Traversal techniques for concurrent systems Marc Solé & Enric Pastor Departament of Computer Architecture UPC

Introduction General objective: checking of safety properties in concurrent systems. Accomplished through Reachability Analisys. Lot of work done for synchronous systems, but not for concurrent ones. In this work: traversal methods for concurrent systems.

Concurrent systems particularities Transition relations (TR) partitioned in smaller independent parts (events). Each event is “ fired ” producing new states. s0 s1s2 s3 a ab b s0 s3 {a,b} SynchronousConcurrent

Traditional Approach Breadth First Search (BFS) does not take advantage of these particularities. Our proposal: schedule the application of the events in a hybrid approach (BFS/DFS).

Overview Hypothesis Speeding State Generation Causality Detection Four traversal methods Token traverse Weighed token traverse Dynamic event-clustered traverse TR cluster-closure traverse Results & Conclusions

Hypothesis “ The faster, the better ”. Intuition: if you need less iterations to complete the process, then the probabilities of encountering an intermediate “ big ” BDD diminish. Obviously not true in all cases.

s0 Speeding state generation Great results with a very simple technique: chaining. s1 a s2 b s3 ba s1 a s2 b s3 ba BFSBFS with chaining

s0 Speeding state generation Great results with a very simple technique: chaining. s1 a s2 b s3 ba s1 a s2 b s3 ba BFSBFS with chaining s1

Speeding state generation Great results with a very simple technique: chaining. s0 s1 a a s2 b b s3 b BFSBFS with chaining a s3 ba

Maximizing the chaining The order of event firing has a significant impact on the performance.

s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d

s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS BFS with chaining {a,b,c,d,e,f,g}{e,a,g,c,b,f,d}{a,b,c,d,e,f,g}

s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS BFS with chaining {a,b,c,d,e,f,g} {e,a,g,c,b,f,d}

s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS BFS with chaining {a,b,c,d,e,f,g} {e,a,g,c,b,f,d}

s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS BFS with chaining {a,b,c,d,e,f,g} {e,a,g,c,b,f,d}

s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS BFS with chaining {a,b,c,d,e,f,g} {e,a,g,c,b,f,d}

s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS BFS with chaining {a,b,c,d,e,f,g} {e,a,g,c,b,f,d}

s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS BFS with chaining {a,b,c,d,e,f,g} {e,a,g,c,b,f,d}

s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS BFS with chaining {a,b,c,d,e,f,g} {e,a,g,c,b,f,d}

s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS BFS with chaining {a,b,c,d,e,f,g} {e,a,g,c,b,f,d}

s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS BFS with chaining {a,b,c,d,e,f,g} {e,a,g,c,b,f,d}

s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS BFS with chaining {a,b,c,d,e,f,g} {e,a,g,c,b,f,d}

s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS BFS with chaining {a,b,c,d,e,f,g} {e,a,g,c,b,f,d}

s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS BFS with chaining {a,b,c,d,e,f,g} {e,a,g,c,b,f,d}

s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS BFS with chaining {a,b,c,d,e,f,g} {e,a,g,c,b,f,d}

s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d BFS BFS with chaining {a,b,c,d,e,f,g}{a,b,c,d,e,f,g}{a,b,c,d,e,f,g}{a,b,c,d,e,f,g}{e,a,g,c,b,f,d}{e,a,g,c,b,f,d}

Maximizing the chaining Information to obtain a good scheduling Causality analisys between events. Main idea: If I have fired event X, which events are fireable now.

Notation & Definitions The set of states in which an event is “ fireable ” is called Firing Function (FF). In fact, characteristic function of the set. Example: FF(a) s0 s1s2 s3s4s5 s6s7s8 s9s10s11 s12 a a b b b c c ed e b e a a d bf f g d

Causality Causality between TR a and TR b exists if: You can fire a, but not b. You fire a. Now you can fire b. FF(a)FF(b)

Causality Causality between TR a and TR b exists if: You can fire a, but not b. You fire a. Now you can fire b. FF(a) · !FF(b)

Causality To To = Firing a on FF(a)*!FF(b) Causality between TR a and TR b exists if: You can fire a, but not b. You fire a. Now you can fire b. a a a FF(a) · !FF(b)

Causality To FF(b) If this set exists [To · FF(b)   ] then event b potentially becomes fireable after event a Causality between TR a and TR b exists if: You can fire a, but not b. You fire a. Now you can fire b.

Causality Checking the causality for each pair of events, we can determine the causality relations between all the events in the system. This information can be stored in different ways (i.e. matix). For clarity we use a Petri-Net like model to represent these relations.

Petri Nets Structure to represent relationships (synchronicity/concurrency) between components. Three components: Places: potential state. Transitions: dynamic behaviour. Tokens: present state.

Causality Example: s0 s1s2 s3 s4 s5s6 s7 a a b b c a a b b ab c

Traversal methods

Token traverse Put one initial token in all fireable events. Fire the event with highest number of tokens. If firing does not generate any new state, then the token is “ absorbed ”. When all the tokens have been absorbed, compute the new states generated by this iteration. If no new, fixpoint reached, else restart.

Token traverse Example: s0 s1s2 s3 s4 s5s6 s7 a a b b c a a b b ab c

Token traverse Example: s0 s1s2 s3 s4 s5s6 s7 a a b b c a a b b ab c Same number of tokens in a and b : Chose at random which to fire

Token traverse Example: s0 s1s2 s3 s4 s5s6 s7 a a b b c a a b b ab c Same number of tokens in b and c : Chose at random which to fire

Token traverse Example: s0 s1s2 s3 s4 s5s6 s7 a a b b c a a b b ab c Worst case: c is fired No new state produced, token absorbed

Token traverse Example: s0 s1s2 s3 s4 s5s6 s7 a a b b c a a b b ab c

Token traverse Example: s0 s1s2 s3 s4 s5s6 s7 a a b b c a a b b ab c

Problems with Token Traverse Ineffective firings. As in the case of event c in the previous example. s0 s1s2 s3 a a b b c ab c

Problems with Token Traverse To solve this problem and produce a better scheduling we can try to relate: number of tokens in one place number of states in which this event is fireable.

Weighed Token Traverse Every time an event is fired, for each successor, we add a number of tokens equal to the number of states in which this successor is fireable. s0 s1s2 s3 a a b b c ab c

Weighed Token Traverse In the former example, token from place a is now actually absorbed, as state s1  FF(c). s0 s1s2 s3 a a b b c ab c

Weighed Token Traverse This solves ineffective firing problem, but increases BDD operations. For each firing we must perform k AND operations, being k the number of successors of an event. Fortunately, in our benchmarks k is usually small (<4).

Weighed Token Traverse However this method does not consider the fireable states produced by concurrent events. s0 s1s2 s3 a a b b c ab c 2 states but only 1 token

Best fireable event? Both previous methods try to find out which is the best fireable event at every moment. A possible heuristic: fire the event that will produce more states. Events are usually bijective functions, so the problem is equivalent to find out which event has more states in which it is fireable.

Best fireable event? For each event, keep track of the number of states in which it is fireable. Every event has its own from set, that is the smaller BDD from the following: The global from or, The set formed only by its fireable states. Dynamic event-clustered traverse

s0 s1s2 s3 s4 s5s6 s7 a a b b c a a b b Event a Event b Event c s0 Ø

Dynamic event-clustered traverse s0 s1s2 s3 s4 s5s6 s7 a a b b c a a b b Event a Event b Event c s0 Ø Ø s1

Dynamic event-clustered traverse s0 s1s2 s3 s4 s5s6 s7 a a b b c a a b b Event a Event b Event c Ø Ø Ø s2s3

There is a limit? If we had the perfect algorithm that selected always the best fireable event, would it be possible to go faster than that?

There is a limit? TRs may be combined. We can compute the transitive closure of these new TRs. a b OriginalCombinedClosure ab ab ab

TR cluster-closure traverse Main idea: keep combining and closuring TRs until we reach a threshold limit (BDD size). Advantages: Reduces considerably the number of steps needed to complete the traversal. This method is orthogonal with the previous ones

TR cluster-closure traverse Drawbacks: Setup time may be not negligeable if the TRs to combine are not selected carefully. New TRs are bigger and usually have more variables.

Results RGD-arbiter [1], 63 vars, 47 events, reachable set has e+13 states. BFS BFS chain TOK WTOK DEC TRCC man Steps#EventsPeakTime (s) >38>1786>1755> N/A [1] M. R. Greenstreet et al, Proceedings of 5 th Int. Symp. on ARACS, pp , IEEE, Apr. 1999

Results STARI(16) [2], 100 vars, 100 events, reachable set has e+22 states. BFS BFS chain TOK WTOK DEC TRCC man Steps#EventsPeakTime (s) >329>33000-> >34N/A>1590> N/A [2] M. R. Greenstreet, STARI: A TECHNIQUE for High-Bandwidth COMMUNICATION, PhD. Thesis, 1993

Conclusions Scheduling of individual application of TRs can improve the traversal process. Reducing the number of iterations, helps avoiding the BDD blowups. Four scheduling heuristics introduced. Each one has its own strengths and weaknesses, depending on the class of the system.