Abstract
Rule based specifications are popular for specifying protocols, such as cache coherence protocols specified in TLA+, Murphi, or the BlueSpec language. Specifications in these notations are a collection of unordered rules of the form guard → atomic_updates. There is no notion of a sequential process with local scope or specialized communication channels, and each rule tends to update multiple fields of the global state. It is believed that partial order (PO) reduction, a powerful state space reduction technique, is difficult to achieve in such a setting. Partial order reductions attempt to visit a smaller set of states by selectively exploring a subset of all enabled transitions at each state, based on the independence of transitions. In earlier work, we have reported a suitable algorithm for this purpose, where the independence relation is computed using symbolic analysis and SAT. In this paper, we expand on this algorithm and show how to exploit some commonly seen characteristics of rule based specifications. First, many of these systems have a transactional nature, such as the request/grant transactions of cache coherence protocols. We show how to use this information while picking subsets of transitions at each state. Second, many of these systems are parameterized, and also exhibit symmetry. We show that, for such systems, the SAT-based computation of the independence relation between rules can be performed once and for all in a manner that is accurate for all parameterized instances of the protocol. Third, we show that sharpening the SAT-based independence computation through local invariants can aid PO reduction. Here, we propose a way by which users may guess these invariants: we can check these invariants and the property of interest in one combined phase under PO reduction (we prove that there is no circularity in this process). Our results indicate that with the above measures, rule based systems can have efficient and effective PO reduction algorithms.
This work was supported in part by NSF Award CCR-0219805, and SRC Contract 2005-TJ-1318.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Arvind: Bluespec: A language for hardware design, simulation, synthesis and verification. In: MEMOCODE, pp. 249–249 (2003) (invited Talk)
Bhattacharya, R.: http://www.cs.utah.edu/~ritwik/carryover.html
Bhattacharya, R., German, S., Gopalakrishnan, G.: A symbolic partial order reduction algorithm for rule based transition systems. Technical Report UUCS-03-028, School of Computing, University of Utah (2003)
Chen, X.: personal communication
Clarke, E.M., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (1999)
Dill, D.: The Stanford Murphi Verifier. In: Alur, R., Henzinger, T.A. (eds.) CAV 1996. LNCS, vol. 1102, pp. 390–393. Springer, Heidelberg (1996)
Allen Emerson, E., Jha, S., Peled, D.: Combining partial order and symmetry reductions. In: Brinksma, E. (ed.) TACAS 1997. LNCS, vol. 1217. Springer, Heidelberg (1997)
German, S.: http://www.cs.utah.edu/~ritwik/poem/german_cache.m
Godefroid, P.: Using partial orders to improve automatic verification methods. In: Clarke, E., Kurshan, R.P. (eds.) CAV 1990. LNCS, vol. 531, pp. 176–185. Springer, Heidelberg (1991)
Holzmann, G.J.: The model checker SPIN. IEEE Transactions on Software Engineering 23(5), 279–295 (1997); Special issue on Formal Methods in Software Practice
Holzmann, G.J., Godefroid, P., Pirottin, D.: Coverage preserving reduction strategies for reachability analysis. In: Proc. 12th Int. Conf on Protocol Specification, Testing, and Verification, INWG/IFIP (1992)
Norris Ip, C., Dill, D.L.: Better verification through symmetry. In: CHDL 1993, pp. 87–100 (1993)
Kuskin, J., Ofelt, D., et al.: The Stanford FLASH multiprocessor. In: SIGARC 1994, May 1994, pp. 302–313 (1994)
Lamport, L.: Specifying concurrent systems with TLA+. In: Calculational System Design (1999)
Lamport, L.: The wildfire challenge problem, http://research.microsoft.com/users/lamport/tla/wildfire-challenge.html
Levin, V., Palmer, R., Qadeer, S., Rajamani, S.K.: Sound transaction-based reduction without cycle detection. In: Godefroid, P. (ed.) SPIN 2005. LNCS, vol. 3639, pp. 106–122. Springer, Heidelberg (2005)
Pnueli, A.: A temporal logic of concurrent programs. Theoretical Computer Science, 45–60 (1977)
Pnueli, A., Ruah, S., Zuck, L.D.: Automatic deductive verification with invisible invariants. In: Margaria, T., Yi, W. (eds.) TACAS 2001. LNCS, vol. 2031, pp. 82–97. Springer, Heidelberg (2001)
Qadeer, S., Rajamani, S., Rehof, J.: Summarizing procedures in concurrent programs. In: Proceedings of the ACM Symposium on the Principles of Programming Languages (2004)
Scott, D.: Stoller and Ernie Cohen. Optimistic synchronization-based state-space reduction. In: Garavel, H., Hatcliff, J. (eds.) TACAS 2003. LNCS, vol. 2619, pp. 489–504. Springer, Heidelberg (2003)
Stump, A., Barrett, C.W., Dill, D.L.: CVC: A Cooperating Validity Checker. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 500–504. Springer, Heidelberg (2002)
Valmari, A.: A stubborn attack on state explosion. In: Clarke, E., Kurshan, R.P. (eds.) CAV 1990. LNCS, vol. 531, pp. 156–165. Springer, Heidelberg (1991)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bhattacharya, R., German, S.M., Gopalakrishnan, G. (2006). Exploiting Symmetry and Transactions for Partial Order Reduction of Rule Based Specifications. In: Valmari, A. (eds) Model Checking Software. SPIN 2006. Lecture Notes in Computer Science, vol 3925. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11691617_15
Download citation
DOI: https://doi.org/10.1007/11691617_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33102-5
Online ISBN: 978-3-540-33103-2
eBook Packages: Computer ScienceComputer Science (R0)