Hardware and Petri nets Symbolic methods for analysis and verification

Outline Representing Boolean functions with BDDs Symbolic traversal for reachability set calculation State encoding Structural methods for efficient encoding

Representing Boolean functions a b c b ccc

a bb cc

a b cc

a b cc

Binary Decision Diagrams a b cc Reduced Ordered Binary Decision Diagram All variables appear in the same order No isomorphic subgraphs Canonical form Efficient form for many functions [Bryant, ACM Comp. Surveys, September 1992]

Reachable markings p1 p6 p7 p5 p3 t2 t5 t6 t1 t4 t3 t7 p2 p3 t1 p4 p5 t2 t3t5t6 p1 t5 p6 p5 t6 p4 p7 t4 p6 p7 t3 p6 p3 t4 p2 p7 p2 p4 t7

Boolean encoding p1 p6 p7 p5 p3 t2 t5 t6 t1 t4 t3 t7 p2 p t t2 t3t5 t t t t t t t7 Seven variables: p1 p2 p3 p4 p5 p6 p7

Boolean encoding t t2 t3t5 t t t t t t t7 Seven variables: p1 p2 p3 p4 p5 p6 p7 p 1 p 2 p 3 (p 4  p 6 ) (p 5  p 7 ) Enabled(t 7 ) = p 6 p 7  p 1 p 2 p 3 p 4 p 5 p 6 p 7  (toggle p 1, p 6, p 7 ) p 1 p 2 p 3 p 4 p 5 p 6 p 7

Symbolic Traversal (BFS algorithm) Reached = From = {m 0 }; repeat From [ T  To; New = To \ Reached; From = New; Reached = Reached  New; until New = Ø; # iterations: sequential depth of the net

Reachability Set computation Based on BFS Image computation S 0 = M 0 S i+1 = S i  Image (S i ) S0S0 S1S1 S2S2 S3S3 Monotonic increase until fix point S i+1 = S i #iteration New markings

Boolean encoding t1 t2 t3t5 t6 t5t6 t4 t3 t4t7 Seven variables: p1 p2 p3 p4 p5 p6 p7 Sparse encoding: Optimal encoding: Three variables  log 2 |RG|  : v1 v2 v3 But the reachability graph should be known a priori... Very easy to derive and use Less efficient in terms of BDDs

Encoding for safe PNs Not all combinations of tokens are possible. Find relations among places to reduce the number of variables!!! p4 p2p1 p3 p3 p4 p1 p2 Ø

Encoding for safe PNs PN structure: Place Invariant Set of places with a constant weighted sum of tokens Specially efficient for safe PNs (State Machines) k 1 p 1 + k 2 p 2 +…..+ k n p n = B p 1 + p 2 +…..+ p n = 1 Computed by linear programming techniques

p1 p6 p7 p5 p3 t2 t5 t6 t1 t4 t3 t7 p2 p4 p1 p6 p7 p5 p3 t2 t5 t6 t1 t4 t3 t7 p2 p4 State Machine Components p1 p6 p7 p5 p3 t2 t5 t6 t1 t4 t3 t7 p2 p4 p1 p6 t2 t5 t1 t3 t7 p2 p4 p1 p7 p5 p3 t2 t6 t1 t4 t7

Encoding for safe PNs p1 p6 t2 t5 t1 t3 t7 p2 p4 p1 p7 p5 p3 t2 t6 t1 t4 t7 Two additional variables: v 3 v 4 Two variables: v 1 v

Encoding for safe PNs p1 p6 p7 p5 p3 t2 t5 t6 t1 t4 t3 t7 p2 p4 Four variables: v 1 v 2 v 3 v t1 t2 t3t5 t6 t5t6 t4 t3 t4t7

Sparse encoding: 10 variables Dense encoding: 3 variables Encoding for bounded PNs p1 p3 t2 t1 p4 t3 p max(p2)=3 max(p1)=3 max(p4)=8 max(p3)=2 t2t1 t3 t2 Invariants of the PN: I1: 2p 1 + 4p 2 - p 4 = 4 I2: p 1 + p 2 + p 3 = 3

Dense encoding: 3 variables Encoding for bounded PNs Invariants of the PN: I1: 2p 1 + 4p 2 - p 4 = 4 I2: p 1 + p 2 + p 3 = 3 Dense encoding: 3 variables t2t1 t3 t t2 Invariants characterize the set of all potentially reachable markings (an overestimation of the reachable markings)

Encoding for bounded PNs 2p1 + 4p2 - p4 = 4 p1 p2 p p1 + p2 + p3 = 3 p1 p2 p p2 7 p variables4 variables (8 vars)

Encoding for bounded PNs p1 + p2 + p3 = 3 p1 p2 p p2 p M(p1)+M(p2) p

Encoding for bounded PNs x1 x2 x3 0 TF FTFT T 0 F 0 T 1 F 1 T 2 F 2 T 3 F p1 p2 2p1 + 4p2 - p4 = 4p3 = 3 - p1 - p2 x1 x2 x3 2 TF FTFT T 1 F 0 T 1 F 0 T 1 F 0 T 0 F p3

Upper bounds for the state space FFFFFF x2 x3 x4 T TF FTFT T T F T T T F T T T F T T T F x2 x3 x4 T TF FTFT T T FTFTFTF x1 TF 2p1 + 4p2 - p4 = 4 x1 x2 x3 T F FT T T F F Characteristic function for potentially reachable states

Experimental results

Conclusions Formal verification and synthesis often suffer from the state explosion problem Symbolic techniques can be used to efficiently represent the state space Structural techniques are crucial to overestimate and encode the state space Try to resist the temptation of using BDDs from the very beginning. Use them rationally and only if desperate.