Accuracy info for numerical results is computed and stored during model checking. For now,
it is always the worst-case accuracy over all states for which results are computed. The
information is stored in a class prism.Accuracy, instances of which are created in a
consistent fashion using prism.AccuracyFactory. Accuracy info is stored in the
prism.Result class.
Accuracy information is generated for all 4 main engines (sparse/hybrid/MTBDD/explicit),
and attached to the Result object when model checking the filter that is wrapped around a
property (currently, just for the default "state" filter). The accuracy is printed with
the main result at the end of model checking. e.g.:
Result: 0.1666666865348816 (+/- 1.1920928955078125E-7; rel err 7.152556520395694E-7)
For now, accuracy info is generated for the majority of properties for DTMCs and MDPs
(no support yet for multi-objective model checking). For methods like value iteration,
where a guaranteed error bound is not generated, convergence information is used, but
reported as being only an estimate.
Test mode has been updated (code in prism.ResultTesting) to use the reported accuracy of
a result to check correctness against a reference result. If it is missing, or only
estimated, the old approach of using default check of 1e-5 with relative error is used.
For the explicit engine, accuracy info is stored in explicit.ModelCheckerResult, returned
by most numerical computation methods i.e. those in the explicit.ModelChecker and
explicit.IterationMethod (sub)classes. At a higher level, the accuracy info is then stored
in explicit.StateValues, when this created from ModelCheckerResult in
explicit.ProbModelChecker.
For symbolic (sparse/hybrid/MTBDD) engines, the error bound info from C++ code is stored
in a variable last_error_bound that be accessed (or reset) from prism.PrismNative, using
the methods getLastErrorBound() and resetModelCheckingInfo(). At a higher level, this is
then stored in subclasses of prism.StateValues, which are created in the
prism.*ModelChecker classes from the results of computations.
Export the values of the following standard compiler and compiler flag
variables in the main makefile, avoiding the need to pass through each
one to child make processes manually:
CC
CXX
LD
JAVAC
JAVACC
Since JAVAC is manually exported as "$(JAVAC) $(JFLAGS)" by the main
makefile, additionally separate JAVAC and JFLAGS into separate variables
from the perspective of child make processes.
Rename the following makefile variables to their standard implicit
equivalents in GNU Make for the sake of clarity:
C -> CC
CPP -> CXX
CPPFLAGS -> CXXFLAGS
Rename the following makefile variables for the sake of clarity in child
makefiles:
SRC_DIR -> PRISM_SRC_DIR
CLASSES_DIR -> PRISM_CLASSES_DIR
OBJ_DIR -> PRISM_OBJ_DIR
LIB_DIR -> PRISM_LIB_DIR
INCLUDE_DIR -> PRISM_INCLUDE_DIR
IMAGES_DIR -> PRISM_IMAGES_DIR
DTDS_DIR -> PRISM_DTDS_DIR
The helper script src/scripts/printversion.sh also makes use of the
value of SRC_DIR exported from the main makefile, so use PRISM_SRC_DIR
in that script too.
We want to allow MTBDD engine model checking without having an ODD
to encode the BDD state to index information. This allows to deal
with models where the state space is too big for the ODD index type (2^63).
Here, we harden all the places where the ODD information is accessed
to gracefully handle the abscence of the ODD:
* When trying to convert from MTBDD to explicit vector, a
missing ODD is fatal
* When printing state values or a state list, index information is
not available and thus omitted
* For the hybrid and sparse engine, the odd index checks (whether
the number of states fit into an int32_t) are now done using
helper functions that handle both null ODD and out-of-range values.
When DOT graphs of a model are exported, their maximum permitted size is
hardcoded to 8 inches wide by 5 inches high, which is too small for the
rendered drawing to be useful (e.g. during debugging) for all but the
simplest of models. Remove the maximum size restriction, allowing tools
to render the drawing with its natural dimensions.
The generated action vector was stored in the 'actions' member of the
NDSparseMatrix that was the last one that was built (remembered in the
global ndsm pointer variable).
Now, we store it in the 'actions' member of the mdp_ndsm that is
passed in, as intended.
This did not result in problems before because the call to
build_nd_action_vector() was always immediately after the
corresponding NDSparseMatrix was built.
In case that no export_name is passed to one of the PM_Export..., PS_Export.... functions,
ReleaseStringUTFChars() would be called even though there was no previous call to
GetStringUTFChars(), leading to a SEGFAULT.
This is for robustness, PRISM always passes an export_name string.
As noted in #68, the javah tool has been removed in JDK10. Here, we switch to the new way of generating the JNI .h files, using the -h option of the regular javac compiler.
We have to adapt all Makefiles (not only those in directories that contain classes with native methods), as javac compiles all required classes (and generates their JNI headers) beyond the directory with the Makefile.
The .h files generated by javac -h had a different naming scheme, now there is a prefix for the package name. To avoid having to touch all the #includes, we generate the new .h files in prism/include/jni and provide legacy headers in the old location and with the old name, forwarding the the corresponding new header. In the future, at an appropriate moment, those legacy headers can be removed and replace with direct includes.
Currently, there is a post-processing step on Windows: After the .h file is generated, dos2unix is called to replace the Windows CRLF line endings. Otherwise, the generated headers show up as changed files in version control. As now there are no special targets for the generation of the .h files anymore, we move to a global post-processing step and call dos2unix on prism/include/jni/*.h at the end of building.
Due to a typo, the upper iteration uses `updateValueFromBelow` instead of `updateValueFromAbove`
to update the value vector. When the flag for monotonicity enforcement from above is active (default),
all values are thus forced to be above the upper bound, preventing convergence.
Example:
prism functionality/verify/mdps/reach/mdp_simple.nm functionality/verify/mdps/reach/mdp_simple.nm.props -sparse -intervaliter
+ test case
Currently, building PRISM with parallel building does not work,
as there are dependencies between targets that are not fully
encoded in the Makefiles. Building with -j n flag would lead to error.
Now, we add the .NOTPARALLEL target to most of the Makefiles,
which tell GNU make to ignore the -j flag. Note that this
only inhibits parallel builds for the current Makefile, we
thus have to specify it for all sub-Makefiles as well
(see https://www.gnu.org/software/make/manual/html_node/Parallel.html)
For the external libraries, CUDD and LPSolve don't seem to mind building
in parallel, so we don't inhibit there and can get some minor compile time
speed-up by using multiple cores if the -j option is specified.
git-svn-id: https://www.prismmodelchecker.org/svn/prism/prism/trunk@12202 bbc10eb1-c90d-0410-af57-cb519fbb1720
Consistently include cstdio instead of stdio.h, etc. For MinGW,
the default underlying stdio implementation (Microsoft DLL based vs
POSIX MinGW implementation) differs between C++ and C code, so
format string warnings pop up if we include the C header...
git-svn-id: https://www.prismmodelchecker.org/svn/prism/prism/trunk@12192 bbc10eb1-c90d-0410-af57-cb519fbb1720
On Win32, jints are actually long ints, so printf would need %ld instead of %d.
As jints are 32bit, we simply cast to an int to silence format string compiler
warning.
git-svn-id: https://www.prismmodelchecker.org/svn/prism/prism/trunk@12190 bbc10eb1-c90d-0410-af57-cb519fbb1720
Generates HTML file with the individual steps of the iterative procedures.
Relies on external JavaScript and CSS.
Is already prepared for exporting interval iteration steps (possibility
to export multiple vectors with type flag per iteration step)
git-svn-id: https://www.prismmodelchecker.org/svn/prism/prism/trunk@12073 bbc10eb1-c90d-0410-af57-cb519fbb1720
Currently, the sparse engine internally uses int (signed 32bit) index variables
So, if the number of states is larger than Integer.MAX_VALUE, there is a problem
and the code will most probably crash or do nonsensical things.
We check this before calling into the native sparse engine code and
throw a PrismNotSupportedException.
git-svn-id: https://www.prismmodelchecker.org/svn/prism/prism/trunk@12020 bbc10eb1-c90d-0410-af57-cb519fbb1720
Technically, using 'plain' delete for deleting objects allocated with new[] is
undefined behaviour. In practice, this didn't appear to be a problem.
git-svn-id: https://www.prismmodelchecker.org/svn/prism/prism/trunk@11786 bbc10eb1-c90d-0410-af57-cb519fbb1720
Dave Parker