Formal Verification. Lecture 7: Introduction to Binary Decision Diagrams (BDDs)

Similar documents
Binary Decision Diagrams

Symbolic Model Checking

Motivation. CS389L: Automated Logical Reasoning. Lecture 5: Binary Decision Diagrams. Historical Context. Binary Decision Trees

Behavior models and verification Lecture 6

Lecture Notes on Binary Decision Diagrams

Boolean Representations and Combinatorial Equivalence

Model Checking I Binary Decision Diagrams

EECS 219C: Formal Methods Binary Decision Diagrams (BDDs) Sanjit A. Seshia EECS, UC Berkeley

Unit 4: Formal Verification

Binary Decision Diagrams (BDD)

Research Collection. Formal background and algorithms. Other Conference Item. ETH Library. Author(s): Biere, Armin. Publication Date: 2001

CS357 Lecture: BDD basics. David Dill

Binary Decision Diagrams

CS 267: Automated Verification. Lecture 13: Bounded Model Checking. Instructor: Tevfik Bultan

Binary Decision Diagrams (BDDs) Pingqiang Zhou ShanghaiTech University

Lecture 2: Symbolic Model Checking With SAT

Advanced VLSI Design Prof. Virendra K. Singh Department of Electrical Engineering Indian Institute of Technology Bombay

Chapter 8: Data Abstractions

Binary Decision Diagrams

Synthesis 1. 1 Figures in this chapter taken from S. H. Gerez, Algorithms for VLSI Design Automation, Wiley, Typeset by FoilTEX 1

ECE 5775 (Fall 17) High-Level Digital Design Automation. Binary Decision Diagrams Static Timing Analysis

Overview. Discrete Event Systems - Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?

Normal Forms for Boolean Expressions

On the Relation between SAT and BDDs for Equivalence Checking

L4: Binary Decision Diagrams. Reading material

2009 Haskell January Test Binary Decision Diagrams

Propositional Calculus: Boolean Algebra and Simplification. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson

Binary Decision Diagrams and Symbolic Model Checking

Formal Verification Methods 2: Symbolic Simulation

System Correctness. EEC 421/521: Software Engineering. System Correctness. The Problem at Hand. A system is correct when it meets its requirements

NP versus PSPACE. Frank Vega. To cite this version: HAL Id: hal

VLSI Logic Test, Validation and Verification Lecture 7 Properties & Applications of Binary Decision Diagrams

A Firewall Application Using Binary Decision Diagram

Bits, Words, and Integers

Lecture (03) Binary Codes Registers and Logic Gates

Propositional Logic Formal Syntax and Semantics. Computability and Logic

Finite State Verification. CSCE Lecture 14-02/25/2016

Transistors NODES. Time (sec) No. of Nodes/Transistors

Horn Formulae. CS124 Course Notes 8 Spring 2018

Formal Verification: Practical Exercise Model Checking with NuSMV

Symbolic Representations and Analysis of Large Probabilistic Systems

To prove something about all Boolean expressions, we will need the following induction principle: Axiom 7.1 (Induction over Boolean expressions):

Note that in this definition, n + m denotes the syntactic expression with three symbols n, +, and m, not to the number that is the sum of n and m.

1/28/2013. Synthesis. The Y-diagram Revisited. Structural Behavioral. More abstract designs Physical. CAD for VLSI 2

Automated Reasoning Lecture 3: The NuSMV Model Checker

Finite State Verification. CSCE Lecture 21-03/28/2017

Advanced Computer Networks. Rab Nawaz Jadoon DCS. Assistant Professor COMSATS University, Lahore Pakistan. Department of Computer Science

CS 125 Section #4 RAMs and TMs 9/27/16

Computer Organization

NP-Hardness. We start by defining types of problem, and then move on to defining the polynomial-time reductions.

NP-Completeness. Algorithms

Introduction to Computer Architecture

Basic operators, Arithmetic, Relational, Bitwise, Logical, Assignment, Conditional operators. JAVA Standard Edition

Computer Organization and Levels of Abstraction

Application of Binary Decision Diagram in digital circuit analysis.

Binary Decision Diagram with Minimum Expected Path Length

Network Reliability Computation by using Different Binary Decision Diagrams

Boolean Functions (Formulas) and Propositional Logic

ALGORITHMS EXAMINATION Department of Computer Science New York University December 17, 2007

(Refer Slide Time 6:48)

A Relational View of Subgraph Isomorphism

8.1 Polynomial-Time Reductions

To prove something about all Boolean expressions, we will need the following induction principle: Axiom 7.1 (Induction over Boolean expressions):

Solving Boolean Equations with BDDs and Clause Forms. Gert Smolka

Foundations of Computer Science Spring Mathematical Preliminaries

GO - OPERATORS. This tutorial will explain the arithmetic, relational, logical, bitwise, assignment and other operators one by one.

