STATE SPACE GENERATION FRAMEWORK BASED ON BINARY DECISION DIAGRAM FOR DISTRIBUTED EXPLICIT MODEL CHECKING

Jan Zizka et al. (Eds) : CCSIT, SIPP, AISC, CMCA, SEAS, CSITEC, DaKM, PDCTA, NeCoM - 2016
pp. 297–305, 2016. © CS & IT-CSCP 2016 DOI : 10.5121/csit.2016.60125
STATE SPACE GENERATION FRAMEWORK
BASED ON BINARY DECISION DIAGRAM
FOR DISTRIBUTED EXPLICIT MODEL
CHECKING
Nacer Tabib1
, Jean Michel Ilie2
, and Djamel Eddine Saidouni1
1
Misc Laboratory, Constantine 2 University , Algeria
{tabib,saidounid}@misc-umc.org
2
Lip6 Laboratory, UPMC, France
{jeanmichel.ilie}@upmc.fr
ABSTRACT
This paper proposes a new framework based on Binary Decision Diagrams (BDD) for the
graph distribution problem in the context of explicit model checking. The BDD are yet used to
represent the state space for a symbolic verification model checking. Thus, we took advantage
of high compression ratio of BDD to encode not only the state space, but also the place where
each state will be put. So, a fitness function that allows a good balance load of states over the
nodes of an homogeneous network is used. Furthermore, a detailed explanation of how to
calculate the inter-site edges between different nodes based on the adapted data structure is
presented.
KEYWORDS
Graph distribution, Binary Decision Diagram, State space generation, Formal verification,
Model Checking.
1. INTRODUCTION
An efficient way to improve applications’ performances is to use networks. In fact, many already
existent applications have been transformed from their simple versions to distributed ones
whether they are not initially implemented in a distributed version in the aim of increasing the
storage capacity and driving the computing more quicker.
Let’s take the formal verification [1] of systems as an example of such applications. An attractive
solution to face the major problem of these applications which focus on the combinatorial states
space explosion and computing time is the distribution of the graph (states space)[2].
Despite the large use of graphs [3] in computing science domains, they still meet so serious and
heavy difficulties especially when certain thresholds and limits are exceeded. That is why it is
useful to split the main graph into a set of distributed sub-graphs.

298 Computer Science & Information Technology (CS & IT)
The workload balancing, minimization of the distributed inter-site communication of an
unreliable network represent two important factors that are necessary to take them into account in
order to generate an ideal distribution of the graph. Both of them influence the application’s
performances and because of this reason, taking them into account makes the graph distribution a
really hard task.
Using several computers of small capacities all together would give an unlimited capacity in term
of speed and memory. However, the main inconvenient of distributed algorithms is on
distributing the states space of the graph without taking into account the workload balancing that
will affect directly the distributed verification application’s performances. Besides considering
the workload balancing and the distributed inter-nodes edges separately are not enough to
improve the distributed verification performances [4].
Several solutions have been proposed to tackle this problem such as equivalence relations, partial
order based relations [5] [6]. Although, these solutions reduce the graph size significantly, the
memory capacity remains a problem when dealing with very complex systems.
Nowadays, workstations clusters give more and more hardware resources availability, hence we
can represent large graph over the cluster where each workstation can hold a sub-graph [7] [8].
But most works use either the symbolic methods based on BDD [9], [10] or explicit methods [7].
A new approach of distributing system states space is proposed in this paper. This new
framework developed is based on a compressed format of data structure called Distribution with
Binary Dicision Diagram (DBDD) to keep a local vision of the whole system. The framework
exposes throught its API a set of services that can be used by distributed algorithms in order to
distribute graphs and perform a distributed verification.
The paper is organized as follows. In Section 2 we introducing fundamental concepts of
distributed graphs, BDD and Petri nets, then we move to present our Approach trough different
subsections in the same part. After deeply presenting the algorithm in Section 3, we make some
experiments on the algorithm to show its performances comparing to other algorithms of graph
distributing in Section 4 and Section 5 . Finally, we achieve the paper by Section 6 to conclude.
In the following sections we use interchangeably the terms graph and states space, where we
mean by states space a graph generated from a Petri net specification representing its behavioural
semantics.
2. BASIC CONCEPTS
The graph to be distributed is generated from a petrinet specification. We briefly recall the
definitions of some basic concepts necessary in the following sections.
2.1. Distributed Graph
Let W = {Wk}k=1..N be N sites, a distributed graph (noted DiG), is a graph with a function of
distribution (partial) fk
.
DiG = (G,fk
) k=1..N
such that :
– G = (V,E) : an oriented graph.

Computer Science & Information Technology (CS & IT)
– fk
: G → Gk is an application of
Notation 21 {Gk}1≤k≤N is a set of subsets called fragments
Definition 1. a fragment Gk is defined by
– Vk ⊆ V : Vk is a fragment of nodes of
– Ek = Ek
L
∪ Ek
R
such that E
• Ek
L
⊆ Vk
2
is the set of edges between nodes belonged in the same site
• Ek
R
⊆ Vk × (V Vk) = {(vk
origins are in the local sites and the
• αk and βk are two applications of
• αk(e) = v ∈ Vk : indicate the origin of the edge
• βk(e) = v’
∈ Vk if e ∈ Ek
L
and
Notation 2.2 given a set S, |S| denotes its cardinality (the number of elements).
Figure 1 represents a distributed graph over sites (nodes) of a cluster of workstations (workers).
We assume that the initial graph is so large that it can’t be hold in one machine so
over a different sites while generating it make it possible to take advantage of distributed memory
hence we can represent more and more large graphs that correspond to very complex systems.
Fig.1. graph before distribution (a) and after
2.2. Petri Net Related Definitions
– A Petri net [11] is a tuple (
such that , and
function. Graphically, transitions of
circles and weight function by arrows associated with their weights. We suppose that all
nets are finite, i.e.|S∪T| ∈
is an application of G in Gk, such that Gk = (Vk,Ek)
a set of subsets called fragments Gk, such that ∪Vk = V and
is defined by Gk = (Vk,Ek) such that :
is a fragment of nodes of V in the site Wk.
Ek
L
∩ Ek
R
= ∅ : the set of intra-site and inter-sites edges with :
is the set of edges between nodes belonged in the same site Wk (Local edges).
k,vk
’
) such that vk ∈ Vk and vk
’
∉ Vk} : is the set of edges whose the
origins are in the local sites and the goals are in the remote sites (Remote edges).
are two applications of Ek in V such that for all edges e = (v,v’
) ∈ E
indicate the origin of the edge e.
and βk(e) = v’
∈/ Vk
’
else.
denotes its cardinality (the number of elements).
We assume that the initial graph is so large that it can’t be hold in one machine so
Fig.1. graph before distribution (a) and after (b)
2.2. Petri Net Related Definitions
A Petri net [11] is a tuple (S,T,W) where S is the set of places, T is the set of transitions
, and W : ((S × T) ∪ (T × S)) →N = {0,1,2,...} is the weight
function. Graphically, transitions of T are represented by rectangles, places of S by
∈ N.
299
and ∪Ek ⊆ E
sites edges with :
(Local edges).
is the set of edges whose the
goals are in the remote sites (Remote edges).
E :
We assume that the initial graph is so large that it can’t be hold in one machine so distributing it
is the set of transitions
} is the weight
represented by rectangles, places of S by

– For x ∈ S ∪ T, the pre-set •
x is defined by •
x = {y ∈ S ∪ T|W(y,x) ≠ 0} and the post-set x•
is
defined by x•
= {y ∈ S ∪ T|W(x,y) ≠ 0}.
– The marking of a Petri net (S,T,W) is defined as a function M : S → N. A marking is
generally represented graphically by putting tokens in places.
– Safety-Petri net is a Petri net (S,T,W) such that for any s of S : M(s) ≤ 1
– The transition rule stipulates that a transition t is enabled by M iff M(s) ≥ W(s,t) for alls ∈
S. The firing of a transition t will produce a new marking M’
defined byM’
(s) =
M’
(s)−W(s,t)+W(t,s) for alls ∈ S. The occurrence of t is denoted by M|t > M’
.
– Two transitions t1 and t2 (not necessarily distinct) are concurrently enabled by a marking
M iff M(s) ≥ (s,t1) + W(s,t2) for all s ∈ S.
– A marked Petri net (S,T,W,M’) is a Petri net (S,T,W) with an initial marking M’.
– An alphabet A is a finite set; we suppose that τ ∈ A(τ will indicate invisible action, or
silent action).
– The labeling of a Petri net N = (S,T,W) is a function λ : T → A ∪ {τ}. If λ(t) ∈ A then t is
said to be observable or external; at the opposite, t is silent or internal.
– Σ = (S,T,W,M’,λ) is a labeled system iff (S,T,W,M’) is a marked Petri net and λ is a
labeling function of (S,T,W)..
2.3 BDD
A Binary Decision Diagram or BDD [10] is data structure used for representation of Boolean
functions in the form of rooted directed acyclic graph. A BDD is a rooted directed acyclic graph
G = (V,E) with node set V containing two kinds of nodes, non-terminal and terminal nodes
(Figure 2). A non-terminal node v has as tag a variable index(v) ∈ {x1,x2,...,xn} and two children
low(v) , high(v) ∈ V . The final nodes are called 0-final and 1-final. A BDD can be used to
compute a Boolean function f(x1,x2,...,xn) in the following way. Each input a = (a1,a2,...,an) ∈
{0,1}n
defines a computation path through the BDD that starts at the root. If the path reaches a
non-terminal node v that is labelled by xi, it follows the path low(v) if ai = 0, and it follows the
path high(v) if ai = 1. The label of the terminal node determines the return value of the BDD on
input a. the BDD is called "ordered" if the different variables appear in the same order on all the
ways from the root (Figure 2).

Computer Science & Information Technology (CS & IT) 301
Fig.2. Binary decision diagram
Generating a BDD from a Petri Net BDD: can represent a state space generated from a safe
petri Net in an efficient high compressed format. The Figure 3(b) represents a BDD generated
from a safe Petri Net 3(a). It uses a set of variables proportional to the number of places in petri
net in this example it uses 6 variables to code the different configurations of petri net
p1,p2,p3,q1,q2 and q3.
(a) (b)
Fig.3. Petri net specification (a) and corresponding BDD (b)
3. PROPOSED APPROACH
Here we are going to present a new framework for graph distribution based on adapted data
structure called (DBDD) Distribution with Binary Decision Diagram, the framework provide
functions that can be used by parallel and distributed algorithms to generate an explicit state
space or to get the location of specific states successors in the distributed graph. Hence the
DBDD represent a global state of the system which decrease the communication between several
nodes of the network workers and ensure a better fault tolerance.

3.1. Sites Encoding
The DBDD in addition to representing the reachability graph of petri net it encodes the place of
each state by injection of a additional game of variables, each variable represent the site where
the state is meant to be. Figure 4 represents an example of the encoding of two sites by adding
variables which represents these two site (α1, α2) to encode the first site in binary (01). and (β1,
β2) for the second site (10).
ig.4. DBDD represents a graph distributed over two nodes
3.2. DBDD generation
Algorithm 1 below represents the generation of the DBDD, variables are chosen according a
binary variable bddSite. The fitness function F ensures a good load balance.
3.3. Fitness function
The site to be chosen for a given set of states is calculated based on the following fitness
function:

