State based Optimization

Our internal representation is extremely sensible to the form of the state. By modify-ing the representation of the state we can obtain important performance gains. Some of these modifications can be made in a transparent way,i.e.,without affecting transi-tions or model checking algorithms.

Variable Ordering

For the state, it is well known that DDs suffer from the variable ordering problem [FS87]. For example, for our PN example, the order of the places in the map is important. We can exponentially improve the performance of our strategies just by modifying the order of places. However, finding an optimal order is an NP-complete problem [BW96]. Nevertheless, there are good heuristics that can improve the order-ing and thus the performance of the model checkorder-ing. In our case, since the strategies we proposed are generic (we use strategies such asfindApplythat go and find the posi-tion to modify), changing the variable ordering is an easy to implement optimizaposi-tion.

Clustering

Another state based modification is clustering [CLS00]. Clustering is based on the well knowndivide-and-conquer approach. The idea is that we can divide our state in modules. Each module has transitions that only applies in the module (local transi-tions), and transitions that perform inter module operations. Thus, when computing the state space, one can compute the state space only for the module.

Let us discuss how to implement such a technique in our approach. We takePNs as an example. The state of the PN is modeled as a map M : Places → N. We partition the Places set into the partition (Placesi)i∈{1,...,n}1. Our new state is then a n-tuplehM₁, . . . ,Mni, whereMi :Placesi →Z.

Using this new state, the functions defined in the previous chapter(testp,n, decp,n, andinc_p,n) are exactly as before for the parts of our state. However, we need to define new rules for inter module transitions. The functional nature of our approach makes that all functions already defined can be reused.

An easy solution to model the new semantics of the system is to define a higher order function that takes a local transformation and transforms it to a global one. We

1A partition of a setS is a family of sets (S)_i∈I s.t. fori, j:S_i∩S_j=∅, andS

i∈IS_i=S

7.3. Advanced DD Optimization Techniques 91

nat zero: nat s: nat 7→ nat pname P1: pname

P2: pname

...

mapping empty: mapping

map: pname, nat, mapping 7→ mapping cluster empty: cluster

c1 : mapping, cluster 7→ cluster c2 : mapping, cluster 7→ cluster

...

cn : mapping, cluster 7→ cluster

Table7.2 – Term signature forPetri net markings with clustering can define this function parametrically as follows:

ApplyCluster_i : (Mi → Z)→(M₁× · · · ×Mn → M₁× · · · ×Mn) : f 7→(hm₁, . . . ,mi, . . . ,mni 7→ hm₁, . . . , f(mi), . . . ,mni) TestClusteri : (Mi → {true,false})→(M₁× · · · ×Mn → {true,false})

: f 7→(hm1, . . . ,mi, . . . ,mni 7→ f(mi))

Thus, using theApplyCluster_i andTestClusteri one can easily redefine the semantics of our PNs. Given a transition that acts only over one cluster i we can define its semantics as follows:

t=

V

p∈P_iTestClusteri(testp,in(t)(p))(m) Pi ={p₁, . . . ,pn⁰}

ApplyCluster_i(decp₁,in(t)(p1)◦ · · · ◦decp_n0,in(t)(p_n⁰)◦incp₁,in(t)(p1)◦ · · · ◦incp_n0,in(t)(p_n⁰))(m) We can do the same for transitions that span over various clusters. We just need to group operations on each part in the corresponding high order function.

Now, let us define translate the clustered setup to our strategies. The first step is defining the new state. We choose to have named clusters, this allows to create generic functions to manipulate them. We give their signature in Table7.2.

The next step is to modify the translation from SOS rules to strategies. As all parametric strategies are high order functions, we can simply modify the compilation function to compile high-order functions to strategies. In this case, the pComp and aCompfunctions are the same, the definition is given below:

pComp:TestClusteri(test_p,in(t)(p))7→ApplyClusterStrati(pComp(test_p,in(t)(p))) whereApplyClusterStrati is defined by the following two strategies:

checkClusteri = {ci($m, $c) {^{ci($m, $c)}} ApplyClusterStrat_i(S)= IfThenElse(

checkClusteri,One(S,1),ApplyClusterStrat_i(S))

92 Chapter 7. Model Checking Using Set Rewriting We can use the exact same definition foraComp.

An interesting side effect of our term based implementation is that it is very easy to describe systems nested hierarchical system. For example, we can divide our modules in submodules, the submodules in subsubmodules, and so on. We present an example of a clusterized state in Example7.3.1.

Example 7.3.1 Let us consider aPN with four places P₁, P₂, P₃, and P₄, and let us suppose that we divide thePNin two clusters c₁= {P₁,P₂}and c₂ ={P₃,P₄}. We have that the state has the following form:

c1(map(P1, 0, map(P2, 0, empty)), c2(map(P3, 0, map(P4, 0, empty)), empty)

Anonymization

Anonymization [HKPAE12] is an optimization based entirely on the properties of DDs. Basically we try to exploit the caching ofΣDDs. ΣDDsrely heavily on caching to avoid repeating the same operations. Thus, having similar parts of the system have the same structure or term representing them can improve performance.

Let us illustrate this by an example using PNs. To apply this optimization we need to be on a modularized system, i.e., the system state is represented as a tuple hM₁, . . . ,Mni(as shown in previous subsection).

Each of the (Mi)i∈{1,...,n} represents the state of a subnet (Ni)i∈{1,...,n}. Occasionally, we have that there is an isomorphismh: Pj∪Tj → Pk∪Tk that transforms someNj

to some other subnet Nk of the state. From this fact, we can model the state of both subnetsNj andNk by exactly the same type of function Mk : Pk →N. Thus, the new representation of the state becomeshM₁, . . . ,Mk, . . . ,Mk, . . . ,Mni.

Now that we have the new state we need to describe the transitions. Supposing that we translated Nj toNk, we have that all local transitions touchingNk are the same in our system and thus we do not need to create new strategies for them. Local transitions ofNj need to be retranslated. The translation however is required at when translating the transitions toSOSrules. The new rule for local transitions touching the subnetNj

is presented as follows:

t = V

h(p)∈PiTestClusteri(testh(p),in(h(t))(h(p)))(m) Pi = {h(p₁), . . . ,h(pn⁰)}

ApplyCluster_i(dec_h(p1),in(h(t))(h(p1))◦ · · · ◦inc_h(pn0),in(h(t))(h(p_n0)))(m)

The rule is exactly the same as before but we have mapped each t and p to their equivalent in the isomorphic subnet using h. Also please note that TestClusteri and ApplyCluster_i are not changed because the clusters keep their position in the state.

The same manipulation is done with transitions spanning several clusters. We show an example of anonymization in Example 7.3.2. In particular, we invite the reader to notice the difference between anonymization and clustering that is highlighted by the example. The fact that the two clusters have exactly the same form improves the performance of the caching.

7.3. Advanced DD Optimization Techniques 93 Example 7.3.2 Let us consider the PN in Example 7.3.1. This time we show the clusterized and anonymized state:

c1(map(P1, 0, map(P2, 0, empty)), c2(map(P1, 0, map(P2, 0, empty)), empty)