CITS5501 Software Testing and Quality Assurance Formal methods

Lecture 10: Combinational Circuits

Lecture1: Symbolic Model Checking with BDDs. Edmund M. Clarke, Jr. Computer Science Department Carnegie Mellon University Pittsburgh, PA 15213

Standard Boolean Forms

2/5/2018. Expressions are Used to Perform Calculations. ECE 220: Computer Systems & Programming. Our Class Focuses on Four Types of Operator in C

Model Checkers for Test Case Generation: An Experimental Study

A purely functional implementation of ROBDDs in Haskell

1 Definition of Reduction

Int. J. Advanced Networking and Applications 1430 Volume:03 Issue:06 Pages: (2012) ISSN :

Expressions. Eric McCreath

Propositional Calculus: Boolean Functions and Expressions. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson

Solving 3-SAT. Radboud University Nijmegen. Bachelor Thesis. Supervisors: Henk Barendregt Alexandra Silva. Author: Peter Maandag s

Finite Model Generation for Isabelle/HOL Using a SAT Solver

Computer Organization and Levels of Abstraction

Qualitätssicherung von Software (SWQS)

THE LOGIC OF COMPOUND STATEMENTS

Specifying logic functions

Symbolic Trajectory Evaluation - A Survey

Logic Model Checking

Australian Journal of Basic and Applied Sciences. Timing Analysis on Min-term Based Tabular Method for BDD Manipulations

(Refer Slide Time 3:31)

Symbolic Manipulation of Boolean Functions Using a Graphical Representation. Abstract

The Parallelization of Binary Decision Diagram operations for model checking

Combinational Logic & Circuits

Formal Methods in Software Engineering. Lecture 07

Reference Sheet for CO142.2 Discrete Mathematics II

Decision Procedures in the Theory of Bit-Vectors

Local Two-Level And-Inverter Graph Minimization without Blowup

Ashish Sabharwal Computer Science and Engineering University of Washington, Box Seattle, Washington

A Case Study for CTL Model Update

CS Bootcamp Boolean Logic Autumn 2015 A B A B T T T T F F F T F F F F T T T T F T F T T F F F

Lecture 6: Arithmetic and Threshold Circuits

Finite Math - J-term Homework. Section Inverse of a Square Matrix

6.1 Combinational Circuits. George Boole ( ) Claude Shannon ( )

Transcription:

Formal Verification Lecture 7: Introduction to Binary Decision Diagrams (BDDs) Jacques Fleuriot jdf@inf.ac.uk Diagrams from Huth & Ryan, 2nd Ed.

Recap Previously: CTL and LTL Model Checking algorithms This time: Binary Decision Diagrams Reduced Binary Decision Diagrams Reduced Ordered Binary Decision Diagrams

Model Checking needs Very Large Sets Given a model M = S, S 0,, L and a formula ϕ, the CTL model checking algorithm translates CTL formulas into sets of states: ϕ S For realistic models, the size of S can be enormous.

Model Checking needs Very Large Sets Given a model M = S, S 0,, L and a formula ϕ, the CTL model checking algorithm translates CTL formulas into sets of states: ϕ S For realistic models, the size of S can be enormous. Example: The NuSMV 2.6 distribution contains an example guidance, which is a model of part of the Shuttle s autopilot. According to NuSMV: NuSMV > print_reachable_states ###################################################################### system diameter: 70 reachable states: 2.10443e+14 (2^47.5804) out of 2.63684e+27 (2^91.0909) ###################################################################### If each state is represented using 96 bits, it would need at least approx 2.52 petabytes to explicitly store the set of all reachable states.

Representing states as Boolean functions Idea: represent sets of states as boolean functions. 1. Represent each state as a binary string in {0, 1} k 2. Represent a set of states as a function f : {0, 1} k {0, 1} f (w) = 1 if the state represented by w is in the set f (w) = 0 if the state represented by w is not in the set representation of sets by their characteristic functions

Representing states as Boolean functions Idea: represent sets of states as boolean functions. 1. Represent each state as a binary string in {0, 1} k 2. Represent a set of states as a function f : {0, 1} k {0, 1} f (w) = 1 if the state represented by w is in the set f (w) = 0 if the state represented by w is not in the set representation of sets by their characteristic functions The set of all states could be represented as: 1. a data structure with 2.63684 10 27 nodes; or 2. the boolean function: f (w) = 1 How to represent boolean functions?

Representations of Boolean Functions From H&R, Figure 6.1 test for Operations Representation compact? satisf y validity Prop. Formulas often hard hard easy easy easy Formulas in DNF sometimes easy hard hard easy hard Formulas in CNF sometimes hard easy easy hard hard Truth Tables never hard hard hard hard hard Reduced OBDDs often easy easy medium medium easy Space complexity of representations and time complexities of operations on those representations. Note: With a truth table representation, while operations are conceptually easy, especially when table rows are always listed in some standard order, the time complexities are hard, as table sizes and hence operation time complexities are always exponential in the number of input variables.

