Reduced Ordered Binary Decision Diagrams

Similar documents
Symbolic Model Checking with ROBDDs

Reduced Ordered Binary Decision Diagrams

Binary Decision Diagrams

Binary Decision Diagrams

Binary Decision Diagrams and Symbolic Model Checking

Binary Decision Diagrams

Basing Decisions on Sentences in Decision Diagrams

Binary Decision Diagrams Boolean Functions

EECS 219C: Computer-Aided Verification Boolean Satisfiability Solving III & Binary Decision Diagrams. Sanjit A. Seshia EECS, UC Berkeley

Binary Decision Diagrams. Graphs. Boolean Functions

Boolean decision diagrams and SAT-based representations

Binary Decision Diagrams

Decision Procedures for Satisfiability and Validity in Propositional Logic

COMPRESSED STATE SPACE REPRESENTATIONS - BINARY DECISION DIAGRAMS

Overview. Discrete Event Systems Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?

CTL Model Checking. Wishnu Prasetya.

Chapter 4: Computation tree logic

Labeled Transition Systems

The Complexity of Minimizing FBDDs

Binary Decision Diagrams

Formal Methods Lecture VII Symbolic Model Checking

Binary Decision Diagrams

Polynomial Methods for Component Matching and Verification

Sanjit A. Seshia EECS, UC Berkeley

The Nonapproximability of OBDD Minimization

Binary Decision Diagrams

Theoretical Foundations of the UML

CS357: CTL Model Checking (two lectures worth) David Dill

1 Algebraic Methods. 1.1 Gröbner Bases Applied to SAT

Comp487/587 - Boolean Formulas

Chapter 2 Combinational Logic Circuits

1 Circuit Complexity. CS 6743 Lecture 15 1 Fall Definitions

Part 1: Propositional Logic

Complexity. Complexity Theory Lecture 3. Decidability and Complexity. Complexity Classes

Computation Tree Logic

Tutorial 1: Modern SMT Solvers and Verification

Model Checking for Propositions CS477 Formal Software Dev Methods

The Separation Problem for Binary Decision Diagrams

1 First-order logic. 1 Syntax of first-order logic. 2 Semantics of first-order logic. 3 First-order logic queries. 2 First-order query evaluation

Representations of All Solutions of Boolean Programming Problems

02 Propositional Logic

Chapter 2. Reductions and NP. 2.1 Reductions Continued The Satisfiability Problem (SAT) SAT 3SAT. CS 573: Algorithms, Fall 2013 August 29, 2013

Exercises - Solutions

BDD Based Upon Shannon Expansion

Computational Logic. Davide Martinenghi. Spring Free University of Bozen-Bolzano. Computational Logic Davide Martinenghi (1/30)

QuIDD-Optimised Quantum Algorithms

Reduced Ordered Binary Decision Diagram with Implied Literals: A New knowledge Compilation Approach

LOGIC PROPOSITIONAL REASONING

Temporal logics and explicit-state model checking. Pierre Wolper Université de Liège

Model checking, verification of CTL. One must verify or expel... doubts, and convert them into the certainty of YES [Thomas Carlyle]

Binary decision diagrams for security protocols

Bounds on the OBDD-Size of Integer Multiplication via Universal Hashing

Database Theory VU , SS Complexity of Query Evaluation. Reinhard Pichler

Propositional Logic: Evaluating the Formulas

Chapter 6: Computation Tree Logic

Lecture 21: Algebraic Computation Models

Quantified Boolean Formulas: Complexity and Expressiveness

CSC 2429 Approaches to the P vs. NP Question and Related Complexity Questions Lecture 2: Switching Lemma, AC 0 Circuit Lower Bounds

EECS 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization

Chapter 3 Deterministic planning

Multi-Terminal Multi-Valued Decision Diagrams for Characteristic Function Representing Cluster Decomposition

