“Smart” State Spaces © Kurt Jensen Department of Computer Science University of Aarhus, Denmark kjensen@daimi.au.dk www.daimi.au.dk/~kjensen/ "Smart" State Spaces 19/09/2018

Basic idea of full state spaces A state space is a directed graph with: A node for each reachable state. An arc for each occurring transition. State spaces are used to investigate the behaviour of systems. 1 2 5 3 4 7 6 8 Cycle Initial State Deadlock "Smart" State Spaces 19/09/2018

State spaces - pro/contra State spaces are powerful and easy to use. Construction and analysis can be automated. Users do not need to know the mathematics behind the analysis methods. The main drawback is the state explosion, i.e., the size of the state space. It is interesting to develop “smart” state space techniques – where we generate condensed state spaces without loosing analytic power. "Smart" State Spaces 19/09/2018

General techniques The work presented in this talk is based on Coloured Petri Nets models. Modelling language for systems where synchronisation, communication, and resource sharing are important. Combination of Petri Nets and functional programming languages. The state space techniques are general and hence they can be used for all kinds of transition systems. This talk will also be general, and no prior knowledge of Coloured Petri Nets is required. "Smart" State Spaces 19/09/2018

CPN model of simple protocol Packets may be lost on the network and then they are retransmitted. "Smart" State Spaces 19/09/2018

Statistics – full state spaces Limit: 1 2 3 4 5 6 Nodes 33 428 3,329 18,520 82,260 310,550 Arcs 44 1,130 12,825 91,220 483,562 2,091,223 Rapid growth when system parameters increase. "Smart" State Spaces 19/09/2018

Smart state spaces Fortunately, it is often possible to construct much smaller state spaces – without loosing information. This is done by exploiting: Symmetric states. States with equivalent behaviour. Progress measure. Sweep-line method. Concurrency between transitions. Stubborn sets, sleep sets, etc (not covered in this talk). In this talk, I will not discuss techniques to represent a given set of states in a more compact way, i.e. BDDs, etc. "Smart" State Spaces 19/09/2018

Part 1: Condensation by symmetries "Smart" State Spaces 19/09/2018

Protocol with several receivers A = Packet has been Sent B = Packet ready to be Received C = Packet has been Received D = Ack ready to be Received "Smart" State Spaces 19/09/2018

State space for three receivers A = Packet has been Sent Init B = Packet ready to be Received Send Packet C = Packet has been Received 0 success Send Packet A Transmit Packet 1 success 2 suc cesses 3 successes B_ _ _B_ _ _B _BB B_B BB_ BBB Receive Packet C_ _ _C_ _ _C _CB _BC C_B B_C CB_ BC_ CBB BCB BBC The red nodes are symmetrical (equivalent ). They also have symmetrical: direct successor states, enabled transitions. It is sufficient to explore one of the red nodes – the others will have a symmetrical behaviour. "Smart" State Spaces 19/09/2018

Condensed state space for three receivers Init Send Packet A 3 Transmit Packet 1 2 B BB BBB Receive Packet C CB CBB Transmit Acknowledgment D B DB CC BB DBB CCB C DC 21 nodes instead of 62 nodes D DD "Smart" State Spaces 19/09/2018

Symmetries states are mapped into states, A symmetry specification is a set of functions F  [S  T  S  T] such that: states are mapped into states, transitions are mapped into transitions. "fÎF: (f½S)Î[S ® S] Ù (f½T)Î[T ® T]. Each element of F is called a symmetry. Note: “Transition” means a change from one state to another. For a CP-net it would be a pair (t,b), where t is a CPN transition. b is a binding for t. "Smart" State Spaces 19/09/2018

Equivalent states Two states s and s* are equivalent iff there exist a symmetry f that maps s into s* : s ≈S s*   Û   $fÎF: s* = f(s). Two transitions t and t* are equivalent iff there exist a symmetry f that maps t into t* : t  ≈T t*   Û   $fÎF: t* = f(t). We demand that (F,°) is an algebraic group. This implies that: ≈S and ≈T are equivalence relations. "Smart" State Spaces 19/09/2018

Consistency We demand that equivalent states must have: equivalent enabled transitions leading to equivalent direct successor states. t f(t) s1 s2   Û  f(s1) f(s2). Important, crucial for the technique We also demand the initial state to be: fully symmetrical. f(s0) = s0. Technical convenience making things a bit simpler "Smart" State Spaces 19/09/2018

State spaces with symmetries State spaces with symmetries are constructed in the same way as ordinary state spaces, except that: Before adding a new node we check whether the state is equivalent to the state of an existing node. Before adding a new arc we check whether the transition is equivalent to the transition of an existing arc (from the same source node). State spaces with symmetries can be used to investigate the same kinds of behavioural properties as ordinary state spaces. "Smart" State Spaces 19/09/2018

Statistics – symmetries Limit = Receivers 2 3 4 (3 packets) 5 (2 packets) 6 Nodes Full 921 22,371 172,581 486,767 5,917,145 Sym 477 4,195 9,888 8,387 24,122 Ratio 1.93 5.33 17.45 58.04 245.30 Arcs 1,832 64,684 671,948 2,392,458 35,068,448 924 11,280 32,963 31,110 101,240 1.98 5.73 20.38 76.90 346.39 Perms n! 24 120 720 Good reduction. "Smart" State Spaces 19/09/2018

Part 2: Condensation by equivalence relations "Smart" State Spaces 19/09/2018

We can be more general Above, we have defined the equivalence relations for states and transitions from a set of symmetry functions. Instead we may define the equivalence relations directly (i.e. from scratch). An equivalence specification is a pair (≈S ,≈T) where: ≈S is an equivalence relation on the set of all states. ≈T is an equivalence relation on the set of all transitions. "Smart" State Spaces 19/09/2018

Consistency As before, we demand that equivalent states must have: equivalent enabled transitions. equivalent direct successor states, t a b ≈S ≈T a* ≈S t* b* This is a weaker requirement than the one which we had for symmetries. As an example, we no long demand two equivalent states to have the same number of direct successors. "Smart" State Spaces 19/09/2018

State spaces with equivalence classes State spaces with equivalence classes are constructed in the same way as state spaces with symmetries. They can be used to investigate the same kinds of behavioural properties – but only up to equivalence. State spaces with symmetries is a special case of state spaces with equivalence classes – they have stronger proof rules. "Smart" State Spaces 19/09/2018

Intermediate state of protocol Receiver expects packet no. 6. Sender is still sending packet no. 5. This packet will be ignored. It is old. max(n,k) This acknowledg-ment will also be ignored. It is old. "Smart" State Spaces 19/09/2018

Statistics – equivalence classes Limit: 1 2 3 4 5 6 Nodes Full 33 293 1,829 9,025 37,477 136,107 Equiv 155 492 1,260 2,803 5,635 Ratio 1.0 1.89 3.72 7.16 13.37 24.15 Arcs 44 764 6,860 43,124 213,902 891,830 383 1,632 5,019 12,685 28,044 1.99 4.20 8.59 16.86 31.80 Good reduction. "Smart" State Spaces 19/09/2018

Part 3: Sweep lines This is not a condensation technique, but a way to avoid to have the entire state space in memory at the same time. "Smart" State Spaces 19/09/2018

Simple protocol The two counters are monotonously increased. max(n,k) They can be used as a progress measure. "Smart" State Spaces 19/09/2018

set with linear or partial order ≤ Progress measure set with linear or partial order ≤ PM : STATES  A function all states Monotonous (non-decreasing): X Y PM(X) ≤ PM(Y) Protocol: (NextSend,NextRec) lexicographical ordering. "Smart" State Spaces 19/09/2018

States sorted by progress measure Initial state Progress measure "Smart" State Spaces 19/09/2018

Construction of state space All nodes to be processed are in front of the sweep-line. All arcs go left-to-right or vertical. All new nodes will be added in front of the sweep-line. We do not need the nodes behind the sweep-line. They can be deleted from memory. sweep-line sweep-line Processed Unprocessed "Smart" State Spaces 19/09/2018

We continue the construction sweep-line The sweep-line moves from left to right. In front of it, we add new nodes. Behind it, we remove nodes. "Smart" State Spaces 19/09/2018

Statistics – sweep-line Limit: 1 2 3 4 5 6 Nodes Full 33 293 1,829 9,025 37,477 136,107 Sweep 134 758 4,449 20,826 82,586 Ratio 1.0 2.19 2.41 2.03 1.80 1.65 Some reduction, but not that impressive. "Smart" State Spaces 19/09/2018

Statistics – sweep-line Limit = 4 Packets: 4 5 6 7 8 Nodes Full 9,025 20,016 38,885 68,720 113,121 Sweep 4,449 8,521 14,545 22,905 33,985 Ratio 2.03 2.35 2.67 3.00 3.33 A little bit better. Much better for some kinds of systems (please see the literature). "Smart" State Spaces 19/09/2018

Sweep-line method – pro/contra We can construct larger state spaces, since we do not need to have all states in memory at the same time. In a timed CP-net we can use the global clock as a progress measure – time never goes backwards. “Problems”: Analysis must be done on the-fly. To deal with reactive systems we need to be able to use non-monotonous progress measures. Counter examples are more difficult to construct, since part of the state space has been deleted from memory. "Smart" State Spaces 19/09/2018

Conclusions The different state space techniques complement each other. They exploit different system properties: Symmetric states. States with other kinds of equivalent behaviour. Progress measure. Concurrency between transitions. The different state space techniques can be combined, i.e., used simultaneously. More information: www.daimi.au.dk/CPnets/ "Smart" State Spaces 19/09/2018