Skip to main content
SpringerLink
Log in

Towards Practical Partial Order Reduction for High-Level Formalisms

  • Conference paper
  • First Online:
Book cover Verified Software. Theories, Tools and Experiments. (VSTTE 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13800))

Abstract

Partial order reduction (POR) has considerable potential to reduce the state space during model checking by exploiting independence between transitions. This potential remains, however, largely unfulfilled for high-level formalisms such as B or TLA\(^{+}\). In this article, we report on our experiments regarding POR: We empirically assess that our current implementation of POR in ProB does not have any impact for a vast majority of B machines. We then analyse why POR fails to achieve reductions and identify minimal examples without reduction that make use of high-level constructs in B, and provide several new ideas to make POR pay off for more complex formal models. A proof-of-concept implementation then yields two orders of magnitude reduction in the state space for a particularly challenging case study, a railway interlocking model that escaped our POR techniques thus far.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Private communication from Stephan Merz to Michael Leuschel at Schloß Dagstuhl; see also the presentation by Kuppe [24].

  2. 2.

    Already the results in Sect. 4.3 and Table 3 of [23] for POR were unsatisfying. Other techniques of LTSmin were very effective, however.

  3. 3.

    Or actions in TLA+.

  4. 4.

    For example, an error in a twenty-year-old algorithm was recently discovered [36].

  5. 5.

    For Event-B it is straightforward to lift all non-determinism into parameters. In Classical B this is more difficult; but the formalisation of independence with non-determinism would make the presentation overly complex and detract from the main points of the article.

  6. 6.

    More precisely, all operation instances of add are independent of unlock because they can never be enabled at the same time.

  7. 7.

    The implementation in LTSmin uses stubborn sets. There is not much difference concerning our argument as the analysis must extract mostly the same information.

  8. 8.

    https://github.com/hhu-stups/specifications/tree/por-experiments.

  9. 9.

    Which is precise enough for some formalisms (at least using LTSmin’s POR), but not for others [25].

  10. 10.

    We will directly refer to the state variables by their name; e.g., xx is part of state s, and \(xx'\) is a variable of \(s'\).

  11. 11.

    Available at: https://github.com/JanRossbach/fset.

  12. 12.

    https://github.com/pkoerner/train-por/blob/main/Train_1_beebook_TLC.mch.

  13. 13.

    https://github.com/pkoerner/train-por/blob/main/Train_1_beebook_tlc_POR.mch.

  14. 14.

    https://github.com/pkoerner/train-por/blob/main/train_auto4.mch.

References

  1. Abrial, J.R.: The B-Book: Assigning Programs to Meanings. Cambridge University Press, Cambridge (1996)

    Book  MATH  Google Scholar 

  2. Abrial, J.R.: Modeling in Event-B: System and Software Engineering. Cambridge University Press, Cambridge (2010)

    Book  MATH  Google Scholar 

  3. Abrial, J.R., Butler, M., Hallerstede, S., Hoang, T.S., Mehta, F., Voisin, L.: Rodin: an open toolset for modelling and reasoning in Event-B. Int. J. Softw. Tools Technol. Transf. 12(6), 447–466 (2010). https://doi.org/10.1007/s10009-010-0145-y

    Article  Google Scholar 

  4. Baier, C., Katoen, J.P.: Principles of Model Checking. MIT Press, Cambridge (2008)

    MATH  Google Scholar 

  5. Bendisposto, J., Leuschel, M.: Proof assisted model checking for B. In: Breitman, K., Cavalcanti, A. (eds.) ICFEM 2009. LNCS, vol. 5885, pp. 504–520. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10373-5_26

    Chapter  Google Scholar 

  6. Blom, S., van de Pol, J., Weber, M.: LTSmin: distributed and symbolic reachability. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 354–359. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14295-6_31

    Chapter  Google Scholar 

  7. Bønneland, F.M., Jensen, P.G., Larsen, K.G., Muñiz, M., Srba, J.: Partial order reduction for reachability games. In: Proceedings CONCUR (International Conference on Concurrency Theory). LIPIcs, vol. 140, pp. 23:1–23:15. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik (2019)

    Google Scholar 

  8. Borälv, A.: Interlocking design automation using prover trident. In: Havelund, K., Peleska, J., Roscoe, B., de Vink, E. (eds.) FM 2018. LNCS, vol. 10951, pp. 653–656. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-95582-7_39

