Symbolic Exploration of transition Hierarchies

In formal design verification, successful model checking is typically preceded by a laborious manual process of constructing design abstractions. We present a methodology for partially and in some cases, fully bypassing the abstraction process. For this purpose, we provide to the designer abstraction operators which, if used judiciously in the description of a design, structure the corresponding state space hierarchically. This structure can then be exploited by verification tools, and makes possible the automatic and exhaustive exploration of state spaces that would otherwise be out of scope for existing model checkers. Specifically, we present the following contributions: A temporal abstraction operator that aggregates transitions and hides intermediate steps. Mathematically, our abstraction operator is a function that maps a flat transition system into a two-level hierarchy where each atomic upper-level transition expands into an entire lower-level transition system. For example, an arithmetic operation may expand to a sequence of bit operations. A BDD-based algorithm for the symbolic exploration of multi-level hierarchies of transition systems. The algorithm traverses a level-n transition by expanding the corresponding level-(n-1) transition system on-thefly. The level-n successors of a state are determined by computing a level-(n-1) reach set, which is then immediately released from memory. In this fashion, we can exhaustively explore hierarchically structured state spaces whose flat counterparts cause memory overflows. We experimentally demonstrate the efficiency of our method with three examples a multiplier, a cache coherence protocol, and a multiprocessor system. In the first two examples, we obtain significant improvements in run times and peak BDD sizes over traditional state-space search. The third example cannot be model checked at all using conventional methods (without manual abstractions), but can be analyzed fully automatically using transition hierarchies. Comments University of Pennsylvania Department of Computer and Information Science Technical Report No. MSCIS-98-13. This technical report is available at ScholarlyCommons: http://repository.upenn.edu/cis_reports/105 !" # $ &%' ( ) (*!,+ .0/2131046587:9<;>=2= ?A@ BDC .FE 5HG IJ10K L0MNK OD10;>=2=2= P"; M:;2.FC&Q GR.0/0.,C .,K MTS U VXW2Y2Z0[]\FY_^a`>bdcTegf#h ikjml]n2oqpsr_b6t_n2fqpvuxw0i0yqpse_b zRo#{]w2w2n2o#oqc|{,j}haeFlDn jXw ~Dn2w _psb]rdpso yq€FFpsw0ikjvjs€ ]f#n2w2n2l]n2l ‚F€ai$j:i0‚"e_fqpseg{Doƒh i3bF{xikjm]f#eFw2n2o#o e0cmw2e_b]o#y#f#{Dw„yqpsbDral]n2oqpsrgb i0‚Do#y#f i0w2yqpse_b]o2…"†6n ]f#n2o#n2bFy‡i han2y#~]eFlDe0jse_r_€ˆcTegf8xi3f#yqp:i2jvjs€_‰Ši3b]l‹psbŒo#eghan w0i3o#n„o2zRcT{Fjvjs€_‰‹‚F€Fxi3o#oqp:b]rŒy#~]n i3‚]o#y#f i3w„yqpse_b‹]f#eFw2n2o#o2…ŽDegf8y#~Fpso D{]f#"ego#n_z* n Df#e0t_psl]ny#e y#~]n lDn2oqpsrgbDn„f i0‚Do#y#f i0w2yqpse_b e_xn2f i3y#egf#o$ ~Fpsw ~ zFpvcX{]o#n2l8‘’{DlFpsw pse_{]oqjs€ psb y#~]n l]n2o#w2fqps]yqpse_b6e3c}iAlDn„oqpsr_b z"o#y#f#{]w2y#{Df#nAy#~]n w2egf#f#n2o#"e_b]lFpsbDr o#y i3y#n o#xi3w„n ~,psn„f i3f#w ~,psw0i2jvjN€g…D“ ~Fpso o#y#f#{]w2y#{]f#n w0i0b8y#~]n2b ‚"n n2”FFjse3psy#n2l ‚F€ t_n„fqpvu"w0i0yqpse_by#eFe0jso2z"i0bDl h i0_n2oŽ"e_o#oqps‚Fjsn8y#~]nƒi3{]y#e_h i0yqpsw i3b]l n2”F~"i0{Do#yqpstgn8n„”F,jsegf i3yqpse_b e3c•o#y i3y#n o#"i0w2n2o*y#~"i0y Že_{Fjsldegy#~Dn„f# pso#nƒ‚"n e_{]y e0c o#w2eg"n$cTegfXn2”_pso#yqpsb]rahaeFl]n j w ~Dn2w _n„f#o2… –F"n2w pvuxw0ikjvjs€gzX n ]f#n2o#n2bFyƒy#~Dn c|e3jvjse0 psbDrHw2e_bFy#fqps‚]{DyqpsegbDo2— ˜š™ y#n2ha"egf ikj i3‚]o#y#f i3w2yqpsegbˆe_xn2f i3y#egfAy#~"i0y i3r_rgf#n2rFi0y#n2oAy#f i3b]oqpsyqpse_b]o i0bDl6~,psl]n2oApsb,› y#n2f#han„l,p:i0y#n o#y#n2]o2… œi0y#~Dn„h i3yqpsw0i2jvjs€_zƒe_{]fi3‚]o#y#f i3w„yqpse_be_xn2f i3y#egfdpsoHižcT{]bDw„yqpse_b y#~xi3yah i0DoHi Ÿ i0yay#f i3b]oqpsyqpse_bo#€Fo#y#n„h psbFy#e¡iyq e0›Tjsn2t_n jƒ~Fpsn2f i3f#w ~F€‹ ~]n2f#n nki3w ~ i3y#egh8psw {D]"n2fq›Tjsn2tgn j y#f i0bDoqpsyqpsegb‹n2”Fxi3b]lDoApsbFy#e6i3b6n2bFyqpsf#najse0 n2fq›Tjsn2tgn j y#f i3b]oqpsyqpse_b o#€Fo#y#n2h …•De_f n2”]i0haFjsn_zmi3b6i0fqpsy#~Dhan„yqpswae_"n„f i3yqpse_bh¢ik€Hn2”Fxi3b]l psbFy#e i o#n2£F{Dn„bDw2n e3c*‚Fpsy eg"n2f i0yqpse_b]o2… ˜š™¥¤ ¦ƒ¦ ›>‚xi3o#n2l6i2jsr_e_fqpsy#~]h§cTe_fŽy#~Dn o#€Fh8‚xe3jvpswan2”FFjse_f i0yqpse_bˆe0cXh {,jsyqpv›Tjsn2tgn jŽ~,psn2f i0fq› w ~,psn2oƒe3c*y#f i0bDoqpsyqpsegbˆo#€Fo#y#n2hao2…x“$~]n ikjsrge_fqpsy#~]h y#f iktgn2f#o#n2o ̈iJjsn2t_n jv›#©6y#f i3b]oqpsyqpse_bˆ‚F€ n2”Fxi3b]l,psb]r y#~Dnƒw2e_f#f#n„o#"e_b]l,psb]rdjsn„t_n jv› a>©J«6¬0­*y#f i3b]oqpsyqpse_bo#€Fo#y#n2hše_bF›qy#~]n ›TŸx€_…]“$~]n jsn2tgn jv›’©‹o#{Dw2w„n2o#o#e_f#oae0c ̈i o#y i3y#nHi3f#n l]n2y#n2f#h8psb]n2l¡‚F€ w„e_ha]{Dyqpsb]r¡idjsn2tgn jv› a>© «¬0­ f#n0i0w ~ o#n2y2zF ~Fpsw ~apso y#~]n2bapshahan„l,p:i0y#n js€ f#n jsnki3o#n2lacTf#egh'han2h‡e_f#€_…F`>bay#~Fpso c>i3o#~Fpse_b z  nHw0i3b®n2”F~"i0{Do#yqpstgn js€ ̄n2”F,jsegf#n ~Fpsn2f i0f#w ~Fpsw0ikjvj:€o#y#f#{]w2y#{Df#n„lo#y i3y#no#xi3w2n2o  ~]e_o#n Ÿ•i3y w2e_{]bFy#n2f#xi3f#y#oAw0i0{Do#nAh‡n2hae_f#€He0t_n2fqŸxe0$o2… ˜ †6n n2”Fxn2fqpshan2bFy i2jvjs€ lDn„hae_b]o#y#f i3y#n6y#~Dn6n ° w psn2bDw„€e3c e_{]f h‡n2y#~DeFl psy#~y#~]f#n2n n2”]i0ha,jsn„oq‰i6h8{Fjsyqps,jvpsn„f2z i w0i0w ~]n w2e_~]n2f#n2b]w2n Df#egy#eFw2e3jTzŽi0bDl¡i h {FjsyqpsDf#eFw2n„o#o#e_f o#€Fo#y#n2h …*`>bˆy#~Dn u"f#o#y‡yq en2”]i0haFjsn2o2z  n eg‚Dy i2psb‹oqpsr_bFpvuxw0i3bFy pshaDf#e0tgn2han2bFy#oapsb f#{]b±yqpshan„o6i3b]l±"nki3 ¤ ¦ƒ¦ oqps22n2o6e0t_n2fHy#f i3lFpsyqpse_bxikjHo#y i3y#n ›qo#xi3w„nˆo#n0i3f#w ~ … “$~]n y#~Fpsf#l n2”]i0haFjsnaw0i3b]b]e_yA‚"n haeFl]n j*w ~]n2w _n2l i3yƒi2jvj*{Doqpsb]rw2e_bFtgn2bFyqpse_bxikjŽhan2y#~]eFl]o aT psy#~Deg{Dyh¢i3bF{xikj¢i3‚]o#y#f i3w2yqpsegbDo ­ zƒ‚D{]yw0i0b‚"n¡i3bxikjs€F2„n2l±cT{Fjvjs€ ̄i3{]y#e_h i0yqpsw0ikjvjs€ {]oqpsbDrHy#f i3b]oqpsyqpse_b6~,psn2f i0f#w ~Fpsn2o2…