INTRODUCTION TO PREDICATE LOGIC HUTH AND RYAN 2.1, 2.2, 2.4

Algorithmic Model Theory SS 2016

On the Complexity of the Reflected Logic of Proofs

Overview. overview / 357

Lecture 2: Symbolic Model Checking With SAT

Safety and Liveness Properties

State-Space Exploration. Stavros Tripakis University of California, Berkeley

DRAFT. Algebraic computation models. Chapter 14

Equalities and Uninterpreted Functions. Chapter 3. Decision Procedures. An Algorithmic Point of View. Revision 1.0

Boolean circuits. Lecture Definitions

A Lower Bound Technique for Nondeterministic Graph-Driven Read-Once-Branching Programs and its Applications

Section 4.1 Switching Algebra Symmetric Functions

Computational Boolean Algebra. Pingqiang Zhou ShanghaiTech University

Model Checking with CTL. Presented by Jason Simas

Decision Diagrams for Discrete Optimization

R u t c o r Research R e p o r t. Relations of Threshold and k-interval Boolean Functions. David Kronus a. RRR , April 2008

CTL Model checking. 1. finite number of processes, each having a finite number of finite-valued variables. Model-Checking

More on NP and Reductions

Bounded LTL Model Checking with Stable Models

Fault Collapsing in Digital Circuits Using Fast Fault Dominance and Equivalence Analysis with SSBDDs

Notes. Corneliu Popeea. May 3, 2013

3. Only sequences that were formed by using finitely many applications of rules 1 and 2, are propositional formulas.

Implementing Semantic Merging Operators using Binary Decision Diagrams

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Logic as a Tool Chapter 1: Understanding Propositional Logic 1.1 Propositions and logical connectives. Truth tables and tautologies

Decision Diagrams: Tutorial

Task Decomposition on Abstract States, for Planning under Nondeterminism

Interleaved Alldifferent Constraints: CSP vs. SAT Approaches

Combinational Equivalence Checking using Boolean Satisfiability and Binary Decision Diagrams

A brief introduction to Logic. (slides from

Introduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either

Complexity Theory VU , SS The Polynomial Hierarchy. Reinhard Pichler

Static Program Analysis

Outline. Complexity Theory EXACT TSP. The Class DP. Definition. Problem EXACT TSP. Complexity of EXACT TSP. Proposition VU 181.

Symbolic Model Checking

Notes for Lecture 3... x 4

Parallelism and Machine Models

Logic Synthesis and Verification

Quine s Fluted Fragment is Non-elementary

Transcription:

Reduced Ordered Binary Decision Diagrams Lecture #13 of Advanced Model Checking Joost-Pieter Katoen Lehrstuhl 2: Software Modeling & Verification E-mail: katoen@cs.rwth-aachen.de June 5, 2012 c JPK

Switching functions Let Var = {z 1,...,z m } be a finite set of Boolean variables An evaluation is a function η : Var {0, 1 } let Eval(z 1,...,z m ) denote the set of evaluations for z 1,...,z m shorthand [z 1 = b 1,...,z m = b m ] for η(z 1 )=b 1,...,η(z m )=b m f : Eval(Var) {0, 1 } is a switching function for Var = {z 1,...,z m } Logical operations and quantification are defined by: f 1 ( ) f 2 ( ) = min{ f 1 ( ),f 2 ( ) } f 1 ( ) f 2 ( ) = max{ f 1 ( ),f 2 ( ) } z. f( ) = f( ) z=0 f( ) z=1, and z. f( ) = f( ) z=0 f( ) z=1 c JPK 1

Ordered Binary Decision Diagram Let be a variable ordering for Var where z 1 <...< z m An -OBDD is a tuple B = (V,V I,V T, succ 0, succ 1, var, val,v 0 ) with a finite set V of nodes, partitioned into V I (inner) and V T (terminals) and a distinguished root v 0 V successor functions succ 0, succ 1 : V I V such that each node v V \{v 0 } has at least one predecessor labeling functions var : V I Var and val : V T {0, 1 } satisfying v V I w {succ 0 (v), succ 1 (v) } V I var(v) < var(w) c JPK 2

Transition relation as an OBDD x 1 x 2 x 2 x 1 x 1 x 1 x 1 x 2 x 2 x 2 x 2 0 1 0 1 1 0 1 1 An example OBDD representing f for our example using x 1 <x 2 <x 1 <x 2 c JPK 3

Symbolic composition operators c JPK 4

Consistent co-factors in OBDDs Let f be a switching function for Var Let =(z 1,...,z m ) a variable ordering for Var, i.e., z 1 <...< z m Switching function g is a -consistent cofactor of f if g = f z1 =b 1,...,z i =b i for some i {0, 1,...,m} Then it holds that: 1. for each node v of an -OBDD B, f v is a -consistent cofactor of f B 2. for each -consistent cofactor g of f B there is a node v B with f v = g c JPK 5

Reduced OBDDs A -OBDD B is reduced if for every pair (v, w) of nodes in B: v w implies f v f w (A reduced -OBDD is abbreviated as -ROBDD) -ROBDDs any -consistent cofactor is represented by exactly one node c JPK 6

Transition relation as an ROBDD x 1 x 1 x 2 x 2 x 1 x 1 x 1 x 1 x 1 x 2 x 2 x 2 x 2 x 2 0 1 0 1 (a) ordering x 1 <x 2 <x 1 <x 2 (b) ordering x 1 < x 1 < x 2 < x 2 c JPK 7

Universality and canonicity theorem [Fortune, Hopcroft & Schmidt, 1978] Let Var be a finite set of Boolean variables and a variable ordering for Var. Then: (a) For each switching function f for Var there exists a -ROBDD B with f B = f (b) Any -ROBDDs B and C with f B = f C are isomorphic Any -OBDD B for f is reduced iff size(b) size(c) for each -OBDD C for f c JPK 8

Reducing OBDDs Generate an OBDD (or BDT) for a switching function, then reduce by means of a recursive descent over the OBDD Elimination of duplicate leafs for a duplicate 0-leaf (or 1-leaf), redirect all incoming edges to just one of them Elimination of don t care (non-leaf) vertices if succ 0 (v) =succ 1 (v) =w, delete v and redirect all its incoming edges to w Elimination of isomorphic subtrees if v w are roots of isomorphic subtrees, remove w and redirect all incoming edges to w to v note that the first reduction is a special case of the latter c JPK 9

How to reduce an OBDD? becomes 1 0 0 1 1 0 elimination of duplicated leaves c JPK 10

How to reduce an OBDD? v w v becomes 0 1 0 1 isomorphism rule c JPK 11

How to reduce an OBDD? v becomes w w elimination rule c JPK 12

Soundness and completeness if C arises from a -OBDD B by applying the elimination or isomorphism rule, then: C is a -OBDD with f B = f C -OBDD B is reduced if and only if no reduction rule is applicable to B c JPK 13

Proof c JPK 14

Variable ordering ROBDDs are canonical for a fixed variable ordering the size of the ROBDD crucially depends on the variable ordering # nodes in ROBDD B = # of -consistent co-factors of f Some switching functions have linear and exponential ROBDDs e.g., the addition function, or the stable function Some switching functions only have polynomial ROBDDs this holds, e.g., for symmetric functions (see next) examples f(...)=x 1... x n,orf(...)=1iff k variables x i are true Some switching functions only have exponential ROBDDs this holds, e.g., for the middle bit of the multiplication function c JPK 15

The function stable with exponential ROBDD x 1 x 2 x 2 x 3 x 3 x 3 x 3 y 1 y 1 y 1 y 1 y 1 y 1 y 1 y 1 y 2 y 2 y 2 y 2 y 3 y 3 1 The ROBDD of f stab (x, y) =(x 1 y 1 )... (x n y n ) has 3 2 n 1 vertices under ordering x 1 <...<x n < y 1 <... < y n c JPK 16

