Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes.

Published byRonnie Tom Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes."— Presentation transcript:

1 1 Partial Order Reduction

2 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes 2 3 states Can we do better?

3 3 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a2a2 a3a3 a1a1 3 independent processes 4 representative states

4 4 Transitions A “transition” can be thought of as a guarded command (as in Murphi) Program is a finite set of transitions  i – g(x) ==> x := a(x) –  i is enabled if g(x) is true –Result of executing the command is  i (x)

5 5 Depth-first search expand_state(s): ForEach  i in enabled(s) do s’:=  i(s); if s’ not in Table then set on_stack(s’); insert s’ in Table; expand_state(s’); set completed(s);

6 6 Search w/ Ample Sets expand_state(s): ForEach  i in ample(s) do -- subset of enabled s’:=  (s); if s’ not in Table then set on_stack(s’); insert s’ in Table; expand_state(s’); set completed(s);

7 7 Independent transitions A binary relation on transitions I is called an independence relation if, whenever ( ,  ) in I, for every state s, two conditions are met: –If  is enabled in s, then  enabled in  (s) (and vice versa) –If ,  in enabled(s) then  (  (s)) =  (  (s)) –Note: there are many independence relations. D is a dependence relation if it is the complement of an independence relation.

8 8 Invisible Transitions Assume every state s has a set of labels, L(s) –L(s)  AP, where AP is a set of propositional symbols (p, q, r) Assume there is a subset AP’ of AP called the visible symbols –These are the propositional symbols appearing in the property to be proved. A transition alpha is invisible if, whenever s’=  (s), we have L(s)  AP’ = L(s’)  AP –Intuition: no visible change resulting from executing .

9 9 “Stuttering” Two sequences are stuttering equivalent if the only difference between them is the number of sequential repetitions of states with identical visible symbols. Two state graphs are stuttering equivalent if every path in one is stuttering equivalent to some path in the other A property is stuttering invariant if it holds equally on all stuttering equivalent paths. –All linear temporal logic formulas are stuttering invariant if they do not include the “next time” operator [forward reference] (stuttering is relative to symbols in property) –All invariants and deadlock are stuttering invariant.

10 10 Conditions on Ample Sets C0: ample(s) =  iff enabled(s) =  C1: For every path starting with s in the full state graph, some transition in ample(s) must be executed before every transition that is dependent on a transition in ample(s) C2: If ample(s)  enabled(s), then every transition in ample(s) is invisible. C3: If  is enabled in some state on a cycle in the reduced state graph,  must appear in ample(s) for some state in the cycle.

11 11 Rationale for C1 & C2 s   33   11 22 22 33 This path is omitted But this path, which is stuttering equivalent, is preserved. C1:  1,  2,  3 are all independent of , so they commute. C2:  is invisible, so blue path is stuttering equivalent to the one that was omitted. 11  in ample(s);  1,  2,  3 not in ample(s)

12 12 Rationale for C3 P1P1 P2P2 2 independent processes  11 22 33 ample(s 1 ) = {  1 } ample(s 2 ) = {  2 } ample(s 3 ) = {  3 } Reduced graph s1s1 s3s3 s2s2 11 22 s1s1 s2s2 s3s3 p p p  never appears in the reduced graph. We could falsely verify the property “  q”. This is sometimes called the “ignoring problem” p q

13 13

14 14 Practical conditions Exact conditions C0 - C3 are too difficult to check –Basically require generation of full state graph, which defeats the purpose of the optimization However, ample sets can be more or less accurate. By sacrificing some accuracy, we can make them easier to check –Limit case: ample(s) = enabled(s) for all states s. –Goal is to check by syntactic analysis of program source.

15 15 Practical conditions C3: If  is enabled in some state on a cycle in the reduced state graph,  must appear in ample(s) for some state in the cycle. C3’: ensure ample(s) = enabled(s) for some state in every cycle in the reduced graph. –C2 implies that if  does not appear in ample(s’),  is independent of everything in ample(s’) –C3’ implies C3: Suppose C3’ satisfied, and let  be an enabled transition in some state s’ in the cycle. If  is not in ample(s’), it will be enabled in the next state, etc. (this fact is easy to prove from the definition of ample). So it will stay enabled until the point when it appears in an ample set. Implementation: If state s has a successor that is on the stack, choose ample(s) = enabled(s). [There is a back edge.]

16 16 Practical conditions for C1 Assume we have finite number of processes –Each process has a variable PC i reresenting the program counter (current statement label). –Each transition belongs to one process –current i (s) – set of transitions enabled when process i is in a state with same PC value as s Dependency –Transitions within same process are assumed to be all dependent –Transitions are dependent if they access same shared variable. –Transition are dependent if both read or write same queue.

17 17 To find an ample set at state s guess that it is set of transitions from process i that are enabled in s. Check whether it really is “ample” –No, if there is an enabled dependent transition from another process at state s –Otherwise, there is a transition of P i that is Not enabled in s But is enabled at some s’ with same PC i value as s. Some other process enables the transition (e.g., via a queue or shared variable). –Previous two conditions can be checked “easily”

Download ppt "1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes."

Similar presentations

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.

Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Partial Order Reduction: Main Idea

Partial Order Reduction: Main Idea
Part 3: Safety and liveness

Part 3: Safety and liveness
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
1.6 Behavioral Equivalence. 2 Two very important concepts in the study and analysis of programs –Equivalence between programs –Congruence between statements.

1.6 Behavioral Equivalence. 2 Two very important concepts in the study and analysis of programs –Equivalence between programs –Congruence between statements.
Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?

Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?
The Theory of NP-Completeness

The Theory of NP-Completeness
PSWLAB S PIN Search Algorithm from “THE SPIN MODEL CHECKER” by G Holzmann Presented by Hong,Shin 9 th Nov 2007 2015-05-071SPIN Search Algorithm.

PSWLAB S PIN Search Algorithm from “THE SPIN MODEL CHECKER” by G Holzmann Presented by Hong,Shin 9 th Nov SPIN Search Algorithm.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
Lecture 2: Reasoning with Distributed Programs Anish Arora CSE 6333.

Lecture 2: Reasoning with Distributed Programs Anish Arora CSE 6333.
What is an Algorithm? (And how do we analyze one?)

What is an Algorithm? (And how do we analyze one?)
Introduction to Computability Theory

Introduction to Computability Theory
1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.
1 Introduction to Computability Theory Lecture2: Non Deterministic Finite Automata Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture2: Non Deterministic Finite Automata Prof. Amos Israeli.
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.

Similar presentations

Ads by Google