A. Valmari, On-the-fly verification with stubborn sets, LNCS 697, 1993, 397--408.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....process [VW86, Wol89, CVWY92] representing the formula to be checked. However, in this context one has to check not for reachable local states, but for cycles containing specific local states. This further strengthens the requirements on the selective search. This approach has been studied in [GW91a, Val93]. An alternative approach to checking temporal formulas with a selective search is to restrict the class of formulas that is considered. This must be done in such a way that it is still sound to check the formula on the reduced state space produced by the selective search. Of course, there is a ....

A. Valmari. On-the-fly verification with stubborn sets. In Proc. 5th Workshop on Computer Aided Verification, Elounda, June 1993. Lecture Notes in Computer Science, Springer-Verlag.

....par l entrelacement d actions. La r eduction op er ee exploite le fait que deux s equences poss edant la meme trace de Mazurkiewicz[Maz86] conduisent au meme etat. Parmi ces techniques ordre partiel , on peut citer l exploration partielle contr ol ee par des ensembles persistants (stubborn) [Val88,Val93], dormants (sleep set) God] ou encore la technique des graphes de pas couvrant [VAM] not es GPC dans la suite) que nous avons d evelopp e au LAAS. Dans le cas des ensembles persistants [WG] ou des stubborns, seulement un sous ensemble des transitions sensibilis ees est examin e, le graphe ....

A. Valmari. On-the-fly verification with stubborn sets. In Proceedings of CAV'93, pages 397--408. Springer Verlag, LNCS 697, 1993.

....sont un cas particulier des ensembles stubborns [Val88a] dans lesquels toutes les transitions sont sensibilis ees. L exploration standard par ensembles persistants conserve les blocages; de nombreuses extensions ont et e propos ees dans le but de pr eserver d autres classes de propri et es [Val90,Val93] [GW93] Definition 4. Ensemble persistant [WG93] Un ensemble T de transitions est persistant dans un etat s ssi toutes les transitions qui ne sont pas dans T et sensibilis ees dans s ou dans un etat accessible depuis s en tirant des transitions qui ne sont pas dans T , sont ind ependantes de ....

A. Valmari. On-the-fly verification with stubborn sets. In Proceedings of CAV'93, pages 397--408. Springer-Verlag, LNCS 697, 1993.

....heuristics. Most elegant and ambitious are compositional methods (e.g. ASW94, CLM89, GS90] which due to the nature of parallel compositions are unfortunately rarely applicable. Partial order methods try to avoid the state explosion problem by suppressing unnecessary interleavings of actions [GW91, Val93, GP93]. But also these methods, which are extremely successful in special cases, do not work in general. In practice, Binary Decision Diagram based codings of the state graph are successfully applied to an interesting class of systems, see e.g. Br86, BCMDH90, EFT91] These codings of the state graph ....

A. Valmari. On-The-Fly Verification with Stubborn Sets. in: C. Courcoubetis (Ed.), Proc. 5th Int. Conf. on Computer Aided Verification (CAV '93), Elounda, Greece, June/July

....Given a system as an expression in Span(Graph) the algebra allows the definition of notions such as subsystem, state internal to a subsystem, local independence of actions etc. Using these transparent notions we are able to give a clear and intuitive account of model checking techniques [V93], and to give complexity results in a variety of cases. 1.8 Conclusions The pair of categories Omega ( Sigma (C; Phi) and Span(Graph) yield a coherent theory of systems which spans NFAs, algorithms, concurrent distributed systems, asynchronous circuits and continuous linear systems. ....

Valmari A., On-the-fly verification with stubborn sets, Proceedings CAV93, SLCS 697, 397-408, Springer Verlag, 1993.

....synchronize with the automaton. So, for instance, in order to check a property of the form #(p # #q) where p and q are places, we will only synchronize with the transitions removing or adding tokens to p and q. This approach is similar but not identical to Valmari s tester approach described in [19]. In fact, a subtle point in Valmari s construction makes its direct implementation unsuitable for checking state based LTL X. The price to pay for this nicer synchronization is the need to check not only for illegal # traces, but also for so called illegal livelocks. The new product contains a ....

....L event, it first finds out whether a livelock counterexample can be generated from its future. Only if no counterexample is found, it continues to look for illegal # traces and further L events. Thus we use the adequate order # LTL to force a search order similar to that used by Valmari in [19] which detects divergence counterexamples in interleaved state spaces. However, our algorithm is breadth first style and it also does illegal # trace detection, a part which is not included in [19] 6 GENERATING THE TABLEAU 13 Algorithm 1 The tableau generation algorithm input: The product ....

[Article contains additional citation context not shown here]

A. Valmari. On-the-fly verification with stubborn sets. In Proceeding of 5th International Conference on Computer Aided Verification (CAV'93), pages 397--408, 1993. LNCS 697.

.... asynchronous circuits with finite state (for which the associated geometry yields the usual circuit diagrams) obtaining a compositional version of the general multiple winner model described in Brzozowski and Seger [8] In [17] an interpretation of the stubborn set model checking technique ( 46] [45]) is given as well as a model of communication protocols for which the associated geometry is similar to the flow charts of [18] In addition, new applications were suggested by our algebra, one [26] being a formalization of double entry accounting, which we describe in Section 5. Below we provide ....

Valmari A, On-the-fly verification with stubborn sets, in: Proceedings CAV93, SLCS 697, 397-408, Springer Verlag, 1993.

....SPIN s partial order reduction method to yield an approach which enables further reductions in space and time for verifying concurrent programs. Keywords Concurrency, program correctness, model checking, partial order reduction, temporal logic 1 Introduction Partial order reduction methods [2 4, 7, 10, 19, 20, 24 26] form a collection of state exploration techniques set to relieve the state explosion problem in concurrent program verification. The main observation underlying these methods is that in many cases the properties verified are insensitive to the interleaving order of concurrent program operations. ....

....with or without certain fairness assumptions. In this paper, the focus is primarily on the offline and on the fly versions without fairness assumptions. Incorporating fairness assumptions is briefly discussed in Section 6, which also addresses alternative methods for partial order modelchecking [4, 25, 26]. 3.1 Model checking off line Partial order model checking is described in [20] by three constraints on selecting an appropriate subset of enabled operations to be executed at a given program state. For the off line version without fairness assumptions, when a state x is expanded and at least ....

[Article contains additional citation context not shown here]

A. Valmari, "On-the-fly verification with stubborn sets," in Proc. 5th Conference on Computer Aided Verification (CAV'93), LNCS 697, 1993, pp. 397-408.

....actions in Sigma com . When processes are composed, some of their actions cease to be interesting from an external point of view. In most process algebras, such actions are hidden by a special operator that renames them to a special invisible action . Here, we take the approach of Valmari [14] and specify a set Sigma vis Sigma of visible actions (unmatched communications) Only the visible actions of a process are considered when proving equivalence. With most techniques for proving equivalence, a process P = P 1 k Delta Delta Delta k Pn is considered a single composed entity, ....

.... Sigma int are not distinguished since they all represent actions internal to P . In our technique, we do not construct P but work from its components P 1 k Delta Delta Delta k Pn , thus we require the distinction between Sigma com and Sigma int . The following definitions are adapted from [14]. Definition 3. Let P = S; Sigma; Delta; s P ) be a process and Sigma vis Sigma be a set of visible actions. ffl For oe 2 Sigma , vis(oe) is the projection of oe onto Sigma vis (i.e. all invisible actions are removed) ffl s oe s 0 , where oe = a 1 : am 2 Sigma , iff 9s 0 ....

A. Valmari. On-the-fly verification with stubborn sets. In Courcoubetis [8], pages 397--408.

....reduced one. In what follows, we call partialorder method any algorithm for generating such a reduced state space. Partial order methods as defined above first appeared independently in [Val88a, Val88b] and [God90, GW91b] and were developed further in [Val90, GW91a, GHP92, HGP92, GP93, Pel93, Val93, WG93, GKPP94, HP94, Pel94] A detailed comparison of the results published in these papers is available in [God96] Partial order methods are now used in several existing verification tools, and have been tested on numerous real protocol examples (e.g. see [GHP92, HGP92, HP94, GPS96] Of ....

A. Valmari. On-the-fly verification with stubborn sets. In Proc. 5th Conference on Computer Aided Verification, volume 697 of Lecture Notes in Computer Science, pages 397--408, Elounda, June 1993. Springer-Verlag.

....to explore the state space of a network (or product) of timed automata, since the verification tools must keep information not only on the control structure of the automata but also on the clock values specified by clock constraints. Partial order reduction (e.g. God96,GW90,HP94,Pel93,Val90,Val93] is a well developed technique, whose purpose is to reduce the usage of time and memory in state space exploration by avoiding to explore unnecessary interleavings of independent transitions. It has been successfully applied to finite state systems. However, for timed systems there has been less ....

A. Valmari. On-the-fly verification with stubborn sets. In Proc. of 5th Int. Conf. on Computer Aided Verification, vol. 697 of LNCS, pp. 59--70, 1993.

....state spaces while still avoiding redundant exploration of parts of the state space. This bit state hashing technique is used by the VFSM validator. Another family of techniques that have been developed to cope with the state explosion problem are partial order methods [14] 3] 16] 6] 12] [17], 19] 13] 4] The aim of these methods is to avoid the part of the state explosion due to the exploration of all possible interleavings of concurrent transitions. Given a property, partial order reduction methods explore only a reduced part of the global state space that is provably ....

.... in the references cited above differ by the way sets T are computed, and by the type of properties they can verify (see [4] for an extended survey) Among all these algorithms, persistent sets were shown in [4] to provide an abstract characterization of a whole family of existing algorithms [11] [17], 5] for computing such sets T . The notion of persistent set is very similar to the notion of faithful decomposition introduced (independently) in [10] and to the notion of ample set [12] We will use persistent sets in what follows. Intuitively, a subset T of the set of transitions enabled in a ....

[Article contains additional citation context not shown here]

A. Valmari, "On-the-fly verification with stubborn sets," Proc. 5th Conference on Computer Aided Verification, volume 697 of Lecture Notes in Computer Science, pages 397--408, Elounda, June 1993. Springer-Verlag.

....which considers both finite and infinite behaviors of the system. 3 AUTOMATA THEORETIC APPROACH TO MODEL CHECKING LTL 4 handle the cases in which the system does invisible moves separately. Our approach is similar, however, not identical in all technical details, to Valmari s tester approach [18]. Synchronization. We define the synchronization of a labelled net system and a Bchi automaton 3 . Let = P; T; F; l; M 0 ) where the transitions of T are labelled with letters taken from a set A of actions containing a subset V of visible actions. Let A : V [ f g; Q; q 0 ; F 0 ) ....

A. Valmari. On-the-fly verification with stubborn sets. In Proceeding of 5th International Conference on Computer Aided Verification (CAV'93), pages 397--408, 1993. LNCS 697. REFERENCES 18

....compute the set pre(I) of states from which I 0 is reachable through the application of a single step of the transition relation. It is shown in [1, 2] that the monotonicity of lossy channel systems implies that pre(I) is also an ideal and that it is in fact computable. Partial order reductions [27, 28, 15, 18, 19, 30, 4] are a family of techniques which can be used to perform more efficient verification of systems consisting of asynchronously communicating concurrent processes, e.g. lossy channel systems. These methods are based on the observation that concurrent actions of the processes are often independent and ....

A. Valmari. On-the-fly verification with stubborn sets. In Courcoubetis, editor, Proc. 5 th Int. Conf. on Computer Aided Verification, number 697 in Lecture Notes in Computer Science, pages 59--70, 1993.

....exponentially in the number of its parallel components. To overcome this problem techniques have been developed in order to avoid the construction of the complete state graph (cf. BFH90, CLM89, CR94, CS90b, DGG93, Fer88, GL93, GP93, Jos87, KM89, Kru89, LSW94, LT88, LX90, Pnu90, SG89, SG90, Val93, Wal88, Win90, WL89] In this paper we present a method for the compositional minimization of finite state distributed systems, which is practically motivated by the following observation: For the verification of a system it is usually sufficient to consider an abstraction of its global state ....

....are expressed by a formula, which must be proved in a separate step. The main disadvantage of his method is that the algorithm is exponential in the size of the assumptions about the environment. Other methods try to avoid the state explosion problem using preorders for verification [GP93, GW91, Val93] where unnecessary interleavings of actions are suppressed. In [LSW94] a constraint oriented state based proof methodology for concurrent software systems is presented which exploits compositionality and abstraction for the reduction of the (possibly infinite) verification problem under ....

A. Valmari. On-the-fly verification with stubborn sets. In Proceedings of the 5th International Conference on Computer Aided Verification (CAV'93), volume 697, pages 397--408. LNCS, 1993.

....Josko [Jos87] presented a method, where the assumptions on the environment are expressed by formulas, which must be proved in a separate step. However, this algorithm is exponential in the size of the assumptions. Other methods try to avoid the state explosion problem using preorders [GW91, Pel93, Val93] where unnecessary interleavings of actions are eliminated during the construction. In [LSW94] a constraint oriented state based proof methodology is presented which exploits compositionality and abstraction for the reduction of the (possibly infinite) verification problem under consideration. ....

