Regular Model Checking Regular Model Checking Made Simple and Made Simple and

EfficientEfficient

Regular Model Checking Regular Model Checking Made Simple and Made Simple and

EfficientEfficient

P. Abdulla, B. Jonsson, M. Nilsson P. Abdulla, B. Jonsson, M. Nilsson and J. d’Orsoand J. d’Orso

Uppsala UniversityUppsala University

Presentation Overview• Aim

• Regular Model Checking

• Subset Construction

• Construction by Matching

• Conclusions

Aim• Parameterized systems• Counters• Stacks• queues

Can all be represented by regular languagesAnd regular relations.

Regular Model Checking

Represent configurations/transition relationswith finite automata.

(n,n)

(n,t)(t,n)

(n,n)

Example: moving a token to the right

Regular Model Checking

The transitive closure:

(n,n)

(n,t)(t,n)

(n,n)

Example: moving a token arbitrarily to the right

(n,n)

Regular Model Checking (cont.)

• Problem: how do we compute transitive closures ?

• Solution: subset construction ([BJNT00])

• First step: use strings to represent composition (“columns”)

Successiveruns

One column

Regular Model Checking (cont.)

Regular Model Checking (cont.)

Regular Model Checking (cont.)

Subset Construction (cont.)

• Problem: previous automaton is infinite !• Second idea: apply subset construction• With regular sets

Subset Construction (cont.)

€

q0+

(n,n)

(n,t)(t,n)

(n,n)

Relation R:

Construction:

(n,n)

€

q0

€

q1

€

q2

Subset Construction (cont.)

€

q0+

(n,n)

(n,t)(t,n)

(n,n)

Relation R:

Construction:

€

q1 ⋅q0*

€

q2

(n,n)

(t,n)

(n,t)

(n,n)

Subset Construction (cont.)

€

q0+

(n,n)

(n,t)(t,n)

(n,n)

Relation R:

Construction:

€

q1 ⋅q0*

€

q2

€

q2 ⋅q1 ⋅q0*

€

q2 ⋅q2

(n,n)

(n,n) (n,n)

(n,n)(t,n)

(n,t) (n,t)

Subset Construction (cont.)

€

q0+

(n,n)

(n,t)(t,n)

(n,n)

Relation R:

Construction:

€

q1 ⋅q0*

€

q2

€

q2 ⋅q1 ⋅q0*

€

q2 ⋅q2

(n,n)

(t,n)

(n,t) (n,t)

(n,n) (n,n)

(n,n)(n,n)

Subset Construction (cont.)

€

q0+

(n,n)

(n,t)(t,n)

(n,n)

Relation R:

Construction:

€

q1 ⋅q0*

€

q2

€

q2 ⋅q1 ⋅q0*

€

q2 ⋅q2

(n,n)

(t,n)

(n,t) (n,t)

(n,n) (n,n)

(n,n)(n,n)

Subset Construction (cont.)

• Automaton built is deterministic

• Computing the image of a set is expensive

• For many examples, sets obtained are simple

Practical problems:

Our Contribution

• The algorithm uses only local information, not global reasoning (bisimulations).

Compared with [DLS01]:

Our Contribution

• Construction does not rely on determinism

• No image computation, but simple “matching”

Compared with [BJNT00]:

An Example

L 1 2 3 R

(e,e) (e,e)

(a,e) (b,a) (d,b) (e,d)

An Example

L 1 2 3 R

(e,e) (e,e)

(a,e) (b,a) (d,b) (e,d)

Compose automaton twice:

(e,e)(e,e)

(a,e) (b,e) (e,b) (e,d)(d,a)LL

1L

21

32

R3

RR

An Example

L 1 2 3 R

(e,e) (e,e)

(a,e) (b,a) (d,b) (e,d)

(e,e) (e,e)

(a,e) (b,e) (e,b) (e,d)(d,a)LL

1L

21

32

R3

RR

An Example

L 1 2 3 R

(e,e) (e,e)

(a,e) (b,a) (d,b) (e,d)

(b,e)

(d,a)

(e,b)

An Example

L 1 2 3 R

(e,e) (e,e)

(a,e) (b,a) (d,b) (e,d)

(b,e)

(d,a)

(e,b)

(d,e) (e,a)

An Example

L 1 2 3 R

(e,e) (e,e)

(a,e) (b,a) (d,b) (e,d)

(b,e)

(d,a)

(e,b)

(d,e) (e,a)

(e,e)

Construction by Matching

Use sets of form:

€

e1 ⋅e2 ⋅L ⋅epWith each sub-expression being one of:

€

q{ }(1)

(2)

€

L+

(3)

€

R+

Construction by Matching (cont.)

(e,e)(e,e)

(a,e) (b,e) (e,b) (e,d)(d,a)LL

1L

21

32

R3

RR

Examples of sets:

€

L+

€

2{ } 1{ }

€

R+ 3{ }

Construction by Matching (cont.)

Properties of such sets:(1) Can be made canonical representation (2) Closed under an operation similar to concatenation(3) Induce equivalence relation

Property (1)

Canonicity: always take the largest set !

€

q ⋅q∈ q+ ⋅q+ ⊂q+

Property (2)

Define operator * as follows:

€

e1∗e2 =e1e1 ⋅e2

⎧ ⎨ ⎩ otherwise

if

€

e1 = e2 = q+

Property (2)

Using the * operator:

L+ 1 L+ L+

L+

L+ * L+ 1 * L+

1 * L+

(a,e) (e,e)

(a,e)

(a,e)

Property (3)

When can we merge states ?

€

w1

€

w2

€

w2

€

w1

1

2

1/2

Property (3) (cont.)

Does our equivalence relation satisfy this ?Yes !

€

w1

€

w2

€

w2

€

w1

€

≈

€

≈

€

≈

€

≈ LL

L

LL

q

q1q2

q1q2q

q

Property (3) (cont.)

€

w1

€

w2

€

w2

€

w1

€

≈

€

≈

€

≈

€

≈LL

L

L

q1

q2

q1

q2q1

Property needs to be symmetric !

The Algorithm

• Initialization: replace copying states “q” with “q+”, leave the rest;

• Step k+1: for a transition of step k and a transition of step 0, if “match” then add the combined transition;

• Stop: when reach fixed point.

Example

L 1 2 3 R

(e,e) (e,e)

(a,e) (b,a) (d,b) (e,d)

Run the initialization step.

Example

L+ 1 2 3 R+

(e,e) (e,e)

(a,e) (b,a) (d,b) (e,d)

Example

L+ 1 2 3 R+

(e,e) (e,e)

(a,e) (b,a) (d,b) (e,d)

Match transitions in red.

Example

L+ 1 2 3 R+

(e,e) (e,e)

(a,e) (b,a) (d,b) (e,d)

1 L+

(a,e)

Example

L+ 1 2 3 R+

(e,e) (e,e)

(a,e) (b,a) (d,b) (e,d)

1 L+

(a,e)

Example

L+ 1 2 3 R+

(e,e) (e,e)

(a,e) (b,a) (d,b) (e,d)

1 L+

(a,e)

2 1(b,e)

ResultsAlgorithm Subset

ConstructionMatching Speedup

Dijkstra 435s 39s 11.2

Szymanski 278s 178s 1.5

Termination detection

47s 22s 2.1

Ticket 17s 20s 0.85

Future Work

• Extend to other systems e.g. trees, push-down systems, graphs, etc…

• Experiment underlying data structure Graphical interface for this tool