PART: FILE:
.1
BDDs and MDDs
for state-space generation
and symbolic model checking
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Guidelines and tips
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community
Ask the community for help and clear up your study doubts
University Rankings
Discover the best universities in your country according to Docsity users
Free resources
Our save-the-student-ebooks!
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
BDDs and MDDs for State-space Generation and Symbolic Model Checking | CS 246, Study notes of Computer Science
Material Type: Notes; Professor: Ciardo; Class: ADV VERIF TECH IN SOFTWARE ENGIN; Subject: Computer Science; University: University of California-Riverside; Term: Unknown 1989;
Typology: Study notes
2009/2010
1 / 50
This page cannot be seen from the preview
Don't miss anything!
Related documents
Partial preview of the text
Download BDDs and MDDs for State-space Generation and Symbolic Model Checking | CS 246 and more Study notes Computer Science in PDF only on Docsity!
PART:
FILE:
.
BDDs and MDDs
for state-space generation
and symbolic model checking
PART:
FILE:
BDD/binary-decision-diagramsMOD.tex
(Reduced ordered) binary decision diagrams (BDDs)
“Graph-based algorithms for boolean function manipulation”
Randy Bryant (Carnegie Mellon University)
IEEE Transactions on Computers, 1986
CiteSeer most cited document!
0
1
x 1 x 2 + x 1
x
x
x
x
x
x
x
x
x
x
x
x
1 + ( x 4 + x 3
x
x
x )
1
x 2 x 3 x 4 x 2
0 -edge
1 -edge
BDDs are a
canonical
representation of boolean functions
f : B L → B
For the
root
node,
f (^) ( x
4 (^) = 0
(^) x
3 (^) = 1
(^) x
2 (^) = 1
(^) x
1 (^) = 0
f (^) ( x
4 (^) = 0
x
3
= 1
x
2
= 1
x
1
= 1
PART:
FILE:
BDD/bdd-def.tex
Canonical versions of BDDs
For
canonical
BDDs, we further require that
There are no
duplicates
: if
p.lvl
q.lvl
and
p [0] =
q [0]
and
p [1] =
q [1]
, then
p
=
q
Then, if the BDD is
quasi-reduced
, there is
no level skipping
:
The only
root
nodes with no incoming arcs are at level
L
The children
p [0]
and
p [1]
of a node
p
are at level
p.lvl
Or, if the BDD is
fully-reduced
, there is
maximum level skipping
:
There are no
redundant
nodes
p
satisfying
p [0] =
p [1]
Both versions are
canonical
, if functions
f
and
g
are encoded using BDDs:
Satisfiability,
f
, or equivalence,
f
g
O
Conjunction,
f
g , disjunction,
f
g , relational product:
O
f (^) || × ||
g || ) , if fully-reduced
. ∑ L ≥ k ≥ 1 O (
f (^) ||
k
× ||
g || k ) , if quasi-reduced
f (^) ||
= number of nodes in the BDD encoding
f
f (^) ||
k
= number of nodes at level
k
in the BDD encoding
f
PART:
FILE:
BDD/bdd-def.tex
Quasi-reduced vs. fully-reduced BDDs
x 4 x 3 (^) x
2 (^) x
1
- (
x 4
x 3 ) (
x 2 + x 1 ) 0 1
0
1
0
1
0
1
0
1
0
1
x 3 x 2 (^) x
1
x 3 (^) ( x 2 + x 1 )
x 2 x 1 x 2 + x 1
x 1
1
0
0
1
0
1
0
1
0
1
x 2 + x 1 x 1
x 2
x 3
x 4 x 4 x 3
(^) x
2 (^) x
1
- (
x 4
x 3 ) (
x 2 + x 1 ) 0 1
0
1
0
1
0
1
0
1
0
1
x 3 x 2 (^) x
1
x 3 (^) ( x 2 + x 1 )
x 2 x 1 x 2 + x 1
x 1
1
0
Fully-reduced BDDs: each node
in the BDD
encodes a different function
Quasi-reduced BDDs: each node
at a given level of the BDD
encodes a different function
PART:
FILE:
BDD/ite.tex
ITE
: the if-then-else operator
Any function
f : B L → B
of
L
variables
x L
,... ,
(^) x
1
can be expressed as
a
boolean vector
of size
L , or a
full binary tree
of height
L
an
expression
over
x
L ,... ,
(^) x
1
using the operator set
, {¬
, or
a
disjunctive normal form (DNF)
expression over
x
L ,... ,
(^) x
1
d D
C d
c
t d,c
where each
t d,c
is either
x k
or its complement
x
k , also written as
x k
a
conjunctive normal form (CNF)
expression over
x
L ,... ,
x 1
c C
D
c
d
t c,d
where each
t c,d
is either
x k
or its complement
x
k , also written as
x k
an
expression
over
x
L ,... ,
(^) x
1
using only the
ITE
operator and the constants
and
ITE
f, g, h
) = ( f ∧ g ) ∨ ( ¬ f ∧ h )
an
if-then-else normal form (INF)
expression over
x L
,... ,
x 1
where variables appear only in
tests, i.e., as the first parameter of
ITE
f
ITE
f,
f
g
=
ITE
f,
ITE
g,
f
g
=
ITE
f,
ITE
g,
(^1)
,
f
g
=
ITE
f,
ITE
g,
f
g
=
ITE
f,
ITE
g,
ITE
g,
PART:
FILE:
BDD/ite.tex
ITE
, Shannon expansion, and BDDs
Let
f (^) [ c/x
]
be the expression obtained from
f
by substituting variable
x
with the constant
c
∈
B
Then,
f
ITE
x, f
[
/x
]
, f
[
/x
])
is the
Shannon expansion
of
f
with respect to
x
Given an arbitrary boolean expression
f
over
x
L ,... ,
(^) x
1 , we can put it in INF as follows:
let
f 0
be
f (^) [
/ x L ] f 0
does not contain
x
L
let
f 1
be
f (^) [
/ x L ] f 1
does not contain
x
L
let
f 00
be
f 0 [
/ x L − 1 ] f
00
contains neither
x
L
nor
x L −
1
let
f 01
be
f 0 [
/ x L − 1 ] f
01
contains neither
x
L
nor
x L −
1
let
f 10
be
f 1 [
/ x L − 1 ] f
10
contains neither
x
L
nor
x L −
1
let
f 11
be
f 1 [
/ x L − 1 ] f
11
contains neither
x
L
nor
x L −
1
...
f
ITE
x
L , (^) ITE
x
L −
1 ,
f 11
f 10
f 1
ITE
x L −
1 ,
f 01
f 00
f 0
PART:
FILE:
FOILS/ut-and-cache.tex
The unique table and the operation cache
To ensure canonicity, all decision diagram operations use a
Unique Table
(a hash table):
Search key
: the node’s level and sequence of children’s
node
id
s
Return value
: a
node
id
Alternative: one UT per level, no need to store the node’s level, but more fragmentation
All (non-dead) nodes are referenced by the UT
Collisions must be
lossless
, multiple nodes with different
node
id
may have the same
hash
val
With the UT, we avoid
duplicate nodes
To achieve polynomial complexity, all operations use an
Operation Cache
(a hash table):
Search key
: OpCODE
and sequence of operands’
node
id
s
Return value
: node
id
Alternative: one OC per operation type, no need to store
OpCODE
(^) , but more fragmentation
Before computing
OpCODE
node
id
1 , node
id
2 , ...
, we search the OC
If the search is successful, we avoid recomputing a result
Collisions can be either
lossless
or
lossy
With the OC, we consider
every node combination
instead of
every path combination
PART:
FILE:
BDD/apply.tex
IT E
and the
Apply
operator for fully-reduced BDDs
11
The
if-then-else
, or
ITE
, ternary operator is defined as
ITE
f, g, h
f ∧ g ) ∨ ( ¬ f ∧ h )
Let
f (^) [ c/x
k ] be the function obtained from
f
by substituting variable
x k
with the constant
c
∈
B
Then,
f
ITE
x k , f
[
/x
k ] , f
[
/x
k ])
is the
Shannon expansion
of
f
with respect to variable
x k
For any binary boolean operator
:
ITE
x, u, v
ITE
x, y, z
ITE
x, u
y, v
z )
This is the basis for the
recursive
BDD operator
Apply
bdd Apply
( operator
⊙
, (^) bdd
p,
(^) bdd
q ) is
fully-reduced version
local
bdd
r ;
1 if
p
∈ {
0 , (^1)
}
and
q
∈ {
0 , (^1)
}
then return
p
⊙
q ;
2 if
Cache
contains entry
〈⊙
, p, q
: r 〉 then return
r ;
3 if
p.
lvl
=
q.
lvl
then
4
r
←
UniqueTableInsert
( p.
lvl
(^) , (^) Apply
( ⊙
, p
[0]
, q
[0])
, Apply
( ⊙
, p
[1]
, q
[1]))
;
5 else if
p.
lvl
q.
lvl
then
6
r
←
UniqueTableInsert
( p.
lvl
(^) , (^) Apply
( ⊙
, p
[0]
, q
) , (^) Apply
( ⊙
, p
[1]
, q
))
;
7 else since
p.
lvl
< q.
lvl
then
8
r
←
UniqueTableInsert
( q.
lvl
(^) , (^) Apply
( ⊙
, p, q
[0])
, (^) Apply
( ⊙
, p, q
[1]))
;
9 enter
〈⊙
, p, q
: r 〉 in
Cache
;
10 return
r ;
PART:
FILE:
BDD/relational-product.tex
Computing the relational product symbolically
Given an
L
-level BDD on
x L
, ..., x
1 )
rooted at
p ∗
encoding a set
Y ⊆
X
Given a
L
-level BDD on
x L
, x
L′ ..., x
1 , x
1 ′ ) rooted at
r ∗
encoding a function
N
X →
b X
RelationalProduct
p ∗ , r
∗ ) returns the root of the BDD encoding
j
: ∃ i ∈ Y ∧
j
∈ N
i ) }
bdd RelationalProduct
( bdd
p,
(^) bdd
r ) is
quasi-reduced version
local
bdd
q , q 1 , q 2 ;
1 if
p
=
0
or
r
=
0
then return
0 ;
2 if
p
=
1
and
r
=
1
then return
1 ;
3 if
Cache
contains entry
〈 RelationalProductCODE
(^) , p, r
: q 〉 then return
q ;
4
q 0
←
Union
( RelationalProduct
( p [0]
, r
[0][0])
, (^) RelationalProduct
( p [1]
, r
[1][0]))
;
5
q 1
←
Union
( RelationalProduct
( p [0]
, r
[0][1])
, (^) RelationalProduct
( p [1]
, r
[1][1]))
;
6
q
←
UniqueTableInsert
( p.lvl, q
0 , q
1 ) ;
7 enter
〈 RelationalProductCODE
(^) , p, r
: q 〉 in
Cache
;
8 return
q ;
PART:
FILE:
BDD/next-state-function.tex
BDD encoding of the next-state function
Given a current set of states
S
encoded as a BDD in
L
variables (
x L
, ..., x
1 )
Gievn the
next-state function
N
encoded as a BDD in
L
variables (
x L , x
L′
..., x
1 , x
1 ′ )
We compute the set of states
N
S
reachable from
S
in one step
x
1
x
2
x
3
x
4
x
1
x
2
x
3
x
4
x
1
x
2
x
3
x
4
x
1
x
2
x
3
x
4
x
1
x
2
x
3
x
4
SET
UNION
x
1
x
2
x
3
x
4
Iterations
to generate the state space
X
reach
:
max distance
d
of any state from initial states + 1
Peak
BDD size usually occurs well before reaching the
final
BDD for
X
reach
PART:
FILE:
SYMBOLIC-GENERATION/comparing.tex
Explicit vs. symbolic state space generation
Explicit generation of the state space
X
reach
adds
one state
at a time
memory
O
(states), increases linearly, peaks at the end
i [0℄
i [1℄
i [0℄
i [1℄
i [2℄
i [3℄
i [n ℄
i [0℄
i [1℄
i [0℄
i [2℄
i [1℄
i [0℄
i [2℄
i [3℄
i [1℄
i [0℄
i [2℄
i [3℄
i [n ℄
Symbolic generation of the state space
X
reach
with decision diagrams adds
sets of states
instead
memory
O
(decision diagram nodes), grows and shrinks, usually peaks well before the end
i L [0]
i L
[0]
i 2 [0]
i 1 [0]
i [0]
PART:
FILE:
MDD/mdd-def.tex
Ordered multiway decision diagrams (MDDs)
17
Assume a
domain
X
X
L
× · · · × X
1 , where
X k = { 0 , 1
, ..., n
k (^) −
, for some
n k
∈
N
Assume the
range
X
0
=
B
An MDD is an acyclic directed edge-labeled graph where:
The only
terminal
nodes can be
and
, and are at
level
.lvl
.lvl
A
nonterminal
node
p
is at a
level
k , with
L
k
p.lvl
k
For each
i k
∈ X
k , a nonterminal node
p
at level
k
has an outgoing edge pointing to
child
p [ i k ]
The level of a child is lower than that of
p p [ i k ]
.lvl < p.lvl
A node
p
at level
k
encodes the
function
v p
:
X →
B
defined recursively by
v p ( x L
, ..., x
1 ) =
p
if
k
v p [ x k (^) ] ( x L , ..., x
1 )
if
k >
Instead of levels, we can also talk of
variables
:
The terminal nodes are associated with the
range variable
x 0
A nonterminal node is associated with a
domain variable
x
k
, with
L
k
PART:
FILE:
MDD/mdd-def.tex
Quasi-reduced vs. fully-reduced MDDs
full storage quasi-reduced
full storagefully-reduced
0
1
0
1
2
0
1
0 1 2 0 1 2 3 0 1 2
0
1
2
0
1
0
1
2
0
1
2 0
1
0
1
x 1
x 2
x 3
x 4
0
1
0 1 2 3 0 1 2
0
1
2
0
1
2 0
1
2
0
1
What if we don’t know the range of each
X
k ?
We can simply assume
X
N
L
All but a finite number of edges point to
Only nodes encoding
are redundant
sparse storage
x 1
x 2
x 3
x 4
1
1
2
3
0
1
2
0
1
2
0
1
1
0
1
0
1
2
0
0
2
Fully-reduced MDDs: each node
in the MDD
encodes a different function
Quasi-reduced MDDs: each node
at a given level of the MDD
encodes a different function
PART:
FILE:
FOILS/set-encoded-by-mdd.tex
MDDs to encode sets
An important application of decision diagrams is to encode large sets to be manipulated
symbolically
To encode a set
Y ⊆
X
(^) , we store its
indicator function
f Y
in a decision diagram rooted at node
p :
i L , ..., i
1 )
∈ Y ⇔
f Y (^) ( i L , ..., i
1 ) = 1
⇔ v p ( i L
, ..., i
1 ) = 1
X 4 = { 0 ,
X 3 = { 0 ,
X 2 = { 0 ,
X 1 = { 0 ,
1
0
1
2
3
0 1 2 0 1 2 0 1 0 1 0 1 0 1 2 0 1 2 0 1 2 0 1 2
0 1 0 1 2 3
2
0
1
2
0
1
0
1
2
0
0
1
2
0
1
1
1
0