Graph Subsumption in Abstract State Space Exploration

ion is an essential ingredient in nearly all methods for system analysis and verification and as such there is a vast body of work describing the use of abstractions in different domains. In this section we give a (non-exhaustive) discussion on related work that involves state space traversal and graphs. In [11], Holte et al. tackle the area of problem solving in artificial intelligence, which boils down to finding the shortest path between a start and a goal state. There is a relation of opposition between solution quality (the path length) and search effort (states traversed) and many heuristics can be used to guide the search. The authors define a so-called “explicit graph notation”, where the state space is represented by a labelled transition system (LTS), and they proceed to define abstraction algorithms that can be used to speed-up the search. One of such algorithms, called STAR, works by building state classes that are connected up to a certain abstraction radius. Despite having many similar concepts with our work, the abstractions used by Holte are not state abstractions; they operate on the LTS level and not on the state representation. Furthermore, the concrete state spaces considered in [11] are always finite. E. Zambon & A. Rensink 47 2 3 4 5 6 6-F 100 101 102 103 Start graph T im e (s ) BFS DFS Figure 5: Running time (with subsumption on) versus start graph size for the firewall grammar. In [6], Edelkamp et al. consider the problem of partial analysis/exploration of the state space of graph transformation systems. As in the work of Holte et al., this amounts to a guided search over the concrete state space where abstraction can be used as an heuristic. Properties of interest for the analysis usually encompass existential checks for graph structures; e.g., is a graph with a certain node and edge configuration reachable from the start state? Any abstraction that preserves reachability of the goal state in the abstract state space can be used to define an heuristic for the guided search in the concrete level. Since our neighbourhood abstraction preserves reachability, it could in principle be used as the abstraction mechanism for an heuristic search. However, performance may be an issue, since computing the transitions of an abstract state is a rather expensive operation. Concerning the verification of infinite-state graph transformation systems, König et al. have an extensive corpus of work, starting with [2]. Given a graph grammar their analysis technique extracts an approximated unfolding; a finite structure (called Petri graph) that is composed of a hyper-graph and a Petri net. The Petri graph captures all structure that can occur in the reachable graphs of the system, and dependencies for rule applications are recorded by the Petri net transitions. The final Petri graph obtained is an over-approximation that can be used to check safety properties in the original system. If a spurious counter-example is introduced by the over-approximation, the abstraction can be incrementally refined [12]. These techniques are implemented in the tool AUGUR which is now in its second version [13]. An experimental comparison between this tool and our implementation is considered as future work. 6 Conclusions and Future Work In this paper we present an abstraction technique for the exploration of graph transformation systems with infinite state spaces. We explain the main points of neighbourhood abstraction as implemented in GROOVE and we propose a new method for state collapsing, based on the concept of shape subsumption. Experimental results show that subsumption gives a significant reduction on the number of states that have to be explored, thus improving both the running time and memory consumption of the tool. Furthermore, the experiments also show that the choice of the exploration strategy has a heavy influence on performance, with DFS giving much better results. 48 Graph Subsumption in Abstract State Space Exploration We see the results presented in this paper as an important achievement over the original implementation of abstraction in GROOVE. As any tool developer would know, performance improvements in programs that deal with highly combinatorial problems such as state space exploration usually involve a painstaking cycle of refactorings, experimentation and fine-tuning. Our case was no different, where the original abstraction code had to be rewritten from scratch in order to accommodate shape subsumption. A further improvement over the code from [18] is that rules with NACs (negative application conditions) are now also supported, which increases rule expressivity. There are many directions where the current research/tool can be extended. Aside from the usual points, such as additional experimentation with more test cases and comparison with other tools, we consider the following items as future work. • Stronger notion of subsumption. The subsumption relation presented here depends on the existence of an isomorphism between two shapes. This dependence can be weakened by requiring only the existence of an embedding morphism between the shapes, which is not an isomorphism but instead an injective sub-graph morphism, similar to a rule match. This weakening of the subsumption pre-condition makes the relation stronger, and thus should lead to further reductions of the state space. This new relation, however, requires additional refactoring of the code, since we can no longer re-use the isomorphism checking package from GROOVE. • More expressive notions of abstraction. While neighbourhood abstraction can be used for many different classes of problems, it does not fare very well when some structural properties should be preserved by the abstraction. It cannot, for example, represent connectivity information between nodes. When the abstraction does not limit the possible concrete structures that can be generated, all cases have to be considered and this leads to a blow-up in the abstract state space size that can cripple performance. We can see this from the results for the car-platoon grammar in Table 1: the number of states in the state space is too large, and execution was aborted due to an out-ofmemory error. To tackle these problems, other notions of abstraction are thus in order. We are currently working on the theory for a pattern based abstraction, a method that will allow certain graph structures of interest to be preserved in the abstract domain. Availability. The current abstraction extension described in this paper is implemented in GROOVE version 4.4.6, available at http://groove.cs.utwente.nl. The grammars for the experiments described in Section 4 along with the results obtained can also be downloaded at the same address.