Automatic symmetry detection techniques for model checking

1
Automatic symmetry detection techniques for model
checking

• Alastair Donaldson
• Alice Miller
• Department of Computing Science
• University of Glasgow

2
Model checking

• Technique for debugging concurrent systems
• Involves exhaustive search of system model
• Useful for finding subtle errors
• Does not scale well

• System has replicated components (symmetry)
• Exploiting symmetry ? faster model checking

• Challenges
• Symmetry detection
• Symmetry reduction

This talk
Future work
3
Model checking process
System design or code
Requirements
manual
Finite state model M
Set of logical properties
for each property f
automatic
Model checker M f ?
Yes
No
v ?
4
Model written in high level language

• byte tok 1
• active 2 proctype user()
• byte state N
• do
• (state N) -gt state T
• (state T) (tok _pid) -gt state
  C
• (state C) -gt state N
• if
• tok 1
• tok 2
• fi
• od

5
High level description ? state-space
N1 N2 tok1
N1 N2 tok2
N1 T2 tok1
T1 N2 tok2
T1 N2 tok1
N1 T2 tok2
T1 T2 tok1
T1 T2 tok2
C1 N2 tok1
N1 C2 tok2
C1 T2 tok1
T1 C2 tok2
6
High level description ? state-space
Taken from A Quantitative Analysis of the
Gnutella Network Traffic Demitris Zeinalipour
and Yazti Theodoros Folias
7
Problem state-space explosion

• Worst case exponential in no. of components
• Size usually approaches worst case!
• Need techniques to combat this

8
Symmetry reduction informally

• System has replicated components

. . . . . . .
. . . . . . .

• Hence state-space has replicated components

Use info about replication to avoid redundant
search
9
Symmetry reduction example
Communication structure
State-graph
Reduced state-graph
N1 N2 tok1
N1 N2 tok2
N1 N2 tok1
user1
N1 T2 tok1
T1 N2 tok1
N1 T2 tok1
T1 N2 tok2
T1 N2 tok1
N1 T2 tok2
tok
T1 T2 tok1
C1 N2 tok1
T1 T2 tok1
T1 T2 tok2
C1 N2 tok1
N1 C2 tok2
user2
C1 T2 tok1
C1 T2 tok1
T1 C2 tok2
10
Symmetry reduction informally

• Symmetry partitions state-space into equivalence
  classes
• Knowledge of symmetry ? search only 1 state per
  equivalence class

• Need techniques for
• Symmetry detection
• Efficient exploitation of symmetry
• Ideally both should be fully automatic

11
Symmetry detection

• What are the symmetries of a state-space?
• Cannot build the state-space then find
  symmetries
• State-space too large
• Defeats point of symmetry reduction!

• Various options
• Symmetry group given by user
• User specifies interchangeable components
• Symmetries automatically inferred from source code

12
Symmetry from communication structure
Correspondence between symmetries of
communication structure symmetries of Kripke
structure
13
Automatic symmetry detection process
Communication structure
Source code proctype P x 4 init
extract
Implemented for Promela
Find symmetries using saucy
We can use G for symmetry reduction
Compute largest possible valid subgroup using GAP
Group G of valid symmetries of state-space G
Aut(Comm)
Symmetry group of comm. structure Aut(Comm)
14
Future work

• Efficient techniques to exploit symmetry
• Incorporating techniqes into SPIN model checker
  user interface
• Comparison with symmetry in other fields

• Detecting partial symmetries
• Symmetry in probablilistic model checking