G. J. Holzmann. Algorithms for automated protocol verification. AT&T Technical Journal, 69(2):32--44, Feb. 1990. Special Issue on Protocol Testing, Specification, and Verification.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....classes of heuristic search algorithms. Moreover, weprove a general correctness result for partial order reduction in checking safety properties. Tothe best of our knowledge, at the time of writing none of the steadily growing number of publications addressing heuristic searchinmodelchecking [5,6,21,10,11,16,23] has analyzed howtocombine guided search with partial order reduction. The paper is structured as follows. Section 2 gives some background on directed model checking. Section 3 discusses partial order reduction and a hierarchy of conditions for its application to differentsearch algorithms. This ....

G. J. Holzmann. Algorithms for automated protocol verification. AT&T Technical Journal, 69(2):32--44, Feb. 1990. Special Issue on Protocol Testing, Specification, and Verification.

....cycle condition for partial order reduction known as C3, and we will classify the relaxations with respect to their applicability to different classes of heuristic search algorithms. To the best of our knowledge, at the time of writing no publication addressing heuristic search in model checking [7,8,6,12,4,17,24] has analyzed how to combine guided search with partial order reduction. The paper is structured as follows. Section 2 gives some background on directed model checking. Section 3 discusses partial order reduction and a hierarchy of conditions for its application to different search algorithms. ....

G. J. Holzmann. Algorithms for automated protocol verification. AT&T Technical Journal, 69(2):32--44, Feb. 1990. Special Issue on Protocol Testing, Specification, and Verification.

.... approaches focus on the relatively ambitious objective of systematically integrating design and verification steps, our work yet concentrates on the a posteriori verification of given protocol designs which is also supported by reachability analysis based protocol verification approaches (e.g. Holzmann (1990)) In comparison with present general construction approaches, our approach renders a higher degree of user support. Due to specialisation, e.g. on transfer protocols, one can supply re usable specification and verification elements. In comparison with automated reachability analysis tools, ....

Holzmann, G.J. (1990) Algorithms for Automated Protocol Verification. AT&T Technical Journal, Jan., 32--44.

....classes of heuristic search algorithm. Moreover, we prove a general correctness result for partial order reduction in checking safety properties. To the best of our knowledge, at the time of writing none of the steadily growing number of publications addressing heuristic search in model checking [5, 6, 7, 11, 12, 17, 22] has analyzed how to combine guided search with partial order reduction. The paper is structured as follows. Section 2 gives some background on directed model checking. Section 3 discusses partial order reduction and a hierarchy of conditions for its application to different search algorithms. ....

G. J. Holzmann. Algorithms for automated protocol verification. AT&T Technical Journal, 69(2):32--44, Feb. 1990. Special Issue on Protocol Testing, Specification, and Verification.

....testing was to ensure that the SDL model of the DRAGON conforms to the original specification. This was done by simulating the SDL system using a known set of inputs and observing the outputs. Validation was performed using two well established algorithms called bit state and random walk [17, 18]. These methods were provided by the SDL validator. The second phase of development consists of an RTL implementation model of DRAGON in VHDL. Extensive timing simulations were performed 2 using concurrent video and data traffic. Trace driven performance simulation was performed using an ....

G. J. Holzmann, "Algorithms for Automated Protocol Verification," AT&T Technical Journal, pp. 32--44, January 1990.

....a survey of techniques to verify cache coherence protocols by exploring all the possible sequences of interactions between components in a given protocol model. We are particularly interested in methods with mechanical verification procedures, specifically, methods based on state enumeration [9, 26, 48, 54, 55], symbolic) model checking [11, 18, 67] and symbolic state model [77] In these techniques the protocol is characterized by its state and the verification is based on searching all reachable states exhaustively. From a given state, the exploration of all possible interactions among protocol ....

....number of new states. The expansion process continues and converges when all reachable states have been produced. The major differences among the techniques surveyed in this paper stem from the ways of representing and pruning the state space in order to overcome the state space explosion problem [48]. In general, the state exploration complexity quickly blows up in terms of computation time and memory requirement with the increasing number and complexity of components in the protocol. To deal with this complexity, symmetries, regularities and homogeneities in cache based systems 3 must be ....

