Experiments with an Improved Constrained Expression Toolset.
ABSTRACT At TAV3, we described a prelimimu-y version of the constrained expression toolset, and reported on the results of our initial experiments with it, Through those experiments we discovered shortcomings in some of the tools that limited the size of the examples that we could analyze. We have since redesigned and reimplementcd several components of the toolset, with performance improvements of more than two orders of magnitude in some cases. The improved toolset has been successfully used with designs that involve hundreds of concurrent processes. In this paper, we describe several experiments with the new version of the toolset, including preliminary experiments with a technique for analyzing systems that include an essentially arbitrary number of identical components.
- SourceAvailable from: psu.edu[Show abstract] [Hide abstract]
ABSTRACT: Practical analysis of large systems must proceed piecemeal, and preferably in a hierarchical manner with suppression of details at each level. Reports of possible errors, on the other hand, may be helpful only if they describe in detail how the error can occur. A common error reporting technique in analysis of concurrent systems is to present an example trace (sequence of actions) that exhibits an undesired property (e.g., a deadlock or critical race). Since suppression of detail may make such a trace less useful, we need to recover a detailed trace despite having suppressed details during the analysis. We describe an approach to recovering detailed traces of possible task interactions from a hierarchical state-space analysis, and report performance of the method in a prototype state-space analysis tool for Ada systems. 1 Introduction In [YY91] we described a hierarchical, incremental approach to analysis of Ada programs using process algebra. Algebraic operations of restric...07/1999;
- [Show abstract] [Hide abstract]
ABSTRACT: Behaviour analysis of complex distributed systems has led to the search for enhanced reachability analysis techniques which support modularity and which control the state explosion problem. While modularity has been achieved, state explosion is still a problem. Indeed, this problem may even be exacerbated as a locally minimised subsystem may contain many states and transitions forbidden by its environment or context. Context constraints, specified as interface processes, are restrictions imposed by the environment on subsystem behaviour. Recent research has suggested that the state explosion problem can be effectively controlled if context constraints are incorporated in compositional reachability analysis (CRA). Although theoretically very promising, the approach has rarely been used in practice because it generally requires a more complex computational model and does not contain a mechanism to derive context constraints automatically. This paper presents a technique to automate the a...03/1996;
- [Show abstract] [Hide abstract]
ABSTRACT: Formal verification for complex concurrent systems is a computationally intensive and, in some cases, intractable process. The complexity is an inherent part of the verification process due to the system complexity that is an exponential function of the sizes of its components. However, some properties can be enforced by automatically synchronizing the components, thus eliminating the need for verification. Moreover, the complexity of the analysis required to enforce the properties grows incrementally with addition of new components and properties that make the system complexity grow exponentially. The properties in question are the receptive safety properties, a subset of safety properties that can only be violated by component actions. The receptive safety properties represent the realizable subset of the general safety properties because a system that satisfies any non--receptive safety properties must satisfy related receptive safety properties. This implies that any system with realizable safety requirements can be described as a set of components and receptive safety properties that specify the component interaction that satisfies the requirements. We have developed a method that automatically synchronizes complex concurrent systems to enforce their receptive safety properties. Many non--safety and non--receptive properties can be represented using receptive safety properties, and automated synchronization can be used to enforce them. 1 Contents 103/2001;