Model Checking I Binary Decision Diagrams

Similar documents
Behavior models and verification Lecture 6

Boolean Representations and Combinatorial Equivalence

Lecture1: Symbolic Model Checking with BDDs. Edmund M. Clarke, Jr. Computer Science Department Carnegie Mellon University Pittsburgh, PA 15213

Motivation. CS389L: Automated Logical Reasoning. Lecture 5: Binary Decision Diagrams. Historical Context. Binary Decision Trees

Binary Decision Diagrams (BDD)

Binary Decision Diagrams

Binary Decision Diagrams

Unit 4: Formal Verification

Formal Verification. Lecture 7: Introduction to Binary Decision Diagrams (BDDs)

Symbolic Boolean Manipulation with Ordered Binary Decision Diagrams

Symbolic Model Checking

Graph-Based Algorithms for Boolean Function Manipulation

Graph-Based Algorithms for Boolean Function Manipulation 12. Abstract

EECS 219C: Formal Methods Binary Decision Diagrams (BDDs) Sanjit A. Seshia EECS, UC Berkeley

Binary Decision Diagrams and Symbolic Model Checking

Chapter 6: Multilevel Combinational Circuits. Name: Lương Văn Minh No. :

Formal Verification Techniques for Digital Systems

CS357 Lecture: BDD basics. David Dill

Lecture 2: Symbolic Model Checking With SAT

L4: Binary Decision Diagrams. Reading material

Binary Decision Diagrams

Chapter 8: Data Abstractions

Overview. Discrete Event Systems - Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?

Symbolic Manipulation of Boolean Functions Using a Graphical Representation. Abstract

Int. J. Advanced Networking and Applications 1430 Volume:03 Issue:06 Pages: (2012) ISSN :

Lecture Notes on Binary Decision Diagrams

Formal Verification Methods 2: Symbolic Simulation

A Relational View of Subgraph Isomorphism

ECE 5775 (Fall 17) High-Level Digital Design Automation. Binary Decision Diagrams Static Timing Analysis

Set Manipulation with Boolean Functional Vectors for Symbolic Reachability Analysis

Propositional Calculus: Boolean Algebra and Simplification. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson

Network Reliability Computation by using Different Binary Decision Diagrams

L3: Representations of functions

Trees. 3. (Minimally Connected) G is connected and deleting any of its edges gives rise to a disconnected graph.

2009 Haskell January Test Binary Decision Diagrams

Unification in Maude. Steven Eker

Decision Procedures for Recursive Data Structures with Integer Constraints

ALGORITHMS EXAMINATION Department of Computer Science New York University December 17, 2007

A New Optimal Approach for evaluating the size of BDD for calculating the Reliability of a CCN

Overview. CS389L: Automated Logical Reasoning. Lecture 6: First Order Logic Syntax and Semantics. Constants in First-Order Logic.

Digital Circuit Verification using Partially-Ordered State Models

ABC basics (compilation from different articles)

Solving 3-SAT. Radboud University Nijmegen. Bachelor Thesis. Supervisors: Henk Barendregt Alexandra Silva. Author: Peter Maandag s

BDDC v2 A basic bdd-based logical calculator

Computational problems. Lecture 2: Combinatorial search and optimisation problems. Computational problems. Examples. Example

Lecture 5: Predicate Calculus. ffl Predicate Logic ffl The Language ffl Semantics: Structures

BDDC v2 A basic bdd-based logical calculator

CS Bootcamp Boolean Logic Autumn 2015 A B A B T T T T F F F T F F F F T T T T F T F T T F F F

LOGIC SYNTHESIS AND VERIFICATION ALGORITHMS. Gary D. Hachtel University of Colorado. Fabio Somenzi University of Colorado.

COL351: Analysis and Design of Algorithms (CSE, IITD, Semester-I ) Name: Entry number:

Intermediate Code Generation

1 Model checking and equivalence checking

Chapter 9 Graph Algorithms

Propositional Calculus. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson

8.1 Polynomial-Time Reductions

NP-Hardness. We start by defining types of problem, and then move on to defining the polynomial-time reductions.

Reference Sheet for CO142.2 Discrete Mathematics II

Research Collection. Formal background and algorithms. Other Conference Item. ETH Library. Author(s): Biere, Armin. Publication Date: 2001

11/22/2016. Chapter 9 Graph Algorithms. Introduction. Definitions. Definitions. Definitions. Definitions

Chapter 9 Graph Algorithms

Chapter 9 Graph Algorithms

Constraint Satisfaction Problems

Knowledge Compilation Properties of Tree-of-BDDs

Treewidth and graph minors

NO WARRANTY. Use of any trademarks in this presentation is not intended in any way to infringe on the rights of the trademark holder.

Equivalence Checking of Combinational Circuits using Boolean Expression Diagrams

Ashish Sabharwal Computer Science and Engineering University of Washington, Box Seattle, Washington

CS301 - Data Structures Glossary By

MATHEMATICAL STRUCTURES FOR COMPUTER SCIENCE

Exploiting Positive Equality in a Logic of Equality with Uninterpreted Functions

Propositional Calculus: Boolean Functions and Expressions. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson

Lecture 19 Thursday, March 29. Examples of isomorphic, and non-isomorphic graphs will be given in class.

CS 267: Automated Verification. Lecture 6: Binary Decision Diagrams. Instructor: Tevfik Bultan

Beyond the Combinatorial Limit in Depth Minimization for LUT-Based FPGA Designs

Tagged BDDs: Combining Reduction Rules from Different Decision Diagram Types

Algorithms Interview Questions

Normal Forms for Boolean Expressions

Combining Decision Diagrams and SAT Procedures for Efficient Symbolic Model Checking

Towards a Logical Reconstruction of Relational Database Theory

17/05/2018. Outline. Outline. Divide and Conquer. Control Abstraction for Divide &Conquer. Outline. Module 2: Divide and Conquer

Propagating separable equalities in an MDD store

Program verification. Generalities about software Verification Model Checking. September 20, 2016

Discrete mathematics

Automata Theory for Reasoning about Actions

Synthesis 1. 1 Figures in this chapter taken from S. H. Gerez, Algorithms for VLSI Design Automation, Wiley, Typeset by FoilTEX 1

Copyright 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley. Chapter 6 Outline. Unary Relational Operations: SELECT and

10. EXTENDING TRACTABILITY

Chapter 3 Trees. Theorem A graph T is a tree if, and only if, every two distinct vertices of T are joined by a unique path.

NP and computational intractability. Kleinberg and Tardos, chapter 8

The Parallelization of Binary Decision Diagram operations for model checking

A purely functional implementation of ROBDDs in Haskell

Binary Decision Diagram with Minimum Expected Path Length

1 Maximum Independent Set

Computer Science. Using Ordered Binary-Decision Diagrams for Compressing Images and Image Sequences

Definition: A context-free grammar (CFG) is a 4- tuple. variables = nonterminals, terminals, rules = productions,,

Introduction to Automata Theory. BİL405 - Automata Theory and Formal Languages 1

CS 267: Automated Verification. Lecture 13: Bounded Model Checking. Instructor: Tevfik Bultan

1/28/2013. Synthesis. The Y-diagram Revisited. Structural Behavioral. More abstract designs Physical. CAD for VLSI 2

15-819M: Data, Code, Decisions

A BDD-Based Polytime Algorithm for Cost-Bounded Interactive Configuration

Transcription:

/42 Model Checking I Binary Decision Diagrams Edmund M. Clarke, Jr. School of Computer Science Carnegie Mellon University Pittsburgh, PA 523

2/42 Binary Decision Diagrams Ordered binary decision diagrams (OBDDs) are a canonical form for boolean formulas. OBDDs are often substantially more compact than traditional normal forms. Moreover, they can be manipulated very efficiently. R. E. Bryant. Graph-based algorithms for boolean function manipulation. IEEE Transactions on Computers, C-35(8), 986.

3/42 Binary Decision Trees To motivate our discussion of binary decision diagrams, we first consider binary decision trees. A binary decision tree is a rooted, directed tree with two types of vertices, terminal vertices and nonterminal vertices. Each nonterminal vertex v is labeled by a variable var(v) and has two successors: low(v) corresponding to the case where the variable v is assigned, and high(v) corresponding to the case where the variable v is assigned. Each terminal vertex v is labeled by value(v) which is either or.

4/42 Binary Decision Trees (Cont.) A BDD for the two-bit comparator given by the formula is shown in the figure below: f(a,a 2,b,b 2 ) = (a b ) (a 2 b 2 ), a b b aa aa aa a a 2 2 2 2 2 2 22 b b b b b b b b 2 b b b b 2 2 2 2 2 2 2

5/42 Binary Decision Trees (Cont.) We can decide if a truth assignment satisfies the formula as follows: Traverse the tree from the root to a terminal vertex. If variable v is assigned, the next vertex on the path will be low(v). If variable v is assigned, the next vertex on the path will be high(v). The value that labels the terminal vertex will be the value of the function for this assignment. In the comparator example, the assignment a, a 2, b, b 2 leads to a leaf vertex labeled, so the formula is false for this assignment.

6/42 A More Concise Representation Binary decision trees do not provide a very concise representation for boolean functions. However, there is usually a lot of redundancy in such trees. In the comparator example, there are eight subtrees with roots labeled by b 2, but only three are distinct. Thus, we can obtain a more concise representation by merging isomorphic subtrees. This results in a directed acyclic graph (DAG) called a binary decision diagram.

7/42 Binary Decision Diagrams More precisely, a binary decision diagram is a rooted, directed acyclic graph with two types of vertices, terminal vertices and nonterminal vertices. Each nonterminal vertex v is labeled by a variable var(v) and has two successors, low(v) and high(v). Each terminal vertex is labeled by either or.

8/42 Binary Decision Diagrams (cont d) A binary decision diagram with root v determines a boolean function f v (x,...,x n ) in the following manner:. If v is a terminal vertex:. If value(v) = then f v(x,..., x n) =..2 If value(v) = then f v(x,..., x n) =. 2. If v is a nonterminal vertex with var(v) = x i then f v (x,...,x n ) is given by x i f low(v) (x,...,x n ) + x i f high(v) (x,...,x n )

9/42 Canonical Form Property In practical applications, it is desirable to have a canonical representation for boolean functions. This simplifies tasks like checking equivalence of two formulas and deciding if a given formula is satisfiable or not. Such a representation must guarantee that two boolean functions are logically equivalent if and only if they have isomorphic representations.

/42 Canonical Form Property (Cont.) Two binary decision diagrams are isomorphic if there exists a bijection h between the graphs such that terminals are mapped to terminals and nonterminals are mapped to nonterminals, for every terminal vertex v, value(v) = value(h(v)), and for every nonterminal vertex v: var(v) = var(h(v)), h(low(v)) = low(h(v)), and h(high(v)) = high(h(v)).

/42 Canonical Form Property (Cont.) Bryant showed how to obtain a canonical representation for boolean functions by placing two restrictions on binary decision diagrams: First, the variables should appear in the same order along each path from the root to a terminal. Second, there should be no isomorphic subtrees or redundant vertices in the diagram.

2/42 Canonical Form Property (Cont.) The first requirement is easy to achieve: We impose total ordering < on the variables in the formula. We require that if vertex u has a nonterminal successor v, then var(u) < var(v).

3/42 Canonical Form Property (Cont.) The second requirement is achieved by repeatedly applying three transformation rules that do not alter the function represented by the diagram: Remove duplicate terminals: Eliminate all but one terminal vertex with a given label and redirect all arcs to the eliminated vertices to the remaining one. Remove duplicate nonterminals: If nonterminals u and v have var(u) = var(v), low(u) = low(v) and high(u) = high(v), then eliminate one of the two vertices and redirect all incoming arcs to the other vertex. Remove redundant tests: If nonterminal vertex v has low(v) = high(v), then eliminate v and redirect all incoming arcs to low(v).

4/42 Canonical Form Property (Cont.) The canonical form may be obtained by applying the transformation rules until the size of the diagram can no longer be reduced. Bryant shows how this can be done by a procedure called Reduce in linear time.

5/42 Ordered Binary Decision Diagrams The term ordered binary decision diagram (OBDD) will be used to refer to the graph obtained in this manner. If OBDDs are used as a canonical form for boolean functions, then checking equivalence is reduced to checking isomorphism between OBDDs, and satisfiability can be determined by checking equivalence with the trivial OBDD that consists of only one terminal labeled by.

6/42 OBDD for Comparator Example If we use the ordering a < b < a 2 < b 2 for the comparator function, we obtain the OBDD below: a b b a 2 b b 2 2

7/42 Variable Ordering Problem The size of an OBDD depends critically on the variable ordering. If we use the ordering a < a 2 < b < b 2 for the comparator function, we get the OBDD below: a a 2 a 2 b b b b b b 2 2

8/42 Variable Ordering Problem (Cont.) For an n-bit comparator: if we use the ordering a < b <... < a n < b n, the number of vertices will be 3n + 2. if we use the ordering a <... < a n < b... < b n, the number of vertices is 3 2 n. In general, finding an optimal ordering is known to be NP-complete. Moreover, there are boolean functions that have exponential size OBDDs for any variable ordering. An example is the middle output (n th output) of a combinational circuit to multiply two n bit integers.

9/42 Heuristics for Variable Ordering Heuristics have been developed for finding a good variable ordering when such an ordering exists. The intuition for these heuristics comes from the observation that OBDDs tend to be small when related variables are close together in the ordering. The variables appearing in a subcircuit are related in that they determine the subcircuit s output. Hence, these variables should usually be grouped together in the ordering. This may be accomplished by placing the variables in the order in which they are encountered during a depth-first traversal of the circuit diagram.

2/42 Dynamic Variable Ordering A technique, called dynamic reordering appears to be useful if no obvious ordering heuristic applies. When this technique is used, the OBDD package internally reorders the variables periodically to reduce the total number of vertices in use.

2/42 Logical Operations on OBDDs We begin with the function that restricts some argument x i of the boolean function f to a constant value b. This function is denoted by f xi b and satisfies the identity f xi b (x,...,x n ) = f(x,...,x i,b,x i+,...,x n ). If f is represented as an OBDD, the OBDD for the restriction f xi b is computed by a depth-first traversal of the OBDD. For any vertex v which has a pointer to a vertex w such that var(w) = x i, we replace the pointer by low(w) if b is and by high(w) if b is. When the graph is not in canonical form, we apply Reduce to obtain the OBDD for f xi b.

22/42 Logical Operations (Cont.) All 6 two-argument logical operations can be implemented efficiently on boolean functions that are represented as OBDDs. In fact, the complexity of these operations is linear in the size of the argument OBDDs. The key idea for efficient implementation of these operations is the Shannon expansion f = x f x +x f x.

23/42 Logical Operations (Cont.) Bryant gives a uniform algorithm called Apply for computing all 6 logical operations. Let be an arbitrary two argument logical operation, and let f and f be two boolean functions. To simplify the explanation of the algorithm we introduce the following notation: v and v are the roots of the OBDDs for f and f. x = var(v) and x = var(v ).

24/42 Logical Operations OBDDs (Cont.) We consider several cases depending on the relationship between v and v. If v and v are both terminal vertices, then f f = value(v) value(v ). If x = x, then we use the Shannon expansion f f = x (f x f x ) + x (f x f x ) to break the problem into two subproblems. The subproblems are solved recursively. The root of the resulting OBDD will be v with var(v) = x. Low(v) will be the OBDD for (f x f x ). High(v) will be the OBDD for (f x f x ).

25/42 Logical Operations OBDDs (Cont.) If x < x, then f x = f x = f since f does not depend on x. In this case the Shannon Expansion simplifies to f f = x (f x f ) + x (f x f ) and the OBDD for f f is computed recursively as in the second case. If x < x, then the required computation is similar to the previous case.

26/42 Logical Operations (Cont.) By using dynamic programming, it is possible to make the algorithm polynomial. A hash table is used to record all previously computed subproblems. Before any recursive call, the table is checked to see if the subproblem has been solved. If it has, the result is obtained from the table; otherwise, the recursive call is performed. The result must be reduced to ensure that it is in canonical form.

27/42 OBDD Extensions A single OBDD can be used to represent a collection of boolean functions: The same variable ordering is used for whole the collection. As before, no isomorphic subgraphs or redundant vertices. Two functions in the collection are identical if and only if they have the same root. Consequently, checking whether two functions are equal can be implemented in constant time.

28/42 OBDD Extensions (Cont.) A possible extension is to add labels to the arcs in the graph to denote boolean negation. This makes it unnecessary to use different subgraphs to represent a formula and its negation. Canonicity?

29/42 OBDDs and Finite Automata OBDDs can also be viewed as deterministic finite automata (DFAs). An n-argument boolean function can be identified with the set of strings in {,} n that evaluate to. This is a finite language. Finite languages are regular. Hence, there is a minimal DFA that accepts the language. The DFA provides a canonical form for the original boolean function. Logical operations on boolean functions can be implemented by standard constructions from elementary automata theory.

3/42 Representing Finite Relations OBDDs are extremely useful for obtaining concise representations of relations over finite domains. If R is an n-ary relation over {,} then R can be represented by the OBDD for its characteristic function f R (x,...,x n ) = iff R(x,...,x n ). J. R. Burch, E. M. Clarke, K. L. McMillan, D. L. Dill, and L. J. Hwang. Symbolic model checking: 2 states and beyond. Information and Computation, 98(2):42 7, June 992. J. R. Burch, E. M. Clarke, D. E. Long, K. L. McMillan, and D. L. Dill. Symbolic model checking for sequential circuit verification. IEEE Transactions on Computer-Aided Design of Integrated Circuits, 3(4):4 424, 994.

3/42 Representing Relations (Cont.) Suppose R is an n-ary relation over the domain D, where D has 2 m elements for some m >. To represent R as an OBDD, we simply encode elements of D using a binary representation. Formally, we use a bijection φ : {,} m D that maps each boolean vector of length m to an element of D. We construct a new boolean relation R of arity m n according to the following rule: R ( x,..., x n ) = R(φ( x ),...,φ( x n )) where x i is a vector of m boolean variables which encodes the variable x i that takes values in D. R can now be represented as the OBBD for the characteristic function f R of R.

32/42 Representing Relations (Cont.) This technique can be easily extended to relations over different domains, D,...,D n. Since sets can be viewed as unary relations, the same technique can be used to represent sets as OBDDs.

33/42 Quantified Boolean Formulas (QBF) Sometimes it is convenient to use existential or universal quantification over boolean variables. The resulting logic is the logic of Quantified Boolean Formulas (QBF). Suppose x is a propositional variable. The QBF formula x.f is true iff: f x is true or f x is true. The QBF formula x.f is true iff: f x is true and f x is true. (We identify with true and identify with false.)

34/42 QBF Syntax, cont d Formally: Given a set of propositional variables V = {v,...,v n }, QBF(V ) is the smallest set of formulas such that every variable in V is a formula, if f and g are formulas, then f, f g, and f g are formulas, and if f is a formula and v V, then vf and vf are formulas.

35/42 Truth Assignments A truth assignment for QBF(V ) is a function σ : V {,}. If a {,}, then we will use the notation σ v a for the truth assignment defined by { a if v = w σ v a (w) = σ(w) otherwise. If f is a formula in QBF(V ) and σ is a truth assignment, we will write σ = f when f is true under the assignment σ.

36/42 QBF Semantics The relation = is defined recursively in the obvious manner: σ = v, iff σ(v) =, σ = f, iff σ = f, σ = f g, iff σ = f, or σ = g, σ = f g, iff σ = f, and σ = g, σ = vf, iff σ v = f, or σ v = f, σ = vf, iff σ v = f, and σ v = f

37/42 QBF formulas and Relations QBF formulas have the same expressive power as ordinary propositional formulas; however, they are sometimes much more concise. Every QBF formula determines an n-ary boolean relation consisting of those truth assignments for the variables in V that make the formula true. We will identify each formula with the boolean relation that it determines.

38/42 QBF formulas and Relations Previously, we showed how to associate an OBDD with each formula of propositional logic. In principle, it is easy to construct OBDDs for vf and vf when f is given as an OBDD. xf = f x +f x xf = f x f x In practice, however, special algorithms are needed to handle quantifiers efficiently.

39/42 Relational Products In model checking, quantifiers occur most frequently in relational products v [ f( v) g( v) ]. We give an algorithm that performs this computation in one pass over the OBDDs f( v) and g( v). This is important since we avoid constructing the OBDD for f( v) g( v). Before giving the algorithm for the relational product v [ f( v) g( v) ] let s review the algorithm for normal conjunction, f( v) g( v)

4/42 Conjunction Conjoin(f, g: OBDD) if f =false g=false then return false else if f =true g=true then return true else if cache[(f, g)] null then return cache[(f, g)] else let x be the top variable of f let y be the top variable of g let z be the topmost of x and y h := Conjoin(f z=,g z= ) h := Conjoin(f z=,g z= ) h := IfThenElse(z,h,h ) / BDD for (z h ) ( z h ) / cache[(f,g)] := h return h endif

4/42 Relational Products (Cont.) RelProd(f, g: OBDD, E : set of variables) if f =false g=false then return false else if f =true g=true then return true else if cache[(f, g, E)] null then return cache[(f, g, E)] else let x be the top variable of f let y be the top variable of g let z be the topmost of x and y h := RelProd(f z=,g z=,e) h := RelProd(f z=,g z=,e) if z E then h := Or(h,h ) / BDD for h h / else h := IfThenElse(z,h,h ) / BDD for (z h ) ( z h ) / endif cache[(f,g,e)] := h return h endif

42/42 Relational Products (Cont.) Like many OBDD algorithms, RelProd uses a result cache. In this case, entries in the cache have the form ((f,g,e),h), where E is a set of variables that are quantified out and f, g and h are OBDDs. If such an entry is in the cache, then a previous call to RelProd(f,g,E) returned h as its result. Although the algorithm works well in practice, it has exponential complexity in the worst case.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback