Results 1  10
of
25
Detecting Causal Relationships in Distributed Computations: In Search of the Holy Grail
 In search of the holy grail. Distributed Computing
, 1994
"... : The paper shows that characterizing the causal relationship between significant events is an important but nontrivial aspect for understanding the behavior of distributed programs. An introduction to the notion of causality and its relation to logical time is given; some fundamental results conce ..."
Abstract

Cited by 203 (4 self)
 Add to MetaCart
: The paper shows that characterizing the causal relationship between significant events is an important but nontrivial aspect for understanding the behavior of distributed programs. An introduction to the notion of causality and its relation to logical time is given; some fundamental results concerning the characterization of causality are presented. Recent work on the detection of causal relationships in distributed computations is surveyed. The issue of observing distributed computations in a causally consistent way and the basic problems of detecting global predicates are discussed. To illustrate the major difficulties, some typical monitoring and debugging approaches are assessed, and it is demonstrated how their feasibility is severely limited by the fundamental problem to master the complexity of causal relationships. Keywords: Distributed Computation, Causality, Distributed System, Causal Ordering, Logical Time, Vector Time, Global Predicate Detection, Distributed Debugging, ...
Combining Partial Order Reductions with Onthefly Modelchecking
, 1994
"... Abstract Partial order modelchecking is an approach to reduce time and memory in modelchecking concurrent programs. Onthefly modelchecking is a technique to eliminate part of the search by intersecting an automaton representing the (negation of the) checked property with the state space during i ..."
Abstract

Cited by 191 (14 self)
 Add to MetaCart
Abstract Partial order modelchecking is an approach to reduce time and memory in modelchecking concurrent programs. Onthefly modelchecking is a technique to eliminate part of the search by intersecting an automaton representing the (negation of the) checked property with the state space during its generation. We prove conditions under which these two methods can be combined in order to gain reduction from both methods. An extension of the modelchecker SPIN, which implements this combination, is studied, showing substantial reduction over traditional search, not only in the number of reachable states, but directly in the amount of memory and time used. We also describe how to apply partialorder modelchecking under given fairness assumptions.
All from one, one for all: on model checking using representatives
 LNCS
, 1993
"... Checking that a given finite state program satisfies a linear temporal logic property is suffering in many cases from a severe space and time explosion. One way to cope with this is to reduce the state graph used for model checking. We define an equivalence relation between infinite sequences, based ..."
Abstract

Cited by 150 (6 self)
 Add to MetaCart
Checking that a given finite state program satisfies a linear temporal logic property is suffering in many cases from a severe space and time explosion. One way to cope with this is to reduce the state graph used for model checking. We define an equivalence relation between infinite sequences, based on infinite traces such that for each equivalence class, either all or none of the sequences satisfy the checked formula. We present an algorithm for constructing a state graph that contains at least one representative sequence for each equivalence class. This allows applying existing model checking algorithms to the reduced state graph rather than on the larger full state graph of the program. It also allows model checking under fairness assumptions, and exploits these assumptions to obtain smaller state graphs. A formula rewriting technique is presented to allow coarser equivalence relation among sequences, such that less representatives are needed. 1
Threadmodular model checking
 In SPIN
, 2003
"... SRC’s charter is to advance the state of the art in computer systems by doing basic and applied research in support of our company’s business objectives. Our interests and projects span scalable systems (including hardware, networking, distributed systems, and programminglanguage technology), the I ..."
Abstract

Cited by 69 (7 self)
 Add to MetaCart
SRC’s charter is to advance the state of the art in computer systems by doing basic and applied research in support of our company’s business objectives. Our interests and projects span scalable systems (including hardware, networking, distributed systems, and programminglanguage technology), the Internet (including the Web, ecommerce, and information retrieval), and human/computer interaction (including userinterface technology, computerbased appliances, and mobile computing). SRC was established in 1984 by Digital Equipment Corporation. We test the value of our ideas by building hardware and software prototypes and assessing their utility in realistic settings. Interesting systems are too complex to be evaluated solely in the abstract; practical use enables us to investigate their properties in depth. This experience is useful in the short term in refining our designs and invaluable in the long term in advancing our knowledge. Most of the major advances in information systems have come through this approach, including personal computing, distributed systems, and the Internet. We also perform complementary work of a more mathematical character. Some
A Partial Order Approach to Branching Time Logic Model Checking
 Information and Computation
, 1994
"... Partial order techniques enable reducing the size of the state graph used for model checking, thus alleviating the `state space explosion' problem. These reductions are based on selecting a subset of the enabled operations from each program state. So far, these methods have been studied, implemented ..."
Abstract

Cited by 55 (14 self)
 Add to MetaCart
Partial order techniques enable reducing the size of the state graph used for model checking, thus alleviating the `state space explosion' problem. These reductions are based on selecting a subset of the enabled operations from each program state. So far, these methods have been studied, implemented and demonstrated for assertional languages that model the executions of a program as computation sequences, in particular the logic LTL (linear temporal logic). The present paper shows, for the first time, how this approach can be applied to languages that model the behavior of a program as a tree. We study here partial order reductions for branching temporal logics, e.g., the logics CTL and CTL (all logics with the nexttime operator removed) and process algebras such as CCS. Conditions on the subset of successors from each node to guarantee reduction that preserves CTL properties are given. Provided experimental results show that the reduction is substantial. 1 Introduction Partial ord...
SelfStabilizing Distributed Constraint Satisfaction
, 1991
"... Distributed architectures and solutions are described for classes of constraint satisfaction problems, called network consistency problems. An inherent assumption of these architectures is that the communication network mimics the structure of the constraint problem. The solutions are required to be ..."
Abstract

Cited by 37 (3 self)
 Add to MetaCart
Distributed architectures and solutions are described for classes of constraint satisfaction problems, called network consistency problems. An inherent assumption of these architectures is that the communication network mimics the structure of the constraint problem. The solutions are required to be selfstabilizing and to treat arbitrary networks, which makes them suitable for dynamic or errorprone environments. We first show that even for relatively simple constraint networks, such as rings, there is no selfstabilizing solution that guarantees convergence from every initial state of the system using a completely uniform, asynchronous model (where all processors are identical). An almostuniform, asynchronous, network consistency protocol with one specially designated node is shown and proven correct. We also show that some restricted topologies such as trees can accommodate the uniform, asynchronous model when neighboring nodes cannot take simultaneous steps. 1 Introduction Consid...
Verifying Sequential Consistency on SharedMemory Multiprocessors by Model Checking
, 2001
"... The memory model of a sharedmemory multiprocessor is a contract between the designer and programmer of the multiprocessor. The sequential consistency memory model specifies a total order among the memory (read and write) events performed at each processor. A trace of a memory system satisfies seque ..."
Abstract

Cited by 22 (1 self)
 Add to MetaCart
The memory model of a sharedmemory multiprocessor is a contract between the designer and programmer of the multiprocessor. The sequential consistency memory model specifies a total order among the memory (read and write) events performed at each processor. A trace of a memory system satisfies sequential consistency if there exists a total order of all memory events in the trace that is both consistent with the total order at each processor and has the property that every read event to a location returns the value of the last write to that location. Descriptions of sharedmemory systems are typically parameterized by the number of processors, the number of memory locations, and the number of data values. It has been shown that even for finite parameter values, verifying sequential consistency on general sharedmemory systems is undecidable. We observe that, in practice, sharedmemory systems satisfy the properties of causality and data independence. Causality is the property that values of read events flow from values of write events. Data independence is the property that all traces can be generated by renaming data values from traces where the written values are distinct from each other. If a causal and data independent system also has the property that the logical order of write events to each location is identical to their temporal order, then sequential consistency can be verified algorithmically. Specifically, we present a model checking algorithm to verify sequential consistency on such systems for a finite number of processors and memory locations and an arbitrary number of data values. 1
Using partialorder methods in the formal validation of industrial concurrent programs
 IEEE Transactions on Software Engineering
, 1996
"... Copyright © 1996 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
Copyright © 1996 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
On the Costs and Benefits of using PartialOrder Methods for the Verification of Concurrent Systems
 Proceedings of DIMACS Workshop on PartialOrder Methods in Verification
, 1997
"... Verification by statespace exploration is one of the most successful strategies for analyzing the correctness of finitestate concurrent reactive systems. Partialorder methods are algorithms for dynamically pruning the state space of such systems without incurring the risk of any incompleteness in ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
Verification by statespace exploration is one of the most successful strategies for analyzing the correctness of finitestate concurrent reactive systems. Partialorder methods are algorithms for dynamically pruning the state space of such systems without incurring the risk of any incompleteness in the verification results. This paper presents results of experiments performed with these algorithms on real protocol examples, and discusses the practical significance of partialorder methods. 1. Introduction Statespace exploration is one of the most successful strategies for checking the correctness of finitestate concurrent reactive systems. It consists in exploring a global state graph, called the state space, representing the combined behavior of all concurrent components in the system. Many different types of properties of a system can be checked by exploring its state space: deadlocks, dead code, unspecified receptions, violations of userspecified assertions, etc. Moreo...
Improving Spin’s PartialOrder Reduction for BreadthFirst Search, Model Checking
 Software: 12th International SPIN Workshop, SPIN 2005, LNCS 3639
, 2005
"... Abstract. We describe an improvement of the partialorder reduction algorithm for breadthfirst search which was introduced in Spin version 4.0. Our improvement is based on the algorithm by Alur et al. for symbolic state model checking for local safety properties [1]. The crux of the improvement is ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
Abstract. We describe an improvement of the partialorder reduction algorithm for breadthfirst search which was introduced in Spin version 4.0. Our improvement is based on the algorithm by Alur et al. for symbolic state model checking for local safety properties [1]. The crux of the improvement is an optimization in the context of explicit state model checking of the condition that prevents action ignoring, also known as the cycle proviso. There is an interesting duality between the cycle provisos for the breadthfirst search (BFS) and depth first search (DFS) exploration of the state space, which is reflected in the role of the BFS queue and the DFS stack, respectively. The improved version of the algorithm is supported in the current version of Spin and can be shown to perform significantly better than the initial version.