Presentation is loading. Please wait.

Presentation is loading. Please wait.

Efficient Hybrid Reachability Analysis for Asynchronous Concurrent Systems E. Pastor and M.A. Peña Department of Computer Architecture Technical University.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Efficient Hybrid Reachability Analysis for Asynchronous Concurrent Systems E. Pastor and M.A. Peña Department of Computer Architecture Technical University."— Presentation transcript:

1 Efficient Hybrid Reachability Analysis for Asynchronous Concurrent Systems E. Pastor and M.A. Peña Department of Computer Architecture Technical University of Catalonia (UPC) Barcelona, Spain

2 Context and Goals Hybrid Strategy for Reachability Analysis oriented to Asynchronous Concurrent Systems Why hybrid state exploration? The system is too large An early counter-example is required with low computation cost Why special focus on concurrent systems? Performance of classical state exploration is low Structure of the state space can be partially analyzed

3 Context and Goals Environment a b c d a Simple example: Initial State: a = 1, b = c = d = 0 a is ready to fall

4 Context and Goals Environment a b c d a a- c+ b+ d+ c+ b+ d+ a+... Transition Systems: FSM-like model States, transitions and events State generation: Initial state + transition relation  reachable states Iterate until fix-point

5 Outline Background Overview of the hybrid strategy Causality analysis State space exploration by simulation Guided-traversal Experimental results Conclusions

6 Background: Transition Systems a- c+ b+ d+ c+ b+ d+ a+... 1000 0000 0010 0100 0111 1111 0011 0110 abcd 4 Boolean variables a- c+ b+ d+ c+ b+ d+ a+... s0s0 s1s1 s3s3 s2s2 s4s4 s5s5 s6s6 s7s7

7 Background: Transition Systems a- c+ b+ d+ c+ b+ d+ a+... 1000 0000 0010 0100 0111 1111 0011 0110 abcd Fr(c+) = {0000, 0100} Tr(c+) Disjunctive TR: Each event TR Tr(e) is manipulated separately

8 Background: Transition Systems Breadth First Search (BFS) state exploration does not exploit the peculiarities of concurrent systems Much efficient results are obtained by using a mixed (BFS/DFS) called chaining: firing order is crucial s0 s1 a s2 b s3 ba s1 a s2 b s3 ba BFSchained BFS

9 Background: Transition Systems Breadth First Search (BFS) state exploration does not exploit the peculiarities of concurrent systems Much efficient results are obtained by using a mixed (BFS/DFS) called chaining: firing order is crucial s0 s1s2 b s3 ba s1 a s2 b s3 ba BFSchained BFS a

10 Background: Transition Systems Breadth First Search (BFS) state exploration does not exploit the peculiarities of concurrent systems Much efficient results are obtained by using a mixed (BFS/DFS) called chaining: firing order is crucial s0 s1 a s2 b s3 ba s1 a s3 ba BFSchained BFS s2 b

11 Background: Transition Systems Breadth First Search (BFS) state exploration does not exploit the peculiarities of concurrent systems Much efficient results are obtained by using a mixed (BFS/DFS) called chaining: firing order is crucial s0 s1 a s2 b s3 ba s1 a s3 ba BFSchained BFS s2 b

12 Background: Transition Systems Breadth First Search (BFS) state exploration does not exploit the peculiarities of concurrent systems Much efficient results are obtained by using a mixed (BFS/DFS) called chaining: firing order is crucial s0 s1 a s2 b s3 ba s1 a s2 b s3 ba BFSchained BFS

13 s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d

14 s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS chained BFS {a,b,c,d,e,f,g}{e,a,g,c,b,f,d}{a,b,c,d,e,f,g}

15 s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS {a,b,c,d,e,f,g} {e,a,g,c,b,f,d} chained BFS

16 s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS {a,b,c,d,e,f,g} {e,a,g,c,b,f,d} chained BFS

17 s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS {a,b,c,d,e,f,g} {e,a,g,c,b,f,d} chained BFS

18 s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS {a,b,c,d,e,f,g} {e,a,g,c,b,f,d} chained BFS

19 s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS {a,b,c,d,e,f,g} {e,a,g,c,b,f,d} chained BFS

20 s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS {a,b,c,d,e,f,g}{a,b,c,d,e,f,g}{a,b,c,d,e,f,g}{a,b,c,d,e,f,g}{e,a,g,c,b,f,d}{e,a,g,c,b,f,d} chained BFS

21 Overview of the hybrid strategy First phase: Simulation strategy using an automatic branching exploration of the state space. Classical simulation algorithm, but… Separate choice from concurrency Causality analysis is used to identify branching states Concurrency alternatives are avoided to be explored later

22 Overview of the hybrid strategy Second phase: Traversal of a subset of the state-space driven by the causality obtained from the simulation. Alternative sequences are used to drive a pseudo-traversal algorithm This traversal algorithm generates additional sequences equivalent to the original “modulo” concurrency States are generated in a single pass. No fix-point iteration is necessary

23 Causality analysis Causality analysis is key to identify alternative branching sequences and differentiate them from interleaving due to concurrency. Types of causality to be encountered: Concurrency Symmetric conflict Asymmetric conflict

24 Causality analysis Concurrency between a and b: both events can be executed interleaved s0 s1 a s2 b s3 ba

25 Causality analysis Symmetric conflict between a and b: each branch is mutually exclusive s0 s1 a s2 b

26 Causality analysis Asymmetric conflict between a and b: one branch disables the other s0 s1 a s2 b s3 b

27 State space exploration Simulation algorithm: Keep a list of “active” state sequences to be explored Take a sequence and analyze the bottom state: 1. Select an enabled event 2. If concurrent to all other successors then extend the sequence 3. If in conflict, duplicate the sequence and force the exploration the selected event in one, and disable the event in the other 4. Keep both sequences active Exploration of a sequence stops (and stored) when: 1. Some state is already reached 2. Maximum exploration depth reached 3. Error condition identified

28 State space exploration branching states First phase: simulation alternative sequences State Space Initial State

29 Guided traversal Second phase: expansion 1.Sequence selection 2.Causality extraction 3.Traversal guided by causality State Space Initial State

30 Guided traversal Second phase: expansion 1.Sequence selection 2.Causality extraction 3.Traversal guided by causality State Space Initial State expanded sequences

31 Guided traversal x a a a b b b c c c c c g g g g b b d d y g A single sequence is a snapshot of the causality in the system. Local causality can be extracted from a sequence by checking the enabling and firings of events at each state.

32 Guided traversal x a a a b b b c c c c c g g g g b b d d y g {x} {a,b} {b,c,g} {c,g} {d,g} {g} Ø x a b c d g

33 Guided traversal {x} {a,b} {b,c,g} {c,g} {d,g} {g} Ø x a b c d g a a x x g b b c c d d g Time-line The actual causality between events is determined by: Comparing the live-span of events A Causal Event Structure (CES) can by extracted.

34 Guided traversal {x} {a,b} {b,c,g} {c,g} {d,g} {g} Ø x a b c d g a a x x g b b c c d d g Time-line x a b c d g

35 Guided traversal {x} {a,b} {b,c,g} {c,g} {d,g} {g} Ø x a b c d g x a b c d g {x} {a,b} {a} {c,g} {d,g} {g} Ø x b a c d g {x} {a,b} {b,c,g} {b,g} {b} {d} Ø x a c g b d {x} {a,b} {b,c,g} {b,c} {c} {d} Ø x a g b c d Equivalent sequences modulo concurrency

36 Guided traversal x a b c d g x a a a b b b c c c c c g g g g b b d d y g

37 x a b c d g x a a a b b b c c c c c g g g g b b d d y g

38 x a b c d g x a a a b b b c c c c c g g g g b b d d y g

39 x a b c d g x a a a b b b c c c c c g g g g b b d d y g

40 x a b c d g x a a a b b b c c c c c g g g g b b d d y g

41 x a b c d g x a a a b b b c c c c c g g g g b b d d y g

42 x a b c d g All alternatives reached in a single pass x a a a b b b c c c c c g g g g b b d d y g

43 Experiments: reachability analysis Examples: get as much states as possible GALS-C PCC-C RGA-A RGA-C IPCMOS-C 4 IPCMOS-C 6 BDD 13485 9120 10493 17480 8088 15191 States 381 306 142 221 179 263 CPU 0.5 1.2 0.3 0.6 BDD 16208 21185 33355 148711 99799 278575 States 1.2e3 9.8e5 1.0e9 9.1e12 8.05e9 1.75e14 CPU 0.8 3.7 2.7 17.4 21.6 14.9 IPCMOS-C 4 IPCMOS-C 6 13727 28481 133 241 0.3 0.9 151493 179577 1.16e7 9.15e9 25.6 32.9 STARI-C 8 141299564616.92837259.73e11126.0 SimulationTraversal States 1.2e3 9.8e5 3.3e9 5.4e13 8.15e9 1.78e14 CPU 0.2 2.7 6.1 46.0 44.1 19.1 1.16e7 9.15e9 48.4 27.3 1.07e1273.0 Fixpoint

44 Experiments: timed verification

45 Conclusions Concurrent systems require traversal strategies that differ from classical used in synchronous systems Incremental analysis of the state space exploiting structural information from the system is possible We suggest a two-step hybrid traversal methodology Simulation provides information from the structure of the state space (alternative branches and event causality) Traversal exploits that information to speed-up the generation of additional states However, traversal is too heavy due to extensive use of chaining (must find a trade-off)

Download ppt "Efficient Hybrid Reachability Analysis for Asynchronous Concurrent Systems E. Pastor and M.A. Peña Department of Computer Architecture Technical University."

Similar presentations

Exploiting SAT solvers in unbounded model checking

Exploiting SAT solvers in unbounded model checking
Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.

Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
Review: Search problem formulation

Review: Search problem formulation
Uninformed search strategies

Uninformed search strategies
Seyedehmehrnaz Mireslami, Mohammad Moshirpour, Behrouz H. Far Department of Electrical and Computer Engineering University of Calgary, Canada {smiresla,

Seyedehmehrnaz Mireslami, Mohammad Moshirpour, Behrouz H. Far Department of Electrical and Computer Engineering University of Calgary, Canada {smiresla,
Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.

Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Partial Order Reduction: Main Idea

Partial Order Reduction: Main Idea
Hardware and Petri nets Symbolic methods for analysis and verification.

Hardware and Petri nets Symbolic methods for analysis and verification.
CLASSICAL PLANNING What is planning ?  Planning is an AI approach to control  It is deliberation about actions  Key ideas  We have a model of the.

CLASSICAL PLANNING What is planning ?  Planning is an AI approach to control  It is deliberation about actions  Key ideas  We have a model of the.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Problem Solving by Searching Copyright, 1996 © Dale Carnegie & Associates, Inc. Chapter 3 Spring 2007.

Problem Solving by Searching Copyright, 1996 © Dale Carnegie & Associates, Inc. Chapter 3 Spring 2007.
Timed Automata.

Timed Automata.
Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.

Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.

CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.
Compatibility between shared variable valuations in timed automaton network model- checking Zhao Jianhua, Zhou Xiuyi, Li Xuandong, Zheng Guoliang Presented.

Compatibility between shared variable valuations in timed automaton network model- checking Zhao Jianhua, Zhou Xiuyi, Li Xuandong, Zheng Guoliang Presented.
Combining Symbolic Simulation and Interval Arithmetic for the Verification of AMS Designs Mohamed Zaki, Ghiath Al Sammane, Sofiene Tahar, Guy Bois FMCAD'07.

Combining Symbolic Simulation and Interval Arithmetic for the Verification of AMS Designs Mohamed Zaki, Ghiath Al Sammane, Sofiene Tahar, Guy Bois FMCAD'07.
Problem Solving Agents A problem solving agent is one which decides what actions and states to consider in completing a goal Examples: Finding the shortest.

Problem Solving Agents A problem solving agent is one which decides what actions and states to consider in completing a goal Examples: Finding the shortest.
Solving Problems by Searching Currently at Chapter 3 in the book Will finish today/Monday, Chapter 4 next.

Solving Problems by Searching Currently at Chapter 3 in the book Will finish today/Monday, Chapter 4 next.

Similar presentations

Ads by Google