heuristics for checking liveness properties with partial
play

Heuristics for Checking Liveness Properties with Partial Order - PowerPoint PPT Presentation

May 13, 2023 •417 likes •941 views

Heuristics for Checking Liveness Properties with Partial Order Reductions A. Duret-Lutz, F. Kordon, D. Poitrenaud, E. Renault Tuesday, October 18th E. Renault ATVA16 Tuesday, October 18th 1 / 17 State Space Explosion Two concurrent

  1. Heuristics for Checking Liveness Properties with Partial Order Reductions A. Duret-Lutz, F. Kordon, D. Poitrenaud, E. Renault Tuesday, October 18th E. Renault ATVA’16 Tuesday, October 18th 1 / 17

  2. State Space Explosion Two concurrent processes β independent of α 1 , α 2 , and α 3 Process 1 Process 2 State Space α 3 α 3 α 1 α 2 β β β β β β β β α 1 α 2 α 1 α 2 α 3 E. Renault Context Tuesday, October 18th 2 / 17

  3. State Space Explosion Two concurrent processes β independent of α 1 , α 2 , and α 3 Process 1 Process 2 State Space α 3 α 3 α 1 α 2 β β β β β β β β α 1 α 2 α 1 α 2 α 3 Process interleavings are one of the main sources of state-space explosion for explicit model checkers E. Renault Context Tuesday, October 18th 2 / 17

  4. Partial Order Reductions (POR) Build a reduced state space For each state only consider a reduced subset of actions State Space Possible Reduced State Space α 3 α 3 α 1 α 2 α 1 α 2 β β β β β β β β β β β β α 1 α 2 α 1 α 2 α 3 α 3 POR work only iff the property to check belongs to LTL \ X E. Renault Context Tuesday, October 18th 3 / 17

  5. The Ignoring Problem for Liveness Properties If the same actions are consistently ignored along a cycle, they may never be executed (below β is never executed) α 3 α 1 α 2 β β β β β β α 1 α 2 α 3 E. Renault Context Tuesday, October 18th 4 / 17

  6. The Ignoring Problem for Liveness Properties If the same actions are consistently ignored along a cycle, they may never be executed (below β is never executed) α 3 α 1 α 2 β β β β β β α 1 α 2 α 3 Requires an extra condition: the proviso A proviso a ensures that every cycle in the reduced graph contains at least one expanded state , i.e, a state where all actions are considered. a More simpler provisos can be applied for safety properties Evangelista and Pajault [2010] E. Renault Context Tuesday, October 18th 4 / 17

  7. Model Checking LTL \ X with POR Use classical DFS-based emptiness checks During DFS: how to detect cycles without expanded states? which state to expand in a cycle? Objectives: Choose states to expand states in order to have the smallest reduced state space E. Renault Objectives Tuesday, October 18th 5 / 17

  8. Variations on SPIN’s proviso Source [Peled, 1994] CondSource Expanded state Not expanded state Already visited edge E. Renault Variations on SPIN’s proviso Tuesday, October 18th 6 / 17

  9. Variations on SPIN’s proviso Source [Peled, 1994] CondSource Systematically expands the source of a backedge Expanded state Not expanded state Already visited edge E. Renault Variations on SPIN’s proviso Tuesday, October 18th 6 / 17

  10. Variations on SPIN’s proviso Source [Peled, 1994] CondSource Systematically expands the source of a backedge Expanded state Not expanded state Already visited edge E. Renault Variations on SPIN’s proviso Tuesday, October 18th 6 / 17

  11. Variations on SPIN’s proviso Source [Peled, 1994] CondSource Systematically expands the Expands the source of source of a backedge backedge iff destination is not expanded Expanded state Not expanded state Already visited edge E. Renault Variations on SPIN’s proviso Tuesday, October 18th 6 / 17

  12. Evaluation 38 models from the BEEM benchmark reduced implements the stubborn-set method from Valmari Each model is run 100 times with different transition order states (10 6 ) transitions (10 6 ) st/ms Full 784.45 100.00% 2,677.73 100.00% 17.90 Source [Peled, 1994] 303.21 38.65% 679.16 25.36% 12.33 CondSource 252.83 32.23% 518.80 19.37% 11.85 None 57.58 7.34% 97.65 3.65% 22.65 E. Renault Variations on SPIN’s proviso Tuesday, October 18th 7 / 17

  13. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  14. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  15. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  16. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  17. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded Weighted Scan Known E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  18. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded Weighted Scan Known weight: 0 Keep track of exp- -anded states on DFS E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  19. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded Weighted Scan Known weight: 0 weight: 1 Keep track of exp- -anded states on DFS E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  20. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded Weighted Scan Known weight: 0 weight: 1 weight: 1 Keep track of exp- -anded states on DFS E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  21. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded Weighted Scan Known weight: 0 weight: 1 weight: 1 Keep track of exp- -anded states on DFS E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  22. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded Weighted Scan Known weight: 0 weight: 1 weight: 1 Keep track of exp- Early tag -anded states on DFS “safe” states E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  23. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded Weighted Scan Known weight: 0 weight: 1 weight: 1 Keep track of exp- Early tag -anded states on DFS “safe” states E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  24. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded Weighted Scan Known weight: 0 weight: 1 weight: 1 Keep track of exp- Early tag -anded states on DFS “safe” states E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  25. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded Weighted Scan Known weight: 0 weight: 1 weight: 1 Keep track of exp- Early tag -anded states on DFS “safe” states E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  26. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded Weighted Scan Known weight: 0 weight: 1 weight: 1 Keep track of exp- Early tag Prioritizing known -anded states on DFS “safe” states successors E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  27. Evaluation of each optimization states (10 6 ) transitions (10 6 ) st/ms Full 784.45 100.00% 2,677.73 100.00% 17.90 Source [Peled, 1994] 303.21 38.65% 679.16 25.36% 12.33 WeightedSource 263.43 33.58% 537.56 20.08% 11.68 WeightedSourceKnown 1 262.63 33.48% 534.35 19.96% 11.77 CondSource 252.83 32.23% 518.80 19.37% 11.85 CondSourceKnown 251.05 32.00% 510.91 19.08% 11.89 WeightedSourceScan 250.49 31.93% 505.98 18.90% 11.67 WeightedSourceKnownScan 1 248.11 31.63% 498.68 18.62% 11.70 None 57.58 7.34% 97.65 3.65% 22.65 Source have the best throughput Most of the improvement comes from Cond Evangelista’s provisos outperforms Source 1 [Evangelista and Pajault, 2010] E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 9 / 17

  28. Provisos Based on Destination Expansion Proposed by Nalumasu and Gopalakrishnan [2002] in a narrower context Source Dest Systematically expands the source of a backegde E. Renault Destination Expansion Based Provisos Tuesday, October 18th 10 / 17

Recommend

Liveness Checking as Safety Checking to Find Shortest Counterexamples to Linear Time Properties

Liveness Checking as Safety Checking to Find Shortest Counterexamples to Linear Time Properties

Liveness Checking as Safety Checking to Find Shortest Counterexamples to Linear Time Properties Viktor Schuppan Computer Systems Institute, ETH Z urich http://www.inf.ethz.ch/schuppan/ Defense Thesis ETH 16268 September 28, 2005, Z

382 views • 19 slides
Type checking liveness properties of mobile processes Maxime Gamboni 1 Instituto de

Type checking liveness properties of mobile processes Maxime Gamboni 1 Instituto de

Type checking liveness properties of mobile processes Maxime Gamboni 1 Instituto de Telecomunica c oes, Instituto Superior T ecnico October 30, 2008 1 Joint work with Ant onio Ravara Motivation TyPiCal Receptiveness,

983 views • 59 slides
Liveness Checking as Safety Checking FMICS, July 12 13, Malaga, Spain Armin Biere, Cyrille

Liveness Checking as Safety Checking FMICS, July 12 13, Malaga, Spain Armin Biere, Cyrille

Liveness Checking as Safety Checking FMICS, July 12 13, Malaga, Spain Armin Biere, Cyrille Artho, Viktor Schuppan http://www.inf.ethz.ch/schuppan/ Safety vs. Liveness 1 Safety Liveness Something bad will not Something good will

480 views • 31 slides
On proving liveness properties of programs Alexey Gotsman University of Cambridge joint work

On proving liveness properties of programs Alexey Gotsman University of Cambridge joint work

On proving liveness properties of programs Alexey Gotsman University of Cambridge joint work with Byron Cook, Andreas Podelski, and Andrey Rybalchenko BCTCS06, 6 April 2006 State-of-the-art Systems Model checking Abstraction Properties

484 views • 13 slides
Liveness Checking as Safety Checking for Infinite State Spaces Viktor Schuppan 1 , Armin Biere 2 1

Liveness Checking as Safety Checking for Infinite State Spaces Viktor Schuppan 1 , Armin Biere 2 1

Liveness Checking as Safety Checking for Infinite State Spaces Viktor Schuppan 1 , Armin Biere 2 1 Computer Systems Institute, ETH Z urich 2 Institute for Formal Models and Verification, JKU Linz http://www.inf.ethz.ch/schuppan/

1.23k views • 18 slides
COMP31212: Concurrency Topic 5.3: Liveness and Topic 5.4 Fairness Topic 5.3: Liveness Properties

COMP31212: Concurrency Topic 5.3: Liveness and Topic 5.4 Fairness Topic 5.3: Liveness Properties

Topic 5.3: Liveness Properties Topic 5.4: Fairness and Starvation COMP31212: Concurrency Topic 5.3: Liveness and Topic 5.4 Fairness Topic 5.3: Liveness Properties Topic 5.4: Fairness and Starvation Outline Topic 5.3: Liveness Properties

509 views • 34 slides
Generalized Counterexamples to Liveness Properties Gadi Aleksandrowicz Jason Baumgartner

Generalized Counterexamples to Liveness Properties Gadi Aleksandrowicz Jason Baumgartner

Generalized Counterexamples to Liveness Properties Gadi Aleksandrowicz Jason Baumgartner Alexander Ivrii Ziv Nevo IBM Outline Generalized counterexamples to liveness and why they are especially interesting How to detect that a

135 views • 12 slides
Categorical Liveness Checking by Corecursive Algebras Natsuki Urabe, Masaki Hara &

Categorical Liveness Checking by Corecursive Algebras Natsuki Urabe, Masaki Hara &

Categorical Liveness Checking by Corecursive Algebras Natsuki Urabe, Masaki Hara & Ichiro Hasuo June 20, 2017 Natsuki Urabe (U. Tokyo) 1 / 29 Motivation ranking function nondeterministic system Natsuki Urabe (U.

1.01k views • 68 slides
Efficiently completing partial configurations Toward automatically learned search heuristics for

Efficiently completing partial configurations Toward automatically learned search heuristics for

Efficiently completing partial configurations Toward automatically learned search heuristics for CSP-encoded configuration problems Results from an initial experimental analysis Dietmar Jannach TU Dortmund, Germany 1

492 views • 20 slides
Checking Graph Properties with GP Chris Poskitt (cmp501@cs.york.ac.uk) The University of York

Checking Graph Properties with GP Chris Poskitt (cmp501@cs.york.ac.uk) The University of York

Checking Graph Properties with GP Checking Graph Properties with GP Chris Poskitt (cmp501@cs.york.ac.uk) The University of York PLASMA Seminar: 5th March 2009 Checking Graph Properties with GP Motivation Todays Talk 1. Motivation 2. GP

874 views • 52 slides
Ch. 10 Avoiding Liveness Hazards J ESPER P EDERSEN N OTANDER Liveness and Safety A liveness

Ch. 10 Avoiding Liveness Hazards J ESPER P EDERSEN N OTANDER Liveness and Safety A liveness

Ch. 10 Avoiding Liveness Hazards J ESPER P EDERSEN N OTANDER Liveness and Safety A liveness property, something good eventually happens. e.g. program termination. A safety property, something bad never happens. e.g.

338 views • 16 slides
Heuristics for Planning under Partial Observability with Sensing Actions Shlomi Maliah Guy Shani

Heuristics for Planning under Partial Observability with Sensing Actions Shlomi Maliah Guy Shani

Motivation Landmarks for PPOS The Heuristic Contingent Planner Empirical Evaluation Heuristics for Planning under Partial Observability with Sensing Actions Shlomi Maliah Guy Shani Ronen Brafman Erez Karpas ICAPS 2013 Workshop on Heuristic

685 views • 30 slides
Ensuring Liveness Properties of Distributed Systems (A Research Agenda) Rob van Glabbeek

Ensuring Liveness Properties of Distributed Systems (A Research Agenda) Rob van Glabbeek

Ensuring Liveness Properties of Distributed Systems (A Research Agenda) Rob van Glabbeek Data61, CSIRO, Sydney, Australia University of New South Wales, Sydney, Australia September 2016 Distributed Systems systems consisting of multiple

878 views • 29 slides
Dynamic Partial-Order Reduction for Model Checking Software Cormac Flanagan Patrice Godefroid

Dynamic Partial-Order Reduction for Model Checking Software Cormac Flanagan Patrice Godefroid

Dynamic Partial-Order Reduction for Model Checking Software Cormac Flanagan Patrice Godefroid UC Santa Cruz Bell Labs Presented by: Ulrich Mller Model Checking Given a multithreaded program Wed like to check for deadlocks and

462 views • 17 slides
Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole Model Checking C Model checking: normally applied to formal state transition systems checks safety and

439 views • 17 slides
Towards efficient model checking for variants of ATL under different semantics Wojciech Penczek

Towards efficient model checking for variants of ATL under different semantics Wojciech Penczek

Specification of Strategic Abilities in ATL* Model checking Multi-Valued ATL* Partial order reductions for sATL* Simpler strategies for Timed ATL Conclusions Towards efficient model checking for variants of ATL under different semantics

1.1k views • 88 slides
Efficient Model Checking of Safety Properties Timo Latvala timo.latvala@hut.fi Laboratory for

Efficient Model Checking of Safety Properties Timo Latvala timo.latvala@hut.fi Laboratory for

Efficient Model Checking of Safety Properties Timo Latvala timo.latvala@hut.fi Laboratory for Theoretical Computer Science Helsinki University of Technology Finland Spin 2003 p.1/16 Introduction Safety properties properties

669 views • 44 slides
Lecture 4: Checking properties in NuSMV B. Srivathsan Chennai Mathematical Institute Model

Lecture 4: Checking properties in NuSMV B. Srivathsan Chennai Mathematical Institute Model

Lecture 4: Checking properties in NuSMV B. Srivathsan Chennai Mathematical Institute Model Checking and Systems Verification January - April 2016 1 / 43 Outline Module 1: Synchronous Vs Asynchronous composition Module 2: More examples

1.11k views • 90 slides
Propositional Approximations for Bounded Model Checking of Partial Circuit Designs Ralf Wimmer

Propositional Approximations for Bounded Model Checking of Partial Circuit Designs Ralf Wimmer

Propositional Approximations for Bounded Model Checking of Partial Circuit Designs Ralf Wimmer (joint work with Bernd Becker, Marc Herbstritt, Natalia Kalinnik, Matthew Lewis, Juri Lichtner, Tobias Nopper) Albert-Ludwigs-University Freiburg im

281 views • 27 slides
Type Checking General properties of type systems Types in programming languages

Type Checking General properties of type systems Types in programming languages

Outline Type Checking General properties of type systems Types in programming languages Notation for type rules Logical rules of inference Common type rules 2 Static Checking Static Checking (Cont.) Refers to

896 views • 10 slides
Checking Extended CTL Properties Using Guarded Quotient Structure Xiaodong Wang advised by:

Checking Extended CTL Properties Using Guarded Quotient Structure Xiaodong Wang advised by:

Checking Extended CTL Properties Using Guarded Quotient Structure Xiaodong Wang advised by: Professor Sistla Outline Part I: Symmetry based method Part II: CCTL logic Part III: Input language Part IV: Model checking algorithm

630 views • 60 slides
Scalable Verification of Design with Multiple Properties Rohit Dureja Iowa State University

Scalable Verification of Design with Multiple Properties Rohit Dureja Iowa State University

Scalable Verification of Design with Multiple Properties Rohit Dureja Iowa State University October 23, 2019 Model Checking 2 Model Checking Usually multiple properties to be verified 3 Model Checking Report 4 Model Checking Report

446 views • 9 slides
Multi-Core Partial-Order Reduction for LTL Model Checking Alfons Laarman alfons@laarman.com

Multi-Core Partial-Order Reduction for LTL Model Checking Alfons Laarman alfons@laarman.com

MC-MC POR LTL MC-POR Conclusions Multi-Core Partial-Order Reduction for LTL Model Checking Alfons Laarman alfons@laarman.com joint work with Anton Wijs (Eindhoven University of Technology) Formal Methods in Systems Engineering Vienna

749 views • 45 slides
Safety & Liveness Properties DM519 Concurrent Programming 1 Chapter 6 Repetition:

Safety & Liveness Properties DM519 Concurrent Programming 1 Chapter 6 Repetition:

Chapter 7 Safety & Liveness Properties DM519 Concurrent Programming 1 Chapter 6 Repetition: Deadlock DM519 Concurrent Programming 2 Concepts, Models, And Practice u Concepts l deadlock (no further progress) l 4x necessary

1.02k views • 76 slides

More recommend