• Save
Verification with LoLA: 3 State Space Reduction
Upcoming SlideShare
Loading in...5
×
 

Verification with LoLA: 3 State Space Reduction

on

  • 379 views

 

Statistics

Views

Total Views
379
Views on SlideShare
261
Embed Views
118

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 118

http://www.informatik.uni-rostock.de 118

Accessibility

Categories

Upload Details

Uploaded via as Apple Keynote

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n

Verification with LoLA: 3 State Space Reduction Verification with LoLA: 3 State Space Reduction Presentation Transcript

  • 3. State Space Reduction
  • Plan• Stubborn sets [Petri Nets 1999]• Symmetry [Acta Informatica 2000]• Invariants [TACAS 2003]• Sweep-Line [TACAS 2004]
  • The Stubborn Set Method 3
  • Diamonds from concurrency a b b a 4
  • Diamonds from concurrency s1 a b s s’ b s2 a 4
  • State Explosion by Concurrency Process A Process B Process C internal internal 1 internal internal internal 2 internal sync sync sync 3 4 111 211 121 112 311 221 131 212 122 113312 321 231 222 132 213 123 322 331 232 313 133 223 332 323 233 333 444 5
  • Stubborn Sets 111 211 121 112 311 221 131 212 122 113312 321 231 222 132 213 123 322 331 232 313 133 223 332 323 233 333 6 444
  • Stubborn SetsIn every marking m:stubborn(m) ⊆ Tfire only activated transitions in stubborn(m) 111 211 121 112 311 221 131 212 122 113312 321 231 222 132 213 123 322 331 232 313 133 223 332 323 233 333 6 444
  • Stubborn SetsIn every marking m:stubborn(m) ⊆ Tfire only activated transitions in stubborn(m)reduced transition system: 111 211 121 112 311 221 131 212 122 113312 321 231 222 132 213 123 322 331 232 313 133 223 332 323 233 333 6 444
  • Stubborn SetsIn every marking m:stubborn(m) ⊆ Tfire only activated transitions in stubborn(m)reduced transition system: 111 211 121 112 311 221 131 212 122 113312 321 231 222 132 213 123 322 331 232 313 133 223 332 323 233 333 6 444
  • Stubborn SetsIn every marking m:stubborn(m) ⊆ Tfire only activated transitions in stubborn(m)reduced transition system: 111 211 121 112 311 221 131 212 122 113312 321 231 222 132 213 123 322 331 232 313 133 223 332 323 233 333 6 444
  • Stubborn SetsIn every marking m:stubborn(m) ⊆ Tfire only activated transitions in stubborn(m)reduced transition system: 111 211 121 112 311 221 131 212 122 113312 321 231 222 132 213 123 322 331 232 313 133 223 332 323 233 333 6 444
  • Stubborn SetsIn every marking m:stubborn(m) ⊆ Tfire only activated transitions in stubborn(m)reduced transition system: 111 211 121 112 311 221 131 212 122 113312 321 231 222 132 213 123 322 331 232 313 133 223 332 323 233 333 6 444
  • Reduced Transition System 111 121 122 222 223 323 333 7 444
  • How to Preserve PropertiesCore principle: outside stubborn(m) m2 implies in stubborn(m) plus property specific requirements presence of right path justifies absence of left path 8
  • How to Preserve PropertiesCore principle: outside stubborn(m)m w1 m1 t m2 implies in stubborn(m) plus property specific requirements presence of right path justifies absence of left path 8
  • How to Preserve PropertiesCore principle: outside stubborn(m)m w1 m1 t m2 implies m t m1 ’ w1 m2 in stubborn(m) plus property specific requirements presence of right path justifies absence of left path 8
  • Preservation of DeadlocksCore principle + impliesProof: 9
  • Preservation of Deadlocks Core principle + implies Proof:Let m w d length(w) = min 9
  • Preservation of Deadlocks Core principle + implies Proof:Let m w d length(w) = min1st case: some t of stubborn(m) occurs in w 9
  • Preservation of Deadlocks Core principle + implies Proof:Let m w d length(w) = min1st case: some t of stubborn(m) occurs in w m w1 s1 t m2 w2 d 9
  • Preservation of Deadlocks Core principle + implies Proof:Let m w d length(w) = min1st case: some t of stubborn(m) occurs in w m w1 s1 t m2 w2 d m t m1 ’ w1 m2 w2 d 9
  • Preservation of Deadlocks Core principle + implies Proof:Let m w d length(w) = min1st case: some t of stubborn(m) occurs in w m w1 s1 t m2 w2 d m1’ in red. TS, m t m1 ’ w1 m2 w2 d closer to d! 9
  • Preservation of Deadlocks Core principle + implies Proof:Let m w d length(w) = min1st case: some t of stubborn(m) occurs in w m w1 s1 t m2 w2 d m1’ in red. TS, m t m1 ’ w1 m2 w2 d closer to d!2nd case: no t of stubborn(m) occurs in w 9
  • Preservation of Deadlocks Core principle + implies Proof:Let m w d length(w) = min1st case: some t of stubborn(m) occurs in w m w1 s1 t m2 w2 d m1’ in red. TS, m t m1 ’ w1 m2 w2 d closer to d!2nd case: no t of stubborn(m) occurs in w m w d 9
  • Preservation of Deadlocks Core principle + implies Proof:Let m w d length(w) = min1st case: some t of stubborn(m) occurs in w m w1 s1 t m2 w2 d m1’ in red. TS, m t m1 ’ w1 m2 w2 d closer to d!2nd case: no t of stubborn(m) occurs in w m w d t 9
  • Preservation of Deadlocks Core principle + implies Proof:Let m w d length(w) = min1st case: some t of stubborn(m) occurs in w m w1 s1 t m2 w2 d m1’ in red. TS, m t m1 ’ w1 m2 w2 d closer to d!2nd case: no t of stubborn(m) occurs in w m w d t t 9
  • Preservation of Deadlocks Core principle + implies Proof:Let m w d length(w) = min1st case: some t of stubborn(m) occurs in w m w1 s1 t m2 w2 d m1’ in red. TS, m t m1 ’ w1 m2 w2 d closer to d!2nd case: no t of stubborn(m) occurs in w m w d t d not a t 9 deadlock!
  • Preservation of Deadlocks Core principle + m w m’ implies Proof:Let m w d length(w) = min1st case: some t of stubborn(m) occurs in w m w1 s1 t m2 w2 d m1’ in red. TS, m t m1 ’ w1 m2 w2 d closer to d!2nd case: no t of stubborn(m) occurs in w m w d t d not a t 9 deadlock!
  • Preservation of Deadlocks Core principle + m w m’ implies t Proof:Let m w d length(w) = min1st case: some t of stubborn(m) occurs in w m w1 s1 t m2 w2 d m1’ in red. TS, m t m1 ’ w1 m2 w2 d closer to d!2nd case: no t of stubborn(m) occurs in w m w d t d not a t 9 deadlock!
  • Preservation of Deadlocks Core principle + m w m’ implies t t Proof:Let m w d length(w) = min1st case: some t of stubborn(m) occurs in w m w1 s1 t m2 w2 d m1’ in red. TS, m t m1 ’ w1 m2 w2 d closer to d!2nd case: no t of stubborn(m) occurs in w m w d t d not a t 9 deadlock!
  • Preservation of LTL/CTLLTLX:Core principle+Visibility: all transitions in stubborn(m) invisible to φ or stubborn(m) = T+Proviso: Once in every cycle: stubborn(m) = TCTLX:LTL+ |stubborn(m)| = 1 or stubborn(m) = TConsequences:- only local properties yield reduction- Proviso avoids infinite stuttering- Proviso known to cause explosion- Proviso requires cycle detection (e.g. depth first)- CTL only performant when number of conflicts is small
  • LoLA’s ApproachesLet φ be state predicate Assume m does not satisfy φ wrup(m, φ ) = some set of transitions such that every path to an m’ that satisfies φ contains at least one transition of wrup(m, φ ).Examples:wrup(m, “m* reached”) = •p, for some p with m(p) < m*(p) = p•, for some p with m(p) > m*(p)wrup(m,p>k) = wrup(m,p≥k) = •pwrup(m,p<k) = wrup(m,p≤k) = p•wrup(m, φ1 ∧φ2) = wrup(m, φ1) if m does not satisfy φ1 = wrup(m, φ2) if m does not satisfy φ2wrup(m, φ1 ∨φ2) = wrup(m, φ1)∪ wrup(m, φ2)wrup(m, t not dead) = {t} 11
  • TheoremReachability of φ:core principle+ wrup(m, φ) ⊆ stubborn(m) orig. φ red. m m0 12
  • TheoremReachability of φ:core principle+ wrup(m, φ) ⊆ stubborn(m) orig. φ red. m m0 12
  • TheoremReachability of φ:core principle+ wrup(m, φ) ⊆ stubborn(m) orig. φ red. in wrup(m, φ) m m0 12
  • TheoremReachability of φ:core principle+ wrup(m, φ) ⊆ stubborn(m) orig. φ red. in wrup(m, φ) t 1st in ample(m) m m0 12
  • TheoremReachability of φ:core principle+ wrup(m, φ) ⊆ stubborn(m) orig. φ red. in wrup(m, φ) m1 t 1st in ample(m) m m0 12
  • TheoremReachability of φ:core principle+ wrup(m, φ) ⊆ stubborn(m) orig. φ red. in wrup(m, φ) m1 t 1st in ample(m) m m1 closer to m’ than m m0 12
  • Effect• Can be applied to global predicates• Astonishing goal-orientation• Has been relaxed by Kristensen/Valmari (wrup must be contained only once in an scc) • They perform better if predicate unreachable • Unrelaxed method better if predicate reachable• Can be extended to boundedness: • Bounded net: wrup(m) = {t : |t•|>|•t|} • Bounded place: wrup(m,p) = •prelaxed
  • TSCC based propertiesValmari:core principle+ weak proviso: Every transition in stubborn(m) atleast once in every tscc of reduced system:every tscc of original state space visited in reducedstate space
  • TSCC based propertiesIdea:- Construct Valmari’s tscc-preserving state space- Pick one element of each tscc of reduced state space - check mutual reachability for home state - check reachability of m0 for reversibility - check rechability of φ for liveness of φ userconfig.H:twophase TWOPHASE
  • CTL/LTL properties• CTL: Separate search space for each subformula • Use wrup for EF and AG • Use traditional CTL method for other operators• LTL: search counterexample path: F φ ➪ G¬φ, GF φ ➪ FG¬φ, FGφ ➪ GF¬φ • G ¬φ LTL preserving, but drop Proviso • FG¬φ,GF¬φ: • drop Proviso if m satisfies ¬φ • wrup(m,¬φ) if m satisfies φ
  • Symmetries
  • Symmetric Behavior Goal: symmetry in transition systemσ is symmetry if: ΣTS: set of allσ is bijection R(m0)  R(m0) symmetries in R(m0)m [t> m’ iff ex. t’: σ(m) t’> σ(m’)σ(m0) = m0 by induction: m0 m1 m2 ... path  σ(m0) σ(m1) σ(m2) ... path as well -Id is always symmetry [ΣTS,o] is -If σ symmetry, so is σ-1 group -If σ1 and σ2 symmetries, so is σ1 o σ2 18
  • Equivalence of States 19
  • Equivalence of StatesHave to detect symmetries prior to state space generation, typically cannot deduce all of thembut: can always close under inversion and composition 19
  • Equivalence of StatesHave to detect symmetries prior to state space generation, typically cannot deduce all of thembut: can always close under inversion and compositionfix some subgroup Σ ⊆ ΣTS 19
  • Equivalence of StatesHave to detect symmetries prior to state space generation, typically cannot deduce all of thembut: can always close under inversion and compositionfix some subgroup Σ ⊆ ΣTSm ~ m’ iff ex. σ ∈ Σ such that σ(m) = m’ 19
  • Equivalence of StatesHave to detect symmetries prior to state space generation, typically cannot deduce all of thembut: can always close under inversion and compositionfix some subgroup Σ ⊆ ΣTSm ~ m’ iff ex. σ ∈ Σ such that σ(m) = m’ ~ is equivalence relation 19
  • Reduced Transition System TSΣ = [R(m0)/~ , EΣ , [m0]Σ]EΣ = { [ [s],[s’] ] | ex. s ∈ [s], ex. s’ ∈ [s’] : [s,s’] ∈ E} Size of reduced system:| R(m0)/~ | ≥ | R(m0) | / | Σ ||Σ | can be exponential in size of Petri net 20
  • Σ = { Id, σ} Example σ([x,y,z]) = [y,x,z] (i,i,1) (r,i,1) (i,r,1) g1(c,i,0) (r,r,1) (i,c,0) (c,r,0) (r,c,0) 21
  • Example Σ = { Id, σ} σ([x,y,z]) = [y,x,z] (i,i,1) (r,i,1)(c,i,0) (r,r,1) (c,r,0) 22
  • Construction of reduced R := E := ø; dfs(m0); dfs(m) Approximation R := R ∪ {m}; FOR ALL t: activated in m DO m’ = m + Δt; IF can find σ with σ(m’)∈ R THEN E := E ∪{[m, t, σ(m’) ]}; The “Orbit- ELSE Problem” E := E ∪{[m,t, m’ ]}; dfs(m’); END END 23
  • “Traditional” Symmetry Tools• Depend on “scalar set” data type • =, ≠, arrays, for each, no constant• Cannot model networks other than cliques• LoLA: can handle all kinds of symmetry in the net structure
  • PN automorphismsBijection σ: P∪T → P∪T is PN automorphism,iff, for all x,y ∈ P∪T:- m0(x) = m0(σ(x))- If [x,y] ∈ F then [σ(x),σ(y)] ∈ F and W([x,y]) = W([σ(x),σ(y)]) Every PN automorphism induces symmetry in state space: σ(m)(σ(p)) = m(p) 25
  • Example 2 3 1 411 11 12 12 13 13 14 1422 24 21 23 22 24 21 2333 33 34 34 31 31 32 3244 42 43 41 44 42 43 41 id 26
  • Schreier-Sims generating set U1 U2 U3 subgroup induces partition of whole group pick one element of each class (“orbit”)Group: all automorphismsU1: all automorphisms that map p1 to p1U2: all automorphisms that map p1 to p1, p2 to p2...Un: Idhas O(n^2) elements
  • Example 2 3 1 411 11 12 12 13 13 14 1422 24 21 23 22 24 21 2333 33 34 34 31 31 32 3244 42 43 41 44 42 43 41 id U1U2 28
  • 2 3 Example 1 4E={2 id, 3 2 ,3 2 3, 2 3 ; id, } 1 g1 4 1 g2 4 1 g3 4 1 g4 4 id o id = id g2 o id = id o g4 = g2 o g4 = g1 o id = g3 o id = g1 o g4 = g3 o g4 = 29
  • Another Example 8 7 5 6 4 3 g = g1 o g2 o g3 1 21. Layer: 1 →1 ... 82. Layer 1 → 1, 2 → 2,4,53. Layer 1 → 1, 2 → 2, 3 → 3,67 + 2 + 1 = 10 generators for8 x 3 x 2 = 48 automorphisms 30
  • Orbit Problem: Approximation id idg11 g12 g13 g14-1 g21 g22 g23 g31 g32 g14 given: m searched: canonical representative(m) 31
  • Orbit Problem: Approximation id idg11 g12 g13 g14-1 g21 g22 g23 g31 g32 g14 given: m searched: canonical representative(m)1. m1 := MIN{g1i-1(m), i = ...} 31
  • Orbit Problem: Approximation id idg11 g12 g13 g14-1 g21 g22 g23 g31 g32 g14 given: m searched: canonical representative(m)1. m1 := MIN{g1i-1(m), i = ...}2. m2 := MIN{g2i-1(m1), i = ...} 31
  • Orbit Problem: Approximation id idg11 g12 g13 g14-1 g21 g22 g23 g31 g32 g14 given: m searched: canonical representative(m)1. m1 := MIN{g1i-1(m), i = ...}2. m2 := MIN{g2i-1(m1), i = ...}3. m3 := MIN{g3i-1(m2), i = ...} 31
  • Orbit Problem: Approximation id idg11 g12 g13 g14-1 g21 g22 g23 g31 g32 g14 given: m searched: canonical representative(m)1. m1 := MIN{g1i-1(m), i = ...} ........2. m2 := MIN{g2i-1(m1), i = ...} n. mn := MIN{gni-1(mn-1), i = ...}3. m3 := MIN{g3i-1(m2), i = ...} 31
  • Orbit Problem: Approximation id idg11 g12 g13 g14-1 g21 g22 g23 g31 g32 g14 given: m searched: canonical representative(m)1. m1 := MIN{g1i-1(m), i = ...} ........2. m2 := MIN{g2i-1(m1), i = ...} n. mn := MIN{gni-1(mn-1), i = ...}3. m3 := MIN{g3i-1(m2), i = ...} canrep(m) := mn 31
  • 2 3 Example 2 2 2 2 3 3 3 3 1 4 E={ , , ; } 1 4 1 4 1 4 1 4 g12 g13 g14 g223 2 2 3 m 32 32 id-1(m) = id(m) = 1 4 11 411 1 12 31 -1(m) = (m) = 31 42 32 31 -1(m) = (m) = 21 41 12 33 -1(m) = (m) = 11 4 2 32
  • 2 3 Example 2 2 2 2 3 3 3 3 1 4 E={ , , ; } 1 4 1 4 1 4 1 4 g12 g13 g14 g223 2 2 3 m 32 32 id-1(m) = id(m) = 1 4 11 411 1 12 31 -1(m) = (m) = 31 42 32 31 -1(m) = (m) = 21 41 12 33 -1(m) = (m) = ≠ m1 11 4 2 32
  • 2 3 2 Example 2 2 2 3 3 3 3 1 4 E={ , , ; } 1 4 1 4 1 4 1 4 g12 g13 g14 g22 3 2 2 3 s 12 33 id-1(m1) = id(m1) = 1 4 11 42 1 1x = 12 3x = 3 22 33 s1 -1(m) = (m) =x=11 4x = 2 11 41 12 32 Result ≠ canrep(m) = (m) = 1 1 43
  • 2 3 2 Example 2 2 2 3 3 3 3 1 4 E={ , , ; } 1 4 1 4 1 4 1 4 g12 g13 g14 g22 3 2 2 3 s 12 33 id-1(m1) = id(m1) = Result 1 4 11 42 1 1x = 12 3x = 3 22 33 s1 -1(m) = (m) =x=11 4x = 2 11 41 12 32 Result ≠ canrep(m) = (m) = 1 1 43
  • Summary Symmetriessymmetries 34
  • Summary Symmetriescalculation of symmetries, exact solution of orbit problem: equivalent to graph isomorphism (NP) symmetries 34
  • Summary Symmetriescalculation of symmetries, exact solution of orbit problem: equivalent to graph isomorphism (NP)Many other orbit algorithms available in LoLA, even more by Tommi Junttila best choice depends on structure of symmetry group symmetries 34
  • Using Petri net invariants in state space
  • Two approachescompress states (use place invariants) save space and timeexempt states from storage (use transition invariants) space/time tradeoff 36
  • First approach: use place invariants 37
  • First approach: use place invariantsLet i be place invariant:.For all reachable m:i • m = i • m0 37
  • First approach: use place invariants Let i be place invariant:. For all reachable m: i • m = i • m0 i • m0 – Σp’≠p i(p’) • m(p’).... and, for a place p with i(p) ≠ 0: m(p) = i(p) 37
  • Example 3 2 invariant 1: [ 1 1 0 0 0 ] invariant 2: [ 0 0 0 1 1 ]that is, for all reachable markings m: m(p1) = 1 – m(p2) m(p5) = 2 – m(p4) only p2,p3,p4 need to be stored (40 % compression) 38
  • Overheadpreprocessing - time - space state spaceconstruction - time 39
  • Overhead appears to be:preprocessing - time compute invariants - space |inv| • |places| state spaceconstruction - time recover saved components 39
  • Overhead appears to be: actually is:preprocessing - time compute invariants compute upper triangular form - space |inv| • |places| 1bit • |places| state spaceconstruction - time recover saved search, insert performed components on smaller vectors 39
  • State space construction state yes/no state pointer depository (short vectors) state (recover removed components) 1 0 1 0 0 0 = 1 0 - -2 -1 = 3 1 2 1 1 40
  • State space construction state yes/no state pointer depository (short vectors) state (recover removed components) 1 0 1 Observe: 0 0 0 = 1 0 - -2 -1 = 3 1 values of i irrelevant, 2 1 1 supp(i) sufficient! 40
  • Upper triangular form 1 -1 0 0 1 0 0 0 . . -1 1 0 0 -1 0 0 0 0 1 0 3 -2 0 0 1 0 0 . . 0 0 -1 1 0 0 -1 0 . . 0 0 1 -1 0 0 1 0 1 0incidence matrix triangular form invariants m(p2),m(p5) can be calculated from m(p1), m(p3), m(p4) 41
  • Results1. Space reduction 30% - 55%2. Preprocessing time insignificant3. Run time reduction proportional to space reduction Reason: search and insert operations take 80 – 95 % of overall run time ... are now performed on shorter vectors4. combination with most other reduction techniques possible preduction 42
  • Second approach: 43
  • Second approach: what happens if some states are removed from the depository? 43
  • Second approach: what happens if some states are removed from the depository? 43
  • Second approach: what happens if some states are removed from the depository? construction still terminates as long as removed states do not form cycles! 43
  • Second approach: what happens if some states are removed from the depository? construction still terminates as long as removed states do not form cycles! use structural knowledge about cycles 43
  • Transition invariantscycle in state space corresponds to transition invariant 44
  • Transition invariants cycle in state space corresponds to transition invariantAssume: Set U of transitions s.t. for every transition invariant i: U ∩ supp(i) ≠∅ Then: store states that enable transitions in U do not store other states U can be determined from triangular form 44
  • Example 3 2 transition invariant: [2,2,3,3] U = {t}store only states where t is enabled 45
  • Problems:1. Too many states enable transitions in U Solution: combine with partial order reduction2. Unacceptable run time overhead Solution 1: heuristically store additional states Solution 2: remove only non-branching states 46
  • Ad 1: Full vs. Partial full state space 47
  • Ad 1: Full vs. Partial stubborn set reduced state space 48
  • Ad 2: store additional states k k 49
  • Results1. Controllable space/time trade-off2. Combination with partial order reduction compulsory3. Combination with a few other reduction techniques possible4. Only simple properties can be verified (no access to graph structure of the state space) 50
  • The Sweep-Line Method
  • Road mapThe sweep-line method (basic/extended)Calculation of a progress measureDiscussion - Combination with other reduction techniques
  • The sweep-line method (Basic)Idea: state s → progress value p(s)with s [t> s‘ p(s) > p(s’) Unprocessed sweep-line
  • The sweep-line method (Basic)Idea: state s → progress value p(s)with s [t> s‘ p(s) > p(s’) Unprocessed sweep-line p
  • The sweep-line method (Basic)Idea: state s → progress value p(s)with s [t> s‘ p(s) > p(s’) Unprocessed Processed sweep-line p
  • The sweep-line method (Basic)Idea: state s → progress value p(s)with s [t> s‘ p(s) > p(s’) Unprocessed Not yet seen Processed sweep-line p
  • The sweep-line method (Basic)Idea: state s → progress value p(s)with s [t> s‘ p(s) > p(s’) Unprocessed  Not yet seen Processed sweep-line p
  • The sweep-line method (extended)If p is not monotonous: t s’ s p(s’) < p(s)
  • The sweep-line method (extended)If p is not monotonous: t s’ s p(s’) < p(s) -mark s’ “persistent” -start new sweep from s’
  • The sweep-line method (extended) If p is not monotonous: t s’ s p(s’) < p(s) -mark s’ “persistent” -start new sweep from s’Consequently: not too often p(s’) < p(s)
  • Setting for LoLA’s measure-incremental: “transition offsets” Δ p(t) : m [t> m‘ p(m’) = p(m) + Δ p(t)-not necessarily monotonous (in every cycle: one negative Δ p or all Δ p = 0)
  • The measurepartition T into U and TUin U: all transitions linear independentin TU: all transitions linear dependent of U i.e. |U| = rank(C)-for t in U: Δ p (t) := 1-for t in TU: Δ p(t) determined by (unique) lin. combination of U (for t in TU: Δ p(t) >0, =0, <0 )typical size: |U| 60% - 100% of |T|
  • U ExamplesTU 1 1 12 -2 1 1 1 0
  • Geometric interpretationp2 s p3 p1 sweep
  • Geometric interpretationp2 s p3U p1 sweep
  • Geometric interpretationp2 s p3U p1 sweep
  • Geometric interpretation progressp2 s p3U p1 sweep
  • Geometric interpretation progressp2 s p(s) p3U p1 sweep
  • Geometric interpretation progressp2 s p(s) p3 1U p1 sweep