Content uploaded by Dominik Klumpp

Author content

All content in this area was uploaded by Dominik Klumpp on Jun 25, 2020

Content may be subject to copyright.

Trace Abstraction Reﬁnement

iteratively build Floyd-Hoare automaton

A= (Q,Σ,true,∆,{false})

logical formulae

over program variables

program statements

taken from P

such that for all (ϕ, st, ψ)∈∆,

Hoare triple {ϕ}st {ψ}is valid.

⇒for all τ∈A, Hoare triple

{true}τ{false}is valid

true

i<j

a[i]6=0

∧i<j

false

i:=i-1

a[j]:=7

j:=i+1

a[i]:=21

a[j]:=0

a[i]==0

If P⊆A, then Pis correct.

Dominik Klumpp POR for TAR 4

Trace Abstraction Reﬁnement

iteratively build Floyd-Hoare automaton

A= (Q,Σ,true,∆,{false})

logical formulae

over program variables

program statements

taken from P

such that for all (ϕ, st, ψ)∈∆,

Hoare triple {ϕ}st {ψ}is valid.

⇒for all τ∈A, Hoare triple

{true}τ{false}is valid

true

i<j

a[i]6=0

∧i<j

false

i:=i-1

a[j]:=7

j:=i+1

a[i]:=21

a[j]:=0

a[i]==0

If P⊆A, then Pis correct.

Dominik Klumpp POR for TAR 4

Trace Abstraction Reﬁnement

iteratively build Floyd-Hoare automaton

A= (Q,Σ,true,∆,{false})

logical formulae

over program variables

program statements

taken from P

such that for all (ϕ, st, ψ)∈∆,

Hoare triple {ϕ}st {ψ}is valid.

⇒for all τ∈A, Hoare triple

{true}τ{false}is valid

true

i<j

a[i]6=0

∧i<j

false

i:=i-1

a[j]:=7

j:=i+1

a[i]:=21

a[j]:=0

a[i]==0

If P⊆A, then Pis correct.

Dominik Klumpp POR for TAR 4

Trace Abstraction Reﬁnement

iteratively build Floyd-Hoare automaton

A= (Q,Σ,true,∆,{false})

logical formulae

over program variables

program statements

taken from P

such that for all (ϕ, st, ψ)∈∆,

Hoare triple {ϕ}st {ψ}is valid.

⇒for all τ∈A, Hoare triple

{true}τ{false}is valid

true

i<j

a[i]6=0

∧i<j

false

i:=i-1

a[j]:=7

j:=i+1

a[i]:=21

a[j]:=0

a[i]==0

If P⊆A, then Pis correct.

Dominik Klumpp POR for TAR 4

Trace Abstraction Reﬁnement

iteratively build Floyd-Hoare automaton

A= (Q,Σ,true,∆,{false})

logical formulae

over program variables

program statements

taken from P

such that for all (ϕ, st, ψ)∈∆,

Hoare triple {ϕ}st {ψ}is valid.

⇒for all τ∈A, Hoare triple

{true}τ{false}is valid

true

i<j

a[i]6=0

∧i<j

false

i:=i-1

a[j]:=7

j:=i+1

a[i]:=21

a[j]:=0

a[i]==0

If P⊆A, then Pis correct.

Dominik Klumpp POR for TAR 4

Trace Abstraction Reﬁnement

iteratively build Floyd-Hoare automaton

A= (Q,Σ,true,∆,{false})

logical formulae

over program variables

program statements

taken from P

such that for all (ϕ, st, ψ)∈∆,

Hoare triple {ϕ}st {ψ}is valid.

⇒for all τ∈A, Hoare triple

{true}τ{false}is valid

true

i<j

a[i]6=0

∧i<j

false

i:=i-1

a[j]:=7

j:=i+1

a[i]:=21

a[j]:=0

a[i]==0

If P⊆A, then Pis correct.

Dominik Klumpp POR for TAR 4

Trace Abstraction Reﬁnement

iteratively build Floyd-Hoare automaton

A= (Q,Σ,true,∆,{false})

logical formulae

over program variables

program statements

taken from P

such that for all (ϕ, st, ψ)∈∆,

Hoare triple {ϕ}st {ψ}is valid.

⇒for all τ∈A, Hoare triple

{true}τ{false}is valid

true

i<j

a[i]6=0

∧i<j

false

i:=i-1

a[j]:=7

j:=i+1

a[i]:=21

a[j]:=0

a[i]==0

If P⊆A, then Pis correct.

Dominik Klumpp POR for TAR 4

Trace Abstraction Reﬁnement

iteratively build Floyd-Hoare automaton

A= (Q,Σ,true,∆,{false})

logical formulae

over program variables

program statements

taken from P

such that for all (ϕ, st, ψ)∈∆,

Hoare triple {ϕ}st {ψ}is valid.

⇒for all τ∈A, Hoare triple

{true}τ{false}is valid

true

i<j

a[i]6=0

∧i<j

false

i:=i-1

a[j]:=7

j:=i+1

a[i]:=21

a[j]:=0

a[i]==0

If P⊆A, then Pis correct.

Dominik Klumpp POR for TAR 4

Partial Order Reduction

error traces:

τ1:i:=i-1 a[j]:=7 j:=i+1 a[i]:=21 a[j]:=0 a[i]==0

τ2:i:=i-1 a[j]:=7 a[i]:=21 j:=i+1 a[j]:=0 a[i]==0

Idea: order of a[i]:=21 and j:=i+1 irrelevant!

Deﬁne (partial) commutativity relation I over program statements

here: a[i]:=21 and j:=i+1 commute

Traces τ1,τ2are equivalent (τ1∼Iτ2) iﬀ

τ1=τ2or τ1=ρabσ, τ2=ρbaσ

where (a,b)∈Ior ∃τ0. τ1∼τ0∼τ2

Goal: Only analyse one representative of each equivalence class!

Dominik Klumpp POR for TAR 6

Partial Order Reduction

error traces:

τ1:i:=i-1 a[j]:=7 j:=i+1 a[i]:=21 a[j]:=0 a[i]==0

τ2:i:=i-1 a[j]:=7 a[i]:=21 j:=i+1 a[j]:=0 a[i]==0

Idea: order of a[i]:=21 and j:=i+1 irrelevant!

Deﬁne (partial) commutativity relation I over program statements

here: a[i]:=21 and j:=i+1 commute

Traces τ1,τ2are equivalent (τ1∼Iτ2) iﬀ

τ1=τ2or τ1=ρabσ, τ2=ρbaσ

where (a,b)∈Ior ∃τ0. τ1∼τ0∼τ2

Goal: Only analyse one representative of each equivalence class!

Dominik Klumpp POR for TAR 6

Partial Order Reduction

error traces:

τ1:i:=i-1 a[j]:=7 j:=i+1 a[i]:=21 a[j]:=0 a[i]==0

τ2:i:=i-1 a[j]:=7 a[i]:=21 j:=i+1 a[j]:=0 a[i]==0

Idea: order of a[i]:=21 and j:=i+1 irrelevant!

Deﬁne (partial) commutativity relation I over program statements

here: a[i]:=21 and j:=i+1 commute

Traces τ1,τ2are equivalent (τ1∼Iτ2) iﬀ

τ1=τ2or τ1=ρabσ, τ2=ρbaσ

where (a,b)∈Ior ∃τ0. τ1∼τ0∼τ2

Goal: Only analyse one representative of each equivalence class!

Dominik Klumpp POR for TAR 6

Partial Order Reduction

error traces:

τ1:i:=i-1 a[j]:=7 j:=i+1 a[i]:=21 a[j]:=0 a[i]==0

τ2:i:=i-1 a[j]:=7 a[i]:=21 j:=i+1 a[j]:=0 a[i]==0

Idea: order of a[i]:=21 and j:=i+1 irrelevant!

Deﬁne (partial) commutativity relation I over program statements

here: a[i]:=21 and j:=i+1 commute

Traces τ1,τ2are equivalent (τ1∼Iτ2) iﬀ

τ1=τ2or τ1=ρabσ, τ2=ρbaσ

where (a,b)∈Ior ∃τ0. τ1∼τ0∼τ2

Goal: Only analyse one representative of each equivalence class!

Dominik Klumpp POR for TAR 6

Partial Order Reduction

error traces:

τ1:i:=i-1 a[j]:=7 j:=i+1 a[i]:=21 a[j]:=0 a[i]==0

τ2:i:=i-1 a[j]:=7 a[i]:=21 j:=i+1 a[j]:=0 a[i]==0

Idea: order of a[i]:=21 and j:=i+1 irrelevant!

Deﬁne (partial) commutativity relation I over program statements

here: a[i]:=21 and j:=i+1 commute

Traces τ1,τ2are equivalent (τ1∼Iτ2) iﬀ

τ1=τ2or τ1=ρabσ, τ2=ρbaσ

where (a,b)∈Ior ∃τ0. τ1∼τ0∼τ2

Goal: Only analyse one representative of each equivalence class!

Dominik Klumpp POR for TAR 6

Partial Order Reduction

New proof criterion:

If P⊆clI(A), then Pis correct.

(for suitable commutativity relation I)

Algorithmic Check:

P⊆clI(A)⇐⇒ ∃ reduction P0of Ps.t. P0⊆A

Hence: Compute a (regular) reduction P0and check P0⊆A

suﬃcient but (necessarily) incomplete

more general than checking P⊆A

closure of A

all traces equivalent

to some τ∈A

i.e. clI(P0) = P

Dominik Klumpp POR for TAR 7

Partial Order Reduction

New proof criterion:

If P⊆clI(A), then Pis correct.

(for suitable commutativity relation I)

Algorithmic Check:

P⊆clI(A)⇐⇒ ∃ reduction P0of Ps.t. P0⊆A

Hence: Compute a (regular) reduction P0and check P0⊆A

suﬃcient but (necessarily) incomplete

more general than checking P⊆A

closure of A

all traces equivalent

to some τ∈A

i.e. clI(P0) = P

Dominik Klumpp POR for TAR 7

Partial Order Reduction

New proof criterion:

If P⊆clI(A), then Pis correct.

(for suitable commutativity relation I)

Algorithmic Check:

P⊆clI(A)⇐⇒ ∃ reduction P0of Ps.t. P0⊆A

Hence: Compute a (regular) reduction P0and check P0⊆A

suﬃcient but (necessarily) incomplete

more general than checking P⊆A

closure of A

all traces equivalent

to some τ∈A

i.e. clI(P0) = P

Dominik Klumpp POR for TAR 7

Partial Order Reduction

New proof criterion:

If P⊆clI(A), then Pis correct.

(for suitable commutativity relation I)

Algorithmic Check:

P⊆clI(A)⇐⇒ ∃ reduction P0of Ps.t. P0⊆A

Hence: Compute a (regular) reduction P0and check P0⊆A

suﬃcient but (necessarily) incomplete

more general than checking P⊆A

closure of A

all traces equivalent

to some τ∈A

i.e. clI(P0) = P

Dominik Klumpp POR for TAR 7

Partial Order Reduction

New proof criterion:

If P⊆clI(A), then Pis correct.

(for suitable commutativity relation I)

Algorithmic Check:

P⊆clI(A)⇐⇒ ∃ reduction P0of Ps.t. P0⊆A

Hence: Compute a (regular) reduction P0and check P0⊆A

suﬃcient but (necessarily) incomplete

more general than checking P⊆A

closure of A

all traces equivalent

to some τ∈A

i.e. clI(P0) = P

Dominik Klumpp POR for TAR 7

Concrete Commutativity

Deﬁnition:

aand bcommute iﬀ JaK◦JbK=JbK◦JaK

semantics of statement a

relation over program states

For example:

Ja[i]:=21K=(s,s0)|s0=s{a7→ store(s(a),s(i),21)}

Jj:=i+1K=(s,s0)|s0=s{j7→ s(i) + 1}

Therefore

Ja[i]:=21K◦Jj:=i+1K=Jj:=i+1K◦Ja[i]:=21K

Combined with Trace Abstraction Reﬁnement by Cassez et al.

Dominik Klumpp POR for TAR 8

Concrete Commutativity

Deﬁnition:

aand bcommute iﬀ JaK◦JbK=JbK◦JaK

semantics of statement a

relation over program states

For example:

Ja[i]:=21K=(s,s0)|s0=s{a7→ store(s(a),s(i),21)}

Jj:=i+1K=(s,s0)|s0=s{j7→ s(i) + 1}

Therefore

Ja[i]:=21K◦Jj:=i+1K=Jj:=i+1K◦Ja[i]:=21K

Combined with Trace Abstraction Reﬁnement by Cassez et al.

Dominik Klumpp POR for TAR 8

Concrete Commutativity

Deﬁnition:

aand bcommute iﬀ JaK◦JbK=JbK◦JaK

semantics of statement a

relation over program states

For example:

Ja[i]:=21K=(s,s0)|s0=s{a7→ store(s(a),s(i),21)}

Jj:=i+1K=(s,s0)|s0=s{j7→ s(i) + 1}

Therefore

Ja[i]:=21K◦Jj:=i+1K=Jj:=i+1K◦Ja[i]:=21K

Combined with Trace Abstraction Reﬁnement by Cassez et al.

Dominik Klumpp POR for TAR 8

Concrete Commutativity

Deﬁnition:

aand bcommute iﬀ JaK◦JbK=JbK◦JaK

semantics of statement a

relation over program states

For example:

Ja[i]:=21K=(s,s0)|s0=s{a7→ store(s(a),s(i),21)}

Jj:=i+1K=(s,s0)|s0=s{j7→ s(i) + 1}

Therefore

Ja[i]:=21K◦Jj:=i+1K=Jj:=i+1K◦Ja[i]:=21K

Combined with Trace Abstraction Reﬁnement by Cassez et al.

Dominik Klumpp POR for TAR 8

Concrete Commutativity

Deﬁnition:

aand bcommute iﬀ JaK◦JbK=JbK◦JaK

semantics of statement a

relation over program states

For example:

Ja[i]:=21K=(s,s0)|s0=s{a7→ store(s(a),s(i),21)}

Jj:=i+1K=(s,s0)|s0=s{j7→ s(i) + 1}

Therefore

Ja[i]:=21K◦Jj:=i+1K=Jj:=i+1K◦Ja[i]:=21K

Combined with Trace Abstraction Reﬁnement by Cassez et al.

[1]

[1] Franck Cassez and Frowin Ziegler. “Veriﬁcation of Concurrent Programs Using

Trace Abstraction Reﬁnement”. In: Logic for Programming, Artiﬁcial Intelligence, and

Reasoning. LNCS. Springer, Nov. 2015, pp. 233–248.

Dominik Klumpp POR for TAR 8

Conditional Commutativity

Do a[i]:=21 and a[j]:=0 commute?

ss0

a[i]:=21 ; a[j]:=0

a[j]:=0 ; a[i]:=21

x

X

if i=jthen a[i] = 0

i<j

In general: No!

In our program: i<jdue to assignments j:=i+1,i:=i-1

Godefroid 1996: conditional commutativity relation

parametrized in state of transition system

Here: state of Floyd-Hoare automaton A(i.e. a formula ϕ):

(JaK◦JbK)∩(ϕ×true)= (JbK◦JaK)∩(ϕ×true)

Dominik Klumpp POR for TAR 9

Conditional Commutativity

Do a[i]:=21 and a[j]:=0 commute?

ss0

a[i]:=21 ; a[j]:=0

a[j]:=0 ; a[i]:=21

x

X

if i=jthen a[i] = 0

i<j

In general: No!

In our program: i<jdue to assignments j:=i+1,i:=i-1

Godefroid 1996: conditional commutativity relation

parametrized in state of transition system

Here: state of Floyd-Hoare automaton A(i.e. a formula ϕ):

(JaK◦JbK)∩(ϕ×true)= (JbK◦JaK)∩(ϕ×true)

Dominik Klumpp POR for TAR 9

Conditional Commutativity

Do a[i]:=21 and a[j]:=0 commute?

ss0

a[i]:=21 ; a[j]:=0

a[j]:=0 ; a[i]:=21

x

X

if i=jthen a[i] = 0

i<j

In general: No!

In our program: i<jdue to assignments j:=i+1,i:=i-1

Godefroid 1996: conditional commutativity relation

parametrized in state of transition system

Here: state of Floyd-Hoare automaton A(i.e. a formula ϕ):

(JaK◦JbK)∩(ϕ×true)= (JbK◦JaK)∩(ϕ×true)

Dominik Klumpp POR for TAR 9

Conditional Commutativity

Do a[i]:=21 and a[j]:=0 commute?

ss0

a[i]:=21 ; a[j]:=0

a[j]:=0 ; a[i]:=21

x

X

if i=jthen a[i] = 0

i<j

In general: No!

In our program: i<jdue to assignments j:=i+1,i:=i-1

Godefroid 1996: conditional commutativity relation

parametrized in state of transition system

Here: state of Floyd-Hoare automaton A(i.e. a formula ϕ):

(JaK◦JbK)∩(ϕ×true)= (JbK◦JaK)∩(ϕ×true)

Dominik Klumpp POR for TAR 9

Conditional Commutativity

Do a[i]:=21 and a[j]:=0 commute?

ss0

a[i]:=21 ; a[j]:=0

a[j]:=0 ; a[i]:=21

x

X

if i=jthen a[i] = 0

i<j

In general: No!

In our program: i<jdue to assignments j:=i+1,i:=i-1

Godefroid 1996: conditional commutativity relation

parametrized in state of transition system

Here: state of Floyd-Hoare automaton A(i.e. a formula ϕ):

(JaK◦JbK)∩(ϕ×true)= (JbK◦JaK)∩(ϕ×true)

[2]

[2] Patrice Godefroid. Partial-Order Methods for the Veriﬁcation of Concurrent

Systems: An Approach to the State-Explosion Problem.Springer, 1996.

Dominik Klumpp POR for TAR 9

Conditional Commutativity

Do a[i]:=21 and a[j]:=0 commute?

ss0

a[i]:=21 ; a[j]:=0

a[j]:=0 ; a[i]:=21

x

X

if i=jthen a[i] = 0

i<j

In general: No!

In our program: i<jdue to assignments j:=i+1,i:=i-1

Godefroid 1996: conditional commutativity relation

parametrized in state of transition system

Here: state of Floyd-Hoare automaton A(i.e. a formula ϕ):

(JaK◦JbK)∩(ϕ×true)= (JbK◦JaK)∩(ϕ×true)

Dominik Klumpp POR for TAR 9

Abstract Commutativity

Do a[i]:=21 and a[j]:=7 commute?

ss0

a[i]:=21 ; a[j]:=7a[i]:=* ; a[j]:=*a[i]:=* with a[i]!=0 ; a[j]:=* with a[j]!=0

a[j]:=7 ; a[i]:=21a[j]:=* ; a[i]:=*a[j]:=* with a[j]!=0 ; a[i]:=* with a[i]!=0

x

X

if i=jthen a[i] = 7

a[i]6=0 a[i]6=0X

No: order matters in case i=j(which is possible)

In our program: We only care that a[i]6=0

⇒ﬁnd abstractions

Abstracted program may be unsound!

⇒bound abstraction by proof candidate A

Dominik Klumpp POR for TAR 10

Abstract Commutativity

Do a[i]:=21 and a[j]:=7 commute?

ss0

a[i]:=21 ; a[j]:=7a[i]:=* ; a[j]:=*a[i]:=* with a[i]!=0 ; a[j]:=* with a[j]!=0

a[j]:=7 ; a[i]:=21a[j]:=* ; a[i]:=*a[j]:=* with a[j]!=0 ; a[i]:=* with a[i]!=0

x

X

if i=jthen a[i] = 7

a[i]6=0 a[i]6=0X

No: order matters in case i=j(which is possible)

In our program: We only care that a[i]6=0

⇒ﬁnd abstractions

Abstracted program may be unsound!

⇒bound abstraction by proof candidate A

Dominik Klumpp POR for TAR 10

Abstract Commutativity

Do a[i]:=21 and a[j]:=7 commute?

ss0

a[i]:=21 ; a[j]:=7a[i]:=* ; a[j]:=*a[i]:=* with a[i]!=0 ; a[j]:=* with a[j]!=0

a[j]:=7 ; a[i]:=21a[j]:=* ; a[i]:=*a[j]:=* with a[j]!=0 ; a[i]:=* with a[i]!=0

x

X

if i=jthen a[i] = 7

a[i]6=0 a[i]6=0X

No: order matters in case i=j(which is possible)

In our program: We only care that a[i]6=0

⇒ﬁnd abstractions

Abstracted program may be unsound!

⇒bound abstraction by proof candidate A

[3]

[3] Tayfun Elmas, Shaz Qadeer, and Serdar Tasiran. “A Calculus of Atomic Actions”.

In: Proceedings of the 36th Annual ACM SIGPLAN-SIGACT Symposium on Principles

of Programming Languages. POPL ’09. New York, NY, USA: ACM, 2009, pp. 2–15.

Dominik Klumpp POR for TAR 10

Abstract Commutativity

Do a[i]:=21 and a[j]:=7 commute?

ss0

a[i]:=21 ; a[j]:=7a[i]:=* ; a[j]:=*a[i]:=* with a[i]!=0 ; a[j]:=* with a[j]!=0

a[j]:=7 ; a[i]:=21a[j]:=* ; a[i]:=*a[j]:=* with a[j]!=0 ; a[i]:=* with a[i]!=0

x

X

if i=jthen a[i] = 7

a[i]6=0 a[i]6=0X

No: order matters in case i=j(which is possible)

In our program: We only care that a[i]6=0

⇒ﬁnd abstractions

Abstracted program may be unsound!

⇒bound abstraction by proof candidate A

Dominik Klumpp POR for TAR 10

Abstract Commutativity

Do a[i]:=21 and a[j]:=7 commute?

ss0

a[i]:=21 ; a[j]:=7a[i]:=* ; a[j]:=*a[i]:=* with a[i]!=0 ; a[j]:=* with a[j]!=0

a[j]:=7 ; a[i]:=21a[j]:=* ; a[i]:=*a[j]:=* with a[j]!=0 ; a[i]:=* with a[i]!=0

x

X

if i=jthen a[i] = 7

a[i]6=0 a[i]6=0X

No: order matters in case i=j(which is possible)

In our program: We only care that a[i]6=0

⇒ﬁnd abstractions

Abstracted program may be unsound!

⇒bound abstraction by proof candidate A

Dominik Klumpp POR for TAR 10

Abstract and Concrete Commutativity

Abstraction sometimes loses commutativity

Combine (conditional) concrete and abstract commutativity

New proof criterion:

If P⊆clconcr (clabstr (A)), then Pis correct.

⇒develop new partial order reduction algorithms for suﬃcient check

Very general criterion:

P⊆clconcr (A) =⇒P⊆clconcr (clabstr (A))

P⊆clabstr (A) =⇒P⊆clconcr (clabstr (A))

Dominik Klumpp POR for TAR 11

Abstract and Concrete Commutativity

Abstraction sometimes loses commutativity

Combine (conditional) concrete and abstract commutativity

New proof criterion:

If P⊆clconcr (clabstr (A)), then Pis correct.

⇒develop new partial order reduction algorithms for suﬃcient check

Very general criterion:

P⊆clconcr (A) =⇒P⊆clconcr (clabstr (A))

P⊆clabstr (A) =⇒P⊆clconcr (clabstr (A))

Dominik Klumpp POR for TAR 11

Abstract and Concrete Commutativity

Abstraction sometimes loses commutativity

Combine (conditional) concrete and abstract commutativity

New proof criterion:

If P⊆clconcr (clabstr (A)), then Pis correct.

⇒develop new partial order reduction algorithms for suﬃcient check

Very general criterion:

P⊆clconcr (A) =⇒P⊆clconcr (clabstr (A))

P⊆clabstr (A) =⇒P⊆clconcr (clabstr (A))

Dominik Klumpp POR for TAR 11

Abstract and Concrete Commutativity

Abstraction sometimes loses commutativity

Combine (conditional) concrete and abstract commutativity

New proof criterion:

If P⊆clconcr (clabstr (A)), then Pis correct.

⇒develop new partial order reduction algorithms for suﬃcient check

Very general criterion:

P⊆clconcr (A) =⇒P⊆clconcr (clabstr (A))

P⊆clabstr (A) =⇒P⊆clconcr (clabstr (A))

Dominik Klumpp POR for TAR 11

Future Work

Find suitable notion for abstract commutativity

currently: capture commutativity given by Owicki-Gries proofs

provide theoretical guarantee for commutativity

Partial order reduction algorithms to check proof criterion

so far: based on sleep set algorithm

investigate other partial order techniques

Empirical evaluation: eﬀectiveness for veriﬁcation

Theoretical complexity result

Dominik Klumpp POR for TAR 12

Future Work

Find suitable notion for abstract commutativity

currently: capture commutativity given by Owicki-Gries proofs

provide theoretical guarantee for commutativity

Partial order reduction algorithms to check proof criterion

so far: based on sleep set algorithm

investigate other partial order techniques

Empirical evaluation: eﬀectiveness for veriﬁcation

Theoretical complexity result

Dominik Klumpp POR for TAR 12

Future Work

Find suitable notion for abstract commutativity

currently: capture commutativity given by Owicki-Gries proofs

provide theoretical guarantee for commutativity

Partial order reduction algorithms to check proof criterion

so far: based on sleep set algorithm

investigate other partial order techniques

Empirical evaluation: eﬀectiveness for veriﬁcation

Theoretical complexity result

Dominik Klumpp POR for TAR 12

Future Work

Find suitable notion for abstract commutativity

currently: capture commutativity given by Owicki-Gries proofs

provide theoretical guarantee for commutativity

Partial order reduction algorithms to check proof criterion

so far: based on sleep set algorithm

investigate other partial order techniques

Empirical evaluation: eﬀectiveness for veriﬁcation

Theoretical complexity result

Dominik Klumpp POR for TAR 12

Future Work

Find suitable notion for abstract commutativity

currently: capture commutativity given by Owicki-Gries proofs

provide theoretical guarantee for commutativity

Partial order reduction algorithms to check proof criterion

so far: based on sleep set algorithm

investigate other partial order techniques

Empirical evaluation: eﬀectiveness for veriﬁcation

Theoretical complexity result

Dominik Klumpp POR for TAR 12

Future Work

Find suitable notion for abstract commutativity

currently: capture commutativity given by Owicki-Gries proofs

provide theoretical guarantee for commutativity

Partial order reduction algorithms to check proof criterion

so far: based on sleep set algorithm

investigate other partial order techniques

Empirical evaluation: eﬀectiveness for veriﬁcation

Theoretical complexity result

Dominik Klumpp POR for TAR 12

Future Work

Find suitable notion for abstract commutativity

currently: capture commutativity given by Owicki-Gries proofs

provide theoretical guarantee for commutativity

Partial order reduction algorithms to check proof criterion

so far: based on sleep set algorithm

investigate other partial order techniques

Empirical evaluation: eﬀectiveness for veriﬁcation

Theoretical complexity result

Dominik Klumpp POR for TAR 12

Future Work

Find suitable notion for abstract commutativity

currently: capture commutativity given by Owicki-Gries proofs

provide theoretical guarantee for commutativity

Partial order reduction algorithms to check proof criterion

so far: based on sleep set algorithm

investigate other partial order techniques

Empirical evaluation: eﬀectiveness for veriﬁcation

Theoretical complexity result

Dominik Klumpp POR for TAR 12

Future Work

Find suitable notion for abstract commutativity

currently: capture commutativity given by Owicki-Gries proofs

provide theoretical guarantee for commutativity

Partial order reduction algorithms to check proof criterion

so far: based on sleep set algorithm

investigate other partial order techniques

Empirical evaluation: eﬀectiveness for veriﬁcation

Theoretical complexity result

Dominik Klumpp POR for TAR 12