State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013
-
Upload
alberto-lluch-lafuente -
Category
Technology
-
view
819 -
download
2
description
Transcript of State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013
![Page 1: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/1.jpg)
Alberto Lluch, Andrea VandinIMT Lucca
State Space C-Reductionsof Concurrent Systems in Rewriting Logic
International Workshop on Rewriting Logic and its Applications (WRLA'12)Tallin, March 24-25, 2012
José MeseguerUIUC
typical space reduction
no reductionstrong reductionweak reduction
states explored
size of the system
![Page 2: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/2.jpg)
state space explosion
1 binary counter has ... 2 states
1 n-ary counter has ... n states (data abstraction)
m n-ary counters Mn states! (symmetries, concurrency, etc.)
0 3 8 6...
![Page 3: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/3.jpg)
running example
x$
$ = transfer of 1$
= account with x$
![Page 4: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/4.jpg)
credit rule
x$
$
x+1$
![Page 5: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/5.jpg)
1$ 0$
$
0$
$
1$
0$
$
0$
$
1$ 1$
Isomorphic...
but syntactically different
Isomorphic...
but syntactically different
![Page 6: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/6.jpg)
symmetries in state space exploration problems
![Page 7: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/7.jpg)
some tools with symmetry reduction
Murphy [Ip&Dill@FMSD'96]; Symmetric SPIN [Bosnacki et al.@SPIN'00]; TopSPIN [Donaldson et al.@AMAST'06]; Groove [Rensink@GRABATS'06]; MiHDa [Montanari et al.@FMCO'02]; PRISM-symm [Ball et a@CAV06]; Planners, constraint solvers, etc.
![Page 8: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/8.jpg)
some drawbacks
✗ Symmetries denoted with extra primitives;
✗ Limited, fixed symmetry classes;
✗ Rigid “flexibility” vs “guarantees” tradeoff;
✗ Complex changes to model checker;
✗ Unofficial extensions of model checkers;
✗ No support for checking correctness.
![Page 9: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/9.jpg)
Can we use rewriting logic to...
(i) generalize symmetry reduction techniques?
✔ Define the c-reduction of a Kripke structure;
✔ C-reductions subsume typical symmetry reductions.
(ii) provide some advantages?
✔ Define c-reductions using equations (not in the engine);
✔ Provide a tool supported verification methodology.
(iii) provide a faster state space exploration?
✔ Many experiments.
![Page 10: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/10.jpg)
Can we use rewriting logic to...
(i) generalize symmetry reduction techniques?
✔ Define the c-reduction of a Kripke structure;
✔ C-reductions subsume typical symmetry reductions.
(ii) provide some advantages?
✔ Define c-reductions using equations (not in the engine);
✔ Provide a tool supported verification methodology.
(iii) provide a faster state space exploration?
✔ Many experiments.
![Page 11: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/11.jpg)
1$ 0$
$
0$
$
1$
0$
$
0$
$
1$ 1$
p
p,q p,q
q p = there is some empty account
q = there are one or less dollars around
A Kripke structure is a tuple K = (S , → , L, AP) such that S is a set of states;
→ ⊆ S × S is a transition relation;
AP are atomic propositions;
L: S → 2AP maps states into AP subsets.
![Page 12: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/12.jpg)
1$ 0$
$
0$
$
1$
0$
$
0$
$
1$ 1$
0$
$
1$
0$
$
0$
$
1$ 1$
A bisimulation between two Kripke structures K and H
is a binary relation ∼ ⊆ SK × SH such that s∼s' implies
LK(s) = LH(s');
s →K r implies s' →H r' and r∼r' for some r';
vice versa.
s →K r
s' →H r'≀ ≀
p
p,q p,q
q
p
p,q
q
![Page 13: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/13.jpg)
1$ 0$
$
0$
$
1$
c
A ∼-canonizer for
– a Kripke structure K
– and an equivalence (bisimilation) relation ∼ ⊆ S × S
is a function c : S → S such that s∼c(s) for all states s.
c
![Page 14: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/14.jpg)
A ∼-canonizer is strong if s∼s' implies c(s) = c(s')
(i.e. if canonical representatives of ∼-equivalence classes are unique)
3$2$1$
2$3$1$
1$2$3$
3$1$2$
2$1$3$
1$3$2$
cc
c
c
c
otherwise we call them weak.
3$2$1$
2$3$1$
1$2$3$
3$1$2$
2$1$3$
1$3$2$
c
c
c
![Page 15: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/15.jpg)
The c-reduction of a Kripke structure
K = (S , → , L, AP)
is
Kc = (S , →;c , L, AP)
1$ 0$
$
0$
$
1$
0$
$
0$
$
1$ 1$
c
![Page 16: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/16.jpg)
Th. If c is a ∼-canonizer then Kc ∼ K.
![Page 17: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/17.jpg)
Can we use rewriting logic to...
(i) generalize symmetry reduction techniques?
✔ Define the c-reduction of a Kripke structure;
✔ C-reductions subsume typical symmetry reductions.
(ii) provide some advantages?
✔ Define c-reductions using equations (not in the engine);
✔ Provide a tool supported verification methodology.
(iii) provide a faster state space exploration?
✔ Many experiments.
![Page 18: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/18.jpg)
some symmetry reductions captured
Full symmetries; Rotational symmetries; Name reuse (garbage collection); Name abstraction.
![Page 19: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/19.jpg)
Can we use rewriting logic to...
(i) generalize symmetry reduction techniques?
✔ Define the c-reduction of a Kripke structure;
✔ C-reductions subsume typical symmetry reductions.
(ii) provide some advantages?
✔ Define c-reductions using equations (not in the engine);
✔ Provide a tool supported verification methodology.
(iii) provide a faster state space exploration?
✔ Many experiments.
![Page 20: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/20.jpg)
What is RL?
A rewrite theory R is a tuple (Σ , E ∪ A , R , ϕ) Σ = signature (e.g. syntax); E = equations (e.g. functions); A = axioms (e.g. ACI); R = rules (e.g. non deterministic behaviour); ϕ = frozennes map (e.g. rewrite strategy).
Some assumptions: R has good executability properties; Topmost rules for a designated [State] kind.
Not all equivalence relations ∼
are tractable as axioms
Not all equivalence relations ∼
are tractable as axioms
![Page 21: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/21.jpg)
--- The main module defining the signature and one initial state
fmod BANK is
...
sorts Object Message Configuration State .
subsort Message Object < Configuration .
op <_|_> : Nat Nat -> Object [ctor] .
op credit : Nat -> Message [ctor] .
op __ : Configuration Configuration -> Configuration [ctor assoc comm] .
op none : -> Configuration [ctor] .
op {_} : Configuration -> State [ctor frozen] .
--- A simple initial state
op init : -> Configuration .
eq init = < 0 | 0 > < 1 | 0 > credit(0) credit(1) .
endfm
0$
$
0$
$
![Page 22: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/22.jpg)
--- The behavioural rules of the example
mod BANK-RULES is
inc BANK .
vars i x : Nat .
vars c1 : Configuration .
--- A simple rule for crediting an account
rl [credit] :
{ < i | x > credit(i) c1 }
=> { < i | s(x) > c1 } .
endm
x$
$
x+1$
![Page 23: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/23.jpg)
search without reductionMaude> search in BANK-RULES : {init} =>* s:State .
Solution 1 (state 0)
s:State --> {credit(0) credit(1) < 0 | 0 > < 1 | 0 >}
Solution 2 (state 1)
s:State --> {credit(1) < 0 | 1 > < 1 | 0 >}
Solution 3 (state 2)
s:State --> {credit(0) < 0 | 0 > < 1 | 1 >}
Solution 4 (state 3)
s:State --> {< 0 | 1 > < 1 | 1 >}
No more solutions.
states: 4 rewrites: 6 in 0ms cpu (2ms real) (9523 rewrites/second)
symmetric states
1$ 0$
$
0$
$
1$
0$
$
0$
$
1$ 1$
![Page 24: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/24.jpg)
c-extension
The c-extension of a rewrite theory
R = (Σ, E ∪ A , R, ϕ)
is
Rc = (Σ ⊎ Σc, E ∪ Gc ∪ A , R , ϕc)
i.e. a correct extension of R with the definition of c.
![Page 25: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/25.jpg)
BANK
module architecture
BANK-RULES (R)
BANK-C (Rc)
![Page 26: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/26.jpg)
c-extension (example of canonizer)--- The c-extension of BANK that defines the c-canonizer for object permutations
mod BANK-C is
...
op c : State -> [State] .
vars i j x y : Nat .
vars c1 : Configuration .
ceq c( { < i | x > < j | y > c1 } )
= c( { [[ i <-> j ]]( < i | x > < j | y > c1 ) } )
if [[ i <-> j ]]( < i | x > < j | y > c1 )
<# < i | x > < j | y > c1 .
eq c({c1}) = {c1} [ owise ] .
endm
![Page 27: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/27.jpg)
BANK
module architecture
BANK-RULES (R) BANK-PERMUTATION
BANK-C (Rc)
![Page 28: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/28.jpg)
c-extension (example of transpositions)--- Implementation of object permutations
fmod BANK-PERMUTATION is
...
op [[_<->_]] _ : Nat Nat Configuration -> Configuration [frozen] .
op [[_<->_]] _ : Nat Nat Nat -> Nat .
eq [[ i <-> j ]](none) = none .
eq [[ i <-> j ]](obj1 c1) = ([[ i <-> j ]](obj1)) ([[ i <-> j ]](c1)) .
eq [[ i <-> j ]](msg1 c1) = ([[ i <-> j ]](msg1)) ([[ i <-> j ]](c1)) .
eq [[ i <-> j ]](< k | x >) = < [[ i <-> j ]](k) | x > .
eq [[ i <-> j ]](credit(k)) = credit([[ i <-> j ]] k) .
 eq [[ i <-> j ]](i) = j .
eq [[ i <-> j ]](j) = i .
ceq [[ i <-> j ]](k) = k if (i != k) /\ (j != k) .
endfm
![Page 29: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/29.jpg)
Identification of symmetric states
Maude> red c( {credit(0) < 0 | 0 > < 1 | 1 >}) .
result State: {credit(1) < 0 | 1 > < 1 | 0 >}
0$ 1$
$
1$
$
0$
c
![Page 30: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/30.jpg)
The c-reduction of a rewrite theory
R = (Σ, E ∪ A , R , ϕ )
is
Rc = (Σ ⊎ Σc, E ∪ Gc ∪ A , Rc , ϕc)
where Rc is made of rules
l => c(r) if cond
for each rule of R
l => r if cond
K(Rc) = Kc(R)K(Rc) = K
c(R)
![Page 31: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/31.jpg)
BANK
module architecture
BANK-RULES (R) BANK-PERMUTATION
BANK-C (Rc)
BANK-C-REDUCTION (Rc)
![Page 32: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/32.jpg)
c-reduction (example)
--- The c-reduction of BANK-RULES
mod BANK-C-REDUCTION is
inc BANK-C .
rl [credit] :
{ < i | x > credit(i) c1 }
=> c({ < i | s(x) > c1 }) .
endm
![Page 33: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/33.jpg)
search in c-reduced state spaceMaude> search in BANK-C-REDUCTION : {init} =>* s:State .
search in BANK-C-REDUCTION : {init} =>* s:State .
Solution 1 (state 0)
s:State --> {credit(0) credit(1) < 0 | 0 > < 1 | 0 >}
Solution 2 (state 1)
s:State --> {credit(1) < 0 | 1 > < 1 | 0 >}
Solution 3 (state 2)
s:State --> {< 0 | 1 > < 1 | 1 >}
No more solutions.
states: 3 rewrites: 25 in 0ms cpu (2ms real) (53648 rewrites/second)
1$ 0$
$
0$
$
1$
0$
$
0$
$
1$ 1$
c
![Page 34: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/34.jpg)
Can we use rewriting logic to...
(i) generalize symmetry reduction techniques?
✔ Define the c-reduction of a Kripke structure;
✔ C-reductions subsume typical symmetry reductions.
(ii) provide some advantages?
✔ Define c-reductions using equations (not in the engine);
✔ Provide a tool supported verification methodology.
(iii) provide a faster state space exploration?
✔ Many experiments.
![Page 35: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/35.jpg)
Th 1. “K(Rc) is bisimilar to K(R)” (desiderata)
Lemma 0. “Relation ∼ is an equivalence relation”
(i) Check that the action of the group is correct.
Lemma 1. “Relation∼ is a bisimulation”
(ii) Check that ∼ strongly respects AP;
(iii) Check that ∼ and R “commute”.
Lemma 2. “Function c is a ∼-canonizer”
(iv) Check that c is a ∼-canonizer.
Does c provide a correct c-reduction?
Proof plan for
group-theoretic
reductions
![Page 36: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/36.jpg)
BANK
modules and checks
BANK-RULES (R)BANK-AP
BANK-PERMUTATION-RULES (R∼)
BANK-PERMUTATION (R∼)
BANK-C (Rc)
BANK-C-REDUCTION (Rc)
check (i)
check (ii)
check (iii)check (iv)
![Page 37: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/37.jpg)
The action ⟦∙⟧ of a group G on S defines an equivalence relation:
s∼s' iff ⟦ f ⟧(s) = s' for some f ∈ G.
group theoretic equivalence relations
![Page 38: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/38.jpg)
BANK
modules and checks
BANK-RULES (R)BANK-AP
BANK-PERMUTATION-RULES (R∼)
BANK-PERMUTATION (R∼)
BANK-C (Rc)
BANK-C-REDUCTION (Rc)
check (i)
![Page 39: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/39.jpg)
(i) Checking group actions
Implement the action ⟦∙⟧ of G on S as
[[_]]_ : G State ->State .
… but we just need to implement the action of the generators.
Check that the we actually have a group action by showing:⟦g⟧⟦g-1⟧(s) = s for each generator g of G.
HINT: induction on S (structure of states).
For example, in the case of permutations one has to show
[[ i <-> j]] ([[ i <-> j]] (s)) = s
![Page 40: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/40.jpg)
(i) Checking group actions
Implement the action ⟦∙⟧ of G on S as
[[_]]_ : G State ->State .
… but we just need to implement the action of the generators.
Check that the we actually have a group action by showing:
⟦e⟧(s) = s, for e the identity of G;
⟦g ∘ g'⟧(s) = ⟦g⟧(⟦g'⟧(s)) for each pair of generators g, g' of G;
⟦g⟧⟦g-1⟧(s) = s for each generator g of G.
HINT: induction on G (generators ) and S (structure of states).
![Page 41: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/41.jpg)
BANK
modules and checks
BANK-RULES (R)BANK-AP
BANK-PERMUTATION-RULES (R∼)
BANK-PERMUTATION (R∼)
BANK-C (Rc)
BANK-C-REDUCTION (Rc)
check (ii)
![Page 42: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/42.jpg)
(ii) Checking that ∼ strongly preserves AP
IDEA: Define a rewrite theory R∼ to “move” inside orbits:
R∼ = (Σ ⊎ Σ∼
, E ∪ E∼ ∪ A , R∼ , ϕ)
where R∼
= { s => [[g]](s) }
Theorem: ∼ strongly preserves AP if AP is stable in R∼.
![Page 43: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/43.jpg)
Maude> (analyze-stable two-dollars(s:State) in BANK-AP BANK-PERMUTATION-RULES .)
rewrites: 15571 in 16ms cpu (19ms real) (918643 rewrites/second)
Checking BANK-PERMUTATION-RULES ||- two-dollars => O two-dollars ...
Proof obligations generated: 2
Proof obligations discharged: 2
Success!
Can we check such stability automatically?
Yes, with InvA (under some conditions)
fmod BANK-AP is
eq [two-dollars-eq] : two-dollars({ < i | s(s(x)) > c1 }) = true .
endfm
fmod BANK-PERMUTATION-RULES is
rl [transposition] : { < i | x > < j | y > c1 }
=> { [[ i <-> j ]] ( < i | x > < j | y > c1) } .
endm
For non discharged proof obligations
one can use the Maude ITP tool
For non discharged proof obligations
one can use the Maude ITP tool
![Page 44: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/44.jpg)
BANK
modules and checks
BANK-RULES (R)BANK-AP
BANK-PERMUTATION-RULES (R∼)
BANK-PERMUTATION (R∼)
BANK-C (Rc)
BANK-C-REDUCTION (Rc)
check (iii)
![Page 45: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/45.jpg)
v'
v
u'
uR
R
(iii) Checking that ∼ and R commute
For all equivalent states u, u' and for all R-transitions from u to v.
![Page 46: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/46.jpg)
v'
v
u'
u
R∼
R
* R *R∼
(iii) Checking that ∼ and R commute
For all R∼reachable pairs of states u->u' and for all R-transitions from u to v.
![Page 47: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/47.jpg)
v'
v
u'
uR
u1'R
R
R
v1'
u2' v2'*R∼
R∼
(iii) Checking that ∼ and R commute
*
R∼
R∼
For all R∼-transitions u->u' and for all R-transitions from u to v.
![Page 48: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/48.jpg)
w
θ(r)
θ'(r')
θ(l)R
R
R∼*
R∼
θ'(l')
Consider:
Each R-rules from l => r
Each R∼-rules l' => r'
≡A
![Page 49: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/49.jpg)
v'
v
u'
uR
R
R∼
(iii) Checking that ∼ and R commute
*R∼
For all R∼-transitions u → u' and
for all R-transitions from u to v.
For all R∼-rules l' => r' and
for all R-rules from l => r.
Similar functionalities (e.g. critical pair generation)
are already available in some Maude tools
(e.g. in the Coherence Checker).
Similar functionalities (e.g. critical pair generation)
are already available in some Maude tools
(e.g. in the Coherence Checker).v'
θ(r)
θ'(r')
θ(l)R
R
R∼*
R∼
![Page 50: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/50.jpg)
(iii) Checking that ∼ and R commute
IDEA: Show joinability of critical pairs (R rules vs R∼)
Theorem: If all such pairs are joinable, ∼ is a bisimulation
![Page 51: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/51.jpg)
BANK
modules and checks
BANK-RULES (R)BANK-AP
BANK-PERMUTATION-RULES (R∼)
BANK-PERMUTATION (R∼)
BANK-C (Rc)
BANK-C-REDUCTION (Rc)
check (iv)
![Page 52: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/52.jpg)
(iv) checking that c is a ∼-canonizer
c({t}) = c([[g]]({t})) if [[g]]({t})<{t}
c({t}) = {t} [owise]
c({t}) = min{[[f]]({t})}
Local strategies
Enumeration strategies
IDEA: Exploit the form of typical reduction strategies:
![Page 53: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/53.jpg)
Can we use rewriting logic to...
(i) generalize symmetry reduction techniques?
✔ Define the c-reduction of a Kripke structure;
✔ C-reductions subsume typical symmetry reductions.
(ii) provide some advantages?
✔ Define c-reductions using equations (not in the engine);
✔ Provide a tool supported verification methodology.
(iii) provide a faster state space exploration?
✔ Many experiments.
![Page 54: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/54.jpg)
typical space reduction
no reductionstrong reductionweak reduction
states explored
size of the system
![Page 55: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/55.jpg)
typical time reduction
no reductionstrong reductionweak reduction
runtime
size of the system
![Page 56: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/56.jpg)
will we have the same in Maude?
Full symmetries in Maude [D.Rodriguez@WRLA'08]
![Page 57: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/57.jpg)
will we have the same in Maude?
Q1. Overhead of meta-level based c-reductions?
Q2. Similar performance gains as model checkers?
Q3. Performance for c-reductions not based
on full permutations (e.g. rotations)?
![Page 58: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/58.jpg)
Q1. meta-level vs ad-hoc?runtime
(seconds)
size of the system
(instance parameter)
1 2 3 4 5 6 7 80
10
20
30
40
50
60
70
80
90
meta-level
ad-hoc
![Page 59: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/59.jpg)
![Page 60: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/60.jpg)
2 3 4
-1
-0.5
0
0.5
1
1.5
2
Q2. Maude vs SymmSPIN?
relative time reduction factor
no reductionsymmSPINstrong c-reductionweak c-reduction
size of the system
(instance parameter)
![Page 61: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/61.jpg)
Q3. space reduction in dining philosophers?
![Page 62: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/62.jpg)
~ ~
Dining philosophers (rotational symmetries)
= philosopher eating
= philosopher resting
![Page 63: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/63.jpg)
~
Dining philosophers (msg. id's)
3 4 4 31 2
~
~msg id abstraction
msg id
permutation
msg id reuse
![Page 64: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/64.jpg)
Q3. space reduction in dining philosophers
2 3 4 5 6 7 8 90
100000
200000
300000
400000
500000
600000
states explored
msg id reusemsg abstractionmsg id reuse & permutationsmsg abstraction + philosopher rotation
size of the system
(instance parameter)
![Page 65: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/65.jpg)
Q3. time reduction in dining philosophers
7 8 9
states explored
size of the system
(instance parameter)
msg reuse&permutationmsg abstractionmsg abstraction + philosopher rotation
![Page 66: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/66.jpg)
Q1. Overhead of meta-level based c-reductions?
✔ Significant improvement
when not resorting to the meta-level.
Q2.Performance against model checkers?
✔ Similar in space reduction;
✔ Comparable time reduction.
Q3. Performance for c-reductions not based
on full permutations (e.g. Rotations)?
✔ Significant space gains in rotational.
![Page 67: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/67.jpg)
conclusion
![Page 68: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/68.jpg)
Can we use rewriting logic to...
(i) generalize symmetry reduction techniques?
✔ Define the c-reduction of a Kripke structure;
✔ C-reductions subsume typical symmetry reductions.
(ii) provide some advantages?
✔ Define c-reductions using equations (not in the engine);
✔ Provide a tool supported verification methodology.
(iii) provide a faster state space exploration?
✔ Many experiments.
![Page 69: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/69.jpg)
Related work (Maude)
Full symmetries in Maude [D.Rodriguez@WRLA'08]
✔ Full object permutations, meta-representation order;
✭ More symmetries and examples, no meta-representation order, verification methodology.
Equational abstractions [Palomino et al.@JLAP'10]
✔ Identify states to reduce state space;
✭ Bisimulation, reduction application control.
![Page 70: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/70.jpg)
Related work (ii) SymmSPIN et al. [Bosnacki et al.@SPIN'01]
✔ Heuristics for canonizers;
✭ No extension needed, object references allowed, formal checks;
Groove [Rensink@GRABATS'06]
✔ Up-to-isomorphism GTS;
✭ Programmable reductions, not just iso.
HD-automata [Montanari et al.@TCS'05]
✔ Name reuse techniques;
✭ On-the-fly reduction, algebraic state structure.
![Page 71: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/71.jpg)
Current and Future Work Better integration in Maude
Conciliate with other state space reduction techniques (equational abstractions, partial order reduction);
Tool support and its integration in MFE.
Beyond group theoretic symmetries
Abstractions that yield bisimulations?
Exploit axiomatisations of bisimulation for process algebras?
Beyond bisimulation
Weak bisimulation?
Trace equivalence (for LTL)?
![Page 72: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/72.jpg)
http://sysma.lab.imtlucca.it/tools/c-reducer/
![Page 73: State Space c-Reductions of Concurrent Systems in Rewriting Logic @ ETAPS Workshop WRLA 2013](https://reader033.fdocuments.net/reader033/viewer/2022052905/558864ebd8b42a4a0e8b4636/html5/thumbnails/73.jpg)
thanks!