Partial Order Reduction Assisted Parallel Model-Checking
150 likes | 318 Vues
Partial Order Reduction Assisted Parallel Model-Checking. Robert Palmer – Ganesh Gopalakrishnan School of Computing University of Utah. Utah Verifier Group. Parallel Distributed Model Checking Partial Order Reduction Random Walk Test Model Checking Memory Consistency Models
Partial Order Reduction Assisted Parallel Model-Checking
E N D
Presentation Transcript
Partial Order Reduction Assisted Parallel Model-Checking Robert Palmer – Ganesh Gopalakrishnan School of Computing University of Utah
Utah Verifier Group • Parallel Distributed Model Checking • Partial Order Reduction • Random Walk • Test Model Checking • Memory Consistency Models • Verification using LSC • Theorem Prover Development
The Twophase Algorithm • A Partial Order Reduction Algorithm for CTL*-X. • Nested DFS based Implementation checks LTL-X properties • Sequential algorithm discovered by Dr. Ratan Nalumasu (1996) • Recent work uncovered parallel distributed advantages.
Review of Twophase • The algorithm computes ample sets similarly to SPIN with two (2) differences: • Singleton Ample Sets (i.e., |ample(s)| = 1) • Alternative fulfillment of the “in-stack check” or reduction proviso
Singleton Ample Sets • A set of transitions that are: • Invisible • Independent • The number of enabled transitions must be one (1).
Alternative “in-stack check” • Place the Phase-1 states in a list. • After making a transition, check that the successor state is not contained in the list. • Return to the revisited state before moving the next process.
Phase-1 Phase-1(in) local old-s, s, list; s := in; list := {s}; for each process Pi do while(SAS-I(Pi,s)) old-s := s; s := (t(old-s)); if s ∉ list list := list + {s}; else break out of while loop end if … Phase-1: Execute transitionsthat form a singletonample set for eachprocess.
Phase-1 Phase-1(in) local old-s, s, list; s := in; list := {s}; for each process Pi do while(SAS-I(Pi,s)) old-s := s; s := (t(old-s)); if s ∉ list list := list + {s}; else break out of while loop end if … SAS-I(Pi,s): Invisible ∧ Independent ∧ |enabled(Pi,s)| == 1
Phase-1 Phase-1(in) local old-s, s, list; s := in; list := {s}; for each process Pi do while(SAS-I(Pi,s)) old-s := s; s := (t(old-s)); if s ∉ list list := list + {s}; else break out of while loop end if … List: Solves the ignoringproblem by moving tothe next process whena successor state isfound in the list.
Parallel Twophase Algorithm local list, s, queue, I i = owner(s) enqueue[i](s) while search not complete s = dequeue() for each enabled transition t if t(s) ∉ Vr (list, s’) := Phase-1(t(s)) Vr := Vr + states in list i = owner(t(s’)) enqueue[i](t(s’)) end if end for each end while Phase-1: Performed locally. The list is never passedto another process.
Parallel Twophase Algorithm local list, s, queue, I i = owner(s) enqueue[i](s) while search not complete s = dequeue() for each enabled transition t if t(s) ∉ Vr (list, s’) := Phase-1(t(s)) Vr := Vr + states in list i = owner(t(s’)) enqueue[i](t(s’)) end if end for each end while Message Passing: Only states thatcannot form a singletonample set are distributedamong the network nodes.
Benefits • Reduction is executed with no communication. • The algorithm does not require access to a global search stack to insure no transition gets ignored. • Only states that cannot form a singleton ample set are communicated.
Availability • Latest Release: http://www.cs.utah.edu/formal_verification/software • Contact Information: Robert Palmer: rpalmer@cs.utah.edu Ganesh Gopalakrishnan: ganesh@cs.utah.edu