In an homogeneous network all Sites have the same memory capacity, and a good balance load is
when each site hold exactly such that
4. IMPLEMENTATION AND
The proposed approaches are implemented with JavaBDD [12] (An open source library for
manipulating BDD, it is also a wrapper for other libraries such Buddy [13] and Cudd [14]) tested
on a network of PC with a 3.0 GHZ processor and 512 MB of
generates distributed graphs associated to petrinets specifications (Figure 5) which is part of
FOCOVE framework.
Fig.5. Tool for editing petrinets and generation of state space
5. RESULT AND EXPERIMENTATION
To see the contribution and the advantage of the proposed approach, we compare it to hash
function (MD5)[8] based algorithm. Taking examples studied in literature enables us to get more
closely to the problem of combinatorial explosion. In the context, we have selec
known classic case studies in system models. These models include dining philosophers system
[15], Peterson solution for mutual exclusion [16] and shared memory system [17].
‫ܨ‬ ൌ ෑ|ܸ௜|
௜ୀ௡
௜ୀଵ
such that ∑ |ܸ௜| ൌ |ܸ|௜ୀ௡
௜ୀଵ
MPLEMENTATION AND EVALUATION
on a network of PC with a 3.0 GHZ processor and 512 MB of memory. We developed a tool that
Fig.5. Tool for editing petrinets and generation of state space
XPERIMENTATION
contribution and the advantage of the proposed approach, we compare it to hash
closely to the problem of combinatorial explosion. In the context, we have selected three well
[15], Peterson solution for mutual exclusion [16] and shared memory system [17].
303
memory. We developed a tool that
contribution and the advantage of the proposed approach, we compare it to hash
ted three well

Table 1. Comparative results of the bdd approach,MD5 based
5 sites |V |
philosophiers 729
Shared memory 8019
Peterson 20754
The table(1) shows the statistic results according to philosophers, shared memory and Peterson
models knowing that the states space has been distributed over 5 sites. The standard deviation of
the number of states on each site noted by
is the standard deviation σv, the better is the distribution over sites, because a tiny
the states space is well distributed on the different sites and we see that on table(1). Using the
new proposed approach makes it possible to have a fewer
(MD5) based algorithm except for Peterson and this is due to the replication of some states over
the sites.
6. CONCLUSION
In this paper, we have presented a new framework bas
to solve the graph distribution problem in context of formal verification. We have used an
adapted data structure which ensures a high compression property, the balance load and fault
tolerance. We have also compare
To put in practice the result of this work, an optimization algorithm such as evolutionary
algorithm or local search may be applied to improve the inter
with the variable order problem in BDD. Beside this, different verification algorithms may be
applied on the distributed graph generated to verify properties of complex systems
REFERENCES
[1] Edmund M Clarke, Orna Grumberg, & Doron Peled. Model checking. MIT
[2] Antti Valmari(1998). The state explosion problem , Lectures on Petri nets I: Basic models, pp 429
528. Springer.
[3] Douglas Brent West et al (2001). Introduction to graph theory, volume 2. Prentice hall Upper Saddle
River.
[4] Hans Hansson & Bengt Jonsson(1990). A calculus for communicating systems withtime and
probabilities, In Real-Time Systems Symposium, 1990. Proceedings., 11th, pp 278
[5] François Vernadat, Pierre Azéma, & François Michel(1996). Covering step graph , Applic
theory of Petri nets, pp 516–535. Springer.
[6] Patrice Godefroid, J van Leeuwen, J Hartmanis, G Goos, & PierreWolper. Partialorder(1996)
methods for the verification of concurrent systems: an approach to the stateexplosion problem.
[7] Hubert Garavel, Radu Mateescu, & Irina Smarandache(2001). Parallel state space construction for
model-checking. , Model Checking Software, pp 217
Table 1. Comparative results of the bdd approach,MD5 based algorithm.
|V | |E| σv
MD5
σv(%)
MD5
σv
BDD
σv(%)
BDD
729 3402 21.46 2.9 14.36 1.97
8019 52974 249.61 3.11 96.01 1.19
20754 62262 588.67 2.83 607 2.9
the number of states on each site noted by σv(%) is calculated as follows
, the better is the distribution over sites, because a tiny σ
pproach makes it possible to have a fewer σv than the one obtained by using the
In this paper, we have presented a new framework based on binary decision diagrams algorithm
tolerance. We have also compared our work with md5 based algorithm. Results are promising.
algorithm or local search may be applied to improve the inter-site communication and tackle also
e variable order problem in BDD. Beside this, different verification algorithms may be
applied on the distributed graph generated to verify properties of complex systems.
Edmund M Clarke, Orna Grumberg, & Doron Peled. Model checking. MIT press,(1999).
Antti Valmari(1998). The state explosion problem , Lectures on Petri nets I: Basic models, pp 429
Douglas Brent West et al (2001). Introduction to graph theory, volume 2. Prentice hall Upper Saddle
nsson & Bengt Jonsson(1990). A calculus for communicating systems withtime and
Time Systems Symposium, 1990. Proceedings., 11th, pp 278–287.
François Vernadat, Pierre Azéma, & François Michel(1996). Covering step graph , Applic
535. Springer.
Patrice Godefroid, J van Leeuwen, J Hartmanis, G Goos, & PierreWolper. Partialorder(1996)
t Garavel, Radu Mateescu, & Irina Smarandache(2001). Parallel state space construction for
checking. , Model Checking Software, pp 217–234. Springer.
(%)
BDD
1.97
1.19
. The smaller
σv means that
v than the one obtained by using the
ed on binary decision diagrams algorithm
d our work with md5 based algorithm. Results are promising.
site communication and tackle also
e variable order problem in BDD. Beside this, different verification algorithms may be
press,(1999).
Antti Valmari(1998). The state explosion problem , Lectures on Petri nets I: Basic models, pp 429–
Douglas Brent West et al (2001). Introduction to graph theory, volume 2. Prentice hall Upper Saddle
nsson & Bengt Jonsson(1990). A calculus for communicating systems withtime and
287.
François Vernadat, Pierre Azéma, & François Michel(1996). Covering step graph , Application and
Patrice Godefroid, J van Leeuwen, J Hartmanis, G Goos, & PierreWolper. Partialorder(1996)
t Garavel, Radu Mateescu, & Irina Smarandache(2001). Parallel state space construction for

Computer Science & Information Technology (CS & IT) 305
[8] Hubert Garavel, Radu Mateescu,Wendelin Serwe(2013), et al. Génération et manipulation d’espaces
d’états distribués avec cadp: expériences sur grid’5000, Conférence en Parallélisme, Architecture et
Système ComPAS’2013.
[9] Stefan Blom & Simona Orzan(2003). Distributed branching bisimulation reduction of state spaces.
Electronic Notes in Theoretical Computer Science,vol.1 n- 89 pp 99–113.
[10] Randal E Bryant.(1992 ) Symbolic boolean manipulation with ordered binary-decision diagrams.
ACM Computing Surveys (CSUR),vol.3 n° 24 pp 293–318.
[11] Eike Best & Harro Wimmel (2013 ). Structure theory of petri nets, Transactions on Petri Nets and
Other Models of Concurrency VII, pp 162–224. Springer.
[12] http://javabdd.sourceforge.net/
[13] http://sourceforge.net/projects/buddy/
[14] http://vlsi.colorado.edu/~fabio/CUDD/cuddIntro.html.
[15] "NetLogo Models Library: Sample Models/Computer Science Standards"
http://ccl.northwestern.edu/netlogo/models/DiningPhilosophers
[16] "Model Checking Contest, “Peterson model" http://sumo.lip6.fr/ Peterson_model.html
[17] "Model Checking Contest, “Shared momory model" http://sumo.lip6.fr/ SharedMemory_model.html

STATE SPACE GENERATION FRAMEWORK BASED ON BINARY DECISION DIAGRAM FOR DISTRIBUTED EXPLICIT MODEL CHECKING

More Related Content

What's hot (19)

Viewers also liked (20)

Similar to STATE SPACE GENERATION FRAMEWORK BASED ON BINARY DECISION DIAGRAM FOR DISTRIBUTED EXPLICIT MODEL CHECKING (20)

Recently uploaded (20)

STATE SPACE GENERATION FRAMEWORK BASED ON BINARY DECISION DIAGRAM FOR DISTRIBUTED EXPLICIT MODEL CHECKING