multi core model checking for biological applications
play

Multi-core model checking for biological applications Jaco van de - PowerPoint PPT Presentation

Jul 19, 2023 •45 likes •1.24k views

UNIVERSITY OF TWENTE. Formal Methods & Tools. Multi-core model checking for biological applications Jaco van de Pol 22 November 2013 NWPT13, Tallinn ... Multi-core Reachability Multi-core LTL model checking Timed Automata

  1. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Recursive indexing (Tree Compression) Blom, Lisser, van de Pol, Weber [PDMC’07, JLC’09] 4 5 6 4 4 1 0 0 3 4 8 4 4 1 1 0 3 5 5 4 4 1 2 0 4 5 6 4 1 3 0 1 3 4 8 4 1 3 1 1 3 5 5 4 1 3 2 1 4 5 6 5 6 3 0 2 3 4 8 5 6 3 0 6 1 2 0 1 3 5 5 5 6 3 1 8 2 2 1 3 2 5 2 3 4 5 4 4 3 4 4 1 3 5 5 6 H K ( K − 1) × H 2 UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 11 / 56

  2. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Recursive indexing (Tree Compression) Blom, Lisser, van de Pol, Weber [PDMC’07, JLC’09] 4 5 6 4 4 1 0 0 3 4 8 4 4 1 1 0 3 5 5 4 4 1 2 0 4 5 6 4 1 3 0 1 3 4 8 4 1 3 1 1 3 5 5 4 1 3 2 1 4 5 6 5 6 3 0 2 3 4 8 5 6 3 0 6 1 2 0 1 3 5 5 5 6 3 1 8 2 2 1 3 2 5 2 3 4 5 4 4 3 4 4 1 3 5 5 6 H K ( K − 1) × H 2 Analysis √ ◮ Locality = ⇒ balanced tree ( N + 2 � N + 4 4 ( N ) · · · ≈ N ) Compresses states of lenght K to almost 2 (!) ◮ Hard to parallelize: ◮ Sequential operation on tree of tables ◮ Many small (variable size) hash tables UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 11 / 56

  3. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Parallel Tree Compression Laarman, van de Pol, Weber [spin11], Laarman, van der Vegt [memics’11] Solution ◮ Reuse lockless hash table: merge tree of tables into one � 3 , 5 , 5 , 4 , 1 , 3 � UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 12 / 56

  4. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Parallel Tree Compression Laarman, van de Pol, Weber [spin11], Laarman, van der Vegt [memics’11] Solution ◮ Reuse lockless hash table: merge tree of tables into one � 3 , 5 , 5 , 4 , 1 , 3 � � 3 , 5 , 5 � � 4 , 1 , 3 � 5 3 3 5 4 1 � 3 , 5 � � 4 , 1 � UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 12 / 56

  5. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Parallel Tree Compression Laarman, van de Pol, Weber [spin11], Laarman, van der Vegt [memics’11] Solution ◮ Reuse lockless hash table: merge tree of tables into one � 3 , 5 , 5 , 4 , 1 , 3 � 4 1 � 3 , 5 , 5 � � 4 , 1 , 3 � 5 3 3 5 4 1 3 5 � 3 , 5 � � 4 , 1 � UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 12 / 56

  6. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Parallel Tree Compression Laarman, van de Pol, Weber [spin11], Laarman, van der Vegt [memics’11] Solution ◮ Reuse lockless hash table: merge tree of tables into one � 3 , 5 , 5 , 4 , 1 , 3 � 4 1 6 5 � 3 , 5 , 5 � � 4 , 1 , 3 � 6 5 1 3 1 3 3 5 4 1 3 5 � 3 , 5 � � 4 , 1 � UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 12 / 56

  7. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Parallel Tree Compression Laarman, van de Pol, Weber [spin11], Laarman, van der Vegt [memics’11] Solution ◮ Reuse lockless hash table: merge tree of tables into one � 3 , 5 , 5 , 4 , 1 , 3 � 4 1 2 5 6 5 � 3 , 5 , 5 � � 4 , 1 , 3 � 6 5 1 3 1 3 3 5 4 1 3 5 � 3 , 5 � � 4 , 1 � 2 5 UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 12 / 56

  8. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Parallel Tree Compression Laarman, van de Pol, Weber [spin11], Laarman, van der Vegt [memics’11] Solution ◮ Reuse lockless hash table: merge tree of tables into one ◮ Incremental updates: use the Dependency Matrix ◮ ( K − 1) → log 2 ( K − 1) lookups � 3 , 5 , 5 , 4 , 1 , 3 � � 3 , 5 , 9 , 4 , 1 , 3 � 4 1 2 5 ? 5 6 5 6 5 1 3 6 9 1 3 3 5 4 1 3 5 2 5 UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 12 / 56

  9. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Parallel Tree Compression Laarman, van de Pol, Weber [spin11], Laarman, van der Vegt [memics’11] Solution ◮ Reuse lockless hash table: merge tree of tables into one ◮ Incremental updates: use the Dependency Matrix ◮ ( K − 1) → log 2 ( K − 1) lookups ◮ Further improvements: ◮ Zobrist incremental hashing (’69), Cleary hash compaction (’84) � 3 , 5 , 5 , 4 , 1 , 3 � � 3 , 5 , 9 , 4 , 1 , 3 � 4 1 2 5 ? 5 6 5 6 5 1 3 6 9 1 3 3 5 4 1 3 5 2 5 UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 12 / 56

  10. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Compression Experiments from 2011 [BEEM database] Laarman, van de Pol, Weber [spin11] %#" '())"*+,-()../+0" 12.3"'245)" ◮ Tree compression is a recursive !"#$%&''(")*+,!-"%*./012** 6-7,25"8())"*+,-()../+0" %!" 96::;<=>"+-7,25" 96::;<=>"*+,-()../+0" variant of SPIN’s Collapse (’97) $#" $!" ◮ Exploit combinatorial structure: #" ◮ State vectors are highly similar ◮ Impressive compression ratios !" !" #!" $!!" $#!" %!!" %#!" &!!" '-,-&*3&)4-5*.67-&2** ◮ Extreme case: firewire tree 6000 LTSmin-mc Table LTSmin-mc Tree 5000 DiVinE 2.2 Uncompressed: 14 GB SPIN SPIN Collapse 4000 optimal (linear speedup) Tree Compression: 96 MB time (sec) 3000 ◮ Compression comes for free 2000 ◮ Arithmetic intensity increases 1000 ◮ Less memory-bus traffic 0 1 2 4 6 8 10 12 14 16 #cores UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 13 / 56

  11. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Table of Contents 1 Multi-core Reachability Shared hash table Parallel state compression Multi-core BDDs 2 Multi-core LTL model checking B¨ uchi automata for LTL model checking Parallel Nested Depth First Search 3 Timed Automata: subsumption of symbolic states Timed B¨ uchi automata and subsumption LTL model checking with subsumption 4 ANIMO: Signalling Networks in Computational Biology Modeling Signaling Networks in Cell Biology ANIMO: Interactive Modeling and Analysis Silicon Experiments: Osteoarthritis UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 14 / 56

  12. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Symbolic Model Checking based on BDDs Bryant [IEEE Trans. Comp.’86], Burch,Clarke, McMillan [LICS’90] BDD data structures ◮ Unique Table (to store BDD nodes) X ◮ Computed Cache (apply operations) Y Z 1 0 UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 15 / 56

  13. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Symbolic Model Checking based on BDDs Bryant [IEEE Trans. Comp.’86], Burch,Clarke, McMillan [LICS’90] BDD data structures ◮ Unique Table (to store BDD nodes) X ◮ Computed Cache (apply operations) Symbolic Reachability (chaining strategy) Y Require: I : initial state, R 1 , . . . , R N : subtransitions Ensure: V new : set of reachable states from I by � R i 1: V old := 0 ; V new := I Z 2: while V old � = V new do V old := V new 3: for i = 1 to N do 4: 1 0 V new := V new Or RelProd ( V new , R i ) 5: UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 15 / 56

  14. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Multi-core Binary Decision Diagrams Tom van Dijk, Alfons Laarman, van de Pol [pdmc’12] Multi-core BDDs ◮ Use shared hashtable for Unique Table, Operations Cache ◮ Parallelize computation tree of recursive operations ( Apply ) UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 16 / 56

  15. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Multi-core Binary Decision Diagrams Tom van Dijk, Alfons Laarman, van de Pol [pdmc’12] Multi-core BDDs ◮ Use shared hashtable for Unique Table, Operations Cache ◮ Parallelize computation tree of recursive operations ( Apply ) Complications for Parallelism ◮ BDD nodes can be removed ◮ Irregular task graph ◮ Fine-grained parallelism UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 16 / 56

  16. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Multi-core Binary Decision Diagrams Tom van Dijk, Alfons Laarman, van de Pol [pdmc’12] Multi-core BDDs ◮ Use shared hashtable for Unique Table, Operations Cache ◮ Parallelize computation tree of recursive operations ( Apply ) Complications for Parallelism Solutions ◮ BDD nodes can be removed ◮ Tombstones, garbage collect ◮ Irregular task graph ◮ Work-stealing ◮ Fine-grained parallelism ◮ Use split deque UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 16 / 56

  17. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Parallelizing the BDD Operations Parallel BDD operations ◮ Organize recursive calls to RelProd and Or in a task dependency graph ◮ Same task might be created several times: store result in the shared Computed Table UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 17 / 56

  18. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Parallelizing the BDD Operations Parallel BDD operations ◮ Organize recursive calls to RelProd and Or in a task dependency graph ◮ Same task might be created several times: store result in the shared Computed Table ◮ Fine-grained task-parallelism: ◮ Parent spawns children for subtasks, and waits upon their completion ◮ Load balancing by work-stealing; use e.g. Cilk [Blumofe ’95] or Wool [Fax´ en ’08] UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 17 / 56

  19. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Parallelizing the BDD Operations Parallel BDD operations ◮ Organize recursive calls to RelProd and Or in a task dependency graph ◮ Same task might be created several times: store result in the shared Computed Table ◮ Fine-grained task-parallelism: ◮ Parent spawns children for subtasks, and waits upon their completion ◮ Load balancing by work-stealing; use e.g. Cilk [Blumofe ’95] or Wool [Fax´ en ’08] Split double-ended queue in public and private part t s h • • • • • • • • • • stolen stealable worker-private UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 17 / 56

  20. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Results: speedup of BDD operations for model checking Model 30 bakery.4 bakery.8 Experiments collision.5 25 iprotocol.7 lifts.4 ◮ BEEM benchmarks, again lifts.7 20 schedule world.2 Speedup schedule world.3 ◮ On 4 × 12 = 48 core NUMA 15 ◮ Speedup up to 32 (=66.7%) 10 ◮ Small models don’t scale 5 (time spent in work stealing) 0 10 20 30 40 Workers UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 18 / 56

  21. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Results: speedup of BDD operations for model checking Model 30 bakery.4 bakery.8 Experiments collision.5 25 iprotocol.7 lifts.4 ◮ BEEM benchmarks, again lifts.7 20 schedule world.2 Speedup schedule world.3 ◮ On 4 × 12 = 48 core NUMA 15 ◮ Speedup up to 32 (=66.7%) 10 ◮ Small models don’t scale 5 (time spent in work stealing) 0 10 20 30 40 Workers Conclusion ◮ So far only speed up for the BDD-operations ◮ Even for large models, many small BDDs are involved ◮ Ongoing: parallelize Symbolic Reachability itself UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 18 / 56

  22. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Table of Contents 1 Multi-core Reachability Shared hash table Parallel state compression Multi-core BDDs 2 Multi-core LTL model checking B¨ uchi automata for LTL model checking Parallel Nested Depth First Search 3 Timed Automata: subsumption of symbolic states Timed B¨ uchi automata and subsumption LTL model checking with subsumption 4 ANIMO: Signalling Networks in Computational Biology Modeling Signaling Networks in Cell Biology ANIMO: Interactive Modeling and Analysis Silicon Experiments: Osteoarthritis UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 19 / 56

  23. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Model Checking by Accepting Cycles LTL Model Checking ◮ A buggy run in a system can be viewed as an infinite word ◮ Absence of bugs: emptiness of some B¨ uchi automaton ◮ S ⊆ P iff S ∩ P = ∅ iff S × ¬P has no accepting cycle 2 1 6 3 4 5 UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 20 / 56

  24. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Model Checking by Accepting Cycles LTL Model Checking ◮ A buggy run in a system can be viewed as an infinite word ◮ Absence of bugs: emptiness of some B¨ uchi automaton ◮ S ⊆ P iff S ∩ P = ∅ iff S × ¬P has no accepting cycle ◮ Graph problem: find a reachable accepting state on a cycle 2 2 1 1 6 6 3 4 5 5 UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 20 / 56

  25. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Model Checking by Accepting Cycles LTL Model Checking ◮ A buggy run in a system can be viewed as an infinite word ◮ Absence of bugs: emptiness of some B¨ uchi automaton ◮ S ⊆ P iff S ∩ P = ∅ iff S × ¬P has no accepting cycle ◮ Graph problem: find a reachable accepting state on a cycle ◮ Basic algorithm: Nested Depth First Search (NDFS) Properties of NDFS 2 2 1 1 6 6 ◮ NDFS runs in linear time ◮ Inherently depends on post-order ◮ Post-order is P-complete [Reif’85] 3 4 5 5 ◮ Not parallelizable (unless P=NC) UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 20 / 56

  26. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Recall: Nested Depth First Search [CVWY’92] [Holzmann’92] ◮ Blue search: explore graph in DFS order ◮ states on the blue search stack are cyan Blue search 1: procedure dfsBlue ( s ) 2: add s to Cyan 8: move s from Cyan to Blue UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 21 / 56

  27. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Recall: Nested Depth First Search [CVWY’92] [Holzmann’92] ◮ Blue search: explore graph in DFS order ◮ states on the blue search stack are cyan Blue search 1: procedure dfsBlue ( s ) 2: add s to Cyan 3: for all successors t of s do 4: if t �∈ Blue ∪ Cyan then 5: dfsBlue ( t ) 8: move s from Cyan to Blue UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 21 / 56

  28. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Recall: Nested Depth First Search [CVWY’92] [Holzmann’92] ◮ Blue search: explore graph in DFS order ◮ states on the blue search stack are cyan ◮ on backtracking from an accepting state: Blue search 1: procedure dfsBlue ( s ) 2: add s to Cyan 3: for all successors t of s do 4: if t �∈ Blue ∪ Cyan then 5: dfsBlue ( t ) 6: if s is accepting then 7: dfsRed ( s ) 8: move s from Cyan to Blue UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 21 / 56

  29. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Recall: Nested Depth First Search [CVWY’92] [Holzmann’92] ◮ Blue search: explore graph in DFS order ◮ states on the blue search stack are cyan ◮ on backtracking from an accepting state: ◮ Red search: find an accepting cycle Blue search Red search 1: procedure dfsBlue ( s ) 2: add s to Cyan 1: procedure dfsRed ( s ) 3: for all successors t of s do 2: add s to Red 4: if t �∈ Blue ∪ Cyan then 3: for all successors t of s do 5: dfsBlue ( t ) 6: if s is accepting then 7: dfsRed ( s ) 6: if t �∈ Red then 7: dfsRed ( t ) 8: move s from Cyan to Blue UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 21 / 56

  30. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Recall: Nested Depth First Search [CVWY’92] [Holzmann’92] ◮ Blue search: explore graph in DFS order ◮ states on the blue search stack are cyan ◮ on backtracking from an accepting state: ◮ Red search: find an accepting cycle ◮ exit as soon as the cyan stack is reached Blue search Red search 1: procedure dfsBlue ( s ) 2: add s to Cyan 1: procedure dfsRed ( s ) 3: for all successors t of s do 2: add s to Red 4: if t �∈ Blue ∪ Cyan then 3: for all successors t of s do 5: dfsBlue ( t ) 4: if t ∈ Cyan then 6: if s is accepting then 5: Exit: cycle detected 7: dfsRed ( s ) 6: if t �∈ Red then 7: dfsRed ( t ) 8: move s from Cyan to Blue UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 21 / 56

  31. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Recall: Nested Depth First Search [CVWY’92] [Holzmann’92] ◮ Blue search: explore graph in DFS order ◮ states on the blue search stack are cyan ◮ on backtracking from an accepting state: ◮ Red search: find an accepting cycle ◮ exit as soon as the cyan stack is reached ◮ Linear time, depends on post-order Blue search Red search 1: procedure dfsBlue ( s ) 2: add s to Cyan 1: procedure dfsRed ( s ) 3: for all successors t of s do 2: add s to Red 4: if t �∈ Blue ∪ Cyan then 3: for all successors t of s do 5: dfsBlue ( t ) 4: if t ∈ Cyan then 6: if s is accepting then 5: Exit: cycle detected 7: dfsRed ( s ) 6: if t �∈ Red then 7: dfsRed ( t ) 8: move s from Cyan to Blue UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 21 / 56

  32. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Table of Contents 1 Multi-core Reachability Shared hash table Parallel state compression Multi-core BDDs 2 Multi-core LTL model checking B¨ uchi automata for LTL model checking Parallel Nested Depth First Search 3 Timed Automata: subsumption of symbolic states Timed B¨ uchi automata and subsumption LTL model checking with subsumption 4 ANIMO: Signalling Networks in Computational Biology Modeling Signaling Networks in Cell Biology ANIMO: Interactive Modeling and Analysis Silicon Experiments: Osteoarthritis UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 22 / 56

  33. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Simple idea: Swarmed Nested Depth First Search Laarman, Langerak, van de Pol, Wijs [ATVA’11] Multi-core Swarmed NDFS ◮ W workers perform independent random NDFS ◮ Visited states are stored in a shared hashtable ◮ All workers use their own set of colors (2W bits per state) ◮ Speeds up bug hunting only Blue search Red search 1: procedure dfsBlue ( s , i ) 2: add s to Cyan [ i ] 1: procedure dfsRed ( s , i ) 3: for all successors t of s do 2: add s to Red [ i ] 4: if t �∈ Blue [ i ] ∪ Cyan [ i ] then 3: for all successors t of s do 5: dfsBlue ( t , i ) 4: if t ∈ Cyan [ i ] then 6: if s is accepting then 5: Exit: cycle detected 7: dfsRed ( s , i ) 6: if t �∈ Red [ i ] then 8: move s from Cyan [ i ] to Blue [ i ] 7: dfsRed ( t , i ) UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 23 / 56

  34. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Multi-core Nested Depth First Search Laarman, van de Pol,...[ATVA’11][PDMC’11]; Evangelista,L,vdP [ATVA’12] Multi-core NDFS (several variations) ◮ Collaboration between NDFS workers ◮ Share red and/or blue globally ◮ Workers backtrack on parts finished by others ◮ Correctness: Complicated to restore post-order ◮ Performance: Reasonable scalability Blue search Red search 1: procedure dfsBlue ( s , i ) 2: add s to Cyan [ i ] 1: procedure dfsRed ( s , i ) 3: for all successors t of s do 2: add s to Red 4: if t �∈ Blue ∪ Cyan [ i ] then 3: for all successors t of s do 5: dfsBlue ( t , i ) 4: if t ∈ Cyan [ i ] then 6: if s is accepting then 5: Exit: cycle detected 7: dfsRed ( s , i ) 6: if t �∈ Red then 8: move s from Cyan [ i ] to Blue 7: dfsRed ( t , i ) UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 24 / 56

  35. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... OWCTY (BFS) and Swarmed NDFS versus Parallel NDFS Experiments from [ATVA’11] on BEEM benchmarks on 16 cores !"#(%*' !"#(%)' !"#$%&'( ()*+ ',-&#.' !"#(%&' !"#(%!' !"#(%%' +,+-./' !"#$%!' 01'+,+-./' ,'2'3' ,'2'!4'5'3' !"#$%&' !"#$%&' !"#$%!' !"#(%%' !"#(%!' !"#(%&' !"#(%)' !"#(%*' !/"#$%&'( ()*+ ',-&#.' Swarmed versus Sequential NDFS Conclusions ◮ Swarmed NDFS speeds up bug hunting UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 25 / 56

  36. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... OWCTY (BFS) and Swarmed NDFS versus Parallel NDFS Experiments from [ATVA’11] on BEEM benchmarks on 16 cores !"#(%*' !"#(%*' !"#(%)' !"#(%)' !"#$%&'() )*+, (-.'$/( !"#$%&'( ()*+ ',-&#.' !"#(%&' !"#(%&' !"#(%!' !"#(%!' !"#(%%' !"#(%%' +,+-./' +,+-./' 01'+,+-./' !"#$%!' 01'+,+-./' !"#$%!' ,'2'3' ,'2'3' ,'2'!%'4'3' ,'2'!4'5'3' !"#$%&' !"#$%&' !"#$%&' !"#$%!' !"#(%%' !"#(%!' !"#(%&' !"#(%)' !"#(%*' !"#$%&' !"#$%!' !"#(%%' !"#(%!' !"#(%&' !"#(%)' !"#(%*' !/"#$%&'( ()*+ ',-&#.' !"#$%&'(0 1 #) )*+, (-.'$/( Swarmed versus Swarmed versus Sequential NDFS Parallel NDFS Conclusions ◮ Swarmed NDFS speeds up bug hunting ◮ Parallel NDFS also speeds up verification UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 25 / 56

  37. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... OWCTY (BFS) and Swarmed NDFS versus Parallel NDFS Experiments from [ATVA’11] on BEEM benchmarks on 16 cores !"#(%*' !"#(%*' !"#(%)' !"#(%)' !"#(%)' !"#$%&'() )*+, (-.'$/( !"#$%&'( ()*+ ',-&#.' !"#(%&' !"#(%&' !"#(%&' !"#$%&'() *+ ,) -.*/ (01'$2( !"#(%!' !"#(%!' !"#(%!' !"#(%%' !"#(%%' !"#(%%' +,+-./' +,+-./' +,+-./' 01'+,+-./' !"#$%!' 01'+,+-./' !"#$%!' 01'+,+-./' ,'2'3' !"#$%!' ,'2'3' 2'3',' ,'2'!%'4'3' ,'2'!4'5'3' 2'3'!%'4',' !"#$%&' !"#$%&' 2'3'!5!%'4',' !"#$%&' !"#$%&' !"#$%!' !"#(%%' !"#(%!' !"#(%&' !"#(%)' !"#(%*' !"#$%&' !"#$%!' !"#(%%' !"#(%!' !"#(%&' !"#(%)' !"#(%*' !"#$%&' !"#$%!' !"#(%%' !"#(%!' !"#(%&' !"#(%)' !"#(%* !/"#$%&'( ()*+ ',-&#.' !"#$%&'(0 1 #) )*+, (-.'$/( !"#$%&'(3 . #4 45+6 (01'$2( Swarmed versus Swarmed versus OWCTY (BFS) versus Sequential NDFS Parallel NDFS Parallel NDFS Conclusions ◮ Swarmed NDFS speeds up bug hunting ◮ Parallel NDFS also speeds up verification ◮ Parallel NDFS finds bugs faster than OWTCY (BFS) UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 25 / 56

  38. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Experiments extended to 48 cores From [PDMC’12] . See fmt.cs.utwente.nl/tools/ltsmin/performance/ Reachability LTL model checking Legend Legend ● divine−table ● divine−owcty 40 ltsmin−cleary−tree 40 ltsmin−table ltsmin−cndfs ltsmin−tree spin−pb 30 30 Speedup spin−hc Speedup spin−nohc 20 20 10 10 ● ● ● ● ● ● ● ● ● ● ● ● ● 0 ● 0 0 10 20 30 40 50 0 10 20 30 40 50 Threads Threads Promela: Bakery protocol Promela: Elevator controllor UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 26 / 56

  39. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Interim Evaluation: what did we learn? Reachability: Implementation matters, keep it simple ◮ Leave workers alone when possible; load balancing ◮ Rely on randomness to avoid “duplicate work” ◮ Careful design of concurrent data structures UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 27 / 56

  40. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Interim Evaluation: what did we learn? Reachability: Implementation matters, keep it simple ◮ Leave workers alone when possible; load balancing ◮ Rely on randomness to avoid “duplicate work” ◮ Careful design of concurrent data structures LTL model checking ◮ Previous parallel algorithms (OWCTY) used BFS: O ( N 2 ) ◮ Now: linear, speedups . . . P = NC , or what did we do? ◮ W → ∞ versus W = 48 ◮ Worst case O ( N · W ), no speedup UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 27 / 56

  41. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Interim Evaluation: what did we learn? Reachability: Implementation matters, keep it simple ◮ Leave workers alone when possible; load balancing ◮ Rely on randomness to avoid “duplicate work” ◮ Careful design of concurrent data structures LTL model checking ◮ Previous parallel algorithms (OWCTY) used BFS: O ( N 2 ) ◮ Now: linear, speedups . . . P = NC , or what did we do? ◮ W → ∞ versus W = 48 ◮ Worst case O ( N · W ), no speedup Remaining theoretical questions ◮ Average (randomized) runtime/scalability analysis ◮ Why doesn’t this work for Strongly Connected Components? UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 27 / 56

  42. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Practical Evaluation: Solved multi-core model checking? Multi-core MC is compatible Quite general ◮ On-the-fly ◮ Arbitrary state/edge labels ◮ Partial-order reduction ◮ mCRL2, Promela, DVE, GSPN, ◮ State compression ◮ LLVM, C, xUML, POOSL, ?? ◮ Symbolic model checking ◮ Domain Specific Languages? UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 28 / 56

  43. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Practical Evaluation: Solved multi-core model checking? Multi-core MC is compatible Quite general ◮ On-the-fly ◮ Arbitrary state/edge labels ◮ Partial-order reduction ◮ mCRL2, Promela, DVE, GSPN, ◮ State compression ◮ LLVM, C, xUML, POOSL, ?? ◮ Symbolic model checking ◮ Domain Specific Languages? Remaining Questions ◮ Even better speedup – especially for symbolic model checking ◮ Quite restricted to explicit state model checking ◮ Infinite state systems? data, recursion, time, . . . UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 28 / 56

  44. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Model checking LTL for Timed Automata Laarman, Olesen, Dalsgaard, Kim Larsen, vdPol [FORMATS’12] [CAV’13] Handling Timed Automata ◮ Work with timed zones (DBM) for Timed B¨ uchi Automata ◮ Checking LTL properties for Uppaal timed automata ◮ Use subsumption to prune Nested DFS where possible ◮ Multi-core NDFS algorithm for Timed B¨ uchi Automata UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 29 / 56

  45. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Model checking LTL for Timed Automata Laarman, Olesen, Dalsgaard, Kim Larsen, vdPol [FORMATS’12] [CAV’13] Handling Timed Automata ◮ Work with timed zones (DBM) for Timed B¨ uchi Automata ◮ Checking LTL properties for Uppaal timed automata ◮ Use subsumption to prune Nested DFS where possible ◮ Multi-core NDFS algorithm for Timed B¨ uchi Automata Tool support LTL DBM ltl2ba property library Uppaal opaal successor LTSmin verification xml−file generator C++ code mc−NDFS result ◮ Open source through opaal and LTSmin ◮ opaal-modelchecker.com/ ◮ fmt.cs.utwente.nl/tools/ltsmin/ UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 29 / 56

  46. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Table of Contents 1 Multi-core Reachability Shared hash table Parallel state compression Multi-core BDDs 2 Multi-core LTL model checking B¨ uchi automata for LTL model checking Parallel Nested Depth First Search 3 Timed Automata: subsumption of symbolic states Timed B¨ uchi automata and subsumption LTL model checking with subsumption 4 ANIMO: Signalling Networks in Computational Biology Modeling Signaling Networks in Cell Biology ANIMO: Interactive Modeling and Analysis Silicon Experiments: Osteoarthritis UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 30 / 56

  47. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Timed B¨ uchi Automata [Alur,Dill’94] [ x > 2] x := 0 , y := 0 x := 0 , y := 0 y := 0 ℓ 0 ℓ 1 ℓ 2 y ≤ 2 y ≤ 2 Ingredients ◮ locations ( ℓ 0 , ℓ 1 , ℓ 2 ), can be initial or accepting ◮ transitions, governed by real-valued clocks ( x , y ) ◮ timed runs should respect clock guards, resets, invariants UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 31 / 56

  48. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Timed B¨ uchi Automata [Alur,Dill’94] [ x > 2] x := 0 , y := 0 x := 0 , y := 0 y := 0 ℓ 0 ℓ 1 ℓ 2 y ≤ 2 y ≤ 2 Ingredients ◮ locations ( ℓ 0 , ℓ 1 , ℓ 2 ), can be initial or accepting ◮ transitions, governed by real-valued clocks ( x , y ) ◮ timed runs should respect clock guards, resets, invariants � 0 � ℓ 0 , 0 UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 31 / 56

  49. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Timed B¨ uchi Automata [Alur,Dill’94] [ x > 2] x := 0 , y := 0 x := 0 , y := 0 y := 0 ℓ 0 ℓ 1 ℓ 2 y ≤ 2 y ≤ 2 Ingredients ◮ locations ( ℓ 0 , ℓ 1 , ℓ 2 ), can be initial or accepting ◮ transitions, governed by real-valued clocks ( x , y ) ◮ timed runs should respect clock guards, resets, invariants � 0 � � 0 � 2 . 7 − → ℓ 0 , ℓ 0 , 0 0 UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 31 / 56

  50. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Timed B¨ uchi Automata [Alur,Dill’94] [ x > 2] x := 0 , y := 0 x := 0 , y := 0 y := 0 ℓ 0 ℓ 1 ℓ 2 y ≤ 2 y ≤ 2 Ingredients ◮ locations ( ℓ 0 , ℓ 1 , ℓ 2 ), can be initial or accepting ◮ transitions, governed by real-valued clocks ( x , y ) ◮ timed runs should respect clock guards, resets, invariants � 0 � � 0 � � 1 . 8 � 2 . 7 1 . 8 − → ℓ 0 , − → ℓ 1 , ℓ 0 , 0 0 0 UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 31 / 56

  51. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Timed B¨ uchi Automata [Alur,Dill’94] [ x > 2] x := 0 , y := 0 x := 0 , y := 0 y := 0 ℓ 0 ℓ 1 ℓ 2 y ≤ 2 y ≤ 2 Ingredients ◮ locations ( ℓ 0 , ℓ 1 , ℓ 2 ), can be initial or accepting ◮ transitions, governed by real-valued clocks ( x , y ) ◮ timed runs should respect clock guards, resets, invariants � 0 � � 0 � � 1 . 8 � � 0 � 2 . 7 1 . 8 0 . 5 − → ℓ 0 , − → ℓ 1 , − → ℓ 2 , ℓ 0 , 0 0 0 0 UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 31 / 56

  52. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Timed B¨ uchi Automata [Alur,Dill’94] [ x > 2] x := 0 , y := 0 x := 0 , y := 0 y := 0 ℓ 0 ℓ 1 ℓ 2 y ≤ 2 y ≤ 2 Ingredients ◮ locations ( ℓ 0 , ℓ 1 , ℓ 2 ), can be initial or accepting ◮ transitions, governed by real-valued clocks ( x , y ) ◮ timed runs should respect clock guards, resets, invariants � 0 � � 0 � � 1 . 8 � � 0 � � 2 . 0 � 2 . 7 1 . 8 0 . 5 2 . 0 − → ℓ 0 , − → ℓ 1 , − → ℓ 2 , − → ℓ 1 , ℓ 0 , 0 0 0 0 2 . 0 UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 31 / 56

  53. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Timed B¨ uchi Automata [Alur,Dill’94] [ x > 2] x := 0 , y := 0 x := 0 , y := 0 y := 0 ℓ 0 ℓ 1 ℓ 2 y ≤ 2 y ≤ 2 Ingredients ◮ locations ( ℓ 0 , ℓ 1 , ℓ 2 ), can be initial or accepting ◮ transitions, governed by real-valued clocks ( x , y ) ◮ timed runs should respect clock guards, resets, invariants � 0 � � 0 � � 1 . 8 � � 0 � � 2 . 0 � 2 . 7 1 . 8 0 . 5 2 . 0 − → ℓ 0 , − → ℓ 1 , − → ℓ 2 , − → ℓ 1 , �→ ℓ 0 , 0 0 0 0 2 . 0 UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 31 / 56

  54. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Timed B¨ uchi Automata [Alur,Dill’94] [ x > 2] x := 0 , y := 0 x := 0 , y := 0 y := 0 ℓ 0 ℓ 1 ℓ 2 y ≤ 2 y ≤ 2 Ingredients ◮ locations ( ℓ 0 , ℓ 1 , ℓ 2 ), can be initial or accepting ◮ transitions, governed by real-valued clocks ( x , y ) ◮ timed runs should respect clock guards, resets, invariants � 0 � � 0 � � 1 . 8 � � 0 � � 2 . 0 � 2 . 7 1 . 8 0 . 5 2 . 0 − → ℓ 0 , − → ℓ 1 , − → ℓ 2 , − → ℓ 1 , �→ ℓ 0 , 0 0 0 0 2 . 0 Question: is the B¨ uchi language empty? . . . . . . . no counterexample Does a (non-zeno) timed run exist that visits an accepting state infinitely often? UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 31 / 56

  55. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Finite representation: zone abstraction, extrapolation [ x > 2] x := 0 , y := 0 x := 0 , y := 0 y := 0 ℓ 0 ℓ 1 ℓ 2 y ≤ 2 y ≤ 2 Finite representation by zones (DBM) [Dill’89] [Daws,Tripakis’98] ◮ A zone is a set of constraints ◮ finite by taking into account the lower/upperbounds UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 32 / 56

  56. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Finite representation: zone abstraction, extrapolation [ x > 2] x := 0 , y := 0 x := 0 , y := 0 y := 0 ℓ 0 ℓ 1 ℓ 2 y ≤ 2 y ≤ 2 Finite representation by zones (DBM) [Dill’89] [Daws,Tripakis’98] ◮ A zone is a set of constraints ◮ finite by taking into account the lower/upperbounds ℓ 0 , Z 0 Z 0 := y = x UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 32 / 56

  57. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Finite representation: zone abstraction, extrapolation [ x > 2] x := 0 , y := 0 x := 0 , y := 0 y := 0 ℓ 0 ℓ 1 ℓ 2 y ≤ 2 y ≤ 2 Finite representation by zones (DBM) [Dill’89] [Daws,Tripakis’98] ◮ A zone is a set of constraints ◮ finite by taking into account the lower/upperbounds ℓ 0 , Z 0 ℓ 1 , Z 1 Z 0 := y = x y ≤ x ∧ y ≤ 2 Z 1 := UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 32 / 56

  58. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Finite representation: zone abstraction, extrapolation [ x > 2] x := 0 , y := 0 x := 0 , y := 0 y := 0 ℓ 0 ℓ 1 ℓ 2 y ≤ 2 y ≤ 2 Finite representation by zones (DBM) [Dill’89] [Daws,Tripakis’98] ◮ A zone is a set of constraints ◮ finite by taking into account the lower/upperbounds ℓ 0 , Z 0 ℓ 1 , Z 1 ℓ 2 , Z 2 Z 0 := y = x y ≤ x ∧ y ≤ 2 Z 1 := := y = x ∧ y ≤ 2 Z 2 UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 32 / 56

  59. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Finite representation: zone abstraction, extrapolation [ x > 2] x := 0 , y := 0 x := 0 , y := 0 y := 0 ℓ 0 ℓ 1 ℓ 2 y ≤ 2 y ≤ 2 Finite representation by zones (DBM) [Dill’89] [Daws,Tripakis’98] ◮ A zone is a set of constraints ◮ finite by taking into account the lower/upperbounds ℓ 0 , Z 0 ℓ 1 , Z 1 ℓ 2 , Z 2 Z 0 := y = x y ≤ x ∧ y ≤ 2 Z 1 := := y = x ∧ y ≤ 2 Z 2 ℓ 1 , Z 2 No accepting run! UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 32 / 56

  60. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Finite representation: zone abstraction, extrapolation [ x > 2] x := 0 , y := 0 x := 0 , y := 0 y := 0 ℓ 0 ℓ 1 ℓ 2 y ≤ 2 y ≤ 2 Finite representation by zones (DBM) [Dill’89] [Daws,Tripakis’98] ◮ A zone is a set of constraints ◮ finite by taking into account the lower/upperbounds ℓ 0 , Z 0 ℓ 1 , Z 1 ℓ 2 , Z 2 Z 0 := y = x y ≤ x ∧ y ≤ 2 Z 1 := ⊒ := y = x ∧ y ≤ 2 Z 2 ℓ 1 , Z 2 Subsumption: Z 2 ⊆ Z 1 , so ( ℓ 1 , Z 2 ) ⊑ ( ℓ 1 , Z 1 ) No accepting run! UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 32 / 56

  61. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Subsumption, or inclusion abstraction Why explore a state again, if it is subsumed by a previous state? s 0 s 3 s 0 s 1 s 0 s 1 ⊒ s 1 s 2 s 2 s 2 s 3 s 3 ⊑ s 1 subsumption Zone abstraction UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 33 / 56

  62. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Subsumption, or inclusion abstraction Why explore a state again, if it is subsumed by a previous state? s 0 s 3 s 0 s 1 s 0 s 1 ⊒ s 1 s 2 s 2 s 2 s 3 s 3 ⊑ s 1 subsumption Zone abstraction Known results [Behrmann et al’04] [Tripakis’09] [Li’09] ◮ finite zone abstraction preserves reachability of locations ◮ finite zone abstraction also preserve B¨ uchi emptiness ◮ subsumption preserves reachability of locations as well UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 33 / 56

  63. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Subsumption, or inclusion abstraction Why explore a state again, if it is subsumed by a previous state? s 0 s 3 s 0 s 1 s 0 s 1 ⊒ s 1 s 2 s 2 s 2 s 3 s 3 ⊑ s 1 subsumption Zone abstraction Known results [Behrmann et al’04] [Tripakis’09] [Li’09] ◮ finite zone abstraction preserves reachability of locations ◮ finite zone abstraction also preserve B¨ uchi emptiness ◮ subsumption preserves reachability of locations as well Open problem posed in [Tripakis’09] Is emptiness of Timed B¨ uchi Automata preserved by subsumption? UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 33 / 56

  64. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Subsumption, or inclusion abstraction Why explore a state again, if it is subsumed by a previous state? s 0 s 3 s 0 s 1 s 0 s 1 ⊒ s 1 s 2 s 2 s 2 s 3 s 3 ⊑ s 1 subsumption Zone abstraction Known results [Behrmann et al’04] [Tripakis’09] [Li’09] ◮ finite zone abstraction preserves reachability of locations ◮ finite zone abstraction also preserve B¨ uchi emptiness ◮ subsumption preserves reachability of locations as well Open problem posed in [Tripakis’09] Is emptiness of Timed B¨ uchi Automata preserved by subsumption? NO UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 33 / 56

  65. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Table of Contents 1 Multi-core Reachability Shared hash table Parallel state compression Multi-core BDDs 2 Multi-core LTL model checking B¨ uchi automata for LTL model checking Parallel Nested Depth First Search 3 Timed Automata: subsumption of symbolic states Timed B¨ uchi automata and subsumption LTL model checking with subsumption 4 ANIMO: Signalling Networks in Computational Biology Modeling Signaling Networks in Cell Biology ANIMO: Interactive Modeling and Analysis Silicon Experiments: Osteoarthritis UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 34 / 56

  66. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Analysis of accepting spirals with subsumption [CAV’13] ⊑ is a simulation relation: → s ′ t ′ ⊑ ⊑ → s t ⊑ is a finite abstraction UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 35 / 56

  67. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Analysis of accepting spirals with subsumption [CAV’13] ⊑ is a simulation relation: → s ′ t ′ ⊑ ⊑ → s t s’ ⊑ is a finite abstraction s t Lemma: If s has an accepting cycle then any s ′ ⊒ s has it as well Preservation of accepting cycles Proof Sketch s ′ ⊑ s → + → ∗ t t UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 35 / 56

  68. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Analysis of accepting spirals with subsumption [CAV’13] ⊑ is a simulation relation: → s ′ t ′ ⊑ ⊑ t’’ → s t s’ t’ ⊑ is a finite abstraction s t Lemma: If s has an accepting cycle then any s ′ ⊒ s has it as well Preservation of accepting cycles Proof Sketch → + s ′ → ∗ t ′ t ′′ ⊑ ⊑ ⊑ s → + → ∗ t t UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 35 / 56

  69. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Analysis of accepting spirals with subsumption [CAV’13] ⊑ is a simulation relation: t’’’ → s ′ t ′ ⊑ ⊑ t’’ → s t s’ t’ ⊑ is a finite abstraction s t Lemma: If s has an accepting cycle then any s ′ ⊒ s has it as well Preservation of accepting cycles Proof Sketch · · · · · · → + → + → + s ′ → ∗ t ′ t ′′ t ′′′ ⊑ ⊑ ⊑ ⊑ s → + → + · · · · · · → + → ∗ t t t UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 35 / 56

  70. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Analysis of accepting spirals with subsumption [CAV’13] ⊑ is a simulation relation: t’’’ → s ′ t ′ ⊑ ⊑ t’’ → s t s’ t’ ⊑ is a finite abstraction s t Lemma: If s has an accepting cycle then any s ′ ⊒ s has it as well Preservation of accepting cycles Proof Sketch · · · x · · · → + → + → + → + x s ′ → ∗ t ′ t ′′ t ′′′ ⊑ ⊑ ⊑ ⊑ ⊑ s → + → + · · · · · · → + → + → ∗ t t t t UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 35 / 56

  71. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Subsumption in Nested Depth First Search [CAV’13] Blue search find accepting states in post order 1: procedure dfsBlue ( s ) 2: Cyan := Cyan ∪ { s } 3: for all successors t of s do 4: if t �∈ Blue ∪ Cyan then 5: dfsBlue ( t ) 6: if s is accepting then 7: dfsRed ( s ) 8: Blue , Cyan := Blue ∪ { s } , Cyan \{ s } Red search find cycles on accepting states 1: procedure dfsRed ( s ) Postcondition: no accepting spiral reachable 2: Red := Red ∪ { s } 3: for all successors t of s do 4: if t ∈ Cyan then 5: Exit: cycle detected 6: if t �∈ Red then 7: dfsRed ( t ) UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 36 / 56

  72. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Subsumption in Nested Depth First Search [CAV’13] Blue search find accepting states in post order 1: procedure dfsBlue ( s ) 2: Cyan := Cyan ∪ { s } 3: for all successors t of s do 4: if t �∈ Blue ∪ Cyan then 5: dfsBlue ( t ) 6: if s is accepting then 7: dfsRed ( s ) 8: Blue , Cyan := Blue ∪ { s } , Cyan \{ s } Red search find cycles on accepting states 1: procedure dfsRed ( s ) Postcondition: no accepting spiral reachable 2: Red := Red ∪ { s } 3: for all successors t of s do 4: t ⊒ Cyan then Accepting spiral found! if 5: Exit: cycle detected 6: if t �∈ Red then 7: dfsRed ( t ) UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 36 / 56

  73. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Subsumption in Nested Depth First Search [CAV’13] Blue search find accepting states in post order 1: procedure dfsBlue ( s ) 2: Cyan := Cyan ∪ { s } 3: for all successors t of s do 4: if t �∈ Blue ∪ Cyan then 5: dfsBlue ( t ) 6: if s is accepting then 7: dfsRed ( s ) 8: Blue , Cyan := Blue ∪ { s } , Cyan \{ s } Red search find cycles on accepting states 1: procedure dfsRed ( s ) Postcondition: no accepting spiral reachable 2: Red := Red ∪ { s } 3: for all successors t of s do 4: t ⊒ Cyan then Accepting spiral found! if 5: Exit: cycle detected 6: if t �⊑ Red then Spiral on t would give spiral from Red 7: dfsRed ( t ) UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 36 / 56

  74. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Subsumption in Nested Depth First Search [CAV’13] Blue search find accepting states in post order 1: procedure dfsBlue ( s ) 2: Cyan := Cyan ∪ { s } 3: for all successors t of s do 4: if t �∈ Blue ∪ Cyan ∧ t �⊑ Red then Prune the blue search 5: dfsBlue ( t ) 6: if s is accepting then 7: dfsRed ( s ) 8: Blue , Cyan := Blue ∪ { s } , Cyan \{ s } Red search find cycles on accepting states 1: procedure dfsRed ( s ) Postcondition: no accepting spiral reachable 2: Red := Red ∪ { s } 3: for all successors t of s do 4: t ⊒ Cyan then Accepting spiral found! if 5: Exit: cycle detected 6: if t �⊑ Red then Spiral on t would give spiral from Red 7: dfsRed ( t ) UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 36 / 56

  75. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Experiments: speedup up to 48 cores Reachability: [Formats’12] . LTL model checking: [CAV’13] BFS Reachability on Timed Automata Checking LTL on Timed Automata 50 Model Model ● csma ● fischer6 fddi train−crossing−stdred−5 40 fischer−1 train−gate−N10 40 fischer−2 train−gate−N9 train−gate viking15 viking17 30 ● 30 ● ● Speedup Speedup ● 20 ● 20 ● ● ● ● ● ● 10 10 ● ● ● ● ● ● ● 0 0 0 10 20 30 40 50 0 10 20 30 40 50 Threads Threads Experiments with opaal and LTSmin – open source hours − → minutes − → seconds UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 37 / 56

  76. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Table of Contents 1 Multi-core Reachability Shared hash table Parallel state compression Multi-core BDDs 2 Multi-core LTL model checking B¨ uchi automata for LTL model checking Parallel Nested Depth First Search 3 Timed Automata: subsumption of symbolic states Timed B¨ uchi automata and subsumption LTL model checking with subsumption 4 ANIMO: Signalling Networks in Computational Biology Modeling Signaling Networks in Cell Biology ANIMO: Interactive Modeling and Analysis Silicon Experiments: Osteoarthritis UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 38 / 56

  77. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Signaling Pathway in Cell Biology Kinase pathways: spreading the Phosphor token UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 39 / 56

  78. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Signaling Pathway in Cell Biology Kinase pathways: spreading the Phosphor token ◮ Biochemical equilibrium reactions: ◮ E + S + ATP ⇋ ES + ATP → ES P + ADP ⇋ E + S P + ADP ◮ Simplify to one interaction (here activiation): E − → S UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 39 / 56

  79. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Signaling Network in Cell Biology Complex network dynamics ◮ Node interactions: ◮ activation ◮ inhibition ◮ Crosstalk and Feedback ◮ Ultimate questions: ◮ understand & control ◮ key to finding a cure UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 40 / 56

  80. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... How to model signaling networks? Mathematical models (ODE) [Gillespie ’77] dA dt = k 1 · B − k 2 · C − k 3 · A ◮ A , B , C are molecule concentrations ◮ k 1 , k 2 , k 3 are kinetic parameters ◮ Precise, strong tools (simulation, stability) ◮ Difficult, too many parameters are unknown Boolean networks [Kauffman’69] B ∧ ¬ C = ⇒ A ◮ Easy to handle, biologically relevant ◮ No timing, no concentrations at all ◮ So how to execute this? UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 41 / 56

  81. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Using Networks of Timed Automata Modeling Assumptions ◮ Every reactant is a Timed Automaton � � ◮ It maintains a discrete activation level: active active + inactive ◮ Clocks trigger when the activation level goes up or down ◮ Activation/Inhibition: broadcast communication between automata reacting[1]? update(), c:= 0 time T depends on activation reacting[2]? update(), c:= 0 levels: L [ r 1 ][ r 2 ] and U [ r 1 ][ r 2 ] reacting[3]? update(), c:= 0 not_reacting reacting[1]? cant_react() c >= T reacting[0]! reacting[2]? react(), c := 0 stubborn updating start reacting[3]? waiting c <= T can_react() update() c <= T c > T c >= T c := T c < T update() UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 42 / 56

  82. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... Table of Contents 1 Multi-core Reachability Shared hash table Parallel state compression Multi-core BDDs 2 Multi-core LTL model checking B¨ uchi automata for LTL model checking Parallel Nested Depth First Search 3 Timed Automata: subsumption of symbolic states Timed B¨ uchi automata and subsumption LTL model checking with subsumption 4 ANIMO: Signalling Networks in Computational Biology Modeling Signaling Networks in Cell Biology ANIMO: Interactive Modeling and Analysis Silicon Experiments: Osteoarthritis UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 43 / 56

  83. ... Multi-core Reachability Multi-core LTL model checking Timed Automata Signalling Networks ... ANIMO: Analysis of Networks by Interactive Modeling Schivo, Scholma, Karperien, Langerak, vdPol, Post, Urquidi, Vet, Wanders, (FMT, HMI, BioEng) [BIBE’12] [GENE’13] [J-BHI’14] ANIMO is a Cytoscape plugin, running UPPAAL in the background UNIVERSITY OF TWENTE. Multi-core MC for Biology 22 November 2013 44 / 56

Recommend

Scalable Multi-core Model Checking: Technology &amp; Applications of Brute Force Day I:

Scalable Multi-core Model Checking: Technology &amp; Applications of Brute Force Day I:

UNIVERSITY OF TWENTE. Formal Methods &amp; Tools. Scalable Multi-core Model Checking: Technology &amp; Applications of Brute Force Day I: Reachability Jaco van de Pol 30, 31 October 2014 VTSA 2014, Luxembourg ... Introduction Multi-core

583 views • 27 slides
Scalable Multi-core Model Checking: Technology &amp; Applications of Brute Force Part III:

Scalable Multi-core Model Checking: Technology &amp; Applications of Brute Force Part III:

UNIVERSITY OF TWENTE. Formal Methods &amp; Tools. Scalable Multi-core Model Checking: Technology &amp; Applications of Brute Force Part III: Symbolic Jaco van de Pol 30, 31 October 2014 VTSA 2014, Luxembourg ... Binary Decision Diagrams -

1k views • 61 slides
Scalable Multi-core Model Checking: Technology &amp; Applications of Brute Force part II:

Scalable Multi-core Model Checking: Technology &amp; Applications of Brute Force part II:

UNIVERSITY OF TWENTE. Formal Methods &amp; Tools. Scalable Multi-core Model Checking: Technology &amp; Applications of Brute Force part II: Liveness &amp; Timed Systems Jaco van de Pol 30, 31 October 2014 VTSA 2014, Luxembourg ...

861 views • 45 slides
Scalable Multi-core Model Checking: Technology &amp; Applications of Brute Force Part IV: Biology

Scalable Multi-core Model Checking: Technology &amp; Applications of Brute Force Part IV: Biology

UNIVERSITY OF TWENTE. Formal Methods &amp; Tools. Scalable Multi-core Model Checking: Technology &amp; Applications of Brute Force Part IV: Biology Jaco van de Pol 30, 31 October 2014 VTSA 2014, Luxembourg ... Signalling ANIMO In Silico

388 views • 22 slides
Scalable Multi-Core Model Checking Alfons Laarman ( alfons@laarman.com ), Theory joint work with

Scalable Multi-Core Model Checking Alfons Laarman ( alfons@laarman.com ), Theory joint work with

Scalable Multi-Core Model Checking Alfons Laarman ( alfons@laarman.com ), Theory joint work with Jaco van de Pol and Tom van Dijk . 1 / 19 Scalable Multi-Core Model Checking Multi-Core Model Checking Research questions Can model checking

725 views • 61 slides
Multi-Core Model Checking Alfons Laarman November 14, 2013 ... Introduction Reachability LTL

Multi-Core Model Checking Alfons Laarman November 14, 2013 ... Introduction Reachability LTL

UNIVERSITY OF TWENTE. Formal Methods &amp; Tools. Multi-Core Model Checking Alfons Laarman November 14, 2013 ... Introduction Reachability LTL Timed Automata LTSmin Conclusions ... State Space Explosion An exponential problem

956 views • 80 slides
Multi-Core Partial-Order Reduction for LTL Model Checking Alfons Laarman alfons@laarman.com

Multi-Core Partial-Order Reduction for LTL Model Checking Alfons Laarman alfons@laarman.com

MC-MC POR LTL MC-POR Conclusions Multi-Core Partial-Order Reduction for LTL Model Checking Alfons Laarman alfons@laarman.com joint work with Anton Wijs (Eindhoven University of Technology) Formal Methods in Systems Engineering Vienna

749 views • 45 slides
Towards efficient model checking for variants of ATL under different semantics Wojciech Penczek

Towards efficient model checking for variants of ATL under different semantics Wojciech Penczek

Specification of Strategic Abilities in ATL* Model checking Multi-Valued ATL* Partial order reductions for sATL* Simpler strategies for Timed ATL Conclusions Towards efficient model checking for variants of ATL under different semantics

1.1k views • 88 slides
Higher-Order Model Checking III: Reducing Model Checking to Type Inference IV: Applications:

Higher-Order Model Checking III: Reducing Model Checking to Type Inference IV: Applications:

Higher-Order Model Checking III: Reducing Model Checking to Type Inference IV: Applications: Verifying Higher-order Functional Programs Luke Ong University of Oxford http://www.cs.ox.ac.uk/people/luke.ong/personal/ http://mjolnir.cs.ox.ac.uk

856 views • 26 slides
Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking Checking Checking for Timed Automata Timed Automata Coll C l C ll b llabora orators: t ors: Peter Bulychev, Alexandre David Axel Legay, Marius

725 views • 59 slides
Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree Logic Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge

402 views • 25 slides
Statistical Model Checking for Biological Systems Paolo Zuliani Department of Computer Science

Statistical Model Checking for Biological Systems Paolo Zuliani Department of Computer Science

Statistical Model Checking for Biological Systems Paolo Zuliani Department of Computer Science Carnegie Mellon University Joint work with Edmund Clarke, James Faeder, Haijun Gong, Qinsi Wang Verification of Rule-based Models Temporal

462 views • 33 slides
Multi-Omics with Galaxy for Diverse Biological Applications Tim Griffin and Pratik Jagtap

Multi-Omics with Galaxy for Diverse Biological Applications Tim Griffin and Pratik Jagtap

Multi-Omics with Galaxy for Diverse Biological Applications Tim Griffin and Pratik Jagtap University of Minnesota galaxyp.org Outline Galaxy-P and mass spectrometry-based proteomics multi-omics data analysis Multi-omics application 1:

248 views • 22 slides
Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model checking historically not the first symbolic model checking approach scales better than original BDD based techniques mostly incomplete in

521 views • 28 slides
CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms

CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms

CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms for ( U ) Counter Examples and witnesses Symbolic Model Checking (Thursday) Binary Decision Trees

740 views • 40 slides
Hoare Logic and Model Checking Model Checking But perhaps theres a clever way of

Hoare Logic and Model Checking Model Checking But perhaps theres a clever way of

Hoare Logic and Model Checking Model Checking But perhaps theres a clever way of compiling one into the other? Both have very different models of time How do they compare? We have seen two widely used temporal logics Relative

510 views • 10 slides
Bounded Model Checking of Software for Real-World Applications Parts 1-3 UniGR Summer School on

Bounded Model Checking of Software for Real-World Applications Parts 1-3 UniGR Summer School on

Bounded Model Checking of Software for Real-World Applications Parts 1-3 UniGR Summer School on Verification Technology, Systems &amp; Applications VTSA 2018 Nancy, France Carsten Sinz Institute for Theoretical Informatics (ITI) Karlsruhe

569 views • 45 slides
Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL Other interesting books: Model Checking by Clarke, Grumberg, and Peled Principles of Model Checking by Baier and Katoen 3 Course

636 views • 11 slides
Tuning space optimization for multi- core architectures V. Martnez , F. Dupros, M. Castro, H.

Tuning space optimization for multi- core architectures V. Martnez , F. Dupros, M. Castro, H.

Tuning space optimization for multi- core architectures V. Martnez , F. Dupros, M. Castro, H. Aochi and P. Navaux 2 Contents Introduction. HPC applications Performance Stencil Model. Testbed configuration. Experiments.

381 views • 25 slides
Higher-Order Model Checking and Program Verification Naoki Kobayashi University of Tokyo

Higher-Order Model Checking and Program Verification Naoki Kobayashi University of Tokyo

Higher-Order Model Checking and Program Verification Naoki Kobayashi University of Tokyo Whats This Talk About? Introduction to higher-order model checking (model checking of higher- order recursion schemes) and its applications to

641 views • 40 slides
Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and Extensible Model Checking Framework a Modular and Extensible Model Checking Framework 3rd Estonian Summer School in Computer and System Science

777 views • 31 slides
Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and Extensible Model Checking Framework a Modular and Extensible Model Checking Framework 3rd Estonian Summer School in Computer and System Science

628 views • 34 slides
Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and Extensible Model Checking Framework a Modular and Extensible Model Checking Framework 3rd Estonian Summer School in Computer and System Science

301 views • 8 slides
Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is

Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is

Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is Model Checking? Model checking is an automated technique that, given a finite-state model of a system and a logical property , systematically

484 views • 36 slides

More recommend