Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Towards a General Approach for Symbolic Model-Checker Prototyping

290 views

Published on

We propose a novel approach to prototype and create symbolic model-checkers. Our approach focuses on providing a high level abstraction above Decision Diagrams. It allows the model-checker creator to start from a high level formal semantics and to define an efficient Decision Diagram based model-checker.

Published in: Science
  • Be the first to comment

  • Be the first to like this

Towards a General Approach for Symbolic Model-Checker Prototyping

  1. 1. Towards a General Approach for Symbolic Model-Checker Prototyping Edmundo López Bóbeda, Maximilien Colange, Didier Buchs Wednesday, September 24th 2014 - Enschede, Netherlands 1
  2. 2. Your awesome DSL 2
  3. 3. Your awesome DSL Abstract semantics 2
  4. 4. Your awesome DSL Abstract semantics Symbolic Model checker 2
  5. 5. Your awesome DSL Abstract semantics 3
  6. 6. Your awesome DSL Abstract semantics Existing Symbolic Model checker 3
  7. 7. Your awesome DSL Abstract semantics Translation Existing Symbolic Model checker 3
  8. 8. Your awesome DSL Abstract semantics Translation Existing Symbolic Model checker 4
  9. 9. Your awesome DSL Translation Existing Symbolic Model checker 4
  10. 10. Your awesome DSL Translation Existing Symbolic Model checker 4
  11. 11. Your awesome DSL Existing Symbolic Model checker 4 }Too much work! Translation
  12. 12. Your awesome DSL Existing Symbolic Model checker 4 }Too much work! Translation high level data structures
  13. 13. Your awesome DSL Existing Symbolic Model checker 4 }Too much work! Translation high level data structures custom operations
  14. 14. Your awesome DSL Existing Symbolic Model checker 4 }Too much work! Translation high level data structures custom operations rich data types
  15. 15. Your awesome DSL Existing Symbolic Model checker 4 }Too much work! Translation high level data structures custom operations rich data types low level
  16. 16. Your awesome DSL Existing Symbolic Model checker 4 }Too much work! Translation high level data structures custom operations rich data types low level fixed primitives operations
  17. 17. Your awesome DSL Abstract semantics Translation Set rewriting Translation Decision diagrams 5
  18. 18. Your awesome DSL Abstract semantics approach {Our Translation Translation Set rewriting Decision diagrams 5
  19. 19. Your awesome DSL Abstract semantics approach {Our Translation Translation Set rewriting Decision diagrams 5 }Our contribution
  20. 20. Abstract semantics In context 6 Your awesome DSL Abstract semantics Translation Set rewriting Translation Decision diagrams
  21. 21. Abstract semantics In context • High level representation 6 Your awesome DSL Abstract semantics Translation Set rewriting Translation Decision diagrams
  22. 22. Abstract semantics In context • High level representation • Suitable for humans 6 Your awesome DSL Abstract semantics Translation Set rewriting Translation Decision diagrams
  23. 23. Abstract semantics Variable assignation 7 s hB := c, si ! s[B = k/B = c]
  24. 24. Abstract semantics Variable assignation • Let s be a state of a system 7 s hB := c, si ! s[B = k/B = c]
  25. 25. Abstract semantics Variable assignation • Let s be a state of a system • s = {A = k1, B = k2, …} 7 s hB := c, si ! s[B = k/B = c]
  26. 26. Abstract semantics Variable assignation • Let s be a state of a system • s = {A = k1, B = k2, …} • k, k1, k2, c ∈ 퓝 7 s hB := c, si ! s[B = k/B = c]
  27. 27. Abstract semantics Variable assignation • Let s be a state of a system • s = {A = k1, B = k2, …} • k, k1, k2, c ∈ 퓝 • A, B, etc variable names 7 s hB := c, si ! s[B = k/B = c]
  28. 28. Set rewriting In context 8 Your awesome DSL Abstract semantics Translation Set rewriting Translation Decision diagrams
  29. 29. Set rewriting In context • Rewriting and strategies 8 Your awesome DSL Abstract semantics Translation Set rewriting Translation Decision diagrams
