Download
1 / 15
150 likes | 306 Views
Partial Order Reduction Assisted Parallel Model-Checking. Robert Palmer – Ganesh Gopalakrishnan School of Computing University of Utah. Utah Verifier Group. Parallel Distributed Model Checking Partial Order Reduction Random Walk Test Model Checking Memory Consistency Models
E N D
Partial Order Reduction Assisted Parallel Model-Checking Robert Palmer – Ganesh Gopalakrishnan School of Computing University of Utah
Utah Verifier Group • Parallel Distributed Model Checking • Partial Order Reduction • Random Walk • Test Model Checking • Memory Consistency Models • Verification using LSC • Theorem Prover Development
The Twophase Algorithm • A Partial Order Reduction Algorithm for CTL*-X. • Nested DFS based Implementation checks LTL-X properties • Sequential algorithm discovered by Dr. Ratan Nalumasu (1996) • Recent work uncovered parallel distributed advantages.
Review of Twophase • The algorithm computes ample sets similarly to SPIN with two (2) differences: • Singleton Ample Sets (i.e., |ample(s)| = 1) • Alternative fulfillment of the “in-stack check” or reduction proviso
Singleton Ample Sets • A set of transitions that are: • Invisible • Independent • The number of enabled transitions must be one (1).
Alternative “in-stack check” • Place the Phase-1 states in a list. • After making a transition, check that the successor state is not contained in the list. • Return to the revisited state before moving the next process.
Phase-1 Phase-1(in) local old-s, s, list; s := in; list := {s}; for each process Pi do while(SAS-I(Pi,s)) old-s := s; s := (t(old-s)); if s ∉ list list := list + {s}; else break out of while loop end if … Phase-1: Execute transitionsthat form a singletonample set for eachprocess.
Phase-1 Phase-1(in) local old-s, s, list; s := in; list := {s}; for each process Pi do while(SAS-I(Pi,s)) old-s := s; s := (t(old-s)); if s ∉ list list := list + {s}; else break out of while loop end if … SAS-I(Pi,s): Invisible ∧ Independent ∧ |enabled(Pi,s)| == 1
Phase-1 Phase-1(in) local old-s, s, list; s := in; list := {s}; for each process Pi do while(SAS-I(Pi,s)) old-s := s; s := (t(old-s)); if s ∉ list list := list + {s}; else break out of while loop end if … List: Solves the ignoringproblem by moving tothe next process whena successor state isfound in the list.
Parallel Twophase Algorithm local list, s, queue, I i = owner(s) enqueue[i](s) while search not complete s = dequeue() for each enabled transition t if t(s) ∉ Vr (list, s’) := Phase-1(t(s)) Vr := Vr + states in list i = owner(t(s’)) enqueue[i](t(s’)) end if end for each end while Phase-1: Performed locally. The list is never passedto another process.
Parallel Twophase Algorithm local list, s, queue, I i = owner(s) enqueue[i](s) while search not complete s = dequeue() for each enabled transition t if t(s) ∉ Vr (list, s’) := Phase-1(t(s)) Vr := Vr + states in list i = owner(t(s’)) enqueue[i](t(s’)) end if end for each end while Message Passing: Only states thatcannot form a singletonample set are distributedamong the network nodes.
Benefits • Reduction is executed with no communication. • The algorithm does not require access to a global search stack to insure no transition gets ignored. • Only states that cannot form a singleton ample set are communicated.
Availability • Latest Release: http://www.cs.utah.edu/formal_verification/software • Contact Information: Robert Palmer: rpalmer@cs.utah.edu Ganesh Gopalakrishnan: ganesh@cs.utah.edu
