Large Scale External Directed Liveness Checking - PowerPoint PPT Presentation

About This Presentation
Title:

Large Scale External Directed Liveness Checking

Description:

An exhausting exploration of the state space. Problem: How to cope with large state spaces that ... Workload transferred in bulks rather than individual states. ... – PowerPoint PPT presentation

Number of Views:26
Avg rating:3.0/5.0
Slides: 26
Provided by: sha8155
Category:

less

Transcript and Presenter's Notes

Title: Large Scale External Directed Liveness Checking


1
Large Scale External Directed Liveness Checking
  • Stefan Edelkamp
  • Shahid Jabbar
  • Computer Science Department
  • University of Dortmund, Dortmund, Germany

2
Model Checking
  • Given
  • A model of a system.
  • A specification property
  • Model Checking Problem Does the system satisfy
    the property ?
  • An exhausting exploration of the state space.
  • Problem How to cope with large state spaces that
    do not fit into the main memory?
  • In Practice successes in finding bugs.

3
Directed Model Checking (Edelkamp, Leue,
Lluch-Lafuente, 2004)
  • A guided search in the state space.
  • Usually by some heuristic estimate.
  • Only promising states are explored.
  • Under certain conditions proved to be optimal.
  • Short error trails
  • Better for human comprehension
  • Problem The inevitable demands of the model ..
    Space, space and space.

4
A Algorithm
  • A heuristic estimate is used to guide the search.
  • E.g. Straight line distance from the current node
    to the goal in case of a graph with a geometric
    layout.
  • Problems
  • A needs to store all the states during
    exploration.
  • A generates large amount of duplicates that can
    be removed using an internal hash table only if
    it can fit in the main memory.
  • A do not exhibit any locality of expansion. For
    large state spaces, standard virtual memory
    management can result in excessive page faults.

5
Problem with the Virtual Memory
Virtual Address Space
0x000000
Memory Page
0xFFFFFF
6
External Memory Model (Aggarwal and Vitter)
If the input size is very large, running time
depends on the I/Os rather than on the number of
instructions.
M
Scan(N) O(N / B) Sort(N) O(N/B log M/B N/B)
Input of size N and N gtgt M
7
External BFS (Munagala Ranade)
I Remove Duplicates by sorting the nodes
according to the indices and doing an scan and
compaction phase.
II Subtract layers t and t1 from t2.
8
Set A (Jensen, Veloso, Bryant 2000)
h
  • Consistent
  • heuristic
  • estimates.
  • gt ?h -1,0,1,

0 1 2 3 4 5 6






0
1
2
3
4
5
A Bucket !!
g
9
External A Edelkamp, Jabbar, and Schroedl,
2004
  • Buckets represent temporal locality cache
    efficient order of expansion.
  • If we store the states in the same bucket
    together we can exploit the spatial locality.
  • Munagala and Ranades BFS and Korfs delayed
    duplicate detection for implicit graphs.

External A
10
External Search For Model Checking Jabbar and
Edelkamp VMCAI 05
  • Uses Harddisk to store the state space divided
    in the form of Buckets.
  • Implemented on top of SPIN model checker.
  • Promising Largest exploration so far took 20
    GB much larger than even the address limits of
    most computers.
  • Pause and Resume support Can add more
    harddisks.
  • Problems
  • Slow duplicate detection phase
  • Internal Processing Time gtgt External I/O time

11
External Parallel DMC Jabbar and Edelkamp VMCAI
06
  • Internal work distributed over multiple
    processors might even be separate machines
    connected over a network.
  • Inter-process communications through simple
    files.
  • Workload transferred in bulks rather than
    individual states.
  • Promising Almost a linear speed-up on
    multiple-processors machines.

12
Liveness Property
  • Search for a cycle that visits an accepting state
    infinitely often.
  • Perform Nested Depth-first search that look for a
    state that is already residing on the stack
    (Holzmann ).

Head of Lasso
Initial State
Accepting State
DFS does not show any locality gt Not Suitable
for External Search!
13
Liveness as Safety (Schuppan and Biere, 2005)
  • Explicitly unroll the lasso.
  • Search for the head again.

Head of Lasso
Head of Lasso
Initial State
Accepting State
14
Liveness as Safety Extended State Description
  • Piggyback the head of lasso on the state and
    search for it!

Start
15
What makes a state, Head of Lasso ?
  • They said Every state! O(V2)
  • We say Only the accepting states! O(V x
    F)

16
Algorithm Heuristic Search for Livenss as Safety
  • Stage 1 For a state (s,s,0), perform a directed
    search for an accepting state s in the
    never-claim.
  • When found
  • Spawn two children
  • (s, s, 1) Head of lasso found!
  • (s, s, 0) Head of lasso not found!
  • Stage 2 For a state (s, s, 1), perform a
    directed search for s.

s might not form a cycle! So keep searching!
17
Heuristics for the first stage Head of the lasso
  • We want to reach an accpeting state in the
    never-claim faster!

Model
Never-claim
HN min?(c,a1), ?(c,a2), ?(c,a3)
? is the shortest path distance between two
states and can be pre-computed.
18
Heuristics for the second stage Close the lasso
  • We want to reach a particular state (in red) in
    both the model and the never-claim from my
    current state (in blue).

Model
Never-claim
c
a1
a2
H maxHN, HM
a3
19
External Directed LTL Model Checking
0 1 2 3 4
Same states in both parts
Arrives at the final state
Arrives again at the same final state
Already seen final state
Current state
20
I/O Complexity
  • External memory algorithms are evaluated on the
    number of I/Os.
  • Expansion Linear I/O O(Scan(V x F))
  • Delayed Duplicate Detection
  • Removing duplicates from the same buffer
  • O(sort(E x F))
  • Subtracting previous levels O(l x Scan(V x
    F)) where l is the length of the found
    counterexample.

I/O Complexity O(sort(ExF) l x
Scan(VxF))
21
LTL Model Checking in 2-Elevator
Expanded Inserted Time Length
I/O-HSF-SPIN External A 2,090,933 2,275,778 1m18s 6734
I/O-HSF-SPIN External BFS 2,642,575 2,827,073 2m3.96s 6734
Transitions Stored Time Length
SPIN 4.2 Nested DFS 33,900 11,149 0m0.064s 109100
SPIN is Fast!
22
LTL Model Checking in SGC Protocol (Zhang, 1999)
Expanded Inserted Time Length
I/O-HSF-SPIN External A 178 369 0m1.318s 155
I/O-HSF-SPIN External BFS 1,343 1,427 0m0.787s 155
Transitions Stored Time Length
SPIN 4.2 Nested DFS 155,963 8,500 1m47s 185
BFS is faster! External A had to flush several
unfilled buffers to the disk
23
LTL Model Checking in 64-Dining Philosphers
Expanded Inserted Time Length
I/O-HSF-SPIN External A 2,298 127,813 0m6.108s 1962
I/O-HSF-SPIN External BFS 2,298 47,118 0m13.549s 1962
SPIN 4.2 Nested DFS -out-of-mem -out-of-mem -out-of-mem -out-of-mem
Several states are inserted but no refinment is
done on them and hence faster
24
Parallel LTL Model Checking in 124-Dining
Philosphers
Time Secondary Memory Length
1 Processor - - -
2 Processors 5m53.96s 4.7 gigabytes 3882
3 Processors 4m7.13s 5.28 gigabytes 3882
Multiple Processors Machine
25
Summary
  • Schuppan and Biere approach gt liveness as
    reachability.
  • Liveness requires searching for an acceptance
    cycle
  • A path to a previously seen state that also
    visits an accepting state.
  • Save a tuple of states.
  • Two new heuristics to accelerate the search.
Write a Comment
User Comments (0)
About PowerShow.com