eco posep ope teso syste (. 1. ||. 2. ) properties of its components. Does M. 1 satisfy P? .... language alphabet language alphabet. ⢠Heuristic: â Try to put the ...
Data Mining Based Decomposition for Assume Guarantee Reasoning Fei He (贺飞) ( ) joint work with He Zhu, William N.N Hung, Xiaoyu Song and Ming Gu School of Software Tsinghua University
Outline • • • •
Introduction Data Mining based Decomposition Data Mining based Decomposition Experimental Results Conclusion
Background • Model checking has been successfully applied to many areas. • It suffers from the state space explosion problem, – Larger state systems, Larger state systems – Infinite state systems.
• To tackle the state space explosion problem, one of the popular techniques is to use the divide and conquer strategy, i.e. compositional reasoning.
Compositional Verification Compositional Verification M1
Decompose properties of system (M eco pose p ope t es o syste ( 1 || || M2)) in properties of its components Does M1 1 satisfy P? y typically a component is designed to satisfy its requirements in specific contexts / environments
satisfies sat sf s P? ?
A M2
Assume‐guarantee reasoning: introduces assumption A representing M1’s “context” Simplest assume‐guarantee rule 1. 〈A〉 M1 1 2. 〈true〉 M2
〈P〉 〈A〉
〈true〉 M1 || M || M2 〈P〉
Automatic Assume‐Guarantee Reasoning • There are two key steps in an assume‐ g guarantee based verification strategy, gy – Identifying an appropriate decomposition of the system, system, – Identifying a simple assumption.
Our Goal Our Goal • How to automatically decompose a system i ll d into several modules? • The The resulting model should be convenient for resulting model should be convenient for assume‐guarantee reasoning, i.e. – The interactions between modules should be as The interactions between modules should be as little as possible, – Because this can do benefit to the assumption Because this can do benefit to the assumption learning.
Related Works Related Works • Learning Assumptions for Compositional Verification, (Cobleigh etc, 2003). – Use L* algorithm to learn assumption automatically.
• Learning‐based Symbolic Assume‐guarantee Reasoning with Automatic Decomposition , (Nam Reasoning with Automatic Decomposition (Nam and Alur, 2005‐2006) – The first paper on system decomposition for AG h f d f – Use Hypergraph partitioning to solver this problem.
Outline • • • •
Introduction Data Mining based Decomposition Data Mining based Decomposition Experimental Results Conclusion
State Transition System State Transition System • Component modeled as a state transition y Mi = , where system – Xi is a set of state variables controlled by Mi; – Ii is a set of input variables that are controlled by is a set of input variables that are controlled by other modules and are readable by Mi; – Oi is a set of output variables that are accessible i t f t t i bl th t ibl to t other modules; – Initi gives the initial condition; – Ti defines the transition condition.
Decomposition • Given a system M = g p p and an integer n, the decomposition problem is to decompose M into n sub‐modules Mi = , such that X > such that X = U U1≤i≤n and Xi 1≤i≤ Xi , and X ∩ Xj = Φ for i ≠ j. • The The key for decomposition of a system is to key for decomposition of a system is to partition the system variables.
Motivating Example Motivating Example • Consider a simple circuit. C id i l i it a b
g p
c
g is dependent on a and b. X:
Init:
a, b, g, p, c b
NULL
T:
tg: g a b b tp: p g c tc: c p
Decomposition Strategy Decomposition Strategy • Target: – Reduce the shared variables as great as possible, g p , – Such that the assumption is based on a small language alphabet language alphabet.
• Heuristic: – Try to put the dependent variables together.
• Our approach: Hypergraph partitioning.
Hypergraph • A hypergraph is a special graph, which can be ( ) where defined as G(V,E,W), – V is a set of vertices. – E is a set of hyperedges E is a set of hyperedges that connect arbitrary that connect arbitrary number of vertices. – W : E → R defines a weight W E → R d fi i ht value for each l f h hyperedge. a g b
Modeling in Hypergraph Modeling in Hypergraph • Given a system M = , – each variable x ∈ X corresponds to a vertex p vx , – and the dependent variables refer to a hyperedge in the hypergraph in the hypergraph.
It’ss not easy to assign weights to the It not easy to assign weights to the hyperedges.
Association Rule Mining Association Rule Mining • Association rule mining discovers item implications through a large data set. item a
b
c
g
p
tg
1
1
0
1
0
tp
0
0
1
1
1
tc
0
0
1
0
1
transaction
• An association rule X ⇒ Y, means if X occurs in a transaction then Y should occur too. transaction, then Y should occur too
Association Rule Mining Association Rule Mining • Two steps for using association rule mining T t f i i ti l i i – Find frequent itemsets with minimum support; – Generate rules G l from these itemset f h i with minimum ih i i confidence.
• Some important concepts – The The support support of an itemset of an itemset X: the number of records X: the number of records that satisfy X divided by the number of records. – The confidence The confidence of a rule X of a rule X ⇒ Y : the number of Y : the number of records that satisfy X ∪ Y divided by the number of records that satisfy X.
Frequent item sets
VT:
tg: g a b g tp: p g c tc: c p :c p
a b a b g a g b g b g p c p g p g p g c c g
Association rules a ⇒ b 100 b⇒a b ⇒ 100 b g ⇒ a 100 g ⇒ a 50 g ⇒ b 50 c ⇒ g 50 p ⇒ c 100 100 p ⇒ g 50 … …
How to Assign Weights? How to Assign Weights? • With each itemset, we define a hyperedge – Each itemset gives a possible combination for the g p items.
• Weight of a hyperedge of a hyperedge is decided by the is decided by the average value of all rules derived from the corresponding itemset. di i – For example, the weight of edge (p, g, c) is decided by three rules: p g ⇒ c, p c ⇒ g, and g c ⇒ p. This value gives an evaluation for the This value gives an evaluation for the interactions between items.
variable transactions
g
a b
p
c
modeling a
p g
b
c
W i ht d H Weighted Hypergraph h Model M d l
g a b p g c p g c c p Hyperedges: a b 100 a b g 100 a g a g 75 75 b g 75 p c 100 p p c g 83.3 p g 50 c g 50
frequent item set item set
Decomposition as Hypergraph Partitioning • Hypergraph partitioning: – Partitioning the hypergraph g yp g p into K parts. – The sum weights of all cut The sum weights of all cut‐edges edges is is minimal.
• There are some existing tools for hypergraph partitioning problem, among them, we chose hMETIS. g ,
a
p g
b
c
Hyperedges: a b 100 a b g 100 a g 75 b b g 75 75 p c 100 p c g p c g 83.3 83 3 p g 50 c g 50
a
p g
b
c
Hyperedges: a b 100 a b g 100 a g 75 b b g 75 75 p c 100 p c g p c g 83.3 83 3 p g 50 c g 50
• Decomposing the variable set into 2 partitions: D i th i bl ti t 2 titi – a, b, g and p, c.
System Decomposition System Decomposition • With the variable partition result With the variable partition result a b
g p
c
pc p,c g
p
gab g,a,b c a b
g
The Flow of our Approach The Flow of our Approach
The Benefits of our Approach The Benefits of our Approach • M Modules are compact and have fewer d l t dh f communication. • The module has less requirements on its p environment, then the assumption can be greatly reduced. 1. 〈A〉 M1 〈P〉 2. 〈true〉 M2 〈A〉 〈true〉 M1 || M2 〈P〉
• Since A is reduced, the y g efforts for verifying these two premises are also reduced.
Outline • • • •
Introduction Data Mining based Decomposition Data Mining based Decomposition Experimental Results Conclusion
Implementation Decomposition System
NuSMV
External tools Apriori, hMetis
Comp. Verif.
Symoda
Experimental Results Experimental Results Benchs
Weighted Hypergraph
Var
IO
time
Unweighted Hypergraph IO
time
General
s1a
23
2
0.32
2
0.31
15.77
s1b
25
6
0.49
6
0.60
16.03
msi3
61
17
2.81
19
3.53
10.23
msi5
97
24
5.86
32
8.81
27.17
msi6 i6
121
27
9 69 9.69
33
12 11 12.11
43 80 43.80
74
32
76.13
33
129.20
Timeout
peterson
9
7
0 65 0.65
7
113 8 113.8
27 67 27.67
guidance
76
37
19.93
13
4.11
18.75
syncarb10
Experimental Results Experimental Results • Compositional verification leads to better ii l ifi i l d b performance than general model checking. • In most of the benchmarks, our approach p g hypergraph yp g p outperforms the unweighted method.
Outline • • • •
Introduction Data Mining based Decomposition Data Mining based Decomposition Experimental Results Conclusion
Conclusion • A new decomposition method for the assume‐ g guarantee reasoning g – It integrates the data mining method to the compositional verification. compositional verification. – It utilizes the weighted hypergraph partitioning to cluster the variables cluster the variables.
• Experimental results show the promising performance of this approach.
Thank You !
Question & Answer
