Decomposition

Notes for Recitation 3

Game Tree Search. Generalizing Search Problems. Two-person Zero-Sum Games. Generalizing Search Problems. CSC384: Intro to Artificial Intelligence

Image interpretation and analysis

Theorem Proving and Model Checking

Session 3 _ Part A Effective Coordination with Revit Models

A New Enhanced SPFD Rewiring Algorithm

CUDA Threads. Terminology. How it works. Terminology. Streaming Multiprocessor (SM) A SM processes block of threads

A Move Generating Algorithm for Hex Solvers

Immersive Authoring of Tangible Augmented Reality Applications

Announcements. CS 188: Artificial Intelligence Fall Today. Tree-Structured CSPs. Nearly Tree-Structured CSPs. Tree Decompositions*

CS 229 Final Project: Using Reinforcement Learning to Play Othello

Image Processing Computer Graphics I Lecture 20. Display Color Models Filters Dithering Image Compression

6. FUNDAMENTALS OF CHANNEL CODER

Enhancing System Architecture by Modelling the Flash Translation Layer

2. The Extensive Form of a Game

UNIVERSITY of PENNSYLVANIA CIS 391/521: Fundamentals of AI Midterm 1, Spring 2010

VLSI Design Verification and Test Delay Faults II CMPE 646

Recognition System for Pakistani Paper Currency

UCS-805 MOBILE COMPUTING NIT Agartala, Dept of CSE Jan-May,2011

Automated Analysis and Synthesis of Block-Cipher Modes of Operation

VLSI System Testing. Outline

Pervasive Services Engineering for SOAs

CMPUT 657: Heuristic Search

Game-Playing & Adversarial Search Alpha-Beta Pruning, etc.

From Wireless Network Coding to Matroids. Rico Zenklusen

Detecticon: A Prototype Inquiry Dialog System

Lecture 19 November 6, 2014

Game Playing. Why do AI researchers study game playing? 1. It s a good reasoning problem, formal and nontrivial.

Classifier-Based Approximate Policy Iteration. Alan Fern

arxiv: v1 [cs.ai] 13 Dec 2014

Multi-Clock SoC Design using Protocol Conversion

CS 188: Artificial Intelligence Spring 2007

The Challenge of Hardware-Software Co-Verification

Collectives Pattern. Parallel Computing CIS 410/510 Department of Computer and Information Science. Lecture 8 Collective Pattern

Heuristic Search with Pre-Computed Databases

Design and Performance Analysis of a Reconfigurable Fir Filter

An Efficient Reconfigurable Fir Filter based on Twin Precision Multiplier and Low Power Adder

Path Planning as Search

CS-E4800 Artificial Intelligence

Assignment II: Set. Objective. Materials

FIFO WITH OFFSETS HIGH SCHEDULABILITY WITH LOW OVERHEADS. RTAS 18 April 13, Björn Brandenburg

Algorithms and Data Structures

Markov Chains in Pop Culture

1. Introduction to Game Theory

EE241 - Spring 2000 Advanced Digital Integrated Circuits. Project Presentations

Parallel Dynamic and Selective Community Detection in Massive Streaming Graphs

An efficient algorithm for solving nonograms

Collectives Pattern CS 472 Concurrent & Parallel Programming University of Evansville

Technical framework of Operating System using Turing Machines

A Novel Low-Power Scan Design Technique Using Supply Gating

Vector-Based Metrics for Assessing Technology Maturity

Conflict Management in Multiagent Robotic System: FSM and Fuzzy Logic Approach

Algorithms for solving sequential (zero-sum) games. Main case in these slides: chess. Slide pack by Tuomas Sandholm

Informatics 2D: Tutorial 1 (Solutions)

A Review of Current Routing Protocols for Ad Hoc Mobile Wireless Networks

CSE 573: Artificial Intelligence Autumn 2010

The K.U.Leuven CHR System: Implementation and Application

MOBILE COMPUTING NIT Agartala, Dept of CSE Jan-May,2012

A MULTIMEDIA CONSTELLATION DESIGN METHOD

Symbolic Classification of General Two-Player Games

Algorithmique appliquée Projet UNO

Computational aspects of two-player zero-sum games Course notes for Computational Game Theory Section 3 Fall 2010

CSE 332: Data Structures and Parallelism Games, Minimax, and Alpha-Beta Pruning. Playing Games. X s Turn. O s Turn. X s Turn.

Image Processing. Adrien Treuille

Dynamic Games: Backward Induction and Subgame Perfection

Game-Playing & Adversarial Search

CS 621 Mobile Computing

A SIGNAL DRIVEN LARGE MOS-CAPACITOR CIRCUIT SIMULATOR

Synthesis of Low Power CED Circuits Based on Parity Codes

Intuitive Guide to Principles of Communications By Charan Langton Coding Concepts and Block Coding

Course Introduction and Overview of Software Engineering. Richard N. Taylor Informatics 211 Fall 2007

Increasing Reliability in the Development of Intelligent Environments

Transcription:

UNIVERSITY OF TWENTE. Formal Methods & Tools. Guard-based Partial-Order Reduction in LTSmin Alfons Laarman, Elwin Pater, Jaco van de Pol, Michael Weber 8 july 2013 SPIN 13, Stony Brook

LTSmin Tool Architecture (1) Specification Languages mcrl2 Promela DVE UPPAAL PINS Reachability Tools Distributed Multi core Symbolic UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 2 / 16

LTSmin Tool Architecture (1) Specification Languages mcrl2 Promela DVE UPPAAL PINS Reachability Tools Distributed Multi core Symbolic Functionality On-the-fly detection of errors: deadlocks, actions, invariant violations On-the-fly LTL model checking for liveness (Nested DFS) Symbolic model checker for CTL*, full µ-calculus State space generation, bisimulation minimization, export State and edge labels support timed and stochastic systems UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 2 / 16

LTSmin Tool Architecture (2) Specification Languages mcrl2 Promela DVE UPPAAL PINS Pins2pins Wrappers Transition caching Variable reordering Transition grouping Partial order reduction PINS Reachability Tools Distributed Multi core Symbolic UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 3 / 16

Pins interface Partitioned Interface for Next States: States are partitioned into vector of N state variables The next-state function is partitioned into M transition groups Show locality: N M dependency matrix (hopefully sparse) indicates which state parts each transition group depends on UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 4 / 16

Pins interface Partitioned Interface for Next States: States are partitioned into vector of N state variables The next-state function is partitioned into M transition groups Show locality: N M dependency matrix (hopefully sparse) indicates which state parts each transition group depends on On-the-fly access to the state space via an API: Three basic functions init-state(): returns the initial state vector next-state(i,s): successors of state s in transition group i get-matrix: returns the dependency matrix D M N UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 4 / 16

Dependency Matrix: caching and regrouping global int x=7; process p1() { do ::{x>0 -> x--;y++} ::{x>0 -> x--;z++} od } UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 5 / 16

Dependency Matrix: caching and regrouping global int x=7; process p1() { do ::{x>0 -> x--;y++} ::{x>0 -> x--;z++} od } global int y=3; process p2() { do ::{y>0 -> y--;x++} ::{y>0 -> y--;z++} od } global int z=9; process p3() { do ::{z>0 -> z--;x++} ::{z>0 -> z--;y++} od } UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 5 / 16

Dependency Matrix: caching and regrouping global int x=7; process p1() { do ::{x>0 -> x--;y++} ::{x>0 -> x--;z++} od } Process Matrix x y z p1 + + + p2 + + + p3 + + + In general: using r/w/+ global int y=3; process p2() { do ::{y>0 -> y--;x++} ::{y>0 -> y--;z++} od } global int z=9; process p3() { do ::{z>0 -> z--;x++} ::{z>0 -> z--;y++} od } UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 5 / 16

Dependency Matrix: caching and regrouping global int x=7; process p1() { do ::{x>0 -> x--;y++} ::{x>0 -> x--;z++} od } global int y=3; process p2() { do ::{y>0 -> y--;x++} ::{y>0 -> y--;z++} od } global int z=9; process p3() { do ::{z>0 -> z--;x++} ::{z>0 -> z--;y++} od } Process Matrix x y z p1 + + + p2 + + + p3 + + + In general: using r/w/+ Refined Matrix x y z p1.1 + + p1.2 + + p2.1 + + p2.2 + + p3.1 + + p3.2 + + UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 5 / 16

Dependency Matrix: caching and regrouping global int x=7; process p1() { do ::{x>0 -> x--;y++} ::{x>0 -> x--;z++} od } Process Matrix x y z p1 + + + p2 + + + p3 + + + In general: using r/w/+ global int y=3; process p2() { do ::{y>0 -> y--;x++} ::{y>0 -> y--;z++} od } Refined Matrix x y z p1.1 + + p1.2 + + p2.1 + + p2.2 + + p3.1 + + p3.2 + + global int z=9; process p3() { do ::{z>0 -> z--;x++} ::{z>0 -> z--;y++} od } init state = 7, 3, 9 7, 3, 9 7, 3, 7, 3, 9, 3, 9 p1.1 6, 4, 9 p1.1 6, 4, p3.2 7, 4, 8 p3.2, 4, 8 cache short transitions enable symbolic means UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 5 / 16

Dependency Matrix: caching and regrouping global int x=7; process p1() { do ::{x>0 -> x--;y++} ::{x>0 -> x--;z++} od } global int y=3; process p2() { do ::{y>0 -> y--;x++} ::{y>0 -> y--;z++} od } global int z=9; process p3() { do ::{z>0 -> z--;x++} ::{z>0 -> z--;y++} od } Process Matrix x y z p1 + + + p2 + + + p3 + + + In general: using r/w/+ Refined Matrix x y z p1.1 + + p1.2 + + p2.1 + + p2.2 + + p3.1 + + p3.2 + + Static Regrouping x y z p1.1, 2.1 + + p1.2, 3.1 + + p2.2, 3.2 + + Less overhead Better structure UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 5 / 16

Table of Contents 1 Introduction LTSmin LTSmin Tool Architecture PINS Interface 2 Theory Basis: Stubborn Sets Guard Based POR Necessary Disabling Sets 3 Implementation Language Module Extensions Algorithm to find small Stubborn Sets POR and LTL model checking 4 Experiments 5 Conclusion UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 6 / 16

Partial-Order Reduction (Godefroid,Valmari) t 2 t 3 t 1 s T s t 1 t 2 Main idea of partial-order reduction Avoid exploring all transition interleavings Select sufficient subset of enabled transitions don t destroy conflicting transitions t 4 t 3 s d UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 7 / 16

Partial-Order Reduction (Godefroid,Valmari) t 2 t 4 t 1 s T s t 1 t 3 NES(t 4) t 2 t 3 s d Main idea of partial-order reduction Avoid exploring all transition interleavings Select sufficient subset of enabled transitions don t destroy conflicting transitions Necessary Enabling Sets (NES) If transition α is not enabled in state s, then NES(α, s) is some necessary enabling set it contains a transition from each path to α UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 7 / 16

Partial-Order Reduction (Godefroid,Valmari) t 2 t 4 t 1 s T s t 1 t 3 NES(t 4) t 2 t 3 s d Main idea of partial-order reduction Avoid exploring all transition interleavings Select sufficient subset of enabled transitions don t destroy conflicting transitions Necessary Enabling Sets (NES) If transition α is not enabled in state s, then NES(α, s) is some necessary enabling set it contains a transition from each path to α Algorithm to compute a Stubborn Set 1 Select an arbitrary enabled transition in T s 2 Repeat, for each α T s : 1 If α enabled: add all conflicting transitions β to T s 2 If α disabled: add all transitions in some NES(α, s) to T s UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 7 / 16

Innovation 1: Guard-centric approach Atomic transitions: g 1 ( x) g n ( x) x := t Extend Pins with a function to evaluate guards Define all notions on guards rather than transitions guards x > 0 and x < 5 may be co-enabled...... MC(g 1, g 2 ) guards x = 0 and x > 5 cannot be co-enabled guards pc = 3 and pc = 5 cannot be co-enabled UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 8 / 16

Innovation 1: Guard-centric approach Atomic transitions: g 1 ( x) g n ( x) x := t Extend Pins with a function to evaluate guards Define all notions on guards rather than transitions guards x > 0 and x < 5 may be co-enabled...... MC(g 1, g 2 ) guards x = 0 and x > 5 cannot be co-enabled guards pc = 3 and pc = 5 cannot be co-enabled How to enable a guard pc = 3?...................NES(g 1 ) Add all transitions that assign pc := 3 UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 8 / 16

