Fair Cycle Detection: A New Algorithm and a Comparative Study Fabio Somenzi

Download Report

Transcript Fair Cycle Detection: A New Algorithm and a Comparative Study Fabio Somenzi 

Fair Cycle Detection:
A New Algorithm and a
Comparative Study
Fabio Somenzi
University of Colorado at Boulder
Acknowledgement
• This talk is the conflation of
– Kavita Ravi, Roderick Bloem, and Fabio Somenzi,
“A comparative study of symbolic algorithms for
the computation of fair cycles”
– Roderick Bloem, Hal Gabow, and Fabio Somenzi,
“An algorithm for strongly connected component
analysis in n log n symbolic steps”
• Both presented at FMCAD00
Model Checking
Given
• A finite state transition structure
• A property (set of admissible behaviors)
usually specified as
– Temporal logic formula
– -regular automaton
Decide whether initial states of structure
satisfy property
Properties
• Safety properties
– violation described as finite path
• Liveness properties
– infinite path (cycles)
• -regular automata acceptance, fairness
– Büchi, Muller, Rabin, Streett, L-process
SCC Decomposition
• Find all sets of nodes that can reach
each other (Strongly Connected
Components)
– SCC is trivial if it contains no edges
• Central graph problem
• Tarjan’s algorithm is linear, but explicit
• Find a good implicit algorithm
Motivation
• Fair cycle detection algorithms
– Symbolic vs. explicit state search
• Many symbolic algorithms, no systematic
comparisons
– What really makes the difference?
• Can we improve over O(n2) ?
Outline
Motivation
Introduction
• Fair cycle algorithms
– A general framework
• Lockstep algorithm
• How do the different algorithms fare?
• Conclusions
Büchi Emptiness
• A Büchi automaton accepts at least a
word if it has a nontrivial SCC that
contains an accepting state
• Used in:
– LTL model checking (Spin, SMV)
– Fair CTL model checking (VIS, SMV)
– Language-containment checking (COSPAN)
• If language not empty, produce witness
Notation
• CTL
– EX, EU, EG, EF (future tense, backward)
– EY, ES, EH, EP (past tense, forward)
• Fixpoint operators
– , 
Symbolic Algorithms
• Sets are represented by their
characteristic functions
• No loops over the elements of sets
• Instead:
– Union, intersection, complementation
– Check for equality (emptiness)
– (Choice of one element)
– Image (EY), preimage (EX)
Symbolic Complexity
• Number of variables is important
• Sets of nodes have 1 set of variables
• Transition relation has 2 sets
• Number of variables sets for operations:
• Boolean operations:
• Image, preimage:
• Transitive closure:
1 set
2 sets
3 sets
• Our Measure is number of steps: image
and preimage
• Keep transition relation constant!
Known Complexity
• Measured in nodes (n)
• Known results (symbolic):
– SCC decomposition: O(n2) [Xie & Beerel 99]
– Büchi emptiness: O(n2) [Emerson & Lei 86]
• We also measure number of steps as
function of number of nodes, but…
Interesting Parameters
• n : number of states
• d : Diameter of the graph
– Largest (finite) of the shortest distances between
two nodes
• h : Height of the SCC quotient graph
– How many SCCs we can have along a path
• N : Number of SCCs
• N’ : Number of nontrivial SCCs
• C’ : Number of fairness constraints
Outline
Motivation
Introduction
Fair cycle algorithms
– A general framework
• Lockstep algorithm
• How do the different algorithms fare?
• Conclusions
Symbolic Fair Cycle
Computations
Fair Cycle
Yes
No
Empty
set
Check if each
SCC is fair
SCC hull
(set of states that
contain fair SCCs)
Refinement
Symbolic SCC
enumeration
SCC Hull Algorithms
Generic SCC Hull algorithm (GSH)
Emerson-Lei
Hojati et al.
Kesten et al.
Hardin et al.
Generic SCC Hull Algorithm (GSH)
• SCC hull: a set of states that contains all fair SCCs
• Operators
– TB : EX(Z), {E(Z U Zc)}
– TF : EY(Z), {E(Z S Zc)}
• Algorithm: start with all states, at every
iteration
– choose and apply an operator from TB or TF
(operator schedules)
– converge when no change in state set under TB
OR TF operators (weaker condition)
Instances of GSH:
Different operator schedules
Emerson-Lei: Z. cC EX E(Z U Zc)
(EU1 EX) (EU2 EX) (EU1 EX) (EU2 EX)...
Hojati :
Z. EG cC E(Z U Zc)
(EU1 EU2) EX… (EU1 EU2) EX... (EU1 EU2) EX...
Hojati, Kesten:Z. EH cC E(Z S Zc)
(ES1 ES2) EY… (ES1 ES2) EY... (ES1 ES2) EY...
Hojati, Hardin:Z. EG-H cC ZEF(Zc)EP(Zc)
(EF, EP) (EY EX)... (EF, EP) (EY EX)...
SCC Quotient Graph
6
2
1
7
8
3
4
Trivial
Non-trivial
Fair
Initial
Terminal
15
14
9
16
10
5
11
13
12
SCC Quotient Graph
Trivial
Non-trivial
Fair
Initial
Terminal
Emerson-Lei, Hojati
6
2
1
7
8
3
4
15
14
9
16
10
5
11
13
12
SCC Quotient Graph
Trivial
Non-trivial
Fair
Initial
Terminal
Hojati, Kesten
6
2
1
7
8
3
4
15
14
9
16
10
5
11
13
12
SCC Quotient Graph
Trivial
Non-trivial
Fair
Initial
Terminal
Hojati, Hardin
6
2
1
7
8
3
4
15
14
9
16
10
5
11
13
12
SCC Quotient Graph
Trivial
Non-trivial
Fair
Initial
Terminal
GSH (TF convergence)
6
2
1
7
8
3
4
14
9
5
15
16
10
13
11 12
GSH (TB convergence)
Complexity in Steps
–
–
–
–
–
n : number of states
C’: number of fairness constraints
d : diameter of graph
N : Number of SCCs (N’: non-trivial)
h : height of the SCC quotient graph
GSH
O(C’n2) complexity
Emerson- Hojati,
Hojati,
Lei
Kesten
Hardin
O(C’dN)
(C’dh)
(C’dh +
N – N’)
O(C’dN)
Symbolic SCC Enumeration
Algorithms
Xie-Beerel
IXB
Bloem
Symbolic SCC Enumeration
• Find an SCC
– pick a state v
– compute the SCC of v as (EP(v)EF(v))
• Check if SCC is fair
• Recur on the partitions
Symbolic SCC enumeration
• Xie-Beerel
– v is randomly chosen
– EF(v), EP(v) are
1
SCC-closed sets
– Partition the state
space
– EG(partition) applied
to trim
– Complexity O(dN)
6
2
3
7
15
8
4
14
9
10
5
EF(v)
16
13
11
12
EP(v)
Symbolic SCC enumeration
• Improvements to XieBeerel
– trim with EH(partition) in
addition to EG(partition)
• Improves complexity
– v is chosen from a
priority queue
• Shortens prefix of
counterexample
1
6
2
3
7
15
8
4
14
9
16
10
5
13
11
12
Outline
Motivation
Introduction
Fair cycle algorithms
– A general framework
Lockstep algorithm
• How do the different algorithms fare?
• Conclusions
Lockstep Algorithm
• Same basic approach as in Xie-Beerel:
– Choose node v
– Search backward and forward, SCC of v is
intersection
• Perform two searches simultaneously
for n log n performance
Lockstep by Example
Stage 1: Search forward and backward
until one converges
Stage 2: Complete search to find SCC
Stage 3: Recursion
Lockstep by Example
Stage 1: Search forward and backward
until one converges
Stage 2: Complete search to find SCC
Stage 3: Recursion
Lockstep by Example
Stage 1: Search forward and backward
until one converges
Stage 2: Complete search to find SCC
Stage 3: Recursion
Lockstep by Example
Stage 1: Search forward and backward
until one converges
Stage 2: Complete search to find SCC
Stage 3: Recursion
Lockstep by Example
Stage 1: Search forward and backward
until one converges
Stage 2: Complete search to find SCC
Stage 3: Recursion
Backwards search converged!
Lockstep by Example
Stage 1: Search forward and backward
until one converges
Stage 2: Complete search to find SCC
Stage 3: Recursion
Lockstep by Example
Stage 1: Search forward and backward
until one converges
Stage 2: Complete search to find SCC
Stage 3: Recursion
Lockstep by Example
Stage 1: Search forward and backward
until one converges
Stage 2: Complete search to find SCC
Stage 3: Recursion
Lockstep by Example
Stage 1: Search forward and backward
until one converges
Stage 2: Complete search to find SCC
Stage 3: Recursion
Picture of Search Space
• Recur on Black and Blue & White: both are
SCC-closed
• One of Black and Blue & White has < n/2
nodes. This is S
V
Analysis: Charging
• Amortized analysis: charge to nodes
and count total charge
• In Stage 1: at most |S + C | steps
– Charge 1 to every node in S and C
• In Stage 2: at most |C | steps
– Charge 1 to every node in C
Analysis: Total Charge
V1
S1 < V1/2
V2
S2 < V2/2 < V1/4
• Every node goes down
only one branch
• Stage 1: Every node is
charged  log n times
• Stage 2: Every node is
charged  1 time
• Total charge: n log n
+ n = O(n log n)
Sharper Analysis
• For Emerson-Lei: O(dh)
• For Lockstep: O(n log(dN/n))
– N is number of SCCs
• With optimization: O(dN’+N) and
O((d+h)N’)
Complexity Comparison
Symbolic SCC
enumeration
SCC-Hull
GSH
Emerson Hojati,
-Lei
Kesten
O(C’dN) (C’dh) O(C’dh
+N–
N’)
Hojati,
Hardin
XieIXB
Beerel
O(C’dN) O(dN) O(min(
dN’+N,
N’(d+h))
)
O(C’n2) complexity
N’: Number of non-trivial SCCs
O(n2)
Bloem
O(min(
dN’+N,
N’(d+h))
)
O(n log n)
Counterexamples
• Symbolic SCC enumeration algorithms
– Only one fair SCC
– Shortest prefix can be generated with
onion rings
• SCC hull algorithms
– counterexample procedure depends on the
computed hull i.e., location of fair SCCs
Counterexamples
GSH
Emerson- Hojati,
Lei
Kesten
Hojati,
Hardin
Clarke95/ Clarke95 Kesten98 Clarke95
Kesten98
&
Kesten98
Length of counterexample depends on the SCC hull
Summary
• SCC-hull algorithms
• Symbolic SCC enumeration algorithms
– Lockstep
• Performance depends on
– N, N’, d, h, C’
– Number of fair SCCs, location of the fair
SCCs
– BDD factors?
Outline
Motivation
Introduction
Fair cycle algorithms
– A general framework
Lockstep algorithm
How do the different algorithms fare?
• Conclusions
Experiments
• Implemented 5 algorithms in COSPAN
– Emerson-Lei, Hojati/Kesten, Hojati/Hardin,
IXB, Lockstep
• Measured time, number of steps, length
of counter-examples
Experiments: No Fair Cycles
Circuit
Reach EL Time
Abp2 (16) 0.01 20.3 (352)
F1 (70)
259 68.6 (4)
RR (94)
67 13 (50)
S111 (191) 259 0.8 (4)
S195 (483) 1223 1.9 (3)
HK Time HH Time IXB Time
BGS Time
16.5 (720) 30.9 (733) 58 (2506, 693) 59 (1689, 465)
50.3 (4) 73.8 (12) 50.8 (4, 0) 50.5 (4, 0)
12.5 (50) 88.1 (58) 11.6 (50, 0) 12.3 (50, 0)
0.9 (5) 4.7 (13) 1.3 (6, 0)
1.28 (6, 0)
1.7 (3) 10.5 (10) 17.3 (3, 0) 17.4 (3, 0)
Experiments: Fair Cycles
Circuit Reach El Time HK Time HH Time IXB Time BGS Time
S192 (44) 1149 2440 (204) 17.6 (484) 4671 (462) 224.7 (172, 1)235 (172, 1)
WV (92) 62.9 288.4 (6) 4807 (16) 8958 (14) 5937(14, 1) 5779 (14, 1)
CO (93) 773.8 198.5(27) 9125 (174) 96.4(38) 8755 (174, 1) 7179 (174, 1)
643.6 (128)4050 (74) 406.4 (43, 1) 376.1 (43, 1)
S120 (93) 160.8 38(9)
S106 (124) 185 68.9 (35) 51 (174) 399 (91) 75.5 (55, 1) 76(55, 1)
Experiments: Length of
Counterexamples
Circuit
EL Prefix HK Prefix HH Prefix IXB Prefix BGS Prefix
Time Loop Time Loop Time Loop Time Loop Time Loop
S192 (44) 1.4 48,32 0.77 20,32 1.52 28,40 0.79 20,32 0.78 20,32
WV (92)
0.64 3,4
1.44 3,4
12.05 3,2
6.11 3,2
6.07 3,2
CO (93)
2.93 13,60 3.22 13,32 3.63 13,46 3.32 13,32 3.35 13,30
S120 (93) 1.28 8,18
1.34 7,8
2.46 9,16
1.78 7,18
1.58 7,18
S106 (124) 3.11 51,4
2.84 45,6
4.81 55,2
2.95 45,4
2.89 45,4
Experiments: Summary
• Emerson-Lei seems no worse than
others
• IXB, Lockstep designed to produce
short counterexamples
• BDDs play a large role in actual
performance
On-The-Fly Lockstep
• For example WV:
– Lockstep takes 5779 s
– The fair path is very short: (3,2)
– One (large) SCC is examined
• Stop as soon as B(v)  F(v) intersects
all fair sets
– A fair cycle is guaranteed in B(v)  F(v)
Outline
Motivation
Introduction
Fair cycle algorithms
– A general framework
Lockstep algorithm
How do the different algorithms fare?
Conclusions
Conclusions
• Compared various symbolic algorithms
– provided a classification, generalized some
algorithms
• Studied performance with experiments
• Future work
– Forward vs. Backward, BDD effects
– Streett acceptance
– Hybrid algorithms?
Conclusions
• n log n symbolic algorithm for
– SCC decomposition,
– Büchi emptiness,
– Streett emptiness,
measured in images/preimages
• Improves n 2 previously known bounds
• When measured more sharply: Lockstep
incomparable with EL
Conclusions
• Lockstep useful for counterexample
generation
• Future work: parallelizing algorithms
that change transition relation or even
use extra variables