Syntax-driven partitioning for
model-checking of Esterel
programs
Eric Vecchié - INRIA Tick
Introduction
• Esterel
– Synchronous reactive structural programming
(structure = sequence, parallel, if-then-else...)
– circuit translation (gates+registers)
• Objective
– Efficient Reachable State Space computation
• Contribution
– Rely on program structural syntax to reduce the
size of intermediate computations
The Wristwatch example
TIME_SET
DISPLAY
ALARM_SET
STOPWATCH
RSS : Breadth-First Search
P
abort
P
when S;
present T then
Q1
else
Q2
end;
R
Q2
Q1
R
Partitioning - overview
Q1
P
S
R
Q2
Partitioning - detail
Sequence / if-then-else
S
P1
S
P1
P2
P2
S
P3
Q
Parallel and signals
||
P1
S1
Q1
R1
Q2
S2
P2
Q3
R2
How to partition ?
• Partition register structure according to
program blocks
• Frontiers synthesized from signal receptions
present statements
abort statements
Only enlarging (removing frontiers) but applying
to pending states past "last" frontier
• Generated from control flow graph
Symbolic methods
Binary Decision Diagrams (BDDs) allow
to represent :
• Boolean functions
• Sets (in a finite universe)
• Partitioned Transition Relations
(according to individual target registers)
Cofactoring
Given a domain D, reduce the BDD of a function f :
f↑D(x) = f(x)
if x belongs to D
Reduces individual transition functions relative to source domain
Control Flow Graph
construction
abort
loop pause end
|| pause ; pause
when S
;
present T then
pause || pause
else
pause
end
Problem on loops
P
Q
Conclusion
Program verification following program syntax
• Sequences, if-then-else
• Signals in parallels
Less memory required
• Smaller intermediate BDDs
• Lighter transition relation
• Lighter image computation