Binary decision trees Tree for the boolean function f (x, y) = x y x y y 1 0 0 0 Note on notation: 0, 1 for (False), (True) Often also have: +,, for,, To compute value: 1. Start at root 2. Take dashed line if value of var at current node is 0 3. Take solid line if value of var at current node is 1 4. Function value is value at terminal node reached

Binary decision diagram Similar to Binary Decision Trees, except that nodes can have multiple in-edges. A binary decision diagram (BDD) is a finite DAG (Directed Acyclic Graph) with: a unique initial node; all non-terminals labelled with a boolean variable; all terminals labelled with 0 or 1; all edges are labelled 0 (dashed) or 1 (solid); each non-terminal has exactly: one out-edge labelled 0, and one out-edge labelled 1. We will use BDDs with two extra properties: 1. Reduced eliminate redundancy 2. Ordered canonical ordering of the boolean variables

Reducing BDDs I x y y 1 0 0 0 remove duplicate terminals remove redundant test x y y 1 0 x y 1 0

Reducing BDDs II Removing duplicate non-terminals: z x x y y y y 0 1 z x x y y 0 1

Reducing BDDs III Removing redundant test: z x x y y 0 1 z x y y 0 1

Reduction Operations 1. Removal of duplicate terminals. If a BDD contains more than one terminal 0-node, then redirect all edges which point to such a 0-node to just one of them. Do the same with terminal nodes labelled 1. 2. Removal of redundant tests. If both outgoing edges of a node n point to the same node m, then remove node n, sending all its incoming edges to m. 3. Removal of duplicate non-terminals. If two distinct nodes n and m in the BDD are the roots of structurally identical subbdds, then eliminate one of them and redirect all its incoming edges to the other one. All of these operations preserve the BDD-ness of the DAG. A BDD is reduced if it has been simplified as much as possible using these reduction operations.

Generality of BDDs y x z x y x 0 1 A variable might occur more than once on a path z y x x y 0 1 Ordering of variables on paths is not fixed

Ordered BDDs Let [x 1,..., x n ] be an ordered list of variables without duplicates; A BDD B has an ordering [x 1,..., x n ] if 1. all variables of B occur in [x 1,..., x n ]; and 2. if x j follows x i on a path in B then j > i An ordered BDD (OBDD) is a BDD which has an ordering for some list of variables. The orderings of two OBBDs B and B are compatible if there are no variables x, y such that x is before y in the ordering for B, and y is before x in the ordering for B. Theorem For a given ordering, the reduced OBDD (ROBDD) representing a given function f is unique. If B 1 and B 2 are two ROBDDs with compatible variable orderings representing the same boolean function, then they have identical structure.

Impact of variable ordering on size (I) Consider the boolean function f (x 1,..., x 2n ) = (x 1 x 2 ) (x 3 x 4 )... (x 2n 1 x 2n ) With variable ordering [x 1, x 2, x 3,..., x 2n ] ROBDD has 2n + 2 nodes For n = 3: x 1 x 2 x 3 x 4 x 5 x 6 0 1

Impact of variable ordering on size (II) With [x 1, x 3,..., x 2n 1, x 2, x 4..., x 2n ] ROBDD has 2 n+1 nodes For n = 3: x 1 x 2 x 3 x 3 x 5 x 5 x 5 x 5 x 2 x 2 x 2 x 4 x 4 x 6 0 1 There are various heuristics that can help with choosing orderings. However, improving a given ordering is NP-complete.

Impact of variable ordering on size III Common ALU (Arithmetic Logic Unit) operations such as shifts, addition, subtraction, bitwise and, or, exclusive or, and parity (whether a word has an odd or even number of 1s) are all expressible using ROBDDs with total number of nodes linear in word size. E.g., for even number of 1s for n = 4: x 1 x 2 x 2 x 3 x 3 x 4 x 4 1 0 No efficient ROBDD representation for multiply operation (they are all exponential size in the number of boolean variables).

Importance of canonical representation Having a canonical, i.e. unique, computable representation enables easy tests for Absence of redundant variables. A boolean function f does not depend on an input variable x if no nodes occur for x in the ROBDD for f. Semantic equivalence. Check f g by checking whether or not the ROBDDs for f and g have identical structure. Validity. Check if the BDD is identical to the one with just the terminal node 1 and nothing else. Satisfiability. Check if the BDD is not identical to the one with just the terminal node 0 and nothing else. Implication. Check if x. f ( x ) g ( x ) by checking whether or not the ROBDD for f g is constant 0.

Memoisation The representation of multiple ROBDDs can share memory. Represent multiple BDDs using a large array of records: v 0 l 0 h 0 v 1 l 1 h 1 v 2 l 2 h 2 v 3 l 3 h 3 v 4 l 4 h 4... v n 1 l n 1 h n 1 each entry represents a BDD node v i is the variable label; l i is the index of the node pointed to for the false edge; h i is the index of the node pointed to for the true edge; Use fake 1 and 2 indexes to represent 0 and 1. Each ROBDD is represented by the index of its root. Use a lookup table to ensure each entry is unique. So identical ROBBDs (and hence semantically equal functions) will have exactly the same index.

Summary BDDs (H&R 6.1) Why BDDs? Binary Decision Diagrams Reduced Binary Decision Diagrams Reduced Ordered Binary Decision Diagrams Next time: Algorithms for implementing logical operations on BDDs More details on implementing CTL MC with BDDs

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback