C. Norris Ip and David L. Dill. State reduction using reversible rules. 33rd Design Automation Conference, June 1996.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....represented symbolically by decision diagrams usually OBDDs as in symbolic model checking [9] i.e. traversal leads for many designs to graph explosion or long computation times. Various techniques exist to tackle these problems which allow pushing the limit further (e.g. by state reduction [16]) but either do not provide a general solution for fast automatic traversal of large circuits or their area of application is restricted (e.g. 3] Techniques generating a single formula for the verification problem which is verified afterwards with a formula checker like SVC [4, 5, 17] have ....

C. N. Ip and D. L. Dill. State reduction using reversible rules. In DAC'96, 1996.

....supported in FDR by the CSP notions of channels and events, it is modeled by shared variables in Mur . Second, Mur currently implements a richer set of methods for increasing the size of the protocols that can be verified, including symmetry reduction [4] hash compaction [17] reversible rules [5], and repetition constructors [6] In addition, there is a parallel version of the Mur verifier [15] Although available for internal use, the latter three techniques are not yet in the public Mur release. 2.2 The methodology In outline, we have analyzed protocols using the following sequence ....

C. N. Ip and D. L. Dill. State reduction using reversible rules. In 33rd Design Automation Conference, pages 564--7, 1996.

....also the runtime. If the reduction factor is small or if the technique has a high runtime overhead, the runtime might actually increase. Two intensively studied and effective classes of state reduction techniques are abstraction techniques and partial order techniques. Abstraction techniques [88, 58, 45, 47, 48] attempt to replace the protocol under verification by a simpler (abstract) one. Partial order techniques [84, 29, 39, 63] aim at avoiding the state explosion caused by modeling of concurrency by interleaving. A state reduction technique typically exploits a certain characteristic of the protocol ....

....combination on a parallel machine with 100 nodes and large disks, for example, typically five orders of magnitude more states can be explored while the time per state is reduced by two orders of magnitude. In addition, the techniques can be combined with the state reduction techniques in Mur [45, 47, 48] to allow even larger protocols to be verified. Note that all three of the techniques presented in this thesis require a breadth first exploration of the state space. Hash compaction can also be used with depth first search but at the cost of roughly doubling the memory requirements. Hence, ....

[Article contains additional citation context not shown here]

C. N. Ip and D. L. Dill. State reduction using reversible rules. In 33rd Design Automation Conference, pages 564--7, 1996.

....a singly linked list of processors which share a cache line. The finite state techniques we have applied do not scale especially well for this protocol. We have tried explicit state methods (specifically our Mur verifier) with techniques such as symmetry reduction, reversible rule reduction [36], and special verification methods for parameterized families of protocols, as well as BDD based techniques [6] None of these methods has allowed us to verify systems with more than about 5 list cells, because we do not have a good way of compressing or abstracting states containing linked lists. ....

C. Norris Ip and David Dill. State reduction using reversible rules. In Proceedings of 33rd Design Automation Conference, June 1996.

....processes interact by reading and writing shared variables. The Mur verifier works by explicitly generating states and storing them in a hash table. We have put some effort into developing state reduction techniques, including symmetry reduction [ID93a, ID93b] exploitation of reversible rules [ID96a], and verification of systems with varying numbers of replicated components [ID96b] We have also investigated probabilistic verification techniques in Mur [SD95c] The Mur description language was inspired by Misra and Chandy s Unity formalism [CM88] A Mur description consists of a ....

....avoids storing transient states in the state table. The optimization works by identifying rules that do not lose information when they are executed. The verifier can execute the backwards to map normalize transient states by finding a unique non transient progenitor state from which they evolved [ID96a]. Most recently, we have developed a way of verifying certain systems with arbitrary numbers of replicated components in Mur [ID96b] The replicated components are flagged by using a datatype RepetitiveID, which is similar to a scalarset type but even more restricted. The verifier exploits this ....

C. Norris Ip and David L. Dill. State reduction using reversible rules. 33rd Design Automation Conference, June 1996.

....such as partial order reduction [Pel96,Val93,GW94] and symmetry reduction [Eme96] can be used to reduce the number of states that a verification algorithm needs to store and examine. The resulting memory usage and verification time were reduced by more than a few order of magnitudes. In [ID96] a state reduction method was introduced to further reduce the size of a state graph, using the notion of reversible rules to collapse subgraphs of the state space into abstract states. It is motivated by the following observation: If the execution of a transition rule r generates the state q ....

....(http: www.springer.de comp lncs index.html) 2 q and q 0 can often be generated from each other, and in such cases, only one of them needs to be stored in memory for verification purposes. This paper describes a state reduction method based on the same observation. Compared to [ID96] the actual definition of reversible rules in this paper is simplified and generalized. First of all, it has been simplified so that it is easier to apply the state reduction method in practice. On one hand, the detection of many reversible rules and the construction of their corresponding ....

[Article contains additional citation context not shown here]

C. Norris Ip and David L. Dill. State reduction using reversible rules. 33rd Design Automation Conference, pages 564--567, June 1996.

....it does not help much in reducing the number of non maximal states. 4 Practical Results The abstraction with the repetition constructors can be combined easily with the other two reduction strategies implemented in Mur : symmetry reduction [ID93a, ID93b] and reduction by reversible rules [ID96] We present in this section the verification results for an industrial cache coherence protocol (ICCP) using the Mur verification system. This protocol is a typical centraldirectory based cache coherence protocol, as described in [DDHY92] Because of data forwarding, some replicated ....

C. Norris Ip and David L. Dill. State reduction using reversible rules. 33rd Design Automation Conference, June 1996.

....to improve explicit state enumeration. First, state reduction methods have been developed that aim at reducing the size of the reachability graph while ensuring that protocol errors will still be detected. Examples would be partial order techniques [38, 13, 20, 30] and abstraction techniques [39, 2, 24, 26, 27]. These methods directly tackle the main problem in reachability analysis: the very large number of reachable states of most protocols. The second approach aims at reducing the amount of memory needed to perform the reachability analysis. The memory requirement in explicit state enumeration stems ....

C. N. Ip and D. L. Dill. State reduction using reversible rules. In 33rd Design Automation Conference, pages 564--7, 1996.

....functions allows multiplication of the reported bounds. The new scheme is compatible with several methods that aim at reducing the size of the reachability graph while ensuring that errors will still be detected. Examples would be exploiting symmetries (Ip and Dill 1993) and reversible rules (Ip and Dill 1996). When combining different techniques, one usually observes that runtime becomes the new major limiting factor in verification, which increases the priority of research into accelerating explicit state verification methods. When using a depth first traversal of the state space, one recommendation ....

C. N. Ip and D. L. Dill (1996) State reduction using reversible rules. In 33rd Design Automation Conference.

....slide for a conference to form an online presentation. Any comment welcomed. Norris Ip copyright 1996, Norris Ip STATE REDUCTION USING REVERSIBLE RULES C. Norris Ip (jointed work with David L. Dill) Stanford University, California, U.S.A. Page 1 ffl This is a presentation on the paper in DAC 96 [ID96a]. ffl Historical Note: This technique was originally developed to reduce the number of replicated components in a saturated abstract model using repetition constructors [ID96b] To our surprise, this technique turned out to be independent of the abstraction. It is useful on its own, with ....

C. Norris Ip and David L. Dill. State reduction using reversible rules. 33rd Design Automation Conference, June 1996.

....as a result of the overheads in performing the abstraction. To investigate the performance with repetitiveIDs for systems with large numbers of components, this abstraction is used in combination with the reduction using reversible rules. The reduction using reversible rules is discussed in [22], which takes advantage of the fact that some transitions in the protocol are reversible, that is, there is no information lost during the execution of these transition. Therefore, a lot of transient states can be removed from the state graph by reconstructing the states before the execution of ....

....of 1 to n components, where n being the size of the system with a saturated state graph. Finally, this abstraction using repetition constructors can be combined easily with the other two reduction strategies implemented in Mur : symmetry reduction [19, 20] and reduction by reversible rules [22]. The ability to combine these techniques has further increased the complexity of designs that can be verified using fully automatic formal verification tools. Acknowledgements We would like to thank Fong Pong for the discussion on the symbolic state model, Ganesh Gopalakrishnan, Seungjoon Park, ....

C. Norris Ip and David L. Dill. State reduction using reversible rules. 33rd Design Automation Conference, pages 564--567, June 1996.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC