Syntax-driven partitioning for model-checking of Esterel

programs

Eric Vecchié - INRIA Tick

Introduction

• Esterel– Synchronous reactive structural programming

(structure = sequence, parallel, if-then-else...)

– circuit translation (gates+registers)

• Objective– Efficient Reachable State Space computation

• Contribution– Rely on program structural syntax to reduce the

size of intermediate computations

The Wristwatch example

ALARM_SET

TIME_SET

STOPWATCH

DISPLAY

abort Pwhen S;present T then Q1else Q2end;R

RSS : Breadth-First Search

P

Q2

R

Q1

P

Partitioning - overview

Q1

Q2

R

S

Partitioning - detail

Sequence / if-then-else

P1

P2

P3

P1 P2

Q

SS

S

Parallel and signals||

P1 Q1

R1

P2

Q2

Q3 R2

S1

S2

How to partition ?

• Frontiers synthesized from signal receptions

present statements

abort statements

Only enlarging (removing frontiers) but applying

to pending states past "last" frontier

• Generated from control flow graph

• Partition register structure according to program blocks

Symbolic methods

• Boolean functions

• Sets (in a finite universe)

• Partitioned Transition Relations

(according to individual target registers)

Binary Decision Diagrams (BDDs) allow to represent :

Cofactoring

Given a domain D, reduce the BDD of a function f :f↑D(x) = f(x) if x belongs to D

Reduces individual transition functions relative to source domain

pause

pause

loop end||

abort

when S

present T then

else

end

;

Control Flow Graph construction

|| pausepausepause pause;

Problem on loops

PQ

Conclusion

Program verification following program syntax

• Sequences, if-then-else

• Signals in parallels

Less memory required

• Smaller intermediate BDDs

• Lighter transition relation

• Lighter image computation