



















| The imagination driving Aust | arelia's ICT future.                                  | NATIONAL |
|------------------------------|-------------------------------------------------------|----------|
| Idea                         |                                                       |          |
|                              | o equivalent classes<br>ect one run in each class onl | у        |
| Algorithmic Verification     | Ralf Huuck                                            | 14       |

















#### The imagination driving Australia's ICT future. The imagination driving Australia's ICT future. . NATIONAL . NATIONAL Labeled Transition System enabled/reachable $(S,s_0,A,\tau,\Pi,L)$ is labeled transition system • action a∈A is enabled in state s∈S iff $\tau(a,s)$ is defined where • enabled(s) denotes set of all actions enabling in transition • S finite set of states from state s so initial state • sate s is deadlock state iff enabled(s)=∅ • A finite set of actions • execution sequence is sequence of subsequent transitions • $\tau: S \times A \rightarrow S$ (partial) transition function state s is reachable iff there exists an execution sequence ٠ • IT finite set of Boolean propositions from $\boldsymbol{s}_0$ to $\boldsymbol{s}$ • L:S $\rightarrow 2^{\Pi}$ labeling function (similar to a Kripke structure with symbols on transitions)











## The imagination driving Australia's ICT future.

. NATIONAL

#### Properties

POR is typically done with respect to certain classes of properties, e.g.:

- absence of deadlock,
- local property, depends on state of a single process
   or state of single shared object
- next-free LTL property, i.e., LTL with until operator only

# The imagination driving Australia's ICT future. Preserving Deadlock To preserve deadlock states the reduction function must satisfy: C0 r(s)= $\emptyset$ iff enabled(s)= $\emptyset$ C1 (persistency) for any execution sequence $s = s_0 \xrightarrow{a_0} s_1 \xrightarrow{a_1} \dots \xrightarrow{a_{n-1}} s_n$ with all $a_i \notin r(s)$ (0≤i<n), $a_{n-1}$ is independent of all $a_i \in r(s)$

















## The imagination driving Australia's ICT future.

. NATIONAL

### Next-free LTL

- only allows Until as temporal operator,
- strict subset of LTL
- cannot, e.g., distinguish between the next and the second next state
- closed under stuttering

## The imagination driving Australia's ICT future. Invisibility prop(φ) set of propositions in φ • action a is φ-invisible in s iff τ(s,a) is undefined or π∈ L(s) ⇔ π ∈ L(τ(s,a)) for all π∈ prop(φ) • a is globally φ-invisible iff it is φ-invisible for all s∈S This means some action cannot change some truth value.







| The imagination driving Au | istralia's ICT future.                                                     |    |
|----------------------------|----------------------------------------------------------------------------|----|
| Theorem                    |                                                                            |    |
|                            |                                                                            |    |
|                            | y reduced system satisfy<br>C0, C1, C2, and C3<br>erves next-free LTL prop |    |
|                            |                                                                            |    |
| Algorithmic Verification   | Ralf Huuck                                                                 | 50 |



| The imagination driving Australia's ICT future.                                               |    | The imagination driving Australia's ICT future.                                                                                                                                                                                                                                                                                                                                                                                                            |    |
|-----------------------------------------------------------------------------------------------|----|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----|
| System Construction in SPIN                                                                   |    | Preliminaries                                                                                                                                                                                                                                                                                                                                                                                                                                              |    |
| <ol> <li>depth first search</li> <li>reduction function based on process structure</li> </ol> |    | $\begin{array}{l} (S,s_0,A,\tau,\Pi,L) \text{ full LTS from set of processes } \boldsymbol{\mathcal{P}}\\ \text{ each process } P \in \boldsymbol{\mathcal{P}} \text{ is set of actions, i.e., } P \subseteq A\\\\ \text{ we assume: } \boldsymbol{\mathcal{P}} \text{ is a partitioning of A, i.e,}\\ 1.  P,Q \in \boldsymbol{\mathcal{P}}, P \neq Q \Rightarrow P \cap Q = \emptyset, \text{ and}\\\\ 2.  A = \bigcup_{P \in \mathcal{P}} P \end{array}$ |    |
| Aportinis Verlandon - Bel Haurek                                                              |    | Pid:A $\rightarrow \mathcal{P}$ returns process (ID) for a given action                                                                                                                                                                                                                                                                                                                                                                                    |    |
| Algorithmic Verification Relf Huuck                                                           | 53 | Algorithmic Verification Ralf Hauck                                                                                                                                                                                                                                                                                                                                                                                                                        | 54 |













| The imagination d | iving Australia's ICT future.                 | ATION     ICT AUSTRA |
|-------------------|-----------------------------------------------|----------------------|
| Reduction         | Function Ample (part 1)                       |                      |
| lets⊂S b          | e a state. Let $P{\in}\mathcal{P}$ be a proce | es such that         |
|                   | ed(s)∩ P ≠Ø                                   | .55 5001 1101        |
|                   | a∈enabled(s)∩P, a is (next-f                  | ree) safe            |
| 3. for all        | a∈enabled(s)∩P, τ(s,a) is no                  | t on DFS stack       |
|                   |                                               |                      |
|                   |                                               |                      |
|                   |                                               |                      |
|                   |                                               |                      |
|                   |                                               |                      |
|                   |                                               |                      |
|                   |                                               |                      |
|                   |                                               |                      |
|                   |                                               |                      |



