A. Valmari. On-the-fly verification with stubborn sets. In Proceedings of the International Conference on Computer Aided Verification (CAV'93), volume 697 of LNCS, pages 397--408, 1993.

....space of a system can be far too large w.r.t. the resources needed to inspect all states in the state space. Fortunately, in a variety of cases we do not have to inspect all reachable states of the system in order to get to know if or not errors of a specified kind exist. The stubborn set method [22 26], and the sleep set method [8, 14, 16] are state search techniques that are based on the idea that when two executions of action sequences are sufficiently similar to each other, it is not necessary to investigate both of the executions. Persistent sets [8, 9] and ample sets [16 18] are ....

....reasonably. The contribution of this paper is Theorem 5.7 that gives us a way to utilize the structure of the formula when the stubborn set method is used but fairness is not assumed. Algorithmic implementations can be derived from this theorem in the same way as in [23] The tester approach in [26] can be considered more goal oriented than our approach, but so far we have not found any automatic way to construct a useful tester for an arbitrary formula. In [13] a visibility relaxation heuristic for improving the tester technique is presented and the heuristic is shown to apply very well to ....

Valmari, A.: On-the-Fly Verification with Stubborn Sets. In [2], pp. 397--408.

....an action sequence in the global sequential system can then be called an interleaving of local executions of action sequences in the processes. If two or more interleavings are sufficiently similar to each other, we can call all except one of them redundant interleavings. The stubborn set method [68, 73, 74, 75, 76, 77, 78, 79, 80, 81] and the sleep set method [25, 26, 27, 28, 30, 31, 38, 49, 55, 99, 100] are state search techniques that are based on the idea that when two executions of action sequences are sufficiently similar to each other, it is not necessary to investigate both of the executions. Persistent sets [25, 26, ....

....state space of the modelled system during the construction of the latter. The state space of the system can easily be thought of as a Buchi automaton. The formula is valid in the state space of the system iff the intersection to be computed, also a Buchi automaton, accepts no sequence. A tester [81] is an automaton that is used much in the same way as a Buchi automaton. A remarkable difference is that testers have some additional support for special cases but, to our knowledge, no published automatic construction from arbitrary formulas. Moreover, unlike a typical tester, a Buchi automaton ....

[Article contains additional citation context not shown here]

Valmari, A.: On-the-Fly Verification with Stubborn Sets. In [15], pp. 397--408.

....among others. Petri nets [8, 43, 64] are a widely used model for concurrent and distributed systems. This report concentrates on the problem of detecting reachable terminal states in place transition nets, a class of Petri nets. Two promising methods are studied: Valmari s stubborn set method [70, 71, 73, 74, 75, 76, 78, 79, 80] and Godefroid s sleep set method [25, 27, 28, 29, 30, 26, 36, 86, 87] Both methods utilize the independence of transitions to cut down on the number of states inspected during the search. These methods have also been combined by Wolper and Godefroid [86] Godefroid and Pirottin [28] and Wolper, ....

....system but it is also possible that the model is improper. The problem whether the model corresponds to the modelled system properly is a challenging area of research. We shall not pursue it further in this report, however. 1. 2 Two Methods for Efficient Verification Valmari s stubborn set method [70, 71, 73, 74, 75, 76, 78, 79, 80] and Godefroid s sleep set method [25, 27, 28, 29, 30, 26, 36, 86, 87] utilize the independence of state 3 transitions of the model to eliminate such paths of the complete state space that are redundant with respect to the verification of a given property. These two methods have been ....

[Article contains additional citation context not shown here]

Valmari, A.: On-the-Fly Verification with Stubborn Sets. In [16], pp. 397--408.

.... symbolic techniques using BDDs can store a large set of states compactly and manipulate them efficiently, reducing memory usage and verification time to an acceptable level for many (but not all) designs [BCM 90,CBM89] State reduction techniques, such as partial order reduction [Pel96,Val93,GW94] and symmetry reduction [Eme96] can be used to reduce the number of states that a verification algorithm needs to store and examine. The resulting memory usage and verification time were reduced by more than a few order of magnitudes. In [ID96] a state reduction method was introduced to ....

