Algorithmic Software Verification - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Algorithmic Software Verification

Description:

Combine any isomorphic subtrees into a single tree ... isomorphic. Results in a canonical DAG for f ! Bottom-up procedure O(n log n) ... – PowerPoint PPT presentation

Number of Views:27
Avg rating:3.0/5.0
Slides: 25
Provided by: MAD5159
Category:

less

Transcript and Presenter's Notes

Title: Algorithmic Software Verification


1
Algorithmic Software Verification
  • V VI. Binary decision diagrams

2
References
  • Symbolic model checking
  • An approach to the state explosion problem
  • Ken McMillan 1992
  • Graph-based algorithms for Boolean Function
    Manipulation
  • Randal Bryant, 1986

3
Boolean EFSMs with 1 location
  • EFSMs with boolean variables one location and no
    alphabet
  • EFSM ( X, G_in, T )
  • X finite set of boolean variables
  • Gin predicate over X
  • T transition relation
  • (g(X), A(X))

4
Symbolic representation
  • A relation on states is a subset of (S x S).
  • Represent a relation R as a boolean formula over
    (X ? X)
  • where X x x is in X
  • The transition relation is really presented this
    way
  • formula OR(g(X), A(X)) G(x) gt A(X,
    X) and all other vars

  • remain the same

5
Reachability
  • S0 States satisfying Gin
  • Si1 Si ? s ? s ? Si, (g, A) ? T,
  • s g, s
    sA
  • Captures breadth-first search.

6
Reachability
  • S0 States satisfying Gin
  • Si1 Si ? s ? s ? Si, (g, A) ? T,
  • s g, s
    sA
  • Symbolically
  • R0(X) Gin(X)
  • Ri1(X) Ri(X) ? ? Z. ( Ri (Z) ? T(Z,X) )
  • We need a representation of boolean formulas that
    supports the crucial ops
  • And, Or, Existential quantification

7
Binary decision diagrams
  • Intuition
  • To represent a boolean function f(X)
  • Fix an ordering of the variables X.
  • Take the decision tree of f corresponding
    this ordering.
  • Now
  • - Combine any isomorphic subtrees into a
    single tree
  • - Eliminate nodes whose left and right
    child are
  • isomorphic.
  • Results in a canonical DAG for f !
  • Bottom-up procedure ? O(n log n)

8
Definition of BDDs
  • Let V lt v1, v2 , vn gt.
  • A BDD is a DAG with terminals 0 and 1, and
    every
  • other vertex has two children, the left or
    0-child and
  • the right or 1-child.
  • Inductively
  • a) 0 is a BDD dim(0)0 represents False
  • b) 1 is a BDD dim(1) 0 represents True
  • c) if d and e are distinct BDDs dim(d) lt i,
    dim(e) lt i,
  • then g(vi , d, e) is a BDD, dim(g) i
  • and represents the function
  • (xi false) and fd or (xi
    true) and fe

9
Canonicity
  • If d and e are two vertices of a BDD and
  • fd fe, then de.
  • Proof
  • By simultaneous indn over dim(d) and dim(e).
  • base case (0,0)
  • induction step
  • - consider (i,i)
  • - consider (i,j) where igtj.

10
Canonicity
  • Lemma
  • Given a function f (V), there exists a BDD(V)
    which
  • corresponds to it.
  • Proof
  • By induction on the greatest i such that
  • fvi ? 0 is not same as fvi ? 1

11
Applying AND
  • Given BDDs p and q, construct BDD r for fp ? fq
  • If dim(p) dim(q), then
  • if p (vi , lp, hp) and q (vi , lq,
    hq)
  • then
  • rvi ? 0 pvi ? 0 ? qvi ? 0
  • rvi ? 1 pvi ? 1 ? qvi ? 1
  • If dim(p) gt dim(q), then
  • then p is a non-terminal and
  • rvi ? 0 pvi ? 0 ? q
  • rvi ? 0 pvi ? 0 ? q

12
Applying OR
  • Given BDDs p and q, construct BDD r for fp ? fq
  • If dim(p) dim(q), then
  • if p (vi , lp, hp) and q (vi , lq,
    hq)
  • then
  • rvi ? 0 pvi ? 0 ? qvi ? 0
  • rvi ? 1 pvi ? 1 ? qvi ? 1
  • If dim(p) gt dim(q), then
  • then p is a non-terminal and
  • rvi ? 0 pvi ? 0 ? q
  • rvi ? 0 pvi ? 0 ? q

13
Applying AND and OR
  • Given BDDs p and q, construct BDD r for fp ? fq
  • and fp ? fq
  • - Recursively combine left children of p and q
    to get r,
  • and right children of p and q to get s
  • - Create a node with r and s as children
  • - For base nodes, 0?00?10?10 1?11
  • 0?00 0?1 1?0
    1?1 1
  • Can be done with O(p.q) subproblems dynamic
    programming
  • - For each node r in p, and s in q, (r,s) is
    called only once.
  • - Keep track of results for each (r,s)
  • Hence algorithm is O(p.q) and resulting BDD
    is also O(p.q).
  • Lower bound There exist functions p and q such
    that
  • r is O(p.q).

14
Applying NOT
  • Switch 0 and 1.

15
Restriction
  • For a function f,
  • f?(vb) (A) f(A ? (vb))
  • Given BDD for f, compute BDD for f?(vb)
  • - Traverse BDD for f
  • - Turn any edge pointing to v to now point to v
  • - Reduce the BDD (O(nlog n) time)

16
Existential quantification (EXISTS)
  • For a function f,
  • ? v f (A) f?(v0) (A) ? f?(v1) (A)
  • Given BDD for f, we can compute BDD for ? v f (A)
  • in O(n2) time.
  • Universal quantification is dual.

17
AndExists
  • ? Z. ( Ri (Z) ? T(Z,X) )
  • - Can combine the AND and EXISTS algorithms
  • so that BDD has only X variables (and not
  • 2X variables)

18
Deciding questions on BDDs
  • - Satisfiability
  • Given BDD p representing f, is f
    satisfiable?
  • If so give one.
  • O(n) time
  • Give all satisfying assignments Sf
    O(n.Sf) time

19
Model-checking using BDDs
  • Reachability( X, Gin(X), T(X,X), F(X))
  • X vars Gin , T(X,X) and F are BDDs
  • R0 R0
  • do
  • R R
  • R R ? ? Z. ( Ri (Z) ? T(Z,X) )
  • while (R?R or R?F ? 0)
  • if (R?F 0) report Unreachable
  • else report Reachable

20
Model-checking using BDDs
  • Safety( X, Gin(X), T(X,X), F(X))
  • X vars Gin , T(X,X) and F are BDDs
  • R0 R0
  • do
  • R R
  • R R ? ? Z. ( Ri (Z) ? T(Z,X) )
  • while (R?R or R?F ? 0)
  • if (R?F 0) report Unsafe
  • else report Safe

21
Model-checking using BDDs
  • Other methods possible and are done
  • -- Backward search from F
  • -- Onion-ring approach
  • -- Examples for reachability/
  • Counterexamples for safety.

22
Implementing BDDs
  • BDD packages available
  • CuDD --- Fabio Somenzi, Colarado Univ.
  • VIS --- Colorado, Berkeley
  • Model checking in practice is resplendent
  • with heuristics
  • -- Forward/Backward
  • -- Variable ordering
  • Eg. In T(X,X) order x just after x
  • -- Support finite domains directly (MDDs)
  • -- Partitioning of transitions/network
  • -- Choosing right frontiers

23
To continue
  • See McMillans thesis where he models a
    synchronous fair bus arbiter circuit.
  • See table of states, BDD size and time
  • Wants to check
  • - No two acks are asserted simultaneously
  • - Every persistent request is eventually ack-ed
  • - Ack is not asserted without a request.
  • Not really safety/reachability properties
  • so how do we state and check these specs?
  • Temporal logics! Next class CTL

24
Homework 3
  • 1. For any n, show that there is a BDD pn over
  • n variables representing a set Sn such that
  • both Sn and the complement (Sn )c are
    both O(2n)
  • but pn is of size O(n).
  • 2. For any n, show that there is a set Sn over
    a set V
  • of n variables, such that
  • --- There is one ordering of V such that
    BDD for Sn
  • is O(n)
  • --- There is another ordering of V such
    that BDD
  • for Sn is O(2n).
  • See course webpage for hints.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Algorithmic Software Verification" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!