multi core reachability for timed automata
play

Multi-Core Reachability for Timed Automata Andreas Dalsgaard 2 Alfons - PowerPoint PPT Presentation

Multi-Core Reachability for Timed Automata Andreas Dalsgaard 2 Alfons Laarman 1 Kim G. Larsen 2 Mads Chr. Olesen 2 Jaco van de Pol 1 1 Formal Methods and Tools, University of Twente { a.w.laarman,vdpol } @cs.utwente.nl 2 Department of Computer


  1. Multi-Core Reachability for Timed Automata Andreas Dalsgaard 2 Alfons Laarman 1 Kim G. Larsen 2 Mads Chr. Olesen 2 Jaco van de Pol 1 1 Formal Methods and Tools, University of Twente { a.w.laarman,vdpol } @cs.utwente.nl 2 Department of Computer Science, Aalborg University { andrease,kgl,mchro } @cs.aau.dk FORMATS’2012, London, 19th September 2012

  2. Introduction LTSmin Experiments Conclusion opaal Hammers 1 core unsafe L == 0 y1 = 0 take! y1 >= 5 release! release! y1 >= 5 take! y1 = 0 L == 1 safe 1/20

  3. Introduction LTSmin Experiments Conclusion opaal Hammers Many cores unsafe L == 0 y1 = 0 take! y1 >= 5 release! release! y1 >= 5 take! y1 = 0 L == 1 safe 1/20

  4. Introduction LTSmin Experiments Conclusion opaal Timed Automata unsafe L == 0 y1 = 0 Clocks, etc. take! Model checking symbolic y1 >= 5 release! Partial order on behaviour (clock zones, represented as release! y1 >= 5 Difference Bounded Matrix take! (DBM)) y1 = 0 L == 1 safe Viewed as Well-Structured Transition System State ( s , σ ) has discrete part, and symbolic part with comparison operator ⊑ 2/20

  5. Introduction LTSmin Experiments Conclusion opaal Toolchain 3/20

  6. Introduction LTSmin Experiments Conclusion opaal LTSmin 4/20

  7. Introduction LTSmin Experiments Conclusion opaal PINS Interface with subsumption initial-state () = ( s 0 , σ 0 ) next-state (( s , σ )) = { ( s 1 , σ 1 ) , . . . , ( s n , σ n ) } returning all successors of ( s , σ ), ( s , σ ) → ( s i , σ i ) covers ( σ ′ , σ ) = σ ⊑ σ ′ returning whether the symbolic part σ ′ subsumes σ Implementation-wise, a state is a vector of 32-bit integers, and a pointer to a DBM: � i 1 , . . . , i m , DBM � 5/20

  8. Introduction LTSmin Experiments Conclusion opaal Reachability with subsumption Algorithm 1 Reachability with subsumption proc reachability( s g ) 1 W := { initial-state () } ; P := ∅ 2 while W � = ∅ 3 W := W \ ( s , σ ) for some ( s , σ ) ∈ W 4 P := P ∪ { ( s , σ ) } 5 for ( t , τ ) ∈ next-state (( s , σ )) do 6 if t = s g then report & exit 7 if � ∃ ρ : ( t , ρ ) ∈ W ∪ P ∧ covers ( ρ, τ ) 8 W := W \ { ( t , ρ ) | covers ( τ, ρ ) } ∪ ( t , τ ) 9 6/20

  9. Introduction LTSmin Experiments Conclusion opaal Multicore LTSmin Passed-Waiting List Hash table optimized for multicore Open addressing Separate data Lockless (CAS + write bit) Pre-allocation of entire structure (no allocation there-after) 7/20

  10. Introduction LTSmin Experiments Conclusion opaal DBM Storage Data Structure L ′ L ′′ L σ π σ π D ( s ) σ N D ( t ) ρ υ ρ υ ρ υ τ τ L ′ . del ( t , τ ) L . add ( s , π ) I Figure: Data structure for L , and operations Updates can be either blocking or non-blocking Blocking maintains invariant: waiting states in L do not subsume each other Another hash table used for duplicate detection of DBMs 8/20

  11. Introduction LTSmin Experiments Conclusion opaal Parallel Reachability More searchers Share Passed hash table Local Waiting list Work-stealing global L : S → (Σ × { waiting , passed } ) ∗ proc search(( s 0 , σ 0 ) , s g , p ) Q p := if p = 1 then { ( s 0 , σ 0 ) } else ∅ while Q p � = ∅ ∨ balance( Q p ) Q p := Q p \ ( s , σ ) for some ( s , σ ) ∈ Q p if ¬ grab( s , σ ) then continue for ( t , τ ) ∈ next-state (( s , σ )) do if t = s g then report & exit if ¬ update( t , τ ) Q p := Q p ∪ ( t , τ ) 9/20

  12. Introduction LTSmin Experiments Conclusion opaal opaal 10/20

  13. Introduction LTSmin Experiments Conclusion opaal Successor Generator Generator Generate C++ code specific for the model Max clock constant analysis (location-based k -extrapolation) Python unsafe L == 0 y1 = 0 take! State vector: y1 >= 5 Process1 release! int L release! y1 >= 5 DBM: y1 take! y1 = 0 L == 1 safe 11/20

  14. Introduction LTSmin Experiments Conclusion opaal Successor Generator Generator Generate C++ code specific for the model Max clock constant analysis (location-based k -extrapolation) Python unsafe L == 0 y1 = 0 take! State vector: y1 >= 5 Process1 release! int L release! y1 >= 5 DBM: y1 take! y1 = 0 L == 1 safe 11/20

  15. Introduction LTSmin Experiments Conclusion opaal Successor Generator Generator Generate C++ code specific for the model Max clock constant analysis (location-based k -extrapolation) Python unsafe L == 0 y1 = 0 take! State vector: y1 >= 5 Process1 release! int L release! y1 >= 5 DBM: y1 take! y1 = 0 L == 1 safe 11/20

  16. Introduction LTSmin Experiments Conclusion opaal Successor Generator Generator Generate C++ code specific for the model Max clock constant analysis (location-based k -extrapolation) Python unsafe L == 0 y1 = 0 take! State vector: y1 >= 5 Process1 release! int L release! y1 >= 5 DBM: y1 take! y1 = 0 L == 1 safe 11/20

  17. Introduction LTSmin Experiments Conclusion opaal Structure of generated code switch (Process1 location) { 1 case 1: 2 if (guard1) //normal transition 3 callback with successor 4 if (guard2) { //synchronisation on chan! 5 switch (Process2 location) { 6 case X: 7 if (guardX) callback with successor 8 } 9 ... 10 } 11 ... 12 } 13 //Transitions for Process2 14 ... 15 12/20

  18. Introduction LTSmin Experiments Conclusion opaal Supported Language Features Templates constants bounded integer variables arrays selects guards updates invariants on both variables and clocks committed and urgent locations binary synchronisation broadcast channels urgent synchronisation much of the C-like language that uppaal uses to express guards and variable updates 13/20

  19. Introduction LTSmin Experiments Conclusion opaal Experiments 14/20

  20. Introduction LTSmin Experiments Conclusion opaal Expectations Search order matters! Finding larger zones faster allow faster termination Multi-core means search order depends on interleaving Hope for linear speedup 15/20

  21. Introduction LTSmin Experiments Conclusion opaal Experiments Table: Runtimes, strict BFS opaal+ LTSmin (cores) uppaal T T 1 T 2 T 8 T 16 T 32 T 48 train-gate-N10 837.4 573.3 297.8 76.7 39.4 21.1 14.4 viking17 207.8 331.5 172.5 44.2 22.7 11.9 8.6 train-gate-N9 76.8 52.4 28.5 7.7 4.1 2.4 2.0 viking15 38.0 67.0 34.8 9.7 5.1 3.0 2.3 train-crossing 48.3 24.5 37.2 5.8 2.7 2.0 2.1 fischer6 0.1 219.2 129.2 46.4 36.1 32.9 31.8 16/20

  22. Introduction LTSmin Experiments Conclusion opaal Scalability Strict Search Order Model Model ● fischer6 ● fischer6 train−crossing−stdred−5 train−crossing−stdred−5 40 train−gate−N10 40 train−gate−N10 train−gate−N9 train−gate−N9 viking15 viking15 viking17 30 viking17 30 Speedup Speedup 20 ● 20 ● ● ● ● 10 ● 10 ● ● ● ● ● ● ● ● ● ● ● ● ● ● 0 0 0 10 20 30 40 50 0 10 20 30 40 50 Threads Threads Figure: Speedup non-blocking strict Figure: Speedup strict BFS BFS 17/20

  23. Introduction LTSmin Experiments Conclusion opaal Scalability Non-Strict Search Order Model Model ● fischer6 ● fischer6 train−crossing−stdred−5 train−crossing−stdred−5 40 train−gate−N10 40 ● ● train−gate−N10 train−gate−N9 ● train−gate−N9 viking15 ● viking15 viking17 30 viking17 30 ● Speedup Speedup ● 20 20 ● 10 10 ● ● ● ● ● ● ● ● ● ● ● ● ● 0 0 0 10 20 30 40 50 0 10 20 30 40 50 Threads Threads Figure: Speedup Randomized Figure: Speedup Pseudo BFS Pseudo DFS 18/20

  24. Introduction LTSmin Experiments Conclusion opaal Conclusion A scalable hammer Promising experiments Lots of efficiency improvements (LU-clock extrapolation, symmetry, partial order reduction, memory consumption, . . . ) Multi-core liveness? Websites http://opaal-modelchecker.com/ http://fmt.cs.utwente.nl/tools/ltsmin/ 19/20

  25. Introduction LTSmin Experiments Conclusion opaal Conclusion Websites http://opaal-modelchecker.com/ http://fmt.cs.utwente.nl/tools/ltsmin/ Model ● fischer6 train−crossing−stdred−5 40 train−gate−N10 ● ● train−gate−N9 ● viking15 ● viking17 30 ● Speedup ● 20 Questions? ● 10 ● ● ● 0 0 10 20 30 40 50 19/20 Threads

  26. Introduction 1 Hammers Timed Automata Toolchain LTSmin 2 PINS Interface with subsumption Reachability with subsumption Multicore LTSmin Passed-Waiting List DBM Storage Data Structure Parallel Reachability opaal 3 Successor Generator Generator Structure of generated code Supported Language Features Experiments 4 Expectations Experiments Scalability Strict Search Order Scalability Non-Strict Search Order

Recommend


More recommend