This chapter provides answers to the first two research questions of the project, concerning the
Saturation approach to choose for implementation and the consequences for implementing it inside the LTSmin toolset.
“Different versions of the Saturation approach exist and which one of these is a good candidate for extending the symbolic reachability techniques of the LTSmin toolset?”
The deciding factors for choosing a suitable Saturation algorithm to implement are the requirements that indicate that no restrictions should be imposed on the structure of the model and/or its transition relation and that the transition relation should not be known in advance. It is obvious that the Kronecker
Saturation algorithms do not fit into this picture, since they require that the transition relation is partitioned into a Kronecker matrix form. From the General Prebuilt and General On-the-fly Saturation algorithms the former still needs to be able to know the transition relation of the model beforehand, so the only choice left is the General On-the-fly Saturation algorithm.
”How can the chosen version of the Saturation approach be implemented in the LTSmin toolset and what are the consequences for the tool’s architecture?”
The General On-the-fly Saturation algorithm does have certain requirements before it can function properly in the LTSmin toolset. The most important ones are the ability to access low-level MDD
operations and the MDD levels when traversing the MDDs of the transition groups. And related to the use of MDDs is its necessity to store computed parts of the MDD tree of the reachable state space. Although there is the possibility to implement the entire structure of the Saturation algorithm on a high level (e.g. in spec-reach.c), the choice is made to implement the algorithm in the MDD library itself. This prevents introducing extra high-level access to MDD operations, which can cause much clutter in the code. For now, the implementation is done inside MDD libraries with full-fledged implementations of MDD operations, and the initial focus lies on using ATermDD. This library contains MDD operations which can be easily reused within the framework of the Saturation algorithm.
Before the actual implementation it turns out that some issues need to be resolved related to the
Saturation algorithm. From the original pseudo code it turns out that the algorithm makes use of in-place updates to update pointers that point to lower-level MDD nodes. In the LTSmin toolset no in-place updates are used and instead entirely new MDD nodes are constructed with the new node pointers. To incorporate this into the algorithm, an additional adjustment is introduced, namely replacing the iterative function calls with recursive function calls. This makes it possible to construct new MDD nodes at the level of the MDD node entries. Another advantage is a better time complexity. Fortunately the algorithm does not need to be redesigned from scratch with recursive function calls and parts of the algorithm’s design are based on code already present in the MDD library. This code also takes into account the intermediate identity transitions that can occur in MDDs of the transition groups, since the MDD library makes use of fully-reduced MDDs.
71
For the implementation of the Saturation algorithm it turns out that the difference between the Prebuilt and On-the-fly version of the algorithm is small and therefore both versions are implemented in the LTSmin toolset.
The General Prebuilt Saturation algorithm cannot be used on its own (transition relation should be known in advance) and is now part of the option sat-ddd, which basically performs fix-point computations to compute the reachable state space interleaved with extension of the transition groups. The Saturation algorithm replaces the standard fix-point function in this reachability option and updates to the transition groups are performed outside the iteration of this fix-point computation.
For the General On-the-fly Saturation algorithm a new reachability option is added to the LTSmin toolset, named sat-ciardo. An issue to be dealt with here is that the update process of the transition groups as described by G. Ciardo [23] does not fit well inside the LTSmin architecture, since it requires additional changes. Therefore an own version of the update process of transition groups is devised, which makes use of the state space so far to update one of the affected transition groups that start at the current working MDD level.
Next to these design issues, during implementation some other issues occurred which need to be addressed and they are either related to the algorithmic structure of the Saturation algorithm or related to the LTSmin framework. The issues discussed also address the second research question.
Implementation-specific adjustments to the Saturation algorithm are not quite extensive and are easily dealt with. These involve handling the reverse numbering of the MDD levels used in the MDD library, and making use of another data object to be used as key for the lookup table involved in the relational product for purposes in regard to memoization.
Implementation-specific adjustments to the affected parts of the LTSmin toolset are also not too severe and mostly concern making changes to existing functionality. This is trivial for incorporating the new reachability option sat-ciardo as legitimate option and use the General Prebuilt Saturation algorithm as fix-point computation inside the option sat-ddd.
Furthermore the projection operation for projecting an MDD on a given projection list of MDD levels needs to be adjusted slightly, by making it possible to start the projection at a certain intermediate MDD level (and not only for the root MDD level as was the case). Also access to the function that performs the update process of the transition groups needs to be made available from inside the MDD library, which is done by adding an extra pointer reference to this function in the data object that encodes the transition group. Additionally, this pointer reference indicates if transition groups should be updated during Saturation (which is the case when the pointer reference is set).
Finally the usage of a single global lookup table in the ATermDD library for usage by different MDD operations to store intermediate calculated results is not a very good choice due to interference with what the General On-the-fly Saturation algorithm is doing. Although a crude solution has been given by copying the union operation of two MDDs, it is better to devise a more elaborate solution in the future.
73