A. Valmari. On-the-fly verification with stubborn sets. 5th International Conference on Computer Aided Verification, pages 397--408, June 1993.

....stage of the reachability analysis, there is a considerable risk of doing redundant work. In practice, using a cache of size less than a third of all reachable states brings unacceptable time penalties [11, 8] An enhancement of the state space caching technique [8] uses partial ordering methods [7, 19, 18] to deal with interleavings of independent transitions and reduce the number of times a state is visited during reachability analysis. However, a state may be reachable more than once for reasons other than pure interleaving one example being cyclic behavior. Thus, the risk of revisiting ....

A. Valmari. On-the-fly verification with stubborn sets. In CAV '93, pages 397--408. Lecture Notes in Computer Science, 697, Springer Verlag, 1993. This article was processed using the L a T E X macro package with LLNCS style

....approach to verification, where automatic model checking [CE81, QS81] is performed in order to verify the correctness of a system with respect to a specification. Previous work in this subject considers special cases of safety and liveness properties such as invariance checking [GW91, McM92, Val93, MR97] or assume that a general safety property is given by the set of its bad prefixes [GW91] General methods for model checking of linear properties are based on a construction of a tableau or an automaton A: that accepts exactly all the infinite computations that violate the property ....

A. Valmari. On-the-fly verification with stubborn sets. In Proc. 5nd Conference on Computer Aided Verification, volume 697 of Lecture Notes in Computer Science. Springer-Verlag, 1993.

....the state exploration approach to verification, where automatic model checking [CE81,QS81] is performed in order to verify the correctness of a system with respect to a specification. Previous work in this subject considers special cases of safety properties such as invariance checking [GW91,McM92,Val93,MR97] or assume that a general safety propery is given by the set of its bad prefixes [GW91] General methods for model checking of linear properties are based on a construction of a tableau or an automaton A: that accepts exactly all the infinite computations that violate the property ....

....manual (beta release) Technical report, Computer Science laboratory, SRI International, Menlo Park, California, March 1993. TBK95] H.J. Touati, R.K. Brayton, and R. Kurshan. Testing language containment for automata using BDD s. Information and Computation, 118(1) 101 109, April 1995. Val93] A. Valmari. On the fly verification with stubborn sets. In Proc. 5nd CAV, LNCS 697, 1993. Var96] M.Y. Vardi. An automata theoretic approach to linear temporal logic. In F. Moller and G. Birtwistle, editors, Logics for Concurrency: Structure versus Automata, LNCS 1043, pp. 238 266, 1996. VW86] ....

[Article contains additional citation context not shown here]

A. Valmari. On-the-fly verification with stubborn sets. In Proc. 5nd CAV, LNCS 697, 1993.

....Most elegant and ambitious are compositional methods (e.g. ASW94, CLM89, GS90] 1 ) which due to the nature of parallel compositions are unfortunately rarely applicable. Partial order methods try to avoid the state explosion problem by suppressing unnecessary interleavings of actions [GW91, Val93, GP93]. But also these methods, which are extremely successful in special cases, do not work in general. In practice, Binary Decision Diagram based codings of the state graph are successfully applied to an interesting class of systems, see e.g. Br86, BCMDH90, EFT91] These codings of the state graph ....

A. Valmari. On-The-Fly Verification with Stubborn Sets. in: C. Courcoubetis (Ed.), Proc. 5th Int. Conf. on Computer Aided Verification (CAV '93), Elounda, Greece, June/July 1993. LNCS 697, Springer Berlin 1993, pp. 397--408.

....free. SPIN is a verification tool for models written in Promela. It is well optimized for the interleaving model and the four types of the properties that can be specified in Promela. It is based on explicit enumeration of the state space. An important optimization is a partial order reduction [6 8] based upon commuting interleaved actions. Progress Loops and Accept Loops Certain states in the specification, referred to as progress states, are labeled with progress annotations. Protocols can be verified either with no fairness imposed, or with weak fairness imposed (weak fairness ....

Antti Valmari. On-the-fly verification with stubborn sets. In Computer Aided Verification, pages 397--408, Elounda, Greece, June 1993.

....[14, 6, 5] This paper shows that partial order reductions lead to more efficient verification algorithms for partial order properties. The paper defines an efficient algorithm for verifying concurrent systems described using Asynchronous Buchi Automata. Our approach differs from that of Valmari [20] and Godefroid and Wolper [6] in representing the property by an ABA rather than by a standard Buchi automaton. Moreover, we do not use sleep sets [6] in order to reduce the state spaces. There are two advantages of the approach presented herein. First, for the properties which are expressible ....

A. Valmari, On-the-fly verification with stubborn sets, LNCS 697, 1993, 397--408.

....in the number of its parallel components. To overcome this problem techniques have been developed in order to avoid the construction of the complete state graph (cf. BFH90, CLM89, CR94, CS90b, DGG93, Fer88, GL93, Jos87, KM89, Kru89, LSW94, LT88, LX90, Pel93, Pnu90, SG89, SG90, Vaa90, Val93, Wal88, Win90, WL89] In this paper we present Correspondence and offprint requests to: Gerald Luttgen. 2 S. Graf, B. Steffen, and G. Luttgen a method for the compositional minimisation of finite state distributed systems , which is practically motivated by the following observation. For the ....

....are expressed by a formula, which must be proved in a separate step. The main disadvantage of his method is that the algorithm is exponential in the size of the assumptions about the environment. Other methods try to avoid the state explosion problem using preorders for verification [GW91, Pel93, Val93] where unnecessary interleavings of actions are suppressed. In [LSW94] a constraintoriented state based proof methodology for concurrent software systems is presented which exploits compositionality and abstraction for the reduction of the (possibly infinite) verification problem under ....

A. Valmari. On-the-fly verification with stubborn sets. In Proceedings of the International Conference on Computer Aided Verification (CAV'93), volume 697 of LNCS, pages 397--408, 1993.

....to explore the state space of a network (or product) of timed automata, since the verification tools must keep information not only on the control structure of the automata but also on the clock values specified by clock constraints. Partial order reduction (e.g. God96, GW90, HP96, Pel93, Val90, Val93] is a well developed technique, whose purpose is to reduce the usage of time and memory in state space exploration by avoiding to explore unnecessary interleavings of independent transitions. It has been successfully applied to finite state systems. However, for timed systems there has been less ....

A. Valmari. On-the-fly verification with stubborn sets. In Courcoubetis, editor, Proc. 5 th Int. Conf. on Computer Aided Verification, number 697 in Lecture Notes in Computer Science, pages 59--70, 1993.

....that certain parts of the state space (such as the edges out of some vertex) can be decomposed into a product. This section is part of joint work ( 16] being carried out with Robbie Gates. It is closely related to the method of generating reduced reachability graphs via stubborn sets ( 45] [44]) The spans of reflexive graphs considered in this section are finite, linear and come equipped with an initial vertex. Given an expression Psi of such spans, we call an edge of (the head of the value of) Psi atomic if it is one of the following types: reflexive in each component of Psi ; ....

Valmari A, On-the-fly verification with stubborn sets, in: Proceedings CAV93, SLCS 697, 397-408, Springer Verlag, 1993.

....[1] Comprehensive surveys of relief strategies are given in [16, 39] extending beyond the CFSM model. Indeed, state explosion is a widespread problem and has been studied at length in other models as well. This is witnessed in particular by the rather eminent partial order verification methods [35, 4, 15, 36, 5, 12, 24]. Despite the efforts on improving state exploration techniques, most relief strategies proposed to date for the CFSM model impose structural restrictions on the protocol attributes. They are either defined exclusively for protocols with only two communicating processes [30, 6 9, 2] or they put ....

....Lastly, LRA relates to the so called partial order reduction methods. Largely independent of the underlying model, these methods have proved adequate for detecting non progress states and nonexecutable transitions [35, 4, 15] and for verifying (on the fly) linear time temporal logic properties [36, 5, 12, 24], including arbitrary safety and liveness properties of concurrent programs. At the heart of partial order reduction methods lies also the observation that in many cases the properties verified are insensitive to the interleaving order of concurrent independent transitions. To exploit this ....

A. Valmari, "On-the-fly verification with stubborn sets," in Proc. CAV'93, LNCS 697, Springer-Verlag, 1993, pp. 397-408.

....depends on how well sets of states can be manipulated efficiently, and therefore, faces similar problems with BDD based methods. Furthermore, the examination of the unreachable states often present other difficulties in applying this method (c.f. LY92] Partial order reduction [Val90, Val91, Val93, God90, GW93, GW94, God95, HP94, Pel94, Pel96] is a fully automatic method, taking advantage of independent transitions in an interleaving model of a system. It has aroused significant interest because of its theoretical intricacy and the good reductions obtained in many systems. However, for ....

.... 1; the original value of x can be obtained by subtracting 1 from the final value of x. 5. 7 Comparison with Other Work Partial Order Techniques The commutative property and the singular property may look similar to the independent properties for partial order reduction methods [Val90, Val91, Val93, God90, GW93, GW94, God95, HP94, Pel94, Pel96] However, the reduction proposed in this chapter depends only on the finite behavior of the reversible rule set and the finite behavior of the other rules w.r.t. to the reversible rule set. Therefore, the detection of the commutative property and ....

A. Valmari. On-the-fly verification with stubborn sets. 5th International Conference on Computer Aided Verification, pages 397--408, June 1993.

.... there is already a wide range of application or structure specific approaches to fight the well known state explosion problem, ranging from the most elegant and ambitious compositional methods [AnSW94, ClLM89, GrSt90] over partial order methods that suppress unnecessary interleavings of actions [GoWo91, GoPi91, Valm93] to Binary Decision Diagram based codings that work for an interesting class of practically relevant systems [Brya86, BCMD90, EnFT91] All these techniques can be accompanied by abstraction: depending on the particular property under investigation, systems may be dramatically reduced by ....

A. Valmari: "On-The-Fly Verification with Stubborn Sets," Proc.CAV'93, Elounda (GR) June 1993, LNCS N.697, pp.397--408.

....actions in Sigma com . When processes are composed, some of their actions cease to be interesting from an external point of view. In most process algebras, such actions are hidden by a special operator that renames them to a special invisible action . Here, we take the approach of Valmari [18] and specify a set Sigma vis Sigma of visible actions (unmatched communications) Only the visible actions of a process are considered when proving equivalence. With most techniques for proving equivalence, a process P = P 1 k Delta Delta Delta k Pn is considered a single composed entity, ....

.... Sigma com and Sigma int are not distinguished since they all represent actions internal to P . In our technique, we do not construct P but work from its components P 1 ; Pn , and therefore need to distinguish between Sigma com and Sigma int . The following definitions are adapted from [18]. Definition 3 Let P = S; Sigma; Delta; s P ) be a process and Sigma vis Sigma be a set of visible actions. ffl For oe 2 Sigma , vis(oe) is the projection of oe onto Sigma vis (i.e. all invisible actions are removed) ffl s oe s 0 , where oe = a 1 : am 2 Sigma , if ....

A. Valmari. On-the-fly verification with stubborn sets. In Courcoubetis [11], pages 397--408.

....Various improvements have been introduced on the classical enumerative exploration of the fully generated model in order to cope with this problem. The first class of improvement try to optimize the exploration of the model, either by avoiding its complete generation ( on the fly techniques [11, 24]) or its complete exploration (Partial order techniques [15, 24] or by exploration of an abstraction of the model [16] A second class of improvement concerns the representation of the model: the aim of symbolic techniques is to avoid the explosive enumerative representation of a model by the ....

....enumerative exploration of the fully generated model in order to cope with this problem. The first class of improvement try to optimize the exploration of the model, either by avoiding its complete generation ( on the fly techniques [11, 24] or its complete exploration (Partial order techniques [15, 24]) or by exploration of an abstraction of the model [16] A second class of improvement concerns the representation of the model: the aim of symbolic techniques is to avoid the explosive enumerative representation of a model by the representation and manipulation of sets of states instead of ....

[Article contains additional citation context not shown here]

A. Valmari. On-the-fly verification with stubborn sets. In C. Courcoubetis, editor, Proceedings of the fifth workshop on Computer-Aided Verificatio n (Elounda, Crete). DIMACS, june 1993.

....of a component are expressed by a formula, which must be proved in a separate step. The main disadvantage of his method is that the algorithm is exponential in the size of the assumptions about the environment. Other methods try to avoid the state explosion problem using preorders for verification [GoW91, Pel93, Val93] where unnecessary interleavings of actions are suppressed. In [LSW94] a constraint oriented state based proof methodology for concurrent software systems is presented which exploits compositionality and abstraction for the reduction of the (possibly infinite) verification problem under ....

Valmari, A.: On-the-fly verification with stubborn sets. In Proceedings of the International Conference on Computer Aided Verification (CAV'93), volume 697 of LNCS, pages 397--408, 1993.

....our abstraction never overestimates the behavior of the signals. The partial order reduction approach to verification of concurrent systems is based on the observation that some checked properties are insensitive to the order in which concurrent or independent events or signals are interleaved [1, 11, 20, 23]. Based on this observation, at each state, only a subset of enabled signals which are independent of the rest of the enabled signals, called an ample set, would be sufficient for exploration. This often reduces the number of states necessary to be explored, dramatically. Interestingly, our ....

....the states in which all hidden signals have stabilized (given fixed external signal values) This symbolic trajectory analysis has two benefits. First, since the hidden signals are independent, non interleaving semantics in which all enabled hidden signals fire simultaneously can be used (e.g. [23]) This reduces the number of iterations that need to be analyzed. Secondly, the hidden signals need not to be BDD variables (the settled values are always expressed in terms of external signals) Notice that this property is a feature of speed independence and is not possible in more general ....

A. Valmari. On-the-fly Verification with Stubborn Sets. In Proc. of the 5th Intl. Conf. on Computer-Aided Verification, Vol. 697 of LNCS, pp. 397-408. Springer-Verlag, 1993.

....is matkin docs.uu.se x e mail adress is bengt docs.uu.se 1 Introduction This paper is concerned with applying partial order techniques to improve symbolic verification methods for state space exploration. ffl The purpose of partial order techniques (e.g. God96, GW90, HP96, Pel93, Val90, Val93] is to avoid exploring several interleavings of independent transitions, i.e. transitions whose execution order is irrelevant, e.g. because they are performed by different processes. When verifying safety properties, partial order methods often give substantial reductions of the search space. ....

....equally well to infinite state Petri Nets as to finite state Petri Nets. We present a test of the reduction on a simple example. Related Work Partial order techniques have been employed in state space exploration, and the literature is continuously expanding (e.g. God96, GW90, HP96, Pel93, Val93] Most of this work employs a symmetric dependency relation as a basis for defining reduction strategies. Asymmetric relations are present in a few works on automated verification, e.g. Val90] The dependency relation can be conditional on the particular state where statements are executed ....

A. Valmari. On-the-fly verification with stubborn sets. In Courcoubetis, editor, Proc. 5 th Int. Conf. on Computer Aided Verification, number 697 in Lecture Notes in Computer Science, pages 59--70, 1993.

No context found.

A. Valmari, On-the-fly verification with stubborn sets, LNCS 697, 1993, 397--408.

No context found.

A. Valmari. On-the-fly verification with stubborn sets. In Proceeding of 5th International Conference on Computer Aided Verification (CAV'93), pages 397--408, 1993. LNCS 697.

No context found.

Valmari, A.: On-the-fly verification with stubborn sets. In: Computer Aided Verification (CAV'93). Volume 697 of LNCS., Springer (1993) 397--408

No context found.

A. Valmari. On-the-fly verification with stubborn sets. In Proceeding of 5th International Conference on Computer Aided Verification (CAV'93), pages 397--408, 1993. LNCS 697.

No context found.

A. Valmari. On-the-fly verification with stubborn sets. In Proceeding of 5th International Conference on Computer Aided Verification (CAV'93), pages 397--408, 1993. LNCS 697.

No context found.

A. Valmari. On-the-fly verification with stubborn sets. In Proceeding of 5th International Conference on Computer Aided Verification (CAV'93), pages 397--408, 1993. LNCS 697.

No context found.

Antti Valmari. On-the-fly verification with stubborn sets. In Computer Aided Verification, pages 397--408, Elounda, Greece, June 1993. 16

No context found.

A. Valmari. On-the-fly verification with stubborn sets. In Proc. of CAV '93,LNCS 697, pages 397--408. Springer Verlag, 1993.

No context found.

Antti Valmari. On-the-fly verification with stubborn sets. In Computer Aided Verification, pages 397--408, Elounda, Greece, June 1993. 16

No context found.

Antti Valmari. On-the-fly verification with stubborn sets. In Computer Aided Verification, pages 397--408, Elounda, Greece, June 1993.

No context found.

A. Valmari, "On-the-fly verification with stubborn sets," in Proc. 5th Conference on Computer Aided Verification (CAV'93), LNCS 697, 1993, pp. 397-408.

No context found.

A. Valmari, On-the-fly Verification with Stubborn Sets, Proceedings of CAV '93, 5th International Conference on Computer-Aided Verification, Elounda, Greece, LNCS 697, pp. 397-408.

No context found.

Valmari A., On-the-fly verification with stubborn sets, Proceedings CAV93, SLCS 697, 397-408, Springer Verlag, 1993.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC