Title: Efficient Hybrid Reachability Analysis for Asynchronous Concurrent Systems
1Efficient Hybrid Reachability Analysis for
Asynchronous Concurrent Systems
- E. Pastor and M.A. Peña
- Department of Computer Architecture
- Technical University of Catalonia (UPC)
- Barcelona, Spain
2Context and Goals
- Hybrid Strategy for Reachability Analysis
- oriented to
- Asynchronous Concurrent Systems
- Why hybrid state exploration?
- The system is too large
- An early counter-example is required with low
computation cost - Why special focus on concurrent systems?
- Performance of classical state exploration is low
- Structure of the state space can be partially
analyzed
3Context and Goals
- Initial State
- a 1, b c d 0
- a is ready to fall
4Context and Goals
- Transition Systems FSM-like model
- States, transitions and events
- State generation
- Initial state transition relation ? reachable
states - Iterate until fix-point
5Outline
- Background
- Overview of the hybrid strategy
- Causality analysis
- State space exploration by simulation
- Guided-traversal
- Experimental results
- Conclusions
6Background Transition Systems
7Background Transition Systems
Disjunctive TR Each event TR Tr(e) is
manipulated separately
8Background Transition Systems
- Breadth First Search (BFS) state exploration does
not exploit the peculiarities of concurrent
systems - Much efficient results are obtained by using a
mixed (BFS/DFS) called chaining firing order is
crucial
BFS
chained BFS
s0
s0
s0
s0
a
b
a
b
s1
s2
s1
s2
b
a
b
a
s3
s3
9Background Transition Systems
- Breadth First Search (BFS) state exploration does
not exploit the peculiarities of concurrent
systems - Much efficient results are obtained by using a
mixed (BFS/DFS) called chaining firing order is
crucial
BFS
chained BFS
s0
s0
s0
s0
b
a
b
a
s1
s2
s1
s2
b
a
b
a
s3
s3
10Background Transition Systems
- Breadth First Search (BFS) state exploration does
not exploit the peculiarities of concurrent
systems - Much efficient results are obtained by using a
mixed (BFS/DFS) called chaining firing order is
crucial
BFS
chained BFS
s0
s0
s0
s0
a
b
a
b
s1
s2
s1
s2
b
a
b
a
s3
s3
11Background Transition Systems
- Breadth First Search (BFS) state exploration does
not exploit the peculiarities of concurrent
systems - Much efficient results are obtained by using a
mixed (BFS/DFS) called chaining firing order is
crucial
BFS
chained BFS
s0
s0
s0
s0
a
b
a
b
s1
s2
s1
s2
b
a
b
a
s3
s3
12Background Transition Systems
- Breadth First Search (BFS) state exploration does
not exploit the peculiarities of concurrent
systems - Much efficient results are obtained by using a
mixed (BFS/DFS) called chaining firing order is
crucial
BFS
chained BFS
s0
s0
s0
s0
a
b
a
b
s1
s2
s1
s2
b
a
b
a
s3
s3
13(No Transcript)
14BFS
chained BFS
chained BFS
a,b,c,d,e,f,g
e,a,g,c,b,f,d
a,b,c,d,e,f,g
15BFS
chained BFS
chained BFS
s0
s0
s0
b
b
b
a
a
a
s1
s2
s1
s2
s1
s2
a
b
a
b
a
b
c
c
c
b
b
b
s3
s4
s5
s3
s4
s5
s3
s4
s5
e
d
e
d
e
d
c
c
c
e
e
e
d
d
d
s6
s7
s8
s6
s7
s8
s6
s7
s8
b
a
b
a
b
a
e
e
e
b
f
b
f
b
f
d
f
d
f
d
f
s9
s10
s11
s9
s10
s11
s9
s10
s11
a
g
a
g
a
g
s12
s12
s12
a,b,c,d,e,f,g
a,b,c,d,e,f,g
e,a,g,c,b,f,d
16BFS
chained BFS
chained BFS
s0
s0
s0
b
b
b
a
a
a
s1
s2
s1
s2
s1
s2
a
b
a
b
a
b
c
c
c
b
b
b
s3
s4
s5
s3
s4
s5
s3
s4
s5
e
d
e
d
e
d
c
c
c
e
e
e
d
d
d
s6
s7
s8
s6
s7
s8
s6
s7
s8
b
a
b
a
b
a
e
e
e
b
f
b
f
b
f
d
f
d
f
d
f
s9
s10
s11
s9
s10
s11
s9
s10
s11
a
g
a
g
a
g
s12
s12
s12
a,b,c,d,e,f,g
a,b,c,d,e,f,g
e,a,g,c,b,f,d
17BFS
chained BFS
chained BFS
s0
s0
s0
b
b
b
a
a
a
s1
s2
s1
s2
s1
s2
a
b
a
b
a
b
c
c
c
b
b
b
s3
s4
s5
s3
s4
s5
s3
s4
s5
e
d
e
d
e
d
c
c
c
e
e
e
d
d
d
s6
s7
s8
s6
s7
s8
s6
s7
s8
b
a
b
a
b
a
e
e
e
b
f
b
f
b
f
d
f
d
f
d
f
s9
s10
s11
s9
s10
s11
s9
s10
s11
a
g
a
g
a
g
s12
s12
s12
a,b,c,d,e,f,g
a,b,c,d,e,f,g
e,a,g,c,b,f,d
18BFS
chained BFS
chained BFS
s0
s0
s0
b
b
b
a
a
a
s1
s2
s1
s2
s1
s2
a
b
a
b
a
b
c
c
c
b
b
b
s3
s4
s5
s3
s4
s5
s3
s4
s5
e
d
e
d
e
d
c
c
c
e
e
e
d
d
d
s6
s7
s8
s6
s7
s8
s6
s7
s8
b
a
b
a
b
a
e
e
e
b
f
b
f
b
f
d
f
d
f
d
f
s9
s10
s11
s9
s10
s11
s9
s10
s11
a
g
a
g
a
g
s12
s12
s12
a,b,c,d,e,f,g
a,b,c,d,e,f,g
e,a,g,c,b,f,d
19BFS
chained BFS
chained BFS
s0
s0
s0
b
b
b
a
a
a
s1
s2
s1
s2
s1
s2
a
b
a
b
a
b
c
c
c
b
b
b
s3
s4
s5
s3
s4
s5
s3
s4
s5
e
d
e
d
e
d
c
c
c
e
e
e
d
d
d
s6
s7
s8
s6
s7
s8
s6
s7
s8
b
a
b
a
b
a
e
e
e
b
f
b
f
b
f
d
f
d
f
d
f
s9
s10
s11
s9
s10
s11
s9
s10
s11
a
g
a
g
a
g
s12
s12
s12
a,b,c,d,e,f,g
a,b,c,d,e,f,g
e,a,g,c,b,f,d
20BFS
chained BFS
chained BFS
s0
s0
s0
b
b
b
a
a
a
s1
s2
s1
s2
s1
s2
a
b
a
b
a
b
c
c
c
b
b
b
s3
s4
s5
s3
s4
s5
s3
s4
s5
e
d
e
d
e
d
c
c
c
e
e
e
d
d
d
s6
s7
s8
s6
s7
s8
s6
s7
s8
b
a
b
a
b
a
e
e
e
b
f
b
f
b
f
d
f
d
f
d
f
s9
s10
s11
s9
s10
s11
s9
s10
s11
a
g
a
g
a
g
s12
s12
s12
a,b,c,d,e,f,g
a,b,c,d,e,f,g
e,a,g,c,b,f,d
21Overview of the hybrid strategy
- First phase
- Simulation strategy using an automatic
- branching exploration of the state space.
- Classical simulation algorithm, but
- Separate choice from concurrency
- Causality analysis is used to identify branching
states - Concurrency alternatives are avoided to be
explored later
22Overview of the hybrid strategy
- Second phase
- Traversal of a subset of the state-space driven
by the causality obtained from the simulation. - Alternative sequences are used to drive a
pseudo-traversal algorithm - This traversal algorithm generates additional
sequences equivalent to the original modulo
concurrency - States are generated in a single pass. No
fix-point iteration is necessary
23Causality analysis
- Causality analysis is key to identify alternative
branching sequences and differentiate them from
interleaving due to concurrency. - Types of causality to be encountered
- Concurrency
- Symmetric conflict
- Asymmetric conflict
24Causality analysis
- Concurrency between a and b
- both events can be executed interleaved
s0
s0
a
b
s1
s2
b
a
s3
25Causality analysis
- Symmetric conflict between a and b
- each branch is mutually exclusive
s0
s0
a
b
s1
s2
26Causality analysis
- Asymmetric conflict between a and b
- one branch disables the other
s0
s0
a
b
s1
s2
b
s3
27State space exploration
- Simulation algorithm
- Keep a list of active state sequences to be
explored - Take a sequence and analyze the bottom state
- Select an enabled event
- If concurrent to all other successors then extend
the sequence - If in conflict, duplicate the sequence and force
the exploration the selected event in one, and
disable the event in the other - Keep both sequences active
- Exploration of a sequence stops (and stored)
when - Some state is already reached
- Maximum exploration depth reached
- Error condition identified
28State space exploration
Initial State
branching states
alternative sequences
State Space
29Guided traversal
- Second phase expansion
- Sequence selection
- Causality extraction
- Traversal guided by causality
Initial State
State Space
30Guided traversal
- Second phase expansion
- Sequence selection
- Causality extraction
- Traversal guided by causality
Initial State
State Space
31Guided traversal
- A single sequence is a snapshot of the causality
in the system. - Local causality can be extracted from a sequence
by checking the enabling and firings of events at
each state.
32Guided traversal
33Guided traversal
- The actual causality between events is determined
by - Comparing the live-span of events
- A Causal Event Structure (CES) can by extracted.
34Guided traversal
35Guided traversal
Equivalent sequences modulo concurrency
36Guided traversal
37Guided traversal
38Guided traversal
39Guided traversal
40Guided traversal
41Guided traversal
42Guided traversal
All alternatives reached in a single pass
43Experiments reachability analysis
- Examples get as much states as possible
Simulation
Traversal
Fixpoint
BDD
States
CPU
BDD
States
CPU
States
CPU
GALS-C
13485
381
0.5
16208
1.2e3
0.8
1.2e3
0.2
PCC-C
9120
306
0.5
21185
9.8e5
3.7
9.8e5
2.7
RGA-A
10493
142
0.5
33355
1.0e9
2.7
3.3e9
6.1
RGA-C
17480
221
1.2
148711
9.1e12
17.4
5.4e13
46.0
IPCMOS-C 4
8088
179
0.3
99799
8.05e9
21.6
8.15e9
44.1
IPCMOS-C 6
15191
263
0.6
278575
1.75e14
14.9
1.78e14
19.1
IPCMOS-C 4
13727
133
0.3
151493
1.16e7
25.6
1.16e7
48.4
IPCMOS-C 6
28481
241
0.9
179577
9.15e9
32.9
9.15e9
27.3
STARI-C 8
141299
5646
16.9
283725
9.73e11
126.0
1.07e12
73.0
44Experiments timed verification
45Conclusions
- Concurrent systems require traversal strategies
that differ from classical used in synchronous
systems - Incremental analysis of the state space
exploiting structural information from the system
is possible - We suggest a two-step hybrid traversal
methodology - Simulation provides information from the
structure of the state space (alternative
branches and event causality) - Traversal exploits that information to speed-up
the generation of additional states - However, traversal is too heavy due to extensive
use of chaining (must find a trade-off)