In order to obtain a general view of the results of these performance tests, we may compare the relative state space reduction achieved on average by each reduction technique in each of the three classes of tests that were conducted. Figure 10.1 shows a graph which represents the average size of the state space that was obtained by each reduction in each of the test categories with respect to the unreduced original model, as well as the corresponding size for the case when all three reductions worked together.
The superiority of the effect of path reduction with respect to the effects of the other reductions is clear in this representation, where path reduction consistently reduces the state space by factors of 60% to 80%, many times more than what is achieved by the other reductions.
The effect of dead variable reduction is more dependent on the type of model, and
although it was able to perform reductions of up to 40% in some models, on average its reduction results in a factor of up to 10%. This is nevertheless an important reduction, especially in the case of models with very big state spaces.
The results obtained by step confluence reduction are less impressive. On average we may expect a reduction factor of up to 5% when this reduction is applied.
The clear winner in this case is the combination of all the reduction techniques.
Although path reduction accounts for almost all of the reduction obtained by this multiple reduction technique, it still benefits from the application of dead variable reduction and step confluence reduction, as may be seen in the case of the Spin examples and to a lesser extent in the case of the LUNAR models.
In general, the reductions are less effective when applied to a real protocol model, as in the case of the LUNAR models. This agrees to what is argued in [Pel05] about the real effectiveness of state space reductions when applied to actual case studies and not just tailored examples. Still, the reduction obtained by the combination of the static reduction techniques on these models is very positive indeed.
Chapter 11 Conclusions
This work has presented a set of techniques for reducing the size of the reachable state space of models encoded in the NIPS byte-code language. These techniques are based on the static analysis of the byte-code of these models, and operate exclusively by perform-ing a transformation of this byte-code. The reductions obtained by these techniques have been shown to preserve the equivalence of the original and reduced state-transition sys-tems with respect to temporal logic specifications, and their effectiveness has been demon-strated experimentally. This chapter presents the concluding remarks of the present work.
11.1 Related work
Path reduction and other similar reductions have been presented in [Hol99, Yor00, KLY02, YG04]; likewise, dead variable reduction has been presented in [BFG99, Hol99, Yor00, YG04]. Arguably, these reductions are simpler to describe and implement for the byte-code language of NIPS than in their original presentations, thanks to the simple structure of the byte-code.
In the case of path reduction, the analysis and code transformation need only be done at the corresponding locations of each individual breaking point and STEP instruction when applying it to NIPS, and without any further regard for the remaining instructions or the structure of the control-flow graph, other than that the consideration of cycle safety.
Also, the corresponding code transformation is extremely simple. The path reduction optimization as presented in [Yor00, YG04] requires a more complex manipulation of the syntactic structures of the high-level language used therein, and it relies on some duplication of code when statements are shared among elementary paths. The analysis and algorithms presented in [KLY02] are also notably more complex than the ones that have been presented for NIPS. Finally, the statement compression technique described in [Hol99] is limited to the merging of statements with strictly deterministic behavior, and is therefore less powerful than the version of path reduction presented in this work. Also, it must perform its analysis directly on the syntax of Promela code and keep track of which statements may be compressed when producing the state-transition system. The analysis of the NIPS byte-code and the interpretation of the modified code by the virtual machine may be seen as a simpler way to achieve this.
Regarding dead variable reduction, the analysis presented in [Yor00, YG04] consists of a modified live variable analysis for the high-level WHILE language which computes
the sets of dead variables by applying inductive rules on the syntactic structure of the program. The analysis of death points and dead assignments presented in Chapter 5, and which is based on the result of a standard live variable analysis of the control-flow graph, represents a simpler form of analysis. The reduction presented in [BFG99] is of a somewhat different nature than the dead variable reduction presented in this work. The language considered there is a process algebra whose control graph corresponds to the parallel composition of a fixed number of processes. Thus, they are able to compute an accurate live variable analysis for shared variables. Also, they are able to extend the analysis to the values contained in communication queues. This does not apply to the static reduction applied to NIPS, which must handle each of the process types individually and prior to their concurrent execution. In [Hol99], the resetting of temporarily dead variables to a value of zero is analogous to the optimization due to death points in NIPS;
the handling of dead assignments is not mentioned in this paper.
The idea behind step confluence reduction came while observing the byte-code pro-grams produced by the Promela compiler provided with NIPS. The compilation of goto and break statements caused the creation of confluent STEP instructions. A similar optimization is performed by the Spin compiler, which inhibits the execution of these statements and uses them to determine the ending location of the immediately preceding statement [Hol03]. It was not possible to find any additional approaches to reduce the size of the reachable state space by removing differences among states which consist of equivalent program locations.