Fair Cycle Detection: A New Algorithm and a Comparative Study Fabio Somenzi University of Colorado at Boulder

Fair Cycle Detection:A New Algorithm and a

Comparative Study

Fabio SomenziUniversity of Colorado at

Boulder

Acknowledgement

• This talk is the conflation of– Kavita Ravi, Roderick Bloem, and Fabio

Somenzi, “A comparative study of symbolic algorithms for the computation of fair cycles”

– Roderick Bloem, Hal Gabow, and Fabio Somenzi, “An algorithm for strongly connected component analysis in n log n symbolic steps”

• Both presented at FMCAD00

Model Checking

Given• A finite state transition structure• A property (set of admissible

behaviors) usually specified as– Temporal logic formula -regular automaton

Decide whether initial states of structure satisfy property

Properties

• Safety properties– violation described as finite path

• Liveness properties– infinite path (cycles)

-regular automata acceptance, fairness– Büchi, Muller, Rabin, Streett, L-process

SCC Decomposition

• Find all sets of nodes that can reach each other (Strongly Connected Components)– SCC is trivial if it contains no edges

• Central graph problem• Tarjan’s algorithm is linear, but

explicit• Find a good implicit algorithm

Motivation

• Fair cycle detection algorithms– Symbolic vs. explicit state search

• Many symbolic algorithms, no systematic comparisons– What really makes the difference?

• Can we improve over O(n2) ?

Outline

MotivationIntroduction• Fair cycle algorithms

– A general framework

• Lockstep algorithm• How do the different algorithms fare?• Conclusions

Büchi Emptiness

• A Büchi automaton accepts at least a word if it has a nontrivial SCC that contains an accepting state

• Used in:– LTL model checking (Spin, SMV)– Fair CTL model checking (VIS, SMV)– Language-containment checking (COSPAN)

• If language not empty, produce witness

Notation

• CTL– EX, EU, EG, EF (future tense,

backward)– EY, ES, EH, EP (past tense, forward)

• Fixpoint operators ,

Symbolic Algorithms

• Sets are represented by their characteristic functions

• No loops over the elements of sets• Instead:

– Union, intersection, complementation– Check for equality (emptiness)– (Choice of one element)– Image (EY), preimage (EX)

Symbolic Complexity• Number of variables is important

• Sets of nodes have 1 set of variables• Transition relation has 2 sets

• Number of variables sets for operations:

• Boolean operations: 1 set• Image, preimage: 2 sets• Transitive closure: 3 sets

• Our Measure is number of steps: image and preimage

• Keep transition relation constant!

Known Complexity

• Measured in nodes (n)• Known results (symbolic):

– SCC decomposition: O(n2) [Xie & Beerel 99]– Büchi emptiness: O(n2) [Emerson & Lei 86]

• We also measure number of steps as function of number of nodes, but…

Interesting Parameters

• n : number of states• d : Diameter of the graph

– Largest (finite) of the shortest distances between two nodes

• h : Height of the SCC quotient graph– How many SCCs we can have along a path

• N : Number of SCCs• N’ : Number of nontrivial SCCs• C’ : Number of fairness constraints

Outline

MotivationIntroductionFair cycle algorithms

– A general framework

• Lockstep algorithm• How do the different algorithms fare?• Conclusions

Symbolic Fair Cycle Computations

Fair Cycle

Empty set

No

SCC hull

Yes

(set of states that contain fair SCCs)

Refinement

Check if each SCC is fair

Symbolic SCC enumeration

SCC Hull Algorithms

Generic SCC Hull algorithm (GSH)Emerson-LeiHojati et al.Kesten et al.Hardin et al.

Generic SCC Hull Algorithm (GSH)

• SCC hull: a set of states that contains all fair SCCs

• Operators– TB : EX(Z), {E(Z U Zc)}– TF : EY(Z), {E(Z S Zc)}

• Algorithm: start with all states, at every iteration– choose and apply an operator from TB or TF

(operator schedules)– converge when no change in state set under

TB OR TF operators (weaker condition)

Instances of GSH: Different operator

schedules Emerson-Lei: Z. EX E(Z U Zc)(EU1 EX) (EU2 EX) (EU1 EX) (EU2 EX)...

cC

Hojati : Z. EG E(Z U Zc)(EU1 EU2) EX… (EU1 EU2) EX... (EU1 EU2) EX...

cC

Hojati, Kesten:Z. EH E(Z S Zc)(ES1 ES2) EY… (ES1 ES2) EY... (ES1 ES2) EY...

cC

Hojati, Hardin:Z. EG-H ZEF(Zc)EP(Zc) (EF, EP) (EY EX)... (EF, EP) (EY EX)...

cC

Fair

TerminalInitial

7

1

2

4

5

6

8

9

10

11 1213

14

15

16

3

TrivialNon-trivialSCC Quotient Graph

Fair

TerminalInitial

7

1

2

4

5

6

8

9

10

11 1213

14

15

16

3


Emerson-Lei, Hojati

Fair

TerminalInitial

7

1

2

4

5

6

8

9

10

11 1213

14

15

16

3


Hojati, Kesten

Fair

TerminalInitial

7

1

2

4

5

6

8

9

10

11 1213

14

15

16

3


Hojati, Hardin

Fair

TerminalInitial

7

1

2

4

5

6

8

9

10

11 1213

14

15

16

3


GSH (TF convergence)

GSH (TB convergence)

Complexity in Steps

GSH Emerson-Lei

Hojati, Kesten

Hojati, Hardin

O(C’dN) (C’dh) (C’dh + N – N’)

O(C’dN)

O(C’n2) complexity

– n : number of states– C’: number of fairness constraints– d : diameter of graph– N : Number of SCCs (N’: non-trivial)– h : height of the SCC quotient graph

Symbolic SCC Enumeration Algorithms

Xie-BeerelIXBBloem

Symbolic SCC Enumeration

• Find an SCC– pick a state v

– compute the SCC of v as (EP(v)EF(v))

• Check if SCC is fair• Recur on the partitions

EP(v)EF(v)


• Xie-Beerel– v is randomly

chosen

– EF(v), EP(v) are SCC-closed sets

– Partition the state space

– EG(partition) applied to trim

– Complexity O(dN)

7

1

2

4

5

6

8

9

10

11 1213

14

15

16

3


• Improvements to Xie-Beerel– trim with EH(partition)

in addition to EG(partition)

• Improves complexity

– v is chosen from a priority queue

• Shortens prefix of counterexample

7

1

2

4

5

6

8

9

10

11 1213

14

15

16

3

Outline


– A general frameworkLockstep algorithm• How do the different algorithms fare?• Conclusions

Lockstep Algorithm

• Same basic approach as in Xie-Beerel: – Choose node v– Search backward and forward, SCC of

v is intersection

• Perform two searches simultaneously for n log n performance

Lockstep by ExampleStage 1: Search forward and backward until one convergesStage 2: Complete search to find SCCStage 3: Recursion




Lockstep by Example

Backwards search converged!

Stage 1: Search forward and backward until one convergesStage 2: Complete search to find SCCStage 3: Recursion





Picture of Search Space• Recur on Black and Blue & White: both are SCC-closed

• One of Black and Blue & White has < n/2 nodes. This is S

V

Analysis: Charging

• Amortized analysis: charge to nodes and count total charge

• In Stage 1: at most |S + C | steps– Charge 1 to every node in S and C

• In Stage 2: at most |C | steps– Charge 1 to every node in C

Analysis: Total Charge

V1

S1 < V1/2

• Every node goes down only one branch

• Stage 1: Every node is charged log n times

• Stage 2: Every node is charged 1 time

• Total charge: n log n + n = O(n log n)

V2

S2 < V2/2 < V1/4

Sharper Analysis

• For Emerson-Lei: O(dh)• For Lockstep: O(n log(dN/n))

– N is number of SCCs

• With optimization: O(dN’+N) and O((d+h)N’)

GSH Emerson-Lei

Hojati, Kesten

Hojati, Hardin

Xie-Beerel

IXB Bloem

O(C’dN) (C’dh) O(C’dh+ N – N’)

O(C’dN) O(dN) O(min( dN’+N, N’(d+h)))

O(min( dN’+N, N’(d+h)))

Complexity Comparison

SCC-Hull Symbolic SCC enumeration

O(C’n2) complexity O(n log n)O(n2)

N’: Number of non-trivial SCCs

Counterexamples

• Symbolic SCC enumeration algorithms– Only one fair SCC– Shortest prefix can be generated with

onion rings

• SCC hull algorithms– counterexample procedure depends on

the computed hull i.e., location of fair SCCs

Counterexamples

GSH Emerson-Lei

Hojati,Kesten

Hojati,Hardin

Clarke95/Kesten98

Clarke95 Kesten98 Clarke95&Kesten98

Length of counterexample depends on the SCC hull

Summary

• SCC-hull algorithms • Symbolic SCC enumeration

algorithms– Lockstep

• Performance depends on– N, N’, d, h, C’– Number of fair SCCs, location of the

fair SCCs– BDD factors?

Outline


– A general frameworkLockstep algorithmHow do the different algorithms fare?• Conclusions

Experiments

• Implemented 5 algorithms in COSPAN– Emerson-Lei, Hojati/Kesten,

Hojati/Hardin, IXB, Lockstep

• Measured time, number of steps, length of counter-examples

Experiments: No Fair Cycles

Circuit Reach EL Time HK Time HH Time IXB Time BGS TimeAbp2 (16) 0.01 20.3 (352) 16.5 (720) 30.9 (733) 58 (2506, 693) 59 (1689, 465)F1 (70) 259 68.6 (4) 50.3 (4) 73.8 (12) 50.8 (4, 0) 50.5 (4, 0)RR (94) 67 13 (50) 12.5 (50) 88.1 (58) 11.6 (50, 0) 12.3 (50, 0)S111 (191) 259 0.8 (4) 0.9 (5) 4.7 (13) 1.3 (6, 0) 1.28 (6, 0)S195 (483) 1223 1.9 (3) 1.7 (3) 10.5 (10) 17.3 (3, 0) 17.4 (3, 0)

Experiments: Fair Cycles

Circuit Reach El Time HK Time HH Time IXB Time BGS TimeS192 (44) 1149 2440 (204) 17.6 (484) 4671 (462) 224.7 (172, 1)235 (172, 1)WV (92) 62.9 288.4 (6) 4807 (16) 8958 (14) 5937(14, 1) 5779 (14, 1)CO (93) 773.8 198.5(27) 9125 (174) 96.4(38) 8755 (174, 1) 7179 (174, 1)S120 (93) 160.8 38(9) 643.6 (128)4050 (74) 406.4 (43, 1) 376.1 (43, 1)S106 (124) 185 68.9 (35) 51 (174) 399 (91) 75.5 (55, 1) 76(55, 1)

Experiments: Length of Counterexamples

Circuit EL Prefix HK Prefix HH Prefix IXB Prefix BGS PrefixTime Loop Time Loop Time Loop Time Loop Time Loop

S192 (44) 1.4 48,32 0.77 20,32 1.52 28,40 0.79 20,32 0.78 20,32WV (92) 0.64 3,4 1.44 3,4 12.05 3,2 6.11 3,2 6.07 3,2CO (93) 2.93 13,60 3.22 13,32 3.63 13,46 3.32 13,32 3.35 13,30S120 (93) 1.28 8,18 1.34 7,8 2.46 9,16 1.78 7,18 1.58 7,18S106 (124) 3.11 51,4 2.84 45,6 4.81 55,2 2.95 45,4 2.89 45,4

Experiments: Summary

• Emerson-Lei seems no worse than others

• IXB, Lockstep designed to produce short counterexamples

• BDDs play a large role in actual performance

On-The-Fly Lockstep

• For example WV:– Lockstep takes 5779 s– The fair path is very short: (3,2)– One (large) SCC is examined

• Stop as soon as B(v) F(v) intersects all fair sets– A fair cycle is guaranteed in B(v)

F(v)

Outline


– A general frameworkLockstep algorithmHow do the different algorithms fare?Conclusions

Conclusions

• Compared various symbolic algorithms– provided a classification, generalized some

algorithms• Studied performance with experiments• Future work

– Forward vs. Backward, BDD effects– Streett acceptance– Hybrid algorithms?

Conclusions

• n log n symbolic algorithm for – SCC decomposition, – Büchi emptiness, – Streett emptiness,

measured in images/preimages• Improves n 2 previously known

bounds• When measured more sharply:

Lockstep incomparable with EL

Conclusions

• Lockstep useful for counterexample generation

• Future work: parallelizing algorithms that change transition relation or even use extra variables

Documents

Fair Cycle Detection: A New Algorithm and a Comparative Study Fabio Somenzi University of Colorado at Boulder