Download presentation

Presentation is loading. Please wait.

Published byJeffery Bareford Modified over 2 years ago

1
Real-Time Model Checking on Secondary Storage Stefan Edelkamp and Shahid Jabbar Chair for Programming Systems and Compiler Construction Computer Science Department University of Dortmund, Dortmund, Germany

2
Edelkamp and Jabbar (Dortmund) Real-time Model Checking on Secondary Storage 2 Real-Time Model Checking Model checking of real time critical systems. Example: A rail-road crossing that has to follow strict time constraints. Systems are modeled by Timed-Automata Extension of ordinary automata with clocks and constraints. s1 s2 s3 0 y 4 y 4 x 0 y 4 Constraints Reset x and y are real-time clocks

3
Edelkamp and Jabbar (Dortmund) Real-time Model Checking on Secondary Storage 3 Timed Automata A state in timed automata is a pair (l, u), where l is the current location/state in the automata u:C IR is the Clock valuation function. Two types of Transitions: Delay Transition: (l,u) (l, u+d) that increases the values of all clocks by a positive real d. Edge Transition: (l,u) (l, u) that changes the location to l. u is obtained from u by executing the reset statements on the edges. Only possible if the constraints on the edge are satisfied by the clocks. s1 s2 s3 0 y 4 y 4 x 0 y 4 Constraints Reset x and y are real-time clocks

4
Edelkamp and Jabbar (Dortmund) Real-time Model Checking on Secondary Storage 4 Priced Timed Automata Timed Automata extended with cost variables. Each transition can have a cost for taking it. Each location/state can have a cost for staying at it. Used in Scheduling – also in this paper. s1 s2 s3 0 y 4 y 4 x 0 y 4 Constraints Reset x and y are real-time clocks c = 4 c = 2 c = c + 1 c = c + 4 Cost per unit time for staying at s1 Cost for taking the transition

5
Edelkamp and Jabbar (Dortmund) Real-time Model Checking on Secondary Storage 5 Cost-optimal reachibility using Priced Timed Automata (UPPAAL-CORA) UPPAAL-CORA uses admissible but inconsistent heuristics as guidance. the first solution found is not optimal. But can be taken as an upper bound to prune the non-promising states – branch-and-bound. costcost Search frontier goal Pruning value

6
Edelkamp and Jabbar (Dortmund) Real-time Model Checking on Secondary Storage 6 Problems Since clocks are real-values variables infinite state spaces. Classical approach for proving decidability is to divide the state space into regions. In practice, tools like KRONOS and UPPAAL use a Zone-based representation – a symbolic representation for sets of states. Still the combinatorial explosion due to adding new components is inevitable.

7
Edelkamp and Jabbar (Dortmund) Real-time Model Checking on Secondary Storage 7 Problem with the Virtual Memory 0x000…000 0xFFF…FFF Virtual Address Space Memory Page

8
Edelkamp and Jabbar (Dortmund) Real-time Model Checking on Secondary Storage 8 External Memory Model (Aggarwal and Vitter) Input of size N and N >> M M B Disk If the input size is very large, running time depends on the I/Os rather than on the number of instructions. Scan(N) = O(N / B) Sort(N) = O(N/B log M/B N/B)

9
Edelkamp and Jabbar (Dortmund) Real-time Model Checking on Secondary Storage 9 External Breadth-First Search for Explicit Graphs (Munagala & Ranade, SODA-99) A t t+1 t+2 BCDBCD XYZAXXYZAX AXYZAXYZ XYZXYZ Duplicates Removal I: Remove Duplicates by sorting the nodes according to the indices and doing an scan and compaction phase. II: Subtract layers t and t+1 from t+2.

10
Edelkamp and Jabbar (Dortmund) Real-time Model Checking on Secondary Storage 10 External Breadth-First Branch-and-Bound in UPPAAL-CORA Can we use the same approach by Munagala and Ranade here ? YES and NO Duplicate Elimination is not trivial! A A Search frontier Trivial state spaces (l,Z1) (l,Z2) (l,Z3) (l,Z4) (l,Z5) (l,Z6) A state (l,Z) is a duplicate of (l,Z) iff Z Z and f(Z) f(Z) Zone Union – same location but different zones costcost l: active locations in local automata Z: Zone - set of constraints satisfied by clocks No total order on Zones => O(n^2) comparisons for each location Real-Time state spaces

11
Edelkamp and Jabbar (Dortmund) Real-time Model Checking on Secondary Storage 11 Bucket A Bucket is a set of states, residing on the disk, having the same g value, Where, g = number of transitions needed to transform the initial state to the states of the bucket, No state is inserted again in a bucket that is expanded. If Active (being read or written), represented internally by a small buffer. File on disk Buffer in internal memory Insert state when full, sort and flush

12
Edelkamp and Jabbar (Dortmund) Real-time Model Checking on Secondary Storage 12 I/O Complexity of Breadth-First Branch- and-Bound Assumption: At least two zone unions can fit into the main memory. Expansion: O(scan(|V|)) I/Os Duplicates Removal: Stage 1: Removal of duplicates within a layer. O(sort(|E|) I/Os for sorting, O(scan(|E|) I/Os for scanning and compacting. Stage 2: Removal of duplicates wrt previous layers. Depends on the locality of the graph – the longest back-edge locality(G) x scan(|V|) I/Os Cumulative Complexity: O(sort(|E|) + locality(G) x scan(|V|) I/Os.

13
Edelkamp and Jabbar (Dortmund) Real-time Model Checking on Secondary Storage 13 External Breadth-First Branch-and-Bound

14
Edelkamp and Jabbar (Dortmund) Real-time Model Checking on Secondary Storage 14 Problems with Breadth-First BnB Too much efforts until some solution is found. Solution: Explore partial space to search for some solution. Increase the coverage of the space and improve the solution. Iterative Broadening External Breadth-First BnB

15
Edelkamp and Jabbar (Dortmund) Real-time Model Checking on Secondary Storage 15 Iterative Broadening External Breadth- First BnB costcost Search frontier k=20% 40% 60% 80% 100% Only pick best k% nodes for expansion.

16
Edelkamp and Jabbar (Dortmund) Real-time Model Checking on Secondary Storage 16 Selection Criteria How can we guarantee that the solution will be improved or at least remain the same ? Possible if Selection Criteria: Best k% of the nodes PLUS All the states that have the same cost as that of the last state of the selected list PLUS All the sates that have the cost smaller or equal to the maximum cost selected in the previous iteration. i: layer number l: iteration Select the whole cost plateau Select all plateaus from the previous iteration

17
Edelkamp and Jabbar (Dortmund) Real-time Model Checking on Secondary Storage 17 Iterative Broadening External BF BnB

18
Edelkamp and Jabbar (Dortmund) Real-time Model Checking on Secondary Storage 18 Aircraft Landing Scheduling Problem 1 runway 10 planes Beam Width in % Given Upper Bound New Upper BoundExpanded States ,458 External Breadth-First BnB

19
Edelkamp and Jabbar (Dortmund) Real-time Model Checking on Secondary Storage 19 Aircraft Landing Scheduling Problem 2 runway 20 planes Beam Width in % Given Upper Bound New Upper BoundExpanded States , , , , , , Out-of-space with External Breadth- First BnB

20
Edelkamp and Jabbar (Dortmund) Real-time Model Checking on Secondary Storage 20 Alternate Modeling of Aircraft Landing Scheduling (Dierks, VVPS05) 3 runways but 13 clocks External Breadth- First BnB Harddisk usage = 311 Gigabytes RAM usage = 1.8 Gigabytes Time = 12 hours Iterative Broadening did not pay off due to large cost plateaus Incomplete exploration due to space constraints.

21
Edelkamp and Jabbar (Dortmund) Real-time Model Checking on Secondary Storage 21 Issues in External Exploration Error trace: No predecessor pointers! Save the predecessor with each state. Trace back from the goal state to the start state breadth- wise. Disk space eaten by duplicate states: Start Early Delayed Duplicate Detection

22
Edelkamp and Jabbar (Dortmund) Real-time Model Checking on Secondary Storage 22 Summary & Outlook Contribution External storage can provide the facility to save open and closed lists. Iterative broadening strategy can outperform simple breadth-first branch-and-bound. Future Work Externality => promising for distributed execution by distributing a layer on multiple processors. Can pause-and-resume your execution to add more harddisks. Completely orthogonal - Can be combined with other state- space reduction techniques.

Similar presentations

© 2016 SlidePlayer.com Inc.

All rights reserved.

Ads by Google