Shortest%20Violation%20Traces%20in%20Model%20Checking%20Based%20on%20Petri%20Net%20Unfoldings%20and%20SAT - PowerPoint PPT Presentation

About This Presentation
Title:

Shortest%20Violation%20Traces%20in%20Model%20Checking%20Based%20on%20Petri%20Net%20Unfoldings%20and%20SAT

Description:

Shortest Violation Traces in Model Checking Based on Petri Net Unfoldings and SAT ... University of Newcastle upon Tyne. Supported by IST project 2004-511599 (RODIN) 2 ... – PowerPoint PPT presentation

Number of Views:43
Avg rating:3.0/5.0
Slides: 22
Provided by: udo7
Category:

less

Transcript and Presenter's Notes

Title: Shortest%20Violation%20Traces%20in%20Model%20Checking%20Based%20on%20Petri%20Net%20Unfoldings%20and%20SAT


1
Shortest Violation Traces in Model Checking Based
on Petri Net Unfoldings and SAT
  • Victor Khomenko
  • University of Newcastle upon Tyne

2
Shortest violation traces
  • Can be much shorter than the first computed trace
  • Do not contain incidental system activity
    unrelated to the found error
  • Facilitate debugging, saving the designers time

3
Petri net unfolding prefixes
  • Partial-order semantics of PNs
  • Concurrency represented explicitly, using an
    acyclic PN
  • Alleviate the state space explosion problem
  • Efficient model checking algorithms

4
Dining Philosophers
P13
P5
5
Model checking on PN unfoldings
  • A Boolean expression ?? is built using the
    prefix, such that
  • ? is unsatisfiable iff the property holds
  • Every satisfiable assignment of ? gives a
    violation trace
  • ? has a form CONF?VIOL
  • Some of the variables of ? are associated with
    the events of the prefix

6
CONF Causality
  • If an e is executed than its causal predecessors
    are also executed (its enough to require that
    the direct predecessors of e are executed)

7
CONF Conflicts
  • If an e is executed than events in conflict
    cannot be executed (its enough to require that
    the events in direct conflict with e are not
    executed)

8
VIOL Deadlock
  • For every e either
  • some direct predecessor is not executed, or
  • an event in direct conflict has fired, or
  • e itself has fired

9
Computing shortest traces
  • input ? - a Boolean expression
  • output T - a shortest violation trace or UNSAT
  • A ? SAT_Assignment(?)
  • if A UNSAT then T ? UNSAT stop
  • T ? Extract_Trace(A)
  • r ? T l ? 0
  • while l lt r do
  • t ? ?(l r)/2?
  • A ? SAT_Assignment( ? ? Thresholdt )
  • if A UNSAT then l t 1
  • else
  • T ? Extract_Trace(A)
  • r ? T

10
Threshold constraint
  • First build a Boolean circuit and then translate
    it into a boolean expression (linear translation
    is possible by adding new variables)
  • Try to minimize the changes in the circuit if the
    threshold changes good for incremental SAT

O(log n)
11
Implementation of the counter
Size (if n is a power of 2) 4n 2 log2n 4
auxiliary variables 16n 10 log2n 16
clauses 52n 36 log2n 52 literals
  • Linear translation
  • Large multiplicative constants

12
Exploiting conflicts
  • Events in a conflict cluster are mutually
    exclusive
  • An ?-gate can be used as a counter

13
Implementation of the counter
  • Significant gains if
  • the number of
  • clusters is much
  • smaller than the
  • number of events
  • Need to partition
  • the prefix into the
  • minimum number
  • of conflict clusters
  • An NP-complete
  • problem (reduction
  • from partition into
  • cliques)
  • A greedy algorithm can be used in practice

14
Exploiting causality
  • If an event in a cluster has fired, some event in
    a preceding cluster has also fired
  • If Cl1ltCl2ltltCln, then the outputs of the
    corresponding ?-gates are ordered

15
Implementation of the counter
  • A sort-adder is simpler than a conventional one!

n
16
Partitioning into chains of clusters
  • Gains if the number of ordered chains of clusters
    is small
  • Need to partition the conflict clusters into the
    minimum number of ordered chains
  • The problem can be reduced to maximum matching in
    bipartite graphs and solved in polynomial time,
    but this might be inefficient due to the need to
    work with an implicitly represented graph
  • A greedy algorithm can be used in practice

17
Experimental results
  • The first computed violation trace can be much
    longer than a shortest one computing shortest
    violation traces can indeed greatly facilitate
    the debugging process
  • The number of conflict clusters is by many orders
    of magnitude smaller than the number of events
    significant reductions in the size of threshold
    constraint

18
The ideal case
  • If the adder tree can be implemented as a single
    ?-gate
  • 1 (rather than 4n 2 log2n 4) auxiliary
    variables
  • n1 (rather than 16n 10 log2n 16) clauses
  • 3n1 (rather than 52n 36 log2n 52) literals
  • Improvement ratios for n??
  • variables ?
  • clauses 16
  • literals 17?

19
Experimental results variables
20
Experimental results clauses
21
Experimental results literals
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Shortest%20Violation%20Traces%20in%20Model%20Checking%20Based%20on%20Petri%20Net%20Unfoldings%20and%20SAT" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!