Results 1 
7 of
7
Combining Partial Order Reductions with Onthefly Modelchecking
, 1994
"... Abstract Partial order modelchecking is an approach to reduce time and memory in modelchecking concurrent programs. Onthefly modelchecking is a technique to eliminate part of the search by intersecting an automaton representing the (negation of the) checked property with the state space during i ..."
Abstract

Cited by 191 (14 self)
 Add to MetaCart
Abstract Partial order modelchecking is an approach to reduce time and memory in modelchecking concurrent programs. Onthefly modelchecking is a technique to eliminate part of the search by intersecting an automaton representing the (negation of the) checked property with the state space during its generation. We prove conditions under which these two methods can be combined in order to gain reduction from both methods. An extension of the modelchecker SPIN, which implements this combination, is studied, showing substantial reduction over traditional search, not only in the number of reachable states, but directly in the amount of memory and time used. We also describe how to apply partialorder modelchecking under given fairness assumptions.
All from one, one for all: on model checking using representatives
 LNCS
, 1993
"... Checking that a given finite state program satisfies a linear temporal logic property is suffering in many cases from a severe space and time explosion. One way to cope with this is to reduce the state graph used for model checking. We define an equivalence relation between infinite sequences, based ..."
Abstract

Cited by 150 (6 self)
 Add to MetaCart
Checking that a given finite state program satisfies a linear temporal logic property is suffering in many cases from a severe space and time explosion. One way to cope with this is to reduce the state graph used for model checking. We define an equivalence relation between infinite sequences, based on infinite traces such that for each equivalence class, either all or none of the sequences satisfy the checked formula. We present an algorithm for constructing a state graph that contains at least one representative sequence for each equivalence class. This allows applying existing model checking algorithms to the reduced state graph rather than on the larger full state graph of the program. It also allows model checking under fairness assumptions, and exploits these assumptions to obtain smaller state graphs. A formula rewriting technique is presented to allow coarser equivalence relation among sequences, such that less representatives are needed. 1
Relaxed Visibility Enhances Partial Order Reduction
, 2000
"... Statespace explosion is a central problem in the automatic verification (modelchecking) of concurrent systems. Partial order reduction is a method that was developed to try to cope with the statespace explosion. Based on the observation that the order of execution of concurrent (independent) ato ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
Statespace explosion is a central problem in the automatic verification (modelchecking) of concurrent systems. Partial order reduction is a method that was developed to try to cope with the statespace explosion. Based on the observation that the order of execution of concurrent (independent) atomic actions is in many cases unimportant for the checked property, it allows reducing the state space by exploring fewer execution sequences. However, in order to guarantee that the reduced state space preserves the correctness of the checked property, the partial order reductions put constraints about commuting the order of atomic actions that may change the value of propositions appearing in the checked specification. In this paper we relax this constraint, allowing a weaker requirement to be imposed, and thus achieving a better reduction. We demonstrate the benefits of our improved reduction with experimental results.
On Combining the Stubborn Set Method with the Sleep Set Method
 Proceedings of the 15th International Conference on Application and Theory of Petri Nets
, 1994
"... Reachability analysis is a powerful formal method for analysis of concurrent and distributed finite state systems. It suffers from the state space explosion problem, however: the state space of a system can be far too large to be completely generated. This paper considers two promising methods, Valm ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
Reachability analysis is a powerful formal method for analysis of concurrent and distributed finite state systems. It suffers from the state space explosion problem, however: the state space of a system can be far too large to be completely generated. This paper considers two promising methods, Valmari's stubborn set method and Godefroid's sleep set method, to avoid generating all of the state space when searching for undesirable reachable terminal states, also called deadlocks. These methods have been combined by Godefroid, Pirottin, and Wolper to further reduce the number of inspected states. However, the combination presented by them places assumptions on the stubborn sets used. This paper shows that at least in place/transition nets, the stubborn set method can be combined with the sleep set method in such a way that all reachable terminal states are found, without having to place any assumption on the stubborn sets used. This result is shown by showing a more general result which...
Contoz. Full simulation coverage for SystemC transactionlevel models of systemsonachip
 Formal Methods in System Design, 35(Number 2):pages 152–189
"... Abstract. TransactionLevel Models (TLM) are used for the early validation of embedded software. A TL model is a virtual prototype of the hardware part of a SystemonaChip (SoC). When using SystemC for transaction level modeling, the main parallel entities of the hardware platform (processors, DMA ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
Abstract. TransactionLevel Models (TLM) are used for the early validation of embedded software. A TL model is a virtual prototype of the hardware part of a SystemonaChip (SoC). When using SystemC for transaction level modeling, the main parallel entities of the hardware platform (processors, DMAs, bus arbiters, etc.) are modeled by asynchronous processes, which are scheduled at simulation time. The specification of this scheduling mechanism is nondeterministic; the set of all possible schedulings of the parallel activities represents the physical parallelism faithfully. Moreover TL models may contain loose timing annotations (intervals for instance), and the set of all possible values of time in these intervals is also meant to represent the hardware behaviors faithfully. However, any simulation engine is built on a deterministic scheduler, and at runtime will use specific values in the time intervals. This means that only a very small subset of all the possible schedulings and timings are exhibited during simulation. Some bugs may be missed if they are due to some behaviors of the hardware that are represented by other schedulings or timings. For a given finite test scenario, the set of valid schedulings and timings of a model is finite, but far too large to be explored fully. We present a solution to cover the set of schedulings and timings efficiently. Our solution is based on dynamic partial order reduction and constraint solving techniques. It gives a complete scheduling and timing set, which guarantees the detection of all local errors and deadlocks for a fixed test scenario. 1
Path Exploration Tool
 In Proc. of Tools and Algorithms for the Construction and Analysis of Systems (TACAS'99), Amsterdam, The Netherlands, LNCS 1579
, 1999
"... While verification methods are becoming more frequently integrated into software development projects, software testing is still the main method used to search for programming errors. Software testing approaches focus on methods for covering different execution paths of a program, e.g., covering ..."
Abstract
 Add to MetaCart
While verification methods are becoming more frequently integrated into software development projects, software testing is still the main method used to search for programming errors. Software testing approaches focus on methods for covering different execution paths of a program, e.g., covering all the statements, or covering all the possible tests. Such coverage criteria are usually approximated using some addhoc heuristics. We present a tool for testing execution paths in sequential and concurrent programs. The tool, path exploration tool (Pet), visualizes concurrent code as flow graphs, and allows the user to interactively select an (interleaved) execution path. It then calculates and displays the condition to execute such a path, and allows the user to easily modify the selection in order to cover additional related paths. We describe the design and architecture of this tool and suggest various extensions. 1 Introduction Software testing techniques [4] are frequentl...