BDD MODEL CHECKING B I N A R Y D E C I S I O N D I A G R A M S - - PowerPoint PPT Presentation

▶

Sep 16, 2022 119 likes •356 views

BDD MODEL CHECKING B I N A R Y D E C I S I O N D I A G R A M S Loc Massin University of Oslo INF5140 / Spring 2017 1 B ASIC M ODEL C HECKING P ROBLEM System describe by states. Basic approach : represent each state individually.

SLIDE 1

BDD MODEL CHECKING

B I N A R Y D E C I S I O N D I A G R A M S

Loïc Massin University of Oslo INF5140 / Spring 2017

SLIDE 2

BASIC MODEL CHECKING PROBLEM

System describe by states. Basic approach : represent each state individually. Problem, size of the state space increases exponentially. State Space Explosion.

Need too much memory;
Need too much time.

SLIDE 3

ONE SOLUTION

Symbolic model checking :

Idea: represent set of states by Boolean formula over

Boolean variables. f : Booln → Bool

Need efficient representation and manipulation for

state sets and transition relation.  Use Binary Decision Diagrams

SLIDE 4

BINARY DECISION TREES

Directed acyclic graphs.
One or two Terminal nodes / Leaves: labelled with

0 or 1;

Set of variables nodes u of out-degree two:
Non-Terminal nodes: each are labelled with a

variable var(u);

Branches / Children: low(v) / high(v), correspond to

assignment of 0 or 1 for the variable in the node

SLIDE 5

EXAMPLE OF BDT

a b b c c c c 1 1 1

a ∧ (¬b ∨ c)

Dashed lines denote low-branches, solid lines high-branches

SLIDE 6

PROBLEMS

Still exponential;
Several BDT can verify the same formula.

a b b c c c c 1 1 1 a c b c c b b 1 1 1

a ∧ (¬b ∨ c)

SLIDE 7

BASICS BDD PROPERTIES

To move from BDT to BDD: Merge terminal nodes; Ordered BDD (OBDD): Define a variable ordering: on all paths from root to leafs, variables appear in same order, without repetitions (there exists a global ordering of variables).

SLIDE 8

EXAMPLE OF OBDD

a b b c c c c 1 1 1

a ∧ (¬b ∨ c) with ordering a < b < c

SLIDE 9

REDUCED ORDERED BDD (1)

Uniqueness: no two distinct nodes v and w have the same variable name and low- and high- children.  Merge isomorphic subgraphs; Non-redundant tests: No variable node v has identical low- and high- children.  Remove redundancy.

SLIDE 10

MERGE ISOMORPHIC SUBGRAPHS

a b b c c c c 1 1 1

a ∧ (¬b ∨ c)

SLIDE 11

REMOVE REDUNDANCY

a b c 1 1 1

a ∧ (¬b ∨ c)

SLIDE 12

ROBDD (2)

Canonical (unique) representation of a Boolean formula for a particular variable order: For every function f : Booln → Bool and variable ordering x1 < x2 < · · · < xn, there exists exactly one ROBDD representing this function. Equivalence checking in linear time, and satisfiability checking in constant time.

Most of time, we will refer to ROBDD simply as BDDs.

SLIDE 13

SENSITIVITY TO VARIABLE ORDERING (1)

a1 b1 a2 b2 a3

b3 a1 a2 a2 a3 a3 a3 a3 b1 b1 b1 b1 b2 b2 b3

(a1 ∧ b1) ∨ (a2 ∧ b2) ∨ (a3 ∧ b3)

SLIDE 14

Two different variable ordering lead to tow different

ROBDD.

Crucial importance in practice, determine the

efficiency of ROBDD-based model checking.

Finding the best variable ordering is NP-hard. It

exists several heuristics to approach the problem.

SENSITIVITY TO VARIABLE ORDERING (2)

SLIDE 15

THE ALGORITHM APPLY (1)

If Bf and By are two OBDDs, the call apply(op, Bf,

By) computes the OBBD of the formula f op y.

Operates recursively on the structure of the two

OBDDs:

We start at the root and follow parallel paths on the

two OBDDs to the leaves;

Once we arrive at the leaves, we apply the given

boolean operation to the boolean constants 0 and 1 to form the result for that particular path.

SLIDE 16

THE ALGORITHM APPLY (2)

a a b b b 1 1

f(a,b) = a with a>b f(a,b) = b with a>b

SLIDE 17

THE ALGORITHM APPLY (2)

a b 1

f(a,b) = a ∨ b with a>b

a b b 1 a b

SLIDE 18

THE ALGORITHM APPLY (2)

a b 1

f(a,b) = a ∨ b with a>b

a b b 1 a b 1

SLIDE 19

THE ALGORITHM APPLY (2)

a b 1

f(a,b) = a ∨ b with a>b

a b b 1 a b 1 b

SLIDE 20

THE ALGORITHM APPLY (2)

a b 1

f(a,b) = a ∨ b with a>b

a b b 1 a b 1 b

SLIDE 21

THE ALGORITHM RESTRICT (1)

If Bf is a OBDD, the call restrict(0, x, Bf)

(respectively restrict(1, x, Bf)) the OBDD for f[0/x] (respectively f[1/x]).

restrict(0, x, Bf)
For each node v labeled with x:

Incoming edges are redirected to low(v); Node v is removed.

restrict(1, x, Bf)
As above but redirected to high(v).

SLIDE 22

THE ALGORITHM RESTRICT (1)

a1 b1 a2 b2 a3

a1 b1 a2 b2

restrict(0, a3, Bf)

a1 b1 a2 b2

restrict(1, a3, Bf)

SLIDE 23

REFERENCES

Henrik Reif Andersen, An Introduction to Binary

Decision Diagrams. The IT University of Copenhagen, Fall 1999

Alessandro Artale, Formal Methods Lecture VI,

Binary Decision Diagrams. http://www.inf.unibz.it/~artale/FM/slide7.pdf (visited on 05.17.2017)

A. Pnueli, Symbolic Model Checking.

BDD MODEL CHECKING

BASIC MODEL CHECKING PROBLEM

System describe by states. Basic approach : represent each state individually. Problem, size of the state space increases exponentially. State Space Explosion.

ONE SOLUTION

Symbolic model checking :

Boolean variables. f : Booln → Bool

state sets and transition relation.  Use Binary Decision Diagrams

BINARY DECISION TREES

0 or 1;

variable var(u);

assignment of 0 or 1 for the variable in the node

EXAMPLE OF BDT

a ∧ (¬b ∨ c)

Dashed lines denote low-branches, solid lines high-branches

PROBLEMS

a ∧ (¬b ∨ c)

BASICS BDD PROPERTIES

To move from BDT to BDD: Merge terminal nodes; Ordered BDD (OBDD): Define a variable ordering: on all paths from root to leafs, variables appear in same order, without repetitions (there exists a global ordering of variables).

EXAMPLE OF OBDD

a ∧ (¬b ∨ c) with ordering a < b < c

REDUCED ORDERED BDD (1)

Uniqueness: no two distinct nodes v and w have the same variable name and low- and high- children.  Merge isomorphic subgraphs; Non-redundant tests: No variable node v has identical low- and high- children.  Remove redundancy.

MERGE ISOMORPHIC SUBGRAPHS

a ∧ (¬b ∨ c)

REMOVE REDUNDANCY

a ∧ (¬b ∨ c)

ROBDD (2)

Most of time, we will refer to ROBDD simply as BDDs.

SENSITIVITY TO VARIABLE ORDERING (1)

ROBDD.

efficiency of ROBDD-based model checking.

exists several heuristics to approach the problem.

SENSITIVITY TO VARIABLE ORDERING (2)

THE ALGORITHM APPLY (1)

By) computes the OBBD of the formula f op y.

OBDDs:

two OBDDs to the leaves;

boolean operation to the boolean constants 0 and 1 to form the result for that particular path.

THE ALGORITHM APPLY (2)

f(a,b) = a with a>b f(a,b) = b with a>b

THE ALGORITHM APPLY (2)

f(a,b) = a ∨ b with a>b

THE ALGORITHM APPLY (2)

f(a,b) = a ∨ b with a>b

THE ALGORITHM APPLY (2)

f(a,b) = a ∨ b with a>b

THE ALGORITHM APPLY (2)

f(a,b) = a ∨ b with a>b

THE ALGORITHM RESTRICT (1)

(respectively restrict(1, x, Bf)) the OBDD for f[0/x] (respectively f[1/x]).

Incoming edges are redirected to low(v); Node v is removed.

THE ALGORITHM RESTRICT (1)

REFERENCES

Decision Diagrams. The IT University of Copenhagen, Fall 1999

Binary Decision Diagrams. http://www.inf.unibz.it/~artale/FM/slide7.pdf (visited on 05.17.2017)

http://www.cs.nyu.edu/courses/spring07/G22.3033- 002/lecture6_h4.pdf (visited on 05.17.2017)