Innovation 1: Guard-centric approach Atomic transitions: g 1 ( x) g n ( x) x := t Extend Pins with a function to evaluate guards Define all notions on guards rather than transitions guards x > 0 and x < 5 may be co-enabled...... MC(g 1, g 2 ) guards x = 0 and x > 5 cannot be co-enabled guards pc = 3 and pc = 5 cannot be co-enabled How to enable a guard pc = 3?...................NES(g 1 ) Add all transitions that assign pc := 3 An update x := 5 conflicts with guard x + y = z.......dna An update v := 5 doesn t conflict with guard x + y = z An update x := x + 1 doesn t conflict with guard x + y > z UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 8 / 16

Innovation 1: Guard-centric approach Atomic transitions: g 1 ( x) g n ( x) x := t Extend Pins with a function to evaluate guards Define all notions on guards rather than transitions guards x > 0 and x < 5 may be co-enabled...... MC(g 1, g 2 ) guards x = 0 and x > 5 cannot be co-enabled guards pc = 3 and pc = 5 cannot be co-enabled How to enable a guard pc = 3?...................NES(g 1 ) Add all transitions that assign pc := 3 An update x := 5 conflicts with guard x + y = z.......dna An update v := 5 doesn t conflict with guard x + y = z An update x := x + 1 doesn t conflict with guard x + y > z Program counters or process locations are treated no different than just any other state variable UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 8 / 16

Innovation 2: Necessary Disabling Sets P 1 P 2 Keeping stubborn sets small t 1 t 2 t 5 DNA, MC t 7 t 8 Assume (t 1, t 7 ) and (t 6, t 7 ) are conflicting Typically, NES works backwards: Fat stubborn set: {t1, t 2 5, t 6, t 7 } t 6 UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 9 / 16

Innovation 2: Necessary Disabling Sets P 1 P 2 Keeping stubborn sets small t 1 t 2 t 5 t 6 DNA, MC t 7 t 8 Assume (t 1, t 7 ) and (t 6, t 7 ) are conflicting Typically, NES works backwards: Fat stubborn set: {t1, t 2 5, t 6, t 7 } Note: t 1 and t 6 may not be co-enabled Disabling t 1 is necessary to enable t 6 : {t1, t 6, t 7 } is a sufficient stubborn set UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 9 / 16

Innovation 2: Necessary Disabling Sets P 1 P 2 Keeping stubborn sets small t 1 t 2 t 5 t 6 DNA, MC t 7 t 8 Assume (t 1, t 7 ) and (t 6, t 7 ) are conflicting Typically, NES works backwards: Fat stubborn set: {t1, t 2 5, t 6, t 7 } Note: t 1 and t 6 may not be co-enabled Disabling t 1 is necessary to enable t 6 : {t1, t 6, t 7 } is a sufficient stubborn set Necessary Disabling Sets So, how to find an necessary enabling transition for α? UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 9 / 16

Innovation 2: Necessary Disabling Sets P 1 P 2 Keeping stubborn sets small t 1 t 2 t 5 t 6 DNA, MC t 7 t 8 Assume (t 1, t 7 ) and (t 6, t 7 ) are conflicting Typically, NES works backwards: Fat stubborn set: {t1, t 2 5, t 6, t 7 } Note: t 1 and t 6 may not be co-enabled Disabling t 1 is necessary to enable t 6 : {t1, t 6, t 7 } is a sufficient stubborn set Necessary Disabling Sets So, how to find an necessary enabling transition for α? Disable any enabled transition β that is not co-enabled with α NDS(β, s) contains some transition necessary to disable β UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 9 / 16

Table of Contents 1 Introduction LTSmin LTSmin Tool Architecture PINS Interface 2 Theory Basis: Stubborn Sets Guard Based POR Necessary Disabling Sets 3 Implementation Language Module Extensions Algorithm to find small Stubborn Sets POR and LTL model checking 4 Experiments 5 Conclusion UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 10 / 16

Language Module Extensions What every language must provide Dependency Matrix for state variables and guards...... DM distinguish read/write dependencies Matrix to report conflicting transitions.................dna UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 11 / 16

Language Module Extensions What every language must provide Dependency Matrix for state variables and guards...... DM distinguish read/write dependencies Matrix to report conflicting transitions.................dna Optional improvements for more reduction Necessary Enabling Sets for guards.....................nes Necessary Disabling Sets for guards.................... NDS May-be Co-enabled matrix on guards................... MC UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 11 / 16

Language Module Extensions What every language must provide Dependency Matrix for state variables and guards...... DM distinguish read/write dependencies Matrix to report conflicting transitions.................dna Optional improvements for more reduction Necessary Enabling Sets for guards.....................nes Necessary Disabling Sets for guards.................... NDS May-be Co-enabled matrix on guards................... MC All matrices can be approximated by static analysis A good default can be computed for the optional information We did extend the language modules for Promela and DVE UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 11 / 16

Heuristics for finding Stubborn Sets Implementation of Stubborn Sets Heuristics to choose stubborn set with minimum costs enabled transitions more expensive than disabled transitions transitions that were selected already come for free UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 12 / 16

Heuristics for finding Stubborn Sets Implementation of Stubborn Sets Heuristics to choose stubborn set with minimum costs enabled transitions more expensive than disabled transitions transitions that were selected already come for free This is sufficient for reachability/deadlock for the sequential + parallel algorithms UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 12 / 16

Heuristics for finding Stubborn Sets Implementation of Stubborn Sets Heuristics to choose stubborn set with minimum costs enabled transitions more expensive than disabled transitions transitions that were selected already come for free This is sufficient for reachability/deadlock for the sequential + parallel algorithms Extra implemented provisos (Holzmann, Peled) Incorporated extra features in algorithm + language module: Extra: provide visibility information Extra: implemented several cycle provisos UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 12 / 16

Heuristics for finding Stubborn Sets Implementation of Stubborn Sets Heuristics to choose stubborn set with minimum costs enabled transitions more expensive than disabled transitions transitions that were selected already come for free This is sufficient for reachability/deadlock for the sequential + parallel algorithms Extra implemented provisos (Holzmann, Peled) Incorporated extra features in algorithm + language module: Extra: provide visibility information Extra: implemented several cycle provisos This is sufficient for LTL model checking only for the sequential algorithms UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 12 / 16

The Tower of Pins Layers: LTL with POR Pins Pins Pins system spec property ϕ Language module M, DM DNA, MC, NES Transition cache M, DM R DNA, MC, NES Partial-order reduction M R, Vis LTL crossproduct Stretching the Pins interface Get new transitions on-the-fly request from upper layer call-back on each successor POR layer needs extra info: visibility from Büchi product cycle-proviso from NDFS Pins M R B ϕ stack proviso NDFS emptiness check UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 13 / 16

The Tower of Pins Layers: LTL with POR Pins Pins Pins Pins system spec property ϕ Language module M, DM DNA, MC, NES Transition cache M, DM R DNA, MC, NES Partial-order reduction M R, Vis LTL crossproduct M R B ϕ stack proviso NDFS emptiness check Stretching the Pins interface Get new transitions on-the-fly request from upper layer call-back on each successor POR layer needs extra info: visibility from Büchi product cycle-proviso from NDFS Refined Proviso s Cycles: color proviso Valmari, Evangelista Visibility: atoms as guards Reuse en/dis-abling info Dynamic (per state) UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 13 / 16

Experimental Results UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 14 / 16

Experimental Results 46 DVE models from BEEM database Compare stubborn sets versus ample sets (theory): Reduce more than best possible ample set (Geldenhuys) Heuristics for selecting stubborn sets are very effective Necessary Disabling Sets can help as well UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 14 / 16

Experimental Results 46 DVE models from BEEM database Compare stubborn sets versus ample sets (theory): Reduce more than best possible ample set (Geldenhuys) Heuristics for selecting stubborn sets are very effective Necessary Disabling Sets can help as well 16 Promela models, up to 50M states, 250M transitions Compare stubborn sets (LTSmin) with ample sets (SPIN) LTSmin por provides more reduction than Spin por Spin s partial-order reduction is more efficient in time LTSmin requires less memory (reduction + state compression) UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 14 / 16

Experimental Results 46 DVE models from BEEM database Compare stubborn sets versus ample sets (theory): Reduce more than best possible ample set (Geldenhuys) Heuristics for selecting stubborn sets are very effective Necessary Disabling Sets can help as well 16 Promela models, up to 50M states, 250M transitions Compare stubborn sets (LTSmin) with ample sets (SPIN) LTSmin por provides more reduction than Spin por Spin s partial-order reduction is more efficient in time LTSmin requires less memory (reduction + state compression) POR combined with LTL model checking Guard-based dynamic visibility proviso pays off Subtle cycle proviso s (Valmari, Evangelista) pay off UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 14 / 16

120.0%$ 100.0%$ 80.0%$ States& 60.0%$ 40.0%$ SPIN$ LTSmin$ 20.0%$ 0.0%$ garp$ i/protocol2$ peterson4$ i/protocol0$ brp.prm$ philo.pml$ sort$ i/protocol3$ i/protocol4$ snoopy$ peterson3$ SMALL1$ SMALL2$ X.509.prm$ dbm.prm$ smcs$ UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 15 / 16

120.0%$ 100.0%$ 80.0%$ States& 60.0%$ 40.0%$ SPIN$ LTSmin$ 20.0%$ 0.0%$ garp$ i/protocol2$ peterson4$ i/protocol0$ brp.prm$ philo.pml$ sort$ i/protocol3$ i/protocol4$ snoopy$ peterson3$ SMALL1$ SMALL2$ X.509.prm$ dbm.prm$ smcs$ 80" 70" Run$me'(sec)' Memory'(MB,'log'scale)' 1,000" 60" 100" 50" 40" 10" 30" 20" 1" 10" 0" garp" i0protocol2" peterson4" i0protocol0" brp.prm" philo.pml" garp" i*protocol2" peterson4" i*protocol0" brp.prm" philo.pml" 0" UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 15 / 16

Why join the LTSmin project? Specification Languages mcrl2 Promela DVE UPPAAL PINS Pins2pins Wrappers Transition caching Variable reordering Transition grouping Partial order reduction PINS Reachability Tools Distributed Multi core Symbolic UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 16 / 16

Why join the LTSmin project? End users: profit without changing modeling language Specification probably the best scalable model checker up to 48 cores mcrl2 Promela DVE UPPAAL Languages economic with memory (lossless compression, por reduction) supports major modeling languages: SPIN, UPPAAL, mcrl2 PINS Pins2pins Wrappers Transition caching Variable reordering Transition grouping Partial order reduction PINS Reachability Tools Distributed Multi core Symbolic UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 16 / 16

Why join the LTSmin project? End users: profit without changing modeling language Specification probably the best scalable model checker up to 48 cores mcrl2 Promela DVE UPPAAL Languages economic with memory (lossless compression, por reduction) supports major modeling languages: SPIN, UPPAAL, mcrl2 PINS Developers: build your own HP Domain Specific Model Checker Pins2pins Transition Variable reordering Partial order Wrappers easy to link caching to new language Transition modules grouping through API + reduction matrices now provides LTL model checker with partial-order reduction PINS provides multi-core, distributed and symbolic algorithms Reachability Tools Distributed Multi core Symbolic UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 16 / 16

Why join the LTSmin project? End users: profit without changing modeling language Specification probably the best scalable model checker up to 48 cores mcrl2 Promela DVE UPPAAL Languages economic with memory (lossless compression, por reduction) supports major modeling languages: SPIN, UPPAAL, mcrl2 PINS Developers: build your own HP Domain Specific Model Checker Pins2pins Transition Variable reordering Partial order Wrappers easy to link caching to new language Transition modules grouping through API + reduction matrices now provides LTL model checker with partial-order reduction PINS provides multi-core, distributed and symbolic algorithms Reachability Scientists: prototype, benchmark, compare and combine Distributed Multi core Symbolic Tools symbolic, partial-order reduction, multi-core in one framework UNIVERSITY OF TWENTE. Guard-based Partial-Order Reduction in LTSmin 8 july 2013 16 / 16

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback