heuristics for checking liveness properties with partial
play

Heuristics for Checking Liveness Properties with Partial Order - PowerPoint PPT Presentation

May 13, 2023 •417 likes •941 views

Heuristics for Checking Liveness Properties with Partial Order Reductions A. Duret-Lutz, F. Kordon, D. Poitrenaud, E. Renault Tuesday, October 18th E. Renault ATVA16 Tuesday, October 18th 1 / 17 State Space Explosion Two concurrent

  1. Heuristics for Checking Liveness Properties with Partial Order Reductions A. Duret-Lutz, F. Kordon, D. Poitrenaud, E. Renault Tuesday, October 18th E. Renault ATVA’16 Tuesday, October 18th 1 / 17

  2. State Space Explosion Two concurrent processes β independent of α 1 , α 2 , and α 3 Process 1 Process 2 State Space α 3 α 3 α 1 α 2 β β β β β β β β α 1 α 2 α 1 α 2 α 3 E. Renault Context Tuesday, October 18th 2 / 17

  3. State Space Explosion Two concurrent processes β independent of α 1 , α 2 , and α 3 Process 1 Process 2 State Space α 3 α 3 α 1 α 2 β β β β β β β β α 1 α 2 α 1 α 2 α 3 Process interleavings are one of the main sources of state-space explosion for explicit model checkers E. Renault Context Tuesday, October 18th 2 / 17

  4. Partial Order Reductions (POR) Build a reduced state space For each state only consider a reduced subset of actions State Space Possible Reduced State Space α 3 α 3 α 1 α 2 α 1 α 2 β β β β β β β β β β β β α 1 α 2 α 1 α 2 α 3 α 3 POR work only iff the property to check belongs to LTL \ X E. Renault Context Tuesday, October 18th 3 / 17

  5. The Ignoring Problem for Liveness Properties If the same actions are consistently ignored along a cycle, they may never be executed (below β is never executed) α 3 α 1 α 2 β β β β β β α 1 α 2 α 3 E. Renault Context Tuesday, October 18th 4 / 17

  6. The Ignoring Problem for Liveness Properties If the same actions are consistently ignored along a cycle, they may never be executed (below β is never executed) α 3 α 1 α 2 β β β β β β α 1 α 2 α 3 Requires an extra condition: the proviso A proviso a ensures that every cycle in the reduced graph contains at least one expanded state , i.e, a state where all actions are considered. a More simpler provisos can be applied for safety properties Evangelista and Pajault [2010] E. Renault Context Tuesday, October 18th 4 / 17

  7. Model Checking LTL \ X with POR Use classical DFS-based emptiness checks During DFS: how to detect cycles without expanded states? which state to expand in a cycle? Objectives: Choose states to expand states in order to have the smallest reduced state space E. Renault Objectives Tuesday, October 18th 5 / 17

  8. Variations on SPIN’s proviso Source [Peled, 1994] CondSource Expanded state Not expanded state Already visited edge E. Renault Variations on SPIN’s proviso Tuesday, October 18th 6 / 17

  9. Variations on SPIN’s proviso Source [Peled, 1994] CondSource Systematically expands the source of a backedge Expanded state Not expanded state Already visited edge E. Renault Variations on SPIN’s proviso Tuesday, October 18th 6 / 17

  10. Variations on SPIN’s proviso Source [Peled, 1994] CondSource Systematically expands the source of a backedge Expanded state Not expanded state Already visited edge E. Renault Variations on SPIN’s proviso Tuesday, October 18th 6 / 17

  11. Variations on SPIN’s proviso Source [Peled, 1994] CondSource Systematically expands the Expands the source of source of a backedge backedge iff destination is not expanded Expanded state Not expanded state Already visited edge E. Renault Variations on SPIN’s proviso Tuesday, October 18th 6 / 17

  12. Evaluation 38 models from the BEEM benchmark reduced implements the stubborn-set method from Valmari Each model is run 100 times with different transition order states (10 6 ) transitions (10 6 ) st/ms Full 784.45 100.00% 2,677.73 100.00% 17.90 Source [Peled, 1994] 303.21 38.65% 679.16 25.36% 12.33 CondSource 252.83 32.23% 518.80 19.37% 11.85 None 57.58 7.34% 97.65 3.65% 22.65 E. Renault Variations on SPIN’s proviso Tuesday, October 18th 7 / 17

  13. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  14. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  15. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  16. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  17. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded Weighted Scan Known E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  18. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded Weighted Scan Known weight: 0 Keep track of exp- -anded states on DFS E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  19. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded Weighted Scan Known weight: 0 weight: 1 Keep track of exp- -anded states on DFS E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  20. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded Weighted Scan Known weight: 0 weight: 1 weight: 1 Keep track of exp- -anded states on DFS E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  21. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded Weighted Scan Known weight: 0 weight: 1 weight: 1 Keep track of exp- -anded states on DFS E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  22. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded Weighted Scan Known weight: 0 weight: 1 weight: 1 Keep track of exp- Early tag -anded states on DFS “safe” states E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  23. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded Weighted Scan Known weight: 0 weight: 1 weight: 1 Keep track of exp- Early tag -anded states on DFS “safe” states E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  24. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded Weighted Scan Known weight: 0 weight: 1 weight: 1 Keep track of exp- Early tag -anded states on DFS “safe” states E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  25. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded Weighted Scan Known weight: 0 weight: 1 weight: 1 Keep track of exp- Early tag -anded states on DFS “safe” states E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  26. Deconstructing Evangelista and Pajault [2010] proviso Based on CondSource Try to reduce useless expansions: Must consider all closing-edges: Colors: safe, dangerous, on-dfs & not expanded Weighted Scan Known weight: 0 weight: 1 weight: 1 Keep track of exp- Early tag Prioritizing known -anded states on DFS “safe” states successors E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 8 / 17

  27. Evaluation of each optimization states (10 6 ) transitions (10 6 ) st/ms Full 784.45 100.00% 2,677.73 100.00% 17.90 Source [Peled, 1994] 303.21 38.65% 679.16 25.36% 12.33 WeightedSource 263.43 33.58% 537.56 20.08% 11.68 WeightedSourceKnown 1 262.63 33.48% 534.35 19.96% 11.77 CondSource 252.83 32.23% 518.80 19.37% 11.85 CondSourceKnown 251.05 32.00% 510.91 19.08% 11.89 WeightedSourceScan 250.49 31.93% 505.98 18.90% 11.67 WeightedSourceKnownScan 1 248.11 31.63% 498.68 18.62% 11.70 None 57.58 7.34% 97.65 3.65% 22.65 Source have the best throughput Most of the improvement comes from Cond Evangelista’s provisos outperforms Source 1 [Evangelista and Pajault, 2010] E. Renault Deconstructing Evangelista’s proviso Tuesday, October 18th 9 / 17

  28. Provisos Based on Destination Expansion Proposed by Nalumasu and Gopalakrishnan [2002] in a narrower context Source Dest Systematically expands the source of a backegde E. Renault Destination Expansion Based Provisos Tuesday, October 18th 10 / 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Liveness Checking as Safety Checking to Find Shortest Counterexamples to Linear Time Properties

Liveness Checking as Safety Checking to Find Shortest Counterexamples to Linear Time Properties

Liveness Checking as Safety Checking to Find Shortest Counterexamples to Linear Time Properties Viktor Schuppan Computer Systems Institute, ETH Z urich http://www.inf.ethz.ch/schuppan/ Defense Thesis ETH 16268 September 28, 2005, Z

382 views • 19 slides
Type checking liveness properties of mobile processes Maxime Gamboni 1 Instituto de

Type checking liveness properties of mobile processes Maxime Gamboni 1 Instituto de

Type checking liveness properties of mobile processes Maxime Gamboni 1 Instituto de Telecomunica c oes, Instituto Superior T ecnico October 30, 2008 1 Joint work with Ant onio Ravara Motivation TyPiCal Receptiveness,

983 views • 59 slides
Liveness Checking as Safety Checking FMICS, July 12 13, Malaga, Spain Armin Biere, Cyrille

Liveness Checking as Safety Checking FMICS, July 12 13, Malaga, Spain Armin Biere, Cyrille

Liveness Checking as Safety Checking FMICS, July 12 13, Malaga, Spain Armin Biere, Cyrille Artho, Viktor Schuppan http://www.inf.ethz.ch/schuppan/ Safety vs. Liveness 1 Safety Liveness Something bad will not Something good will

480 views • 31 slides
On proving liveness properties of programs Alexey Gotsman University of Cambridge joint work

On proving liveness properties of programs Alexey Gotsman University of Cambridge joint work

On proving liveness properties of programs Alexey Gotsman University of Cambridge joint work with Byron Cook, Andreas Podelski, and Andrey Rybalchenko BCTCS06, 6 April 2006 State-of-the-art Systems Model checking Abstraction Properties

484 views • 13 slides
Liveness Checking as Safety Checking for Infinite State Spaces Viktor Schuppan 1 , Armin Biere 2 1

Liveness Checking as Safety Checking for Infinite State Spaces Viktor Schuppan 1 , Armin Biere 2 1

Liveness Checking as Safety Checking for Infinite State Spaces Viktor Schuppan 1 , Armin Biere 2 1 Computer Systems Institute, ETH Z urich 2 Institute for Formal Models and Verification, JKU Linz http://www.inf.ethz.ch/schuppan/

1.23k views • 18 slides
COMP31212: Concurrency Topic 5.3: Liveness and Topic 5.4 Fairness Topic 5.3: Liveness Properties

COMP31212: Concurrency Topic 5.3: Liveness and Topic 5.4 Fairness Topic 5.3: Liveness Properties

Topic 5.3: Liveness Properties Topic 5.4: Fairness and Starvation COMP31212: Concurrency Topic 5.3: Liveness and Topic 5.4 Fairness Topic 5.3: Liveness Properties Topic 5.4: Fairness and Starvation Outline Topic 5.3: Liveness Properties

509 views • 34 slides
Generalized Counterexamples to Liveness Properties Gadi Aleksandrowicz Jason Baumgartner

Generalized Counterexamples to Liveness Properties Gadi Aleksandrowicz Jason Baumgartner

Generalized Counterexamples to Liveness Properties Gadi Aleksandrowicz Jason Baumgartner Alexander Ivrii Ziv Nevo IBM Outline Generalized counterexamples to liveness and why they are especially interesting How to detect that a

135 views • 12 slides
Categorical Liveness Checking by Corecursive Algebras Natsuki Urabe, Masaki Hara &

Categorical Liveness Checking by Corecursive Algebras Natsuki Urabe, Masaki Hara &

Categorical Liveness Checking by Corecursive Algebras Natsuki Urabe, Masaki Hara & Ichiro Hasuo June 20, 2017 Natsuki Urabe (U. Tokyo) 1 / 29 Motivation ranking function nondeterministic system Natsuki Urabe (U.

1.01k views • 68 slides
Efficiently completing partial configurations Toward automatically learned search heuristics for

Efficiently completing partial configurations Toward automatically learned search heuristics for

Efficiently completing partial configurations Toward automatically learned search heuristics for CSP-encoded configuration problems Results from an initial experimental analysis Dietmar Jannach TU Dortmund, Germany 1

492 views • 20 slides
Checking Graph Properties with GP Chris Poskitt (cmp501@cs.york.ac.uk) The University of York

Checking Graph Properties with GP Chris Poskitt (cmp501@cs.york.ac.uk) The University of York

Checking Graph Properties with GP Checking Graph Properties with GP Chris Poskitt (cmp501@cs.york.ac.uk) The University of York PLASMA Seminar: 5th March 2009 Checking Graph Properties with GP Motivation Todays Talk 1. Motivation 2. GP

874 views • 52 slides
Ch. 10 Avoiding Liveness Hazards J ESPER P EDERSEN N OTANDER Liveness and Safety A liveness

Ch. 10 Avoiding Liveness Hazards J ESPER P EDERSEN N OTANDER Liveness and Safety A liveness

Ch. 10 Avoiding Liveness Hazards J ESPER P EDERSEN N OTANDER Liveness and Safety A liveness property, something good eventually happens. e.g. program termination. A safety property, something bad never happens. e.g.

338 views • 16 slides
Heuristics for Planning under Partial Observability with Sensing Actions Shlomi Maliah Guy Shani

Heuristics for Planning under Partial Observability with Sensing Actions Shlomi Maliah Guy Shani

Motivation Landmarks for PPOS The Heuristic Contingent Planner Empirical Evaluation Heuristics for Planning under Partial Observability with Sensing Actions Shlomi Maliah Guy Shani Ronen Brafman Erez Karpas ICAPS 2013 Workshop on Heuristic

685 views • 30 slides
Ensuring Liveness Properties of Distributed Systems (A Research Agenda) Rob van Glabbeek

Ensuring Liveness Properties of Distributed Systems (A Research Agenda) Rob van Glabbeek

Ensuring Liveness Properties of Distributed Systems (A Research Agenda) Rob van Glabbeek Data61, CSIRO, Sydney, Australia University of New South Wales, Sydney, Australia September 2016 Distributed Systems systems consisting of multiple

878 views • 29 slides
Dynamic Partial-Order Reduction for Model Checking Software Cormac Flanagan Patrice Godefroid

Dynamic Partial-Order Reduction for Model Checking Software Cormac Flanagan Patrice Godefroid

Dynamic Partial-Order Reduction for Model Checking Software Cormac Flanagan Patrice Godefroid UC Santa Cruz Bell Labs Presented by: Ulrich Mller Model Checking Given a multithreaded program Wed like to check for deadlocks and

462 views • 17 slides
Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole Model Checking C Model checking: normally applied to formal state transition systems checks safety and

439 views • 17 slides
Towards efficient model checking for variants of ATL under different semantics Wojciech Penczek

Towards efficient model checking for variants of ATL under different semantics Wojciech Penczek

Specification of Strategic Abilities in ATL* Model checking Multi-Valued ATL* Partial order reductions for sATL* Simpler strategies for Timed ATL Conclusions Towards efficient model checking for variants of ATL under different semantics

1.1k views • 88 slides
Permutative Conversions in Generalised Multiary -calculus Jos e Esp rito Santo and Lu

Permutative Conversions in Generalised Multiary -calculus Jos e Esp rito Santo and Lu

Permutative Conversions in Generalised Multiary -calculus Jos e Esp rito Santo and Lu s Pinto jes,luis @math.uminho.pt. Departamento de Matem atica, Universidade do Minho Braga, Portugal First APPSEM-II Workshop

831 views • 8 slides
Multi-Core Partial-Order Reduction for LTL Model Checking Alfons Laarman alfons@laarman.com

Multi-Core Partial-Order Reduction for LTL Model Checking Alfons Laarman alfons@laarman.com

MC-MC POR LTL MC-POR Conclusions Multi-Core Partial-Order Reduction for LTL Model Checking Alfons Laarman alfons@laarman.com joint work with Anton Wijs (Eindhoven University of Technology) Formal Methods in Systems Engineering Vienna

749 views • 45 slides
Living with Kind # Improving the Usability of Numeric Types in Bluespec SystemVerilog Joe Stoy

Living with Kind # Improving the Usability of Numeric Types in Bluespec SystemVerilog Joe Stoy

Living with Kind # Improving the Usability of Numeric Types in Bluespec SystemVerilog Joe Stoy Work by Ravi Nanavati and Lennart Augustsson DCC 2010 March, 2010 What is Bluespec SystemVerilog? Bluespec SystemVerilog (BSV) is a high-level,

243 views • 21 slides
Acyclicity, Simple Connectivity and Covers of Hypergraphs Julian Bitterlich

Acyclicity, Simple Connectivity and Covers of Hypergraphs Julian Bitterlich

Motivation and Proviso Graphs Hypergraphs Final result/Summary Acyclicity, Simple Connectivity and Covers of Hypergraphs Julian Bitterlich bitterlich@mathematik.tu-darmstadt.de Fachbereich Mathematik TU-Darmstadt May 4, 2017 Motivation

543 views • 19 slides
Alternation as An Algorithmic Construct Moshe Y. Vardi Rice University Special Programme on

Alternation as An Algorithmic Construct Moshe Y. Vardi Rice University Special Programme on

Alternation as An Algorithmic Construct Moshe Y. Vardi Rice University Special Programme on Logic and Algorithms Newton Institute for Mathematical Sciences Complexity Theory Key CS Question , 1930s: What can be mechanized? Next Question ,

487 views • 34 slides
Proofs that, proofs why, and the analysis of paradoxes To Gerhard, on your 60th birthday Peter

Proofs that, proofs why, and the analysis of paradoxes To Gerhard, on your 60th birthday Peter

Proofs that, proofs why, and the analysis of paradoxes To Gerhard, on your 60th birthday Peter Schroeder-Heister Universit at T ubingen J agerfest Bern, 13.12.2013 p. 1 Russells antinomy in naive set theory Extend natural

688 views • 41 slides
a provocation Verizon Wireless may use the addresses of websites you visit (including search

a provocation Verizon Wireless may use the addresses of websites you visit (including search

a provocation Verizon Wireless may use the addresses of websites you visit (including search terms), the location of your device, your use of applications and features, data and calling features, device type, and demographic

83 views • 6 slides
Pro Vs. Con Debate on Prescribing Pro: Maxim Eckmann, MD Con: Ameet Nagpal, MD Moderator: Miles

Pro Vs. Con Debate on Prescribing Pro: Maxim Eckmann, MD Con: Ameet Nagpal, MD Moderator: Miles

Pro Vs. Con Debate on Prescribing Pro: Maxim Eckmann, MD Con: Ameet Nagpal, MD Moderator: Miles Day, MD Disclaimer We will passionately debate our stances but they do not necessarily reflect our own viewpoints Case A 28-year-old

172 views • 16 slides

More recommend