NASA/CRICASE
+
+
i
t
r
+
I
x
1999-209827
Report
No. 99-50
t !
,
Efficient Symbolic State-space Asynchronous Systems !
Gianfranco
Ciardo
The College
of William
Construction
i
!
i
i
& Mary,
Williamsburg,
Virginia
Williamsburg,
Virginia
,
Gerald
Liittgen
ICASE,
Hampton,
Virginia
Radu Siminiceanu The College
December
of William
1999
& Mary,
for
m
The NASA
STI Program
Office...
in Profile
[] CONFERENCE
Since its founding, NASA has been dedicated to the advancement of aeronautics and space science, The NASA Scientific and Technical
Collected papers from scientific and technical conferences, symposia, seminars, or other meetings sponsored or co-sponsored by NASA.
Information (STI) Program Office plays a key part in helping NASA maintain this important role.
SPECIAL PUBLICATION. Scientific, technical, or historical information from NASA programs, projects, and missions, often concerned with subjects having substantial public interest.
The NASA STI Program Office is operated by Langley Research Center, the lead center for NASA's scientific and technical information. The NASA STI Program Office provides access to the NASA STI Database, the largest collection of aeronautical and space science STI in the world. The Program Office is also NASA's institutional mechanism for disseminating development published by Series, which types:
the results of its research and activities. These results are NASA in the NASA STI Report includes the following report
TECHNICAL PUBLICATION. Reports of completed research or a major significant phase of research that present the results of NASA programs and include extensive data or theoretical analysis. Includes compilations of significant scientific and technical data and information deemed to be of continuing reference value. NASA counter-part or peer-reviewed formal professional papers, but having less stringent limitations on manuscript length and extent of graphic pre sentati on s. TECHNICAL
MEMORANDUM.
Scientific and technical findings that are preliminary or of specialized interest, e.g., quick release reports, working papers, and bibliographies that contain minimal annotation. Does not contain extensive
analysis.
CONTRACTOR
PUBLICATIONS.
TECHNICAL TRANSLATION. Englishlanguage translations of foreign scientific and technical material pertinent to NASA's mission.
Specialized services that help round out the STI Program Office's diverse offerings include creating custom thesauri, building customized databases, organizing and publishing research results.., even providing videos. For more information
about the NASA STI
Program Office, you can: Access the NASA STI Program Home Page at http://www.sti.nasa.govlSTlhomepage.html • Email your question via the Internet to
[email protected] • Fax your question to the NASA Access Help Desk at (301) 621-0134 •
Phone the NASA Access Help Desk at (301 ) 621-0390 Write to:
REPORT.
Scientific and
technical findings by NASA-sponsored contractors and grantees.
NASA Access NASA Center 7121 Standard Hanover, MD
Help Desk for AeroSpace Drive 21076-1320
Information
|
U
NASA/CRICASE
1999-209827
Report
No. 99-50
Efficient Symbolic State-space Asynchronous Systems Gianfranco
Ciardo
The College
of William
Gerald
Liittgen
ICASE,
Hampton,
Radu The
Williamsburg,
Virginia
Williamsburg,
Virginia
for
Virginia
Siminiceanu College
Institute
Computer
Langley
Hampton,
& Mar?/',
Applications
Research
Center
Universities
Space
in Science
and
Engineering
VA
Operated
National
of William
for
NASA
Space
& Mary,
Construction
by
Aeronautics
Research
Association
and
Administration
Langley Research Hampton, Virginia
December
Center 23681-2199
1999
Prepared for Langley Research under Contract NAS 1-97046
Center
Available
from the following:
NASA Center 7121 Standard Hanover,
for AeroSpace Drive
MD 21076-1320
(301) 621-0390
Information
(CASI)
National
Technical
Information
5285 Port Royal Road Springfield,
VA 22161-2171
(703) 487-4650
Service
(NTIS)
EFFICIENT
SYMBOLIC
STATE-SPACE
CONSTRUCTION
ASYNCHRONOUS
GIANFRANCO
Abstract. rely
Many
on the
generation
is based
on previous
of their of the
states.
fundamental
semantic
cache
algorithm
performs
Key
words,
Subject 1.
about event
locality,
Introduction.
mathematical
faster
However,
state
systems
memory.
One contributing
is potentially
exponential
state-exploration
In the literature,
whether
sets
Explicit state
to store these
two
techniques
represent
corresponds the state
space
explicitly
in their
or partial-order
techniques
prove
advantageous
such
especially state
*This while Langley
spaces
work
the
was
authors Research
t Department {ciardo,
radu
$ICASE,
very large,
is the
algorithm storing
locality
state-space
in the
show
that
the
generators.
is linear
state
the application
techniques,
too large
inherent
space
components.
of rigorous
including
under
to fit in a workstation's
in many
embedded
systems,
concurrent
Consequently,
research
exploration
many
and
storage
which
mode]
consideration.
of an asynchronous,
are considered,
spaces
of very
differ
from
of the
techniques
to reduce
system's
tables,
states,
states.
with
system efforts
large
each
in
state
other
by
fllrther.
of Markov
where needed
in practice
since state
to behavioral
spaces
analysis
or graphs,
the memory
which
However,
respect
the sizes of state
in the numerical
hash
[3, 6, 10, 13]. Thus,
a few million
minimization
if one is interested
by trees,
structure
number
at most
[11] may be applied
of systems
data
in the
having
form,
sometimes
concurrency
directions
requires
of these
equivalences Explicit
processes
limits
spaces
are [12]
techniques defined
over
[16].
supported were
in
Center,
by
the
residence Hampton,
of Computer
Science,
National at the VA
Aeronautics Institute
23681-2199,
P.O.
Box
8795,
and
for
Space
Computer
Administration
Applications
under in
Science
NASA and
Contract
Engineering
No.
NAS1-97046
(ICASE),
Stop
132C,
NASA
Langley
Research
NASA
USA. College
of William
and
]_Iary,
\Villiamsburg,
\5\
23187-8795,
USA,
} _lcs.wm.edu. Mail
is a
intelligent
It is implemented
net literature
sets
which
or symbolically.
of the underlying
systems
natural
The
supports
state space of the system
on the efficient
the reachable
small
for the
exploration
systems
the size of the state
research
explicitly
of a system
to fairly
event
control.
existing
Many
of the reachable
concentrated
to an entity
nets.
algorithm
the Petri
systems
algorithm
for efficiently
exploits
state-space
embed(ted
of its parallel
principal
are stored
techniques
encoded
in the number
of states
as Petri
the
the best
behavior.
to this problem
have
than
diagrams,
are usually
[20]. In fact,
techniques
spaces.
each
factor
fi'om
embedded
a new
(MDDs)
it fully
iteration
taken
faster
proper
construction
nets
Diagrams
via advanced
of today's
[8], rely on the automated
by Petri
such
Additionally,
examples
complex
we develop
models,
f
Science
checking
such as specified
SIMINICEANU
of today's
however,
decision
to their
of real-world
system
systems.
convergence
The high complexity
spaces
RADU
paper,
Decision
of magnitude
to testify
In this
approaches,
for several
Computer
techniques
spaces.
multi-valued
AND
for the verification
of asynchronous
one order
classification.
L('_TTGEN:_,
Multi-valued
to related
results
SYSTEMS*
of asynchronous
employs
property
run-time
state
space
and achieves
and
GERALD
techniques
state
In contrast
management SMART,
t,
reachable
work that
of reachable
tool
state-of-the-art
analysis
symbolic
CIARDO
FOR
Center,
Hampton,
VA
23681-2199,
USA,
e-maih
]uettgen¢_icase.edu.
emaih
Symbolic use
Binary
into which of state al.
techniques Decision state
spaces
spaces
[22] for the
for Petri
nets
is based
on the
using
of the
of Petri
has been
nets
only a single
integer
variable,
Experimental
results
larger
spaces
of size
1060
some
of these
state
1000 philosophers, while
symbolic
techniques
a memory-bound The
objective
techniques since
interleaving,
of this
many
fires.
it has been largely
ignored
on
but
event
locality,
support when
direct
jumps
a transition
update state
of the spaces
MDDs
data
structure.
is about
one order achieved
order. state
The remainder structured
state
of event
locality,
Details and
8 refer
Finally, the
of the
variants
to related
Appendices
algorithm
are work
techniques.
this
concept, MDD
it. does
Only
essentially
by employing
However,
dining
of even
the tiine
needed
[22], with
of 75 tokens.
of symbolic
state-space
net
traditional
philosophers count
but
of a Petri
generation
Thus,
shifts
from
only
not
consider
[19], it fully
The
management,
faster event
locality
is organized
spaces which
and
and present
and
MDDs.
induces
Sees.
only
our conclusions pseudo system.
in [19]. a small
tool
3 and
4 focus
on several
our new MDD-based
Sec. 6 discusses
some
as well as directions code of our
[5] and
algorithm,
reachable
events
in
is applied
to
improvement
space
issues,
algorithm
while
is
efficiency.
some background
for future
a local
this algorithm
this
performance
not
it introduces
out. that
conceptual
[5],
[19], it uses
by firing
regarding
provides
the
Moreover,
1Remarkably,
does
finishing
in [19]. Like
SMART
the
to be updated
upon
It. turns
overhead
section
approach need
convergence
only
when
in [19] touches
for building
locality.
faster
in the
The next
MDD
described
Pet.ri net models.
for deriving
in Sec. 5, while
example
achieves
one presented
as follows.
the detailed
for a small
also
this that
algorithm
event
is implemented
the
are essential
presented
exploits
of well-known
than
a new
on the algorithm
and
new algorithm of a suite
develops
that
or
techniques
presented
particular,
of the
means
generation
submarkings
out
locality,
to be updated
approach
In
interesting
of event
locality
need
state-space
to the
jumping
unlike
spaces
paper
event
transition
superficially.
corresponding
the concept
for example,
in explicit
generation
This (:lass is especially
exploits
the MDD-based
spaces;
A C contain
step-by-step
encodings
MDDs
subnet
state-space
systems.
nets,
has been investigated
of the
cache
efficiency
by a given
is based
of this paper
the
In Petri affected
which
of magnitude
regarding notion
systems.
present
by exploiting
spaces,
Our approach
The
for
[15].
token
et
generation
the representation
nets.
for the an initial
state
time
systems,
state
predefined
[6], with
asynchronous
systems.
subnets
locality
part
on the
namely
software
Similarly,
mechanism
tlle reachable
larger
is to improve
it exploits
fires.
explore
and larger
in symbolic
to the
for representing
a specific,
to store
enables
regular
minutes
system
to the
of asynchronous
an intelligent
mainly
paper
event
for particularly
efficient
of an entire are built
sizes
not rely on BDDs,
(MDDs)
state
[1],
t)5' Pastor
state-space
in [19] does
this approach
fl'om several
applied
symbolic
of the subnets
for the Kanban
in asynchronous
Whereas
states
10600
the
approaches functions
manageable
subsequently,
Diagrams
encode
spaces
and,
the
were first
Recently, taken
Decision
symbolic Boolean
pushed
BDDs
nets
[21].
[19]. The approach
ranges
class of systems,
belonging
Petri
Most
problem.
embedded
inherent
sub-markings
transition
hours
of safe
investigated
the state
space.
representing
techniques
net community,
in [19] show that
even
spaces
are able
for a particular
it includes
those
and
to a time-bound
of BDD-based
of Multi-valued
where
in sublinear
for efficiently
one to efficiently
reported
state
to several
sets
were
improved
allow
techniques.
to generate
BDDs
concept and
sets
structure
The advent
reachability
into
general
functions
reachability
as data
[4]. Ill tile Petri
significantly
more
integer
(BDDs)
1020 states
generation
classes
one to store
can be mapped.
to about
for other
represent
alh)w
Diagrams
material based
on
in two variants. results. work,
Appendix
Secs.
respectively. D illustrates
7
2.
Structured
introduction
State
and defines
2.1.
