Syntaxdriven partitioning for modelchecking of Esterel programs

1
Syntax-driven partitioning for model-checking of
Esterel programs

• Eric Vecchié - INRIA Aoste

2
Motivation

• Build the Reachable State Space
• following the syntax
• abort P when S
• Q
• Reachable State Space allows
• Model-checking
• Code optimization
• Test sequence generation

3
Reachable State Space

• Breadth First Search algorithm

R ? INIT new ? R while ( new ? ø ) do new ?
Image(new) \ R R ? R U new end while

• Symbolic methods (BDDs)

4
What is done
5
Size of Computations
BDD size
non-saturated states set
states reached

• Solution Rely on program structural syntax

6
What we do
7
Example Wristwatch
watch
stopwatch
display
time_set
alarm_set
8
Example Wristwatch
9
Example Wristwatch
10
How to partition ?

• According to program blocks
• Separated by frontiers
• Synthesized from signal receptions
• Build a control flow graph
• Encoding frontiers
• Guiding the RSS computation

11
Preemption / if-then-else
S
P
S
P1
P2
Q
Q
12
Partitioning Example
P
abort P when S present T then Q1 else
Q2 end R
Q2
Q1
R
13
Parallel Constructs

• Avoid cartesian product
• P1, P2 ? Q1, Q2
• Use signal information

P1
Q1
P2
Q2
14
Parallel and signals

P1
Q1
R1
S1
P2
Q2
S2
Q3
R2
15
Parallel and signals

• Only increasing
• ? Avoid the cross product
• Can be not satisfying on loops
• but on rare cases

16
Loops
P
Q
17
Control Flow Graph construction
abort
pause
loop
end
present T then

pause
pause
pause
pause



when S
else
pause
end
18
Symbolic methods
Binary Decision Diagrams (BDDs) allow to
represent

• Boolean functions
• Sets (in a finite universe)
• Partitioned Transition Relations

19
Cofactoring

• Cofactoring is used 2 ways
• Reduce the domain according to our frontiers
• Transition function applied on new states

Given a domain D, reduce the BDD of a function f
f?D(x) f(x) if x belongs to D
20
Experiments

• A medium-sized design sequencer
• A big design cabin

21
BDD sizes in sequencer
22
A big design cabin
23
Conclusion

• Program verification following program syntax
• Preemptions, if-then-else
• Signals in parallels
• Smaller intermediate BDDs
• Lighter transition functions
• Lighter image computations
• ? Less memory required

24
The End
25
Motivation

• Model-checking
• Code optimization
• Test sequence generation

Reachable State Space (RSS)
26

• Breadth First Search algorithm

R ? INIT new ? R while ( new ? ø ) do new ?
Image(new) \ R R ? R U new end while

• Symbolic methods (BDDs)

Reachable State Space (RSS)
27
Introduction

• Esterel
• Synchronous reactive structural programming
• sequence, if-then-else
• Parallelism, preemption
• Circuit translation (model-checking level)

28
(No Transcript)
29
(No Transcript)
30
Partitioning - detail