Transcript External A*

I/O Efficient Directed
Model Checking
Shahid Jabbar
and
Stefan Edelkamp,
Computer Science Department
University of Dortmund, Germany
Problem

In explicit-state model checking, most
real-world models require enormous
amount of memory.

How to cope with this state space
explosion problem ?
Shahid Jabbar (Dortmund)
I/O Efficient Directed MC
2
Directed Model Checking
(Edelkamp, Leue, Lluch-Lafuente, 2004)
A guided search in the state space.
 Usually by some heuristic estimate.
 Only promising states are explored.
 Under-certain conditions proved to be
complete.

Shahid Jabbar (Dortmund)
I/O Efficient Directed MC
3
A Closer look at different strategies
Depth
first
Breadth
first
Best
first
A*
Shahid Jabbar (Dortmund)
I/O Efficient Directed MC
4
Advantages of Directed Model
Checking
Partial exploration of the state space.
 Shorter error trails



Better for human comprehension
Problem:

The inevitable demands of the model .. Space,
space and space.
Shahid Jabbar (Dortmund)
I/O Efficient Directed MC
5
Possible Solution

Use Virtual Memory.



Assume a bigger address space divided into
pages.
Saved on the hard disk but are moved back to
the main memory whenever they are “called” –
Page Faults.
Pages are mapped to physical locations within
the main memory and the desired content is
returned from the main memory location.
Shahid Jabbar (Dortmund)
I/O Efficient Directed MC
6
Problem with the Virtual Memory
Virtual
Address
Space
0x000…000
Memory
Page
0xFFF…FFF
Shahid Jabbar (Dortmund)
I/O Efficient Directed MC
7
External Memory Model (Aggarwal and
Vitter)
M
B
Disk
Shahid Jabbar (Dortmund)
If the input size is
very large, running
time depends on the
I/Os rather than on
the number of
instructions.
Input of size N and N >> M
I/O Efficient Directed MC
8
External Memory Graph Algorithms


External breadth first search [Munagala and
Ranade, 2001]:

Generated states flushed to the disk for every BFS level.

No hash table.

Duplicates are removed by sorting the nodes according to the
indices and doing an scan and compaction phase.

Before expanding a layer t, the nodes in the layer t-1 and t-2
are subtracted from t.

O(|V| + sort(|V| + |E|)) I/Os.
where sort(N) = O(N / B logM/B N / B) I/Os
[Korf, 2003] presented the breadth first search version for
implicit graphs.
Shahid Jabbar (Dortmund)
I/O Efficient Directed MC
9
A* Algorithm


A.k.a Goal-directed Dijkstra
A heuristic estimate is used to guide the search.



E.g. Straight line distance from the current node to the goal in
case of a graph with a geometric layout.
Reweighing: w’(u,v) = w(u,v) – h(u) + h(v)
Problems:

A* needs to store all the states during exploration.

A* generates large amount of duplicates that can be removed
using an internal hash table – only if it can fit in the main
memory.

A* do not exhibit any locality of expansion. For large state
spaces, standard virtual memory management can result in
excessive page faults.
Shahid Jabbar (Dortmund)
I/O Efficient Directed MC
10
Take a closer look


Implicit, unweighted,
undirected graphs
1
1
2
3
4
5
6
It’s a
Bucket
!!
2
g
Shahid Jabbar (Dortmund)
0
0
Consistent
heuristic
estimates.
=> ∆h ={-1,0,1}
h
3
4
5
I/O Efficient Directed MC
11
Bucket

A Bucket is a set of states, residing on the disk, having the
same (g, h) value,




Where, g = number of transitions needed to transform the
initial state to the states of the bucket,
and h = Estimated distance of the bucket’s state to the goal
No state is inserted again in a bucket that is expanded.
If Active (being read or written), represented internally by
a small buffer.
Insert state
Flush when full
Buffer in internal memory
File on disk
Shahid Jabbar (Dortmund)
I/O Efficient Directed MC
12
External A* [Edelkamp, Jabbar, and Schroedl, 2004]

Buckets represent temporal
locality – cache efficient
order of expansion.

If we store the states in the
same bucket together we
can exploit the spatial
locality.

Munagala and Ranade’s BFS
and Korf’s delayed duplicate
detection for implicit graphs.
Shahid Jabbar (Dortmund)
I/O Efficient Directed MC
External A*
13
Complexity Analysis


Internal A* => Each edge is
looked at most once.
Duplicates Removal:


Sorting the green bucket
having one state for every
edge from the 3 black
buckets.
Scanning and compaction.


O(sort(|E|))
Subtraction:

Removing states of orange
buckets (duplicates free)
from the green one.

O(scan(|V|) + scan(|E|))
Shahid Jabbar (Dortmund)
I/O Efficient Directed MC
14
I/O Performance of External A*
Theorem: The complexity of External A* in
an implicit unweighted and undirected
graph with a consistent estimate is
bounded by O(sort(|E|) + scan(|V|)) I/Os.
Shahid Jabbar (Dortmund)
I/O Efficient Directed MC
15
Directed Graphs in Model Checking

In undirected graphs, we are required to look at only two
layers for duplicate detection.

But in model checking, we are mainly concerned with directed
graphs.

Result by [Zhou & Hansen, 2004]


Duplicate detection scope = Locality of the search
Locality = max{\delta(s,u)-\delta(s,v), 0} for all edges (u, v)

\delta denotes the shortest path.

In directed graphs, scope corresponds to the largest cycle in
the graph.

Largest cycle ≤ Sum of the largest cycles in individual
processes.
Shahid Jabbar (Dortmund)
I/O Efficient Directed MC
16
From SPIN to HSF-SPIN to
IO-HSF-SPIN

SPIN: A well-known model checker.

HSF-SPIN (Edelkamp, Leue, Lluch-Lafuente):
Directed Model Checking Extension of SPIN.

IO-HSF-SPIN: External HSF-SPIN.



Incorporates External A* in HSF-SPIN.
Successfully implemented for deadlock detection.
Active process heuristic is used to guide the search.
Shahid Jabbar (Dortmund)
I/O Efficient Directed MC
17
Experimental Results -1

Deadlock Detection in Dining Philosophers
#
Philosophers
Solution
Depth
#stored
sates
#
#
expanded transitions
states
Space
100
402
980,003
19,503
999,504 2.29 GB
150
603
3,330,003
44,253
3,374,254 10.4 GB
Shahid Jabbar (Dortmund)
I/O Efficient Directed MC
18
Experimental Results -2

Deadlock Detection in Optical Telegraph
#
Stations
Solution
Depth
#stored sates
#
expanded
states
# transitions Space
5
33
10,874
4,945
7
45
333,848
115,631
820,319 137 MB
8
50
420,498
103,667
917,011 186 MB
9
57
9,293,203
2,534,517
23,499,519 4.29 GB
Shahid Jabbar (Dortmund)
I/O Efficient Directed MC
24,583 3.85 MB
19
Experimental Results -3

CORBA GIOP – 1 Server, N Clients
#
Solution #stored sates
Clients Depth
#
expanded
states
# transitions Space
2
58
48,009
39,260
126,478 33.5 MB
3
70
825,789
670,679
2,416,823 0.57 GB
4
75
7,343,358
5,727,909
22,809,278 5.17 GB
Shahid Jabbar (Dortmund)
I/O Efficient Directed MC
20
Experimental Results -4

CORBA GIOP – 2 Servers, N Clients
#
Solution #stored sates
Clients Depth
#
expanded
states
2
64
158,561
125,514
3
76
2,705,766
2,134,724
4
81
26,340,417
20,861,609
Shahid Jabbar (Dortmund)
I/O Efficient Directed MC
# transitions Space
466,339 0.12 GB
8,705,588 2.1 GB
88,030,774 20.7 GB
21
Pause and Resume

What if even your harddisk becomes full ?

Solution: Since the states are stored on the
disk, the algorithm can be stopped at any time
and resumed from the last working diagonal.
Shahid Jabbar (Dortmund)
I/O Efficient Directed MC
22
Summary

State space explosion problem can be circumvented
by Directed Model Checking.

But even Directed Model Checking can fail for the
state spaces that cannot fit into the main memory.

External A* helps in overcoming this problem.

Extended for directed graphs as appear in Model
checking.

First external directed model checker IO-HSF-SPIN.

Problem having a state space size of 20.7 GB is
successfully solved.
Shahid Jabbar (Dortmund)
I/O Efficient Directed MC
23