spin. seach optimization exhaustive search requires so much time and memory to perform verification...
TRANSCRIPT
SPIN
Seach Optimization
• Exhaustive search requires so much time and memory
• to perform verification realistically, must perform some shortcuts– reduce the number of reachable states– reduce the amount of memory required to
represent a state
Agenda
• Search Algorithm• Search Optimization
– Reduction of the number of reachable states– Reduction of the amount of memory
• lossless method– State Compression– Minimized automaton representation
• lossy method– Bit state hashing– Bloom Filter– Hash Compact
Partial Order Reduction
• 考えられる実行順序– 1 : x = 1;g = g+2;y = 1 ;g = g*2;– 2 : x = 1;y = 1 ;g = g+2 ;g = g*2;– 3 : x = 1;y = 1 ;g = g*2 ;g = g+2;– 4 : y = 1;g = g*2 ;x = 1 ;g = g+2; – 5 : y = 1;x = 1 ;g = g*2 ;g = g+2;– 6 : y = 1;x = 1 ;g = g+2;g = g*2;
P1 : x = 1; g = g+2;
P2 : y = 1 g = g*2
Partial Order Reduction
• x = 1 と y = 2 と (g = g + 2, g= g * 2) は独立
• 重要なのは g = g+2, g = g * 2 の順序のみ– 2 : x = 1;y = 1 ;g = g+2 ;g = g*2;– 3 : x = 1;y = 1 ;g = g*2 ;g = g+2;
の二つについてのみ探索を行えば十分
Statement Merging
• if permissible, merge adjacent statements (operations) into one
• if there is a possibility that a different process might interleave between statements, this is not possible– eg: when global variables are accessed conse
cutively
• It is a special case of Partial Order Reduction
adjacent: 隣接する
Agenda
• Search Algorithm• Search Optimization
– Reduction of the number of reachable states– Reduction of the amount of memory
• lossless method– State Compression– Minimized automaton representation
• lossy method– Bit state hashing– Bloom Filter– Hash Compact
State Compression
• 各プロセスの状態表現に P[bits] – プロセス数が n なら状態表現に nP[bits] 必要– しかし P[bits] で表現される全ての状態に到達
するわけではない。– よって P[bits] は情報量として冗長– 各プロセス毎に到達した状態に unique な番
号を割り振って、全状態としてはその番号の組み合わせを記憶する。
State Compression
• e.g.– P1 : integer x, y , z; P2 : integer a, b , c;– the size of memory to represent a state of each
process is 24bits.– the number of reachable states is 5,000– the number of reachable states of each process is
100 ( <= 256 = 2^8)• If states is represented straightforwardly, you
need …– (24 + 24)*5,000 = 240,000 [bits]
• If you use this method, you need only …– (100 + 100)*24 + 8 * 5,000 = 44,800 [bits]
Minimized automaton representation
• 状態が到達済みかどうかの判定を OBDDを利用して行う。
• OBDD– bit 列の入力に対して、真偽を判断するための
データ構造• 戦略
– 状態 S をビット列に変換– OBDD で到達済みか判断。– 到達済みでないなら、 OBDD を更新する。
OBDD
• BDD (Binary Decision Diagram)– bit 列 [b0,b1, …] に対して true, false を判定する
automaton– 各 vertex が b0,b1, … に対応 edges が bit の値に対応
• OBDD– BDD に以下の条件を加えたもの。– b0,b1,b2, … の順に処理– 同じ構造のツリーはまとめる。– 冗長な vertex は除去
OBDD Structure
b0 b1
b1
b2
F
T
0
1 0
1
1
00
1
(b0,b1,b2) { (0,0,0),(0,0,1),(1,0,1) } →∈ Trueotherwise → False
+ (1,0,0)
Agenda
• Search Algorithm• Search Optimization
– Reduction of the number of reachable states– Reduction of the amount of memory
• lossless method– State Compression– Minimized automaton representation
• lossy method– Bit state hashing– Bloom Filter– Hash Compact
Bit state hashing
• Depth-first search constructs a set of reachable states to conclude whether a state was reached.
• The set is normally implemented using hash table.
Standard implementation
• Standard implementation uses– 8×h + S×r [bits]
• h : the number of slots of a hash table
• S : the size of memory to represent a state
• r : the number of reachable states
• 8 : pointer• m : total size of memory
in the machine
Standard Implementation
• If parameters are ...– m = 10^9 bits ,S = 1000 , r = 10^7– (S ・ r)/m = 10 > 1– coverage of the problem size is only 10%
Bit state hashing
• If we configure the hash table as an array of m bits, using it as a hash table with h = m slots.....– h >> r and coverage close to 100%– when a hash collision happens, we will
conclude incorrectly that a state was visited before.
s0
s1
s2s3
s4
s5
hash collision!!
not reached
h(s0) = 0, h(s1) = 5, h(s2) = 3, h(s3) = 2,h(s4) = 5, h(s5) = 1
0 1 2 3 4 5
h(s0) h(s1)h(s2)h(s3) h(s4)
This state was reached !?
Bloom Filters
push (s) : existed = True hlist = hash(s,k) for h in hlist: if (hash_table[h] is False): existed = False hash_table[h] = True return existed
hash(s,k): return [h0(s),h1(s),...., h_k_1(s)]
Bloom Filters (k = 2)
h0(s0) = 0h1(s0) = 1
h0(s1) = 0h1(s1) = 3
h0(s2) = 3h1(s2) = 1
0 1 2 3 4
OK
OK OKCollision OK
OK
Collision Collision
False Collision
Bloom Filter• After r states is stored, probability that a
certain bit is still false is
• Probability that we incorrectly conclude that the (r + 1)th state was visited
• optimal k (that minimize probability) is
Bloom Filter
• e.g.– r = 10,000,000– m = 1,000,000,000– optimal value of k = 69.315
Hash Compact
• Normal Implementation な hash table に State ではなく、 State を hash 関数を使って、より小さい空間に写像したものを渡す。– 当然、写像に使う hash 関数は hashtable 内で利用さ
れているものとは異ならなければならない。• the number of reachable states << hash 値の空
間の大きさ << State 空間の大きさの時効果を発揮する。
• 前者の <<→ 衝突の確率が低い。• 後者の <<→ 保存データサイズの縮小• 要するに State 空間の表現が冗長だよってこと。