Presentation is loading. Please wait.

Presentation is loading. Please wait.

Binary Decision Diagrams and Symbolic Model Checking Randy Bryant CMU Ed Clarke CMU Ken McMillan Cadence Allen Emerson U.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Binary Decision Diagrams and Symbolic Model Checking Randy Bryant CMU Ed Clarke CMU Ken McMillan Cadence Allen Emerson U."— Presentation transcript:

1 Binary Decision Diagrams and Symbolic Model Checking http://www.cs.cmu.edu/~bryant Randy Bryant CMU Ed Clarke CMU Ken McMillan Cadence Allen Emerson U Texas

2 – 2 – Binary Decision Diagrams Restricted Form of Branching Program Graph representation of Boolean function Canonical form Simple algorithms to construct & manipulate Application Niche Problems expressed as Quantified Boolean Formulas A lot of interesting problems are in PSPACE Symbolic Model Checking Prove properties about large-scale, finite-state system Successfully used to verify hardware systems

3 – 3 – Boolean Function as Language Truth Table Language View n-variable Boolean function as language  {0,1} n Reduced DFA is canonical representation DFA {011, 101, 111 } 01 1 0,1 1

4 – 4 – From DFA to OBDD Canonical representation of Boolean function Two functions equivalent if and only if graphs isomorphic Desirable property: simplest form is canonical. 01 1 0,1 1 x1x1 x2x2 x2x2 x3x3 1 x1x1 x2x2 x3x3 1 x1x1 x2x2 x3x3 10

5 – 5 – Representing Circuit Functions Functions All outputs of 4-bit adder Functions of data inputs Shared Representation Graph with multiple roots 31 nodes for 4-bit adder 571 nodes for 64-bit adder  Linear growth

6 – 6 – Effect of Variable Ordering Good OrderingBad Ordering Linear GrowthExponential Growth

7 – 7 – Sample Function Classes Function ClassBestWorstOrdering Sensitivity ALU (Add/Sub)linearexponentialHigh SymmetriclinearquadraticNone MultiplicationexponentialexponentialLow General Experience Many tasks have reasonable OBDD representations Algorithms remain practical for up to 500,000 node OBDDs Heuristic ordering methods generally satisfactory

8 – 8 – Symbolic Manipulation with OBDDs Strategy Represent data as set of OBDDs Identical variable orderings Express solution method as sequence of symbolic operations Sequence of constructor & query operations Similar style to on-line algorithm Implement each operation by OBDD manipulation Do all the work in the constructor operations Key Algorithmic Properties Arguments are OBDDs with identical variable orderings Result is OBDD with same ordering Each step polynomial complexity

9 – 9 – Arguments I, T, E Functions over variables X Represented as OBDDsResult OBDD representing composite function (I  T)  (  I  E) If-Then-Else Operation Concept Basic technique for building OBDD from logic network or formula.

10 – 10 – Argument IArgument TArgument ERecursive Calls If-Then-Else Execution Example Optimizations Dynamic programming Early termination rules

11 – 11 – Recursive CallsWithout ReductionWith Reduction If-Then-Else Result Generation Recursive calling structure implicitly defines unreduced BDD Apply reduction rules bottom-up as return from recursive calls

12 – 12 – Restriction Operation Concept Effect of setting function argument x i to constant k (0 or 1). Also called Cofactor operation (UCB)

13 – 13 – Argument F Restriction Execution Example 0 a b c d 1 0 a c d 1 Restriction F[b=1] 0 c d 1 Reduced Result

14 – 14 – And(F, G) Or(F, G) If-Then-Else(F, G, 0) If-Then-Else(F, 1, G) Derived Algebraic Operations Other operations can be expressed in terms of If-Then-Else

15 – 15 – Generating OBDD from Network NetworkEvaluation Task: Represent output functions of gate network as OBDDs. Resulting Graphs A  new_var ("a"); B  new_var ("b"); C  new_var ("c"); T1  And (A, 0, B); T2  And (B, C); Out  Or (T1, T2);

16 – 16 – Functional Composition Create new function by composing functions F and G. Useful for composing hierarchical modules.

17 – 17 – x i –1 x i +1 x n x 1 F    x i F Variable Quantification Eliminate dependency on some argument through quantification Combine with AND for universal quantification.

18 – 18 – Finite State System Analysis Systems Represented as Finite State Machines Sequential circuits Communication protocols Synchronization programs Analysis Tasks State reachability State machine comparison Temporal logic model checking Traditional Methods Impractical for Large Machines Polynomial in number of states Number of states exponential in number of state variables. Example: single 32-bit register has 4,294,967,296 states!

19 – 19 – Temporal Logic Model Checking Verify Reactive Systems Construct state machine representation of reactive system Nondeterminism expresses range of possible behaviors “Product” of component state machines Express desired behavior as formula in temporal logic Determine whether or not property holds Traffic Light Controller Design Traffic Light Controller Design “It is never possible to have a green light for both N-S and E-W.” Model Checker True False + Counterexample

20 – 20 – Set Operations UnionIntersection Characteristic Functions Concept A  {0,1} n Set of bit vectors of length n Represent set A as Boolean function A of n variables X  A if and only if A(X ) = 1

21 – 21 – Nondeterministic FSM Symbolic Representation o 1,o 2 encoded old state n 1,n 2 encoded new state 00 10 01 11 o 2 o 1 1 n 2 0 n 1 o 2 Symbolic FSM Representation Represent set of transitions as function  (Old, New) Yields 1 if can have transition from state Old to state New Represent as Boolean function Over variables encoding states

22 – 22 – Reachability Analysis  old state new state 0/1 Task Compute set of states reachable from initial state Q 0 Represent as Boolean function R(S) Never enumerate states explicitly GivenCompute Initial

23 – 23 – R0R0 00 Breadth-First Reachability Analysis R i – set of states that can be reached in i transitions Reach fixed point when R n = R n+1 Guaranteed since finite state 00 10 01 11 R1R1 R0R0 00 01 R2R2 R1R1 R0R0 00 0110 R3R3 R2R2 R1R1 R0R0 00 0110

24 – 24 – Iterative Computation R i +1 – set of states that can be reached i +1 transitions Either in R i or single transition away from some element of R i R i  R i  R i+1 old new

25 – 25 – Symbolic FSM Analysis Example K. McMillan, E. Clarke (CMU) J. Schwalbe (Encore Computer) Encore Gigamax Cache System Distributed memory multiprocessor Cache system to improve access time Complex hardware and synchronization protocol.Verification Create “simplified” finite state model of system (10 9 states!) Verify properties about set of reachable states Bug Detected Sequence of 13 bus events leading to deadlock With random simulations, would require  2 years to generate failing case. In real system, would yield MTBF < 1 day.

26 – 26 – System Modeling Example Gigamax Memory System Simplifying Abstractions Single word cache Single bit/word Abstract other clusters Imprecise timing Interface Cluster #2 Abstraction Cluster #3 Abstraction Interface Mem. Cache Control. Cache Control. Global Bus Cluster #1 Bus Proc. Arbitrary reads & writes

27 – 27 – Commercial Applications of Symbolic Model Checking Several Commercial Tools Difficult training and customer support Most Large Companies Have In-House Versions IBM, Lucent, Intel, Motorola, SGI, Fujitsu, Siemens, … Many based on McMillan’s SMV program Requires Sophistication Beyond that of mainstream designers

28 – 28 – Application Challenge Cannot Apply Directly to Full Scale Design Verify smaller subsystems Verify abstracted versions of full system Must understand system & tool to do effectively System Size Degree of Concurrency Challenging Systems to Design Model checking Capacity

29 – 29 – Real World Issues Still Too Volatile Fail by running out of space Useless once exceed physical memory capacity Ongoing Research to Improve Memory Performance Dynamic variable ordering Exploiting modularity of system model Partitioned transition relations Exploiting parallelism Map onto multiple machines Difficult program for parallel computation »Dynamic, irregular data structures

30 – 30 – Dynamic Variable Reordering Richard Rudell, Synopsys Periodically Attempt to Improve Ordering for All BDDs Part of garbage collection Move each variable through ordering to find its best location Has Proved Very Successful Time consuming but effective Especially for sequential circuit analysis

31 – 31 – Best Choices Dynamic Reordering By Sifting Choose candidate variable Try all positions in variable ordering Repeatedly swap with adjacent variable Move to best position found

32 – 32 – b 1 b 1 b 2 b 2 b 2 b 2 efgh ij b 1 b 1 b 2 b 1 b 2 b 1 e f ghij Swapping Adjacent Variables Localized Effect Add / delete / alter only nodes labeled by swapping variables Do not change any incoming pointers

33 – 33 – Tuning of BDD Packages Cooperative Effort Bwolen Yang, in cooperation with researchers from Colorado, Synopsys, CMU, and T.U. Eindhoven Measure & improve performance of BDDs for symbolic model checkingMethodology Generated set of benchmark traces Run 6 different packages on same machine Compare results and share findings Cooperative competition

34 – 34 – Effect of Optimizations Compare pre- vs. post-optimized results for 96 runs 6 different BDD packages 16 benchmark traces each Limit each run to maximum of 8 CPU hours and 900 MB Measure speedup = T old / T new or: New:Failed before but now succeeds Fail:Fail both times Bad:Succeeded before, but now fails

35 – 35 – Optimization Results Summary Cumulative Speedup Histogram 22 33 61 75 76 13 6 1 6 0 10 20 30 40 50 60 70 80 >100 >5>1>0 speedups # of cases >10 >2 >0.95 new bad failed

36 – 36 – What’s Good about OBDDs Powerful Operations Creating, manipulating, testing Each step polynomial complexity Graceful degradation Generally Stay Small Enough Especially for digital circuit applications Given good choice of variable ordering Weak Competition No other method comes close in overall strength Especially with quantification operations

37 – 37 – Thoughts on Algorithms Research Need to be Willing to Attack Intractable Problems Many real-world problems NP-hard No approximations for verification Who Works on These? Mostly people in application domain Most work on BDDs in computer-aided design conferences Not by people with greatest talent in algorithms No papers in STOC/FOCS/SODA Probably many ways they could improve things Fundamental dilemma Can only make weak formal statements about efficiency Utility demonstrated empirically

Download ppt "Binary Decision Diagrams and Symbolic Model Checking Randy Bryant CMU Ed Clarke CMU Ken McMillan Cadence Allen Emerson U."

Similar presentations

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
1 Title Page Implicit and Explicit Reachable State Space Exploration Of Esterel Logical Circuits Advisor :

1 Title Page Implicit and Explicit Reachable State Space Exploration Of Esterel Logical Circuits Advisor :
Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.

Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
BDDs & Theorem Proving Binary Decision Diagrams Dr. Eng. Amr T. Abdel-Hamid NETW 703 Winter 2012 Network Protocols Lectures are based on slides by: K.

BDDs & Theorem Proving Binary Decision Diagrams Dr. Eng. Amr T. Abdel-Hamid NETW 703 Winter 2012 Network Protocols Lectures are based on slides by: K.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Planning based on Model Checking Dept. of Information Systems and Applied CS Bamberg University Seminar Paper Svetlana Balinova.

Planning based on Model Checking Dept. of Information Systems and Applied CS Bamberg University Seminar Paper Svetlana Balinova.
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
CS357 Lecture: BDD basics David Dill 1. 2 BDDs (Boolean/binary decision diagrams) BDDs are a very successful representation for Boolean functions. A BDD.

CS357 Lecture: BDD basics David Dill 1. 2 BDDs (Boolean/binary decision diagrams) BDDs are a very successful representation for Boolean functions. A BDD.
Timed Automata.

Timed Automata.
Model Checking : Making Automatic Formal Verification Scale Shaz Qadeer EECS Department University of California at Berkeley.

Model Checking : Making Automatic Formal Verification Scale Shaz Qadeer EECS Department University of California at Berkeley.
ECE 667 - Synthesis & Verification 1 ECE 667 Synthesis and Verification of Digital Systems Formal Verification Combinational Equivalence Checking.

ECE Synthesis & Verification 1 ECE 667 Synthesis and Verification of Digital Systems Formal Verification Combinational Equivalence Checking.
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.

Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.
SYMBOLIC MODEL CHECKING: 10 20 STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.

SYMBOLIC MODEL CHECKING: STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.
CS 267: Automated Verification Lecture 7: SMV Symbolic Model Checker, Partitioned Transition Systems, Counter-example Generation in Symbolic Model Checking.

CS 267: Automated Verification Lecture 7: SMV Symbolic Model Checker, Partitioned Transition Systems, Counter-example Generation in Symbolic Model Checking.
A Performance Study of BDD-Based Model Checking Bwolen Yang Randal E. Bryant, David R. O’Hallaron, Armin Biere, Olivier Coudert, Geert Janssen Rajeev K.

A Performance Study of BDD-Based Model Checking Bwolen Yang Randal E. Bryant, David R. O’Hallaron, Armin Biere, Olivier Coudert, Geert Janssen Rajeev K.
CSEP590 – Model Checking and Software Verification University of Washington Department of Computer Science and Engineering Summer 2003.

CSEP590 – Model Checking and Software Verification University of Washington Department of Computer Science and Engineering Summer 2003.

Similar presentations

Ads by Google