On the use of don't cares during symbolic reachability analysis

Electronic Notes in Theoretical Computer Science, 2008

Binary Decision Diagrams (BDDs) and their multi-terminal extensions have shown to be very helpful for the quantitative verification of systems. Many different approaches have been proposed for deriving symbolic state graph (SG) representations from high-level model descriptions, where compositionality has shown to be crucial for the efficiency of the schemes. Since the symbolic composition schemes deliver the potential SG of a high-level model, one must execute a reachability analysis on the level of the symbolic structures. This step is the main resource of CPU-time and peak memory consumption when it comes to symbolic SG generation. In this work a new operator for zero-suppressed BDDs and their multi-terminal extensions for carrying out (partitioned) symbolic reachability analysis is presented. This algorithm not only replaces standard BDD-based schemes, it even makes symbolic composition as found in contemporary symbolic model checkers such as Prism and Caspa obsolete.

2002

Abstract Binary decision diagrams (BDDs) are used for automatic synthesis and formal verification of combinational and sequential circuits. However, a larger adoption of these technologies for sequential designs still depends on a more efficient use of BDDs. One important factor is the order of the variables in the BDD, which has a direct impact on the space (and time) requirements of the reachability algorithms.

Symbolic reachability analysis of large sequential circuits is a computationally hard problem. Approximate techniques tradeoff precision for scalability by devising new ways of computing approximate images efficiently. Each new technique, however, requires non-trivial work to be implemented in frameworks like NuSMV or VIS. In addition, the soundness and completeness of a new technique is often left unverified. In this report, we propose Labeled Reachability Expressions (LRE) as a generic framework for expressing, reasoning about and implementing a large family of symbolic reachability techniques, including exact and approximate ones. We show how a Boolean decomposition of the transition relation can be used to discover and optimize LREs that capture the spirit of the decomposition. We discuss properties of LREs that allow us to reason about their correctness, and also permit comparison of alternative techniques expressed as LREs. We have built a BDD-based tool on top of the publicdomain symbolic model checker NuSMV, that can interpret LREs to give custom symbolic reachability analyzers. We illustrate the effectiveness of our approach by implementing state-of-the-art approximate reachability algorithms and a few new ones simply by feeding appropriate LREs to our tool.

Journal of Systems Architecture, 2001

Reachability analysis is an orthogonal, state-of-the-art technique for the veri®cation and validation of ®nite state machines (FSMs). Due to the state space explosion problem, it is currently limited to medium-small circuits, and extending its applicability is still a key issue. Among the factors that limit reachability analysis, let us list: the peak binary decision diagrams (BDD) size during image computation, the BDD size to represent state sets, and very high sequential depth. Following the promising trend of partitioning, we decompose a ®nite state machine into``functioning-modes''. We operate on a disjunctive partitioned transition relation. Decomposition is obtained heuristically based on complexity, i.e., BDD size, or functionality, i.e., dividing memory elements into``active'' and``idle'' ones. We use an improved iterative squaring algorithm to traverse high-depth subcomponents. The resulting methodology attacks the above problems, lowering intermediate peak BDD size, and dealing with high-depth subcomponents. Experiments on a few industrial circuits and on some large benchmarks show the feasibility of the approach.

Lecture Notes in Computer Science, 2005

We propose a new saturation-based symbolic state-space generation algorithm for finite discrete-state systems. Based on the structure of the high-level model specification, we first disjunctively partition the transition relation of the system, then conjunctively partition each disjunct. Our new encoding recognizes identity transformations of state variables and exploits event locality, enabling us to apply a recursive fixed-point image computation strategy completely different from the standard breadth-first approach employing a global fix-point image computation. Compared to breadth-first symbolic methods, saturation has already been empirically shown to be several orders more efficient in terms of runtime and peak memory requirements for asynchronous concurrent systems. With the new partitioning, the saturation algorithm can now be applied to completely general asynchronous systems, while requiring similar or better run-times and peak memory than previous saturation algorithms.

2003

Satisfiability procedures have shown significant promise for symbolic simulation of large circuits, hence they have been used in many formal verification techniques, including automated abstraction refinement, ATPG etc. We show how to use modern SAT solvers like Chaff and GRASP to compute images of sets of states and how to efficiently detect fixed point of the sets of states during reachability analysis. Our method is completely SAT based, and does not use BDDs at all. The sets of states and transition relation are represented in clausal form, which can be processed by SAT checkers. The SAT checker subsequently generates the set of newly reached states in clausal form as well. At the heart of our engine lie two efficient algorithms. The first algorithm shortens the cubes that the SAT checker generates by a static-analysis algorithm, which significantly reduces the number of cubes the SAT checker needs to enumerate. The second algorithm reduces the space required to store sets of states as a set of cubes by a recursive cube-merging procedure. We demonstrate the effectiveness of our procedure on ISCAS sequential benchmarks for reachability. In particular, our algorithm does not have BDD size explosion surprises and deteriorates in a predictable manner.

Symbolic reachability analysis of large finite-state systems is a computationally hard problem. Approximate techniques tradeoff precision for scalability by devising efficient ways of computing approximate images. A formal comparison of the accuracy and performance of alternative strategies, however, usually requires case-specific specialized reasoning. In this paper, we first discuss a formal framework to uniformly express and reason about the accuracy and some performance metrics of a large class of exact and approximate reachability techniques. We then use this framework to arrive at new techniques that allow the user to tune the accuracy-performance tradeoff fairly easily. This gives us new tunable methods that yield higher precision, but incur small or no performance penalties compared to existing methods. We present experimental results that demonstrate the advantages of the proposed methods.

Timed reachability analysis of gate-level circuits is important in several applications. In this paper, we present techniques for efficient approximate symbolic reachability of circuits assuming discrete delays of gates. We exploit local interactions among gates to develop a highly scalable algorithm for over-approximating the set of timed reachable states. We present a scheme of successive overapproximations and provide a probabilistic analysis to prove that these approximations converge quickly on an average. We argue that this scheme corresponds to successively extracting trees in the underlying factor graph representing the interaction of gates. We report experimental results on a set of benchmarks that demonstrate the effectiveness of our approach.

2002

This paper presents a scalable method for parallelizing symbolic reachability analysis on a distributed-memory environment of workstations. We have developed an adaptive partitioning algorithm that significantly reduces space requirements. The memory balance is maintained by dynamically repartitioning the state space throughout the computation. A compact BDD representation allows coordination by shipping BDDs from one machine to another. This representation allows for different variable orders in the sending and receiving processes. The algorithm uses a distributed termination protocol, with none of the memory modules preserving a complete image of the set of reachable states. No external storage is used on the disk. Rather, we make use of the network, which is much faster.