Post on 22-Jan-2016
description
transcript
Syntax-driven partitioning for model-checking of Esterel
programs
Eric Vecchié - INRIA Tick
Introduction
• Esterel– Synchronous reactive structural programming
(structure = sequence, parallel, if-then-else...)
– circuit translation (gates+registers)
• Objective– Efficient Reachable State Space computation
• Contribution– Rely on program structural syntax to reduce the
size of intermediate computations
The Wristwatch example
ALARM_SET
TIME_SET
STOPWATCH
DISPLAY
abort Pwhen S;present T then Q1else Q2end;R
RSS : Breadth-First Search
P
Q2
R
Q1
P
Partitioning - overview
Q1
Q2
R
S
Partitioning - detail
Sequence / if-then-else
P1
P2
P3
P1 P2
Q
SS
S
Parallel and signals||
P1 Q1
R1
P2
Q2
Q3 R2
S1
S2
How to partition ?
• Frontiers synthesized from signal receptions
present statements
abort statements
Only enlarging (removing frontiers) but applying
to pending states past "last" frontier
• Generated from control flow graph
• Partition register structure according to program blocks
Symbolic methods
• Boolean functions
• Sets (in a finite universe)
• Partitioned Transition Relations
(according to individual target registers)
Binary Decision Diagrams (BDDs) allow to represent :
Cofactoring
Given a domain D, reduce the BDD of a function f :f↑D(x) = f(x) if x belongs to D
Reduces individual transition functions relative to source domain
pause
pause
loop end||
abort
when S
present T then
else
end
;
Control Flow Graph construction
|| pausepausepause pause;
Problem on loops
PQ
Conclusion
Program verification following program syntax
• Sequences, if-then-else
• Signals in parallels
Less memory required
• Smaller intermediate BDDs
• Lighter transition relation
• Lighter image computation