Budapest University of Technology and EconomicsPetri Nets and Graph Transformation 2010, Enschede, The Netherlands
Guided State Space Exploration using Back-annotation of Occurrence Vectors
Ábel Hegedüs, Dániel Varró
Budapest University of Technology and Economics
Fault Tolerant Systems Research Group
Contents
Motivation
Problem definition
Approach overview
Back-annotating abstractions
Guided state space exploration
Outlook & Summary
Motivating example Service configuration:
o Regular status check reveals problems (e.g. service down)
o Maintenance operations are performed to resolve issues
Active
Standby Down
Up
Motivating example Service configuration:
o Regular status check reveals problems (e.g. service down)
o Maintenance operations are performed to resolve issues
Approach:o Different type of operations
o Various operation sequences possible
• Which operations to choose?
• Execution order?
Active
Standby Down
Up
Failover
Motivating example Service configuration:
o Regular status check reveals problems (e.g. service down)
o Maintenance operations are performed to resolve issues
Approach:o Different type of operations
o Various operation sequences possible
• Which operations to choose?
• Execution order?
Active
Standby Down
Up
Remove
Unregister
Stand by
Motivating example Service configuration:
o Regular status check reveals problems (e.g. service down)
o Maintenance operations are performed to resolve issues
Approach:o Different type of operations
o Various operation sequences possible
• Which operations to choose?
• Execution order?
Goal:o Calculate solution that satisfies
the required service configuration• E.g. At least half of the services have
standby backups, services that are down are removed.
Active
Standby Down
Up
Remove
Stand byPower on
Problem definition
Given: a GTS with
o Initial graph
o GT rules (optionally with cost)
o Goals
o Global constraints
Problem: Find trajectory
o From initial graph to the goal state
o Satisfying all global constraints
fail-over
Remove services that are down, etc.
Maximum number of deployed services
Example GTS
Service
active / standby
up/down backup
fail-over
power on
Active
Standby
Down
Upfail-over
stand by detach
remove
Service
standby
Service
backup
down
Service
active
Service
down register
unregister
Example Problem Definition Current configuration:
o 2 active serviceso 2 standby serviceso 2 down services
Constraintso Maximum 7 services
powered on Goal:
o Serve 4 requests simultaneously
Problem:o Find a trajectory satisfying
all constraints Active
Standby Down
Up
State space exploration
Approach overview
GTS
GT rules + Initial graph
Service powered on ≤ 7
Goal
Constraints
Strategy
Serve 4 requests
?
State space exploration
Guided traversal approaches:
o Naive heuristic:
• Depth First Search, Breadth First Search
o Branch and bound:
• Current best solution
• Best solution, as soon as possible
o Abstraction-guided traversal:
• Use hints to prune search space (PNGT 2006)
• Successfully used in other approaches– CSP(M) (MODELS 2009)
State space exploration
remove
register
failover
power on
detach
power
on
register failover
stand by
remove
detach
failover
Constraint violation: Max services exceeded
Rules may enable the execution of an other rule
Rules may enable the execution of an other ruleDependency
Abstraction:• Simplify search• Numerical solution
State space exploration
remove
register
failover
power on
detach
power
on
register failover
stand by
remove
detach
failover
Guidence 1: Cut-offTerminate branches whennot promising/compliant
Guidence 2: SelectionChoose most promisingbranch when there aremultiple choices
Approach overview
State space exploration
GTS
Goal
Constraints
Strategy
PN modelILP
problem
Goal reached?
No
Yes
Trajectory
SolutionSolution 2
Abstraction
GTS to Cardinality P/T nets (ICGT 2006) General idea:
o Abstract from concrete graph structure
o Keep track only the number of graph elements of a certain type
PN = F(GTS):o types placeso instances tokenso rules transitionso input places: left-hand side of
rule (LHS)o output places: right-hand side of
rule (RHS)
Algebraic representation of PN:o Incidence matrix W|P|x|T|
• Wi,j = w(ti, pj) – w(pj, ti)
o State equationo Transition occurrence vector
fail-over
Service
standby
Service
backup
down
Service
active
Servicedown
Service
down
standby
up
active
backup
2
0kM M W
Se Ac St Up Do Ba
Fail-over 0 1 -1 0 0 -1
… … … … … … …
Overview of abstractions
Abstract value set o Instances tokens
o Integer boolean/enumeration
o Complex data structure (e.g. SOAP message) simple
Abstract behavioro Delete/create Instance number change
o Complex actions one step
o Decisions, conditions nondeterministic choice
Abstract timeo Order of transition execution lost in algebraic solution
o No ordering for steps, only final state available
SolutionSolution 2
Approach overview
State space exploration
GTS
Goal
Constraints
Strategy
PN modelILP
problem
Goal reached?
No
Yes
Trajectory
Back-annotation
Back-annotation
Value set abstractiono Choose significant values (test data)
Dynamic behavioro Create mapping between dynamic semanticso Nontrivial issues (SEFM 2010)o Similar problems in Business Process Verification
• BPEL – design model• PN/SAL – analysis model Petri Net
SimulatorBPEL
Designer
BPEL2PN
Back-ann.
Fire Transition
SelectTransition
Fire Transition
SelectTransition
Add Tokens
Delete Tokens
BPEL ActivityExecuted
BPEL Activity Runs
BPEL ActivityStartable
Back-annotation
Time abstraction
o Input: (analysis) trace data without ordering
o Output: feasible (design) trajectory
o State space exploration using trace data
• Guide exploration using back-annotation!
failover
remove
remove
failover
remove
Main contribution
Approach overview
State space exploration
GTS
Goal
Constraints
Strategy
PN modelILP
problem
Goalreached?
No
Yes
Trajectory
SolutionSolution 2
Dependency graph
Given: GTS GT rule dependency ab:
o b has casual dependency on ao execution of the rule may increase
the match set of the other
Dependency grapho nodes: ruleso edges: rule dependencyo directed graph
stand by
register
a
c
b
d
a
b
Guided traversal
Our idea:
o Combine occurrence vector (σ) with dependency graph
o Nodes (rules) with number of rule executions on the „guessed” trajectory (σ[a])
o Traversal based on graph
o Keep track of rule execution
• rule a:
– #{remaining execution} = σ[a]-#{executions}
unr
reg
stby
det
failo
rem2
0
1 02
1
po
1
Tracking execution
unr
reg
stby
det
failo
rem2
0
1 02
1
po
1
remove failover
unr
reg
stby
det
failo
rem1
0
1 02
1
po
1unr
reg
stby
det
failo
rem1
0
1 02
0
po
1
Cut-off criteria
Non-compliant path (look-ahead)o An enabled rule with #{remaining execution} = 0
Permanently disabled ruleo disabled rule with #{remaining execution} > 0o Potentially enabler rules with #{remaining execution} = 0
unr
reg
stby
det
failo
rem2
0
0 02
1
po
1unr
reg
stby
det
failo
rem2
0
1 00
1
po
1
Idea: Execute the rule whicho drives the traversalo towards the enablement of rules with high #{remaining
execution}
Maximum forward-dependent application patho Calculate #{remaining execution} for paths starting from
enabled ruleso Possible path calculation algorithms:
• Every node once• Handle nodes on multiple paths• Handle loops
o Select rule with maximum value
Selection criteria
unr
reg
stby
det
failo
rem1
0
1 02
1
po
1 2
6?
Selection criteria Idea: Eliminate short paths early
o by driving the executiono toward satisfying cut-off criteria
Minimum backward-dependent application patho Calculate #{remaining execution}o for reverse paths starting from rules affected by
enabled ruleso Select rule with minimum value
unr
reg
stby
det
failo
rem1
0
1 02
1
po
1
1
1
12
1
Example execution
unr
reg
stby
det
failo
rem2
0
1 02
1
po
1
power on
unr
reg
stby
det
failo
rem2
0
1 01
1
po
1
Max service ≤ 7
Max fwd-dep Max fwd-dep & Min bwd-dep
failover remove
unr
reg
stby
det
failo
rem2
0
1 01
0
po
1
Outlook
Ongoing experimental evaluation
Implementation
o Modular approach with customizable criteria
Further refinement directions
oMore sophisticated criteria
o Use critical pair graph as well
o Limit evaluated path length
o Priority, cost
• It’s more important to have the service running than removing the services that are down
Summary
Advanced state space traversal guidance
o using analysis techniques
o back-annotation of abstraction
o path evaluation on attributed graph
o extensible cut-off and selection criteria
Thank you!