1 / 20

Victor Khomenko and Andrey Mokhov

An Algorithm for Direct Construction of Complete Merged Processes. Victor Khomenko and Andrey Mokhov. Rationale. Merged processes (MPs) – a condense representation of the set of reachable states very compact – good to cope with the state space explosion in model checking

odin
Télécharger la présentation

Victor Khomenko and Andrey Mokhov

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Algorithm for Direct Construction of Complete Merged Processes Victor Khomenko and Andrey Mokhov

  2. Rationale • Merged processes (MPs) – a condense representation of the set of reachable states • very compact – good to cope with the state space explosion in model checking • amenable to efficient model checking • similar to unfoldings, but much smaller (copes not only with concurrency, but also with sequences of choices) • The only known algorithm for constructing MPs was based on merging nodes in the unfoldings • hence cancels all the advantages of MPs • Contribution: an algorithm that avoids the intermediate construction of the unfolding

  3. MPs: occurrence depth 1 1 1 3 2 1 2 1 Merged Process: • Fuse conditions with the same label and occurrence-depth • Delete duplicate events

  4. Example: a Petri net 1 3 2 4

  5. Example: unfolding 3 1 4 3 2 4 Step 1: Fuse conditions of the nodes with the same label and occurrence-depth

  6. Example: MP 3 1 4 2 3 4 Step 2: Delete event replicas

  7. Examples m m MPs of these nets coincide with the original nets, even though unfoldings are exponential!

  8. Properties of MPs • Canonicity, Finiteness, Marking-Completeness – follow from the corresponding properties of unfoldings • Theoretical upper bounds on size • Experimental results: MPs are usually much smaller than unfoldings

  9. Theoretical upper bounds on size • Trivial bound: Merge(Pref) is never larger than Pref, hence never larger than the reachability graph • too pessimistic in practice • MPs of acyclic PN coincide with the original PNs with the dead nodes removed • unfoldings can be exponential • MPs of live and safe free-choice PNs [with minor restrictions] are polynomial in the size of the original PNs • unfoldings can be exponential

  10. Experimental results: PN/Unf/MP size

  11. Experimental results: PN/MP size

  12. Experimental results: summary • Corbett’s benchmarks were used • MPs are often by orders of magnitude smaller than unfolding prefixes • In many cases MPs are just slightly larger than the original PNs • In some cases MPs are smaller than the original PNs due to removal of dead nodes

  13. Model checking • Model checking algorithms developed for unfoldings can be lifted to MPs • Reduces to SAT: ME & ACYCLIC & NG & VIOL • Still need efficient encoding of ACYCLIC

  14. Unravelling algorithm μ:=the MP comprised of the initial conditions sz := 0 // current configuration size repeat sz++ pe := possible extensions of μ//SAT cand := {e∈pe | e has a local conf of size sz in μ}//SAT // filter out potential cut-offs slice := {e∈cand | ¬MaybeCutOff(μ⊕cand, e, sz)} //2QBF μ:= μ⊕slice untilslice = ∅ ∧ ¬∃e∈pe: e has a local conf of size >sz in μ⊕pe// SAT

  15. Computing the possible extensions • Reduces to model checking (and so to SAT): Find a configuration C enabling a new instance of t

  16. Cut-off criterion // Check if each local conf of e of size sz in μcontains a cut-off MaybeCutOff(μ, e, sz) ≡ // 2QBF ∀ local conf C of e in μsuch that |C|=sz: ∃ f∈C: ∃ conf C’ in μ: Mark([f]C)=Mark(C’) ∧ [f]CC’ • Problem: cannot definitely declare e a cut-off, as it can acquire new configurations as the MP grows • Solution: if configurations are checked in the size order then can detect events that are definitely not cut-offs • All configurations (not only the local ones) are allowed as cut-off correspondents • The adequate order  must refine the size order

  17. Termination criterion • Not trivial! • Check that no possible extension e has a local configuration of size >sz • Reduces to model checking (and so to SAT): Find a configuration C enabling e such that |C|>sz

  18. Age of reductions μ:=the MP comprised of the initial mp-conditions sz := 0 // current configuration size repeat sz++ pe := possible extensions of μ//SAT cand := {e∈pe | e has a local conf of size sz in μ}//SAT // filter out potential cut-offs slice := {e∈cand | ¬MaybeCutOff(μ⊕cand, e, sz)} //2QBF μ:= μ⊕slice untilslice = ∅ ∧ ¬∃e∈pe: e has a local conf of size >sz in μ⊕pe// SAT

  19. Experimental results • A prototype tool was developed • Showed the feasibility of the approach • Loses to unfoldings • Much headroom for improving the tool Back to the future – improvements since the paper: • Significant speedups in the tool • Total adequate order • Comparable with unfoldings • Still much headroom for improving the tool

  20. Future work Potential improvements: • Improving the SAT encoding of the ACYCLIC constraint • Home-brewed 2QBF solver – definitely needs improving • Using incremental SAT wherever possible • Improving the top-level structure of the unravelling algorithm?

More Related