The function stable with linear ROBDD x 1 y 1 y 1 x 2 y 2 y 2 x 3 y 3 y 3 1 The ROBDD of f stab (x, y) =(x 1 y 1 )... (x n y n ) has 3 n +2vertices under ordering x 1 < y 1 <... < x n < y n c JPK 17

Another function with an exponential ROBDD z 1 z 2 z 2 z 3 z 3 z 3 z 3 y 1 y 1 y 1 y 1 y 2 y 2 y 3 0 1 ROBDD for f 3 (z, y) = (z 1 y 1 ) (z 2 y 2 ) (z 3 y 3 ) for the variable ordering z 1 < z 2 < z 3 < y 1 < y 2 < y 3 c JPK 18

And an optimal linear ROBDD z 1 y 1 ROBDD for f 3 ( ) = (z 1 y 1 ) (z 2 y 2 ) (z 3 y 3 ) z 2 for ordering z 1 < y 1 < z 2 < y 2 < z 3 < y 3 y 2 z 3 as all variables are essential for f, this ROBDD is optimal y 3 1 0 that is, for no variable ordering a smaller ROBDD exists c JPK 19

Symmetric functions f Eval(z 1,...,z m ) is symmetric if and only if f([z 1 = b 1,...,z m = b m ]) = f([z 1 = b i1,...,z m = b i m]) for each permutation (i 1,...,i m ) of (1,...,m) E.g.: z 1 z 2... z m, z 1 z 2... z m, the parity function, and the majority function If f is a symmetric function with m essential variables, then for each variable ordering the -ROBDD has size O(m 2 ) c JPK 20

The even parity function f even (x 1,...,x n )=1iff the number of variables x i with value 1 is even truth table or propositional formula for f even has exponential size but an ROBDD of linear size is possible c JPK 21

The multiplication function Consider two n-bit integers let b n 1 b n 2...b 0 and c n 1 c n 2...c 0 where b n 1 is the most significant bit, and b 0 the least significant bit Multiplication yields a 2n-bit integer the ROBDD B fn 1 has at least 1.09 n vertices where f n 1 denotes the (n 1)-st output bit of the multiplication c JPK 22

Optimal variable ordering The size of ROBDDs is dependent on the variable ordering Is it possible to determine such that the ROBDD has minimal size? to check whether a variable ordering is optimal is NP-hard polynomial reduction from the 3SAT problem [Bollig & Wegener, 1996] There are many switching functions with large ROBDDs for almost all switching functions the minimal size is in Ω( 2n n ) How to deal with this problem in practice? guess a variable ordering in advance rearrange the variable ordering during the ROBDD manipulations not necessary to test all n! orderings, best known algorithm in O(3 n n 2 ) c JPK 23

Variable swapping c JPK 24

Sifting algorithm Dynamic variable ordering using variable swapping: [Rudell, 1993] 1. Select a variable x i in OBDD at hand 2. Successively swap x i to determine size(b) at any position for x i 3. Shift x i to position for which size(b) is minimal 4. Go back to the first step until no improvement is made Characteristics: a variable may change position several times during a single sifting iteration often yields a local optimum, but works well in practice c JPK 25

Interleaved variable ordering Which variable ordering to use for transition relations? The interleaved variable ordering: for encodings x 1,...,x n and y 1,...,y n of state s and t respectively: x 1 <y 1 <x 2 <y 2 <...<x n <y n This variable ordering yields compact ROBDDs for binary relations for transition relation with z 1...z m be the encoding of action α, take: z 1 <z 2 <...<z m }{{} encoding of α < x 1 <y 1 <x 2 <y 2 <... < x n <y n }{{} interleaved order of states c JPK 26

Symbolic model checking Take a symbolic representation of a transition system ( and χ B ) Backward reachability Pre (B) ={ s S s = B } Initially: f 0 = χ B characterizes the set T 0 = B Then, successively compute the functions f j+1 = χ Tj+1 for: T j+1 = T j {s S s S. s Post(s) s T j } The second set i the above union is given by: x. ( (x, x ) }{{} s Post(s) f j (x ) ) }{{} s T j f j (x ) arises from f j by renaming the variables x i into their primed copies x i c JPK 27

Symbolic computation of Sat( (C U B)) f 0 (x) :=χ B (x); j := 0; repeat f j+1 (x) :=f j (x) ( χ C (x) x. ( (x, x ) f j (x )) ) ; j := j +1 until f j (x) =f j 1 (x); return f j (x). c JPK 28

Symbolic computation of Sat( B) Compute the largest set T B withpost(t) T for all t T Take T 0 = B and T j+1 = T j {s S s S. s Post(s) s T j } Symbolically this amounts to: f 0 (x) :=χ B (x); j := 0; repeat f j+1 (x) :=f j (x) x. ( (x, x ) f j (x )); j := j +1 until f j (x) =f j 1 (x); return f j (x). Symbolic model checkers mostly use ROBDDs to represent switching functions c JPK 29

Synthesis of ROBDDs Construct a -ROBDD for f 1 op f 2 given -ROBDDs for f 1 and f 2 where op is a Boolean connective such as disjunction, implication, etc. Idea: use a single ROBDD with (global) variable ordering to represent several switching functions This yields a shared OBDD, which is: a combination of several ROBDDs with variable ordering by sharing nodes for common -consistent cofactors The size of -SOBDD B for functions f 1,...,f k is at most N f1 +...+ N fk where N f denotes the size of the -ROBDD for f c JPK 30

Implementation: shared OBDDs A shared -OBDD is an OBDD with multiple roots 0 1 Shared OBDD representing z } 1 z {{} 2, }{{} z 2, z } 1 {{ z } 2 and z } 1{{ z } 2 f 1 f 2 f 3 Main underlying idea: combine several OBDDs with same variable ordering such that common -consistent co-factors are shared f 4 c JPK 31

Relies on the use of two tables The unique table Synthesizing shared ROBDDs keeps track of ROBDD nodes that already have been created table entry var(v), succ 1 (v), succ 0 (v) for each inner node v main operation: find or add(z,v 1,v 0 ) with v 1 v 0 return v if there exists a node v = z,v 1,v 0 in the ROBDD if not, create a new z -node v with succ 0 (v) =v 0 and succ 1 (v) =v 1 implemented using hash functions (expected access time is O(1)) The computed table keeps track of tuples for which ITE has been executed (memoization) realizes a kind of dynamic programming c JPK 32

Using shared OBDDs for model checking Φ Use a single SOBDD for: (x, x ) for the transition relation f a (x), a AP, for the satisfaction sets of the atomic propositions The satisfaction sets Sat(Ψ) for the state subformulae Ψ of Φ In practice, often the interleaved variable order for is used. c JPK 33

ITE normal form The ITE (if-then-else) operator: ITE(g, f 1,f 2 ) = (g f 1 ) ( g f 2 ) The ITE operator and the representation of the SOBDD nodes in the unique table: f v ( ) = ITE z, f succ1 (v),f succ 0 (v) Then: f = ITE(f, 0, 1) f 1 f 2 = ITE(f 1, 1,f 2 ) f 1 f 2 = ITE(f 1,f 2, 0) f 1 f 2 = ITE(f 1, f 2,f 2 ) = ITE(f 1, ITE(f 2, 0, 1),f 2 ) If g, f 1,f 2 are switching functions for Var, z Var and b {0, 1}, then ITE(g, f 1,f 2 ) z=b = ITE(g z=b,f 1 z=b,f 2 z=b ) c JPK 34

ITE-operator on shared OBDDs A node in a -SOBDD for representing ITE(g, f 1,f 2 ) is a node w with info z,w 1,w 0 where: z is the minimal (wrt. ) essential variable of ITE(g, f 1,f 2 ) w b is an SOBDD-node with f wb = ITE(g z=b,f 1 z=b,f 2 z=b ) This suggests a recursive algorithm: determine z recursively compute the nodes for ITE for the cofactors of g, f 1 and f 2 c JPK 35

ITE(u, v 1,v 2 ) on shared OBDDs (initial version) if u is terminal then if val(u) =1then w := v 1 (* ITE(1,f v1,f v2 ) = f v1 *) else w := v 2 (* ITE(0,f v1,f v2 ) = f v2 *) fi else z := min{var(u), var(v 1 ), var(v 2 )}; (* minimal essential variable *) w 1 := ITE(u z=1,v 1 z=1,v 2 z=1 ); w 0 := ITE(u z=0,v 1 z=0,v 2 z=0 ); if w 0 = w 1 then w := w 1 ; (* elimination rule *) else w := find or add(z, w 1,w 0 ); (* isomorphism rule *) fi fi return w c JPK 36

ROBDD size under ITE The size of the -ROBDD for ITE(g, f 1,f 2 ) is bounded by N g N f1 N f2 where N f denotes the size of the -ROBDD for f c JPK 37

ROBDD size under ITE The size of the -ROBDD for ITE(g, f 1,f 2 ) is bounded by N g N f1 N f2 where N f denotes the size of the -ROBDD for f But how to avoid multiple invocations to ITE? Store triples (u, v 1,v 2 ) for which ITE already has been computed c JPK 38

Efficiency improvement by memoization if there is an entry for (u, v 1,v 2,w) in the computed table then return node w else if u is terminal then if val(u) =1then w := v 1 else w := v 2 fi else z := min{var(u), var(v 1 ), var(v 2 )}; w 1 := ITE(u z=1,v 1 z=1,v 2 z=1 ); w 0 := ITE(u z=0,v 1 z=0,v 2 z=0 ); if w 0 = w 1 then w := w 1 else w := find or add(z, w 1,w 0 ) fi; insert (u, v 1,v 2,w) in the computed table; return node w fi fi The number of recursive calls for the nodes u, v 1,v 2 equals the -ROBDD size of ITE(f u,f v1,f v2 ), which is bounded by N u N v1 N v2 c JPK 39

Some experimental results Traffic alert and collision avoidance system (TCAS) (1998) 277 boolean variables, reachable state space is about 9.610 56 states B = 124, 618 vertices (about 7.1 MB), construction time 46.6 sec checking (p q) takes 290 sec and 717,000 BDD vertices Synchronous pipeline circuit (1992) pipeline with 12 bits: reachable state space of 1.510 29 states checking safety property takes about 10 4 10 5 sec B is linear in data path width verification of 32 bits (about 10 120 states): 1h 25m using partitioned transition relations c JPK 40

Zero-suppressed BDDs Some other types of BDDs like ROBDDs, but non-terminals whose 1-child is leaf 0 are omitted Parity BDDs like ROBDDs, but non-terminals may be labeled with ; no canonical form Edge-valued BDDs Multi-terminal BDDs (or: algebraic BDDs) like ROBDDs, but terminals have values in R, or N, etc. Binary moment diagrams (BMD) generalization of ROBDD to linear functions over bool, int and real uses edge weights c JPK 41

Further reading R. Bryant: Graph-based algorithms for Boolean function manipulation, 1986 R. Bryant: Symbolic boolean manipulation with OBDDs, Computing Surveys, 1992 M. Huth and M. Ryan: Binary decision diagrams, Ch 6 of book on Logics, 1999 H.R. Andersen: Introduction to BDDs, Tech Rep, 1994 K. McMillan: Symbolic model checking, 1992 Rudell: Dynamic variable reordering for OBDDs, 1993 Advanced reading: Ch. Meinel & Th. Theobald (Springer 1998) c JPK 42

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback