120 likes | 485 Views
Bit-State Space Exploration It’s a variation on reachability analysis The reachability analysis: Keeps track of the already explored states Performs full state space search Most implementations use Hashing to quickly access an element on the table of already explored states
E N D
Bit-State Space Exploration • It’s a variation on reachability analysis • The reachability analysis: • Keeps track of the already explored states • Performs full state space search • Most implementations use Hashing to quickly access an element on the table of already explored states
Bit-State Space Exploration • Hashing function • Given a hash space table of H slots • and a Hashing function h(s) for A states • h(s) points a slot in the hash table without the need to search for the states in the whole table h(s)
Bit-State Space Exploration • In case of collision • the use of a linked list is a common option • To minimize collision, two hashing functions are used. S1 S2 S3 h(s)
Bit-State Space Exploration • Say we have two states s1 and s2. • With only one hash function, these are the possibilities: h(s1) = x and h(s2) = x or h(s1) = x and h(s2) = y
Bit-State Space Exploration • Say now we use two hashing functions h1 and h2. • The four possibilities are: h1(s1)=x , h1(s2)=x , h2(s1)=v , h2(s2)=w h1(s1)=x , h1(s2)=x , h2(s1)=v , h2(s2)=v h1(s1)=x , h1(s2)=y , h2(s1)=v , h2(s2)=w h1(s1)=x , h1(s2)=y , h2(s1)=v , h2(s2)=v • Only the green shaded row causes collision. We have thus reduced collision risk.
Bit-State Space Exploration • Memory space analysis • Hash table size (H) • Pointer size (B) • Hash table will occupy HxB bytes • State data will use (S+B)xA bytes • Total memory: HxB + (S+B)xA • Example • H = 1,000,000, B=4 Table size = 4Mb • S and A depend on the specification under test next pointer state data size
Bit-State Space Exploration • Workaround: Bit-state space exploration • By using a depth search algorithm, there is no need any more for storing the visited states, so: • M = HxB + (S+B)xA M = H, or H/8, • where M is the total amount of memory used for the hash table. • Constraints • Collision avoidance is a matter of probability of occurrence • has to use depth search algorithm • only goes until maximum depth is reached Because one state now can be represented by only one bit: reached (1), or not (0)
Bit-State Space Exploration • Example 2: (Even better than previous) • if M = 1,000,000, H=8,000,000 • previous example: 4Mb = 106 states only for the hashing table • this example: 4Mb = 32x 106 states, and no need for extra storage for the states data
Bit-state Space exploration • How it works • Storing the state data in a stack as it goes… • Go until any of the following conditions... G.S.1 Depth-first G.S.1.1 G.S.1.2 G.S.1.3 G.S.1.1.1 G.S.1.1.2 G.S.1.1.3 G.S. = Global State
Bit-state Space exploration a) b) No new state or possible action Simply backtrack in the stack G.S.i G.S.i No new state or possible action backtrack and go the next on the right G.S.j (already visited) G.S.k
Bit-state Space exploration Maximum depth Simply backtrack G.S.i c) d) Problem encountered: • e.g. Unspecified reception, or deadlock • reads the whole stack, creates an MSC • adds a report to the list of reports with the MSC • backtrack and go again. Rem: For each new visited state (hash table bit = 0), sets the hash table to 1.
Bit-state Space exploration • In the TAU Validator Bit-State space exploration tool, the results are like: • No of reports: No of reports generated • Generated states: No of global states generated • Truncated paths: No of states cut by the maximum depth constraint • Unique system states: No of unique global states from the generated ones • Size of hash table: The size of the hash table (H) • No of bits set in hash table: No of bits in the hash table set to 1 (visited) • Collision risk: the risk of having two states colliding in the same slot • Max Depth: the maximum depth set for this bit-state exploration • Current depth: the depth after the execution (should be -1 if went ok) • Min state size and Max state size: (limit sizes of states, used by h(s)) • Symbol coverage: The percentage of the SDL symbols covered