## Combining Partial Order Reductions with On-the-fly Model-checking (1994)

Citations: | 195 - 14 self |

### BibTeX

@INPROCEEDINGS{Peled94combiningpartial,

author = {Doron Peled},

title = {Combining Partial Order Reductions with On-the-fly Model-checking},

booktitle = {},

year = {1994},

pages = {377--390},

publisher = {Springer-Verlag}

}

### Years of Citing Articles

### OpenURL

### Abstract

Abstract Partial order model-checking is an approach to reduce time and memory in modelchecking concurrent programs. On-the-fly model-checking is a technique to eliminate part of the search by intersecting an automaton representing the (negation of the) checked property with the state space during its generation. We prove conditions under which these two methods can be combined in order to gain reduction from both methods. An extension of the model-checker SPIN, which implements this combination, is studied, showing substantial reduction over traditional search, not only in the number of reachable states, but directly in the amount of memory and time used. We also describe how to apply partial-order model-checking under given fairness assumptions.

### Citations

1239 | Automatic verification of finite-state concurrent systems using temporal logic specifications
- Clarke, Emerson, et al.
- 1986
(Show Context)
Citation Context ...checking algorithm, such as described in [18] can be applied directly to the reduced state space. Model-checking under fairness assumptions is usually more complicated than without such an assumption =-=[18, 3]-=-. However, using partial order reductions, it is easier to explain the reduction principles under one particular fairness assumption. We thus initially employ the following fairness assumption: F if a... |

355 |
On a decision method in restricted second order arithmetic
- Büchi
- 1962
(Show Context)
Citation Context ...scribed here was implemented as an extension to the model-checker SPIN [10]. This is the first implementation of a partial order model-checker with the full power of stuttering closed B"uchi automata =-=[4]-=-. Experiments with various known algorithms and protocols show substantial reductions in space and time. In section 2, some background is given. Section 3 presents an algorithm for constructing reduce... |

272 |
A Stubborn Attack on State Explosion
- Valmari
(Show Context)
Citation Context ...ethod of Katz and Peled [13], the model-checking methods of Valmari [24], and of Godefroid [7] were limited to dealing with safety properties, termination, local and stable properties. Later, Valmari =-=[25]-=- extended his method to handle arbitrary nexttimefree temporal properties. Peled [22] generalized these ideas and showed how to gain more 1sreduction by rewriting the checked formula, and how to apply... |

162 | Stubborn sets for reduced state space generation
- Valmari
- 1991
(Show Context)
Citation Context ...than all of them. Partial order methods were at first restricted to checking a constrainted family of properties: the verification method of Katz and Peled [13], the model-checking methods of Valmari =-=[24]-=-, and of Godefroid [7] were limited to dealing with safety properties, termination, local and stable properties. Later, Valmari [25] extended his method to handle arbitrary nexttimefree temporal prope... |

160 | All from one, one for all: on model checking using representatives
- Peled
- 1993
(Show Context)
Citation Context ...froid [7] were limited to dealing with safety properties, termination, local and stable properties. Later, Valmari [25] extended his method to handle arbitrary nexttimefree temporal properties. Peled =-=[22]-=- generalized these ideas and showed how to gain more 1sreduction by rewriting the checked formula, and how to apply the model-checking under fairness assumptions. We suggest here an algorithm that com... |

148 |
Using Partial Orders to Improve Automatic Verification Methods
- Godefroid
- 1990
(Show Context)
Citation Context ...al order methods were at first restricted to checking a constrainted family of properties: the verification method of Katz and Peled [13], the model-checking methods of Valmari [24], and of Godefroid =-=[7]-=- were limited to dealing with safety properties, termination, local and stable properties. Later, Valmari [25] extended his method to handle arbitrary nexttimefree temporal properties. Peled [22] gene... |

76 | Memory-efficient algorithms for the verification of temporal properties. Formal Methods in System Design, 1:275–288
- Courcoubetis, Vardi, et al.
- 1992
(Show Context)
Citation Context ...wed how to gain more 1sreduction by rewriting the checked formula, and how to apply the model-checking under fairness assumptions. We suggest here an algorithm that combines on-the-fly model-checking =-=[15, 6, 5]-=- with partial order reduction. That is, it intersects the reduced state space during its generation with an automaton that represents the negation of the checked property. Then, besides the benefit of... |

61 |
Refining Dependencies Improves Partial-Order Verification Methods
- Godefroid, Pirottin
- 1993
(Show Context)
Citation Context ...dition C1 is based on the notion of a faithful decomposition of operations, first defined in [13] and used in a proof method for verification of concurrent programs. It was used for model-checking in =-=[22, 8]-=-. It follows that under the fairness assumption F, the condition C1 guarantees that: Lemma 3.1 Let ample(x) be a set satisfying condition C1. For every F-fair run ss = [v][w], such that v 2 T \Lambda ... |

60 | Coverage preserving reduction strategies for reachability analysis
- Holzmann, Godefroid, et al.
- 1992
(Show Context)
Citation Context ...n C2 in order to adapt it to the on-the-fly case, as shown in Section 4. It should be mentioned that the requirement C2 is very subtle: an earlier attempt for solving the ignoring problem appeared in =-=[11]-=- and required only that at least one of the selected operations does not close a cycle. This turns out to be insufficient for preserving temporal properties, as can be seen from the example in Figure ... |

55 |
Pnueli: How to cook a temporal proof system for your pet language
- Manna, A
- 1982
(Show Context)
Citation Context ...tosin order to force it to become equivalence robust. However, this typically makes all the program operations interdependent, resulting in no reduction. In practice, the typical fairness assumptions =-=[19]-=- are usually stronger than F, although some of them are not equivalence robust. 4 Reduction with On-the-fly Model-Checking Model-checking on-the-fly means that the verification algorithm starts to exa... |

46 | Appraising fairness in languages for distributed programming - Apt, Francez, et al. - 1988 |

45 |
Reducibility in analysis of coordination
- Kurshan
- 1987
(Show Context)
Citation Context ...wed how to gain more 1sreduction by rewriting the checked formula, and how to apply the model-checking under fairness assumptions. We suggest here an algorithm that combines on-the-fly model-checking =-=[15, 6, 5]-=- with partial order reduction. That is, it intersects the reduced state space during its generation with an automaton that represents the negation of the checked property. Then, besides the benefit of... |

45 |
Checking that finite-state concurrent programs satisfy their linear specification
- Lichtenstein, Pnueli
- 1984
(Show Context)
Citation Context ... of the same program state with a single occurrence, we obtain the same sequence. A property is stuttering closed if it cannot distinguish between stuttering equivalent sequences. A nexttime-free LTL =-=[18, 17]-=- formula ' is constructed from the propositional variables p0; p1; p2 : : :, the boolean connectives (`^', `.', `:') and the modals `2' (always), `3' (eventually) and `U ' (until), but not from the mo... |

34 |
Verification of distributed programs using representative interleaving sequences
- Jhala, KATZ, et al.
- 1992
(Show Context)
Citation Context ...ate a subset of the successor states rather than all of them. Partial order methods were at first restricted to checking a constrainted family of properties: the verification method of Katz and Peled =-=[13]-=-, the model-checking methods of Valmari [24], and of Godefroid [7] were limited to dealing with safety properties, termination, local and stable properties. Later, Valmari [25] extended his method to ... |

12 | On-the-fly verification of finite transition systems - Fernandez, Mounier, et al. - 1992 |

12 | Defining conditional independence using collapses, Theoretical Computer Science 101 - Katz, Peled - 1992 |

7 | An Improvement
- Holzmann, Peled
- 1994
(Show Context)
Citation Context ...1 (at line 3 in Figure 2). If they do, it returns these operations. Otherwise, it returns the empty set. More details on how our implementation checks this condition are described in Section 6 and in =-=[12]-=-. A second condition [22] is enforced at lines 5-8 in Figure 2. It is needed to prevent some pathological cases where the execution of operations is indefinitely deferred along a cycle. 6s1 create nod... |

5 |
Event Fairness and Non-Interleaving Concurrency, Formal Aspects of Computing 1
- Kwiatkowska
- 1989
(Show Context)
Citation Context ..., w is equivalent to v iff it can be obtained from it by repeatedly commuting adjacent independent operations. The definition of equivalence between finite strings is now extended to infinite strings =-=[16]-=-. Denote by P ref (w) the set of finite prefixes of the (finite or infinite) string w. A relation `_D' is defined between pairs of strings from T \Lambdas[ T ! (i.e., finite or infinite) as follows: v... |

2 |
Proving partial order properties. Theoretical Computer Science 126
- Peled, Pnueli
- 1994
(Show Context)
Citation Context ...ly ff itself) must appear later (or immediately) in this sequence. Thus, we limit the following discussion to runs ss that contain interleaving sequences satisfying F. The F-fair sequences were shown =-=[16, 21]-=- to be exactly the set of maximal traces with respect to the subsumption relation `_'. Furthermore, F is equivalence robust [16]. Thus, F can be also viewed of as a property of infinite traces, rather... |

1 | Adding Liveness Properties to Coupled Finite State Machines - Aggarwal, Courcoubetis, et al. - 1990 |

1 |
A Partial Approach to Model Checking, 6th LICS
- Godefroid, Wolper
- 1991
(Show Context)
Citation Context ...hows how to apply partial order reductions on-the-fly under various fairness assumptions. Other algorithms that exploit partial-order reductions while doing on-the-fly construction where suggested in =-=[9]-=- and [26]. These algorithms use a different model than ours to represent the specification, namely an automaton over sequences of operations, rather than a state-based specification. These algorithms ... |

1 |
What good is temporal logic, IFIP
- Lamport
- 1983
(Show Context)
Citation Context ...ed property may be found before the end of the construction, and parts of the (reduced) state space may not be necessary in the intersection. The method allows checking the class of stuttering-closed =-=[17]-=- B"uchi automata properties, which includes the nexttime-free temporal properties. The reduction method presented here also shows how to apply partial order reductions on-the-fly under various fairnes... |

1 | Propositional Dynamic Logic of Looping and - Street - 1982 |

1 |
On-The-Fly Verification of stubborn sets, 5th CAV
- Valmari
- 1993
(Show Context)
Citation Context ... to apply partial order reductions on-the-fly under various fairness assumptions. Other algorithms that exploit partial-order reductions while doing on-the-fly construction where suggested in [9] and =-=[26]-=-. These algorithms use a different model than ours to represent the specification, namely an automaton over sequences of operations, rather than a state-based specification. These algorithms also diff... |