Hierarchical and Recursive State Machines with Context-Dependent Properties
description
Transcript of Hierarchical and Recursive State Machines with Context-Dependent Properties
![Page 1: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/1.jpg)
Hierarchical and Recursive
State Machines with Context-
Dependent Properties
Salvatore La Torre, Margherita Napoli, Mimmo Parente and Gennaro Parlato
Dipartimento di Informatica ed ApplicazioniUniversità degli Studi di Salerno
![Page 2: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/2.jpg)
• Given: – A system model M (Kripke structure)– A high-level specification (logic formula)
Is M a model of ?
System Verification (Model Checking)
•Complexity of model checking
O ( ·2||)|M| State-Space Explosion O (|M|·2||)
![Page 3: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/3.jpg)
Our Target
• Propose a “new model” to represent models succintly
• And solve model cheching problems efficiently on it– Reachability – Cycle detection– LTL-ModelChecking
![Page 4: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/4.jpg)
Recursive State Machine
A RSM M =(M1,…, Mk) is composed by
– k machines modelling k procedures
– machines can call each other recursively
– Machines are represented through graphs
![Page 5: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/5.jpg)
VerticesMachines has two kind of vertices:• Nodes (internal state)• Boxes (procedure-call)
![Page 6: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/6.jpg)
Entry and Exit Nodes
parameters
e3
e2
e1
ex3
ex4
ex2
ex1
Entry
node
s
Exit
node
s
return values
![Page 7: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/7.jpg)
Edges
Node-to-Node
Box-to-NodeNode-to-Box
Box-to-Box
![Page 8: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/8.jpg)
Labelling• Given a set of Atomic Proposition• We associates to both nodes and
boxes set of AP
p,q,r
t,r,p
![Page 9: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/9.jpg)
M1
M2
M3
second0 second59
minute0 minute59
hour0hour23
Seconds
Minutes
Hours
Example: Digital Clock modelled by Hierarchical State
Machine
min59min0
out3start3 h23h0
start2 out2
sec0 out1sec59start1
![Page 10: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/10.jpg)
sec0 sec60
Flat Model
M1F
out2start2
M2F
min59min0
minute0
minute59
sec0 sec60sec0 sec60
•The flat model has 24·60·60=86,400 states
• Our model has 24+60+60+6=150
vertices.
sec0 sec60
M1F
![Page 11: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/11.jpg)
HSMs in [AY98]
• Only nodes are labeled with atomic propositions:a model and its flat have the same number of different labels
• To check properties with a precise time (i.e., check for time 10:20:45) the model must have at least a node for each possible hh.mm.ss.
• Our model can be exponentially more succinct
![Page 12: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/12.jpg)
Related Work• Model checking of hierarchical state
machines. [Alur, Yannakakis 1998]• Analysis of recursive state machines. [Alur,
Etessami, Yannakakis 2001]• Model checking of unrestricted hierarchical
state machines. [Benedikt, Godefroid, Reps 2001]
• Visibly pushdown languages [Alur, Madhusudan 2004]
• A temporal logic of nested calls and returns[Alur,Etessami,Madhusudan 2004]
![Page 13: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/13.jpg)
Outline
Overview
Reachability problem
• LTL-Model Checking
• Conclusion
![Page 14: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/14.jpg)
MF
[ink]
Reachability Problem
Given a HSM M and a propositional boolean formula , the Reachability Problem is:
Is there a reachable state (in the flat of M) on which holds ?
X
(label(X))=TRUE
![Page 15: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/15.jpg)
Computational Complexity
• The reachability problem is NP-complete – NP-hardness
3-CNF-SAT Reachability (with AND of literals)
– NP-membership1. guess a state X of M F
2. check if X is reachable in M F 3. verify on X
• We can solve Reachability in O (|M|·||·2|AP|) time
![Page 16: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/16.jpg)
A Solution in O (λ·|M|·||)
MiF
Starti q
(L(q)UP)=TRUE
Reach(i,P)=TRUE
a reachable state of MiF satisfying
(assume propositions P hold TRUE on all states of MiF)
Reach(k,Ø)
P
![Page 17: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/17.jpg)
Reach(expand(b), )=TRUE
Starti q
(L(q)UP)=TRUE
How to compute Reach(i,P)
Mi
bL(b)
PPL(b)
U
![Page 18: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/18.jpg)
Our AlgorithmReach(i,P) =
= V (P U label (u)) V u is a reachable node of Mi
V Reach(expand (b),P U label (b)) b is reachable box of Mi
• Reach(i,P) takes O(|Mi|·|φ|) time +
time for calls Reach(expand (b),P U label (b))
• Total time is O(λ·|M|·||)(λ is the max # of different sets P for machine)
![Page 19: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/19.jpg)
Good cases
Reach(k,Ø) takes O(λ·|M|·||) with λ≤2|AP|
• If λ is bounded by a costant, then Reach(k,Ø) takes O(|M|·||)
• In particular, if M is a Alur and Yannakakis machine, every Mi inherits only the empty set (λ =1)
![Page 20: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/20.jpg)
u
p
Restricted HSM
p
![Page 21: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/21.jpg)
Efficient Solution on Restricted HSM
• Reachability on Restricted HSM and formulas in DNF is decidable in O(|M|·||) time
• Reachability is NP-hard if either:– M is a nonrestricted HSM or
is a (general) boolean formula
• Reachability is decidable in O(|M|·2||) time on Restricted HSM
![Page 22: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/22.jpg)
Outline
Overview
Reachability problem
LTL-Model Checking
• Conclusion
![Page 23: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/23.jpg)
LTL Model Checking
• We use the automata-theoretic approach
Given a HSM M and an LTL-formula , the problem is:
Does every trace of the flat model of M satisfy ?
![Page 24: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/24.jpg)
Automata-Theoretic Approach
1. Given an LTL-formula , we build a Büchi automaton A¬ .
3. is satisfied on M L(M ‘)=Ø.
O (2||) [Vardi and Wolper]
O (|M|·16||)
O (M‘) [Alur at al.]
2. We build a new HSM M ‘ as a product of M and A¬ .
Main ResultLTL Model-Checking can be solved
in O (|M|·16||) time
![Page 25: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/25.jpg)
Structures of M ’
• M ‘ consists of graphs M(i,j,P)
• M(i,j,P) is contained in the Cartesian product of Mi and A¬:
– starti is coupled with j (A¬ state)
– the set of atomic propositions P is inherited from its ancestors
![Page 26: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/26.jpg)
Nodes of M(i,j,P)
PUPu=Pq
Node of M(i,j,P)
[u,q,j,P]Pu
State of A¬
qPq
Node of Mi
uPu
![Page 27: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/27.jpg)
Boxes of M(i,j,P)
State of A¬
qPq
PUPb U Pstarth =Pq
Box of Mi
bstarth
Pstarth
Pb
Box of M(i,j,P)
[b,q,j,P]
Pb
M(h,q,PUPb)
![Page 28: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/28.jpg)
Edges from node of M(i,j,P)
Edge from node of Mi
u v
Node of M(i,j,P)
[u,q’,j,P] [v,q’’,j,P]
Edge of A¬
q’ q’’
![Page 29: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/29.jpg)
Edges from box of M(i,j,P)
A edge of A¬
q’’q’
A edge from box of Mi
b vo
A edge from box of M(i,j,P)
[b,q,j,P] [v,q’’,j,P][o,q’,h,P’]
![Page 30: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/30.jpg)
Outline
Overview
Reachability problem
LTL-Model Checking
Conclusion
![Page 31: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/31.jpg)
Conclusion
• Decision problems:– Reachability– Cycle detection– LTL model-checking
• Restricted HSMs
• Recursive Finite State Machines(Expansions model recursive calls)
![Page 32: Hierarchical and Recursive State Machines with Context-Dependent Properties](https://reader033.fdocuments.in/reader033/viewer/2022051316/56815853550346895dc5ad31/html5/thumbnails/32.jpg)
Main results
Reachability Cycle
detection
LTL Model Cheching
RSMNP-completeO(|M|·||·2||)
Pspace-complete
O(|M|·16||)
restricted HSM
in DNFO(|M|·||)
Pspace-completeO(|M|·8||)