Extending Symmetry Reduction Techniques to a Realistic Model of Computation

1
Extending Symmetry Reduction Techniques to a
Realistic Model of Computation

• Alastair Donaldson
• and
• Alice Miller
• Department of Computing Science,
• University of Glasgow

2
Outline

• Overview of symmetry reduced model checking
• The constructive orbit problem (COP)
• Strategies to solve COP for simple model of
  computation
• Symmetry reduction in practice (TopSPIN)
• Extending to realistic model of computation
  (COPR)
• Experimental results
• Conclusions Future work

3
Symmetry reduced model checking
Model M (Kripke structure)
Specification (Promela)
symmetry reduction (under G)
Quotient model M
If f is invariant under G, then M f iff M f
4
2 problems

• How to find symmetry group G
• (symmetry detection)
• How to construct quotient model M
• (symmetry reduction)

5
Symmetry detection in a nutshell
Extract static channel diagram (SCD) using
SymmExtractor
system (e.g. DSC)
Promela spec
Compute valid elements using GAP
Find (generators) of symmetry group of SCD using
saucy
a,b,c,d,
G a group of automorphisms of model
6
Exploiting Symmetry
How do we choose rep(t) on-the-fly?

• Depth first search with symmetry

Suppose rep(s) selects a unique representative of
the orbit of s under symmetry group
reached rep(initial) unexplored
rep(initial) while unexplored ? ? remove s
from unexplored for each successor t of s
if rep(t) ? reached add rep(t) to reached
add rep(t) to unexplored end if end
for end while
reached initial unexplored initial
while unexplored ? ? remove s from
unexplored for each successor t of s if t ?
reached add t to reached add t to
unexplored end if end for end while
Take rep(s) minsG the smallest state
equivalent to s
7
The Constructive Orbit Problem (COP)simple model
of computation

• Use simple view of states
• Local state of each component represented by
  integer
• e.g. s (8,6,7)
• If ? (1 2 3) then ?(s) (7,8,6)
• Use lexicographical ordering on vectors

Constructive Orbit Problem For a state s and
group G, compute minsG. NP-hard (Jha, 1996)
8
Strategies to solve COP

• Enumeration
• Most obvious strategy to find minsG
• Evaluate a(s) for all a ?G and return smallest.
• small groups
• GSn nifty optimisation (SymmSpin)
• compose successive transpositions
• Actually if GSn can use sorting anyway

9
2. Minimising Sets

• If G ?Sm, mltn. E.g. DSC

Subroup H permutes server components with
associated blocks of client components.
10
Minimising sets cont.

• A minimising set X of G is a subset of G such
  that to minimise any s, have only to enumerate
  over X
• If G? Sm then (under certain conditions) there is
  a minimising set X for G of size m!
• Since X much smaller than G, much faster

11
4. Exploiting composite symmetry groups

• G a disjoint product if
• H1, H1, , Hk subgroups of G and
• G a1a2ak ai ? Hi
• Hi and Hj move different elements, i ? j
• Say G H1. H1. . Hk
• Can solve COP by considering each Hi in turn and
  composing

12
Example

• (unbalanced) DSC

decomposes into disjoint product H1.H2

• H1 permutes first 3 servers, with clients
• H2 permutes the clients of 4th server

13
Wreath products

• See definition in FM06!
• Typical when system has tree structure
• Showed similar result here can find minimal
  elements wrt components, and compose
• Have methods to detect direct and Wreath products

14
Example

• (unbalanced) DSC

G decomposes into disjoint product H1.H2

• H1 decomposes into wreath product H K where
• K permutes 3 servers and maps associated clients
  (this is the S3 we met before!)
• H permutes the clients of first server

?
15
Choosing a strategy
input G
Yes, Xminimising set
XG Minimising set?
find minSX compose If necessary
no
Yes- input factors
decomposes?
no
yes
G small?
no
Local search
16
Symmetry reduction in practice -TopSPIN
Directed saucy
Promela source code
SymmExtractor
GAP
a,ß,?,d,
Generators of Aut(SCD)
G
Static channel diagram SCD
Largest valid subgroup of Aut(SCD)
Generate verifier using SPIN
Use GAP to classify structure of G
Adjust verifier to incorporate symmetry reduction
strategy
Minimising set Enumerate Local search
pan.c
sympan.c
Reduction strategy for G
gcc
gcc
pan.exe
execute
sympan.exe
Similar approach used by SymmSpin package
(Bosnacki et al. 2004)
M f or counterexample
MG f or counterexample
17
Extending to realistic model of computation

• For every component every state contains value of
  
• Local state
• Variables referencing other components
• E.g. telephone system partnerid
• state has control and reference parts
• Define projection mappings ctrl, and ref
  projecting state s onto control and reference
  parts
• Finding orbit representative harder in this case
  COPR

18
Solving COPR (finding minsG in this case)

• Find t in orbit of s with minimal control part
  (using COP strategy)
• Enumerate over smaller group G? where
• G? stabG(seg(t))

• Generalisation of segmented strategy, SymmSpin
• Could just use t (multiple reps). Faster but
  less state reduction

19
Experimental results for email models
20
ConclusionsFuture Work

• Have proposed strategies for tackling COPR
• Applied techniques from CGT
• Implemented within TopSPIN
• Currently
• - improving efficiency of enumeration over G'