[Article contains additional citation context not shown here]

Holzmann, G.J., "Algorithms for Automated Protocol Verification", AT&T Technical Journal, Jan./Feb. 1990.

....the inspection of states with the inspection being stopped when the truth or falsity of the property is known. Both the stubborn set method and the sleep set method support on thefly verification [29, 80] Consequently, they are compatible with the memory saving techniques presented by Holzmann [34, 35], Courcoubetis, Vardi, Wolper, and Yannakakis [17] Godefroid, Holzmann, and Pirottin [26] and Wolper and Leroy [88] There are many approaches attacking the state space explosion problem. We list a few of them, excluding those that have already been mentioned: ffl Time Petri nets are used as ....

Holzmann, G.J.: Algorithms for Automated Protocol Verification. AT&T Technical Journal 69 (1990) 1, pp. 32--44.

....with Other Approaches for Cache Protocol Verification There are several approaches to verify properties of cache protocols. One important class of verification techniques derives from state enumeration methods (reachability or perturbation analysis) which explore all possible system states [8, 16]. Generally, the method starts with a model in which finite state machines specify the behavior of components in the protocol. A global state is the composition of the states of all components. A state expansion process starts in a given initial state and exercises all possible transitions leading ....

....because the order of cache states in the global state representation is irrelevant to the correctness of the protocol. In general, the size of the system state space increases quickly with the number and complexity of the components in the protocol, often creating a state space explosion problem [16]. Verifying a system with increasing numbers of caches becomes rapidly impractical in terms of computation time and memory requirement. As protocols become more complex, it is not clear whether verifying a small scale system model can provide a reliable error coverage for all system sizes [29] ....

Holzmann, G.J., "Algorithms for Automated Protocol Verification", AT\&T Technical Journal, Jan./Feb., 1990.

....in order to decrease the memory consumption. The algorithm checks safety and liveness in separate passes of the reachability graph ( 10] proposes a similar algorithm which integrates both aspects into one exploration) The check of the safety conditions is oriented at the Supertrace algorithm [13, 14]. At first the initial states of the detailed specification Phi will be computed and checked for R2. Then the transitions and reachable states will be computed in order to examine the states for R1 and the transitions for R3. The set of reached states is represented in a hash table. The detailed ....

G. J. Holzmann. Algorithms for automated protocol verification. AT&T Technical Journal, pages 32--44, Jan. 1990.

....Exploration , Model Checking of Refinements , On The Fly Model Checking , and OnThe Fly Model Checking of Liveness Properties . With respect to reachability graph exploration, 28] introduces the construction and exploration of the reachability graph for the validation of finitestate systems. [13] proposes a space efficient state representation by hashed bitmaps and introduces the concept of partial state exploration to encounter the state explosion problem. 17] performs partial exploration on the basis of a limited heap. 27] proposes an enhancement of [13] to reduce the probability of ....

....of finitestate systems. 13] proposes a space efficient state representation by hashed bitmaps and introduces the concept of partial state exploration to encounter the state explosion problem. 17] performs partial exploration on the basis of a limited heap. 27] proposes an enhancement of [13] to reduce the probability of non exhaustive search. With respect to model checking, 5, 6] use state space exploration to check if a formula is met by the corresponding system. 18, 25, 26] propose the application of reachability graph based model checking algorithms for refinement proofs. ....

[Article contains additional citation context not shown here]

G. J. Holzmann. Algorithms for automated protocol verification. Software --- Practice and Experience, 18(2):137--161, Feb. 1988.

....states. States in which the protocol fails to preserve expected correctness properties are classified as erroneous states; otherwise states are permissible. If any erroneous state is reachable, the protocol is incorrect. The major difficulty of this technique is the state space explosion problem [5, 16]; normally the state exploration complexity quickly blows up with the increasing number and complexity of entities involved in the protocol. Reachability analysis has been widely adopted for the automated verification of communication protocols [5, 16, 19, 30] In order to validate a cache ....

....is the state space explosion problem [5, 16] normally the state exploration complexity quickly blows up with the increasing number and complexity of entities involved in the protocol. Reachability analysis has been widely adopted for the automated verification of communication protocols [5, 16, 19, 30]. In order to validate a cache coherence protocol, it is not sufficient to track the possible states; the state models must also capture aspects associated with the consistency of data values. In [29] Rudolf and Segall presented a proof of a snooping protocol by enumerating the various scenarios ....

