Presentation is loading. Please wait.

Presentation is loading. Please wait.

Large Scale External Directed Liveness Checking Stefan Edelkamp Shahid Jabbar Computer Science Department University of Dortmund, Dortmund, Germany.

Published byElaine Watson Modified over 8 years ago

Similar presentations

Presentation on theme: "Large Scale External Directed Liveness Checking Stefan Edelkamp Shahid Jabbar Computer Science Department University of Dortmund, Dortmund, Germany."— Presentation transcript:

1 Large Scale External Directed Liveness Checking Stefan Edelkamp Shahid Jabbar Computer Science Department University of Dortmund, Dortmund, Germany

2 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 2 Model Checking  Given A model of a system. A specification property  Model Checking Problem: Does the system satisfy the property ?  An exhausting exploration of the state space.  Problem: How to cope with large state spaces that do not fit into the main memory?  In Practice: successes in finding bugs.

3 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 3 Directed Model Checking (Edelkamp, Leue, Lluch-Lafuente, 2004)  A guided search in the state space.  Usually by some heuristic estimate.  Only promising states are explored.  Under certain conditions proved to be optimal.  Short error trails Better for human comprehension  Problem: The inevitable demands of the model.. Space, space and space.

4 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 4 A* Algorithm  A heuristic estimate is used to guide the search. E.g. Straight line distance from the current node to the goal in case of a graph with a geometric layout.  Problems: A* needs to store all the states during exploration. A* generates large amount of duplicates that can be removed using an internal hash table – only if it can fit in the main memory. A* do not exhibit any locality of expansion. For large state spaces, standard virtual memory management can result in excessive page faults.

5 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 5 Problem with the Virtual Memory 0x000…000 0xFFF…FFF Virtual Address Space Memory Page

6 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 6 External Memory Model (Aggarwal and Vitter) Input of size N and N >> M M B Disk If the input size is very large, running time depends on the I/Os rather than on the number of instructions. Scan(N) = O(N / B) Sort(N) = O(N/B log M/B N/B)

7 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 7 External BFS (Munagala & Ranade) A t t+1 t+2 BCDBCD XYZAXXYZAX AXYZAXYZ XYZXYZ Duplicates’ Removal I: Remove Duplicates by sorting the nodes according to the indices and doing an scan and compaction phase. II: Subtract layers t and t+1 from t+2.

8 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 8 Set A* (Jensen, Veloso, Bryant 2000)  Consistent heuristic estimates. => ∆h ={-1,0,1,…} g 0 1 2 3 4 5 0123456 h A Bucket !!

9 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 9 External A* [Edelkamp, Jabbar, and Schroedl, 2004]  Buckets represent temporal locality – cache efficient order of expansion.  If we store the states in the same bucket together we can exploit the spatial locality.  Munagala and Ranade’s BFS and Korf’s delayed duplicate detection for implicit graphs. External A*

10 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 10 External Search For Model Checking [Jabbar and Edelkamp VMCAI – 05] + Uses Harddisk to store the state space divided in the form of Buckets. + Implemented on top of SPIN model checker. + Promising: Largest exploration so far took ~20 GB – much larger than even the address limits of most computers. + Pause and Resume support – Can add more harddisks. Problems: - Slow duplicate detection phase - Internal Processing Time >> External I/O time

11 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 11 External Parallel DMC [Jabbar and Edelkamp VMCAI – 06] + Internal work distributed over multiple processors; might even be separate machines connected over a network. + Inter-process communications through simple files. + Workload transferred in bulks rather than individual states. + Promising: Almost a linear speed-up on multiple-processors machines.

12 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 12 Liveness Property Accepting State Head of Lasso  Search for a cycle that visits an accepting state infinitely often.  Perform Nested Depth-first search that look for a state that is already residing on the stack (Holzmann ). Initial State DFS does not show any locality => Not Suitable for External Search!

13 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 13 Liveness as Safety (Schuppan and Biere, 2005) Accepting State Head of Lasso Initial State Head of Lasso  Explicitly unroll the lasso.  Search for the head again.

14 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 14 Liveness as Safety: Extended State Description  Piggyback the head of lasso on the state and search for it! State State 0 0 Start State Head 1 0 Head of lasso found State Head 1 1 Accepting state found Head Head 1 1 Head found again!

15 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 15  They said: Every state! O(|V| 2 )  We say: Only the accepting states! O(|V| x |F|) What makes a state, Head of Lasso ?

16 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 16 Algorithm: Heuristic Search for Livenss as Safety  Stage 1: For a state (s,s,0), perform a directed search for an accepting state s’ in the never-claim. When found Spawn two children:  (s, s, 1) : Head of lasso found!  (s, s, 0) : Head of lasso not found!  Stage 2: For a state (s, s’, 1), perform a directed search for s’. s’ might not form a cycle! – So keep searching!

17 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 17 Heuristics for the first stage – Head of the lasso  We want to reach an accpeting state in the never-claim faster! Model Never-claim H N = min{  (c,a 1 ),  (c,a 2 ),  (c,a 3 ) } c a1a1 a2a2 a3a3  is the shortest path distance between two states and can be pre-computed.

18 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 18 Heuristics for the second stage – Close the lasso  We want to reach a particular state (in red) in both the model and the never-claim from my current state (in blue). Model Never-claim H = max{H N, H M } c a1a1 a2a2 a3a3

19 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 19 External Directed LTL Model Checking Arrives at the final state 0 1 2 3 4 Arrives again at the same final state Same states in both parts Current state Already seen final state

20 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 20 I/O Complexity External memory algorithms are evaluated on the number of I/Os.  Expansion: Linear I/O O ( Scan ( |V| x |F| ))  Delayed Duplicate Detection: Removing duplicates from the same buffer: O ( sort ( |E| x |F| )) Subtracting previous levels: O ( l x Scan ( |V| x |F| )); where l is the length of the found counterexample. I/O Complexity = O ( sort ( |E| x |F| ) + l x Scan ( |V| x |F| ))

21 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 21 LTL Model Checking in 2-Elevator ExpandedInsertedTimeLength I/O- HSF- SPIN External A* 2,090,9332,275,7781m18s67+34 External BFS 2,642,5752,827,0732m3.96s67+34 TransitionsStoredTimeLength SPIN 4.2 Nested DFS 33,90011,1490m0.064s109+100 SPIN is Fast!

22 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 22 LTL Model Checking in SGC Protocol (Zhang, 1999) ExpandedInsertedTimeLength I/O- HSF- SPIN External A* 1783690m1.318s15+5 External BFS 1,3431,4270m0.787s15+5 TransitionsStoredTimeLength SPIN 4.2 Nested DFS 155,9638,5001m47s18+5 BFS is faster! External A* had to flush several unfilled buffers to the disk

23 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 23 LTL Model Checking in 64-Dining Philosphers ExpandedInsertedTimeLength I/O- HSF- SPIN External A* 2,298127,8130m6.108s196+2 External BFS 2,29847,1180m13.549 s 196+2 SPIN 4.2 Nested DFS -out-of-mem Several states are inserted but no refinment is done on them and hence faster

24 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 24 TimeSecondary Memory Length 1 Processor --- 2 Processors 5m53.96s4.7 gigabytes388+2 3 Processors 4m7.13s5.28 gigabytes 388+2 Multiple Processors Machine Parallel LTL Model Checking in 124-Dining Philosphers

25 Shahid Jabbar (Dortmund)External Directed Model Checking Liveness 25 Summary  Schuppan and Biere approach => liveness as reachability.  Liveness requires searching for an acceptance cycle A path to a previously seen state that also visits an accepting state.  Save a tuple of states.  Two new heuristics to accelerate the search.

Download ppt "Large Scale External Directed Liveness Checking Stefan Edelkamp Shahid Jabbar Computer Science Department University of Dortmund, Dortmund, Germany."

Similar presentations

BEST FIRST SEARCH - BeFS

BEST FIRST SEARCH - BeFS
Algorithm Engineering Parallele Suche Stefan Edelkamp.

Algorithm Engineering Parallele Suche Stefan Edelkamp.
Garbage collection David Walker CS 320. Where are we? Last time: A survey of common garbage collection techniques –Manual memory management –Reference.

Garbage collection David Walker CS 320. Where are we? Last time: A survey of common garbage collection techniques –Manual memory management –Reference.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Solving Problem by Searching

Solving Problem by Searching
Accelerating External Search with Bitstate Hashing Stefan Edelkamp Shahid Jabbar Computer Science Department University of Dortmund, Dortmund, Germany.

Accelerating External Search with Bitstate Hashing Stefan Edelkamp Shahid Jabbar Computer Science Department University of Dortmund, Dortmund, Germany.
File Systems.

File Systems.
CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.

CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.
ICS-171:Notes 4: 1 Notes 4: Optimal Search ICS 171 Summer 1999.

ICS-171:Notes 4: 1 Notes 4: Optimal Search ICS 171 Summer 1999.
CPSC 322, Lecture 5Slide 1 Uninformed Search Computer Science cpsc322, Lecture 5 (Textbook Chpt 3.4) January, 14, 2009.

CPSC 322, Lecture 5Slide 1 Uninformed Search Computer Science cpsc322, Lecture 5 (Textbook Chpt 3.4) January, 14, 2009.
CS171 Introduction to Computer Science II Graphs Strike Back.

CS171 Introduction to Computer Science II Graphs Strike Back.
1 External Sorting Chapter 13. 2 Why Sort?  A classic problem in computer science!  Data requested in sorted order  e.g., find students in increasing.

1 External Sorting Chapter Why Sort?  A classic problem in computer science!  Data requested in sorted order  e.g., find students in increasing.
Query Evaluation. An SQL query and its RA equiv. Employees (sin INT, ename VARCHAR(20), rating INT, age REAL) Maintenances (sin INT, planeId INT, day.

Query Evaluation. An SQL query and its RA equiv. Employees (sin INT, ename VARCHAR(20), rating INT, age REAL) Maintenances (sin INT, planeId INT, day.
CMPT 300: Final Review Chapters 8 – 12. 2 Memory Management: Ch. 8, 9 Address spaces Logical (virtual): generated by the CPU Physical: seen by the memory.

CMPT 300: Final Review Chapters 8 – Memory Management: Ch. 8, 9 Address spaces Logical (virtual): generated by the CPU Physical: seen by the memory.
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Blind State-Space Search Notes for Ch.11 of Bratko For CSCE 580 Sp03 Marco.

UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Blind State-Space Search Notes for Ch.11 of Bratko For CSCE 580 Sp03 Marco.
Review: Search problem formulation

Review: Search problem formulation
FALL 2006CENG 351 Data Management and File Structures1 External Sorting.

FALL 2006CENG 351 Data Management and File Structures1 External Sorting.
Query Optimization 3 Cost Estimation R&G, Chapters 12, 13, 14 Lecture 15.

Query Optimization 3 Cost Estimation R&G, Chapters 12, 13, 14 Lecture 15.
1 Completeness and Complexity of Bounded Model Checking.

1 Completeness and Complexity of Bounded Model Checking.
External Memory Algorithms Kamesh Munagala. External Memory Model Aggrawal and Vitter, 1988.

External Memory Algorithms Kamesh Munagala. External Memory Model Aggrawal and Vitter, 1988.

Similar presentations

Ads by Google