  30. 30. Set rewriting In context • Rewriting and strategies • Good semantic framework [Martí-Oliet & Meseguer 1993] 8 Your awesome DSL Abstract semantics Translation Set rewriting Translation Decision diagrams
  31. 31. Set rewriting In context • Rewriting and strategies • Good semantic framework [Martí-Oliet & Meseguer 1993] • Operational semantics 8 Your awesome DSL Abstract semantics Translation Set rewriting Translation Decision diagrams
  32. 32. Set rewriting A state • Variables • var(A, 0, var(B, 2, var(C, 3, empty))) 9
  33. 33. Set rewriting Operational semantics / Variable Assignation s hB := c, si ! s[B = k/B = c] 10
  34. 34. Set rewriting Operational semantics / Variable Assignation s hB := c, si ! s[B = k/B = c] • var(A, 0, var(B, 2, var(C, 3, empty))) 10
  35. 35. Set rewriting Operational semantics / Variable Assignation s hB := c, si ! s[B = k/B = c] • var(A, 0, var(B, 2, var(C, 3, empty))) • var(B, $x, $s) ⤳ var(B, c, $s), k ∈ 퓝 10
  36. 36. Set rewriting Operational semantics / Variable Assignation s hB := c, si ! s[B = k/B = c] • var(A, 0, var(B, 2, var(C, 3, empty))) • var(B, $x, $s) ⤳ var(B, c, $s), k ∈ 퓝 • Problem: 10
  37. 37. Set rewriting Operational semantics / Variable Assignation s hB := c, si ! s[B = k/B = c] • var(A, 0, var(B, 2, var(C, 3, empty))) • var(B, $x, $s) ⤳ var(B, c, $s), k ∈ 퓝 • Problem: • Non determinism ⇒ performance hit, ambiguity 10
  38. 38. Rewriting strategies Goal • Introduced in ELAN [Borovanský et al.1996] 11
  39. 39. Rewriting strategies Goal • Introduced in ELAN [Borovanský et al.1996] • Control rewriting 11
  40. 40. Rewriting strategies Goal • Introduced in ELAN [Borovanský et al.1996] • Control rewriting • Avoid ambiguity 11
  41. 41. Rewriting strategies Goal • Introduced in ELAN [Borovanský et al.1996] • Control rewriting • Avoid ambiguity • Improve speed 11
  42. 42. Rewriting strategies What are they Rewrite rules 12
  43. 43. Rewriting strategies What are they Strategies Rewrite rules 12
  44. 44. Rewriting strategies Basic strategy • Basic strategy (A list of rewrite rules) 13
  45. 45. Rewriting strategies Basic strategy • Basic strategy (A list of rewrite rules) • Application to root term only 13
  46. 46. Rewriting strategies Basic strategy • Basic strategy (A list of rewrite rules) • Application to root term only • The first applicable rule is applied 13
  47. 47. Rewriting strategies Basic strategy • Basic strategy (A list of rewrite rules) • Application to root term only • The first applicable rule is applied • Otherwise, fail 13
  48. 48. Rewriting strategies Other useful strategies 14
  49. 49. Rewriting strategies Other useful strategies • Identity[t] = t 14
  50. 50. Rewriting strategies Other useful strategies • Identity[t] = t • Fail[t], always fails 14
  51. 51. Rewriting strategies Other useful strategies • Identity[t] = t • Fail[t], always fails • (S1 orElse S2)[t] = S1[t], or S2[t] if S1[t] fails • Conditional application of strategies 14
  52. 52. Rewriting strategies Other useful strategies • Identity[t] = t • Fail[t], always fails • (S1 orElse S2)[t] = S1[t], or S2[t] if S1[t] fails • Conditional application of strategies • (S1 andThen S2)[t] = S2[S1[t]] • Sequential composition of strategies 14
  53. 53. Rewriting strategies Other useful strategies • Identity[t] = t • Fail[t], always fails • (S1 orElse S2)[t] = S1[t], or S2[t] if S1[t] fails • Conditional application of strategies • (S1 andThen S2)[t] = S2[S1[t]] • Sequential composition of strategies • Subtermk(S)[f(t1, …, tn)] = f(t1, …, S(tk), …, tn) • Apply strategy to subterm 14
  54. 54. Set rewriting Operational semantics / Variable Assignation s hB := c, si ! s[B = k/B = c] 15
  55. 55. Set rewriting Operational semantics / Variable Assignation s hB := c, si ! s[B = k/B = c] • var(A, 0, var(B, 2, var(C, 3, empty))) 15
  56. 56. Set rewriting Operational semantics / Variable Assignation s hB := c, si ! s[B = k/B = c] • var(A, 0, var(B, 2, var(C, 3, empty))) • assignK = { var(B, $x, $s) ⤳ var(B, c, $s) } 15
