Post on 18-Feb-2020
Local State Space Construction forCompositional Verification of Concurrent
Systems
Hao Zheng
Department of Computer Science and EngineeringUniversity of South Florida
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems1 / 19
Introduction
• Scope: model checking of finite state concurrent systems.• Asynchronous.• Communication via shared variables.• Applications: communication protocols, multi-thread programs,
• To present a local state space construction approach.• As a key part of a methodology for scalable model checking of
finite state concurrent systems.• To addressing state explosion due to the interleavings of
concurrent executions.• For local safety verification.• To helping partial order reduction to be more effective in global
state space.
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems2 / 19
Introduction
• Scope: model checking of finite state concurrent systems.• Asynchronous.• Communication via shared variables.• Applications: communication protocols, multi-thread programs,
• To present a local state space construction approach.• As a key part of a methodology for scalable model checking of
finite state concurrent systems.• To addressing state explosion due to the interleavings of
concurrent executions.• For local safety verification.• To helping partial order reduction to be more effective in global
state space.
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems2 / 19
Overview of the MethodologyParallel composition of communicating processes
M1‖ . . . ‖Mn |= ϕ
Local State SpaceConstruction & Verification
Local state transition modelsG1, . . . , Gn
Is ϕ verified?TerminateYes
Behavioral Analysis
Transition Dependence Relation
Global State Space Searchwith Partial Order Reduction
No
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems3 / 19
Overview of the MethodologyParallel composition of communicating processes
M1‖ . . . ‖Mn |= ϕ
Local State SpaceConstruction & Verification
Local state transition modelsG1, . . . , Gn
Is ϕ verified?TerminateYes
Behavioral Analysis
Transition Dependence Relation
Global State Space Searchwith Partial Order Reduction
No
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems3 / 19
Overview of the MethodologyParallel composition of communicating processes
M1‖ . . . ‖Mn |= ϕ
Local State SpaceConstruction & Verification
Local state transition modelsG1, . . . , Gn
Is ϕ verified?TerminateYes
Behavioral Analysis
Transition Dependence Relation
Global State Space Searchwith Partial Order Reduction
No
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems3 / 19
Overview of the MethodologyParallel composition of communicating processes
M1‖ . . . ‖Mn |= ϕ
Local State SpaceConstruction & Verification
Local state transition modelsG1, . . . , Gn
Is ϕ verified?
TerminateYes
Behavioral Analysis
Transition Dependence Relation
Global State Space Searchwith Partial Order Reduction
No
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems3 / 19
Overview of the MethodologyParallel composition of communicating processes
M1‖ . . . ‖Mn |= ϕ
Local State SpaceConstruction & Verification
Local state transition modelsG1, . . . , Gn
Is ϕ verified?TerminateYes
Behavioral Analysis
Transition Dependence Relation
Global State Space Searchwith Partial Order Reduction
No
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems3 / 19
Overview of the MethodologyParallel composition of communicating processes
M1‖ . . . ‖Mn |= ϕ
Local State SpaceConstruction & Verification
Local state transition modelsG1, . . . , Gn
Is ϕ verified?TerminateYes
Behavioral Analysis
Transition Dependence Relation
Global State Space Searchwith Partial Order Reduction
No
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems3 / 19
Overview of the MethodologyParallel composition of communicating processes
M1‖ . . . ‖Mn |= ϕ
Local State SpaceConstruction & Verification
Local state transition modelsG1, . . . , Gn
Is ϕ verified?TerminateYes
Behavioral Analysis
Transition Dependence Relation
Global State Space Searchwith Partial Order Reduction
No
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems3 / 19
Outline
• Background
• Local state space construction: previous work• The thread-modular approach
• Local state space construction: an improvement• Synchronized local state space search
• Experimental results
• Discussions and conclusions
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems4 / 19
Background
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems5 / 19
High Level Description: A Simple Example
M1 = (V1, q0, A1);V1 = {l1, x, z};q0 = (l1 = 0, x = 0, z = 0);A1 = {α1, α2, α3, α4};
whereα1 = (l1 = 0 ∧ x > 0,
z := x+ 1; l1 := 1);α2 = (l1 = 1,
x := 0; l1 := 2);α3 = (l1 = 2 ∧ x > 0,
z := z ∗ x; l1 := 3);α4 = (l1 = 3,
x := 0; z := 0; l1 := 0);
M2 = (V2, p0, A2);V2 = {l2, x, y};p0 = (l2 = 0, x = 0, y = 0);A2 = {β1, β2};
whereβ1 = (l2 = 0 ∧ y = 0,
x := 2; l2 := 1);β2 = (l2 = 1 ∧ x = 0,
y := 1; l2 := 0)
M3 = (V3, s0, A3);V3 = {l3, x, y};s0 = (l3 = 0, x = 0, y = 0);A3 = {γ1, γ2};
whereγ1 = (l3 = 0 ∧ y = 1,
x := 3; l3 := 1);γ2 = (l3 = 1 ∧ x = 0,
y := 0; l3 := 0)
ProcessesVariable declarationsLocal initial statesAction sets
Guard
Assignments
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems6 / 19
High Level Description: A Simple Example
M1 = (V1, q0, A1);V1 = {l1, x, z};q0 = (l1 = 0, x = 0, z = 0);A1 = {α1, α2, α3, α4};
whereα1 = (l1 = 0 ∧ x > 0,
z := x+ 1; l1 := 1);α2 = (l1 = 1,
x := 0; l1 := 2);α3 = (l1 = 2 ∧ x > 0,
z := z ∗ x; l1 := 3);α4 = (l1 = 3,
x := 0; z := 0; l1 := 0);
M2 = (V2, p0, A2);V2 = {l2, x, y};p0 = (l2 = 0, x = 0, y = 0);A2 = {β1, β2};
whereβ1 = (l2 = 0 ∧ y = 0,
x := 2; l2 := 1);β2 = (l2 = 1 ∧ x = 0,
y := 1; l2 := 0)
M3 = (V3, s0, A3);V3 = {l3, x, y};s0 = (l3 = 0, x = 0, y = 0);A3 = {γ1, γ2};
whereγ1 = (l3 = 0 ∧ y = 1,
x := 3; l3 := 1);γ2 = (l3 = 1 ∧ x = 0,
y := 0; l3 := 0)
Processes
Variable declarationsLocal initial statesAction sets
Guard
Assignments
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems6 / 19
High Level Description: A Simple Example
M1 = (V1, q0, A1);V1 = {l1, x, z};q0 = (l1 = 0, x = 0, z = 0);A1 = {α1, α2, α3, α4};
whereα1 = (l1 = 0 ∧ x > 0,
z := x+ 1; l1 := 1);α2 = (l1 = 1,
x := 0; l1 := 2);α3 = (l1 = 2 ∧ x > 0,
z := z ∗ x; l1 := 3);α4 = (l1 = 3,
x := 0; z := 0; l1 := 0);
M2 = (V2, p0, A2);V2 = {l2, x, y};p0 = (l2 = 0, x = 0, y = 0);A2 = {β1, β2};
whereβ1 = (l2 = 0 ∧ y = 0,
x := 2; l2 := 1);β2 = (l2 = 1 ∧ x = 0,
y := 1; l2 := 0)
M3 = (V3, s0, A3);V3 = {l3, x, y};s0 = (l3 = 0, x = 0, y = 0);A3 = {γ1, γ2};
whereγ1 = (l3 = 0 ∧ y = 1,
x := 3; l3 := 1);γ2 = (l3 = 1 ∧ x = 0,
y := 0; l3 := 0)
Processes
Variable declarations
Local initial statesAction sets
Guard
Assignments
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems6 / 19
High Level Description: A Simple Example
M1 = (V1, q0, A1);V1 = {l1, x, z};q0 = (l1 = 0, x = 0, z = 0);A1 = {α1, α2, α3, α4};
whereα1 = (l1 = 0 ∧ x > 0,
z := x+ 1; l1 := 1);α2 = (l1 = 1,
x := 0; l1 := 2);α3 = (l1 = 2 ∧ x > 0,
z := z ∗ x; l1 := 3);α4 = (l1 = 3,
x := 0; z := 0; l1 := 0);
M2 = (V2, p0, A2);V2 = {l2, x, y};p0 = (l2 = 0, x = 0, y = 0);A2 = {β1, β2};
whereβ1 = (l2 = 0 ∧ y = 0,
x := 2; l2 := 1);β2 = (l2 = 1 ∧ x = 0,
y := 1; l2 := 0)
M3 = (V3, s0, A3);V3 = {l3, x, y};s0 = (l3 = 0, x = 0, y = 0);A3 = {γ1, γ2};
whereγ1 = (l3 = 0 ∧ y = 1,
x := 3; l3 := 1);γ2 = (l3 = 1 ∧ x = 0,
y := 0; l3 := 0)
ProcessesVariable declarations
Local initial states
Action sets
Guard
Assignments
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems6 / 19
High Level Description: A Simple Example
M1 = (V1, q0, A1);V1 = {l1, x, z};q0 = (l1 = 0, x = 0, z = 0);A1 = {α1, α2, α3, α4};
whereα1 = (l1 = 0 ∧ x > 0,
z := x+ 1; l1 := 1);α2 = (l1 = 1,
x := 0; l1 := 2);α3 = (l1 = 2 ∧ x > 0,
z := z ∗ x; l1 := 3);α4 = (l1 = 3,
x := 0; z := 0; l1 := 0);
M2 = (V2, p0, A2);V2 = {l2, x, y};p0 = (l2 = 0, x = 0, y = 0);A2 = {β1, β2};
whereβ1 = (l2 = 0 ∧ y = 0,
x := 2; l2 := 1);β2 = (l2 = 1 ∧ x = 0,
y := 1; l2 := 0)
M3 = (V3, s0, A3);V3 = {l3, x, y};s0 = (l3 = 0, x = 0, y = 0);A3 = {γ1, γ2};
whereγ1 = (l3 = 0 ∧ y = 1,
x := 3; l3 := 1);γ2 = (l3 = 1 ∧ x = 0,
y := 0; l3 := 0)
ProcessesVariable declarationsLocal initial states
Action sets
Guard
Assignments
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems6 / 19
High Level Description: A Simple Example
M1 = (V1, q0, A1);V1 = {l1, x, z};q0 = (l1 = 0, x = 0, z = 0);A1 = {α1, α2, α3, α4};
whereα1 = (l1 = 0 ∧ x > 0,
z := x+ 1; l1 := 1);α2 = (l1 = 1,
x := 0; l1 := 2);α3 = (l1 = 2 ∧ x > 0,
z := z ∗ x; l1 := 3);α4 = (l1 = 3,
x := 0; z := 0; l1 := 0);
M2 = (V2, p0, A2);V2 = {l2, x, y};p0 = (l2 = 0, x = 0, y = 0);A2 = {β1, β2};
whereβ1 = (l2 = 0 ∧ y = 0,
x := 2; l2 := 1);β2 = (l2 = 1 ∧ x = 0,
y := 1; l2 := 0)
M3 = (V3, s0, A3);V3 = {l3, x, y};s0 = (l3 = 0, x = 0, y = 0);A3 = {γ1, γ2};
whereγ1 = (l3 = 0 ∧ y = 1,
x := 3; l3 := 1);γ2 = (l3 = 1 ∧ x = 0,
y := 0; l3 := 0)
ProcessesVariable declarationsLocal initial statesAction sets
Guard
Assignments
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems6 / 19
State Graphs
q0
q1
q2
q3
q4
q5
p0
p1
p2
p3
s0
s1
s2
s3
s4
s5
p4
p5
States labeledw.variable
assignments
LocaltransitionsExternal
transitions
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems7 / 19
State Graphs
q0
q1
q2
q3
q4
q5
p0
p1
p2
p3
s0
s1
s2
s3
s4
s5
p4
p5
States labeledw.variable
assignments
LocaltransitionsExternal
transitions
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems7 / 19
State Graphs
q0
q1
q2
q3
q4
q5
p0
p1
p2
p3
s0
s1
s2
s3
s4
s5
p4
p5
States labeledw.variable
assignments
Localtransitions
Externaltransitions
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems7 / 19
State Graphs
q0
q1
q2
q3
q4
q5
p0
p1
p2
p3
s0
s1
s2
s3
s4
s5
p4
p5
States labeledw.variable
assignments
Localtransitions
Externaltransitions
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems7 / 19
Local State Graph ConstructionThe Thread Modular Model Checking Approach
Parallel composition of communicating processesM1‖ . . . ‖Mn |= ϕ
Local State SpaceConstruction & Verification
Local state graphsG1, . . . , Gn
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems8 / 19
Thread Modular Model Checking (TMMC)
• Each process is verified locally with a derived environmentcapturing all possible interactions with its neighbors.
• For each process, its environment is derived from the guaranteesof its neighbors.
• The guarantee of a process P is a set of state transitions on theshared variables resulting from executions of process P .
∀ Process Pi, fix its env. Ei = ∅
∀ Process Pi, compute its guarantee gi wrt Ei
∃gi st gi is extended?
∀ Process Pi, update its env. Ei = ∪i 6=jgj
Terminate.No
Yes
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems9 / 19
TMMC: Illustration
G1 [l1, x, z] G2 [l2, x, y] G3 [l3, x, y]
0, 0, 0
0, 2, 0
β 1
1, 2, 3
2, 0, 3
α1
α2α2
2, 3, 32, 2, 3
3, 3, 9
0, 3, 0
1, 3, 4
2, 0, 4β1
γ1
α3
γ1
α1
α2
0, 0, 0
1, 2, 0
β1
1, 2, 0
β1
1, 0, 0
α2
0, 0, 1
β2
0, 3, 1
γ1
0, 0, 0
0, 2, 0
β1
0, 0, 0
α2
0, 0, 1
β2
1, 3, 1
γ1
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems10 / 19
TMMC: Illustration
G1 [l1, x, z] G2 [l2, x, y] G3 [l3, x, y]
0, 0, 0
0, 2, 0
β 1
1, 2, 3
2, 0, 3
α1
α2α2
2, 3, 32, 2, 3
3, 3, 9
0, 3, 0
1, 3, 4
2, 0, 4β1
γ1
α3
γ1
α1
α2
0, 0, 0
1, 2, 0
β1
1, 2, 0
β1
1, 0, 0
α2
0, 0, 1
β2
0, 3, 1
γ1
0, 0, 0
0, 2, 0
β1
0, 0, 0
α2
0, 0, 1
β2
1, 3, 1
γ1
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems10 / 19
TMMC: Illustration
G1 [l1, x, z] G2 [l2, x, y] G3 [l3, x, y]
0, 0, 0
0, 2, 0β 1
1, 2, 3
2, 0, 3
α1
α2α2
2, 3, 32, 2, 3
3, 3, 9
0, 3, 0
1, 3, 4
2, 0, 4β1
γ1
α3
γ1
α1
α2
0, 0, 0
1, 2, 0
β1
1, 2, 0
β1
1, 0, 0
α2
0, 0, 1
β2
0, 3, 1
γ1
0, 0, 0
0, 2, 0
β1
0, 0, 0
α2
0, 0, 1
β2
1, 3, 1
γ1
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems10 / 19
TMMC: Illustration
G1 [l1, x, z] G2 [l2, x, y] G3 [l3, x, y]
0, 0, 0
0, 2, 0β 1
1, 2, 3
2, 0, 3
α1
α2
α2
2, 3, 32, 2, 3
3, 3, 9
0, 3, 0
1, 3, 4
2, 0, 4β1
γ1
α3
γ1
α1
α2
0, 0, 0
1, 2, 0
β1
1, 2, 0
β1
1, 0, 0
α2
0, 0, 1
β2
0, 3, 1
γ1
0, 0, 0
0, 2, 0
β1
0, 0, 0
α2
0, 0, 1
β2
1, 3, 1
γ1
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems10 / 19
TMMC: Illustration
G1 [l1, x, z] G2 [l2, x, y] G3 [l3, x, y]
0, 0, 0
0, 2, 0β 1
1, 2, 3
2, 0, 3
α1
α2
α2
2, 3, 32, 2, 3
3, 3, 9
0, 3, 0
1, 3, 4
2, 0, 4β1
γ1
α3
γ1
α1
α2
0, 0, 0
1, 2, 0
β1
1, 2, 0
β1
1, 0, 0
α2
0, 0, 1
β2
0, 3, 1
γ1
0, 0, 0
0, 2, 0
β1
0, 0, 0
α2
0, 0, 1
β2
1, 3, 1
γ1
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems10 / 19
TMMC: Illustration
G1 [l1, x, z] G2 [l2, x, y] G3 [l3, x, y]
0, 0, 0
0, 2, 0β 1
1, 2, 3
2, 0, 3
α1
α2
α2
2, 3, 32, 2, 3
3, 3, 9
0, 3, 0
1, 3, 4
2, 0, 4β1
γ1
α3
γ1
α1
α2
0, 0, 0
1, 2, 0
β1
1, 2, 0
β1
1, 0, 0
α2
0, 0, 1
β2
0, 3, 1
γ1
0, 0, 0
0, 2, 0
β1
0, 0, 0
α2
0, 0, 1
β2
1, 3, 1
γ1
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems10 / 19
TMMC: Weakness
G1 [l1, x, z] G2 [l2, x, y] G3 [l3, x, y]
0, 0, 0
0, 2, 0β 1
1, 2, 3
2, 0, 3
α1
α2
2, 3, 32, 2, 3
3, 3, 9
0, 3, 0
1, 3, 4
2, 0, 4
β1 γ1
α3
γ1
α1
α2
0, 0, 0
1, 2, 0
β1
1, 0, 0
α2
0, 0, 1
β2
0, 3, 1
γ1
0, 0, 0
0, 2, 0
β1
0, 0, 0
α2
0, 0, 1
β2
1, 3, 1
γ1
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems11 / 19
Improved Local State Graph ConstructionThe Synchronized Local State Space Search Approach
Parallel composition of communicating processesM1‖ . . . ‖Mn |= ϕ
Local State SpaceConstruction & Verification
Local state graphsG1, . . . , Gn
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems12 / 19
Local State Space Search (LS3)
• Construct local state graphs by searching joint state space ofcommunicating processes.• Extend the local SGs resulting from interactions among processes.• Avoiding adding external transitions in wrong states.
Algorithm
∀ Process Pi, initialize Gi with initi
∀ Processes Pi and Pj, search their joint state space Gij
Extend Gi and Gj wrt Gij
∃ Process Pi st Gi extended with new transitions?
Terminate.
No
Yes
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems13 / 19
LS3: Illustration
localSearch() G1 G2 G3
M1,M2
q0, p0
q1, p1
q2, p1
q3, p2
q3, p3
β1
α1
α2
β2
M2,M3
p0, s0
p1, s1
β1
M1,M3
q0, s0
q1, s1
q2, s1
q3, s2
β1
α1
α2
q0
q1
q2
q3
β1
α1
α2
p0
p1
p2
p3
β1
α2
β2
s0
s1
β1
s2
α2
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems14 / 19
LS3: Illustration
localSearch() G1 G2 G3
M1,M2
q0, p0
q1, p1
q2, p1
q3, p2
q3, p3
β1
α1
α2
β2
M2,M3
p0, s0
p1, s1
β1
M1,M3
q0, s0
q1, s1
q2, s1
q3, s2
β1
α1
α2
q0
q1
q2
q3
β1
α1
α2
p0
p1
p2
p3
β1
α2
β2
s0
s1
β1
s2
α2
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems14 / 19
LS3: Illustration
localSearch() G1 G2 G3
M1,M2
q0, p0
q1, p1
q2, p1
q3, p2
q3, p3
β1
α1
α2
β2
M2,M3
p0, s0
p1, s1
β1
M1,M3
q0, s0
q1, s1
q2, s1
q3, s2
β1
α1
α2
q0
q1
q2
q3
β1
α1
α2
p0
p1
p2
p3
β1
α2
β2
s0
s1
β1
s2
α2
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems14 / 19
LS3: Illustration
localSearch() G1 G2 G3
M1,M2
q0, p0
q1, p1
q2, p1
q3, p2
q3, p3
β1
α1
α2
β2
M2,M3
p0, s0
p1, s1
β1
M1,M3
q0, s0
q1, s1
q2, s1
q3, s2
β1
α1
α2
q0
q1
q2
q3
β1
α1
α2
p0
p1
p2
p3
β1
α2
β2
s0
s1
β1
s2
α2
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems14 / 19
LS3: Illustration
localSearch() G1 G2 G3
M1,M2
q0, p0
q1, p1
q2, p1
q3, p2
q3, p3
β1
α1
α2
β2
M2,M3
p0, s0
p1, s1
β1
M1,M3
q0, s0
q1, s1
q2, s1
q3, s2
β1
α1
α2
q0
q1
q2
q3
β1
α1
α2
p0
p1
p2
p3
β1
α2
β2
s0
s1
β1
s2
α2
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems14 / 19
LS3: Illustration
localSearch() G1 G2 G3
M1,M2
q0, p0
q1, p1
q2, p1
q3, p2
q3, p3
β1
α1
α2
β2
M2,M3
p0, s0
p1, s1
β1
M1,M3
q0, s0
q1, s1
q2, s1
q3, s2
β1
α1
α2
q0
q1
q2
q3
β1
α1
α2
p0
p1
p2
p3
β1
α2
β2
s0
s1
β1
s2
α2
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems14 / 19
LS3: Illustration
localSearch() G1 G2 G3
M1,M2
q0, p0
q1, p1
q2, p1
q3, p2
q3, p3
β1
α1
α2
β2
M2,M3
p0, s0
p1, s1
β1
M1,M3
q0, s0
q1, s1
q2, s1
q3, s2
β1
α1
α2
q0
q1
q2
q3
β1
α1
α2
p0
p1
p2
p3
β1
α2
β2
s0
s1
β1
s2
α2
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems14 / 19
LS3: Illustration
localSearch() G1 G2 G3
M1,M2
q0, p0
q1, p1
q2, p1
q3, p2
q3, p3
β1
α1
α2
β2
M2,M3
p0, s0
p1, s1
β1
M1,M3
q0, s0
q1, s1
q2, s1
q3, s2
β1
α1
α2
q0
q1
q2
q3
β1
α1
α2
p0
p1
p2
p3
β1
α2
β2
s0
s1
β1
s2
α2
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems14 / 19
LS3: Illustration
localSearch() G1 G2 G3
M1,M2
q0, p0
q1, p1
q2, p1
q3, p2
q3, p3
β1
α1
α2
β2
M2,M3
p0, s0
p1, s1
β1
M1,M3
q0, s0
q1, s1
q2, s1
q3, s2
β1
α1
α2
q0
q1
q2
q3
β1
α1
α2
p0
p1
p2
p3
β1
α2
β2
s0
s1
β1
s2
α2
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems14 / 19
LS3: Illustration: Final ResultsG1 G2 G3
q0
q1
q2
q3
q4
q5
β1
α1
α2
γ1
α3
α4
q0
p1
p2
p3
p4
p5
β1
α2
β2
γ1
α4
γ2
s0
s1
s2
s3
s4
s5
β1
α2
β2
γ1
α4
γ2
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems15 / 19
Experiment 1
• Experimented on small examples to show that LS3 is capable ofavoiding extra states added into local SGs.
phil peterson.3 syzmanski.4
Mono (9, 9, 9, 9) (2627, 2421, 2745) (4311, 4415, 4383, 4352)TMMC (16, 16, 16, 16) (2997, 2952, 2952) (5875, 6125, 6250, 6375)LS3 (9, 9, 9, 9) (2627, 2421, 2745) (5201, 5453, 5598, 5755)
Mono: construct local SGs while searching the global state space ofthe whole system.
• A special case of LS3 applied to all processes.
• Used as the baseline to compare the results from TMMC and LS3.
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems16 / 19
Experiment 1
• Experimented on small examples to show that LS3 is capable ofavoiding extra states added into local SGs.
phil peterson.3 syzmanski.4
Mono (9, 9, 9, 9) (2627, 2421, 2745) (4311, 4415, 4383, 4352)TMMC (16, 16, 16, 16) (2997, 2952, 2952) (5875, 6125, 6250, 6375)LS3 (9, 9, 9, 9) (2627, 2421, 2745) (5201, 5453, 5598, 5755)
Mono: construct local SGs while searching the global state space ofthe whole system.
• A special case of LS3 applied to all processes.
• Used as the baseline to compare the results from TMMC and LS3.
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems16 / 19
Experiment 1
• Experimented on small examples to show that LS3 is capable ofavoiding extra states added into local SGs.
phil peterson.3 syzmanski.4
Mono (9, 9, 9, 9) (2627, 2421, 2745) (4311, 4415, 4383, 4352)TMMC (16, 16, 16, 16) (2997, 2952, 2952) (5875, 6125, 6250, 6375)LS3 (9, 9, 9, 9) (2627, 2421, 2745) (5201, 5453, 5598, 5755)
Mono: construct local SGs while searching the global state space ofthe whole system.
• A special case of LS3 applied to all processes.
• Used as the baseline to compare the results from TMMC and LS3.
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems16 / 19
Experiment 2
Method Time Mem State counts of local state graphs
brpTMMC 2.7 174 (5600∗, 2226∗, 351694∗, 295∗, 84, 30)LS3 9.8 214 (1368, 1496, 25091, 77, 35, 14)
iprotocolTMMC 8.8 408 (19, 1256∗, 53, 18104∗, 110627∗, 283444∗)LS3 10.1 68 (19, 230, 29, 2647, 3656, 23747)
lamportTMMC 15.9 106 (9344∗, 9344∗, 9344∗, 9344∗, 9344∗)LS3 24.8 143 (8800, 8800, 8800, 8800, 8800)
lannTMMC 1.3 15 (250, 250, 250, 250, 566, 560, 561, 412)LS3 4.3 33 (250, 248, 248, 248, 566, 554, 555, 408)
peterson.4TMMC TO − (124535∗, 104922∗, 104088∗, 103319∗)LS3 10.9 88.5 (13573, 12993, 12869, 12801)
syzmanski.5TMMC 59.4 198 (35000∗, 36250∗, 36875∗, 37500∗, 38125∗)LS3 59.1 211 (30684∗, 31934∗, 32659∗, 33444∗, 34265∗)
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems17 / 19
Discussions & Conclusions
• Presented an improved local state space construction methodLS3.• A key part of a methodology to address the state explosion
problem due to interleavings of concurrent executions.
• LS3 can produce local SGs with less unreachable states.
• LS3 may incur noticeable time/mem. overhead.• Need to balance between size & accuracy of local SGs and cost of
time & memory.
• Good target applications are loosely coupled systems.
• Future work:• Improve the LS3 method further.• Combine TMMC and LS3 for their advantages.
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems18 / 19
Discussions & Conclusions
• Presented an improved local state space construction methodLS3.• A key part of a methodology to address the state explosion
problem due to interleavings of concurrent executions.
• LS3 can produce local SGs with less unreachable states.
• LS3 may incur noticeable time/mem. overhead.• Need to balance between size & accuracy of local SGs and cost of
time & memory.
• Good target applications are loosely coupled systems.
• Future work:• Improve the LS3 method further.• Combine TMMC and LS3 for their advantages.
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems18 / 19
Thank you
and
Questions?
H. Zheng (CSE USF) Local State Space Construction for Compositional Verification of Concurrent Systems19 / 19