Presentation is loading. Please wait.

Presentation is loading. Please wait.

General Techniques for Symmetry Reduction in Model Checking Alastair Donaldson Alice Miller Department of Computing Science University of Glasgow.

Published byPhilomena Anthony Modified over 8 years ago

Similar presentations

Presentation on theme: "General Techniques for Symmetry Reduction in Model Checking Alastair Donaldson Alice Miller Department of Computing Science University of Glasgow."— Presentation transcript:

1 General Techniques for Symmetry Reduction in Model Checking Alastair Donaldson Alice Miller Department of Computing Science University of Glasgow

2 Model Checking System design or code Requirements Finite state model M Set of logical properties Model checker M |= φ ? for each property φ No Yes √ ? manual automatic

3 Model Written in High Level Language byte tok = 1; active [2] proctype user() { byte state = N; do :: (state == N) -> state = T :: (state == T) && (tok == _pid) -> state = C :: (state == C) -> state = N; if :: tok = 1 :: tok = 2 fi od }

4 Symmetry Reduction: Example N 1 N 2 tok=1 N 1 N 2 tok=2 N 1 T 2 tok=1 T 1 N 2 tok=2 T 1 N 2 tok=1 N 1 T 2 tok=2 T 1 T 2 tok=1 T 1 T 2 tok=2 C 1 N 2 tok=1 N 1 C 2 tok=2 C 1 T 2 tok=1 T 1 C 2 tok=2 N 1 N 2 tok=1 N 1 T 2 tok=1 T 1 N 2 tok=1 T 1 T 2 tok=1 C 1 N 2 tok=1 C 1 T 2 tok=1 State-graphReduced state-graph

5 Symmetry Reduction – Informally  Symmetry partitions state-space into equivalence classes  Knowledge of symmetry  search only 1 state per equivalence class  Need techniques for: Symmetry detection Efficient exploitation of symmetry  Ideally both should be fully automatic This talk

6 TopSPIN Promela source code G Symmetry group for state-space Symmetry reduction strategy for G, based on group structure Minimising set Enumerate Local search… pan.c sympan.c SymmExtractor Generate verifier using SPIN Use GAP to classify structure of G Adjust verifier to incorporate symmetry reduction strategy pan.exe M |= φ or counter example gcc execute sympan.exe gcc M G |= φ or counter example Based on approach used by SymmSpin (Bosnacki et. al 2002)

7 Model Checking With Symmetry  Suppose we have magic function, rep : S → S  Encounter state s Is rep(s) in reached? Yes: backtrack No: add rep(s) to reached & explore successors of rep(s) Standard approach: take rep(s) to be smallest state in equivalence class Represent state as tuple of local states, e.g. (A,A,B) Total ordering on states follows

8 Obvious Approach  Given s, consider σ(s) for all σ  G  Choose smallest σ(s) as rep(s)  If |G| = 10 this is fine  If |G| = 10! > 3,000,000 this is bad

9 The Orbit Problem  Constructive orbit problem (COP) – compute smallest state in equivalence class of s under G  NP-hard [Jha 1996]  However, for many classes of group, COP can be solved in polynomial time  The function rep can be approximate – representatives don’t have to be unique

10 Easy Groups: Small  N processes  |G| < N 2  Enumerate  Could use bound f(N) for some +ve valued polynomial f

11 Easy Groups: Fully Symmetric  Largest kind of groups  N processes, |S N |=N!  Compute representative by sorting state  Example: Local states A, B, C with A < B < C. 5 processes. s = (C,B,B,A,B) rep(s) = (A,B,B,B,C)  Sorting is easy! This can be generalised

12 Easy Groups: Disjoint Products  M+N processes  G = S {1,…,M}. S {M+1,…,M+N}  Sort both sections Suppose M = N = 5 s = (B,A,A,C,B|A,C,B,A,A) rep(s) = (A,A,B,B,C|A,A,A,B,C)  This generalises Based on Jha 1996

13 Easy Groups: Wreath Products  Example s = (A,B,A|B,C,B|C,A,A|A,A,A) (A,A,B|B,B,C|A,A,C|A,A,A) rep(s) = (A,A,A|A,A,B|A,A,C|B,B,C)  This generalises Based on Jha 1996

14 Classifying a Group G  Small groups / fully symmetric groups Easy to detect  Disjoint products: Construct equivalence relation on generators Factors of product generated by equivalence classes  Wreath products: Look at maximal block systems of G restricted to individual orbits  Classify G using a recursive algorithm

15 Local Search for Unclassifiable Groups orbit of s s G = t u          min  5d Hypercube |G|=3840 No reduction: 9.6 x 10 6 states, 2965 s Full reduction: 3907 states, 5241 s Local search: 90442 states, 946 s

16 Summary  Symmetry techniques aim to improve model checkers  Challenges: detecting & exploiting symmetries  Group structure can lead to efficient exploitation  Computational group theory can help find structure  Local search can be applied as an approximate strategy

17 References  A.F. Donaldson and A. Miller – Automatic Symmetry Detection for Model Checking Using Compuataional Group Theory (FM’05)  A.F. Donaldson and A. Miller – A Computational Group Theoretic Symmetry Reduction Package for the SPIN Model Checker (AMAST’06)  S. Jha – Symmetry and Induction in Model Checking (PhD Thesis 1996)

Download ppt "General Techniques for Symmetry Reduction in Model Checking Alastair Donaldson Alice Miller Department of Computing Science University of Glasgow."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.

Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
Triangle partition problem Jian Li Sep,2005.  Proposed by Redstar in Algorithm board in Fudan BBS.  Motivated by some network design strategy.

Triangle partition problem Jian Li Sep,2005.  Proposed by Redstar in Algorithm board in Fudan BBS.  Motivated by some network design strategy.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Lecture 24 MAS 714 Hartmut Klauck

Lecture 24 MAS 714 Hartmut Klauck
CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Optimizing Join Enumeration in Transformation-based Query Optimizers ANIL SHANBHAG, S. SUDARSHAN IIT BOMBAY VLDB 2014

Optimizing Join Enumeration in Transformation-based Query Optimizers ANIL SHANBHAG, S. SUDARSHAN IIT BOMBAY VLDB 2014
Probabilistic Planning (goal-oriented) Action Probabilistic Outcome Time 1 Time 2 Goal State 1 Action State Maximize Goal Achievement Dead End A1A2 I A1.

Probabilistic Planning (goal-oriented) Action Probabilistic Outcome Time 1 Time 2 Goal State 1 Action State Maximize Goal Achievement Dead End A1A2 I A1.
Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.

Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.
The Volcano/Cascades Query Optimization Framework

The Volcano/Cascades Query Optimization Framework
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
PSWLAB S PIN Search Algorithm from “THE SPIN MODEL CHECKER” by G Holzmann Presented by Hong,Shin 9 th Nov 2007 2015-05-071SPIN Search Algorithm.

PSWLAB S PIN Search Algorithm from “THE SPIN MODEL CHECKER” by G Holzmann Presented by Hong,Shin 9 th Nov SPIN Search Algorithm.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
02/01/11CMPUT 671 Lecture 11 CMPUT 671 Hard Problems Winter 2002 Joseph Culberson Home Page.

02/01/11CMPUT 671 Lecture 11 CMPUT 671 Hard Problems Winter 2002 Joseph Culberson Home Page.
Weizmann Institute Deciding equality formulas by small domain instantiations O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel.

Weizmann Institute Deciding equality formulas by small domain instantiations O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel.
Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.

Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.
28/6/05 ICFI05 1 A generic approach for the automatic verification of featured, parameterised systems Alice Miller and Muffy Calder University of Glasgow.

28/6/05 ICFI05 1 A generic approach for the automatic verification of featured, parameterised systems Alice Miller and Muffy Calder University of Glasgow.
Algorithms and Problem Solving-1 Algorithms and Problem Solving.

Algorithms and Problem Solving-1 Algorithms and Problem Solving.

Similar presentations

Ads by Google