Skip to main content
SpringerLink
Log in

Data structures for symbolic multi-valued model-checking

  • Published:
Formal Methods in System Design Aims and scope Submit manuscript

Abstract

Multi-valued logics provide an interesting alternative to classical boolean logic for modeling and reasoning about systems. Such logics can be used for reasoning about partially-specified systems, effectively encode vacuity detection and query-checking problems, help in detecting inconsistencies, and many others.

In our earlier work, we identified a useful family of multi-valued logics: those specified over finite distributive lattices where negation preserves involution, i.e., \({{\neg}}{{\neg}} a = a\) for every element a of the logic. Such structures are called quasi-boolean algebras, and model-checking over these not only extends the domain of applicability of automated reasoning to new problems, but can also speed up solutions to some classical verification problems.

Symbolic model-checking over quasi-boolean algebras can be cast in terms of operations over multi-valued sets: sets whose membership functions are multi-valued. In this paper, we propose and empirically evaluate several choices for implementing multi-valued sets with decision diagrams. In particular, we describe two major approaches: (1) representing the multi-valued membership function canonically, using MDDs or ADDs; (2) representing multi-valued sets as a collection of classical sets, using a vector of either MBTDDs or BDDs. The naive implementation of (2) includes having a classical set for each value of the algebra. We exploit a result of lattice theory to reduce the number of such sets that need to be represented.

The major contribution of this paper is the evaluation of the different implementations of multi-valued sets, done via a series of experiments and using several case studies.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23
Fig. 24

Similar content being viewed by others

Notes

  1. The subscript on mv-set operations \(\cup_{\scriptscriptstyle L}, \cap_{\scriptscriptstyle L}\), and so forth, refers to a given algebra, \(L = (\mathcal{L}, {\sqcap}, \sqcup, {\neg})\).

  2. An FTO is a lattice \((\mathcal{L}, \sqsubseteq)\), where ⊑ is a total order. Algebra 5, given in Fig. 18(b), is an FTO.

References

  1. Akers S (1978) Binary decision diagrams. IEEE Trans Comput C-27:509–516

    Google Scholar 

  2. Babu HH, Sasao T (1999) Representations of multiple-output functions using binary decision diagrams for characteristic functions. IEICE Trans Fundam E82-A(11):2398–2406

  3. Bahar RI, Frohm EA, Gaona CM, Hachtel GD, Macii E, Pardo A, Somenzi F (1993) Algebraic decision diagrams and their applications. In: IEEE/ACM International Conference on Computer-Aided Disign (ICCAD’93). IEEE Computer Society Press, Santa Clara, California, pp 188–191

  4. Baier, C, Clarke EM (1998) The algebraic Mu-Calculus and MTBDDs. In: Proceedings of the 5th Workshop on Logic, Language, Information and Computation (WoLLIC’98), pp 27–38

  5. Ball T, Podelski A, Rajamani S (2001) Boolean and Cartesian abstraction for model checking C programs. In: Proceedings of 7th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’01), vol 2031 of LNCS, pp 268–283

  6. Ball T, Rajamani S (2001) The SLAM toolkit. In: Proceedings of 13th International Conference on Computer-Aided Verification (CAV’01). vol 2102 of LNCS, pp 260–264

  7. Beer I, Ben-David S, Eisner C, Rodeh Y (2001) Efficient detection of vacuity in temporal model checking. Form Meth Sys Des 18(2):141–163

    Google Scholar 

  8. Belnap ND (1977) A useful four-valued logic. In: Dunn, Epstein (eds) Modern uses of multiple-valued logic. Reidel, pp 30–56

  9. Berney GC, dos Santos SM (1985) Elevator analysis, design and control. IEE control engineering, Series 2. Peter Peregrinus Ltd

  10. Birkhoff G (1967) Lattice theory, 3rd edn. Americal Mathematical Society, Providence, RI

  11. Bolc L, Borowik P (1992) Many-valued logics. Springer-Verlag

  12. Bruns G, Godefroid P (2000) Generalized model checking: reasoning about partial state spaces. In: Proceedings of 11th International Conference on Concurrency Theory (CONCUR’00), vol 1877 of LNCS. Springer, pp 168–182

  13. Bruns G, Godefroid P (2001) Temporal logic query-checking. In: Proceedings of 16th Annual IEEE Symposium on Logic in Computer Science (LICS’01). IEEE Computer Society, Boston, MA, USA, pp 409–417

  14. Bryant RE (1986) Graph-based algorithms for boolean function manipulation. Trans Comput 8(C-35):677–691

    Google Scholar 

  15. Bryant RE (1992) Symbolic boolean manipulation with ordered binary-decision diagrams. Comput Surv 24(3):293–318

    Google Scholar 

  16. Bultan T, Gerber R, League C (2000) Composite model checking: Verification with type-specific symbolic representations. ACM Trans Softw Engng Method 9(1):3–50

    Google Scholar 

  17. Burch JR, Clarke EM, McMillan KL, Dill DL, Hwang LJ (1992) Symbolic model checking for sequential circuit verification. IEEE Trans Comput-Aided Design Integr Circ 13(4):401–424

    Google Scholar 

  18. Chan W (2000) Temporal-logic queries. In: Proceedings of the 12th Conference on Computer Aided Verification (CAV’00), vol 1855 of LNCS. Springer, Chicago, IL, USA, pp 450–463

  19. Chechik M, Devereux B, Easterbrook S (2001) Implementing a multi-valued symbolic model-checker. In: Proceedings of TACAS’01, vol 2031 of LNCS. Springer, pp 404–419

  20. Chechik M, Devereux B, Easterbrook S, Gurfinkel A (2003) Multi-valued symbolic model-checking. ACM Trans Softw Engng Method 12(4):1–38

    Google Scholar 

  21. Chechik M, Devereux B, Easterbrook S, Lai A, Petrovykh V (2001) Efficient multiple-valued model-checking using lattice representations. In: Proceedings of 12th International Conference on Concurrency Theory (CONCUR’01), vol 2154 of LNCS. Aalborg, Denmark, pp 451–465

  22. Chechik M, Devereux B, Gurfinkel A (2002) \({\mathcal X}\)Chek: a multi-valued model-checker. In: Proceedings of 14th International Conference on Computer-Aided Verification (CAV’02), vol 2404 of LNCS. Springer, Copenhagen, Denmark, pp 505–509

  23. Chechik M, Easterbrook S, Petrovykh V (2001) Model-checking over multi-valued logics. In: Proceedings of Formal Methods Europe (FME’01)}, vol 2021 of LNCS. Springer, pp 72–98

  24. Cimatti A, Clarke EM, Giunchiglia F, Roveri M (1999) NuSMV: a new symbolic model verifier. In: Halbwachs N, Peled D (eds) Proceedings of 11th Conference on Computer-Aided Verification (CAV’99), vol 1633 of LNCS. Springer, Trento, Italy, pp 495–499

  25. Clarke E, Grumberg O, Peled D (1999) Model checking. MIT Press

  26. Clarke E, Jha S, Lu Y, Wang D (1999) Abstract BDDs: a technique for using abstraction in model checking. In: Proceedings of 10th IFIP WG 10.5 Advanced Research Working Conference on Correct Hardware Design and Verification Methods (CHARME’99), vol 1703 of LNCS. Springer, Germany, pp 172–186

  27. Clarke EM, Emerson EA, Sistla AP (1986) Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Trans Program Lang Syst 8(2):244–263

    Google Scholar 

  28. Corella F, Zhou Z, Song X, Langevin M, Cerny E (1997) Multiway decision graps for automated hardware verification. Form Methods Syst Design 10(1):7–46

    Google Scholar 

  29. Davey BA, Priestley HA (1990) Introduction to lattices and order. Cambridge University Press

  30. Drechsler R, Becker B (1998) Binary decision diagrams: theory and implementation. Kluwer Academic

  31. Dunn JM (1999) A comparative study of various model-theoretic treatments of negation: a history of formal negation. In: Dov G, Heinrich W (eds) What is negation. Kluwer Academic Publishers

  32. Easterbrook S, Chechik M (2001) A framework for multi-valued reasoning over inconsistent viewpoints. In: Proceedings of International Conference on Software Engineering (ICSE’01). IEEE Computer Society Press, Toronto, Canada, pp 411–420

  33. Fujita M, McGeer PC, Yang JC-Y (1997) Multi-terminal binary decision diagrams: an efficient data structure for matrix representation. Form Methods Syst Design: An Intern J 10(2/3):149–169

    Google Scholar 

  34. Godefroid P, Jagadeesan R (2002) Automatic abstraction using generalized model-checking. In: Proceedings of 14th International Conference on Computer-Aided Verification (CAV’02), vol 2404 of LNCS, pp 137–150

  35. Gurfinkel A, Chechik M (2003) Generating counterexamples for multi-valued model-checking. In: Proceedings of Formal Methods Europe (FME’03), vol 2805 of LNCS. Springer, Pisa, Italy, pp 503–521

  36. Gurfinkel A, Chechik M (2003) Multi-valued model-checking via classical model-checking. In: Proceedings of 14th International Conference on Concurrency Theory (CONCUR’03), vol 2761 of LNCS. Springer, pp 263–277

  37. Gurfinkel A, Chechik M (2004) How vacuous is vacuous?. In: Proceedings of 10th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’04), vol 2988 of LNCS. Springer, Barcelona, Spain, pp 451–466

  38. Gurfinkel A, Chechik M, Devereux B (2003) Temporal logic query checking: a tool for model exploration. IEEE Trans Soft Engng 29(10):898–914

    Google Scholar 

  39. Gurfinkel A, Wei O, Chechik M (2006) Systematic construction of abstractions for model-checking. In: Proceedings of 7th International Conference on Verification, Model-Checking, and Abstract Interpretation (VMCAI’06), vol 3855 of LNCS. Springer, Charleston, SC, pp 381–397

  40. Hazelhurst S, Seger CH (1999) Model checking lattices: using and reasoning about information orders for abstraction. Logic J IGPL 7(3):375–411

    Google Scholar 

  41. Huth M, Ryan M (2000) Logic in computer science: modeling and reasoning about systems. Cambridge University Press

  42. Kleene SC (1952) Introduction to metamathematics. Van Nostrand, New York

  43. Kropf T (1999) An introduction to formal verification. Springer-Verlag

  44. Kupferman O, Vardi M (2003) Vacuity detection in temporal model checking. Intern J Soft Tools Techn Trans (STTT) 4(2):224–233

    Google Scholar 

  45. Kwiatkowska MZ, Norman G, Parker DA, Segala R (2000) Symbolic model checking of probabilistic processes using MTBDDs and the Kronecker representation. In: Proceedings of TACAS 2000, vol 1587 of LNCS. Springer-Verlag

  46. McMillan KL (1993) Symbolic model checking. Kluwer Academic

  47. Minato S (1997) Arithmetic boolean expression manipulator using BDDs. Form Meth Sys Des 10:221–242

    Google Scholar 

  48. Pazos-Arias JJ, Duque JG (2001) SCTL-MUS: a formal methodology for software development of distributed systems. A case study. Form Asp Comput 13:50–91

    Google Scholar 

  49. Plath MC, Ryan MD (1999) A semantics of a feature construct for SMV: a case study in non-monotonic composition. Technical Report, School of Computer Science, University of Birmingham. Available as \({\tt ftp://ftp.cs.bham.ac.uk/pub/tech-reports/1999/CSR-99-10.ps.gz}\)

  50. Plath MC, Ryan MD (1999) SFI: a feature integration tool. In: Berghammer R, Lakhnech Y (eds) Tool support for system specification, development and verification. Advances in Computer Science. Springer, pp 201–216

  51. Rasiowa H (1978) An algebraic approach to non-classical logics. Studies in logic and the foundations of mathematics. Amsterdam, North-Holland

  52. Reps TW, Sagiv M, Wilhelm R (2004) Static program analysis via 3-valued logic. In: Proceedings of 16th International Conference on Computer-Aided Verification (CAV’04), vol 3114 of LNCS, pp 15–30

  53. Sabetzadeh M, Easterbrook SM (2003) Analysis of inconsistency in graph-based viewpoints: a category-theoretic approach. In: Proceedings of 18th IEEE International Conference on Automated Software Engineering (ASE’03). IEEE Computer Society, pp 12–21

  54. Sasao T, Butler JT (1996) A method to represent multiple-output switching functions using multi-valued decision diagrams. In: Proceedings of IEEE International Symposium on Multiple-Valued Logic (ISMVL’96). Santiago de Compostela, Spain, pp 248–254

  55. Sebastini R, Singerman E, Tonetta S, Vardi MY (2004) GSTE is partitioned model checking. In: Proceedings of 16th Internationao Conference on Computer-Aided Verification (CAV’04), vol 3114 of LNCS, pp 229–241

  56. Shoham S, Grumberg O (2003) A game-based framework for CTL counter-examples and 3-valued abstraction-refinement. In: Proceedings of the 15th Conference on Computer Aided Verification (CAV’03), vol 2725 of lecture notes in computer science. Springer, pp 275–287

  57. Somenzi F (1999) Binary decision diagrams. In: Manfred B, Ralf S (eds) Calculational system design, vol 173 of NATO Science Series F: Computer and Systems Sciences. IOS Press, pp 303–366

  58. Srinivasan A, Kam T, Malik S, Brayton RE (1990) Algorithms for discrete function manipulation. In: IEEE/ACM International Conference on Computer-Aided Design (ICCAD’90). IEEE Computer Society, Santa Clara, CA, USA, pp 92–95

  59. Wegener I (2000) Branching programs and binary decision diagrams: theory and applications. Monographs on Discrete Mathematics and Applications. SIAM

  60. Yang B, Bryant RE, O’Hallaron DR, Biere A, Coudert O, Janssen G, Ranjan RK, Somenzi F (1998) A performance study of BDD-based model checking. In: Formal Methods in Computer-Aided Design, pp 255–289

  61. Zadeh LA (1987) Fuzzy sets. In: Yager RR, Ovchinnikov S, Tong RM, Nguyen HT (eds) Fuzzy sets and applications. Selected Papers by Zadeh LA. John Wiley & Sons, Inc., New York, pp 29–44

Download references

Acknowledgments

We thank Wendy MacCaull, Christopher Thompson-Walsh and Victor Petrovykh for many interesting discussions and for their help implementing the model-checker. We are also grateful to the members of the University of Toronto formal methods reading group and the anonymous referees for helping us refine the ideas presented in this paper and improve the clarity of the presentation. This work was financially supported by NSERC and CITO.

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Toronto, Toronto, ON, M5S 3G4, Canada

    Marsha Chechik, Arie Gurfinkel, Benet Devereux, Albert Lai & Steve Easterbrook

Authors
  1. Marsha Chechik
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Arie Gurfinkel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Benet Devereux
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Albert Lai
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Steve Easterbrook
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marsha Chechik.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Chechik, M., Gurfinkel, A., Devereux, B. et al. Data structures for symbolic multi-valued model-checking. Form Method Syst Des 29, 295–344 (2006). https://doi.org/10.1007/s10703-006-0016-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10703-006-0016-z

Keywords

Search

Navigation