Symbolic Exploration of Transition Hierarchies y

In formal design veri cation, successful model checking is typically preceded by a laborious manual process of constructing design abstractions. We present a methodology for partially| and in some cases, fully|bypassing the abstraction process. For this purpose, we provide to the designer abstraction operators which, if used judiciously in the description of a design, structure the corresponding state space hierarchically. This structure can then be exploited by veri cation tools, and makes possible the automatic and exhaustive exploration of state spaces that would otherwise be out of scope for existing model checkers. Speci cally, we present the following contributions: A temporal abstraction operator that aggregates transitions and hides intermediate steps. Mathematically, our abstraction operator is a function that maps a at transition system into a two-level hierarchy where each atomic upper-level transition expands into an entire lower-level transition system. For example, an arithmetic operation may expand into a sequence of bit operations. A BDD-based algorithm for the symbolic exploration of multi-level hierarchies of transition systems. The algorithm traverses a level-n transition by expanding the corresponding level(n 1) transition system on-they. The level-n successors of a state are determined by computing a level-(n 1) reach set, which is then immediately released from memory. In this fashion, we can exhaustively explore hierarchically structured state spaces whose at counterparts cause memory over ows. We experimentally demonstrate the e ciency of our method with three examples|amultiplier, a cache coherence protocol, and a multiprocessor system. In the rst two examples, we obtain signi cant improvements in run times and peak BDD sizes over traditional state-space search. The third example cannot be model checked at all using conventional methods (without manual abstractions), but can be analyzed fully automatically using transition hierarchies. A preliminary version of this paper appeared in the Proceedings of the Fourth Workshop on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 98), Lecture Notes in Computer Science 1384, Springer-Verlag, 1998, pp. 330{344. This research was supported in part by the O ce of Naval Research Young Investigator award N00014-95-1-0520, by the National Science Foundation CAREER award CCR-9501708, by the National Science Foundation grant CCR9504469, by the Air Force O ce of Scienti c Research contract F49620-93-1-0056, by the Army Research O ce MURI grant DAAH-04-96-1-0341, by the Advanced Research Projects Agency grant NAG2-892, and by the Semiconductor Research Corporation contract 95-DC-324.036. University of Pennsylvania and Bell Labs, [email protected] University of California at Berkeley, [email protected] University of California at Berkeley, [email protected]