Guided Trajectory Exploration of GT systems presented at PNGT 2010

Budapest University of Technology and EconomicsPetri Nets and Graph Transformation 2010, Enschede, The Netherlands

Guided State Space Exploration using Back-annotation of Occurrence Vectors

Ábel Hegedüs, Dániel Varró

([email protected])

Budapest University of Technology and Economics

Fault Tolerant Systems Research Group

Contents

Motivation

Problem definition

Approach overview

Back-annotating abstractions

Guided state space exploration

Outlook & Summary

Motivating example Service configuration:

o Regular status check reveals problems (e.g. service down)

o Maintenance operations are performed to resolve issues

Active

Standby Down

Up




Approach:o Different type of operations

o Various operation sequences possible

• Which operations to choose?

• Execution order?

Active

Standby Down

Up

Failover








Active

Standby Down

Up

Remove

Unregister

Stand by








Goal:o Calculate solution that satisfies

the required service configuration• E.g. At least half of the services have

standby backups, services that are down are removed.

Active

Standby Down

Up

Remove

Stand byPower on

Problem definition

Given: a GTS with

o Initial graph

o GT rules (optionally with cost)

o Goals

o Global constraints

Problem: Find trajectory

o From initial graph to the goal state

o Satisfying all global constraints

fail-over

Remove services that are down, etc.

Maximum number of deployed services

Example GTS

Service

active / standby

up/down backup

fail-over

power on

Active

Standby

Down

Upfail-over

stand by detach

remove

Service

standby

Service

backup

down

Service

active

Service

down register

unregister

Example Problem Definition Current configuration:

o 2 active serviceso 2 standby serviceso 2 down services

Constraintso Maximum 7 services

powered on Goal:

o Serve 4 requests simultaneously

Problem:o Find a trajectory satisfying

all constraints Active

Standby Down

Up

State space exploration

Approach overview

GTS

GT rules + Initial graph

Service powered on ≤ 7

Goal

Constraints

Strategy

Serve 4 requests

?


Guided traversal approaches:

o Naive heuristic:

• Depth First Search, Breadth First Search

o Branch and bound:

• Current best solution

• Best solution, as soon as possible

o Abstraction-guided traversal:

• Use hints to prune search space (PNGT 2006)

• Successfully used in other approaches– CSP(M) (MODELS 2009)


remove

register

failover

power on

detach

power

on

register failover

stand by

remove

detach

failover

Constraint violation: Max services exceeded

Rules may enable the execution of an other rule

Rules may enable the execution of an other ruleDependency

Abstraction:• Simplify search• Numerical solution


remove

register

failover

power on

detach

power

on

register failover

stand by

remove

detach

failover

Guidence 1: Cut-offTerminate branches whennot promising/compliant

Guidence 2: SelectionChoose most promisingbranch when there aremultiple choices

Approach overview


GTS

Goal

Constraints

Strategy

PN modelILP

problem

Goal reached?

No

Yes

Trajectory

SolutionSolution 2

Abstraction

GTS to Cardinality P/T nets (ICGT 2006) General idea:

o Abstract from concrete graph structure

o Keep track only the number of graph elements of a certain type

PN = F(GTS):o types placeso instances tokenso rules transitionso input places: left-hand side of

rule (LHS)o output places: right-hand side of

rule (RHS)

Algebraic representation of PN:o Incidence matrix W|P|x|T|

• Wi,j = w(ti, pj) – w(pj, ti)

o State equationo Transition occurrence vector

fail-over

Service

standby

Service

backup

down

Service

active

Servicedown

Service

down

standby

up

active

backup

2

0kM M W

Se Ac St Up Do Ba

Fail-over 0 1 -1 0 0 -1

… … … … … … …

Overview of abstractions

Abstract value set o Instances tokens

o Integer boolean/enumeration

o Complex data structure (e.g. SOAP message) simple

Abstract behavioro Delete/create Instance number change

o Complex actions one step

o Decisions, conditions nondeterministic choice

Abstract timeo Order of transition execution lost in algebraic solution

o No ordering for steps, only final state available

SolutionSolution 2

Approach overview


GTS

Goal

Constraints

Strategy

PN modelILP

problem

Goal reached?

No

Yes

Trajectory

Back-annotation

Back-annotation

Value set abstractiono Choose significant values (test data)

Dynamic behavioro Create mapping between dynamic semanticso Nontrivial issues (SEFM 2010)o Similar problems in Business Process Verification

• BPEL – design model• PN/SAL – analysis model Petri Net

SimulatorBPEL

Designer

BPEL2PN

Back-ann.

Fire Transition

SelectTransition

Fire Transition

SelectTransition

Add Tokens

Delete Tokens

BPEL ActivityExecuted

BPEL Activity Runs

BPEL ActivityStartable

Back-annotation

Time abstraction

o Input: (analysis) trace data without ordering

o Output: feasible (design) trajectory

o State space exploration using trace data

• Guide exploration using back-annotation!

failover

remove

remove

failover

remove

Main contribution

Approach overview


GTS

Goal

Constraints

Strategy

PN modelILP

problem

Goalreached?

No

Yes

Trajectory

SolutionSolution 2

Dependency graph

Given: GTS GT rule dependency ab:

o b has casual dependency on ao execution of the rule may increase

the match set of the other

Dependency grapho nodes: ruleso edges: rule dependencyo directed graph

stand by

register

a

c

b

d

a

b

Guided traversal

Our idea:

o Combine occurrence vector (σ) with dependency graph

o Nodes (rules) with number of rule executions on the „guessed” trajectory (σ[a])

o Traversal based on graph

o Keep track of rule execution

• rule a:

– #{remaining execution} = σ[a]-#{executions}

unr

reg

stby

det

failo

rem2

0

1 02

1

po

1

Tracking execution

unr

reg

stby

det

failo

rem2

0

1 02

1

po

1

remove failover

unr

reg

stby

det

failo

rem1

0

1 02

1

po

1unr

reg

stby

det

failo

rem1

0

1 02

0

po

1

Cut-off criteria

Non-compliant path (look-ahead)o An enabled rule with #{remaining execution} = 0

Permanently disabled ruleo disabled rule with #{remaining execution} > 0o Potentially enabler rules with #{remaining execution} = 0

unr

reg

stby

det

failo

rem2

0

0 02

1

po

1unr

reg

stby

det

failo

rem2

0

1 00

1

po

1

Idea: Execute the rule whicho drives the traversalo towards the enablement of rules with high #{remaining

execution}

Maximum forward-dependent application patho Calculate #{remaining execution} for paths starting from

enabled ruleso Possible path calculation algorithms:

• Every node once• Handle nodes on multiple paths• Handle loops

o Select rule with maximum value

Selection criteria

unr

reg

stby

det

failo

rem1

0

1 02

1

po

1 2

6?

Selection criteria Idea: Eliminate short paths early

o by driving the executiono toward satisfying cut-off criteria

Minimum backward-dependent application patho Calculate #{remaining execution}o for reverse paths starting from rules affected by

enabled ruleso Select rule with minimum value

unr

reg

stby

det

failo

rem1

0

1 02

1

po

1

1

1

12

1

Example execution

unr

reg

stby

det

failo

rem2

0

1 02

1

po

1

power on

unr

reg

stby

det

failo

rem2

0

1 01

1

po

1

Max service ≤ 7

Max fwd-dep Max fwd-dep & Min bwd-dep

failover remove

unr

reg

stby

det

failo

rem2

0

1 01

0

po

1

Outlook

Ongoing experimental evaluation

Implementation

o Modular approach with customizable criteria

Further refinement directions

oMore sophisticated criteria

o Use critical pair graph as well

o Limit evaluated path length

o Priority, cost

• It’s more important to have the service running than removing the services that are down

Summary

Advanced state space traversal guidance

o using analysis techniques

o back-annotation of abstraction

o path evaluation on attributed graph

o extensible cut-off and selection criteria

Thank you!