1. Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay

2. 2 Example: 3-bit Counter x2 x1 x0 X0’ X1’ X2’ Clk Model State transition graph defined by X0’ = NOT(x0) X1’ = XOR(x1, x0) X2’ = XOR(x2, x0.x1) Property The state x0,x1,x2 = 000 is always eventually reached from the current state.

3. 3 Model Checking Number of states, stored explicitly, may become too large (10 120 ) Symbolic model checking uses Boolean functions to compactly represent  Sets of states  Transition relation  Searching the states of the model translates to manipulation of Boolean functions  Satisfaction of a CTL property translates to satisfiability of an appropriate Boolean function.

4. 4 Representing States and Transitions For 3-bit counter,  Set of states x0,x1,x2 = {000, 010, 011, 001} can be represented by S (x0, x1, x2) = S(x) = x0.  Set of state transitions can be represented by Tr (x0, x1, x2, X0’, X1’, X2’) = Tr (x, X’) = (X0’ x0) AND (X1’ x1 x0)) AND (X2’ x2 (x1.x0))

5. 5 Post Image Computation Post(S0) = Set of states reachable in 1 step from S0  Post(S0) = {x | y in S0 and Tr(y, x) = true}  Expressed as Boolean functions: Given S0 (x0, x1, x2), Post(S0 (x0, x1, x2)) = y0 y1 y2. (S0 (y0, y1, y2) AND Tr(y0,y1,y2x0,x1,x2))  Given functions S0 and Tr, function for Post (S0) obtained

6. 6 Pre Image Computation Pre(S0) = Set of states from which a state in S0 can be reached in 1 step  Pre(S0) = {x | y in S0 and Tr(x, y) = true}  Expressed as Boolean functions: Given S0 (x0, x1, x2), Pre(S0 (x0, x1, x2)) = y0 y1 y2. (S0 (y0, y1, y2) AND Tr(x0,x1,x2,y0,y1,y2))  Given functions S0 and Tr, function for Pre(S0) obtained

7. 7 Representing Boolean Functions Need to represent and efficiently manipulate Boolean functions  Commonly used representations:  Truth table, Karnaugh map, canonical sum-of-products representation – Too large to represent functions of 100s of variables Size 2 n for n-argument function – Operations (e.g. AND, NOT) inefficient – Not appropriate for practical applications e.g., representing carry-out function of a 64-bit adder,

8. 8 Binary Decision Diagrams A graphical representation [Lee, Akers, Bryant]  Allows efficient representation & manipulation of Boolean functions in many practical cases  Enables efficient verification of a large class of designs  Worst-case behavior still exponential Example: f = x 1.x 2 + x 3 ’  Represent as binary tree  Evaluating f:  Start from root  For each vertex labeled xi – take left branch if xi = 0 – else take right branch x3x3 x1x1 x2x2 x3x3 x3x3 1011 1010 x3x3 x2x2

9. 9 Binary Decision Diagrams Underlying principle: Shannon decomposition  f(x1, x2, x3) = x1.f(1, x2, x3) + x1’.f(0, x2, x3) = x1. (x2 + x3’) + x1’. (x3’)  Can be applied recursively to f(1, x2, x3) and f(0, x2, x3) – Gives tree  Extend to n arguments But number of nodes can be exponential in number of arguments f = x 1.x 2 + x 3 ’ x1x1 x2x2 x3x3 x3x3 1011 1010 x3x3 x2x2 x3x3

10. 10 Restrictions on BDDs Ordering of variables  In all paths from root to leaf, variable labels of nodes must appear in a specified order Reduced graphs  No two distinct vertices must represent the same function  Each non-leaf vertex must have distinct children REDUCED ORDERED BDD (ROBDD): Directed Acyclic Graph x1x1 x2x2 x3x3 x2x2 1011 1010 x2x2 x3x3 x3x3 f = x’ 1.x’ 2 + x 1.x 2 + x 1.x 3 ’

11. 11 ROBDDs Example: Properties  Unique (canonical) representation of f for given ordering of variables  Checking f1 = f2 reduces to checking if ROBDDs are isomorphic  Shared subgraphs: size reduction  Every path doesn’t have all labels x1, x2, x3  Every non-leaf vertex has a path to 0 and 1 So far good ! f = x 1.x 2 + x 3 ’ 1 0 x1x1 x2x2 x3x3 x1x1 x2x2 x3x3 x3x3 1011 1010 x3x3 x2x2

12. 12 Variable Ordering Problem 1 0110 3 3 3 5 5555 2 2 2 2 2 4 4 4 6 6 1 f = x1.x2 + x3.x4 + x5.x6 Order 1,3,5,2,4,6Order 1,2,3,4,5,6

13. 13 Variable Ordering Problem ROBDD size  Extremely sensitive to variable ordering  f = x_1.x_2 + x_3.x_4 + … x_2n-1.x_2n – 2n+2 vertices for order 1,2,3,4…2n-1,2n – 2 n+1 vertices for order 1,n+1,2,n+2,…n,2n  Non-exponential regardless of variable ordering  f = x1.x2.x3….xn – n+2 vertices for all orderings  Exponential regardless of variable ordering  Output functions of integer multipliers [Bryant] Determining best variable order for a function is computationally intractable  Heuristics: Static ordering, Dynamic ordering

14. 14 Operations on BDDs Operation Complexity Reduce O(|G|)  G reduced to canonical form Apply O(|G1||G2|)  Any binary Boolean op: AND, XOR … ) Compose O(|G1| 2 |G2|)  f(x1, x2, x5) composed with g(x3, x4) at position of x2 is: f(x1, g(x3,x4), x5) Satisfy-one O(n)  Find one assignment of x1, x2, … xn for which f(x1, x2, … xn) = 1 Restrict O(|G|)  Find ROBDD for f(x1, x2, …,1,... xn) or f (x1, x2, … 0 … xn)

15. 15 Operations on BDDs Complexity polynomial in size of BDDs  If size can be kept under control, we are in business!  BDD size limiting factor in most applications  Ongoing research on variable ordering problem If arguments to an operation are ROBDDs, result is also an ROBDD. Quantification expressed as:  x1. f(x1, x2, x3) = f(0, x2, x3) + f(1, x2, x3)  x1. f(x1, x2, x3) = f(0, x2, x3). f(1, x2, x3)  Useful in model checking if functions can be represented compactly

16. 16 Neat tricks in BDD packages Shared BDDs (SBDDs)  Multiple functions represented simultaneously as a multi- rooted DAG.  Each root and descendants form an ROBDD  Different roots can share subgraphs  Variable ordering same for all functions represented Representing functions using ITE operator  if-then-else (x, y, z) = x.y + x’z  Natural implementation using BDDs  Can express any binary Boolean operation using ITE  NAND(x,y) = ITE(x,y’,0); NOT(x) = ITE(x,0,1)  Efficient algorithm for computing ITE with ROBDDs exist

17. 17 Neat tricks in BDD packages Complement edges  If a vertex is reached by a complement edge, take the complement of the function represented by the vertex  Simplifies complementation  Saves duplication of computation Hash Tables and Caches  Facilitates identifying ROBDD node for an already computed function  Avoids computation duplication  Very effective in practice f = x 1.x 2 + x 3 ’ f = x 1.x 2 ’x 3 + x 1 ’x 3 ’ 1 0 x1x1 x2x2 x3x3 1 0 x1x1 x2x2 x3x3

18. 18 BDD Packages Out There CUDD package (Colorado University) CMU BDD package TiGeR (commercial package) CAL (University of California, Berkeley) EHV...

19. 19 Applications of BDDs Extensively used in CAD applications for digital hardware Some Interesting applications  Combinational logic verification  Is a combinational circuit functionally equivalent to another?  Sequential machine equivalence  Using combinational equivalence of next-state logic  For representing transition relations and state spaces in symbolic methods  Symbolic model checking  Test pattern generation  Automatic Test Pattern Generation (ATPG) essentially tries to come up with satisfying instances of a Boolean formula

20. 20 Applications of BDDs  Timing verification  For representing false paths in a circuit succinctly  For representing discretized time encoded as binary values  Representing sets using characteristic functions  Symbolic simulation  Assign variables and/or constants to circuit inputs and determine output values in terms of variables  Representing sets of constant values  Logic synthesis and optimization Other domains: Combinatorics, manipulating classes of combined Boolean algebraic expressions...