An n log n Algorithm for Online BDD Refinement

Binary Decision Diagrams are in widespread use in verification systemsfor the canonical representation of Boolean functions. A BDD representinga function phi : B^nu -> N can easily be reduced to its canonical form inlinear time.In this paper, we consider a natural online BDD refinement problemand show that it can be solved in O(n log n) if n bounds the size of theBDD and the total size of update operations.We argue that BDDs in an algebraic framework should be understoodas minimal fixed points superimposed on maximal fixed points. We proposea technique of controlled growth of equivalence classes to make theminimal fixed point calculations be carried out efficiently. Our algorithmis based on a new understanding of the interplay between the splittingand growing of classes of nodes.We apply our algorithm to show that automata with exponentiallylarge, but implicitly represented alphabets, can be minimized in timeO(n log n), where n is the total number of BDD nodes representing theautomaton

BDD Algortihms and Cache Misses

Within the last few years, CPU speed has greatly overtaken memory speed. For this reason, implementation of symbolic algorithms - with their extensive use of pointers and hashing - must be reexamined. In this paper, we introduce the concept of cache miss complexityas an analytical tool for evaluating algorithms depending on pointer chasing. Such algorithms are typical of symbolic computation found in verification. We show how this measure suggests new data structures and algorithmsfor multi-terminal BDDs. Our ideas have been implemented ina BDD package, which is used in a decision procedure for the Monadic Second-order Logic on strings.Experimental results show that on large examples involving e.g the verification of concurrent programs, our implementation runs 4 to 5 times faster than a widely used BDD implementation.We believe that the method of cache miss complexity is of general interest to any implementor of symbolic algorithms used in verification

Automated Logical Verification based on Trace Abstractions

We propose a new and practical framework for integrating the behavioralreasoning about distributed systems with model-checking methods.Our proof methods are based on trace abstractions, which relate thebehaviors of the program and the specification. We show that for finite-statesystems such symbolic abstractions can be specified conveniently inMonadic Second-Order Logic (M2L). Model-checking is then made possibleby the reduction of non-determinism implied by the trace abstraction.Our method has been applied to a recent verification problem by Broyand Lamport. We have transcribed their behavioral description of a distributedprogram into temporal logic and verified it against another distributedsystem without constructing the global program state space. Thereasoning is expressed entirely within M2L and is carried out by a decisionprocedure. Thus M2L is a practical vehicle for handling complex temporallogic specifications, where formulas decided by a push of a button are aslong as 10-15 pages

A Case Study in Automated Verification Based on Trace Abstractions

In [14], we proposed a framework for the automatic verification of reactivesystems. Our main tool is a decision procedure, Mona, for MonadicSecond-order Logic (M2L) on finite strings. Mona translates a formula inM2L into a finite-state automaton. We show in [14] how traces, i.e. finiteexecutions, and their abstractions can be described behaviorally. Thesestate-less descriptions can be formulated in terms of customized temporallogic operators or idioms.In the present paper, we give a self-contained, introductory account ofour method applied to the RPC-memory specification problem of the 1994Dagstuhl Seminar on Specification and Refinement of Reactive Systems.The purely behavioral descriptions that we formulate from the informalspecifications are formulas that may span 10 pages or more.Such descriptions are a couple of magnitudes larger than usual temporallogic formulas found in the literature on verification. To securelywrite these formulas, we introduce Fido [16] as a reactive system descriptionlanguage. Fido is designed as a high-level symbolic language forexpressing regular properties about recursive data structures.All of our descriptions have been verified automatically by Mona fromM2L formulas generated by Fido.Our work shows that complex behaviors of reactive systems can beformulated and reasoned about without explicit state-based programming.With Fido, we can state temporal properties succinctly while enjoyingautomated analysis and verification

The DSD Schema Language and its Applications

XML (eXtensible Markup Language), a linear syntax for trees, has gathered a remarkable amount of interest in industry. The acceptance of XML opens new venues for the application of formal methods such as specification of abstract syntax tree sets and tree transformations. A user domain may be specified as a set of trees. For example, XHTML is a user domain corresponding to the set of XML documents that make sense asHTML. A notation for defining such a set of XML trees is called a schema language. We believe that a useful schema notation must identify most of the syntacticrequirements that the documents in the user domain follow; allow efficient parsing; be readable to the user; allow a declarative default notation `a la CSS; and bemodular and extensible to support evolving classes of XML documents. In the present paper, we give a tutorial introduction to the DSD (Document Structure Description) notation as our bid on how to meet these requirements. TheDSD notation was inspired by industrial needs, and we show how DSDs help manage aspects of complex XML software through a case study about interactive voiceresponse systems (automated telephone answering systems, where input is through the telephone keypad or speech recognition). The expressiveness of DSDs goes beyond the DTD schema concept that is alreadypart of XML. We advocate the use of nonterminals in a top-down manner, coupled with boolean logic and regular expressions to describe how constraints on tree nodes depend on their context. We also support a general, declarative mechanism for inserting default elements and attributes that is reminiscent of CascadingStyle Sheets (CSS), a way of manipulating formatting instructions in HTML that is built into all modern browsers. Finally, we include a simple technique for evolving DSDs through selective redefinitions. DSDs are in many ways much more expressive than XML Schema (the schema language proposed by the W3C), but their syntactic and semantic definition in English is only 1/8th the size. Also, the DSD notation is self-describable: the syntax of legal DSD documents and all static semantic requirements can be captured in a DSD document, called the meta-DSD

Monadic Second-order Logic for Parameterized Verification

Much work in automatic verification considers families of similar finite-state systems. But an often overlooked property is that sometimes a single finite-state system can be used to describe a parameterized, infinite family of systems. Thus verification of unbounded state spaces can take place by reduction to finite ones. The purpose of this article is to introduce Monadic Second-order Logic as a practical means of carrying out such reductions. The logic is a highly succinct alternative to the use of regular expressions. We have built a tool that acts as a decision procedure and translator to DFAs. The potential applications are numerous. We discuss text processing, Boolean circuits, and distributed systems. Our main example is an automatic proof of properties for the ``Dining Philosophers with Encyclopedia'' example by Kurshan and MacMillan. We establish these properties for the parameterized case without the use of induction