1 / 31

Exploration of Large State Spaces

Exploration of Large State Spaces. Armando Tacchella Lab - Software Engineering DIST – Università di Genova. Scenario. Applications Formal verification Planning Issues Is there a bug in the design? Is there a plan to reach the goal?. 01. 00. 11. 10. 01. 01. 00. 00.

jera
Download Presentation

Exploration of Large State Spaces

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Exploration of Large State Spaces Armando Tacchella Lab - Software Engineering DIST – Università di Genova

  2. Scenario • Applications • Formal verification • Planning • Issues • Is there a bug in the design? • Is there a plan to reach the goal?

  3. 01 00 11 10 01 01 00 00 11 10 10 Formal verification • Modulo 4 counter • Bug: it is not possible to reach s00 starting from s01 or s10 • The bug can be discovered, e.g., by trying to reach s00 either from s01 or s10

  4. Implementation Bugs Why formal verification? Presented at DAC2001 by: Bob Bentley, Intel Corp.

  5. Planning 1 2 • Blocks world • A block can be: • on top of another block • on top of the table • Blocks can be moved from a source to a destination • The goal is to rebuild the tower upside-down • The plan is the sequence of moves to the goal 3 4 5

  6. Common model • Set of states (configurations) • Transitions between states • Set of initial states • Set of final states • Is there a path from some initial state to some final state? • Solving a reachability problem on a graph

  7. Reachability • Graph representation • each node is a state • each arc is a transition • One ore more sources (initial states) • One ore more targets (final states) • Reachability can be solved with standard graph algorithms • Optimization on the path length can be done using, e.g., Djikstra algorithm

  8. Representing states • States are encoded using vectors of boolean variables • State variable x = { x1, ... ,xN } • A state is an assignment of boolean values {0,1} to a state variable • State s = { v1, ... ,vN } where vi {0,1}

  9. How large is the state space? • 2N states (and 22N transitions) at most • In real sized problems N is easily >100 • How large is 2100? • Consider that 2100ns ~ 3·1012yr • Classical graph representations may not be feasible in practice!

  10. Symbolic encoding • Use boolean formulas to encode: • Initial states I(x) • Transitions T(x, x’) • Final states F(x) • Given two states s,t • I(s) = 1 exactly when s is an initial state • T(s,t) = 1 exactly when there is a transition between s and t • F(s) = 1 exactly when s is a final state

  11. A glimpse into Boolean logic... • Every variable (x1, x2, ...) is a formula • If F and G are formulas • F is a formula (negation of F) • F+G (disjunction), F·G (conjunction), FG (implication) are formulas • Consider the following abbreviations:

  12. 01 00 11 10 001 000 010 011 110 111 101 100 Symbolic encoding (example) Counter modulo N  2N nodes TN O(N2) symbols

  13. Bounded symbolic reachability • Reaching a final state from an initial one with a path of length at most k (nodes) • If R(s1, ... ,sk)=1 then the sequence s1, ... ,sk has the following properties (i  {1, ... ,k}): • I(s1)=1 • T(si,si+1)=1 for all si • F(si)=1 for some si

  14. 01 00 10 00 11 10 Initial state s10, final state s00 Modulo 4 counter (bugged) Symbolic reachability (example) R(x1,x2,x3) = 0 for all values of x1,x2,x3 s00 is unreachable from s10

  15. Solving symbolic reachability • Symbolic encondings enable handling of large state spaces • Bounded symbolic reachability amounts to finding s1, ... ,sk s.t. R(s1, ... ,sk)=1 • Decide whether the boolean formula R is satisfiable or not (a.k.a. SAT problem) • There is no free lunch: SAT is NP-hard! • Is this a limitation?

  16. A glimpse into complexity... • Two resources: TIME (omitted) and SPACE • P = polynomial, EXP = exponential • N = non-deterministic • co = complement of Symbolic reachability and Q-SAT Bounded symbolic reachability and SAT Reachability NP co-NP P EXP PSPACE

  17. Solving SAT: preliminaries • Formulas in Conjunctive Normal Form: • The formula is a set (conjunction) of clauses • Each clause is a set (disjunction) of literals • A literal is a variable or the negation of a variable • Given any formula F it is always possible to produce F’ in CNF s.t. F’ is satisfiable exactly when F is satisfiable and |F’|=poly(|F|)

  18. xy  x+y (x·y)  x+y Formulas and CNF (example)    T4(x,x’) in CNF T4(x,x’)

  19. Search(F)Simplify(F)if F=return 1ifF return 0l  ChooseLiteral(F)if Search(F{l}) thenreturn 1elsereturn Search(F{-l}) Simplify(F)whilel : {l}F dofor each CF : lC F = F/{C}for each CF : -lC F = F/{C}{C/{-l}}end Solving SAT: search algorithm

  20. Search process (example)

  21. Solving SAT: in practice • The performance of the search algorithm critically depends on • the particular ChooseLiteral heuristic • the amount of simplification performed • the smartness of the backtracking schema • No silver bullet, but state-of-the-art SAT solvers can solve industrial scale problems with thousands of variables!

  22. Research issues • Bounded symbolic reachability via SAT • performs very well on bug-finding • when the error trace is short, or • the diameter of the search space is small • Nevertheless • since there can be up to 2N states, it may not be feasible for general symbolic reachability, and • it can become impractical even for error traces of reasonable lengths

  23. Research issues (ctd.) • Tools for reasoning with boolean formulas • are routinely used in reasearch and industry • reach good performance and capacity standards • Nevertheless • most of them is special purpose (disposable code) • they are difficult (if not impossible) to integrate into existing systems • most often they are unsupported, undocumented, not robust enough for time/safety/money-critical applications

  24. Lab core research • Encodings for (bounded) symbolic reachability exploiting quantified Boolean formulas • compact and (possibly) effective, but • challenging: solving Q-SAT is PSPACE-hard! • A toolkit for reasoning with Boolean formulas • handles quantified Boolean formulas • features a component-based architecture • Integrates several services, e.g., enumeration of assignments, logic minimization, … • is reasonably efficient w.r.t. special purpose tools

  25. Formal verification projects • FIRB: Knowledge Level Automated Software Engineering ( ends in 2005) • PRIN: Advanced Reasoning Systems for the representation and Formal Verification of Complex Systems (ends in 2004) • INTEL: SAT Solvers for Symbolic Model Checking and Formal Verification (2001-2003)

  26. Planning projects • ASI-DOVES: Enabling On-board Autonomy: A platform for the Development of Verified Software (ends in 2004) • ASI-SACSO: Safety Critical Software for planning space robotics (ends in 2004) • ASI-GMES: Un Sistema Innovativo per la gestione di Costellazioni di Satelliti e la sua Applicazione alla Tutela Ambientale (proposta) • RoboCare: Sistema multi-agente con componenti fisse e robotiche mobili intelligenti (fine nel 2005)

  27. IRST Istituto Trentino di Cultura DIST Università di Genova Delisa-Delta Dator Trento DIT Università di Trento DIS Università “La Sapienza” FIRB Knowledge Level Automated Software Engineering 4 Milioni di Euro

  28. FIRB (objectives) • A Knowledge Level Automated Software Engineering methodology, • A requirement actor and goal oriented framework • Theories and techniques for the code analysis • A concept demonstrator prototype, integrating the developed techniques • The application of the prototype to a case study

  29. FIRB (activities) • Development of a methodology based on the goal/actors paradigm • Automated Reasoning for validation and verification of software (QBF, BMC, SAT...) • Automated Planning for software development automation • Natural language processing for documentation analysis • Analysis and Testing of systems based on the goal/actors paradigm

  30. Lab activies on FIRB • Development of a planning language for the goal/actor framework • Study and development of planning techniques based on SAT • Study and development of planning techniques based on QBF • Development of a Tool for formal verification

  31. Ricerca tesisti per FIRB  • Buone conoscenze di : • Informatica di base (algoritmi e strutture dati) • Linguaggi C/C++ standard • Lingua Inglese • Disponibiltà: • A lavorare sodo in un team giovane e in crescita • A trascorrere periodi a Trento durante la tesi • Ad iniziare la tesi a Settembre/Ottobre 2003 • Programma: • Formazione iniziale a Genova durante la tesi • Completemento attività presso ITC/IRST di Trento con contratto di collaborazione annuale

More Related