Difference between pages "D45 Model Checking" and "D45 Prover Enhancement"

From Event-B
(Difference between pages)
Jump to navigationJump to search
imported>Leuschel
 
imported>Nicolas
 
Line 1: Line 1:
 
= Overview =
 
= Overview =
{{TODO}} An overview of the work done about model checking.
+
* Two tasks concerned the prover performance from the core platform: the addition of rewriting and inference rules, and the addition of a mechanism to allow the customization and the parametrization or combination of tactics. While the addition of rewriting and inference rules has always been a regular task to enhance the Rodin integrated prover during DEPLOY lifetime, a new way to manage tactics has been implemented. In fact, the user is now able to define various types of tactics called 'profiles' which could be customized and parameterized tactics to discharge some specific proof obligations.
 +
* {{TODO}} An overview of the contribution about the ProB Disprover (Daniel Plagge, Jens Bendiposto)
 +
* The SMT Solvers plug-in allowing to use the SMT solvers within Rodin is an effective alternative to the Atelier-B provers, particularly when reasoning on linear arithmetic. {{TODO}} (Laurent Voisin, Yoann Guyot)
  
== State Space Reduction, Compression and Hashing ==
+
= Motivations =
 
+
== New rewriting and inference rules ==
Driven by a case study from the space sector (a protocol modeled by SSF), where memory consumption was an issue, we have investigated ways to reduce ProB's memory consumption.
+
In an Event-B development, more than 60% of the time is spent on proofs. It has been a continuous aim to increase the number of automatically discharged proof obligations (POs) by improving the capabilities of the integrated sequent prover through the addition of rewriting and inference rules. These rules were provided through tactics, or existing or newly created. These tactics were automatic, or manual, or sometimes both. Providing new proving rules, even if it sometimes does not increase directly the number of automatically discharged POs aims to help the user to interactively discharge them and spare his time.
A first step was to implement a first version of state compression, whereby we simplify stored states so that they require less memory. This was achieved without compromising speed and is now always activated.
 
Furthermore, if the preference <tt>COMPRESSION</tt> is set to true, then ProB will also detect common (sub-)expressions in states and store the common expressions only once.
 
E.g., when several states have the same same value for a given variable <tt>x</tt> then its value will only be stored just once. This is particularly useful when complicated variables only change infrequently.
 
 
 
Related to this aspect, the hashing of ProB states was improved on 64-bit architectures, which is also important in the context of detecting common subexpressions for sharing (common subexpressions are detected by hashing).
 
We have also implemented a cryptographic SHA1 hashing function for Prolog terms, but it is not yet used in the production version of ProB.
 
 
 
Finally, the most useful symmetry reduction technique of ProB is the so-called "hash marker" method.
 
Here, we have also improved the computation of the hash symmetry markers, both achieving a reduction in size and runtime.
 
 
 
In addition, many improvements in constraint solving kernel were implemented.
 
 
 
== Constraint-Based Checking ==
 
 
 
Improved Constraint-based checking for deadlocks, invariants and event sequences (used in MBT).
 
 
 
 
 
== New Features ==
 
=== Experiments with Theory Plugin ===
 
 
 
=== Support of finite operator===
 
 
 
=== Improved detection of infinite functions, and improved support for them===
 
  
=== Detection when infinite sets had to be approximated===
+
== Advanced Preferences for Auto-tactics ==
  
== Experiments ==
+
Sometimes, the automatic prover fails because the order of the applied tactics doesn't lead to discharge the proof obligation. Previously the ordering of tactics was lost at each change. Another issue is to have more than one possibility to combine the tactics. Indeed, various combinators called ''tacticals'' allow to combine tactics in a specific manner, thus providing a sort of tactic arithmetic. The advanced preferences for auto-tactics solved these two issues.
Conducted comparison with TLA+ model checker TLC
 
  
= Motivations =
+
== Isabelle Plug-in ==
{{TODO}} To be completed.
+
{{TODO}} ''To be completed by Matthias Schmaltz''
The motivations for the state space compression arose from experiments in WP3 (space), and from applications of ProB outside of Deploy.
+
== ProB Disprover ==
 +
{{TODO}} ''Daniel Plagge, Jens Bendiposto''
 +
== SMT Solver Integration ==
 +
{{TODO}} ''Laurent Voisin'' & ''Yoann Guyot''
  
 
= Choices / Decisions =
 
= Choices / Decisions =
{{TODO}} To be completed.
+
== New rewriting and inference rules ==
 
+
{{TODO}} ''To be completed by Laurent Voisin''
Aggressive compression can also induce a performance penalty.
+
== Advanced Preferences for Auto-tactics ==
The new default mode was chosen such that there should be no performance penalty, with reduced memory usage.
+
{{TODO}} ''To be completed by Nicolas Beauger''
(Indeed, the time for compression is regained by reduced time to store and retrieve the states.)
+
Since Rodin 2.1, simple tactic profiles have been added. They allow to persiste and set specifically for some project various ordered ways to apply the basic tactics. Since Rodin 2.3, tacticals and parameterisation have been added to the profiles increasing even more the potential of such proving feature. The combinators allow for exemple to loop on a subset of tactics, including existing profiles, and the parameterisation allows for example to set a timeout on external provers such as AtelierB P1.
  
A more aggressive setting can be forced by <tt>-p COMPRESSION TRUE</tt>. This will further reduce memory consumption, but may increase runtime (although quite often it does not).
+
== Isabelle Plug-in ==
 +
{{TODO}} ''To be completed by Matthias Schmaltz''
 +
== ProB Disprover ==
 +
{{TODO}} ''Daniel Plagge, Jens Bendiposto''
 +
== SMT Solver Integration ==
 +
{{TODO}} ''Laurent Voisin'' & ''Yoann Guyot''
  
 
= Available Documentation =
 
= Available Documentation =
{{TODO}} To be completed.
+
* {{TODO}} Links for New rewriting and inference rules
 
+
* {{TODO}} Links for Advanced Preferences for Auto-tactics
* [http://www.stups.uni-duesseldorf.de/ProB/index.php5/Using_the_Command-Line_Version_of_ProB Command-Line Version of ProB]
+
* {{TODO}} Links for Isabelle Plug-in
* [http://www.stups.uni-duesseldorf.de/w/Special:Publication/HaLe2011 Constraint-Based Deadlock Checking of High-Level Specifications. In Proceedings ICLP'2011 (to appear), Cambridge University Press, 2011.]
+
* {{TODO}} Links for ProB Disprover
* [http://www.stups.uni-duesseldorf.de/w/Special:Publication/HansenLeuschelTLA2012 Translating TLA+ to B and experiments with TLC]
+
* {{TODO}} Links for SMT Solver Integration
  
 
= Status =
 
= Status =
{{TODO}} To be completed.
+
== New rewriting and inference rules ==
 
+
{{TODO}} ''To be completed by Laurent Voisin''
The improved hashing and light-weight state compression is available in the current release of ProB.
+
== Advanced Preferences for Auto-tactics ==
The SHA1 hash technique is not available in the current release.
+
{{TODO}} ''To be completed by Nicolas Beauger''
The research on further compression technique is ongoing and will be continued within the project ADVANCE.
+
== Isabelle Plug-in ==
 
+
{{TODO}} ''To be completed by Matthias Schmaltz''
 +
== ProB Disprover ==
 +
{{TODO}} ''Daniel Plagge, Jens Bendiposto''
 +
== SMT Solver Integration ==
 +
{{TODO}} ''Laurent Voisin'' & ''Yoann Guyot''
  
 
[[Category:D45 Deliverable]]
 
[[Category:D45 Deliverable]]

Revision as of 10:36, 24 November 2011

Overview

  • Two tasks concerned the prover performance from the core platform: the addition of rewriting and inference rules, and the addition of a mechanism to allow the customization and the parametrization or combination of tactics. While the addition of rewriting and inference rules has always been a regular task to enhance the Rodin integrated prover during DEPLOY lifetime, a new way to manage tactics has been implemented. In fact, the user is now able to define various types of tactics called 'profiles' which could be customized and parameterized tactics to discharge some specific proof obligations.
  • TODO An overview of the contribution about the ProB Disprover (Daniel Plagge, Jens Bendiposto)
  • The SMT Solvers plug-in allowing to use the SMT solvers within Rodin is an effective alternative to the Atelier-B provers, particularly when reasoning on linear arithmetic. TODO (Laurent Voisin, Yoann Guyot)

Motivations

New rewriting and inference rules

In an Event-B development, more than 60% of the time is spent on proofs. It has been a continuous aim to increase the number of automatically discharged proof obligations (POs) by improving the capabilities of the integrated sequent prover through the addition of rewriting and inference rules. These rules were provided through tactics, or existing or newly created. These tactics were automatic, or manual, or sometimes both. Providing new proving rules, even if it sometimes does not increase directly the number of automatically discharged POs aims to help the user to interactively discharge them and spare his time.

Advanced Preferences for Auto-tactics

Sometimes, the automatic prover fails because the order of the applied tactics doesn't lead to discharge the proof obligation. Previously the ordering of tactics was lost at each change. Another issue is to have more than one possibility to combine the tactics. Indeed, various combinators called tacticals allow to combine tactics in a specific manner, thus providing a sort of tactic arithmetic. The advanced preferences for auto-tactics solved these two issues.

Isabelle Plug-in

TODO To be completed by Matthias Schmaltz

ProB Disprover

TODO Daniel Plagge, Jens Bendiposto

SMT Solver Integration

TODO Laurent Voisin & Yoann Guyot

Choices / Decisions

New rewriting and inference rules

TODO To be completed by Laurent Voisin

Advanced Preferences for Auto-tactics

TODO To be completed by Nicolas Beauger Since Rodin 2.1, simple tactic profiles have been added. They allow to persiste and set specifically for some project various ordered ways to apply the basic tactics. Since Rodin 2.3, tacticals and parameterisation have been added to the profiles increasing even more the potential of such proving feature. The combinators allow for exemple to loop on a subset of tactics, including existing profiles, and the parameterisation allows for example to set a timeout on external provers such as AtelierB P1.

Isabelle Plug-in

TODO To be completed by Matthias Schmaltz

ProB Disprover

TODO Daniel Plagge, Jens Bendiposto

SMT Solver Integration

TODO Laurent Voisin & Yoann Guyot

Available Documentation

  • TODO Links for New rewriting and inference rules
  • TODO Links for Advanced Preferences for Auto-tactics
  • TODO Links for Isabelle Plug-in
  • TODO Links for ProB Disprover
  • TODO Links for SMT Solver Integration

Status

New rewriting and inference rules

TODO To be completed by Laurent Voisin

Advanced Preferences for Auto-tactics

TODO To be completed by Nicolas Beauger

Isabelle Plug-in

TODO To be completed by Matthias Schmaltz

ProB Disprover

TODO Daniel Plagge, Jens Bendiposto

SMT Solver Integration

TODO Laurent Voisin & Yoann Guyot

Retrieved from ‘https://wiki.event-b.org/index.php?title=D45_Model_Checking&oldid=3128