G. J. Holzmann and Doron Peled. An improvement in formal veri cation. In Proc. Formal Description Techniques, FORTE94, pages 197-211, Berne, Switzerland, October 1994. Chapman & Hall.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....in the MTD, and k is the largest node size. For untimed MTD s (those with only ordering constraints) this B uchi automaton expresses a stuttering closed language. This property can be exploited by model checkers, such as SPIN [Hol97] that are optimized to handle stuttering closed properties [HP94] An asynchronous program is usually composed of several concurrent, interacting components. In this situation, the state space of the program is exponential in its size, and is often too large for e ective analysis. This well known state explosion problem is one of the major barriers to the ....

G.J. Holzmann and D. Peled. An improvement in formal veri cation. In FORTE, 1994.

....in the constructed state graph, there is a node with E( en( C3 E( Vis = or E( en( C4 there is an unrenamed t 2 T s.t. E( ftg or E( en( CD (Vis Vis) c = An algorithm for computing sets of transitions satisfying C1 w.r.t. independency can be found in [HP94] Its adaptation w.r.t. covering is straightforward (see [DGKK98] Remark: for reductions preserving only ACTL X there is an alternative way of de ning the Ample sets such that the conditions C3,C4 are relaxed [PSGK00] Below, we show that the reduced pseudo atomic model preserves ACTL ....

G.J. Holzmann and D. Peled, An Improvement in Formal Verication, Proc. of FORTE'94, Formal Description Techniques, Chapman and Hall, 1994, pp. 197-211.

....of all active timers by 1. It is used internally by DT Spin, at the end of every time slice, and is not available to the user. DT Spin is fully compatible with Spin, and all features of Spin can be used to analyse discrete time models. In particular, the partial order reduction algorithm of Spin [7, 9] had to be adapted for timed systems [2] Besides qualitative properties, a broad range of quantitative properties can be veri ed using boolean expressions on timer values, in the assertions and LTL formulae. 3 Translating SDL to DT Promela The process of model checking an SDL speci cation is ....

G.J. Holzmann, D. Peled, An Improvement of Formal Verication, PSTV

....and how the the Promela code can be transformed to optimise the state space. 9 SPIN Options The default Partial order reduction (POR) option was applied throughout, but did not reduce the size of the state space suciently. This is due to the scarcity of statically de ned safe operations (see [15]) in our model. Any assignments to local variables are embedded in large atomic statements that are not safe. Furthermore the use of non destructive read operations (to test the contents of a channel) prevents the assignment of exclusive read send status to channels. Such a test is crucial: often ....

Gerard J. Holzmann and Doron Peled. An improvement in formal verication. In [12], pages 197-211, 1994.

....[BHPV00] incorporates a custom JVM, written in Java, that supports traditional (as opposed to state less) selective search. It ensures that each state is explored at most once but probably has more overhead than our bytecode rewriting approach. It incorporates partial order reductions, as in Spin [HP94] but does not exploit MLD, so in principle, every access to a shared variable needs to be intercepted 18 of 25 to check for dependencies. Corbett s protected variable reduction [Cor00] exploits MLD to make state space exploration more e cient. Corbett proposes a static analysis that ....

Gerard J. Holzmann and Doron Peled. An improvement in formal verication. In Proc. International Conference on Formal Description Techniques (FORTE), 1994.

....it is sucient to explore a subset of the enabled transitions of a state (and hence reduce the total number of execution paths to be explored) Such a subset is called an ample set, and only exists for some states when certain conditions are satis ed. The implementation of POR used in SPIN (see [28]) involves the identi cation of various categories of Promela statement that can be statically marked as safe (or conditionally safe ) transitions. A subset of transitions enabled from a given state can only be ample if it consists entirely of safe transitions (and no successor of the state ....

Gerard J. Holzmann and Doron Peled. An improvement in formal verication. In [24], pages 197-211, 1994.

....code can be transformed (optimised) to reduce the size of the state space. 9 SPIN Options The default Partial order reduction (POR) option was applied throughout, but did not reduce the size of the state space suciently. This is due to the scarcity of statically de ned safe operations (see [17]) in our model. Any assignments to local variables are embedded in large atomic statements that are not safe. Furthermore the use of non destructive read operations (to test the contents of a channel) prevents the assignment of exclusive read send status to channels. Such a test is crucial: often ....

Gerard J. Holzmann and Doron Peled. An improvement in formal verication. In [14], pages 197-211, 1994.

....receiver will reconstruct s from g(s) and then apply f before storing s. In our experimental implementation we included the two main compression schemes of SPIN, i.e. standard compression and collapse compression. 3. 2 Partial Order Reduction SPIN uses a static partial order reduction technique [6], which is a means to avoid the exploration of some execution sequences that are not strictly required to prove the safety or liveness properties of the concurrent system being analyzed. When this reduction method is applied, the expansion step in which the successors of a state are computed is ....

....i.e. computing the possible state transitions of each process, and, for each of such transitions, computing the global successor state. Before the actual expansion step is carried out, processes are examined sequentially, to identify the ones that can execute only so called safe transitions [6]. In fact, it has been shown that it is enough to expand just one of such processes, provided that the successors ful ll a condition, known as the reduction proviso. The veri cation program computes the successors generated by the transitions of each of the above processes rst, and as soon as it ....

G. J. Holzmann and Doron Peled. An improvement in formal verication. In Proc. Formal Description Techniques, FORTE94, pages 197-211, Berne, Switzerland, October 1994. Chapman & Hall.

.... do this (in the mutual exclusions) or eventually leaving the waiting queue for each process that has entered it (in the scheduling) 7] Partial order reduction is one of the main techniques that are used to alleviate the problem of state space explosion in the veri cation of concurrent systems [16, 8, 11, 14] and it is indeed one of Spin s main strengths. The idea is, instead of exploring all the execution sequences of a given program, to group them in equivalence classes which are interleaving of independent program statements. Then only representatives for each equivalence class are considered. In ....

....5 deals with the Spin s weak fairness algorithm. After location of the problem and the comparison with the unless case, we again propose both kind of solutions. The last section is a standard summary with some considerations about the future work. 2 Preliminaries In this section following [11] and [5] we give semantics of the Promela programs (models) and their veri cation in terms of nite labeled transition systems. We represent the programs as collections of processes. The semantics of the process P i can be represented as a labeled transition system (LTS) An LTS is a quadruple (S ....

[Article contains additional citation context not shown here]

Holzmann, G., Peled, D., An Improvement in Formal Verication, FORTE 1994, Bern, Switzerland, 1994.

....for systems with long executions. 10 Related Work The VeriSoft framework [11] can be regarded as the special case of ours that handles systems with O syn = and O ld = Java PathFinder [2] is based on a custom JVM, written in Java, that supports traditional selective search, as in Spin [13]. Java PathFinder does not incorporate a locking discipline based reduction. Corbett proposes a static analysis that conservatively checks whether objects are accessed in a way that satis es a locking discipline [6] The analysis results are used for his protected variable reduction [6] which ....

Gerard J. Holzmann and Doron Peled. An improvement in formal verication. In Proc. International Conference on Formal Description Techniques (FORTE), 1994.

....dragan win.tue.nl Abstract Partial order reduction is a well known technique to cope with the state space explosion problem in the veri cation of concurrent systems. Using the hierarchical structure of concurrent systems, we present an enhancement of the partial order reduction scheme of [12, 19]. A prototype of the new algorithm has been implemented on top of the veri cation tool SPIN. The rst experimental results are encouraging. Key words: concurrency state explosion formal veri cation partial order reduction (LTL) model checking SPIN 1 Introduction Over the last ....

....the state space of a concurrent system is the state explosion, caused by the arbitrary interleaving of independent actions of the various components of the system. Several techniques have been developed to cope with this problem. Partial order reduction is a very prominent one (see, for example, [1, 7, 8, 11, 12, 18, 19, 20, 21, 22]) It exploits the independence of actions to reduce the state space of a system while preserving properties of interest. During the generation of a state space, in each state, a subset of the enabled actions satisfying certain criteria is chosen for further exploration. Following [12, 19] we ....

[Article contains additional citation context not shown here]

G.J. Holzmann and D. Peled. An Improvement in Formal Verication. In D. Hogrefe and S. Leue, editors, Formal Descriptions Techniques VII, FORTE '94, pages 197-211. Chapman & Hall, 1995.

....has virtually no e ect when model checking the basic call model. Examination of the model shows this to be hardly surprising. POR in Spin involves the identi cation of various categories of Promela 11 statement that can be statically marked as safe (or conditionally safe ) transitions. See [15] for full details) Speci cally, these are statements which either 1. involve access to exclusively local variables, or 2. involve the sending (receiving) of messages to (from) queues by a process with exclusive send (receive) access to that queue. A queue q is said to have exclusive send access ....

Gerard J. Holzmann and Doron Peled. An Improvement in Formal Verication, Proc. Forte94, Bern, Switzerland, October, (1994).

....P 0 ; S 0 ) L Spec(t) n = 0 . L Spec(t) 7 Con uence for process veri cation 7.1 Introduction In his seminal book [Mil80] Milner devotes a chapter to the notions strong and observation con uence in process theory. Many other authors have con rmed the importance of con uence. e.g. in [HP94, Qin91] the notion is used for on the y reduction of nite state spaces and in [Mil80] it has been used for the veri cation of protocols. We felt that a more general treatment of the notion of con uence is in order. The rst reason for this is that the treatment of con uence has always been ....

G.J. Holzmann and D. Peled. An improvement in formal verication. In Proceedings FORTE'94, Berne, Switzerland, 1994.

No context found.

G. J. Holzmann and Doron Peled. An improvement in formal veri cation. In Proc. Formal Description Techniques, FORTE94, pages 197-211, Berne, Switzerland, October 1994. Chapman & Hall.

No context found.

Gerard J. Holzmann and Doron Peled. An Improvement in Formal Veri- cation. In Proc. Forte'94, Bern, Switzerland, October, 1994.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC