asap: an extensible platform for state space analysis
DESCRIPTION
ASAP: An Extensible Platform for State Space Analysis. Michael Westergaard (Aarhus, DK) Sami Evangelista (Aarhus, DK) Lars Michael Kristensen (Bergen, NO). Outline. Tool overview Specification of verification jobs The state space search engine Extending ASAP Benchmarks Conclusion. - PowerPoint PPT PresentationTRANSCRIPT
ASAP: An Extensible Platformfor State Space Analysis
Michael Westergaard (Aarhus, DK)Sami Evangelista (Aarhus, DK)
Lars Michael Kristensen (Bergen, NO)
if successthen emptyelse 1`()
()
()
if successthen emptyelse 1`()
if n=kandalsop<>stopthen str^pelse str
str
if n=kthen k+1else k
if n=kthen k+1else k
k
(n,p)
if successthen 1`nelse empty
n
if successthen 1`(n,p)else empty(n,p)(n,p)
n
n k
n
(n,p)
TransmitAcknow.
ReceivePacket
TransmitPacket
ReceiveAcknow.
SendPacket
Limit 3`()
UNIT
CNO
NextRec1
NO
Received""
DATASend
1`(1, "COL")++1`(2, "OUR")++1`(3,"ED ")++1`(4, "PET")++1`(5, "RI ")++1`(6, "NET")
NOxDATA
NextSend1
NO
B
NOxDATA
DNO
ANOxDATA
31 1`1
1 1`""61`(1,"COL")++1`(2,"OUR")++1`(3,"ED ")++1`(4,"PET")++1`(5,"RI ")++1`(6,"NET")
1 1`1
Outline
• Tool overview• Specification of verification jobs• The state space search engine• Extending ASAP• Benchmarks• Conclusion
What is ASAP?• Next generation of computer tool support for state space
analysis of CPN models.• Developed within the ASCoVeCo research project.
• Supported by the Danish Research Council for Technology and Production [09/2006 – 09/2009].
• Project members
ASCoVeCo Advanced State Space Methods and Computer Tools for Verification of Communication Protocols
ASAP ASCoVeCo State Space Analysis Platform
Lars Michael Kristensen Surayya UrazimbetovaMichael Westergaard Sami Evangelista
Aim and vision• A state space analysis tool and development platform aimed
at– Research – implementation of verification algorithms / state space
reduction techniques (e.g., sweep line); experimental comparison of algorithms
– Education – user- and implementation perspective– Industrial use – ease of use; stability; highly automatic; pragmatic
methods; practical expressiveness of models.• The challenge: support all this in a coherent manner with a
suitable user interface.• Implementation of ASAP started in summer 2007.
Software architecture
Graphical User InterfaceState Space
Exploration Engine
JAVA
Eclipse Rich Client Platform
Eclipse Modelling Framework
Graphical Modelling Framework
CPN Model Representation
CPN
Mod
el
Load
er
CPN
Mod
el
Inst
antia
tor
Standard ML
CPN Tools Simulator
Explorations
Stor
ages
Wai
ting
sets
Que
ryLa
ngua
gesJoSE
L Ed
itor
JoSE
L Sc
hedu
ler
Repo
rting
BIRT
ASAP runs on Windows XP/Vista, Linux, and Mac OS X.
JoSEL Representation
Met
hod-
spec
ific t
asks
Outline
• Tool overview• Specification of verification jobs• The state space search engine• Extending ASAP• Benchmarks• Conclusion
JoSEL overview - 1
• Graphical language inspired by– Dataflow diagrams (input and output)– Coloured Petri nets (hierarchy concept, abstraction
mechanism)• A task is the atomic unit of computation
• Tasks have typed input and output ports.
Task name Typically used to represent instantiation or execution of
a component on the underlying state space exploration platform
JoSEL overview - 2
• Output ports and input ports can be connected
• A verification job– is a collection of tasks and their connections– specifies a producer/consumer scenario
JoSEL overview - 3• A job can have exported ports.
• A job can be abstractly represented by a macro task.
• The use of macros enables– reuse of sub-jobs among different verification jobs– simplification of JoSEL specifications– different levels of abstraction
JoSEL example – Top-level of a job
Macro task for report generation
Macro task for checking a safety
property
Instantiate safety property to be checked
Name of safety property
Load file containing the
property
Load file containing CPN model
Instantiation of CPN model simulator
JoSEL example – Safety checker
Outline
• Tool overview• Specification of verification jobs• The state space search engine• Extending ASAP• Benchmarks• Conclusion
• Written in SML• Based on a few SML signatures ( JAVA
interfaces)– STORAGE for data structures storing states– EXPLORATION for search algorithms– MODEL for specific model operations– WAITING_SET for data structures storing states
waiting to be processed by an EXPLORATION
The state space search engine
signature MODEL = sig eqtype state eqtype event
val getInitialStates: unit -> (state * event list) list
val nextStates: state * event -> (state * event list) list
val executeSequence: state * event list -> (state * event list) list
val stateToString: state -> string val eventToString: event -> stringend
The MODEL signature
Get the initial state(s) with their enabled events
Compute the successor(s) of a state by executing an event
Execute a sequence of events and return the states on the path
String representation of states and events
Current status of the engine• Search algorithms:
– DFS, BFS– Random walks– External memory algorithms
• Reduction techniques– Bit-state hashing, hash compaction– State caching– Sweep-line method– ComBack method
• Type of properties analyzed– Safety properties– Deadlock– Generic properties of CPNs (liveness, boundness, home markings, …)
Outline
• Tool overview• Specification of verification jobs• The state space search engine• Extending ASAP• Benchmarks• Conclusion
Integration of a sweep-line plug-in - 1
Graphical User InterfaceState Space
Exploration Engine
JAVA
Eclipse Rich Client Platform
Eclipse Modelling Framework
Graphical Modelling Framework
CPN Model Representation
CPN
Mod
el
Load
er
CPN
Mod
el
Inst
antia
tor
Standard ML
CPN Tools Simulator
Explorations
Stor
ages
Wai
ting
sets
Que
ryLa
ngua
gesJoSE
L Ed
itor
JoSE
L Sc
hedu
ler
Repo
rting
BIRT
JoSEL Representation
Met
hod-
spec
ific t
asks
SML implementation of thesweep-line algorithm
functor SweepLineExploration ( structure Storage: STORAGE structure Model: MODEL structure Measure: PROGRESS_MEASURE): EXPLORATION =struct
fun explore filterEvents transformState arcHook stateHook = …
end
Exploration algorithm using the sweep-line method.≈100 lines of SML code
Filter the executable events of a state, e.g., for
partial-order reduction
Transform a state, e.g., with a canonicalization function
Functions called for each state and arcs of the reachability graphData structure used to
store reachable statesModel of which we explore the graph
Used to evaluate the progression of states
Integration of a sweep-line plug-in - 2
Graphical User InterfaceState Space
Exploration Engine
JAVA
Eclipse Rich Client Platform
Eclipse Modelling Framework
Graphical Modelling Framework
CPN Model Representation
CPN
Mod
el
Load
er
CPN
Mod
el
Inst
antia
tor
Standard ML
CPN Tools Simulator
Explorations
Stor
ages
Wai
ting
sets
Que
ryLa
ngua
gesJoSE
L Ed
itor
JoSE
L Sc
hedu
ler
Repo
rting
BIRT
JoSEL Representation
Met
hod-
spec
ific t
asks
JAVA implementationof the sweep-line task
functor SweepLineExploration ( structure Storage: STORAGE structure Model: MODEL structure Measure: PROGRESS_MEASURE): EXPLORATION =struct
fun explore filterEvents transformState arcHook stateHook = …
end
JAVA implementationof the sweep-line task
class SweepLineExplorationTask implements FunctorTask { String getName () { return "Sweep Line Exploration"; } String getFunctor () { return "SweepLineExploration"; } Value getReturnType () { return new Value ("Traversal", Exploration.class); } Value[] getParameters () { return new Value[] { new Value ("Model", Model.class), new Value ("Storage", Storage.class), new Value ("Progress Measure", Measure.class) }; } Exploration exec (Model m, Storage s, Measure p) { … }}
Name of the SML functor in the search engine
Generates the SML code executed when the task is performed
Outline
• Tool overview• Specification of verification jobs• The state space search engine• Extending ASAP• Benchmarks• Conclusion
Experimentation context
• ASAP can load– CPN models produced by CPN Tools– DVE models (language of the DiVinE model checker)
• Two types of inputs– CPN models from our own collection– DVE models from the BEEM database:
http://anna.fi.muni.cz/models/• Performed an exhaustive state space exploration
(with and without the ComBack method) and recorded execution time.
ASAP vs CPN Tools
State space exploration time (sec.)
Model States CPN Tools ASAP Speed-upDining philosophers 40 K 6,614 27 245Simple protocol 204 K 7,084 33 215ERDP 207 K 19,351 112 173DYMO 114 K 7,403 308 24
Average on 4 models 164
ASAP vs DiVinE
State space exploration time (sec.)
Model States DiVinE ASAP Speed-upbrp2.6 5.7 M 39 17 2.29firewire_tree.5 3.8 M 227 525 0.43plc.4 3.7 M 55 45 1.22rether.4 9.5 M 51 34 1.52
Average on 50 models 1.39
Outline
• Tool overview• Specification of verification jobs• The state space search engine• Extending ASAP• Benchmarks• Conclusion
To sum up
• ASAP is a state space analysis tool.• It is graphical, based on the eclipse platform• Verification tasks are performed using the JoSEL graphical
language.• Intented to be easy to use by different types of users
– Students– Researchers– Industrial users
and to extend w.r.t.– verification algorithms– specification languages
• ASAP is free of charge.
What’s next
• Temporal logic verification (LTL, CTL)• Drawing of state spaces• Multi-threaded / distributed verification
Thank you for your attention!
ASAP download page:http://www.cs.au.dk/~ascoveco/download.html
Visit us during tools demonstration.