## Bloom Filters in Probabilistic Verification (2004)

### Cached

### Download Links

- [www-static.cc.gatech.edu]
- [www.cc.gatech.edu]
- [www.ccs.neu.edu]
- DBLP

### Other Repositories/Bibliography

Venue: | In Proceedings of the 5th International Conference on Formal Methods in Computer-Aided Design (FMCAD |

Citations: | 10 - 2 self |

### BibTeX

@INPROCEEDINGS{Dillinger04bloomfilters,

author = {Peter C. Dillinger and Panagiotis Manolios},

title = {Bloom Filters in Probabilistic Verification},

booktitle = {In Proceedings of the 5th International Conference on Formal Methods in Computer-Aided Design (FMCAD},

year = {2004},

pages = {367--381},

publisher = {Springer-Verlag}

}

### Years of Citing Articles

### OpenURL

### Abstract

### Citations

1460 | Space/Time Trade-Offs in Hash Coding with Allowable Errors
- Bloom
- 1970
(Show Context)
Citation Context ...arch. Virtually all of the proposed probabilistic verification approaches utilize one of two data structures: a Bloom filter [14] or a compacted hash table [18]. The Bloom filter, dating back to 1970 =-=[1]-=-, is the data structure underlying “supertrace” [12], “multihashing” [21], and “bitstate hashing” [13]. Compacted hash tables are utilized by “hashcompact” [21] and the first version of “hash compacti... |

767 |
Design and Validation of Computer Protocols
- Holzmann
- 1991
(Show Context)
Citation Context ...erification approaches utilize one of two data structures: a Bloom filter [14] or a compacted hash table [18]. The Bloom filter, dating back to 1970 [1], is the data structure underlying “supertrace” =-=[12]-=-, “multihashing” [21], and “bitstate hashing” [13]. Compacted hash tables are utilized by “hashcompact” [21] and the first version of “hash compaction” [18], but the technique was not perfected until ... |

696 |
The art of computer programming., volume 3: Sorting and searching
- Knuth
- 1974
(Show Context)
Citation Context ... techniques for Bloom filters employ two and three indices (respectively) to derive all k index values [5]. Double hashing is a well-known method of collision resolution in open-addressed hash tables =-=[4, 15, 10]-=-, but we were the first to apply the concept to Bloom filters. These approaches are easy to understand simply by looking at pseudocode: Algorithm 1 This algorithm computes index values for a Bloom fil... |

687 | Summary cache: a scalable wide-area web cache sharing protocol
- Fan, Cao, et al.
(Show Context)
Citation Context ... where ln is loge . One can show that this last formula is an upper approximation.s3 Bloom Filters in Verification Bloom Filters in Probabilistic Verification 5 Although perfect for some applications =-=[16, 8]-=-, the false positive rate is insufficient as a metric for evaluating the accuracy of Bloom filters in probabilistic explicit-state model checking. More appropriate metrics are based on the number of s... |

463 | model checking programs
- Visser, Havelund, et al.
(Show Context)
Citation Context ...ion Despite its simplicity, explicit-state model checking has proved to be an effective verification technique and has led to numerous tools, including SPIN [14], Murϕ [18], TLC [23], Java PathFinder =-=[20]-=-, etc. The state explosion problem is especially acute in explicit-state model checking because the amount of memory required depends linearly on the number of reachable states, which is often too lar... |

441 |
The SPIN Model Checker: Primer and Reference Manual
- Holzmann
- 2004
(Show Context)
Citation Context ...er operation, whereas using fingerprinting requires about 80 units. This is a very significant difference, as hash function computation tends to dominate the time cost of probabilistic model checking =-=[14]-=-. In order to quantify the accuracy impact of fingerprinting, we describe how its operation impacts how Bloom filters can omit states from models. Definition 3 A fingerprint collision is a state that ... |

345 | Network Applications of Bloom Filters: A Survey
- Broder, Mitzenmacher, et al.
- 2002
(Show Context)
Citation Context ...was not added to the Bloom filter, but all k queried bits are 1 (due to other additions). We now analyze the probability of a single query of an unadded element returning a false positive (taken from =-=[2]-=-). Note that if p is the probability that a random bit of the Bloom filter is 1, then the probability of a false positive is p k , the probability that all k index functions map to a 1. If we let i be... |

197 | Compressed bloom filters
- Mitzenmacher
- 2002
(Show Context)
Citation Context ... where ln is loge . One can show that this last formula is an upper approximation.s3 Bloom Filters in Verification Bloom Filters in Probabilistic Verification 5 Although perfect for some applications =-=[16, 8]-=-, the false positive rate is insufficient as a metric for evaluating the accuracy of Bloom filters in probabilistic explicit-state model checking. More appropriate metrics are based on the number of s... |

185 | Better verification through symmetry
- Ip, Dill
- 1993
(Show Context)
Citation Context ... about to finish from one that will do many times more work than a Bloom filter. Another category of related work is reductions that can play their own role in tackling state explosion. Both symmetry =-=[3, 7, 6]-=- and partial-order reductions [9, 11] are compatible with the probabilistic techniques discussed. 3SPIN preserves SPIN’s partial4 P. C. Dillinger and P. Manolios order compatibility, but we have disa... |

166 | Symmetry and model checking
- Emerson, Sistla
- 1996
(Show Context)
Citation Context ... about to finish from one that will do many times more work than a Bloom filter. Another category of related work is reductions that can play their own role in tackling state explosion. Both symmetry =-=[3, 7, 6]-=- and partial-order reductions [9, 11] are compatible with the probabilistic techniques discussed. 3SPIN preserves SPIN’s partial4 P. C. Dillinger and P. Manolios order compatibility, but we have disa... |

162 |
Handbook of Algorithms and Data Structures
- Gonnet
- 1984
(Show Context)
Citation Context ... techniques for Bloom filters employ two and three indices (respectively) to derive all k index values [5]. Double hashing is a well-known method of collision resolution in open-addressed hash tables =-=[4, 15, 10]-=-, but we were the first to apply the concept to Bloom filters. These approaches are easy to understand simply by looking at pseudocode: Algorithm 1 This algorithm computes index values for a Bloom fil... |

144 |
Exploiting symmetry in temporal logic model checking
- CLARKE, ENDERS, et al.
- 1993
(Show Context)
Citation Context ... about to finish from one that will do many times more work than a Bloom filter. Another category of related work is reductions that can play their own role in tackling state explosion. Both symmetry =-=[3, 7, 6]-=- and partial-order reductions [9, 11] are compatible with the probabilistic techniques discussed. 3SPIN preserves SPIN’s partial4 P. C. Dillinger and P. Manolios order compatibility, but we have disa... |

136 |
Introduction to Algorithms. McGraw-Hill Higher Education
- Cormen, Leiserson, et al.
- 1990
(Show Context)
Citation Context ... techniques for Bloom filters employ two and three indices (respectively) to derive all k index values [5]. Double hashing is a well-known method of collision resolution in open-addressed hash tables =-=[4, 15, 10]-=-, but we were the first to apply the concept to Bloom filters. These approaches are easy to understand simply by looking at pseudocode: Algorithm 1 This algorithm computes index values for a Bloom fil... |

113 | A partial approach to model checking
- Godefroid, Wolper
- 1994
(Show Context)
Citation Context ...many times more work than a Bloom filter. Another category of related work is reductions that can play their own role in tackling state explosion. Both symmetry [3, 7, 6] and partial-order reductions =-=[9, 11]-=- are compatible with the probabilistic techniques discussed. 3SPIN preserves SPIN’s partial4 P. C. Dillinger and P. Manolios order compatibility, but we have disabled it in our tests in order to more... |

82 | An analysis of bitstate hashing
- HOLZMANN
- 1998
(Show Context)
Citation Context ...uctures: a Bloom filter [14] or a compacted hash table [18]. The Bloom filter, dating back to 1970 [1], is the data structure underlying “supertrace” [12], “multihashing” [21], and “bitstate hashing” =-=[13]-=-. Compacted hash tables are utilized by “hashcompact” [21] and the first version of “hash compaction” [18], but the technique was not perfected until [19].s2 P. C. Dillinger and P. Manolios The litera... |

63 | Reliable hashing without collision detection
- Wolper, Leroy
- 1993
(Show Context)
Citation Context ...s utilize one of two data structures: a Bloom filter [14] or a compacted hash table [18]. The Bloom filter, dating back to 1970 [1], is the data structure underlying “supertrace” [12], “multihashing” =-=[21]-=-, and “bitstate hashing” [13]. Compacted hash tables are utilized by “hashcompact” [21] and the first version of “hash compaction” [18], but the technique was not perfected until [19].s2 P. C. Dilling... |

38 | Model Checking TLA+ Specifications
- Yu, Manolios, et al.
- 1999
(Show Context)
Citation Context ...ding SPIN. 1 Introduction Despite its simplicity, explicit-state model checking has proved to be an effective verification technique and has led to numerous tools, including SPIN [14], Murϕ [18], TLC =-=[23]-=-, Java PathFinder [20], etc. The state explosion problem is especially acute in explicit-state model checking because the amount of memory required depends linearly on the number of reachable states, ... |

36 | Improved probabilistic verification by hash compaction
- Stem, Dill
- 1995
(Show Context)
Citation Context ...d by extending SPIN. 1 Introduction Despite its simplicity, explicit-state model checking has proved to be an effective verification technique and has led to numerous tools, including SPIN [14], Murϕ =-=[18]-=-, TLC [23], Java PathFinder [20], etc. The state explosion problem is especially acute in explicit-state model checking because the amount of memory required depends linearly on the number of reachabl... |

21 | A new scheme for memory-efficient probabilistic verification
- Stern, Dill
- 1996
(Show Context)
Citation Context ..., “multihashing” [21], and “bitstate hashing” [13]. Compacted hash tables are utilized by “hashcompact” [21] and the first version of “hash compaction” [18], but the technique was not perfected until =-=[19]-=-.s2 P. C. Dillinger and P. Manolios The literature contains explanations on both sides of the Bloom filter vs. hash compaction debate as to why each data structure is the best. We have found that neit... |

17 | Fast and Accurate Bitstate Verification for SPIN
- Dillinger, Manolios
- 2004
(Show Context)
Citation Context ...s off by a factor of five or more. This last technique usually calls for a Bloom filter with many more hash functions than supertrace’s two, but until our improvements to Bloom filters, introduced in =-=[5]-=-, such configurations were unreasonably slow and not considered a good choice: “In a well-tuned model checker, the run-time requirements of the search depend linearly on [the number of hash functions]... |

7 |
Partial order reduction of the state space
- Holzmann, Peled
- 1995
(Show Context)
Citation Context ...many times more work than a Bloom filter. Another category of related work is reductions that can play their own role in tackling state explosion. Both symmetry [3, 7, 6] and partial-order reductions =-=[9, 11]-=- are compatible with the probabilistic techniques discussed. 3SPIN preserves SPIN’s partial4 P. C. Dillinger and P. Manolios order compatibility, but we have disabled it in our tests in order to more... |

5 |
Exploiting transition locality in the disk based Murphi verifier
- Penna, Intrigila, et al.
- 2002
(Show Context)
Citation Context ...state model checking because the amount of memory required depends linearly on the number of reachable states, which is often too large to enumerate in main memory. Disk can be utilized intelligently =-=[17, 23]-=-, but such algorithms will probably continue to be outperformed by algorithms that take advantage of the fast random access time of main memory. Storing states more compactly in memory, therefore, is ... |

4 | Reliable probabilistic verification using hash compaction
- Wolper, Stern, et al.
(Show Context)
Citation Context .... “[C]omputing 20 hash functions is quite expensive and will substantially slow down the search. Hash compaction is also superior in this regard, requiring only one 96-bit signature to be calculated” =-=[22]-=-. Our improvements, which require only a 2-3 word signature to be computed on the state descriptor, nullify these claims and make the configured Bloom filter technique a good choice for the rough esti... |