Fig 3 - uploaded by Alfons Laarman
Content may be subject to copyright.
An abstract variable tree (top) with four 4-bit integers can be folded out in two ways: To a vtree with right-linear integer encoding (left) or with augmented integer encoding (right).
Source publication
We demonstrate the viability of symbolic model checking using Sentential Decision Diagrams (SDD), in lieu of the more common Binary Decision Diagram (BDD). The SDD data structure can be up to exponentially more succinct than BDDs, using a generalized notion of variable order called a variable tree (“vtree”). We also contribute to the practice of SD...
Contexts in source publication
Context 1
... the leaves corresponding to variables that represent more than one bit, i.e., whose domain is larger than {0, 1}. Folding out a leaf means replacing it by a larger vtree on several variables. For example, a leaf representing a 32-bit integer variable will be folded out into a vtree on 64 variables (namely 32 state variables and 32 primed copies). Fig. 3 illustrates this process. In this example, a system with four 4-bit integer variables, p, x, y, z, may lead, during phase 1, to the abstract variable tree in the top of the picture. In phase 2, the leaves may be folded out into, in this case, vtrees on 8 bits, producing either the bottom left or right ...
Context 2
... consider two options for folding out an abstract variable. First, such a variable may be folded out into a right-linear vtree, i.e., to a BDD. Fig. 3 (left) shows this approach. Second, we introduce the "augmented right-linear vtree", which is a right-linear vtree except that each pair of corresponding state and prime bit is put under a shared least common ancestor. The idea is that a state and primed bit are more closely correlated to one another than to other bits. Fig. 3 (right) ...
Context 3
... i.e., to a BDD. Fig. 3 (left) shows this approach. Second, we introduce the "augmented right-linear vtree", which is a right-linear vtree except that each pair of corresponding state and prime bit is put under a shared least common ancestor. The idea is that a state and primed bit are more closely correlated to one another than to other bits. Fig. 3 (right) shows this ...
Citations
Saturation is considered the state-of-the-art method for computing fixpoints with decision diagrams. We present a relatively simple decision diagram operation called Reach that also computes fixpoints. In contrast to saturation, it does not require a partitioning of the transition relation. We give sequential algorithms implementing the new operation for both binary and multi-valued decision diagrams, and moreover provide parallel counterparts. We implement these algorithms and experimentally compare their performance against saturation on 692 model checking benchmarks in different languages. The results show that the Reach operation often outperforms saturation, especially on transition relations with low locality. In a comparison between parallelized versions of Reach and saturation we find that Reach obtains comparable speedups up to 16 cores, although falls behind saturation at 64 cores. Finally, in a comparison with the state-of-the-art model checking tool ITS-tools we find that Reach outperforms ITS-tools on 29% of models, suggesting that Reach can be useful as a complementary method in an ensemble tool.
The relative succinctness and ease of manipulation of different languages to express Boolean constraints is studied in knowledge compilation, and impacts areas including formal verification and circuit design. We give the first analysis of Disjoint Support Decomposition Binary Decision Diagrams (DSDBDD), introduced by Bertacco, which achieves a more succinct representation than Binary DDs by exploiting Ashenhurst Decompositions. Our main result is that DSDBDDs can be exponentially smaller than BDDs.
ACAS Xu is an air-to-air collision avoidance system designed for unmanned aircraft that issues horizontal turn advisories to avoid an intruder aircraft. Due the use of a large lookup table in the design, a neural network compression of the policy was proposed. Analysis of this system has spurred a significant body of research in the formal methods community on neural network verification. While many powerful methods have been developed, most work focuses on open-loop properties of the networks, rather than the main point of the system—collision avoidance—which requires closed-loop analysis.In this work, we develop a technique to verify a closed-loop approximation of the system using state quantization and backreachability. We use favorable assumptions for the analysis—perfect sensor information, instant following of advisories, ideal aircraft maneuvers and an intruder that only flies straight. When the method fails to prove the system is safe, we refine the quantization parameters until generating counterexamples where the original (non-quantized) system also has collisions.KeywordsNeural network verificationACAS XuReachability
