btsl* model checking with fairness for reo€¦ · ilham kurnia technische universität dresden 19...

Reo CA BTSL BTSL* Result Done

BTSL* Model Checking with Fairness for Reo

Ilham Kurnia

Technische Universität Dresden

19 December 2008

Ilham Kurnia TUD

BTSL* Model Checking


Overview

I Introduction to Reo [Arbab, 2004] and Constraint Automata[Baier et al, 2006]

I BTSL [Klüppelholz and Baier, 2007]I BTSL*I Experimental result

Ilham Kurnia TUD



Overview


I BTSL [Klüppelholz and Baier, 2007]

I BTSL*I Experimental result

Ilham Kurnia TUD



Overview


I BTSL [Klüppelholz and Baier, 2007]I BTSL*

I Experimental result

Ilham Kurnia TUD



Overview


I BTSL [Klüppelholz and Baier, 2007]I BTSL*I Experimental result

Ilham Kurnia TUD



a b c

1

Ilham Kurnia TUD



Nodes

source

sink

mixed

Ilham Kurnia TUD



Nodes

source sink

mixed

Ilham Kurnia TUD



Channels

Sync

SyncDrain

FIFO(1)

AsyncDrain

1

Ilham Kurnia TUD



Plug [Proença and Costa, 2006]

1

a b c

Ilham Kurnia TUD




1

a

b c

Ilham Kurnia TUD




1

a b

c

Ilham Kurnia TUD




1

a b c

Ilham Kurnia TUD



And Play

Ilham Kurnia TUD


sequencer1.swfMedia File (application/x-shockwave-flash)


Reo −→ CA

a b c

q0

q1

q2

{a},

{1} {b}, {1}{c}, {1}

Ilham Kurnia TUD



CA Features

q0

q1

q2

{a},

{1} {b}, {1}{c}, {1}

Alphabet = 2ActivePorts,DataValue|ActivePorts|

{step0}

{step1}

{step2}{step0}

{step1}

{step2}

Infinite Runs θ = q0{a},{1}−−−−→ q1

{b},{1}−−−−→ q2{c},{1}−−−−→ q0

{a},{1}−−−−→ . . .

Finite Runs θ = q0{a},{1}−−−−→ q1

√−→ q1

Ilham Kurnia TUD



CA Features

q0

q1

q2

{a},

{1} {b}, {1}{c}, {1}


{step0}

{step1}

{step2}

{step0}

{step1}

{step2}


{b},{1}−−−−→ q2{c},{1}−−−−→ q0

{a},{1}−−−−→ . . .


√−→ q1

Ilham Kurnia TUD



CA Features

q0

q1

q2

{a},

{1} {b}, {1}{c}, {1}


{step0}

{step1}

{step2}

{step0}

{step1}

{step2}

Infinite

Runs θ = q0{a},{1}−−−−→ q1

{b},{1}−−−−→ q2{c},{1}−−−−→ q0

{a},{1}−−−−→ . . .


√−→ q1

Ilham Kurnia TUD



Terminal States

I Components may refuse to cooperate

I States which do not have internal transitions (involve nocomponents).

Ilham Kurnia TUD



Terminal States

I Components may refuse to cooperateI States which do not have internal transitions (involve no

components).

Ilham Kurnia TUD



CA Features

q0

q1

q2

q0

q1

q2

Alphabet CIO = 2ActivePorts,DataValue|ActivePorts|

{a},

{1} {b}, {1}{c}, {1}

{step0}

{step1}

{step2}

Infinite

Runs θ = q0{a},{1}−−−−→ q1

{b},{1}−−−−→ q2{c},{1}−−−−→ q0

{a},{1}−−−−→ . . .


√−→ q1

√−→ q1

√−→ . . .

Ilham Kurnia TUD



CA Features

q0

q1

q2

q0

q1

q2

Alphabet CIO = 2ActivePorts,DataValue|ActivePorts|

{a},

{1} {b}, {1}{c}, {1}

{step0}

{step1}

{step2}


{b},{1}−−−−→ q2{c},{1}−−−−→ q0

{a},{1}−−−−→ . . .Finite Runs θ = q0

{a},{1}−−−−→ q1√−→ q1

√−→ q1

√−→ . . .

Ilham Kurnia TUD



Properties

If a component i has the turn, then whenever component itakes its turn the next component in line will get its turn.

stepi → ∃[CIO]step(i+1) mod 3

Ilham Kurnia TUD



BTSL Syntax

State formulaPath formula

α := stop | c | α1;α2 | α1 ∪ α2 | α∗

Equivalences:

∃# Φ ≡ ∃〈CIO〉Φ ∀# Φ ≡ ¬∃# ¬Φ∃3Φ ≡ ∃(true U Φ) ∀2Φ ≡ ¬∃3¬Φ∃2Φ ≡ ¬∀(true U ¬Φ) ∀3Φ ≡ ¬∃2¬Φ∃[α]Φ ≡ ¬∀〈α〉¬Φ ∀[α]Φ ≡ ¬∃〈α〉¬Φ

Ilham Kurnia TUD



BTSL Syntax

Φ := true | p | Φ1 ∧ Φ2 | ¬Φ | ∃ϕ | ∀ϕPath formula

α := stop | c | α1;α2 | α1 ∪ α2 | α∗

Equivalences:


Ilham Kurnia TUD



BTSL Syntax

Φ := true | p | Φ1 ∧ Φ2 | ¬Φ | ∃ϕ | ∀ϕϕ := Φ1UΦ2 | 〈α〉Φα := stop | c | α1;α2 | α1 ∪ α2 | α∗

Equivalences:


Ilham Kurnia TUD



More Examples

Ilham Kurnia TUD



More Examples

Ph0

Ph1

Ch0 Ch1Rel0 Take0Rel1 Take1

Chi

1

think

wait0

eat

wait1

PhiliTake0

PhiliTake1 PhiliRel1

PhiliRel0

Ilham Kurnia TUD



BTSL Model Checking

I Like CTLI 〈〉 and []: Automata based approach + reduce to CTL

Ilham Kurnia TUD



Fairness

Source: Nondeterministic flow selection

P(0)

P(1)

Ilham Kurnia TUD



Fairness

Source: Unrealistic component behavior

Ph0

Ph1

Ch0 Ch1Rel0 Take0Rel1 Take1

Ilham Kurnia TUD



Transition-Based Fairness

I 23P(0) ∧23P(1)

I (23enabled(take_lefti)→ 23〈take_lefti〉) ∧(23enabled(take_righti)→ 23〈take_righti〉)

Problem: Not part of BTSL.

Ilham Kurnia TUD



Transition-Based Fairness

I 23P(0) ∧23P(1)I (23enabled(take_lefti)→ 23〈take_lefti〉) ∧

(23enabled(take_righti)→ 23〈take_righti〉)

Problem: Not part of BTSL.

Ilham Kurnia TUD



ReCTL* [D. Clarke, 2006]

Φ := true | p | Φ1 ∧ Φ2 | ¬Φ1 | ∃ϕ1 | ∀ϕ1ϕ := Φ | ϕ1 ∧ ϕ2 | ¬ϕ1 | ϕ1Uϕ2 | 〈α〉ϕα := c | α1;α2 | α1 ∪ α2 | α∗

Disadvantages:I Uses timed automataI Unclear how to handle explicit finite path specification

Ilham Kurnia TUD





Disadvantages:I Uses timed automata

I Unclear how to handle explicit finite path specification

Ilham Kurnia TUD





Disadvantages:I Uses timed automataI Unclear how to handle explicit finite path specification

Ilham Kurnia TUD



BTSL*

Φ := true | p | Φ1 ∧ Φ2 | ¬Φ1 | ∃ϕ1 | ∀ϕ1ϕ := Φ | ϕ1 ∧ ϕ2 | ¬ϕ1 | ϕ1Uαϕ2α := c | α1;α2 | α1 ∪ α2 | α∗

Based on Dynamic LTL [Henriksen and Thiagarajan, 1997]

Ilham Kurnia TUD



DLTL semantics

ϕ1Uαϕ2

ϕ1 ϕ1 ϕ1 ϕ2

. . .a b c x

abc ∈ L(α)

As expressive as ω-regular language!

Ilham Kurnia TUD



BTSL*

Φ := true | p | Φ1 ∧ Φ2 | ¬Φ1 | ∃ϕ1 | ∀ϕ1ϕ := Φ | ϕ1 ∧ ϕ2 | ¬ϕ1 | ϕ1Uαϕ2α := stop | c | α1;α2 | α1 ∪ α2 | α∗

DLTL Equivalences:

#ϕ ≡ true UCIO ϕ ϕ1 U ϕ2 ≡ ϕ1 UCIO∗ϕ2

3ϕ ≡ true U ϕ 2ϕ ≡ ¬3¬ϕ〈α〉ϕ ≡ true Uα ϕ [α]ϕ ≡ ¬〈α〉¬ϕc ≡ 〈c〉true

Ilham Kurnia TUD



DLTL Model Checking

I Similar to LTL: create NBA of ¬ϕ, compute cross product,and check for emptiness.

I Generating the NBA:I Convert all α to NFAI Expand using axioms and tableau based rules.

I Nodes of the NBA are labelled with set of (signed)formulas, parity number, and until formula fulfillment status.

Ilham Kurnia TUD



Tableau Axioms

Axioms:I

∨c∈CIO〈c〉true

I ϕ1 Uα ϕ2 ≡ ϕ2 ∨ (ϕ1 ∧∨

c∈CIO〈c〉∨

q′∈δ(q,c)ϕ1 UYα(q′) ϕ2)

(q is a final state)I ϕ1 Uα ϕ2 ≡ ϕ1 ∧

∨c∈CIO〈c〉

∨q′∈δ(q,c)ϕ1 U

Yα(q′) ϕ2(q is not a final state)

Example (see board)

Ilham Kurnia TUD



NBA for 2〈(a; a)+〉p

Ilham Kurnia TUD



BTSL*

I Allows easy integration of fairness, and very expressive

I Works also for finite runs after some modificationI Big minus: huge NBA

Ilham Kurnia TUD



BTSL*

I Allows easy integration of fairness, and very expressiveI Works also for finite runs after some modification

I Big minus: huge NBA

Ilham Kurnia TUD



BTSL*

I Allows easy integration of fairness, and very expressiveI Works also for finite runs after some modificationI Big minus: huge NBA

Ilham Kurnia TUD



Implementation

Logic: reduced BTSL*Φ := true | p | Φ1 ∧ Φ2 | ¬Φ1 | ∃ϕ1 | ∀ϕ1 | ∃〈α〉Φ | ∀〈α〉Φϕ := Φ | ϕ1 ∧ ϕ2 | ¬ϕ1 | # ϕ1 | ϕ1Uϕ2

Implication: can use BTSL + LTLI/O

I GNU C++ 4.2.4I OBDD using JINCI Intel dual-core 3.0 GHz CPU, 2 GB of RAM, Ubuntu 8.04.1I Benchmark connector: dining philosophersI Average of 3 runs

Ilham Kurnia TUD



Implementation

Logic: reduced BTSL*Φ := true | p | Φ1 ∧ Φ2 | ¬Φ1 | ∃ϕ1 | ∀ϕ1 | ∃〈α〉Φ | ∀〈α〉Φϕ := Φ | ϕ1 ∧ ϕ2 | ¬ϕ1 | # ϕ1 | ϕ1Uϕ2Implication: can use BTSL + LTLI/O

I GNU C++ 4.2.4I OBDD using JINCI Intel dual-core 3.0 GHz CPU, 2 GB of RAM, Ubuntu 8.04.1I Benchmark connector: dining philosophersI Average of 3 runs

Ilham Kurnia TUD



Comparison with Other Model Checkers

Ilham Kurnia TUD



Comparison with BTSL Model Checker

Ilham Kurnia TUD



Fairness Condition

Strong fairness sfair =∀(1 ≤ i ≤ N ∧ i mod 3 = 1) :

(23enabled({take_lefti})→ 23take_lefti)∧(23enabled({take_righti})→ 23take_righti)

Ilham Kurnia TUD



Fairness ResultExecution result for ∃2¬eati with sfair :

N Time (s) RAM (MB)2 0.78 Negligible3 75.61 7074 N/A Out of memory

Generated NBA properties:

N Formula States Symbolic Edges2 sfair→ ¬2¬eati 14 404 sfair→ ¬2¬eati 114 4617 sfair→ ¬2¬eati 922 5647

Ilham Kurnia TUD



Conclusion

I Reo and CAI How to check BTSL*I Experiment results

Ilham Kurnia TUD



Thank you for your attention!Any questions?

Ilham Kurnia TUD


ReoCABTSLBTSL*ResultDone

btsl* model checking with fairness for reo€¦ · ilham kurnia technische universität dresden 19...

Documents