Partial order model-checking is an approach to reduce time and memory in model-checking concurrent programs. On-the-fly model-checking is a technique to eliminate part of the search by intersecting the (negation of the) checked property with the state space during its generation. We prove conditions under which these two methods can be combined in order to gain from both reductions. An extension of the model-checker SPIN, which implements this combination, is studied, showing substantial reduction over traditional search, not only in the number of reachable states, but directly in the amount of memory and time used.
Checking that a given finite state program satisfies a linear temporal logic property is suffering in many cases from a severe space and time explosion. One way to cope with this is to reduce the state graph used for model checking. We define an equivalence relation between infinite sequences, based on infinite traces such that for each equivalence class, either all or none of the sequences satisfy the checked formula. We present an algorithm for constructing a state graph that contains at least one representative sequence for each equivalence class. This allows applying existing model checking algorithms to the reduced state graph rather than on the larger full state graph of the program. It also allows model checking under fairness assumptions, and exploits these assumptions to obtain smaller state graphs. A formula rewriting technique is presented to allow coarser equivalence relation among sequences, such that less representatives are needed.
Part Four Verification verification tool SPIN [H92]. Section 6 contains an evaluation of the performance of this implementation, and a comparison against both the classic search method and an existing dynarnic reduction method, ali implemented as part of the same verification system. Section 7 summarizes the results. DEFINITIONSWe consider any verification problem that can be formalized as a reachability analysis problem in a finite labeled transition system (LTS). This specifically includes the problems of proving safety, liveness, and linear time temporal logic properties for any finite state concurrent system. An LTS is defined as a triple {S,so ,T}, where Sis a finite set of states, s 0 is a distinguished initial state inS, and T is a finite set of transitions, with Tr;;;,(SxS). In a simple forrn, an LTS can be used to formalize the behavior of a single sequential process. It can also forrnalize the combined behavior of a finite number of interacting and asynchronously executing sequential processes. Each transition of the LTS then corresponds to the execution of a specific atomic statement within one of the processes, in accordance with a standard interleaving semantics of concurrency. The LTS can be represented by a graph with nodes corresponding to the states in S and directed edges corresponding to the transitions in T. A connected path through this graph then defines the effects of a possible execution in the underlying concurrent system. There will be at least one path through the graph for every possible way in which the execution of atomic process statements could be interleaved in time. Given a transition tE Tin an LTS, we will use the notation Label(t) to refer to the process statement that is represented by transition t, and we will use Pid(t) to refer to the sequential process that contains the statement Label(t). Without loss of generality, we assume that the mapping from transitions to process statements is unique. The reverse mapping will in general not beunique. Note that, in general, a compound process statement (such as a selection ora repetition structure) could correspond to .a series of transitions in the LTS. In the remainder of this section, therefore, the term 'statement' will always refer to a simple statement (i.e., not a compound), and can therefore be used interchangeably with the term 'transition.' The semantics of a statement a =Label(t) are defined by two functions Cond and Act, where Cond( a) is the subset of S where a is enabled (or 'executable' [H92]), and Act(a,s) is that state of S that is reached when a is executed in a given sE Cond(a). Normally, a statement in a sequential process is 'enabled' or 'executable' only if it is pointed to by the current program counter of the sequential process that contains that statement. In a concurrent system, however, we can detine additional constraints on the enabledness or executability of statements. A message send operation, for instance, can be defined to be enabled only if also the destination message buffer is non-full, and a mes...
Message sequence charts (MSCs) are used in the design phase of a distributed system to record intended system behaviors. They serve as informal documentation of design requirements that are referred to throughout the design process and even in the final system integration and acceptance testing. We show that message sequence charts are open to a variety of semantic interpretations. The meaning of an MSC can depend on, for instance, whether one allows or denies the possibility of message loss or message overtaking, and on the particulars of the message queuing pohcy to be adopted. We describe an analysis tool that can perform automatic checks on message sequence charts and can alert the user to the existence of subtle design errors, for any predefined or user-specified semantic interpretation of the chart. The tool can also be used to specify time constraints on message delays, and can then return useful additional timing information, such as the minimum and the maximum possible delays between pairs of events.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.