Download presentation

Presentation is loading. Please wait.

Published byAnnalise Beadnell Modified over 3 years ago

1
Expand, Enlarge, and Check for Branching Vector Addition Systems Rupak Majumdar Zilong Wang MPI-SWS

2
Branching Vector Addition Systems(BVAS) A generalization of vector addition systems (VAS) A very expressive concurrency model – spawn and wait – asynchronous programming Program safety coverability problem for BVAS

3
Coverability Results CoverabilityVASBVAS Theory Practice EXPSPACE-complete [Lipton 76, Rackoff 78] Nondeterministically guess a doubly exponential covering path 2EXPTIME-complete [Demri et al. 09] Nondeterministically guess a doubly exponential covering tree Backward reachability [Abdulla et al. 96] [2EXPTIME: Bozzelli & Ganty 11] Expand, Enlarge, and Check (EEC) [Geeraerts et al. 04] [complexity unknown]

4
Coverability Results CoverabilityVASBVAS Theory Practice EXPSPACE-complete [Lipton 76, Rackoff 78] Nondeterministically guess a doubly exponential covering path 2EXPTIME-complete [Demri et al. 09] Nondeterministically guess a doubly exponential covering tree Backward reachability [Abdulla et al. 96] [2EXPTIME: Bozzelli & Ganty 11] EEC EEC [2EXPTIME] [EXPSPACE]

5
Outline Recap of EEC for VAS Complexity analysis of EEC for VAS Generalized to EEC for BVAS Experimental results of EEC for BVAS

6
Vector Addition System (VAS) VAS is the dimension of vectors is the initial vector is a finite set of unary rules

7
Derivation initial vector dim unary rules (1, 2) (2, -1) (3, 1) (-1, -1) (2, 0) (1, 2) + (2, -1) = (3, 1) (3, 1) + (-1, -1) = (2, 0) (-1, -1) (1, -1) derives

8
Coverability Problem Given a VAS and a target, is there a covering derivation of in ? is a covering (derivation) of if derives a vector such that

9
EEC for VAS

10
Truncated and Extended Derivations w.r.t a bound Normal Truncated ( = 2) Extended ( = 2) If a number >, truncate it to If a number >, extend it to

11
EEC for VAS No Cover Uncover Yes

12
Soundness and Completeness [Geeraerts et al. 04]

13
Complexity Analysis

14
EEC for VAS How many iterations are required for termination? Finite graph reachability. Size of the graph is No Cover Uncover Yes

15
Definitions Given a VAS and a vector, define input size : number of bits required to encode and in binary : the absolute value of the smallest negative integer in (i.e. the maximal decrease in one step of a derivation) : the greatest integer in

16
Lemmas Lemma 1 [Rackoff 78, Demri et al. 09]: If there is a covering derivation of, there is one whose length is at most Lemma 2: For all, if there is a covering extended derivation of, there is one whose length is at most

17
Pf: Let We show: Theorem 1: EEC for VAS terminates in iterations Theorem 1.If is coverable, there is a covering truncated derivation 2.If is uncoverable, there is no covering extended derivation

18
Proof of Claim 1 By Lemma 1: If is coverable, there is a covering truncated derivation No truncation in

19
Proof of Claim 1 By Lemma 1: There is a truncation in If is coverable, there is a covering truncated derivation

20
Pf: Let We show: Theorem 1: EEC for VAS terminates in iterations Theorem 1.If is coverable, there is a covering truncated derivation 2.If is uncoverable, there is no covering extended derivation ✓

21
Proof of Claim 2 By Lemma 2: If is uncoverable, there is no covering extended derivation No extension in

22
Proof of Claim 2 By Lemma 2: There is an extension in If is uncoverable, there is no covering extended derivation

23
Pf: Let We show: Theorem 1: EEC for VAS terminates in iterations Theorem 1.If is coverable, there is a covering truncated derivation 2.If is uncoverable, there is no covering extended derivation ✓ ✓

24
Theorem 1: EEC for VAS terminates in iterations Pf: By Theorem 1, = Each iteration solves two finite graph reachability problems Each graph has at most or nodes, which is Finite graph reachability problem is in NLOGSPACE Theorem 2: EEC for VAS is in EXPSPACE

25
Branching Vector Addition System

26
BVAS is the dimension of vectors is a finite set of axioms is a finite set of unary rules is a finite set of binary rules

27
Derivation (0,3)+(4,2)+(0,-4)=(4, 1) (0, 1) (5, -2) derives (5, 1) dim axiomsunary rules binary rule (0, 1) (0, 2) (0, 3) (3, 2) (1, 0) (4, 2) (0, -4) (1, 0) (5, 1)

28
Coverability Problem Given a BVAS and a target, is there a covering derivation of in ? is a covering (derivation) of if derives a vector such that

29
EEC for BVAS No Cover Uncover Yes These are trees

30
Theorems about EEC for BVAS Theorem 4: EEC for BVAS terminates in iterations Theorem 5: EEC for BVAS is in 2EXPTIME

31
Implementation and Experimental Results

32
Single-wait Programs [Bouajjani & Emmi 12] A function can 1.call unboundedly many asynchronous functions running in parallel 2.wait till the first return value comes back State reachability BVAS coverability

33
DNS lookup dns_server(Name) {... // do something else do { post r0 Result=ret); } while(*)... // do something else ewait r0; assert(is_valid_ip(Result));... // do something else } lookup(Name) { // lookup() returns ip... while(true) { allocate(Buf); post r1 Buf=ret);//server1 returns err or ip post r1 Buf=ret);//server2 returns err or ip... // do something else ewait r1; if (Buf == err) { free(Buf); } return Buf; } Can this assertion fail? continue; Asynchronously make unboundedly many lookups wait till the first return value that comes back. Asynchronously make unboundedly many lookups wait till the first return value that comes back. Ask two remote servers for an ip address wait for the first return value Ask two remote servers for an ip address wait for the first return value

34
Experimental Results #server#dimension#axiom#urule#bruleresulttime 2192091536950Uncover31.25s 322231483211664Uncover79.16s 425262264018326Uncover151.46s 528293307027392Uncover279.56s 631324663839366Uncover463.71s 6(buggy)31324007732805Cover63.58s

35
Summary CoverabilityVASBVAS Theory Practice EXPSPACE-complete [Lipton 76, Rackoff 78] Nondeterministically guess a doubly exponential covering path 2EXPTIME-complete [Demri et al. 09] Nondeterministically guess a doubly exponential covering tree Backward reachability [Abdulla et al. 96] [2EXPTIME: Bozelli & Ganty 11] EEC EEC [2EXPTIME] [EXPSPACE]

36
Questions? www.mpi-sws.org/~zilong

Similar presentations

OK

Model Checking Lecture 5. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

Model Checking Lecture 5. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Ppt on suspension type insulators organization Ppt on hepatitis c virus Ppt on chapter 3 atoms and molecules images Mems display ppt on tv Ppt on electric current and circuits Ppt on security features of atm machine Ppt on pricing policy objectives Ppt on will world end in 2012 Ppt on internal auditing process flowchart Ppt on tunnel diode application