  57. 57. Set rewriting Operational semantics / Variable Assignation s hB := c, si ! s[B = k/B = c] • var(A, 0, var(B, 2, var(C, 3, empty))) • assignK = { var(B, $x, $s) ⤳ var(B, c, $s) } • applyToB(S) = S orElse (Subterm3(applyToB(S))) 15
  58. 58. Set rewriting Operational semantics / Variable Assignation s hB := c, si ! s[B = k/B = c] • var(A, 0, var(B, 2, var(C, 3, empty))) • assignK = { var(B, $x, $s) ⤳ var(B, c, $s) } • applyToB(S) = S orElse (Subterm3(applyToB(S))) • transition = applyToB(assignK) 15
  59. 59. Set rewriting Operational semantics / Variable Assignation s hB := c, si ! s[B = k/B = c] assignK = { var(B, $x, $s) ⤳ var(B, c, $s) } applyToB(S) = S orElse (Subterm3(applyToB(S))) transition = applyToB(assignK) 16
  60. 60. Set rewriting Set extension • In practice • Strategies and rewrite rules applied to sets of terms • Allow also to describe model checking computation 17
  61. 61. Set rewriting Set extension 18
  62. 62. Set rewriting Set extension • Natural extension • S[{t1, …, tn}] = {S[t1], …, S[tn]} 18
  63. 63. Set rewriting Set extension • Natural extension • S[{t1, …, tn}] = {S[t1], …, S[tn]} • Set strategies, T = {t1, …, tn} • Union(S1, S2)[T] = S1[T] U S2[T], if both succeed • Fixpoint(S)[T] = μT.S[T] 18
  64. 64. Set rewriting Computing state space 19
  65. 65. Set rewriting Computing state space 19 s hB := c, si ! s[B = k/B = c] transition1 = …
  66. 66. Set rewriting Computing state space 19 s hB := c, si ! s[B = k/B = c] transition1 = … semantic formula 2 transition2 = …
  67. 67. Set rewriting Computing state space 19 s hB := c, si ! s[B = k/B = c] transition1 = … semantic formula 2 transition2 = … …
  68. 68. Set rewriting Computing state space 19 s hB := c, si ! s[B = k/B = c] transition1 = … semantic formula 2 transition2 = … … semantic formula n transitionn = …
  69. 69. Set rewriting Computing state space 19 s hB := c, si ! s[B = k/B = c] transition1 = … semantic formula 2 transition2 = … … semantic formula n transitionn = … calculateSS = Fixpoint(Union(transition1, transition2, …, transitionn))
  70. 70. Set rewriting Saturation: For connaisseurs 20
  71. 71. Set rewriting Saturation: For connaisseurs • Well known DD optimization technique 20
  72. 72. Set rewriting Saturation: For connaisseurs • Well known DD optimization technique • Apply local fixpoint in order to reduce peak effect 20
  73. 73. Set rewriting Saturation: For connaisseurs • Well known DD optimization technique • Apply local fixpoint in order to reduce peak effect • Satn(S) = (Subtermn(Satn(S)) orElse FixPoint(S)) andThen Fixpoint(S) 20
  74. 74. Set rewriting Saturation: For connaisseurs • Well known DD optimization technique • Apply local fixpoint in order to reduce peak effect • Satn(S) = (Subtermn(Satn(S)) orElse FixPoint(S)) andThen Fixpoint(S) var(A, 1, var(B, 2, var(C, 0, empty ))) 20
  75. 75. Set rewriting Saturation: For connaisseurs • Well known DD optimization technique • Apply local fixpoint in order to reduce peak effect • Satn(S) = (Subtermn(Satn(S)) orElse FixPoint(S)) andThen Fixpoint(S) var(A, 1, var(B, 2, var(C, 0, empty ))) 20
  76. 76. Set rewriting Saturation: For connaisseurs • Well known DD optimization technique • Apply local fixpoint in order to reduce peak effect • Satn(S) = (Subtermn(Satn(S)) orElse FixPoint(S)) andThen Fixpoint(S) var(A, 1, var(B, 2, var(C, 0, empty ))) 20
  77. 77. Set rewriting Saturation: For connaisseurs • Well known DD optimization technique • Apply local fixpoint in order to reduce peak effect • Satn(S) = (Subtermn(Satn(S)) orElse FixPoint(S)) andThen Fixpoint(S) var(A, 1, var(B, 2, var(C, 0, empty ))) 20
  78. 78. Set rewriting Saturation: For connaisseurs • Well known DD optimization technique • Apply local fixpoint in order to reduce peak effect • Satn(S) = (Subtermn(Satn(S)) orElse FixPoint(S)) andThen Fixpoint(S) var(A, 1, var(B, 2, var(C, 0, empty ))) 20
  79. 79. Set rewriting Saturation: For connaisseurs • Well known DD optimization technique • Apply local fixpoint in order to reduce peak effect • Satn(S) = (Subtermn(Satn(S)) orElse FixPoint(S)) andThen Fixpoint(S) var(A, 1, var(B, 2, var(C, 0, empty ))) 20
  80. 80. Set rewriting Saturation: For connaisseurs • Well known DD optimization technique • Apply local fixpoint in order to reduce peak effect • Satn(S) = (Subtermn(Satn(S)) orElse FixPoint(S)) andThen Fixpoint(S) var(A, 1, var(B, 2, var(C, 0, empty ))) 20
  81. 81. Set rewriting Saturation: For connaisseurs • Well known DD optimization technique • Apply local fixpoint in order to reduce peak effect • Satn(S) = (Subtermn(Satn(S)) orElse FixPoint(S)) andThen Fixpoint(S) var(A, 1, var(B, 2, var(C, 0, empty ))) 20
  82. 82. Set rewriting Saturation: For connaisseurs • Well known DD optimization technique • Apply local fixpoint in order to reduce peak effect • Satn(S) = (Subtermn(Satn(S)) orElse FixPoint(S)) andThen Fixpoint(S) var(A, 1, var(B, 2, var(C, 0, empty ))) 20
  83. 83. Set rewriting Saturation: For connaisseurs • Well known DD optimization technique • Apply local fixpoint in order to reduce peak effect • Satn(S) = (Subtermn(Satn(S)) orElse FixPoint(S)) andThen Fixpoint(S) var(A, 1, var(B, 2, var(C, 0, empty ))) 20
  84. 84. Set rewriting Saturation: For connaisseurs • Well known DD optimization technique • Apply local fixpoint in order to reduce peak effect • Satn(S) = (Subtermn(Satn(S)) orElse FixPoint(S)) andThen Fixpoint(S) var(A, 1, var(B, 2, var(C, 0, empty ))) 20
  85. 85. Decision Diagrams In context • Fast • Large state spaces • Suitable for model checking 21 Your awesome DSL Abstract semantics Translation Set rewriting Translation Decision diagrams
  86. 86. The idea is that you never have to think in terms of DD again… so we won’t talk about them :-) 22
  87. 87. Implementation • We have a tool that implements the approach 23
  88. 88. Implementation • We have a tool that implements the approach • Stratagem http://sourceforge.net/projects/stratagem-mc/ (written in Java and Scala) 23
  89. 89. Implementation • We have a tool that implements the approach • Stratagem http://sourceforge.net/projects/stratagem-mc/ (written in Java and Scala) • ~3700 lines of Scala code (DD and Strategies engine) 23
  90. 90. Implementation • We have a tool that implements the approach • Stratagem http://sourceforge.net/projects/stratagem-mc/ (written in Java and Scala) • ~3700 lines of Scala code (DD and Strategies engine) • Java code generated from model (Eclipse EMF, XText) 23
  91. 91. Implementation • We have a tool that implements the approach • Stratagem http://sourceforge.net/projects/stratagem-mc/ (written in Java and Scala) • ~3700 lines of Scala code (DD and Strategies engine) • Java code generated from model (Eclipse EMF, XText) • Implemented translation for Petri nets 23
  92. 92. Implementation • We have a tool that implements the approach • Stratagem http://sourceforge.net/projects/stratagem-mc/ (written in Java and Scala) • ~3700 lines of Scala code (DD and Strategies engine) • Java code generated from model (Eclipse EMF, XText) • Implemented translation for Petri nets • Implemented translation for SPIN-like formalism 23
  93. 93. Practical results Presentation 24
  94. 94. Practical results Presentation • Petri nets taken from the Model checking contest @ PETRI NETS 2014 [Kordon et al. 2014] 24
  95. 95. Practical results Presentation • Petri nets taken from the Model checking contest @ PETRI NETS 2014 [Kordon et al. 2014] • Marcie [Heiner et al. 2013] was the best model checker for the state space category 24
  96. 96. Practical results Presentation • Petri nets taken from the Model checking contest @ PETRI NETS 2014 [Kordon et al. 2014] • Marcie [Heiner et al. 2013] was the best model checker for the state space category • Since then we only improved the translation 24
  97. 97. Practical results Kanban problem 25
  98. 98. Practical results Kanban problem • Small Petri net 25
  99. 99. Practical results Kanban problem • Small Petri net • 16 places & 16 transitions, marking changes with scale parameter 25
  100. 100. Practical results Kanban problem • Small Petri net • 16 places & 16 transitions, marking changes with scale parameter • State space for scale parameter 100 25
  101. 101. Practical results Kanban problem • Small Petri net • 16 places & 16 transitions, marking changes with scale parameter • State space for scale parameter 100 • 1.7263 ·1019 states 25
  102. 102. Practical results Kanban problem Marcie Stratagem 10 20 50 100 26 100 Time in seconds 0.1 10 1 Model size (scale parameter)
  103. 103. Practical results Kanban problem Marcie Stratagem 10 20 50 100 26 100 Time in seconds 0.1 10 1 Model size (scale parameter)
  104. 104. Practical results Kanban problem Marcie Stratagem 10 20 50 100 26 100 Time in seconds 0.1 10 1 Model size (scale parameter)
  105. 105. Practical results Sharedmem problem 27
  106. 106. Practical results Sharedmem problem • Petri net’s places and transition increase with scale parameter 27
  107. 107. Practical results Sharedmem problem • Petri net’s places and transition increase with scale parameter • 2651 places & 5050 transitions for scale parameter 50 27
  108. 108. Practical results Sharedmem problem • Petri net’s places and transition increase with scale parameter • 2651 places & 5050 transitions for scale parameter 50 • State space for scale parameter 50 27
  109. 109. Practical results Sharedmem problem • Petri net’s places and transition increase with scale parameter • 2651 places & 5050 transitions for scale parameter 50 • State space for scale parameter 50 • 5.87 ·1026 states 27
  110. 110. Practical results SharedMem problem Marcie Stratagem 5 10 20 50 28 Time in seconds 1000 100 10 1 0.1 Model size (scale parameter)
  111. 111. Practical results SharedMem problem Marcie Stratagem 5 10 20 50 28 Time in seconds 1000 100 10 1 0.1 Model size (scale parameter)
  112. 112. Practical results SharedMem problem Marcie Stratagem 5 10 20 50 28 Time in seconds 1000 100 10 1 0.1 Model size (scale parameter)
  113. 113. Limitations 29
  114. 114. Limitations • Non-linear rules are not allowed (but can be simulated) 29
  115. 115. Limitations • Non-linear rules are not allowed (but can be simulated) • Verification not yet implemented 29
  116. 116. Conclusions 30
  117. 117. Conclusions • New approach 30
  118. 118. Conclusions • New approach • Better results just by changing the strategy 30
  119. 119. Conclusions • New approach • Better results just by changing the strategy • More general and unified 30
  120. 120. Conclusions • New approach • Better results just by changing the strategy • More general and unified • Good benchmarks 30
  121. 121. Future work 31
  122. 122. Future work • Systematically go from SOS rules to rewrite strategies 31
  123. 123. Future work • Systematically go from SOS rules to rewrite strategies • Create more translations 31
  124. 124. Future work • Systematically go from SOS rules to rewrite strategies • Create more translations • Implement CTL model checking using strategies 31
  125. 125. Questions ? 32
  126. 126. Bibliography ! Narciso Martí-Oliet and José Meseguer. Rewriting Logic as a Logical and Semantic Framework.1993 Peter Borovanský and Claude Kirchner and Hélène Kirchner and Pierre- Etienne Moreau and Marian Vittek. ELAN: A logical framework based on computational systems. Electronic Notes in Theoretical Computer Science 4(0):35 – 50, 1996. M Heiner, C Rohr and M Schwarick. MARCIE - Model checking And Reachability analysis done effiCIEntly; In Proc. PETRI NETS 2013, Milano, Springer, LNCS, volume 7927, pages 389–399, June 2013 Kordon et al. HTML results from the Model Checking Contest @ Petri Net (2014 edition). http://mcc.lip6.fr/2014, 2014 33
  127. 127. The paper for this presentation can be found at: http:// edmundo.lopezbobeda.net/ publications 34

×