[Article contains additional citation context not shown here]

G.J. Holzmann, "Algorithms for Automated Protocol Verification," AT\&T Technical Journal, Jan./Feb. 1990.

....develop the methodology in Section 5 and present the results of our study in Section 6. 2 Approaches for Protocol Verification One important class of verification techniques derives from state enumeration methods (reachability or perturbation analysis) which explore all possible system states [10, 13, 15, 29]. Generally, the expansion process starts with a given initial state, from which all possible transitions are exercised, leading to a number of new states. The same process is applied repeatedly for every new state until no new states are generated. Some transitions may lead back to states which ....

....shared, invalid) and (invalid, shared, shared) are deemed equivalent because the order of cache states in the global state representation is irrelevant to the correctness of the protocol. In general, because of the state enumeration complexity and because of the state 5 space explosion [13], verifying a system with a large number of caches becomes rapidly impractical. As protocols become more complex, it is not clear whether verifying a small scale system model can provide a reliable error coverage for all system sizes. To overcome the state space explosion problem, McMillan and ....

Holzmann, G.J., "Algorithms for Automated Protocol Verification", AT\&T Technical Journal, Jan./Feb., 1990.

....States in which the protocol fails to preserve expected correctness properties are classified as erroneous states; otherwise states are permissible. If any erroneous state is reachable, the protocol is incorrect. The major difficulty of this technique is the state space explosion problem [5, 8]; normally the state exploration complexity blows out rapidly with the growing number and complexity of entities involved in the protocol. Reachability analysis has been widely adopted for the automated verification of communication protocols because violations of correctness conditions such as ....

....FIGURE 2. Algorithm for exhaustive search. 12 ent. It is clear that the state space grows exponentially with the complexity of the protocol and the number of entities in the validation model. A quantitative analysis of this technique for verifying small to medium size protocols is presented in [8]. 3.1.1 Pruning the State Space by Counting Equivalence To keep the state space manageable, pruning of redundant states is necessary. Two system states (q 1 , q 2 , q n ) and (s 1 , s 2 , s n ) are strictly equivalent if and only if q i = s i , q i , s i Q, for all 1 ....

G.J. Holzmann " Algorithms for Automated Protocol Verification ", AT\&T Technical Journal, Jan./Feb., 1990.

....state explosion problem. LS84] proposes a method for simplifying distributed system without changing their safety and liveness properties. Algorithms for reducing reachability graphs by preventing the use of impossible transitions are presented in [SLU89, GS91] The Supertrace Algorithm [Hol88, Hol90] uses memory very efficiently by keeping reached states in hashed bit lists accepting a possibly non exhaustive search. BB90] introduces a toolset for functional and performance analysis of protocols. Another approach to limit the state space at reachability graph analysis is model checking. ....

....be adapted to the modelling of TLA and be implemented as a parallel system running on a set of workstations. Invariants of finite state systems and the safety aspects of refinements between finite state systems will be proved automatically. ffl The supertrace reachability graph algorithm [Hol88, Hol90] is under implementation and will be used for the check of invariants of finite state systems. Depending on the cardinality of the state space (and on the memory available) the check either will be a proof or a test with limited coverage. 5 EXPERIENCES 28 ffl An algorithm is in development to ....

Gerard J. Holzmann. Algorithms for automated protocol verification. AT&T Technical Journal, pages 32--44, January 1990.

....the state explosion problem. LS84] proposes a method for simplifying distributed system without changing their safety and liveness properties. Algorithms for reducing reachability graphs by preventing the use of impossible transitions are presented in [SLU89, GS91] The Supertrace Algorithm [Hol88, Hol90] uses memory very efficiently by keeping reached states in hashed bit lists accepting a possibly non exhaustive search. BB90] introduces a toolset for functional and performance analysis of protocols. Another approach to limit the state space at reachability graph analysis is model ....

....will be adapted to the modelling of TLA and be implemented as a parallel system running on a set of workstations. Invariants of finite state systems and the safety aspects of refinements between finite state systems will be proved automatically. ffl The supertrace reachability graph algorithm [Hol88, Hol90] is under implementation and will be used for the check of invariants of finite state systems. Depending on the cardinality of the state space (and on the memory available) the check either will be a proof or a test with limited coverage. 5 EXPERIENCES 28 ffl An algorithm is in ....

Gerard J. Holzmann. Algorithms for automated protocol verification. Software --- Practice and Experience, 18(2):137--161, February 1988.

....desirable. There are several approaches to verify properties of cache protocols. A recent paper surveys these approaches [24] One important class of verification techniques derives from state enumeration methods (reachability or perturbation analysis) which explore all possible system states [7, 15]. Generally, the method starts with a system model in which finite state machines specify the behavior of components in the protocol. A global state is the composition of the states of all components. A state expansion process starts in a given initial state and exercises all possible transitions ....

....graph showing the transition relations among global states is reported. The major drawback of state enumeration approaches is that the size of the system state space increases quickly with the number and complexity of the components in the protocol, often creating a state space explosion problem [15]. Verifying a system with increasing numbers of caches becomes rapidly impractical in terms of computation time and memory requirement. As protocols become more complex, it is not clear whether verifying a small scale system model can provide a reliable error coverage for all system sizes [25] ....

Holzmann, G.J., "Algorithms for Automated Protocol Verification", AT\&T Technical Journal, Jan./Feb., 1990.

....and symmetric. In particular, in a cache based multiprocessor, the behavior of all caches is characterized by the same finite state process. Our symbolic state representations [19] exploit this regularity to yield a very efficient state expansion process without the state explosion problem [9, 11] plaguing other approaches. Additionally, the verification procedure is independent of the system size and is totally reliable. All possible states are explored, as opposed to approaches verifying a small system; in these approaches design errors may appear for system sizes beyond the ....

Holzmann, G.J., "Algorithms for Automated Protocol Verification", AT\&T Technical Journal, Jan./Feb., 1990.

....PROMELA models may be simulated with SPIN. It is possible to insert trace messages in the model, and to look at the state value after each step. From a PROMELA model, SPIN generates a validator that may either attempt a complete space search or a partial one, using the supertrace algorithm[12]. The validator detects all deadlock or livelock situations, violations of logic or linear temporal logic propositions[2 9 10] and unreached code. PROMELA has a very restricted expressive power, in particular, there is no direct means of representing data of type real, multiple dimensions arrays, ....

Holzmann G.J., Algorithms for automated protocol verification, AT&T Technical Journal Jan/Feb, 1990

....search, as detailed in, for instance, 6] The improvement we will consider here is to perform a semi stateless search, maintaining only the depth first stack as a temporary holding place for visited states, but no statespace. This was called a stack search or Type 3 algorithm in the taxonomy of [3]. 2.1 Correctness and Relevance The correctness of the algorithm follows from the fact that a classic depth first search will visit all the states in a graph that are reachable from given start node, independent of whether the reached nodes outside the search stack are marked as visited or not. ....

Holzmann, G.J., Algorithms for automated protocol verification, AT&T Technical Journal, Vol. 69, No. 2, Feb. 1990, pp. 32-44.

....is relatively small, compared to the complexity that is contributed by the system itself. Memory is a bounded resource on any system. It is not difficult to construct a model checker that uses only a small amount of memory, but one can only do so at the expense of unacceptable increases in runtime [35]. A main emphasis of the research in this area has therefore been on devising techniques that can economize the memory requirements of a reachability analysis, without incurring unrealistic increases in runtime requirements. Two such techniques are discussed in the following two sections. 3.4.1 ....

G.J. Holzmann, "Algorithms for Automated Protocol Verification, " AT&T Technical J., vol. 69, no. 1, pp. 32-44, Jan. 1990.

No context found.

G. J. Holzmann. Algorithms for automated protocol verification. AT&T Technical Journal, 69(2):32--44, Feb. 1990. Special Issue on Protocol Testing, Specification, and Verification.

No context found.

G. J. Holzmann. Algorithms for automated protocol verification. AT&T Technical Journal, 69(2):32--44, 1990. Special Issue on Protocol Testing, Specification, and Verification.

No context found.

Holzmann, G.J. "Algorithms for Automated Protocol Verification", AT\&T Technical Journal, Jan./Feb., 1990.

No context found.

Holzmann, G.J., "Algorithms for Automated Protocol Verification", AT\&T Technical Journal, Jan./ Feb. 1990.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC