Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fair Cycle Detection: A New Algorithm and a Comparative Study Fabio Somenzi University of Colorado at Boulder.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Fair Cycle Detection: A New Algorithm and a Comparative Study Fabio Somenzi University of Colorado at Boulder."— Presentation transcript:

1 Fair Cycle Detection: A New Algorithm and a Comparative Study Fabio Somenzi University of Colorado at Boulder

2 Acknowledgement This talk is the conflation of –Kavita Ravi, Roderick Bloem, and Fabio Somenzi, “A comparative study of symbolic algorithms for the computation of fair cycles” –Roderick Bloem, Hal Gabow, and Fabio Somenzi, “An algorithm for strongly connected component analysis in n log n symbolic steps” Both presented at FMCAD00

3 Model Checking Given A finite state transition structure A property (set of admissible behaviors) usually specified as –Temporal logic formula –  -regular automaton Decide whether initial states of structure satisfy property

4 Properties Safety properties –violation described as finite path Liveness properties –infinite path (cycles)  -regular automata acceptance, fairness –Büchi, Muller, Rabin, Streett, L-process

5 SCC Decomposition Find all sets of nodes that can reach each other (Strongly Connected Components) –SCC is trivial if it contains no edges Central graph problem Tarjan’s algorithm is linear, but explicit Find a good implicit algorithm

6 Motivation Fair cycle detection algorithms –Symbolic vs. explicit state search Many symbolic algorithms, no systematic comparisons –What really makes the difference? Can we improve over O(n 2 ) ?

7 Outline Motivation  Introduction Fair cycle algorithms –A general framework Lockstep algorithm How do the different algorithms fare? Conclusions

8 Büchi Emptiness A Büchi automaton accepts at least a word if it has a nontrivial SCC that contains an accepting state Used in: –LTL model checking (Spin, SMV) –Fair CTL model checking (VIS, SMV) –Language-containment checking (COSPAN) If language not empty, produce witness

9 Notation CTL –EX, EU, EG, EF (future tense, backward) –EY, ES, EH, EP (past tense, forward) Fixpoint operators – ,

10 Symbolic Algorithms Sets are represented by their characteristic functions No loops over the elements of sets Instead: –Union, intersection, complementation –Check for equality (emptiness) –(Choice of one element) –Image (EY), preimage (EX)

11 Symbolic Complexity Number of variables is important Sets of nodes have 1 set of variables Transition relation has 2 sets Number of variables sets for operations: Boolean operations: 1 set Image, preimage: 2 sets Transitive closure: 3 sets Our Measure is number of steps: image and preimage Keep transition relation constant!

12 Known Complexity Measured in nodes (n) Known results (symbolic): –SCC decomposition: O(n 2 ) [Xie & Beerel 99] –Büchi emptiness: O(n 2 ) [Emerson & Lei 86] We also measure number of steps as function of number of nodes, but…

13 Interesting Parameters n : number of states d : Diameter of the graph –Largest (finite) of the shortest distances between two nodes h : Height of the SCC quotient graph –How many SCCs we can have along a path N : Number of SCCs N’ : Number of nontrivial SCCs C’ : Number of fairness constraints

14 Outline Motivation Introduction  Fair cycle algorithms –A general framework Lockstep algorithm How do the different algorithms fare? Conclusions

15 Symbolic Fair Cycle Computations Fair Cycle Empty set No SCC hull Yes (set of states that contain fair SCCs) Refinement Check if each SCC is fair Symbolic SCC enumeration

16 SCC Hull Algorithms Generic SCC Hull algorithm (GSH) Emerson-Lei Hojati et al. Kesten et al. Hardin et al.

17 Generic SCC Hull Algorithm (GSH) SCC hull: a set of states that contains all fair SCCs Operators –T B : EX(Z), {E(Z U Z  c)} –T F : EY(Z), {E(Z S Z  c)} Algorithm: start with all states, at every iteration –choose and apply an operator from T B or T F (operator schedules) –converge when no change in state set under T B OR T F operators (weaker condition)

18 Instances of GSH: Different operator schedules Emerson-Lei: Z. EX E(Z U Z  c) (EU 1 EX) (EU 2 EX) (EU 1 EX) (EU 2 EX)... cCcC Hojati : Z. EG E(Z U Z  c) (EU 1 EU 2 ) EX… (EU 1 EU 2 ) EX... (EU 1 EU 2 ) EX... cCcC Hojati, Kesten: Z. EH E(Z S Z  c) (ES 1 ES 2 ) EY… (ES 1 ES 2 ) EY... (ES 1 ES 2 ) EY... cCcC Hojati, Hardin: Z. EG-H Z  EF(Z  c)  EP(Z  c) (EF, EP) (EY EX)... (EF, EP) (EY EX)... cCcC

19 Fair Terminal Initial 7 1 2 4 5 6 8 9 10 11 12 13 14 15 16 3 Trivial Non-trivial SCC Quotient Graph

20 Fair Terminal Initial 7 1 2 4 5 6 8 9 10 11 12 13 14 15 16 3 Trivial Non-trivial SCC Quotient Graph Emerson-Lei, Hojati

21 Fair Terminal Initial 7 1 2 4 5 6 8 9 10 11 12 13 14 15 16 3 Trivial Non-trivial SCC Quotient Graph Hojati, Kesten

22 Fair Terminal Initial 7 1 2 4 5 6 8 9 10 11 12 13 14 15 16 3 Trivial Non-trivial SCC Quotient Graph Hojati, Hardin

23 Fair Terminal Initial 7 1 2 4 5 6 8 9 10 11 12 13 14 15 16 3 Trivial Non-trivial SCC Quotient Graph GSH (T F convergence) GSH (T B convergence)

24 Generic SCC-Hull Algorithm T B : EX(Z), {E(Z U Z  c i )} T F : EY(Z), {E(Z S Z  c i )} GSH (G, I, T B,T F ) do Z’ = Z;  = PICK (T B - , T F -  ); Z =  (Z); until (CONVERGED(Z, Z’, T B,T F, ,  ))

25 Generic SCC-Hull Algorithm CONVERGED (Z, Z’, T B,T F, ,  )) if (Z  Z’)  = {}; return FALSE; else  =   {  } ; return T B    T F  

26 Complexity in Steps O(C’n 2 ) complexity –n : number of states –C’: number of fairness constraints –d : diameter of graph –N : Number of SCCs (N’: non-trivial) –h : height of the SCC quotient graph

27 Symbolic SCC Enumeration Algorithms Xie-Beerel IXB Bloem

28 Symbolic SCC Enumeration Find an SCC –pick a state v –compute the SCC of v as (EP(v)  EF(v)) Check if SCC is fair Recur on the partitions

29 EP(v) EF(v) Symbolic SCC enumeration Xie-Beerel –v is randomly chosen –EF(v), EP(v) are SCC-closed sets –Partition the state space –EG(partition) applied to trim –Complexity O(dN) 7 1 2 4 5 6 8 9 10 11 12 13 14 15 16 3

30 Symbolic SCC enumeration Improvements to Xie- Beerel –trim with EH(partition) in addition to EG(partition) Improves complexity –v is chosen from a priority queue Shortens prefix of counterexample 7 1 2 4 5 6 8 9 10 11 12 13 14 15 16 3

31 Outline Motivation Introduction Fair cycle algorithms –A general framework  Lockstep algorithm How do the different algorithms fare? Conclusions

32 Lockstep Algorithm Same basic approach as in Xie-Beerel: –Choose node v –Search backward and forward, SCC of v is intersection Perform two searches simultaneously for n log n performance

33 Lockstep by Example Stage 1: Search forward and backward until one converges Stage 2: Complete search to find SCC Stage 3: Recursion

34 Lockstep by Example Stage 1: Search forward and backward until one converges Stage 2: Complete search to find SCC Stage 3: Recursion

35 Lockstep by Example Stage 1: Search forward and backward until one converges Stage 2: Complete search to find SCC Stage 3: Recursion

36 Lockstep by Example Stage 1: Search forward and backward until one converges Stage 2: Complete search to find SCC Stage 3: Recursion

37 Lockstep by Example Backwards search converged! Stage 1: Search forward and backward until one converges Stage 2: Complete search to find SCC Stage 3: Recursion

38 Lockstep by Example Stage 1: Search forward and backward until one converges Stage 2: Complete search to find SCC Stage 3: Recursion

39 Lockstep by Example Stage 1: Search forward and backward until one converges Stage 2: Complete search to find SCC Stage 3: Recursion

40 Lockstep by Example Stage 1: Search forward and backward until one converges Stage 2: Complete search to find SCC Stage 3: Recursion

41 Lockstep by Example Stage 1: Search forward and backward until one converges Stage 2: Complete search to find SCC Stage 3: Recursion

42 Picture of Search Space Recur on Black and Blue & White: both are SCC-closed One of Black and Blue & White has < n/2 nodes. This is S V

43 Analysis: Charging Amortized analysis: charge to nodes and count total charge In Stage 1: at most |S + C | steps –Charge 1 to every node in S and C In Stage 2: at most |C | steps –Charge 1 to every node in C

44 Analysis: Total Charge V1V1 S 1 < V 1 /2 Every node goes down only one branch Stage 1: Every node is charged  log n times Stage 2: Every node is charged  1 time Total charge: n log n + n = O(n log n) V2V2 S 2 < V 2 /2 < V 1 /4

45 Sharper Analysis For Emerson-Lei: O(dh) For Lockstep: O(n log(dN/n)) –N is number of SCCs With optimization: O(dN’+N) and O((d+h)N’)

46 Complexity Comparison SCC-Hull Symbolic SCC enumeration O(C’n 2 ) complexity O(n log n) O(n 2 ) N’: Number of non-trivial SCCs

47 Counterexamples Symbolic SCC enumeration algorithms –Only one fair SCC –Shortest prefix can be generated with onion rings SCC hull algorithms –counterexample procedure depends on the computed hull i.e., location of fair SCCs

48 Counterexamples Length of counterexample depends on the SCC hull

49 Summary SCC-hull algorithms Symbolic SCC enumeration algorithms –Lockstep Performance depends on –N, N’, d, h, C’ –Number of fair SCCs, location of the fair SCCs –BDD factors?

50 Outline Motivation Introduction Fair cycle algorithms –A general framework Lockstep algorithm  How do the different algorithms fare? Conclusions

51 Experiments Implemented 5 algorithms in COSPAN –Emerson-Lei, Hojati/Kesten, Hojati/Hardin, IXB, Lockstep Measured time, number of steps, length of counter-examples

52 Experiments: No Fair Cycles

53 Experiments: Fair Cycles

54 Experiments: Length of Counterexamples

55 Experiments: Summary Emerson-Lei seems no worse than others IXB, Lockstep designed to produce short counterexamples BDDs play a large role in actual performance

56 On-The-Fly Lockstep For example WV: –Lockstep takes 5779 s –The fair path is very short: (3,2) –One (large) SCC is examined Stop as soon as B(v)  F(v) intersects all fair sets –A fair cycle is guaranteed in B(v)  F(v)

57 Outline Motivation Introduction Fair cycle algorithms –A general framework Lockstep algorithm How do the different algorithms fare?  Conclusions

58 Conclusions Compared various symbolic algorithms –provided a classification, generalized some algorithms Studied performance with experiments Future work –Forward vs. Backward, BDD effects –Streett acceptance –Hybrid algorithms?

59 Conclusions n log n symbolic algorithm for –SCC decomposition, –Büchi emptiness, –Streett emptiness, measured in images/preimages Improves n 2 previously known bounds When measured more sharply: Lockstep incomparable with EL

60 Conclusions Lockstep useful for counterexample generation Future work: parallelizing algorithms that change transition relation or even use extra variables

Download ppt "Fair Cycle Detection: A New Algorithm and a Comparative Study Fabio Somenzi University of Colorado at Boulder."

Similar presentations

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.
Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
Introduction to Algorithms Quicksort

Introduction to Algorithms Quicksort
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Lecture 24 MAS 714 Hartmut Klauck

Lecture 24 MAS 714 Hartmut Klauck
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.

François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.
Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.

Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.
CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.

CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
SYMBOLIC MODEL CHECKING: 10 20 STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.

SYMBOLIC MODEL CHECKING: STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.
CS 267: Automated Verification Lecture 7: SMV Symbolic Model Checker, Partitioned Transition Systems, Counter-example Generation in Symbolic Model Checking.

CS 267: Automated Verification Lecture 7: SMV Symbolic Model Checker, Partitioned Transition Systems, Counter-example Generation in Symbolic Model Checking.
Search Strategies Reading: Russell’s Chapter 3 1.

Search Strategies Reading: Russell’s Chapter 3 1.
Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking.

Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking.
Review of topics Final exam : -May 2nd to May 7 th - Projects due on May 7th.

Review of topics Final exam : -May 2nd to May 7 th - Projects due on May 7th.

Similar presentations

Ads by Google