Representing Boolean Functions for Symbolic Model Checking Supratik
Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay
Example: 3 -bit Counter x 2 X 2’ X 1’ x 1 X 0’ x 0 Clk Model State transition graph defined by X 0’ = NOT(x 0) X 1’ = XOR(x 1, x 0) X 2’ = XOR(x 2, x 0. x 1) Property The state x 0, x 1, x 2 = 000 is always eventually reached from the current state. 2
Model Checking • Number of states, stored explicitly, may become too large (10120) • Symbolic model checking uses Boolean functions to compactly represent 4 Sets of states 4 Transition relation 4 Searching the states of the model translates to manipulation of Boolean functions 4 Satisfaction of a CTL property translates to satisfiability of an appropriate Boolean function. 3
Representing States and Transitions • For 3 -bit counter, 4 Set of states x 0, x 1, x 2 = {000, 011, 001} can be represented by S (x 0, x 1, x 2) = S(x) = x 0. 4 Set of state transitions can be represented by Tr (x 0, x 1, x 2, X 0’, X 1’, X 2’) = Tr (x, X’) = (X 0’ x 0) AND (X 1’ x 1 x 0)) AND (X 2’ x 2 (x 1. x 0)) 4
Post Image Computation • Post(S 0) = Set of states reachable in 1 step from S 0 4 Post(S 0) = {x | y in S 0 and Tr(y, x) = true} 4 Expressed as Boolean functions: Given S 0 (x 0, x 1, x 2), Post(S 0 (x 0, x 1, x 2)) = y 0 4 y 1 y 2. (S 0 (y 0, y 1, y 2) AND Tr(y 0, y 1, y 2 x 0, x 1, x 2)) Given functions S 0 and Tr, function for Post (S 0) obtained 5
Pre Image Computation • Pre(S 0) = Set of states from which a state in S 0 can be reached in 1 step 4 Pre(S 0) = {x | y in S 0 and Tr(x, y) = true} 4 Expressed as Boolean functions: Given S 0 (x 0, x 1, x 2), Pre(S 0 (x 0, x 1, x 2)) = y 0 4 y 1 y 2. (S 0 (y 0, y 1, y 2) AND Tr(x 0, x 1, x 2, y 0, y 1, y 2)) Given functions S 0 and Tr, function for Pre(S 0) obtained 6
Representing Boolean Functions • Need to represent and efficiently manipulate Boolean functions 4 Commonly used representations: g Truth table, Karnaugh map, canonical sum-of-products representation – Too large to represent functions of 100 s of variables • Size 2 n for n-argument function – Operations (e. g. AND, NOT) inefficient – Not appropriate for practical applications • e. g. , representing carry-out function of a 64 -bit adder, 7
![Binary Decision Diagrams • A graphical representation [Lee, Akers, Bryant] 4 Allows efficient representation](http://slidetodoc.com/presentation_image/2db6145da2ae506c1c95bd9351d32c39/image-8.jpg "Binary Decision Diagrams • A graphical representation [Lee, Akers, Bryant] 4 Allows efficient representation")
Binary Decision Diagrams • A graphical representation [Lee, Akers, Bryant] 4 Allows efficient representation & manipulation of Boolean functions in many practical cases 4 Enables efficient verification of a large class of designs 4 Worst-case behavior still exponential • Example: f = x 1. x 2 + x 3’ x 2 4 Represent as binary tree 4 Evaluating f: g g Start from root For each vertex labeled xi – take left branch if xi = 0 – else take right branch x 1 1 x 2 x 3 x 3 0 1 0 1 1 8
Binary Decision Diagrams • Underlying principle: Shannon decomposition g g g f(x 1, x 2, x 3) = x 1. f(1, x 2, x 3) + x 1’. f(0, x 2, x 3) = x 1. (x 2 + x 3’) + x 1’. (x 3’) Can be applied recursively to f(1, x 2, x 3) and f(0, x 2, x 3) x 1 – Gives tree x 2 Extend to n arguments • But number of nodes can be 1 exponential in number of arguments x 2 x 3 x 3 0 1 0 1 1 f = x 1. x 2 + x 3’ 9
Restrictions on BDDs • Ordering of variables 4 In all paths from root to leaf, variable labels of nodes must appear in a specified order x 1 x 3 • Reduced graphs 4 No two distinct vertices must 1 represent the same function 4 Each non-leaf vertex must have distinct children x 2 x 2 x 3 0 1 0 1 1 f = x’ 1. x’ 2 + x 1. x 3’ REDUCED ORDERED BDD (ROBDD): Directed Acyclic Graph 10
ROBDDs x 1 • Example: f = x 1. x 2 + x 3’ • Properties x 2 x 3 4 Unique (canonical) representation of 0 f for given ordering of variables g Checking f 1 = f 2 reduces to checking if ROBDDs are isomorphic 1 4 Shared subgraphs: size reduction 4 Every path doesn’t have all labels x 1, x 2, x 3 4 Every non-leaf vertex has a path to 0 and 1 So far good ! x 1 x 2 x 3 x 3 0 1 0 1 1 11
Variable Ordering Problem f = x 1. x 2 + x 3. x 4 + x 5. x 6 1 1 3 5 2 3 5 5 2 2 2 4 3 5 4 2 5 4 6 6 0 1 Order 1, 3, 5, 2, 4, 6 0 1 Order 1, 2, 3, 4, 5, 6 12
Variable Ordering Problem • ROBDD size 4 Extremely sensitive to variable ordering g f = x_1. x_2 + x_3. x_4 + … x_2 n-1. x_2 n – 2 n+2 vertices for order 1, 2, 3, 4… 2 n-1, 2 n – 2 n+1 vertices for order 1, n+1, 2, n+2, …n, 2 n 4 Non-exponential regardless of variable ordering g f = x 1. x 2. x 3…. xn – n+2 vertices for all orderings 4 Exponential regardless of variable ordering g Output functions of integer multipliers [Bryant] • Determining best variable order for a function is computationally intractable 4 Heuristics: Static ordering, Dynamic ordering 13
Operations on BDDs Operation • Reduce Complexity O(|G|) 4 G reduced to canonical form • Apply O(|G 1||G 2|) 4 Any binary Boolean op: AND, XOR … ) • Compose O(|G 1|2|G 2|) 4 f(x 1, x 2, x 5) composed with g(x 3, x 4) at position of x 2 is: f(x 1, g(x 3, x 4), x 5) • Satisfy-one O(n) 4 Find one assignment of x 1, x 2, … xn for which f(x 1, x 2, … xn) = 1 • Restrict 4 Find ROBDD for f(x 1, x 2, …, 1, . . . xn) or f (x 1, x 2, … 0 … xn) O(|G|) 14
Operations on BDDs • Complexity polynomial in size of BDDs 4 If size can be kept under control, we are in business! 4 BDD size limiting factor in most applications 4 Ongoing research on variable ordering problem • If arguments to an operation are ROBDDs, result is also an ROBDD. • Quantification expressed as: x 1. f(x 1, x 2, x 3) = f(0, x 2, x 3) + f(1, x 2, x 3) 4 x 1. f(x 1, x 2, x 3) = f(0, x 2, x 3). f(1, x 2, x 3) 4 Useful in model checking if functions can be represented compactly 4 15
Neat tricks in BDD packages • Shared BDDs (SBDDs) 4 Multiple functions represented simultaneously as a multi- rooted DAG. 4 Each root and descendants form an ROBDD 4 Different roots can share subgraphs 4 Variable ordering same for all functions represented • Representing functions using ITE operator 4 if-then-else (x, y, z) = x. y + x’z 4 Natural implementation using BDDs 4 Can express any binary Boolean operation using ITE g NAND(x, y) = ITE(x, y’, 0); NOT(x) = ITE(x, 0, 1) 4 Efficient algorithm for computing ITE with ROBDDs exist 16
Neat tricks in BDD packages • Complement edges 4 If a vertex is reached by a complement edge, take the complement of the function represented by the vertex 4 Simplifies complementation 4 Saves duplication of computation • Hash Tables and Caches 4 Facilitates identifying ROBDD node for an already computed function 4 Avoids computation duplication 4 Very effective in practice f = x 1. x 2 + x 3’ x 1 x 2 x 3 0 1 f = x 1. x 2’x 3 + x 1’x 3’ x 1 x 2 x 3 0 1 17
BDD Packages Out There • • • CUDD package (Colorado University) CMU BDD package Ti. Ge. R (commercial package) CAL (University of California, Berkeley) EHV. . . 18
Applications of BDDs • Extensively used in CAD applications for digital hardware • Some Interesting applications 4 Combinational logic verification g Is a combinational circuit functionally equivalent to another? 4 Sequential machine equivalence g g Using combinational equivalence of next-state logic For representing transition relations and state spaces in symbolic methods 4 Symbolic model checking 4 Test pattern generation g Automatic Test Pattern Generation (ATPG) essentially tries to come up with satisfying instances of a Boolean formula 19
Applications of BDDs 4 Timing verification g g For representing false paths in a circuit succinctly For representing discretized time encoded as binary values 4 Representing sets using characteristic functions 4 Symbolic simulation g g Assign variables and/or constants to circuit inputs and determine output values in terms of variables Representing sets of constant values 4 Logic synthesis and optimization • Other domains: Combinatorics, manipulating classes of combined Boolean algebraic expressions. . . 20
- Slides: 20