    Chapter  Google Scholar 

  9. Butler, M., et al.: The first twenty-five years of industrial use of the B-method. In: ter Beek, M.H., Ničković, D. (eds.) FMICS 2020. LNCS, vol. 12327, pp. 189–209. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58298-2_8

    Chapter  Google Scholar 

  10. Carlsson, M., Mildner, P.: SICStus Prolog—the first 25 years. Theory Pract. Logic Program. 12, 35–66 (2012)

    Article  MATH  Google Scholar 

  11. Carlsson, M., Ottosson, G., Carlson, B.: An open-ended finite domain constraint solver. In: Glaser, H., Hartel, P., Kuchen, H. (eds.) PLILP 1997. LNCS, vol. 1292, pp. 191–206. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0033845

    Chapter  Google Scholar 

  12. Clarke, E., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (1999)

    MATH  Google Scholar 

  13. Dobrikov, I., Leuschel, M.: Optimising the ProB model checker for B using partial order reduction. In: Giannakopoulou, D., Salaün, G. (eds.) SEFM 2014. LNCS, vol. 8702, pp. 220–234. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10431-7_16

    Chapter  Google Scholar 

  14. Dobrikov, I., Leuschel, M.: Optimising the ProB model checker for B using partial order reduction. Form. Asp. Comput. 28(2), 295–323 (2016). https://doi.org/10.1007/s00165-015-0351-1

    Article  MATH  Google Scholar 

  15. Dobrikov, I.M.: Improving explicit-state model checking for B and Event-B. Ph.D. thesis, Universitäts- und Landesbibliothek der Heinrich-Heine-Universität Düsseldorf (2017)

    Google Scholar 

  16. Flanagan, C., Godefroid, P.: Dynamic partial-order reduction for model checking software. In: Proceedings POPL (Symposium on Principles of Programming Languages), pp. 110–121. ACM (2005)

    Google Scholar 

  17. Gibson-Robinson, T., Hansen, H., Roscoe, A.W., Wang, X.: Practical partial order reduction for CSP. In: Havelund, K., Holzmann, G., Joshi, R. (eds.) NFM 2015. LNCS, vol. 9058, pp. 188–203. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17524-9_14

    Chapter  Google Scholar 

  18. Godefroid, P.: Using partial orders to improve automatic verification methods. In: Clarke, E.M., Kurshan, R.P. (eds.) CAV 1990. LNCS, vol. 531, pp. 176–185. Springer, Heidelberg (1991). https://doi.org/10.1007/BFb0023731

    Chapter  MATH  Google Scholar 

  19. Holzmann, G.J.: The model checker SPIN. IEEE Trans. Softw. Eng. 23(5), 279–295 (1997)

    Article  Google Scholar 

  20. Krings, S., Leuschel, M.: SMT solvers for validation of B and Event-B models. In: Ábrahám, E., Huisman, M. (eds.) IFM 2016. LNCS, vol. 9681, pp. 361–375. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-33693-0_23

    Chapter  Google Scholar 

  21. Körner, P., Bendisposto, J.: Distributed model checking using ProB. In: Dutle, A., Muñoz, C., Narkawicz, A. (eds.) NFM 2018. LNCS, vol. 10811, pp. 244–260. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-77935-5_18

    Chapter  Google Scholar 

  22. Körner, P., Leuschel, M., Dunkelau, J.: Towards a shared specification repository. In: Raschke, A., Méry, D., Houdek, F. (eds.) ABZ 2020. LNCS, vol. 12071, pp. 266–271. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-48077-6_22

    Chapter  Google Scholar 

  23. Körner, P., Leuschel, M., Meijer, J.: State-of-the-art model checking for B and Event-B using ProB and LTSmin. In: Furia, C.A., Winter, K. (eds.) IFM 2018. LNCS, vol. 11023, pp. 275–295. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98938-9_16

    Chapter  Google Scholar 

  24. Kuppe, M.A.: Let TLA+ RiSE. RiSE group all-hands meeting (2018)

    Google Scholar 

  25. Laarman, A., Pater, E., van de Pol, J., Hansen, H.: Guard-based partial-order reduction. Int. J. Softw. Tools Technol. Transf. 18(4), 427–448 (2014). https://doi.org/10.1007/s10009-014-0363-9

    Article  Google Scholar 

  26. Lamport, L.: Specifying systems: the TLA+ language and tools for hardware and software engineers. Addison-Wesley (2002)

    Google Scholar 

  27. Leuschel, M., Bendisposto, J., Hansen, D.: Unlocking the mysteries of a formal model of an interlocking system. In: Proceedings Rodin Workshop 2014 (2014)

    Google Scholar 

  28. Leuschel, M., Butler, M.: ProB: a model checker for B. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 855–874. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45236-2_46

    Chapter  Google Scholar 

  29. Leuschel, M., Butler, M.: ProB: an automated analysis toolset for the B method. Int. J. Softw. Tools Technol. Transf. 10, 185–203 (2008). https://doi.org/10.1007/s10009-007-0063-9

    Article  Google Scholar 

  30. de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24

    Chapter  Google Scholar 

  31. Parillaud, C., Fonteneau, Y., Belmonte, F.: Interlocking formal verification at Alstom signalling. In: Collart-Dutilleul, S., Lecomte, T., Romanovsky, A. (eds.) RSSRail 2019. LNCS, vol. 11495, pp. 215–225. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-18744-6_14

    Chapter  Google Scholar 

  32. Peled, D.: All from one, one for all: on model checking using representatives. In: Courcoubetis, C. (ed.) CAV 1993. LNCS, vol. 697, pp. 409–423. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-56922-7_34

    Chapter  Google Scholar 

  33. Peled, D.: Combining partial order reductions with on-the-fly model-checking. In: Dill, D.L. (ed.) CAV 1994. LNCS, vol. 818, pp. 377–390. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-58179-0_69

    Chapter  Google Scholar 

  34. Plagge, D., Leuschel, M.: Validating B,Z and TLA\(^+\) using ProB and Kodkod. In: Giannakopoulou, D., Méry, D. (eds.) FM 2012. LNCS, vol. 7436, pp. 372–386. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32759-9_31

    Chapter  Google Scholar 

  35. Schmidt, J., Leuschel, M.: Improving SMT solver integrations for the validation of B and Event-B models. In: Lluch Lafuente, A., Mavridou, A. (eds.) FMICS 2021. LNCS, vol. 12863, pp. 107–125. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85248-1_7

    Chapter  Google Scholar 

  36. Siegel, S.F.: What’s wrong with on-the-fly partial order reduction. In: Dillig, I., Tasiran, S. (eds.) CAV 2019. LNCS, vol. 11562, pp. 478–495. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25543-5_27

    Chapter  Google Scholar 

  37. Torlak, E., Jackson, D.: Kodkod: a relational model finder. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 632–647. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71209-1_49

    Chapter  Google Scholar 

  38. Valmari, A.: Stubborn sets for reduced state space generation. In: Rozenberg, G. (ed.) ICATPN 1989. LNCS, vol. 483, pp. 491–515. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-53863-1_36

    Chapter  Google Scholar 

  39. Yu, Y., Manolios, P., Lamport, L.: Model checking TLA\(^+\) specifications. In: Pierre, L., Kropf, T. (eds.) CHARME 1999. LNCS, vol. 1703, pp. 54–66. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48153-2_6

    Chapter  Google Scholar 

Download references

Acknowledgement

The authors thank the anonymous referees for their feedback, Joshua Schmidt for his patience and relentless work on the Z3 interface and Jan Roßbach for his implementation of the SAT encoding of finite sets. Computational infrastructure and support were provided by the Centre for Information and Media Technology at Heinrich Heine University Düsseldorf.

Author information

Authors and Affiliations

  1. Heinrich Heine University, Universitätsstraße 1, 40225, Düsseldorf, Germany

    Philipp Körner & Michael Leuschel

Authors
  1. Philipp Körner
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Leuschel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Philipp Körner .

Editor information

Editors and Affiliations

  1. Microsoft Research, Karnataka, India

    Akash Lal

  2. Fondazione Bruno Kessler, Trento, Italy

    Stefano Tonetta

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Körner, P., Leuschel, M. (2023). Towards Practical Partial Order Reduction for High-Level Formalisms. In: Lal, A., Tonetta, S. (eds) Verified Software. Theories, Tools and Experiments.. VSTTE 2022. Lecture Notes in Computer Science, vol 13800. Springer, Cham. https://doi.org/10.1007/978-3-031-25803-9_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-25803-9_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-25802-2

  • Online ISBN: 978-3-031-25803-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation