1 / 44

Improving the Precision of INCA by Preventing Spurious Cycles

Improving the Precision of INCA by Preventing Spurious Cycles. Stephen F. Siegel and George S. Avrunin University of Massachusetts Laboratory for Advanced Software Engineering Research. Approaches to Finite State Verification. Traditional Reachability Enumerate all states

cesark
Download Presentation

Improving the Precision of INCA by Preventing Spurious Cycles

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Improving the Precision of INCA by Preventing Spurious Cycles Stephen F. Siegel and George S. Avrunin University of Massachusetts Laboratory for Advanced Software Engineering Research

  2. Approaches to Finite State Verification • Traditional Reachability • Enumerate all states • Precise, but State Explosion Problem • INCA approach • Formulate necessary conditions for the existence of a violation • Trade precision for tractability Improving the Precision of INCA by Preventing Spurious Cycles

  3. Query Source How INCA Works INCA Front End answer FSAs Integer Linear Programming (ILP) Problem INCA Back End CPLEX INCA Improving the Precision of INCA by Preventing Spurious Cycles

  4. Inequality Necessary Condition Analyzer Improving the Precision of INCA by Preventing Spurious Cycles

  5. Simple Example t1 1 c 2 t2 5 b a c t3 7 c b 6 3 4 8 a a a Improving the Precision of INCA by Preventing Spurious Cycles

  6. Property for simple example Requirement: “On no execution is there a b preceded by an a.” (defquery “no-a-before-b” “nofair” (omega-star-less (sequence (interval :initial t :ends-with ’((rend “t3;t1.b”)) :require ’((rend “t2;t1.a”)))))) Improving the Precision of INCA by Preventing Spurious Cycles

  7. t1 1 1 c 2 t2 5 b a c 7 t3 7 c 2 4 9 b 6 8 3 4 5 8 3 6 a a a Improving the Precision of INCA by Preventing Spurious Cycles

  8. x1+x6 = x2+x4 t1 1 1 c 2 t2 5 b a c 7 t3 7 c 2 4 9 b 6 8 3 4 5 8 3 6 a a a Improving the Precision of INCA by Preventing Spurious Cycles

  9. x1+x6 = x4+x5 = x2+x4 x5+x6 t1 1 1 c 2 t2 5 b a c 7 t3 7 c 2 4 9 b 6 8 3 4 5 8 3 6 a a a Improving the Precision of INCA by Preventing Spurious Cycles

  10. x1+x6 = x4 = x2+x4 x6 t1 1 1 c 2 t2 5 b a c 7 t3 7 c 2 4 9 b 6 8 3 4 5 8 3 6 a a a Improving the Precision of INCA by Preventing Spurious Cycles

  11. Flow Equations 1 = x1+x6 = x2+x3 = x4 = 1 = x7+x8 = 1 = x9 = x1 x2+x4 x3+1 x6 x7 x8+1 x9 1 t1 1 1 c 2 t2 5 b a c 7 t3 7 c 2 4 9 b 6 8 3 4 5 8 3 6 a a a Improving the Precision of INCA by Preventing Spurious Cycles

  12. Flow Equations x3 +x4 +x5 = x8 1 = x1+x6 = x2+x3 = x4 = 1 = x7+x8 = 1 = x9 = x1 x2+x4 x3+1 x6 x7 x8+1 x9 1 t1 1 1 c 2 t2 5 b a c 7 t3 7 c 2 4 9 b 6 8 3 4 5 8 3 6 a a a Improving the Precision of INCA by Preventing Spurious Cycles

  13. Communication Equations Flow Equations x3 +x4 +x5 = x2 = x1+x6 = x8 x9 x7 1 = x1+x6 = x2+x3 = x4 = 1 = x7+x8 = 1 = x9 = x1 x2+x4 x3+1 x6 x7 x8+1 x9 1 t1 1 1 c 2 t2 5 b a c 7 t3 7 c 2 4 9 b 6 8 3 4 5 8 3 6 a a a Improving the Precision of INCA by Preventing Spurious Cycles

  14. Communication Equations Flow Equations x3 +x4 +x5 = x2 = x1+x6 = x8 x9 x7 1 = x1+x6 = x2+x3 = x4 = 1 = x7+x8 = 1 = x9 = x1 x2+x4 x3+1 x6 x7 x8+1 x9 1 t1 1 1 c Requirement Inequality 2 x8 ≥ 1 t2 5 b a c 7 t3 7 c 2 4 9 b 6 8 3 4 5 8 3 6 a a a Improving the Precision of INCA by Preventing Spurious Cycles

  15. Communication Equations Flow Equations x3 +x4 +x5 = x2 = x1+x6 = x8 x9 x7 1 = x1+x6 = x2+x3 = x4 = 1 = x7+x8 = 1 = x9 = x1 x2+x4 x3+1 x6 x7 x8+1 x9 1 t1 1 1 c Requirement Inequality 2 x8 ≥ 1 t2 5 b a c 7 t3 7 c 2 4 9 b 6 8 3 4 5 8 3 6 a a a Improving the Precision of INCA by Preventing Spurious Cycles

  16. Spurious Cycle Improving the Precision of INCA by Preventing Spurious Cycles

  17. The Cycle Elimination Problem • Add constraints to ILP System so that (i) any solution with disconnected flow is eliminated, and (ii) no connected solutions are eliminated. • Naïve solution: exponential number of constraints • Our solution: linear Improving the Precision of INCA by Preventing Spurious Cycles

  18. Distinguishing Solutions Improving the Precision of INCA by Preventing Spurious Cycles

  19. Distinguishing Solutions Improving the Precision of INCA by Preventing Spurious Cycles

  20. Connected solution has spanning tree Improving the Precision of INCA by Preventing Spurious Cycles

  21. Our Solution toCycle Elimination Problem • Add to INCA-generated ILP Problem: • For each node v: new variable dv • For each edge e: new binary variable se Improving the Precision of INCA by Preventing Spurious Cycles

  22. Given connected solution: 0 Let se=1 if e is in spanning tree, 0 otherwise. Let dv=depth of v in tree if v is in solution, 0 otherwise. 1 3 1 1 1 1 0 4 2 0 0 1 1 0 3 5 1 4 Improving the Precision of INCA by Preventing Spurious Cycles

  23. Constraints (i) For each edge e: If xe=0 then se=0. 0 1 3 1 1 1 1 0 4 2 0 0 1 1 0 3 5 1 4 Improving the Precision of INCA by Preventing Spurious Cycles

  24. Constraints (i) For each edge e: If xe=0 then se=0. (ii) For each edge e=(u,v): If se=1 then dv > du. 0 1 3 1 1 1 1 0 4 2 0 0 1 1 0 3 5 1 4 Improving the Precision of INCA by Preventing Spurious Cycles

  25. Constraints (i) For each edge e: If xe=0 then se=0. (ii) For each edge e=(u,v): If se=1 then dv > du. (iii) For each node v: If ∑xe > 0 then for some e=(u,v), se=1. 0 1 3 1 1 1 1 0 4 2 0 0 1 1 0 3 5 1 4 Improving the Precision of INCA by Preventing Spurious Cycles

  26. Disconnected solution cannot satisfy constraints (i) For each edge e: If xe=0 then se=0. (ii) For each edge e=(u,v): If se=1 then dv > du. (iii) For each node v: If ∑xe > 0 then for some e=(u,v), se=1. u e v Improving the Precision of INCA by Preventing Spurious Cycles

  27. Expressing Constraints in ILP Suppose x,y ≥ 0. Problem: express “If x = 0 then y = 0” as linear constraint. Impossible! y x Improving the Precision of INCA by Preventing Spurious Cycles

  28. Expressing Constraints in ILP Suppose x,y ≥ 0. Problem: express “If x = 0 then y = 0” as linear constraint. Impossible! (But y ≤ xy works.) y x Improving the Precision of INCA by Preventing Spurious Cycles

  29. “If x = 0 then y = 0” B Add restriction: 0 ≤ y ≤ B y Then “if x = 0 then y = 0” is equivalent to y ≤ Bx x Improving the Precision of INCA by Preventing Spurious Cycles

  30. Compromise • We must use bounds 0 ≤ xe ≤ B for flow variables. • For experiments, B=10,000. • Strictly speaking, INCA analysis is not conservative. Improving the Precision of INCA by Preventing Spurious Cycles

  31. Preliminary Experiments • Can we solve a problem we could not solve before? • How does cost (CPLEX time) scale? • Compare cost to inconclusive case. • For problems we could already solve: • Compare cost of using cycle-elimination with cost of not using it Improving the Precision of INCA by Preventing Spurious Cycles

  32. Experiment 1: Scaled Simple • tasks: linear in n • nodes: linear in n • edges: quadratic in n • new variables: quadratic in n • new constraints: quadratic in n Improving the Precision of INCA by Preventing Spurious Cycles

  33. Improving the Precision of INCA by Preventing Spurious Cycles

  34. Improving the Precision of INCA by Preventing Spurious Cycles

  35. Improving the Precision of INCA by Preventing Spurious Cycles

  36. Conclusions • Technique eliminates solutions with spurious cycles, but not real solutions (except for those which exceed bound). • Number of new variables & constraints linear in number of nodes, edges. • ILP analysis time seems quite reasonable. Improving the Precision of INCA by Preventing Spurious Cycles

  37. Future Work • Fully incorporate cycle-elimination into INCA. • Do extensive experimentation. • Work on the other major source of imprecision in INCA, the “Order Problem” • solutions in which there is no global ordering of events which is consistent with the order implied by the flow in each task. Improving the Precision of INCA by Preventing Spurious Cycles

  38. Expressing Constraint (i) (i) For each edge e: if xe=0 then se=0. (i’) For each edge e: xe ≥ se Improving the Precision of INCA by Preventing Spurious Cycles

  39. Expressing Constraint (ii) (ii) For each edge e=(u,v): if se=1 then dv > du. BOUND: 0 ≤ dv ≤ N, N = number of nodes (ii’) dv ≥ du+(N+1)si - N Improving the Precision of INCA by Preventing Spurious Cycles

  40. Expressing Constraint (iii) (iii) For each node v: if ∑xe > 0 then for some e=(u,v), se=1. BOUND: 0 ≤ xe ≤ B (B=10,000 for now) v Improving the Precision of INCA by Preventing Spurious Cycles

  41. Expressing Constraint (iii) (iii) For each node v: if ∑xe > 0 then for some e=(u,v), se=1. BOUND: 0 ≤ xe ≤ B (B=10,000 for now) (iii’) B In(v) ∑se ≥ ∑xe v Improving the Precision of INCA by Preventing Spurious Cycles

  42. Chiron client architecture Client Initializer Application Artist Manager Client Protocol Manager Wrapper Artist(s) ADT Dispatcher Mapper Improving the Precision of INCA by Preventing Spurious Cycles

  43. Chiron Notification Property • If Dispatcher receives event e1 from ADT Wrapper then it does not notify any artist of event e2 until it has notified the appropriate artists of event e1. Improving the Precision of INCA by Preventing Spurious Cycles

  44. Chiron Unregister Property • Artist a1 never unregisters for event e1 unless a1 is already registered for e1. Improving the Precision of INCA by Preventing Spurious Cycles

More Related