Henrik Hulgaard

Boolean expression diagrams

This paper presents a new data structure called Boolean Expression Diagrams (BEDs) for representing and manipulating Boolean functions. BEDs are a generalization of Binary Decision Diagrams (BDDs) which can represent any Boolean circuit in linear space and still maintain many of the desirable properties of BDDs. Two algorithms are described for transforming a BED into a reduced ordered BDD. One closely mimics the BDD apply-operator while the other can exploit the structural information of the Boolean expression. The efficacy of the BED representation is demonstrated by verifying that the redundant and non-redundant versions of the ISCAS 85 benchmark circuits are identical. In particular, it is verified that the two 16-bit multiplication circuits (c6288 and c6288nr) implement the same Boolean functions. Using BEDs, this verification problem is solved in less than a second, while using standard BDD techniques this problem is infeasible. BEDs are useful in applications where the end-result as a reduced ordered BDD is small, for example for tautology checking.

Equivalence checking of combinational circuits using Boolean expression diagrams

The combinational logic-level equivalence problem is to determine whether two given combinational circuits implement the same Boolean function. This problem arises in a number of computer-aided design (CAD) applications, for example when checking the correctness of incremental design changes (performed either manually or by a design automation tool). This paper introduces a data structure called Boolean expression diagrams (BEDs) and two algorithms for transforming a BED into a reduced ordered binary decision diagram (OBDD). BEDs are capable of representing any Boolean circuit in linear space and can exploit structural similarities between the two circuits that are compared. These properties make BEDs suitable for verifying the equivalence of combinational circuits. BEDs can be seen as an intermediate representation between circuits (which are compact) and OBDDs (which are canonical). Based on a large number of combinational circuits, we demonstrate that BEDs either outperform or achieve results comparable to both standard OBDD approaches and the techniques specifically developed to exploit structural similarities for efficiently solving the equivalence problem. Due to the simplicity and generality of BEDs, it is to be expected that combining them with other approaches to equivalence checking will be both straightforward and beneficial.

Verification of Large State/Event Systems Using Compositionality and Dependency Analysis

A state/event model is a concurrent version of Mealy machines used for describing embedded reactive systems. This paper introduces a technique that uses compositionality and dependency analysis to significantly improve the efficiency of symbolic model checking of state/event models. This technique makes possible automated verification of large industrial designs with the use of only modest resources (less than one hour on a standard PC for a model with 1421 concurrent machines). The results of the paper are being implemented in the next version of the commercial tool visualSTATEℳ.

Verification of Hierarchical State/Event Systems Using Reusability and Compositionality

We investigate techniques for verifying hierarchical systems, i.e., finite state systems with a nesting capability. The straightforward way of analysing a hierarchical system is to first flatten it into an equivalent non-hierarchical system and then apply existing finite state system verification techniques. Though conceptually simple, flattening is severely punished by the hierarchical depth of a system. To alleviate this problem, we develop a technique that exploits the hierarchical structure to reuse earlier reachability checks of superstates to conclude reachability of substates. We combine the reusability technique with the successful compositional technique of [13] and investigate the combination experimentally on industrial systems and hierarchical systems generated according to our expectations to real systems. The experimental results are very encouraging: whereas a flattening approach degrades in performance with an increase in the hierarchical depth (even when applying the technique of [13]), the new approach proves not only insensitive to the hierarchical depth, but even leads to improved performance as the depth increases.

Practical verification of embedded software

Using a new verification algorithm called the compositional backward technique, the authors demonstrate that they can exhaustively verify even the largest industrial applications-comprising more than 1,000 components-in a few minutes on a standard PC.

Verification of Hierarchical State/Event Systems using Reusability and Compositionality

We investigate techniques for verifying hierarchical systems, i.e., finite state systems with a nesting capability. The straightforward way of analysing a hierarchical system is to first flatten it into an equivalent non-hierarchical system and then apply existing finite state system verification techniques. Though conceptually simple, flattening is severely punished by the hierarchical depth of a system. To alleviate this problem, we develop a technique that exploits the hierarchical structure to reuse earlier reachability checks of superstates to conclude reachability of substates. We combine the reusability technique with the successful compositional technique of J. Lind-Nielsen, H.R. Andersen, G. Behrmann, H. Hulgaard, K. Kristoffersen, and K.G. Larsen, 1998. In: Tools and Algorithms for the Construction and Analysis of Systems, Vol. 1384 of Lecture Notes in Computer Science, pp. 201–216, and investigate the combination experimentally on industrial systems and hierarchical systems generated according to our expectations to real systems. The experimental results are very encouraging: whereas a flattening approach degrades in performance with an increase in the hierarchical depth (even when applying the technique of J. Lind-Nielsen et al. (1998)), the new approach proves not only insensitive to the hierarchical depth, but even leads to improved performance as the depth increases.

Bounded Delay Timing Analysis of a Class of CSP Programs

We describe an algebraic technique for performing timing analysis of a class of asynchronous circuits described as CSP programs (including Martins probe operator) with the restrictions that there is no OR-causality and that guard selection is either completely free or mutually exclusive. Such a description is transformed into a safe Petri net with interval time delays specified on the places of the net. The timing analysis we perform determines the extreme separation in time between two communication actions of the CSP program for all possible timed executions of the system. We formally define this problem, propose an algorithm for its solution, and demonstrate polynomial running time on a non-trivial parameterized example. Petri nets with 3000 nodes and 1016 reachable states have been analyzed using these techniques.

Symbolic model checking of timed guarded commands using difference decision diagrams

Abstract We describe a novel methodology for analyzing timed systems symbolically. Given a formula representing a set of states, we describe how to determine a new formula that represents the set of states reachable by taking a discrete transition or by advancing time. The symbolic representations are given as formulae expressed in a simple first-order logic over difference constraints of the form x − y ⩽ d which can be combined with Boolean operators and existentially quantified. We also show how to symbolically determine the set of states that can reach a given set of states (i.e., a backward step), thus making it possible to verify timed ctl -formulae symbolically. The main contribution is a way of advancing time symbolically essentially by quantifying out a special variable z which is used to represent the current zero point in time. We also describe a data structure called ddd s for representing difference constraint formulae, and we demonstrate the efficiency of the symbolic technique by analyzing two scheduling protocols using a ddd -based model checker.

Symbolic timing analysis of asynchronous systems

We extend the time separations of events (TSE) timing analysis algorithm into the symbolic domain, that is, we allow symbolic variables to be used to specify unknown parameters of the model (essentially, unknown delays) and verification algorithms which are capable of identifying not just failure or success, but also the constraints on these symbolic variables which will ensure successful verification. The two contributions are (1) an iterative algorithm which continuously narrows down the domain of interest and (2) a practical method for reducing the representation of symbolic expressions containing minimizations and maximizations defined for a given domain. The algorithm applies to asynchronous circuits without conditional behavior. Although this may seem a severe restriction, this is a large and useful subclass which includes, e,g,, pipeline structures. We report experimental results for several asynchronous circuits to demonstrate that symbolic analysis is feasible and that the output provided is what a designer (or perhaps a synthesis tool) would often want to know.

Symbolic time separation of events

We extend the TSE timing analysis algorithm into the symbolic domain; that is, we allow symbolic variables to be used to specify unknown parameters of the model (essentially, unknown delays) and verification algorithms which are capable of identifying not just failure or success, but also the constraints on these symbolic variables which will ensure successful verification. The two main contributions are (1) an iterative algorithm which continuously narrows down the domain of interest and (2) a practical method for reducing the representation of symbolic expressions containing minimizations and maximizations defined for a given domain. We report experimental results for several asynchronous circuits to demonstrate that symbolic analysis is feasible and that the output provided is what a designer (or perhaps a synthesis tool) would often want to know.