G. J. Holzmann. State compression in spin. In Third Spin Workshop, Twente University, The Netherlands, 1997.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....However, it appears that this decision hasadverse consequences for formal verification of models. Themain problem is that the state space of a model that uses unbounded buffers is potentially infinite. An important class of formal verification techniques is based on state space exploration [10, 15, 17], including those embodied in automatic verification tools [9, 14, 16] verification using these tools is intractable when statespace explosion occurs. Hence it is desirable to allow specification of buffer bounds for channels so that formal verification techniques and tools can be brought to ....

G. J. Holzmann, "State Compression in Spin," Proceedings of Third Spin Workshop, 1997.

....6 we can see areachable state of the message entries table : The rst free column is empty. There are three messages awaiting acknowledgement (in order 3,0,1) remember that messages 0 was sended #####message 3. A timeout occured for message 0 (FT = 0) during the rst re emission of message 3 (R[3]=1) and message 1 was acknowledged (Ack[1] 1) Despite of the possibility to throwdown a packet, this process has now a deterministic behavior. All choices are made on global variables. the sender s automaton is described in gure 7. Any message emission (in Send new Message and Send Bis ) ....

....proposed by Spin. Spin performs Recursive Indexing, run time penalty is 280 but compared with no compression method, memory needed is decreased to 18,3 only. The default compression mode in Spin is Byte Masking (188 for run time and 83,6 for memory) Reader may nd more informations in [3]. Main results are shown in table 1. All values are brought by the SPIN model checker after validation. Weuseda1Ghz intel pentium 3 CPU with 1Go RAM. In all these cases, we used system s minimizations described in section 4.3. If one of these is discarded, for example, setting the size of the ....

G. Holzmann. State Compression in Spin. Twente University, The Netherlands, April 1997.

.... would be exhausted after only storing 50k states, and 20 states could be evaluated each second (on a SPARC ULTRA60) The solution we adopted to make the storing of states more efficient, was a generalization of the Collapse method 2 http: www.inf.fu berlin.de dahm JavaClass from Spin [25]: each component of the JVM state is stored separately in a table, and the index at which the component is stored is then used to represent the component. More specifically, each component (for example the fields in a class object) is stored in a table for that component, if the specific component ....

G. Holzmann. State Compression in Spin. In Proceedings of the Third Spin Workshop, Twente University, The Netherlands, April 1997.

....of all possible states. Thus, the complexity of the state space of the application to be analyzed may be a limiting factor. Since SSD is essentially a data problem, model checkers were considered unsuitable for this task, even though advanced approaches to state compression have been proposed [6, 17]. There is a great number of theorem provers [22] The Prototype Verification System (PVS) 26, 28, 30] is one of these tools. It has been applied successfully to many substantial examples [27] Even though it is known that PVS has potential bugs, PVS is one of the most popular tools and is thus ....

Holzmann G.J. State Compression in Spin. In: Proc. Third Spin Workshop, Twente, The Netherlands. Twente University, 1997.

....proving and model checking. The IFAD Toolbox supports analysis of specifications by animation and testing. However, it was felt that these features would not be sufficient. Model checkers essentially perform an explicit enumeration of all possible states [29] This principle has been extended [5, 13]. Theorem provers [20] are based on entirely different principles. They allow to formally prove general properties to be satisfied by a specification. There is a great number of theorem provers [23] including HOL, COQ, Isabelle and PVS. We have chosen to use a theorem prover called the Prototype ....

G.J. Holzmann. State compression in spin. Twente Univ., The Netherlands, 1997.

....into the respective language. Information on how to translate a VDM specification into PVS was available ( 1] Model checkers essentially perform an exhaustive search for explicitly checking of all possible system states [6] However, there are (much) more sophisticated approaches [5] [7]. We have chosen to use a theorem prover called the Prototype Verification System (PVS) 11] 14] 15] which has been already been applied successfully to many substantial examples [13] 15 4.2 Development Process Figure 3 shows the approach of integrating analysis into the development ....

G.J. Holzmann. State compression in spin. Twente Univ., The Netherlands, 1997.

....set to a size that suffices to solve the problem, which is typically somewhat smaller than the default. These entries are labeled S297 , to distinguish them from the test results reported in [1] Also added are entries labeled S297 for the same runs with the loss less COLLAPSE compression option [4] enabled, to reduce memory requirements some more for an additional runtime cost. The memory requirements can be reduced still further, at a higher run time penalty, by using the minimized automaton option [6] but we have not pursued this here. The results for XMC and Spin are for different ....

....3 lists all test results, comparing the performance of XMC as reported in [1] with the results for Spin 3.3.0. For the test results marked S330, we only used parameter settings that were sufficient to solve the problem. On the results marked S330 we added the optional COLLAPSE compression mode [4] to reduce the memory requirements without affecting coverage, but while sacrificing some speed. Curiously, the numbers of states searched by Spin, with one exception (1fn) remains larger than reported for XMC, yet the resource requirements are considerably smaller in all cases. We return to this ....

G.J. Holzmann, State Compression in Spin, Proc. Third Spin Workshop, April 1997, Twente University, The Netherlands.

....the default search and graph encoding technique: whereas the default search is fast and consumes more memory, the graph encoding technique is slower but reduces the memory requirements considerably. An experiment with the recursive indexing method (option DCOLLAPSE of Spin version 2.9. 5 upwards) [11] turned out to be worse in time and space than the default search (313MB memory, 00:42:55h) which means that we could not benefit from this reduction technique. The reason is that all data is global in our models, but recursive indexing exploits the fact that data is associated with processes ....

G.J. Holzmann. State Compression in Spin. Proc. Third Spin Workshop, April 1997.

.... A and B of size m and n, the minimized DFA C such that L(C) L(A) L(B) can be computed in expected time O(mnj Sigmaj) 5 Application The Spin verification system uses an on the fly LTL model checking procedure based on explicit state enumeration [6] Reachable system states are compressed [5], and stored in a hash table as simple byte sequences. The maximum amount of memory available to the model checker sets a trivial upper bound to the maximum state space size that can be explored in this way. The search strategy itself is a modified depth first search, described in more detail in ....

....is removed from the search stack, the tag becomes non zero, and the state is stored again, with maximal sharing of information between the two copies of the state. Checking with the member function Algorithm States Nodes Mem. Mb) Time (sec. 1 No Compression [6] 417321 63.2 18.61 2 Collapse [5] 417321 11.7 43.56 3 DFA 417321 156744 7.6 201.05 4 DFA Collapse 417321 17486 3.5 200.49 5 GETSs [3] 417321 166833 7.4 225.03 6 OBDDs Collapse [10] 417321 357247 13.7 3463.72 Table 2: Measurements and Comparison for a file transfer protocol. for the presence of the second copy of the state ....

[Article contains additional citation context not shown here]

G.J. Holzmann. State compression in Spin, Proc. Third Spin Workshop, Twente University, The Netherlands, April 1997.

No context found.

G. J. Holzmann. State compression in spin. In Third Spin Workshop, Twente University, The Netherlands, 1997.

No context found.

G. J. Holzmann. State compression in SPIN. In 3rd International SPIN Workshop on Software Model Checking, 1997.

No context found.

G. J. Holzmann. State Compression in SPIN. In Third Spin Workshop,Twente University, The Netherlands, 1997.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC