SPIN
Seach Optimization Exhaustive search requires so much time and memory to perform verification realistically, must perform some shortcuts –reduce the number of reachable states –reduce the amount of memory required to represent a state
Agenda Search Algorithm Search Optimization –Reduction of the number of reachable states –Reduction of the amount of memory lossless method –State Compression –Minimized automaton representation lossy method –Bit state hashing –Bloom Filter –Hash Compact
Partial Order Reduction 考えられる実行順序 –1 : x = 1;g = g+2;y = 1 ;g = g*2; –2 : x = 1;y = 1 ;g = g+2 ;g = g*2; –3 : x = 1;y = 1 ;g = g*2 ;g = g+2; –4 : y = 1;g = g*2 ;x = 1 ;g = g+2; –5 : y = 1;x = 1 ;g = g*2 ;g = g+2; –6 : y = 1;x = 1 ;g = g+2;g = g*2; P1 : x = 1; g = g+2; P2 : y = 1 g = g*2
Partial Order Reduction x = 1 と y = 2 と (g = g + 2, g= g * 2) は独立 重要なのは g = g+2, g = g * 2 の順序のみ –2 : x = 1;y = 1 ;g = g+2 ;g = g*2; –3 : x = 1;y = 1 ;g = g*2 ;g = g+2; の二つについてのみ探索を行えば十分
Statement Merging if permissible, merge adjacent statements (operations) into one if there is a possibility that a different process might interleave between statements, this is not possible –eg: when global variables are accessed consecutively It is a special case of Partial Order Reduction adjacent: 隣接する
Agenda Search Algorithm Search Optimization –Reduction of the number of reachable states –Reduction of the amount of memory lossless method –State Compression –Minimized automaton representation lossy method –Bit state hashing –Bloom Filter –Hash Compact
State Compression 各プロセスの状態表現に P[bits] – プロセス数が n なら状態表現に nP[bits] 必要 – しかし P[bits] で表現される全ての状態に到達 するわけではない。 – よって P[bits] は情報量として冗長 – 各プロセス毎に到達した状態に unique な番号 を割り振って、全状態としてはその番号の組 み合わせを記憶する。
State Compression e.g. –P1 : integer x, y, z; P2 : integer a, b, c; –the size of memory to represent a state of each process is 24bits. –the number of reachable states is 5,000 –the number of reachable states of each process is 100 ( <= 256 = 2^8) If states is represented straightforwardly, you need … –( )*5,000 = 240,000 [bits] If you use this method, you need only … –( )* * 5,000 = 44,800 [bits]
Minimized automaton representation 状態が到達済みかどうかの判定を OBDD を 利用して行う。 OBDD –bit 列の入力に対して、真偽を判断するための データ構造 戦略 – 状態 S をビット列に変換 –OBDD で到達済みか判断。 – 到達済みでないなら、 OBDD を更新する。
OBDD BDD (Binary Decision Diagram) –bit 列 [b0,b1, …] に対して true, false を判定する automaton – 各 vertex が b0,b1, … に対応 edges が bit の値に対応 OBDD –BDD に以下の条件を加えたもの。 –b0,b1,b2, … の順に処理 – 同じ構造のツリーはまとめる。 – 冗長な vertex は除去
OBDD Structure b0b1 b2 F T (b0,b1,b2) ∈ { (0,0,0),(0,0,1),(1,0,1) } → True otherwise → False + (1,0,0)
Agenda Search Algorithm Search Optimization –Reduction of the number of reachable states –Reduction of the amount of memory lossless method –State Compression –Minimized automaton representation lossy method –Bit state hashing –Bloom Filter –Hash Compact
Bit state hashing Depth-first search constructs a set of reachable states to conclude whether a state was reached. The set is normally implemented using hash table.
Standard implementation Standard implementation uses –8×h + S×r [bits] h : the number of slots of a hash table S : the size of memory to represent a state r : the number of reachable states 8 : pointer m : total size of memory in the machine
Standard Implementation If parameters are... –m = 10^9 bits,S = 1000, r = 10^7 –(S ・ r)/m = 10 > 1 –coverage of the problem size is only 10%
Bit state hashing If we configure the hash table as an array of m bits, using it as a hash table with h = m slots..... –h >> r and coverage close to 100% –when a hash collision happens, we will conclude incorrectly that a state was visited before.
s0 s1 s2 s3 s4 s5 hash collision!! not reached h(s0) = 0, h(s1) = 5, h(s2) = 3, h(s3) = 2, h(s4) = 5, h(s5) = h(s0) h(s1) h(s2)h(s3)h(s4) This state was reached !?
Bloom Filters push (s) : existed = True hlist = hash(s,k) for h in hlist: if (hash_table[h] is False): existed = False hash_table[h] = True return existed hash(s,k): return [h0(s),h1(s),...., h_k_1(s)]
Bloom Filters (k = 2) h0(s0) = 0 h1(s0) = 1 h0(s1) = 0 h1(s1) = 3 h0(s2) = 3 h1(s2) = OK CollisionOK Collision False Collision
Bloom Filter After r states is stored, probability that a certain bit is still false is Probability that we incorrectly conclude that the (r + 1)th state was visited optimal k (that minimize probability) is
Bloom Filter e.g. –r = 10,000,000 –m = 1,000,000,000 –optimal value of k =
Hash Compact Normal Implementation な hash table に State では なく、 State を hash 関数を使って、より小さい空 間に写像したものを渡す。 – 当然、写像に使う hash 関数は hashtable 内で利用され ているものとは異ならなければならない。 the number of reachable states << hash 値の空 間の大きさ << State 空間の大きさの時効果を発 揮する。 前者の <<→ 衝突の確率が低い。 後者の <<→ 保存データサイズの縮小 要するに State 空間の表現が冗長だよってこと。