## A New Scheme for Memory-Efficient Probabilistic Verification (1996)

Venue: | in IFIP TC6/WG6.1 Joint International Conference on Formal Description Techniques for Distributed Systems and Communication Protocols, and Protocol Specification, Testing, and Verification |

Citations: | 21 - 6 self |

### BibTeX

@INPROCEEDINGS{Stern96anew,

author = {Ulrich Stern and David L. Dill},

title = {A New Scheme for Memory-Efficient Probabilistic Verification},

booktitle = {in IFIP TC6/WG6.1 Joint International Conference on Formal Description Techniques for Distributed Systems and Communication Protocols, and Protocol Specification, Testing, and Verification},

year = {1996},

pages = {333--348}

}

### Years of Citing Articles

### OpenURL

### Abstract

In verification by explicit state enumeration, for each reachable state of the protocol being verified the full state descriptor is stored in a state table. Two probabilistic methods -- bitstate hashing and hash compaction -- have been proposed in the literature that store much fewer bits for each state but come at the price of some probability that not all reachable states will be explored during the search, and that the verifier may thus produce false positives. Holzmann introduced bitstate hashing and derived an approximation formula for the average probability that a particular state is not omitted during the search, but this formula does not give a bound on the probability of false positives. In contrast, the analysis for hash compaction, introduced by Wolper and Leroy and improved upon by Stern and Dill, yielded a bound on the probability that not even one state is omitted during the search, thus providing a bound on the probability of false positives. In this paper, we propose a...

### Citations

8543 |
Introduction to Algorithms
- Cormen, Leiserson, et al.
- 1990
(Show Context)
Citation Context ...ble. One problem in hashing is the occurrence of collisions. A collision occurs if two states hash to the same slot in the table. This collision can be resolved by either chaining or open addressing (=-=Cormen et al. 1990-=-). Chaining requires storing an additional pointer besides the compressed state. However, a pointer has roughly the same size as the compressed state and thus chaining approximately doubles the memory... |

769 | Design and Validation of Computer Protocols - Holzmann - 1991 |

674 |
Universal classes of hash functions
- Carter, Wegman
- 1979
(Show Context)
Citation Context ...mma1g to be stored in the table for each state s. Here, l denotes the number of all possible compressed values. If we use b bits for these values, l =2 b . In practice, one can use universal hashing (=-=Carter and Wegman 1979-=-) to calculate the compressed value from the state descriptor, as suggested by Wolper and Leroy (1995) . Then, the probability that two different states have the same compressed value is bounded, name... |

374 | The Stanford DASH multiprocessor
- Lenoski, Gharachorloo, et al.
- 1992
(Show Context)
Citation Context ...te descriptors for three industrial protocols when a protocol parameter (the number of processors) is varied. All three protocols -- cache3, SCI (IEEE Std 1596--1992; Stern and Dill 1995a) and adash (=-=Lenoski et al. 1992-=-) -- are cache coherence protocols. Observe, that the ratio of n=d grows exponentially when the number of processors is increased and that the diameter d is typically quite small. Table 2 shows the ap... |

233 | Protocol verification as a hardware design aid
- Dill, Drexler, et al.
- 1992
(Show Context)
Citation Context ...ssors of the protocols, which enabled a roughly 50% reduction in the size of the compressed values. We implemented the new scheme in the context of the Mur' verification system developed at Stanford (=-=Dill et al. 1992-=-). The new implementation includes a memory efficient method to store the information needed for error trace generation. A file is used to store this information instead of the main memory. In experim... |

185 | Better verification through symmetry
- Ip, Dill
- 1993
(Show Context)
Citation Context ...o of n=d is bigger for the cache3 protocol and so are the savings in the number of bits in comparison to the previous scheme. Here, the cache3 protocol was verified without using symmetry reductions (=-=Ip and Dill 1993-=-), hence the difference in the number of reachable states in comparison to Table 1. Furthermore, note that the observed last state omission probabilities are not much smaller compared to the reported ... |

177 |
Sequential circuit verification using symbolic model checking
- Burch, Clarke, et al.
- 1990
(Show Context)
Citation Context ...the states can be explicitly enumerated by storing them individually in a table, or a symbolic method can be used, such as representing the reachable state space with a binary decision diagram (BDD) (=-=Burch et al. 1990-=-). The biggest obstacle of both methods is the often unmanageably large number of reachable states -- the `state explosion problem'. Symbolic methods can alleviate the state explosion problem in some ... |

82 | An analysis of bitstate hashing - HOLZMANN - 1998 |

63 | Reliable hashing without collision detection
- Wolper, Leroy
- 1993
(Show Context)
Citation Context ...r, techniques to reduce d 0 or a bound on the diameter can be employed in the depth-first case. ACKNOWLEDGEMENTS We are grateful to Pierre Wolper and Denis Leroy for sharing the unpublished revision (=-=Wolper and Leroy 1995-=-) of their paper with us. We would also like to thank Ravi Soundararajan for his comments on a draft of this paper. Ulrich Stern was supported during this research by a scholarship from the German Aca... |

41 | Automatic Verification of the SCI Cache Coherence Protocol - Stern, Dill |

34 | On limits and possibilities of automated protocol analysis - Holzmann - 1987 |

26 | New techniques for efficient verification with implicitly conjoined BDDs
- Hu, York, et al.
- 1994
(Show Context)
Citation Context ...alleviate the state explosion problem in some cases. However, in research done in our group for some types of industrial protocols, explicit state enumeration has out-performed the symbolic approach (=-=Hu et al. 1994-=-). In explicit state enumeration algorithms, a state table is maintained that eventually holds all reachable states of the protocol under verification unless an error is detected. This state table is ... |

15 |
Ordered hash tables
- Amble, Knuth
- 1974
(Show Context)
Citation Context ...omissions hits the shortest path to the error state. The previous analysis, in contrast, allowed not even one omission among the reachable states. Furthermore, the new scheme employs ordered hashing (=-=Amble and Knuth 1974-=-), which can reduce the length of the probe sequences for unsuccessful searches in open addressing and thus also reduce the omission probability. If n denotes the number of states in the reachability ... |

13 | Combining state space caching and hash compaction - Stern, Dill - 1996 |

12 | State reduction using reversible rules
- Ip, Dill
- 1996
(Show Context)
Citation Context ...ral methods that aim at reducing the size of the reachability graph while ensuring that errors will still be detected. Examples would be exploiting symmetries (Ip and Dill 1993) and reversible rules (=-=Ip and Dill 1996-=-). When combining different techniques, one usually observes that runtime becomes the new major limiting factor in verification, which increases the priority of research into accelerating explicit-sta... |