Structured that,
however,
Thus,
we interchangeably and
Consider The
a Petri
interleaving
state,
semantics
s to another
from
state
s via event
Petri
nets,
A ,' is essentially
one element. exploring set that
state
of Petri
into
a simple
fundamental solution
state
the
set
of structured
s has
requirement,
which
models
[7]. The
of L" local next-state
flmctions,
all e E g and
s C $.
in practice,
_\.
space S_, = {sk,0, sk,l,...
E N is the
additional
number
states
for example
expressed
p-invariants
In reality,
[20].
set $ of global
Once
states fs:
Sk has been
can then {0,...
Multi-valued
are data
structures
I: {0,... ,NK K, 5I
a Boolean Another
E Nand
function, special
Traditionally, side,
shows
-
1}
case,
where
integer
the decision
MDDs
coincide
functions tree
of the
defined
k_>
of the it with
in
as the smallest relation,"
the net
into I_" subnets
of a global state
partition
of _o must
approaches
characteristic
are often
represented
minimum
function
that
its reachable
explicit correct
where
insertion
of
computation
e.g., obtained
set {0, 1,...,
as the
x ._"1(c, s l ) for
techniques,
the
the
by employing
5\. - 1}.
Moreover,
a
,N1 - 1} ---+ Such
{0,1}
characteristic
flmctions
can
sections.
Decision,
Diagrams
[15], or MDDs
for short,
of the form ....
,N
21I = 2and
the better
the
Sk,
, Sl) E $.
{0
require
"true"
{0,...
functions x..-x
such
to allow for the
a
for computing
by traditional
might
satisfy
A" to be written
enough
s
function
in the following
1. When
with
this
- 1} x---x
1}
For
at most
teachability
for function
places,
characteristic
integer 1 -
reachal)le
s) contains
a partition
The
be small
that
implicit
Multi-valued
-_r/__1, fimction
Binary
Decision
mentioned
where
the
Diagrams
in the previous
by value tables or decision min(a,b,e),
,__I
trees.
variables
(BDDs)
f is [1, 2].
section.
Fig. 2.1, left-hand
a, b, and c are taken
fromtheset{0,1,2}. Hence, K
= 3 and NI
= .N½ = N3 = M = 3. Each
an oval, is labeled
by a variable
and has arcs directed
to the case where
the
of tile node
given
variable
level of tile tree
ordering,
which
or 2. Each value
from the
leaf in a given
to a leaf node
path
is the value
2
I
0
An MDD merged.
is a representation
More
node.
precisely,
A node
children
is considered
are identical.
provide
a canonical
implies
that
arcs
representations
trees.
However,
to l, at
the
bottom.
to the values
table,
K hash
to provide
tables
which
at level k consists
Since
we enforce
of an array
In the following,
nodes.
Note that
we let
we could
the level of a node
the node use nodes
very useful q stored
(0, 0) and
1, indicating
an MDD. node
property,
lvl-th
(0, 1) to indicate
0, 1, The
for this
path.
the
type
table
for representing
at position
the Boolean
values
ind,
tables
from
either
nodes node
0 in a is 0.
or decision
K,
at the
or both
leaf
In practice,
at a given
Hence,
as unique
to compute mddAddr
type
write
for the i-th child
1 at level 0, respectively.
Each
of the node. value
of the
require
of our data
we often
within we have
of addresses
but this would
organization
nodes
table.
the hash
the
top,
however,
level are stored nodes.
structure
simplicity,
and q_dw[i]
0 and
ranging
or not.
MDDs,
the level-wise
For notational
MDDs
is 0, whenever
the arcs to the children
array and
a to leaf
value
of non-unique
contain
of nodes
furthermore,
of this paper. table
is reachable
of this
that
of redundant
node
contains
of the nodes
which
ensure
if all its
ordering.
in levels
0, which
are
or redundant
and to be redundant
of the function
variable
subtrees
any non-unique
corresponding
detection
identical
requirements
We also refer to this data
addresses,
denote
their
a state
to simplify
where
0 connecting
nodes
level
we use the value
of mddNode;
unique
MDD
The addresses and
also use a single unique
as part
by either
the elimination
the value
on the chosen
special
two
that
with
than
whether
explicitly. to them
for the purposes
in the
is the
that
compact
We organize
there
mddNode
variable
to values.
node,
these
arc labeled
depends
of _.
at a
are labeled
graph,
of another
[15]. Note
means
more
MDDs.
represent
the reducedness
node.
will prove
b and c. This
nodes
all nodes
of the variables
do not contain
ordering,
the
access
together
node
store
these
by
corresponds
the tree have the same
to the assignment
acyclic
which
if it is a replica
For example,
0 and
fast
trees
functions
Additionally,
is no need to store
a hash
for
as directed
a fixed variable
of compactness
Structures
corresponding there
degree
tree
of integer
can be exponentially
the
Data
with
side, skips levels
MDD
2.3.
Together
i. Moreover,
by squares,
respect
is depicted
as decision tree (left) and as MDD (right)
decision
to be non-unique
can skip levels.
Fig. 2.1, right-hand
of min(a,b,c)
are reduced
representation
with
which
2
of a decision
MDDs
through
depicted
of the function
node,
The i-th branch
value
to an assignment
2
FIG. 2.1. Representation
is assigned
nodes,
corresponds
internal
children.
i.e., all paths
is a < b < c. Leaf
root
its three
consideration
by the same variable,
in our example
path
of the
are labeled
under
towards
of us to
structures (lvl, ind)
for
of q. Finally,
we
TABLE "Union"
Union(in
p : rnddAddr,
1. if p= 2. ifp
in q : mddAddr)
(0,1)
orq=
= (0,0)
3. if q = (0,0)
5.
if LookUpInUC(k,p,q,r)
6.
r _:
7.
for i--0
• deal with
(0,1);
• maximum return
• if found
r;
• otherwise,
the union needs to be computed • for the i-th
then
u _
Union(p,
then
u _
q);
• q is at a lower level than p • p and q are at the same level
else u _
Union(p-*dw[i],q-_dw[i]);
SetArc(r,
i, u);
r _
13.
InsertInUC(k,p,q,r);
• record
14.
return
r;
• return MDD
The
Union
MDDs
its arguments.
levels
the
when
finishing
of the
argument
Tim encode
base the
of the
cases
empty
Otherwise,
8 and
9).
for computing
algorithm,
which
is the
the q has node
ofp
to
set,
some ensure
the unique
many
other
table binary
child
might
MDD,
subnets.
While
this
"good"
partitions,
reachable
and
state
can i.c.,
substate
for a detailed
that
be lead
discussion
be
then
returns
it.
Note
such
as
from when
to the
lowest
level
0, and
0 to level
k.
the
represented
done
automatically,
to small of issues
MDD
MDDs
to check in
the
of the
namely
node
shows
if it
child,
returns
2.i
a naive,
can
calling
As
sK-l,...
requires
us to
it is still
an open
problem
be
easily
and
to
adapted
MDD-based
how
earlier,
is stored
partition
state
fimction
CheckNode
explained , sl)
this
(cf.
1 3 accordingly.
iterative, net.
the needs
if r is equivalent
Lines
of reachable
one
7"/. Otherwise,
in Table
(sK,
building
is redundant
by
and
(0, 1} union
is returned.
However,
r is checked r's
by a Petri s =
ll).
the
cache
by recursively
Lines
1)3' modifying
partitioning.
result
(0, 0) and
whether
7
r and
representations
regarding
the
the
maximum
3,_. (of.
state that
the
stored
returns
2.2
so a global
is used
result
algorithm
Table
that
is determined
destroys
recall
1 3, where
represented,
Construction.
Please
the
Note
builds
have.
cache
child
space
level.
can
intersection,
of a system
represented
MDDs,
r and
that
sets
is adapted
is reduced,
CheckNode
of the
is needed
in turn
explicitly
MDD
algorithm
spaces
argument
in Lines
i-th
state
that
all 0 < i
0, a union
computed
at level
one
MDDs
the
Union
representing
recursively
from
level
as
in the
the
for generating
child of r
it in the unique
union
representing
represented
to the It
argument
respectively.
been
and
that
Finally,
highest
are
store
the result of this
operation
MDD,
2.1.
ascending
function
full
essential
similar
Table
k of the by
recursive
fact
in
level
An
is very
is shown
recursions
and
of the
to
a new
MDDs
child
to build
levels
returns
[2],
MDD-based
space
and
the
r in the
MDDs.
as parameters
r' having
node
2.5.
all sets
Since
If r is redundant,
node
algorithm
context
of the
of the
CheckNode(r).
inserts
in our
MDD
i-th
care
another
sets.
p and
a new
of the
take
on
maximum
set
arguments
union
Operation
This
from
and non-redundant,
• if r is unique
algorithm
descending MDD,
• make u the i-th
CheckNode(r);
on
in r
child do...
• p is at a lower level than q
q--*dw[i]);
Union(p-4dw[i],
11. 12.
two
of the levels of p and q
in the union cache, the result is returned in r
10.
union
the base cases first
q;
1 do
else if k > q.lvl
a BDD-based
reader
return
then
to N_.-
if k > p.lvl
takes
K
: mddAddr
CreateNodc(k);
9.
which
state
MDDs
q.lvl);
8.
binary
Lines
on
p;
k 4= 2IIax(p.lvl,
is the
to
return
4.
2.4.
by
(0,1)
or p = q return
2, 1
operation
Petri
over nets
to efficiently
spaces.
We
refer
the the into find the
TABLE Iterative
[ MDDgcncration(in 1. 2. 3. 4. 5. 6. 7. 8. 9.
The
semantics
procedure
the unique SetInitial.
is fired,
not change, reachable
The
and
spaces Event
which
consideration,
wise,
it is a synchronizing
while
e depends.
e might
systems than
or might
in particular,
K h)r most
notation,
but also improves
Our
MDD Fir.st(c) Union
aim
nodes
between
becomes calls
local
stop
manipulating
these
redundant creating
by "jumping MDDs
depends
to as
e is said k,
at the root,
shown Tile
states.
After
as an MDD
enabled
until
node
Petri
the
MDD
net does
q, representing
that
levels, all local
Last(e)
the
First(e) events
-
and
To benefit
of an MDD, as is done
levels
Last(e)
at levels possibly from namely
in traditional
that
higher levels this
the
lower than
but
k-th
or Last(e)
levels
> k > 1,
For asynchronous significantly
of event e only
smaller
macro
event
rather
including
locality.
causes
only when
Last(e),
we need
First(e),
approaches,
firing
Fi_:st(e),
observation,
to level
on the
lk
does not only simplify
concept
Last(e),
than
and
for level k; other-
into a single
convention
E S
algorithm.
exploit and
of the
and minimum
Last(e).
+ 1, is usually
This
of in-
subnet
e depends
the maximum
and
concept
,. .. , sl)
K >_ k > First(e)
generation
First(e)
the k-ttl
(Sl_,sK-1
for level k are merged
algorithms
via
a local event
First(e)
of reachable
obey.
of the
Otherwise,
denote
between
of our state-space
between
inherently
level k, it is called
level k satisfying
generation
is defined
function.
and
t)lus possibly
new nodes.
root
s k' for all s =
=
of every
of affected
or non-unique,
in the middle"
the
updates
cache.
is stored every
This is done
independent
First(e)
manipulation
levels,
iteration,
interleaving,
is the identity
on any level k strictly
stored
an5" new reachable
systems
to be
if sk
only on a single
[19]. We let
MDD
which operation
to as firing
for the MDD-based
asynchronous
referred
event of level
the efficiency
states
2.2),
Union
consideration
Finally,
[-J_.c_':F_,._t(_.)=t._t (_)=_.._'k (e, ._) for all s E S.
is to define
e affects
which
i.e., if._/k(e,')
e. We assume
._.'_.(It., s) =,if
an event
also
e is independent
tile range
events
wc refer
to the MDD.
Our improvements
An
not depend
which
In each
are discovered.
locality,
subnets.
event
Hence,
satisfying
nodes
of event
or on level k. If an event
on which
states
the
net under
iteratively.
are added
(cf. Table
of e added
m of the Petri
proceeds
Locality.
E ._'(e,s),
firing
Fire applying
is returned.
or independent
. ,s_)
cache,
if the
new states
net,
in procedure
e by appropriately
use of another
then
is sometimes
from
is encoded
nlarking
reachable
of Event
of events
s' = (,_._,sK_l, ' .. subnet,
no more
of tile Petri
rely on the notion locality,
under
the initial
• clear unique table return MDD representing the initial state • start state-space exploration • clear union cache
and
• clear firing cache • truc if MDD changes in this iteration • fire event e and add newly reached states to MDD • keep iterating until fixed point is reached • return MDD representingthe reachablestate space
a flag mddChanged,
the potentially
space
study
makes
The algorithm
Concept
dependence net
tat)le,
i.e., until state
it also
updates
first clearing
under
• build
to tile firing of event
reasons,
additionally
transition
net
at q according
via procedure
state
generation
, K] of int) : mddAddr
of the Petri
rooted
For efficiency
3.
state-space
for k = 1 to K do ClearUT(k); q _ Setlnitial(m); repeat for k -- 1 to h" do ClearUC(k); for k = 1 to K do ClearFC(k); mddChanged ¢= false; foreach event e do Fire(e, q, mddChanged) until mddChanged = false; return q;
the MDD at)ore.
m : array[I,...
"2-.2
Since
updates
a node
but only until
at level recursive
to be able to access than
always
[19]. This
having
of
MDD to start
is the reason
why
wepartitionthe uniquetable,whichstoresMDDs,into a two problems treat
them
need
t.o be addressed
separately
when
in the following
one wants
K-dimensional
to access
array
an MDD
of lists
directly
of nodes.
at some
However,
level First(e).
We
two sections.
First(e)
Last(e)
Explicit nodes need to be inserted in order to deal with implicit roots at level FiJwt(e).
FIG. 3.1. Illustration of event locality and the problem of implicit roots 3.1. should
Implicit
Roots.
intuitively
play
since redundant
to a node
left-hand
side.
modify stores
words,
hnt)licit
roots
through
Last(e),
above
the
q at a level
due
a bag (nmltiset)
In other
most
are not stored.
Conceptually,
the MDD
arcs
deleted
from after
both
of MDDs.
resulting
MDD
from
slight
variation
be detected
event
when
choice
only between
compared
approaches
to the
have some
memory
new
the underlying
eliminates penalty
will become the expensive
potentially
clear need
associated
in Fig. 3.1, we explore
The
first
when
in the
for levels
and
approach to q.
First(e). reach
These
firing
next
to search them,
event
at a level
Note
that
nodes
preserves
at
will be
the reducedness
downstream
arcs
are exactly
c. Please
a canonical
+ 1
it; in our example,
redundant
so that
arcs.
First(e)
to a node
at level First(e)
approach
with
First(e)
arcs pointing
arcs
arcs
approach
of being
as upstream-arcs
tables
at level
nodes,
the nodes MDD
this.
upstream
root.
the first
property
than
of p in the bag of q's upstream
is inserted
redundant
Then,
when
to tile downstream
implicit
explicitly,
is illustrated
for doing
of how many
Thus,
the fundamental
"forwarding-arcs"
former,
same
levels.
of our algorithm
situation
at level First(e)
one or more node,
at this level
not be represented
in the unique
regardless
keeps all unique
exploring
stored
possesses
a redundant
to the
This
roots"
is an occurrence node
per node,
subsequent
still possesses
phrase
each
all nodes
is a node p at a level higher
q, corresponding
are still redundant.
approach,
we need to start
for the
i.e.,
p_ are re-routed
We refer to the two variants the
root,
there
might
are two approaches
node
node
to be inserted
e, if they
of MDDs
the
level First(e),
of them
"implicit
= q, there
by scanning
from
> k >_ Last(c).
these
e. There
p-+dw[i]
whether
Our second
exist
which
needs
p and
firing
property
nodes
arcs in each
i such that
some
whenever
First(e)
of upstream
checking
root
This happens
k satisfying
an MDD
However,
we have to re-insert
If so, an implicit
one implicit
nodes.
of event
can then and
to explore
to tile firing
for each
First(e).
one wants
the role of root
nodes
pointing
When
note
in the all the
that
this
representation.
and forwarding-arcs
approach;
section.
approach,
for implicit the former
The roots.
latter
However,
for the storage
both of the
upstreamarcs,whichcanin the worstcasedoubletile spacerequirements, andthe latter because of the preservation of redundantnodes.Wehaveimplemented both approaches, andexperimental resultsshow that thesememoryoverheads arecompensated by a smallerpeaknumberof MDDnodes,whencompared to the approach in [19]. 3.2. In-place Updates. Onceall nodesat levelFirst(e), can update Fire
the
MDD
implementing
presented there
to reflect
in Table
2.1,
with the
concept
becomes
redundant
to its unique replica
node
difference
as soon just
of event
locality.
or non-unique.
child
node
q. In the
we do not have
itself
might
nodes
be marked
in these
at the next
chains
higher
they
arcs.
operation,
later
are deleted
only after
thus,
of scanning p as deleted
chains
all the events
it points
can arise.
at level First(e)
when
it
arcs be re-directed be re-directed
to the
p only if it becomes
all the nodes
of nodes
in accordance p arises
in level
non-
First(e)
and set a forwarding
to p, so that
level
its parents.
we eliminate
Instead
its own pointer
arcs
creating
At this
MDD,
as
However,
stops
calls.
and its incoming
since p knows
nodes;
operation
of some node
its incoming
we mark
on, forwarding
update
routine
operation,
as needed.
recursive
one
+ 1 to
arc from p to q.
to q instead.
Since node
In our implementation,
have been
q
the
fired and before
nodes
level are explored.
It is important levels,
upstream
and
Fire
Our
Union
in the original
be deleted
be deleted
this is trivial
p, it will update
as deleted
case, p must
states.
on the
inserted,
from
positions
are detected,
reachable
relies
Our
backtracking
with the in-place
we keep redundant
is a costly
to new,
It heavily
approaches.
when
p must
approach,
approach,
time a node accesses
case,
lead
as well as implicit,
appropriately
at the appropriate
In the former
upstream-arcs
and
to existing First(e)
only difficulty
q. In the latter
foi- arcs to p, which
The next
respect
The
c may
in See. 5.1.
are created
level
links the new sub-MDDs
However,
search
with
of event
in detail
nodes
as it reaches
In the forwarding-arcs unique.
the firing
is described
i.e., new MDD
is one important
new MDD-nodes our algorithm
that
this update
explicit
to note
that,
do not jeopardize
although
these
the correctness
in-place
updates
change
of our algorithm.
This
the meaning
of MDD-nodes
is due to the interleaving
at higher semantics
of
w
asynchronous in the
systems
state
literature space
by firing
especially
when
jump
an MDD
event
MDDs
Summarizing, improve
(cf. See. 5.3).
create
are tall and
investigation.
some
simplifications
not support
4. paves
notion
on tile time efficiency
in and out of the
localized
Improving the
present of utmost
4.1.
road
next.
the
approach
An efficient
of MDD
Cache
of the union
Iteration
of MDD-based
(:ache.
In related
The
management
of in-place
locality,
work regarding
state-space
it only
events.
we can
by the event considers
However,
it does
nor for local events.
of event
iteration
locality
control,
of the iteration
for state-space
updates
locality,
are affected
concept
and
organization
algorithms
The technique
events,
Control.
in cache
in the
us to drastically
Exploiting that
to exploit
for synchronizing
reported
states
to our sub-MDD,
allows
in the case of local
as welt as an efficient
Management.
techniques.
claims
current
of levels. that
levels
approaches
the
compared
range
systems
only those
in [19] also manipulations
and
to a small
generation
exploring
existing from
to build
for asynchronous
neither
improvements
for the performance
the efficiency
reported
updates,
reachable
i.e., it is expensive
state-space
management
in-place states
of e is restricted
thereby
Management
cache
MDD,
of MDDs
significant
performing
set of global
locality
of MDDs,
improvements
Cache
Intelligent
of event
modifications
towards
importance
us to enhance
While
the effect
of MDD-based
"middle"
and
than the
e. This is a K-level
it is the
under
Rather
encoding
also
which
wc
control
are
generation.
introduced generation
in Sec. 3.2 allows using decision
diagrams, includitig[19],thelifetimeofthecontents oftile unioncache cannr_t spanmorethanoneiteration, sincetherootofanyMDDis deletedandre-created whenever additionalreachat)le statesareincorporated in theMDD.Inotherworcts, anychange in anI_'IDDnode,i.e.,in its dw-array of pointers, is really implemented as a deletion
followed
In contrast,
in our
stopped
at level
reused
over several
nodes
t)y an insertion. approach
the
where
only
First(c), iterations,
until
in our implementation
thoroughly
(:leaning
ut) the union
flags.
More precisely,
present
in the cache
Experimental
that
the
studies
show
overall
performance
Additionally,
we devise
and
is conceptually
prediction Thus,
Union(p,
two
q).
a second
additional
a significant
at level
k, and
that is the
j ¢ .k'_.(e,i).
to the
set
of states
Union(p-+dw[i],p-+dw[j]),
whi(:h
that
we explore
p has not been deleted,
local
state
i. Hence,
previous 4.2.
in some
Table
2.2.
algorithm firing
computing
for generating
events
starts
all events
our algorithm First(_:)
at level
all states
= k and Last(e)
1 and
This specific of our cache firing the
caches caches
delayed especially
more
By working
selectively,
node deletion
regular
thus, and,
which allows
in the forwarding-arcs
also allows l_fDD-based
we presort
events
that
_> 1, i.e., the
to tile current event
it adds
the
for efficient
iteration,
macro space
in
r at
before.
of iterations
nets
[19, 22] fire
MDDgener_tion
to function from
the
I1. When
initial
Our
state
reaching
by
level k,
e satisfying
events
fire each
in
First(.).
all events
lk at level t: and all synchronizing we repeatedly
cached
the number
by firing
of
However,
computed
for Petri
event
result
again.
7 of function
p
e is enabled
r) = r. By having
can be reached
state
e in node
and assuming
find out that
according
reason
at p-+dw[i]
r bc the
explicitly
for
that
event
affect
at level k,
new states. for the correctness
tile bottom
contributes
of event
r.
entry
The
.XIDD rooted
us to reduce
in Line
the
the firing
algorithms
as indicated
Last(e)
is essential
extending
approach.
locality
in our imt)lementation,
from
thereby,
even if it was never
macro
and as long as firing
management.
this
states
= 1 and
events
to Uniou(p_dw[i],
union,
storing
Let
Our
r) will return
Union(l>-+dw[i],p--_dw[j])
for the
can be added
Moreover,
_
is identical
Existing
that
of firing
p-+dw[j]
architecture.
to 12_.
At the next
10% and
on prediction
by up
consequently,
later
this idea.
is based
Union(q,
at p-+ dw[j].
of p-+dw[j].
p again and,
iteration,
searches
rooted
at)out
employing
after
by the
and
and reused
averages
of
according
is not deleted
cache
of computer
we are exploring
flag. Instead
purging
entry
r) and
immediately
encoded
to be ._IDD
which
our algorithm
of states
however,
_> 1, i.e., the local
sequence
is more
each
First(e)
only level k and any level below. as long as it is enabled
spaces.
within
cache,
by tile MDD
Event
of MDDgeneration,
e satisfying finds
state
order
In our version then
Control.
reachable
arbitrary
set
the update
we can avoid Iteration
in the
cache,
field
entries
union
entries
Union(p,
speeds-up
c in node
p-+dw[j])
in the also
the new value
event
Union(p-+dw[i],
iteration,
Advanced
needed
becomes
for the union
Assume
the
encoded
we need to perform
if p has not changed, the
following.
Then,
cache
in the cache
cache
c, is
For this purpose,
a selective
by up to 13% when
r, then
this heuristics
union
an event
flag and a dirty
a union
be kept
studied
can be memorized
improvement
to be added
caches
some
by firing
or deleted.
a cached
of union
technique
q) returns
permits
with
may
can be improved
to associative
indicate
assume
result
of reusability
optimization
caused
we can now perform
associated
the
the rate
if Union(p,
results
Experiments
node
root,
changed
namely
each iteration,
stale,
the
This
are either
bits attached,
of our algorithm
very similar
for such
needs
us that
towards
is updated. nodes
if an MDD are not
relies on the fact that
these
a pointer
the referred
cache after
if the on.
of changes
have two status
to tile above copies
"wave"
lifetime
levels to the top levels, of cache
to higher
collection
and efficiency
entries.
hit ratios.
and removal
of the implementation
we can clear
Moreover, Our
the
firing
of non-unique
the union
access
sequence
pattern
and to
also enables
and disconnected
nodes,
In [19],repeatedlyfiring eventsis onlyappliedfor localevents,whicharerelati('elyinexpensive to process, whilesynchronizing eventsarestill firedonlyonceandin noparticularorder.Westressthat while the newiterationcontrolmeansthat ouriterationsarepotentiallymoreexpensive thanthosein [19],they arealsopotentiMlyfewer.Moreprecisely, ouralgorithmgenerates statespaces in atmostasmanyiterations asthe maximumsynchronizing distance of any reachable state s, which is defined in [19] as the minimal number
of synchronizing
5.
Details
events
of the
New
of our new MDD-based We then
discuss
the complete
the
pseudo
required
to reach
Algorithm.
algorittim.
_ from
the initial
state,
In this section,
we present
some important
We first
data
structures
used
code
of the algorithm
illustrate
and,
without
how to update
MDDs
argue
algorithm
finally,
is included
why the
in the first
three
counting
local
details
in response
on both
Please
stale
s,,..=
1it
space:
Event
F1c.
events
Illustration
5.1.
currently-known
portion
behavior
with
example
net is partitioned
respect
0 to 3. Hence, node
of
our
(0,0),
Firing
MDD
nor
any
e.
in every
i.e., First(c) at|d local
= 4 and
state
to 0, 1, and
rooted
[_L_L_I_]
of
Events.
Fig.
5.1 illustrates, each
and
each
arc
the
current
Let
Last(e)
0 at levels
= 2. Hence,
3 and 2, event
node
added
four
Function
state
the local states
Fire(e,-,
depicted
on the
Assume
reached
Fire
states,
downstream
arcs; left
further
the
.) implements
how
local
enabled
representing
example,
possible
for any local state.
net is in a global
algorithm,
to the MDD
has four
space,
event
of our
of a small
the new state
c can fire and
an
iteration
stud,,'.
having
state
"*" stands
if the
are then
by means
MDD
of the form (*, *, 3, 0, 0, *) and that
space:
to firing
each
net under
of them
has six levels, to it.
At
which
set of the Petri
into six subnets,
slate
l I
S,,_.,.t= {(0.0,*,0,0,0). (O,O,O,LI,O),(3,1,O,O,O,O)} in re.sponse
states,
lfl
works.
numbered here,
in Fig. that
we do 5.1,
event
be c is
when firing e is (*, *, 0, 1, 1, *),
described of the
by local
affected
state
subnets
3 at level 4 are updated
1, respectively.
Exploiting sub-MDDs
state
New
MDD-modification
S,.,,,._ = {(0, 0, *, 0, 0, 0), (3, 1, 0, 0, 0, 0)}, where enabled
I I I
1111
by :
reachable
to event
==_
e__(.,.,o,l,l,.)
an
of the reachability
The
not draw
Example
additional
this
from
e enabled
(.,.,3,0,0,.)
of MDD-based
are fired to discover
t
_ k > First(e) " "
.
rLast(¢)
and
let
enabled
in s and
principle
of event
or Last(c)
_'Last(c)'
''
consideration,
> k > _ 1. Then
- 1,-
,rl)c$,for
••
in our
the
global
algorithm
state
in form
_ mentioned
of local
above
_ explicitly,
MDD
explorations
is implicitly
as is clone in related
is the key for improving
inserted explicit
in and
on the performance
algorithm
each
"best"
subnet
Timing)
place
former contains
number
places.
partitions protocol, except
the
in the the
slotted-ring
token
and
nets
at a time.
transitions,
for these
for {P_M_,
Mr},
but
systems
in [19]: we consider
while we split
flexible from The
are
the FMS
and the Kanban
{P_2M3,
M3},
and
(Simulation models
manufacturing
[22], are composed latter
two models,
parameterized
are depicted
two philosophers
two
the one
four Pet ri net
the
taken
the
namely
tool SMA137[
to the
system,
regarding
to ours,
net
tool
at most
one
results
related
Petri
originally
Petri
found
closely
two models,
of places
The
performance
most
[5]. We apply
philosophers, The
a fixed
in certain
several
are implemented
and
dining
we present
with the approach
in Fig. per level
system
{P.zM2, M.,})
by
the
6.1.
To
and
one
into 19 subnets and
4 subnets
PX } for X = 1, 2, 3, 4), respectively.
6.1 presents algorithm
let
This observation
them
system.
i.e.,
tokens
we adopt
In fact,
generation.
per level for the slotted-ring
({p,,x,
set under
terminates
• S.
In this section,
Kanban
subnets,
N of initial
system
is no need to compute
for Reliability
the
safe
taken
number
variants
in [19], i.e., and
reached
implemented
and compare
Analyzer
(FMS),
originally
reachability semantics
Moreover,
state
,rl)
nodes.
Studies.
of our algorithm
system
our algorithnl
generators.
Experimental
also
for the
• , rFirst (e)+l,. s'First(e)'
s _ is. There
to state-space
variants
Markovian
states
global
is directly
of MDD
state-space
and
the
r = (rK,rK-l,---
state
approaches
reachable
_ =dr (rK,..
principle
whenever
of traditional
to the
interleaving
' for all k satisfying st_ = s_,
that
states
interleaving
our MDD
on the
C $ be arbitrary.
,s_)
we may conclude
and
new states
is based
of global
(s_,-,.s_,.__,...
locality
This
adds
of all, it is easy to see that
the following.
s = (sK,sK-1,... s'
First
several
results
[19], obtained
when
and 512 KB cache. of MDD the peak
nodes,
for the
two variants
running
SMART
For each which
of our new algorithm, on a 500 MHz
Intel
as well as the best-known Pentium
inodel
and choice
of N, we give the
is of course
independent
of the algorithm
number
of MDD
nodes
The peak number
of MDD
nodes
allocated
during
and the number
12
execution, of iterations
the
II workstation
with
size of the state used. number
Then,
space
for each
of iterations,
for the upstream-arcs
and
II -'-
WuitLefl, GetLef
....
h
tsjmch
P2_
P2 s
FIC. 6.1. Petri nets used in our experiments: left), and slotted-ring (lower right)
forwarding-arcs reported
approaches
should
introducing
fewer
MDD
we ran, nodes
made
to the core routine
Other
improvements
new algorithm
approximately slotted-ring than
essentially overhead
than
the
Fire,
which
and the
and
the upstream-arcs
already
The
approach,
and
philosophers. except
arcs
the
notion
efficiency.
in [19] indicates nets,
for the Kanban
13
This
to what the system
the peak that,
adjacent
faster,
arises
locality
inherent
contribute
an increase
from
the
on which
node
in
deletion.
structural
changes
in asynchronous
between factor
about the
linear
approach
we comment
systems. 7 lagc,, and
run-times
in speed
to be almost
forwarding-arcs
without Thus,
and with few exceptions
in average
A comparison
number
even levels.
is due to postponed
mainly
appears
where
implies
between
of magnitude
of event
Moreover,
system,
approach
optimizations
in time
FMS
nodes
improvement
our cache
Kanban
approach.
connect
is up to one order
improvement
Kanban
dining
the
forwarding-arcs
ones for the algorithm
for the the
(upper left), Kanban system (upper righO, FM,q (lower
FMS and
in the forwarding
reflects
importantly
for the
all arcs
one in [19].
to tile overall
constant model
except
our new approach
most
up to 22% in total,
dining philosophers
by one for the
nodes,
tile only memory
For the models uses
coincide,
be increased
redundant
our examt)les,
the
"1_23
ranging (in N)
fi'om for the
is slightly below.
for
Since
faster both
TABLE 6.1 Performance
results
Approach N
Philosophers
50
the
degree
more
the
number
(see.) fwd.
28
2
0.02
0.02
0.82
168
2
0.15
0.13
3.32
343
2
0.37
0.36
1.22
1.20
17
45
2
0.03
37
285
2
197
585
2
693
2
300
1.23 x 10 Iss
597
1,785
2
30.88
1,043
2
2.80
2.77 4.40
400
6.10
x 10 _'_°
500
3.03
X
600
1.51 x 10 a76
700
7.48
x 1043s
800
3.72
x 10 S°I
1.85 x 10564 9.18
x 10626
8.29
x _10
60.25
1,393
2
4.52
2
92.17
1,743
2
7.14
6.89
2
121.94
2,093
2
9.33
8.93
4,185
2
181.!2
2,443
2
12.65
12.30
4,785
2
245.76
2,793
2
16.88
16.06 20.29
797
2,385
2
997
2,985
1,197
3,585
1,397 1,597
10313
10
1,797
5,385
2
302.63
3,143
2
21.17
1,997
5,985
2
382.04
3,493
2
26.10
24.94
691
7
1.47
409
7
0.82
0.77
-
60
20
2.73
x 1020
220
4,546
12
33.32
2,328
12
12.74
12.22
30
1.04
x 1031
480
15,101
17
242.36
10,433
17
76.45
75.00
40
4.16
x 1041
840
37,066
22
1,073.64
25,374
22
297.07
293.15
50
1.72
x 1052
1,300
76,308
27
4,228.88
47,806
27
908.40
897.97
5
2.90
x 106
149
433
10
0.26
0.22
10
2.50
x 109
354
15
2.17
x 1011
634
20
6.03
x 1012
25
8.54
x 10 la
10
0.57
239
1,038
15
2.42
599
15
1.05
0.88
1,868
20
6.27
1,109
20
2.83
2.20
989
2,923
25
13.52
1,769
25
6.47
4.83
1,419
4,203
30
26.49
2,579
30
13.01
9.12
55
166.28
73.13
50
4.24
x 101_
4,694
13,978
55
209.96
8,879
75
6.98
x 1019
9,844
29,378
80
980.20
18,929
80
484.93
299.34
100
2.70
x 1021
16,869
50,403
105
2,681.80
32,729
105
1,448.16
845.91
5
2.55
x 10 _
7
47
11
0.08
55
4
0.05
0.05
10
1.01
x 109
12
87
21
1.26
155
4
0.66
0.76
15
4.70
x 10 l°
17
127
31
6.97
305
4
3.90
4.43
20
8.05
x 1011
22
167
41
24.64
505
4
I5.I1
16.76
25
7.68 x 1012
27
207
51
68.71
755
4
44.62
49.12
30
4.99 x 1013
32
247
61
161.49
1,055
4
113.99
123.67
40
9.94 x 1014
42
327
81
628.11
1,805
4
511.44
564.13
50
1.04 x 1016
52
407
101
1,681.96
2,755
4
1,586.32
1,492.21
peak
nodes,
new
algorithm our
models
locality.
importantly, of explored
require
memory
whose
model,
of event
and,
x 1{)_2
time upstr,
13.76
exception,
slotted-ring
it.
2
of our
two
#
nodes
1,185
Kanban
The
peak
(sec.)
397
FMS
an
time
[
x 10125
1,000
again
[
it.
2.47
ring
variants
#
200
900
Slotted
peak nodes
2.23 x 10 al 4.97
approach
new
final
1.86 x 106
100
Our
nodes
[$[
10
in [19]
penalty
parameter
provide For the
these
N
affects testbed
models,
widens per
fewer
is ahnost
a good
gap
nodes
significantly
event
the
where
the
Kanban
system
is
compensated. the
height
for
our
CPU
of the
ideas
times
as we continue fired
MDD
since are
up
to scale-up
is much
1.1
more
MDD,
namely
they to
give
the rise
15 times
the
nets.
contained
in
The our
dining
to tall
faster
philosophers MDDs
than
main approach,
the
reason
with ones for
compared
this
and a high for
[19],
is that to
[19].
When
MDD
than
heights
are
small,
the one in [19], but
such
as for the
the difference
FMS
and
TABLE Timing
results
for
N Approach
in [19] (see.)
Upstream-arcs
approach
Forwarding-arcs
The
results
the number several
(see.)
approach
for the
Kanban
of iterations
reasons
small
depth,
much
pay-off.
a very
proliferation
of deleted
the
reduced
number
late
node
deletion
using
that
drastically
the
results,
see an improvement
of about
might
in cases
be well-suited
thereby
memory
overhead
approach
and to redundant
is ahnost
accounted
leading
Related
Explicit eration
by successively
deserve
have
the result
on Kronecker
0.69
1.16
1.80
5.32
9.54
29.50
73.49
0.37
0.73
1.25
1.94
5.71
10.18
29.96
69.83
examples,
although
poor
compared
to the
2 - N + 1 to 4 due Kanban
net
into
only
the
garbage
garbage
collection
"good"
in Table
cannot
much
than
case
the
cannot
need
too rapidly.
observation
be found
the
of times
model
indicates
with
nodes
It is worth per level,
to N = 20 to
that
automatically
have
Usually,
with one place
to scale-up
a
to the
Combined
number
net,
are
with
contributes
we see how this can backfire.
to [19]. This
partitioning
in this
bin grows
reduces
There
to an MDD
approach
of the Kanban
We only
leads
locality
collection in bulks
partition
respect
four subnets
20
control.
the end of the iteration.
system,
6.2.
iteration
forwarding-arcs until
15
for our other
to exploit
in the
destroyed
approach,
ones
to our advanced
an), attempt policy
our algorithm
or by hand,
e.g., due
of event
to larger-sized
but not-yet-destroyed peak
nodes,
number
are partitioned
becomes
nodes
more
in case
into
many
beneficial.
The
of the upstream-arcs
in case of the forwarding-arcs
of MDD
in the literature,
nets
locality
MDD
for the generation
suggested
build
its next-state Two
approach,
nodes.
of reachable where
techniques,
state
net into
analogous
may
subnets.
for each state to the
model-checking
[7], which
data e.g.,
possess directly
13].
multi-level
state spaces
spaces
of synchronous
are represented
structures
advantages
either
using
15
suggests,
BDDs. expIMt
structures
space and
structure
under
consid-
efficiency,
various
merging of the
common underlying
in [6] and implemented
by merging
for numerical
on data
the
reported
As the name
[13]. While
of the system
To achieve
exploit
a bitvector
tools
space
data stT'uctures
the approach
one obtained
work
state
[3, 6, 10,
namely
Multi-level
needed
usually
the reachable
function
consideration,
of a Petri
is somewhat
they
is due
techniques
under
in automata-based of states,
as the exploitation
mentioning.
the storage
algebra
been
[19] when Petri
way.
introduced.
special
better
of approaches
iterating
of the system
aims at compressing
in the number
0.46
by the small
generation
on a decomposition
used
3,324.78
which
A variety
systems
bitvectors,
cessfiflly
level)
1,021.53
50 with
and deleted,
or in a symbolic
have been
indeed,
per
233.93
performs
for in practice
techniques
is based
place
111.80
doing
to tall MDDs,
state-space
representation
(one
25.07
a good
in our approach,
Work.
asynchronous
in an explicit
levels
14.02
are not truly
factor
our algorithm
subnets,
and
16
heuristics.
Summarizing,
7.
6.2 wilh
in case of the Kanban
when
faster
overhead.
6.45
the
as shown
is still
10
Clearly,
since
algoritlun
book-keeping
8
from
However,
our
5
are
in our
_'stem,
4
a finer and not. particularly
changes
to insufficient
0.16
which
is beneficial,
noting
0.20
breadth.
of iterations
for removal.
2.42
net
Kanban
due to our increased
3
garbage-collection
nodes,
are scanned
0.77
splitting
large our
Kanban
2
system
First,
Second,
the
1
is reduced
for this. but
(sec.)
the
is not as impressive
merging
common
common
Tim latter methods
technique
analyses,
employed
for explMt
bitvectors
sub-bitvectors
still require
state-space
in [5]
[3];
is also sucspace
linear
e.g., those
based
state
storage.
To avoid
tile
asynchronous techniques
build
ponent,
the
chronous
state
[12].
of the
with repeated overall
state
Symbolic tems
rather
first
applied
by Pastor of safe
introduced
underlying
diagrams,
decision
diagram
i.e.,
necessarily
techniques
a more
namely
safe,
Petri
to store
event
locality
net
introduced
Decision
in [19]
within
show which
that in turn
space
efficiency.
In summary,
when
generating
very large
our
algorithm
is the first
Regarding memory
future
architectures.
This
our
systems,
symbolic
work,
spaces
The
idea
techniques.
to parallelize
our
different
state-space
construction
further
while
chitectures.
Our
algorithm
is particularly
suited
for this
split
parallelization tions
according reported
on networks
to levels.
in the literature
of workstations
Acknowledgments. decision
diagrams
careflflly
proofreading
We believe
[18, 23, 25], especially
for building
are symbolically
Diagrams
are able
our algorithm and
faster
than
small
in the the
one
decrease
of related best
fully
achieves
well-known
penalty To the
able
to different
to store
larger
kind of parallelization
our approach
spaces
in
algorithms
of our knowledgc,
promises regarding
processors MDDs
since
to avoid
and
the
and,
thereby,
on distributed
all data
structures
run-time
distributed-memory
distributed-
penalties
arare for
implementa-
and PC clusters.
We would
like to thank
and on implementations a draft
that
new algorithm
for shared-memory
of MDDs
being
here.
locality.
algorithm
levels
the
MDD-based
with only a relatively
of event
of a
to related
Decision
run-time
node
of
of arbitrary,
of magnitude
the
and
version
in a single
management,
storage
algorithm
encoding
of examples
reduces
of the
Pastor
general
cache
one order
were
[21]. However,
work,
successfully
advantage
The
to previous
results
sys-
they
work,
invariants
carried
Binary
algorithms
symbolic
place
[19], state
an intelligent
about
to speed-up
already
unlike
Analytical
is often
using
is to map
work
in contrast
integrates
variable.
comparison
on previous
one taking
we intend
However,
hardware
[24]. In recent
a very efficient
which
control.
algorithm
improves
presented
As in previous
(MDDs),
iteration
our approach state
paper
such
for the generation
our approach
of this
to
subgraphs
net community,
for a straightforward
a repetition
in systems
our work uses a more
compared
of an asyn-
it is sufficient
(synchronous)
of information
allow
already
systems.
a single node.
an advanced
In contrast,
or
[14].
algorithm
by exploiting
the amount
from
on
hours
traces
of symmetric
aspect
as a Boolean
within
nets
MDDs
Diagrams
in asynchronons
via
community
Work.
of a net
nets
variables.
we have
of asynchronous
information
convergence
of Petri
we refrain
Future
spaces
via Multi-valued complex
exploits
and
state
represented
sections,
a BDD-based
place
encoding
Since
construction
[1, 4, 15, 17]. In the Petri
each
In particular,
several
com-
congruence
[11]; thus, symmetries
of this focused
by parallel
to a behavioral
fact. that.
the explicit
of concurrent, minimization
component
exploiting
an example
space
Compositional
of interest
Techniques
developed
[15, 19], by which
nets.
the
have traditionally
Petri
on Boolean
state
(i)
according
exploit
to avoid
of very large
efficient
MDDs
(iii)
systems
by encoding
can be increased.
Conclusions
Petri
spaces
in the previous
the reachable
faster
nets,
state
logic is still based
decision
not
techniques software
Petri
system
are also
et al. in [22]. This paper
of generating
Cortadella
8.
generation
nets
explicit
i.e., parallel
to tile properties
class.
Petri
stepwise,
techniques
respect
can be used
[9]; colored
on (asynchronous)
sets
is capable
sub-systems
state-space
reachability
with
the
key techniques.
intermediate
of each equivalence
spaces
than
of each
building
three system
(ii) Partial-order
be equivalent
only a single trace
as those
space
when
developed
of a concurrent
the state
may
explosion
have
space
specification system
explore
of state-space
researchers
and minimize
an interface
the
problem
systems,
A.S. Miner
of state-space
of this paper.
16
for man 5' fl'uitful
generation
techniques,
discussions
on nmlti-valued
as well as C(!sar
Mufioz
for
REFERENCES [1] R. BnYANT,Graph-based puters, [2] --,
35 (1986),
Symbolic
Boolean
24 (1992), [3] P.
and
Press, [4]
J.
Hierarchical
pp.
Storage
and
France,
June
CIARDO
AND
[9]
E.
[101 D.
CLARKE,
E.
[14] K.
T.
(CAV
DILL,
The
I997,
Surveys,
Workshop
on Petri
IEEE
Symbolic
HWANG,
pp.
142
Computer
Society
1245 of Lecture
Symposium Press,
(Tools Notes
checking:
for Reliability
1020
and
(IPDS
Timing,
'96),
Urbana-
p. 60.
in 9th International
Evaluation
model
170.
Analyzer
Society
.state spaces,
vol.
Institute
A.
operators
for Computer
Automatic
SISTLA,
ACM
Conference '97),
R.
on Modelling
Marie,
in Computer
for the solution
Applications
verification
Transactions
GRAF,
B.
B. Plateau,
Science,
St.
of generalized
in Science
of finite-state
on Programming
verification
eds.,
Malo,
and
stochas-
Engineering,
concurrent
Languages
systems
and Systems,
S
STEFFEN,
AND
The
model
pp. 279
295. Special
JENSEN,
Coloured
KEMPER,
R.
Numerical pp. 615
BRAYTON,
and applications, analysis
in Computer
Verification
Science,
Verification
Aided
Science,
(CAV
'96),
New Brunswick,
Notes
of Concurrent in Computer
Compositional
Aspects
of Computing,
Spin,
on Formal
vol.
Aided
in Computer
the
LLTTGEN,
checker
Springer-\'erlag,
VILLA,
Theory
for
nets, in Petri
Course,
1987,
G.
issue
Petri
Notes
Notes
in Computer
Ver-
Elounda,
462.
in Computer
vol. 1032 of Lecture
Formal
in model checking,
R. Alur
and
N J, USA,
July
393.
Methods
Problem,
Advanced
system,
390
Partial-order
HOLZMANN,
pp. 450
vol. 1102 of Lecture pp.
symmetry
ed., vol. 697 of Lecture
1993, Springer-Verlag,
.specifications,
T.
Exploiting
'93), C. Courcoubetis,
Murphi
GODEFROID,
(1996),
Computer
Performance
AND S. JnA,
Springer-Verlag,
grams: [16] P.
Computing
1996. AND
FILKORN,
June/July
I_[AM,
ACM
pp. 44-57.
logic specifications,
Greece,
September [151 T.
L.
98 (1992),
the use of Kronecker
96-35,
May
EMERSON,
ification
of an
on Com-
pp. 244--263.
interface
[13] G.
June
and Dependal)ility
1996, IEEE
eds.,
On
Report
the State-explosion
[12] S.
Transactions
in 7th International
and Markovian
Performance
Springer-\%rlag,
TILGNER,
Tech.
T. Henzinger,
[111P.
IEEE
diagrams,
France,
AND
Coml)utation, Simulation
G. Rubino,
1997,
temporal
CLARKE,
1996,
and
for Computer
VA, USA,
(1986),
GSPNs,
St. Malo,
DILL,
.for large structured
Tools
HI.
D.
SMART:
Computer
and
nets,
Hampton,
using
'97),
_{C]_.'IILLAN,
Information
aIte_7tatives
M. Calzarossa,
tic Petri
manipulation,
binary-decision
of superposed
(PNPM
IL, USA, September
Techniques
E.
K.
International
Champaign,
[8]
structuring
AND A. MINER,
in IEEE
[7"] G.
with ordered
Models
CLARKE,
and beyond,
[5] G. CIARDO
[6] --,
function
81 90.
E.
states
manipulation
Performance
BURCH,
for Boolean
691.
pp. 393-418.
BUCHHOLZ, Nets
algorithms
pp. 677
IEEE
Transactions
Methods
in Software
Nets:
Central
254 of Lecture
Models
Notes
Science,
minimisation 8 (1996), on
Systems
An
Approach
Springer-\%flag,
of finite
state
to
1996.
systems
using
pp. 60T 616. Software
Engineering,
23
(1997),
Practice. and Their
in Computer
Properties,
Science,
Bad
Part
I, Proceedings
Honnef,
Germany,
pp. 248-299. AND
,At.
of superposed"
Multi-valued
SANGIOVANNI-VINCENTELLI,
Multiple-Valued GSPNs,
628.
17
Logic, IEEE
4 (1998),
decision
dia-
pp. 9 62.
Transactions
on Software
Engineering,
22
[17] K.
MC_,IILLAN,
Symbolic
Carnegie-Mellon
[18] K.
Model
University,
MILVANG-JENSEN
[19] A. MINER
AND
in 20th and
[21] E.
1999,
541
AND
J.
BDD
package,
'98), G. Gopalakrislman
Palo
Alto,
teachability
CA,
USA,
1639 of Lecture
and
Notes
in Second and
PhD
thesis,
1998,
and storage
Theory
of Petri
in Computer
International
P. Windley,
November
set generation
on Application
pp.
501
using
Nets
col. 1522
512.
decision
(ICATPN
Science,
Confer-
eds.,
diagrams,
'99),
Williamsburg,
J. Kleijn \\-k, USA,
pp. 6 25.
Properties,
analysis
PASTOR,
on Design,
Computer
O.
ROIG,
tion, in 15th R. Valette,
Efficient
CORTADELLA.
Conference
1998, IEEE
[22] E.
nets:
Problem,
and
applications,
Proceedings
of the
IEEE,
77 (1989),
579.
PASTOR
IEEE
col.
Springer-\_rlag, Petri
to the State-explosion
l_:" A parallel
Science,
Conference eds.,
Approach
(FMCAD
Efficient
CIARDO,
International
MURATA, pp.
G.
BDDNO
HU,
Design
in Computer
S. Donatelli,
June [20] T.
Notes
An
1992.
AND i.
ence oil Computer-Aided of Lecture
Checking:
Society J.
Automation Press,
Notes
for
symbolic
in Europe
analysis
(DATE
'98),
of Petri
Paris,
nets,
France,
in
March
795.
R.
on the
schemes
Test
790
AND
Conference
ed., voI. 815 of Lecture
and
pp.
CORTADELLA,
International
encoding
Petri
BADIA,
Application
in Computer
net
analysis
and Theory
Science,
using
of Petri
Boolean Nets
Springer-Verlag,
manipula-
(ICATPN
June
'94),
1994, pp. 416
435. [23] R.
PtANJAN,
J.
diagrams (ICCD [24] O.
t'{OIG,
SANGHAVI,
on '96),
J.
network Austin,
of Petri
(ICATPN
'95),
St)ringer-Verlag, [25] T.
BRAYTON,
of workstations, TX, USA,
CORTADELLA,
checking
R.
nets,
AND A. in IEEE
October
in 16th International
June
AND F.
Autonmtion
Conference
Machinery,
pp. 641--644.
BREWER,
(DAC
col.
on
Press, circuits
on the Application 815 of Lecture
Binary Computer
pp.
358
Design
364.
by BDD-based
and Theory
Notes
decision
model
of Petri
in Computer
Nets
Science,
391.
Implcmentiou '96),
Society
of asynchronous
Conference eds.,
Conference
Computer
lJ_rification
and M. Diaz,
1995, pp. 374
STORNETTA
International
1996, IEEE
AND E. PASTOR,
G. De Michelis
SANGIOVANNI-VINCENTELLI,
of an efficient
Las Vegas,
18
NV,
USA,
parallel June
BDD
1996,
package,
Association
in 33rd
Design
for Computing
Appendix A. Data Types and This
section
purpose
contains
routines
A.1.
• The
the definitions
for operating
Data
types.
type
The data
type
First(e
event
i.e.,
affected that
-
for level
mddNode(k
dw : array
: level)
under
-
cached dirty
: boolean, : boolean,
mddAddr
a 32-bit bits
encode
denotes
Upon
the pseudo level) through
• The unique
of the
(UT),
cache
(UC),
computed
mddAddr),
while
if k = max(p.lvl, tables
dimension
it.
its current
size (more
nodes.
lt[1..k],
with
within
of MDDs
values.
Functions
0 sorts
the events
according
we also use the notation by PreprocessEvents.
e' < e
Note
that
lk. having
the following
is an array The hash
whether
which
fields:
arcs for all K children
referring
level.
In the
to this node.
the cached
is a pair
the level
copies
(lvl, ind)
Ivl of a node,
pseudo
code,
are stale.
represented the
S(p
by
remaining : mddAddr)
at p:
T[1../x']
of heap-arrays,
by pages. procedures
mddAddv),
entry
encode
dynamically
fast
cached
rooted
and release
a cache
node,
that
is a vector
separate
\_
of hash
use a 1024 node
tables,
nodes
and
one hash
node
per level.
page
size.
In
by AllocateMemory(k
These
to the deleted
key of an MDD
one heap-array
are denoted
respectively.
access
q.lvl),
then
of elements
a preset
precisely,
upper
A UC
table
entry
has type
the
reaches
number bound,
is hashed
the
prime
size of the table, smaller
than
_[1../x'], has
(p : mddAddr,
size of a table
to the next
_ th of the prime
(FC),
the triplet
number
to the next
cache
entry
above,
If the
and firing
operations.
_t FC table
mentioned
is less than
than
node
allocation
allows
exists
bits of an address
nodes
UT[1..K],
MDD
of already
of elements
of
are also
the non-deleted table
per level,
is computed
:
accessible nodes.
which
solely over the
store values
dw-pointers.
• The union
For all hash
type
number
and last level affected
the N[k] downstream
there
of an MDD
ReleaseMemory(p:
list which
table
whether
for 7- is allocated
and
to unique
general-
arcs.
by the MDD
MDD
the memory
a linked
pointers
represented
memory
code,
event
is a record
in combination
ind of the
space
: rnddAddr
code,
first
the degree
as integer
of the
imposed
macro
upstream
address
[log 2 K]
for "physical"
request,
In the pseudo
which stores
stores
is a "virtual"
position
the state
index
to the order
nodes
a flag indicating
The first
the
• The storage
which
a flag signaling
type
integer.
for MDD
are encoded the
encoding
the branching
PreprocessEvents
into a single
1)] of mddAddr,
up : bag of mddAddr,
-
as well as some
consideration.
-
• The
order.
e according
k are merged
[0..(N[k]-
of the node
than
Procedure
constant
represents
names
: level return
respectively.
e' is smaller
code,
are the following: integer
of int
event
: event)
level, in increasing
• The type
is larger
is integer,
to their
all local events
precisely,
array[1..K]
event,
first
used in our pseudo
Ix" is a positive
N of type
by the corresponding
to indicate
types
by our algorithm
where
: level and Last(e
Routines.
types.
employed
is [1..K],
for events
: event)
data
types
level of levels
Purpose
of the data
on these
MDD levels. The constant for each level. •Ttle
General
larger
i.e.,
table, than
that
: mddAddr,
store
the results
q : mddAddr},r
Also, for the union
insertions
we enlarge twice
the table
half the current
19
({p
r : mddAddr).
is dynamic,
we shrink
and is not decreased
type
tables
:
cache,
in UC[k].
size of the
number
are hash
The
if it is smaller
than
the
the current
to about
size).
and
table
deletions
table size).
may
to about
twice
If the number
half its current
size (more
size is not increased
a preset
re-
lower bound.
if it
A.2.
Routines
for
• h_serth_UT(in Searches
Managing
p : mddAddr,
UT[p.lvl]
of this node,
r is left unchanged,
an(t the
Removes
p fi'om
ClearUT(in Clears
A.3.
Routines
order
true.
Managing
Otherwise,
and
the entry
Routines
form
for
.). If such and
returns
a ({p, q},x) false.
in q : mddAddr,
q.lvl}.
({p,q},
The
is found, result
it sets r to x and
is independent
of the
q are supplied.
The effect
in p : mddAddr,
of the form
in r : mddAddr) does not contain
on L/[k] is independent
an); element
of the
order
of the
in whi(:h
in q : mddAddr
.) from L/[k].
in/4[k]. Managing
Otherwise,
the
k : level,
(p, r) in )V[k].
Firing
Cache.
in p : mddAddr,
it leaves
of the
out r : mddAddr)
form
r unchanged in p:
Given
If such
and returns
mddAddr, the logic
(p,-).
boolean
a (p,x)
is found,
it sets r to x and
returns
false.
in r : mddAddr) of our
algorithm,
)r[k] does
Bags.
Sets of integers
not
contain
an)'
element
of the
(p, .) and k >_p.lvl. k : level)
all entries
from
in F[k].
for Managing the head
• PickAnyElement(inout Selects of mddAddr
following
to UT[p.lvl],
out r : mddAddr)
the logic of our algorithm,//[k]
k = max{p.lvl,
k : level,
Routines
can be picked
Bags
p and
Given
J-[k] for an element
ClearFC(in Clears
p is added
k: level)
all entries
Inserts
({p,q},
r unchanged
k : level,
• lnserth_FC(in
A.5.
it leaves
RemoveFromUC(in
true.
Otherwise,
If it is found,
false.
in q : mddAddr,
form
p and q are supplied.
• LookUphtFC(in
•
of the
the two parameters
Searches
true.
as p--+dw.
Cache.
in p : mddAddr,
tile two parameters
({p, q},-)
Clears
i
Union
k : level, in p : mddAddr,
• ClearUC(in
A.4.
the
({p, q}, r) in U[k].
Removes
returns
arcs
mddAddr)
k : level,
• InsertlnUC(in
form
returns
of downstream
in UT[k].
for
in which
Inserts
pattern
and tile fimction
function
H[k] for an element
returns
: boolean
tile same
k: level)
all entries
Searches
Table.
UT[p.h:l].
• LookUpbtbrC(in
•
with
is set to the address
p:
Unique
out r : mddAddr)
for a node
* RemoveFromUT(in
•
the
and
removes
(FIFO)
Sets
and
and from
£ : set of int) an arbitrary
are implemented
the tail (LIFO)
according
arid returns
it.
as queues. to the desired
Elements strategy.
: int
element
as linked
are implemented
of a queue,
lists
from
set £,
of pairs
two functions:
20
(mddAddr,
count).
They
are managed
via the
r
AddEIement(in
p : mddAddr,
If bag b contains list of elements
p : mddAddr,
If bag b contains
Often
A.6.
p with
of p, followed
the symbols
"E",
Routines
and
routine
•
deleted
for type
int, which
of type
obtained
with count
plus to tlw
next-state
the routine
becomes
in the context
subtracts
O. Otherwise,
of bags,
minus
from the
b is left unchanged.
with their
obvious
meanings.
the number
its unique
since
downstream
arcs
Thus,
level
parameter
k can
signals
forwarding
the
for the subnet
firing
by local state
encoded
of e leaves
Approach. by the
following
of incoming whether
the
arc is stored
do not skip levels, be removed
e, when e is enabled
i at level k.
in level k.
level k unchanged.
Note
that
disabled.
is replaced
which
function
level k when
Forwarding-arcs
stores
event
: boolean
the
boolean,
to minus,
: set of int
by firing
mddNode
Moreover,
and
p is added
b : bag)
in case the count
in i : int)
of some
and
the
ofp
fi'om e being
redundant,
LookUpInFC,
Otherwise,
inout
or equal
"_)" are also used
is the local
is different
Modifications
: int,
than
k : level, in e : event)
field up of node in of type
b : bag)
by plus.
events.
e is indet)endent
this property
•
greater
k : level, in e : event,
this
An event
A.7.
"¢",
handling
• IsIndependent(in
record
count
the set of local states
Basically,
inout
in minus
by the deletion
"=",
for
• NewStates(in Returns
: int,
of p is increased
in b.
• RemoveElement(in
count
in plus
p, the count
for
entries routines
InsertInFC.
21
In the
arcs from the node
forwarding-arcs
approach,
the
two fields:
has been
next
higher
marked
level, and
for deletion.
If so, it is
in dw[0]. of H[k] and ¢-[k] refer only LookUpInUC,
InsertInUC,
to nodes
at level k.
RemoveFromUC,
Appendix
B.
MDDgeneration(in Generates local
Detailed
Pseudo
m : array[1..K]
of int)
space of a model
the state
Code
for
the
"Upstream-arcs"
: mddAddr respect to the
with
initial
state
and
returns
the
address
of the MDD's
root.
k : level;
local
e : event;
local
q : mddAddr;
local
mddChanged
• flag signaling
: boolean;
fork=l
1.
4.
ClearUC(k);
5.
ClearFC(k
g.
• the UC is initialized
foreach
Fire
node
First(e)
inout
MDD
regarding
changes
First(.)
in this iteration
= k do
mddChanged
reachable
at a level k, with
creates a temporary
re-exploring
which
First(e)
known
propagates
> k > Last(e),
redundant
(formerly
: boolean)
from the currently
it calls FireFromFirst,
at the end, if, after exploration,
one, to avoid
if any node of the
order
= false;
and inserts the states
for any
is removed
entries
q, mddChangcd);
in s : mddAddr,
at level First(e),
• true
event e satisfying
Fire(e,
e : event,
First(e),
of out-of-date
here and at the end of each Fire
• sort events in increasing
0;
13. until mddChanged 14. return q;
Then,
here and later purged
• the FC is cleared
);
Events
12.
Generates
are needed
1do
mddChanged _ false; for k= 1 to h'do
11.
Fire(in
iterations
Setlnitial(m);
7. Preprocess 8. repeat 10.
more
• the UT is cleared only once at the beginning
ClearUT(k); 3. for k= 1 to K-
6. q _
whether
toKdo
2.
node
Variant.
state space represented by s via event e. For any
work
downstream
having
node at level First(e), it is still redundant.
redundant)
nodes just
by calling
incoming
Union
downstream
and calls FireFromFirst
This second
introduced.
and FireRecursive.
arcs
from
a level above
on it. The dummy
phase must be performed
The flag mddChanged
node
after the first
is passed through
and
updated. local
k : level;
local
i : int;
local
p, q, r, d : mddAddr;
local
pHasDummy 1. foreach
: boolean; p E T[First(c)]
2.
if FireFromFirst(e,p)
3.
mddChanged
4. for k = Last(c)
6.
pHasDummy
7.
foreach
if not
(to be continued
• check for downstream
arcs skipping
over First(e)
q to p skips
over First(e)
do then
pHasDummy
Insertln
15
- 1 do
> First(e) d _
14.
in level First(e)
_ false;
11.
13.
at nodes
do
10.
12.
• fire e starting
root has to be inserted
true;
q E p_up
if q.lvl
if an implicit
then _
foreach p E T[k]
9.
do
to First(c)
5.
8.
• signals
• downstream
arc from
then
CreateNode(First(e),p);
• insert
a redundant
node
d at level First(e)
pointing
to p
UT( d, null);
pHasDummy
_
true;
for i = 0 to N[q.lvl] if q_dw[i] SetArc(q,
do
• d is not • find all downstream
= p then i, d);
on next page)
22
in the
UT, since
arcs from
it is a redundant
q to p and
re-direct
them
node to d
(continued
16.
if pHasDummy
17.
if not
18.
Remove
19.
CheckNode
20.
for k = First(e) foreach
21.
23.
or (p--+dirty)
26.
to p any arc that
explore
it
it is still redundant... d from the UT and...
was re-directed
to d, then
delete d
• must clean up in this order for this to work
= 0) or (r.lvI
or (q--+dirty)
p E T[k]
Last(e)
or (r.lvl
• disconnected
> 0 and r'--+up = 0)
> 0 and r---_dirty)
nodes...
• ...and out-of-date
then
• ...are
UC (k, p, q);
removed
• clear disconnected
do
entries...
from the UC
nodes at level k
(p);
to First(e)
- 1 do
• clear firing
caches
at levels
below
First(e)
ClearFC(k);
FireFromFirst(in event
Union
e : event, e starting
in p : mddAddr)
from
node
and FireRecursive.
removed
from
UT (this
the
If the
£ : set of int;
local
pHasChanged
local
f,u
: mddAddr;
local
i,j
: int;
true,
its hash
is not changed,
value).
p was itself
_
=
First(e).
changed,
is deleted,
If the
node
It propagates
and false,
otherwise.
if it has become
is removed,
the
work
downstream
If p changes,
redundant,
change
by calling its address
is
or p is re-inserted
is propagated
upstream
in using
UT.
• flag signaling
whether
MDD
with
• get all the local states that
c);
root
p has changed
potentially
enable e
false;
_ ¢ _ do
4.
i _
PickAnyEIement(£);
5.
f _
FireRecursive(First(e)
6.
if f
• choose - 1, c,p-+dw[i]);
• f = (0,0)
j C NewStates(First(e),e,i)
8.
u _
9.
if u _ F-+dw[j]
10. 11.
remove
p-+dw[i]
if and only
• j is a local state reachable
do
12.
pHasChanged if NewStates
14.
if pHasChanged
17.
if p_cached
18.
CheekNode(p);
• this is the first
then U T (p); _
ife
it from
E
if e is local could
not fire
i when firing
from
of e added
e
• remember
new states
change to p in this
• p must be removed from the UT before
true;
(First(e),
AddElement SetArc(p,
16.
• the firing
then
pHasChanged
RemoveF)'om
15.
i in Z_ and
Union(f,F-+dw[j]); if not
13.
any element
• this call returns
# (0, 0) do foreach
return
node
p is left in the
LoeaIStatesToExplore(p,
7.
if node
the
p.lvl
: boolean;
2. pHasChanged 3. while
UT, satisfying
either
for updating
local
1. £ _
Moreover,
node
: boolean
p in the
It returns
UT.
allows
CheckNode.
19.
• ...re-direct 1 do
= I_) or (q-+up
DeleteDownstream for k
28.
Fires
(d);
1 downto
node has been created,
• if it is unchanged, • ...remove
From U T (d) ;
RemoveFrom foreach
2?.
d) then
page)
({p, q}, r) E L/[k] do
if (p--_up
24.
the
-
22.
25.
• if a redundant
then
FireFromFirst(e,
from previous
call
changing it
not to remove p from the UT again
e, j) _ {bthen
(j, L:);
• j needs to be explored
(possibly
again)
j, u);
then then
p-+dirty
_
• cache entries referring
true;
to p are stale
• put back p into the UT, or delete it
pHasChanged;
23
FireRecursive(in Returns
k : level,
the
address
in e : event,
of a node
representing
dependency
of e on levels above
a temporary
node
local
: set
t in-place.
p.lvl.
The
the
set of states
Function
returned
: mddAddr reachable
FireRe.cursive
value
from
propagates
is guaranteed
S(p)
when
event
e occurs,
work only downstream,
to be in the
UT, unless
it is not
since
ignoring
7",t, f : mddAddr;
local
atSamcLevel
local
i,j
(0, 1) or (0, 0).
: boolean;
• p.lvl
= k ?
: int;
1. if k < Last(c) 2.
return
3. if p.lvl 4.
• the end of the recursion
then
< k and
return
6.
IsIndependent(k,
FireReeursive(k
return
• continue at the next level
r;
t ¢= CreateNode(k,
8.
if p.lvl
• create a temporary
(0, 0));
• at this
< k then
atSameLevel
10.
• e does not depend on level k
e) then
- 1, e,p);
r) then
7,
9.
£ _
_
point,
• initialize
(k, e);
the set £ to all local states enabling
atSameLevel £ _ while
¢= true;
LocaIStatcsToExplore(p,
e);
• initialize
the
i _ PiekAnyElemcnt(£); if atSameLevel then
17. 18.
else
19.
• choose
f _
FireReeursive(k
- 1,e,p---÷dw[i]);
f _
FircRecursivc(k
- 1, e,p);
• nothing
foreach u _
23.
if u 7_ t--+dw[j]
24.
Union(f,
SetArc(t,j,
InsertInFC(k,p,t);
29.
return
the address
i : int;
local
r,u
c
to explore
here;
move
from
it from
L:
p_dw[i]
on to the
via e
next
if and only if e could
level
not fire
• the firing of e in p---rdw[i]
(j, £);
• j will have
added new states • e is still enabled
to be explored
(possibly
i
again)
u); • since t_up
= O, this cannot
cause recursive deletes
upstream
t;
p : mddAddr,
k:level;
enabling
i in L; and remove reachable
c, j) _ 0 then
CheckNode(t);
28.
local
states
i) do
then
AddElement
26.
local
local
t-+dw[j]);
if NewStates(k,
25.
any element
• f = (0,0)
j E NewStates(k,c,
22.
returned
£ to ali reachable
• find states
if f ¢ (0,0 / then
21.
Returns
set
£ _ ¢) do
15. 16.
Union(in
e
• k = p. Ivl
13.
27'. t _
on k
false;
LocalStatesEnablingEvent
12.
20.
node t
e depends
else
11.
is reached
p;
5. if LookUpInFC(k,p,
14.
the]
it only changes
of int;
local
The
in p : mddAddr)
value
in q : mddAddr) r of the is guaranteed
node
: mddAddr
representing to be in the
S(p)
U S(q).
UT, unless
It uses
it is not
and
updates
(0, 1) or (0,0).
the
UC to speed-up
Of course,
r.lvt
computation,
< Max(p.lvt,
q.tvl).[l
: mddAddr;
1. if p =
(0, 1) or q = (0, 1) return
2. if p =
(0,0)
3. if q---- (0,0) (to be continued
or p = q return return
• deal with special cases first
(0, 1);
q;
p;
on next page)
24
t
(continued 4.
k 4= Max(p.lvl,
5.
if LookUplnUC(k,p,q,r)
6.
return
in r
• otherwise,
(0,0));
the union
is computed
in r
• p is at a lower level than q
then
u 4= Union(p,q---_dw[i]); • q is at a lower level than
else if k > q.lvl then
12.
u 4= Union(p_dw[i],
13.
p
q);
else
14.
• p and q are at the same level
u 4= Union(_--_dw[i], q--*dw[i]);
15.
SetArc(r,
i, u);
16.
r 4= CheekNode(r);
17.
lnsertlnUC(k,p,
18.
ifp
19.
ifq_
20.
p---_eaehed,
21.
return
• since r-_up
----(_, this cannot cause recursive deletes • record
q, r);
5_ 7' then
InsertInUC(k,p,r,r);
7"then
InsertlnUC(k,q,r,r);
CheckNode(in
q---_cached,
the result of this • add predicted
r--+caehed
upstream
union in the UC cache requests
4= true;
r;
p:
mddAddr)
: mddAddr
Enforces
the MDD
replica.
If so, p is inserted
DeleteUpstreara,
properties
which
for node p, which
in the UT. Otherwise,
in turn
calls
node does not have to be deleted.
it
result of the union is returned
do
if k > p.lvl
11.
initially
• if found,
then
r;
8. fori=0toN[k]-i 9.
page)
q.lvl);
7. r 4= CreateNode(k,
10.
from previous
described
is not in the UT. It ensures that node p is disconnected
CheckNode
Function
by p, and this address
on these nodes,
CheckNode
is guaranteed
returns
this
node is neither
from upstream
and so on.
the address
redundant
nodes and deleted
The recursion
stops
when
of the node representing
to be in the UT. As we allow a redundant
nor a
by calling a modified
the set of states
root node, we treat
as a special case. local
X:
i.
mddAddr; if p.lvl
=/C
then
2.
InsertInUT(p,
3.
return
• check null);
p;
4. if p--_dw[0]
• this allows = p---_dw[1] .....
5.
x 4= p-_dw[O];
6.
DeleteUpstream(p,
7.
return
- 1] then
x);
return
the
root
arcs
node
node
• p is redundant;
• all downstream
pointing
• p is a replica
then
• all downstream
DeleteUpstream(p,x);
10. 11.
p---_dw[N[k]
for keeping
root
back
special into
the
case UT
even if it is redundant
delete
it and use its child
to p must
now point
to x
x;
8. else if InsertInUT(p,x) 9.
• put the
of x; delete it and use x instead
arcs pointing
to p must now point
to x
x;
else
12.
return p;
DeleteUpstream(in
o : mddAddr,
Changes
any downstream
instead,
thus disconnecting
upstream
• p is a distinct
arc pointing node o.
bag of o, it removes p from
p : mddAddr;
local
i : int;
(to be continued
in the UT
in n : mddAddr) to the old node o, not present Then
it deletes
o.
After
in the UT, so that
changing the
the UT and enforces the reducedness
in turn may call DeletcUpstrearn. local
node and was inserted
on next page)
25
downstream
property
it points
to the new node n
arcs of any node p in the
on it by calling
CheckNodc,
which
(continued I. foreach
p E o-+up
RemoveFrom
3.
for i = 0 to N[p.lvl]
CheckNode
8.
SetArc(o,
9.
ReleaseMcmory(o);
local
i-th
or re-inserted
upstream
in the UT by CheckNode
1 do • this call does not need a downstream
i, n);
• enforce
recursion
reducedness
property
do • disconnect
i, {0, 0));
p : mddAddr,
the
be deleted
(p);
7. for i = 0 to N[o.lvl]
SetArc(in
-
node will
page)
= o then
SctArr(p,
6.
• updated
UT (p);
if p--_dw[i]
5.
Sets
• check all nodes directly
do
2.
4.
from previous
node...
• ...and
in i : int,
downstream
in n : mddAddr) p to
of node
arc
kill it
while
maintaining
consistency
with
the
upstream
arcs.
]
o : mddAddr; 1. o _
3. if n.lvl 4.
• old node pointed
p-_dw[i];
2. l_--_dw[i]
_
• increase count
1, n--+up );
of upstream
RemoveElement
DcletcDownstream(in
p:
q : mddAddr;
local
i : int; 1. if p--+up
RemoveF_om
3.
for i = 0 to N_.tvl] q _
5.
SetArc(p,
6.
DeleteDownstream
the MDD
p,q
local
k : int;
routine
removes
p from the UT and deletes it, after
having
recursively
examined
do • disconnect
i, (0, 0));
old downstream • check
(q);
arc pointing
to q
if q still has incoming
arcs
• kill node p
(p);
m : array [1..K]
local
arcs for old node
p--+dw[i];
ReleaseMemory
I Constructs
to
or (0, ])
UT(p);
4.
Sethdtial(in
of upstream
(0,0)
= 0 then
2.
7.
or (0, 1)
mddAddr)
If node no incomingarcs.arcs, this each of pits has downstream local
• reduce count
(p, 1, o-+up);
arc
arcs for the new node pointed • no need to unllnk
5. if o.lvl ¢ 0 then
arc
downstream
• no need to link (0,0}
¢ 0 then
AddElement(p,
6.
by the downstream
• re-direct
n;
of int)
representing
: mddAddr
the initial
state m of the model, and returns
a pointer
to the MDD's
root.
l
: mddAddr;
1. q _
• initialize
(O, 1);
2. for k=
1 toKdo
3.
p _
CreateNode(k,
4.
SctArc(p,
5.
lnsertlnUT(p,
6.
q_p;
7. return
m[k], q);
q to node
(0, 1)
(0, 0)); • link new node,
at level k, to the
• use null because
null);
q;
26
one below,
p is known
at level k - 1
to be a new
node
CreatcNodc(in
k : level,
in initial
: mddAddr')
Allocates
a level-k
node with
initialized
to false,
and returns its address.
local
p : mddAddr;
local
i : int; 1. p _
: mddAddr
all the entries in dw initialized
to initial,
up initialized
It also updates the bag of upstream
to O, flags cached
and dirty
arcs for node initial.
AllocateMemory(k);
2. F-_up
_
q);
3. fori=Oto
N[k]-I
4.
_
p--_dw[i]
5. if initial.lvl 6.
do
initial;
> 0 then
AddElemeat(p,
7. p--_cached,
N[k],
p-+dirty
_
initial-+up); ,false;
8. return p;
LocaIStatesEnablingEvent(in I Returns
k : level,
in e : event)
the set of local states at level k which
local
L_ : set
local
i : int;
: set of int
enable e.
I
of int;
I. £¢=_; 2. fori=OtoN[k]-I 3.
do
if NewStates(k,
4.
• refer to the local next-state
e, i) _ 0 then
AddElement
function
of the underlying
model
(i, E) ;
5. return L:;
LocaIStatesToExpIore(in Returns and
in c : event)
the set of local states at level p.lvl
(2) enable
i.e., all local local local
p : mddAddr,
c. If c is independent
states
: set
which
of level p.lvl,
at this level enable
(I)
: set of int are currently reachable only Condition
c.
of int;
i : int; 1. £ ¢: q); 2. for i = 0 to N[p.lvl] 3.
if p_dw[i]
- 1 do
# (0, O) and
4.
AddElement(i,
5. return
tT;
NewStates(p.lvl,
e, i) # O)then
£);
27
via the considered
(1) is restrictive,
since
path from the root to p
NewStates(p.lvl,
c, i) = {i},
Appendix C. Detailed PseudoCode Routines TILe other
Sethdtial, routines
I Generates
the
local
k : level;
local
q : mddAddr;
local
mddChanged
2.
given
including
some
m : array[1..K]
of int)
: mddAddr
with
the
and
here,
space of a model
state
1. for k=
LocaIStatesEnabIingEvent,
are
MDDgeneration(in
for
new
"Forwarding-arcs"
LocalStatesToEzplore
are as for the upstream-arcs
approach.
ones.
respect to initial state
/71,
: boolean;
and returns
the address
• flag signaling
whether
of the
more
MDD's
iterations
root.
are needed
1 toKdo • the UT is cleared only once at the beginning
ClearUT(k);
3. for k=
1 to K-ldo • the UC is initialized
4. ClearUC(k); 5. for k = l to K6.
Variant.
here and later purged of out-of-date
entries
l do • the FC is cleared here and at the end of each Five
ClearFC(k);
7. q 4= SctInitial(m); 8. PreproeessEvents 9.
• sort events in increasing order regarding First(.)
0;
repeat
10.
mddChanged
I1.
Fire(ll);
_
12.
for k=2toKdo DeleteForwardmg
14.
foreach
until
e satisfying
the downstream
back in. Thus,
local
p, u : mddAddr;
local
pHasOhanged
local
i : int;
cause nodes at level k to become marked
for i = 0 to N[k]
6.
if u _ p--+dw[i]
i);
8.
Remove
9.
pHasChanged SetArc(p,
• update
arc p--+dw[i],
= false
at level k - 1
_
it points to a node
does
point
to a node
marked
for deletion
marked
for deletion
then • p must be removed from
From U T (p ) :
i, u);
in case
• F--_dw[i]
then
if pHasChanged
CheckNode
for deletion
> O then
u 4= UpdateArc(p,
12.
arcs and nodes marked
p has changed
- 1 do
5.
if pHasChanged
forwarding
whether
false;
ifp-+dw[i].Ivl
11.
for deletion.
• flag signaling
• eliminate
_
chain, after appropriately
nodes at level k. This requires to remove these nodes from the UT and to check
might
do
p E T[k]
3.
10.
1 and destroys the corresponding forwarding
: boolean;
pHasChanged
7.
at level k-
arcs from
this procedure
2. 4.
nodes at level k
k : level)
them
1. foreach
non-unique
= k do
= false;
Removes all nodes marked for deletion re-directing
First(e)
event at level 1
q, mddChanged);
mddChanged
DeleteForwarding(in
• eliminate
(k);
event
Fire(e,
15.
if any node changes in this iteration • fire the local macro
13.
15.
• true
false;
• remember
true; • point
p-->dw[i]
the UT before
changing it
not to remove p from the UT again
to the equivalent
node not marked
for deletion
then * this might
(p);
28
mark p for deletion
UpdateAre(in
p : mddAddr,
If q = p--+dw[i]
is not
the forwarding more
chain - after
efficiently,
local
in i : int)
marked
: mddAddr
for deletion, (1) either
or (2) deleting
q is returned.
re-directing
Otherwise,
q's forwarding
q, if one just followed
the
u is returned
- where
arcs to u, so that
last arc reaching
further
it (either
it is the accesses
"ultimate"
node
in
to q will determine
downstream
u
or forwarding).
q, u : mddAddr; 1. q 4= p--4dw[i]; 2. if (q.lvl
> O) and
q---->deleted then
3.
u _
UpdateArc(q,
4.
if q--+in = 1 then
5.
SetAre(p,
6.
ReIeaseMemory
7.
SctArc(q,
8.
return
e : event,
Generates
O, (0, 0));
• q cannot
be deleted,
but its forwarding
be deleted
arc can be set to the end of the chain • u is not marked for deletion
in q : mddAddr,
inout
and inserts the states
k : level;
local
p, q, r : raddAddr; 1. foreach
p C T[First(e)]
2.
if FireFromFirst(e,p)
3.
mddChanged
4. for k = First(e) 5.
foreach
if (p_up
or (p-->dirty)
FireFromFirst(in event and
nodes...
• ...and out-of-date
then
• ...are removed • clear disconnected
do
entries...
from the UC
nodes at level k
(p );
to First(e)
e : event, e starting
- 1 do
• clear
allows
from
in p : raddAddr) node
FireReeursive.
from
forwarding
• disconnected
= @)
or (t-+dirty)
firing
caches
at levels
below
First(e)
Y[k] _ O;
12.
removed
it
do
U C (k, p, q);
p C T[k]
for k = Last(e)
at nodes in the first level affecting
• must clean up in this order for this to work
1 do
or (q-+dirty)
DeleteDownstream
11.
• fire e starting
= O) or (q---_uv = O) or (t-+up
RemoveFrom
10.
and updated.
then
({p, q}, r) 6 U[k]
foreach
is passed through
it
4= true;
7. 8.
: boolean)
the current state space via event e. For any node at level First(c),
do
- 1 downto
6.
9.
mddChanged
reachable from
The flag mddChanged
local
the
for the arc.
hash
If the
£ : set
local
pHasChanged
local
f, u : mddAddr;
local
i,j
p in the
It returns
UT. Moreover,
local
(to
• ...so q can finally
( q) ;
O, u);
q;
calls FireFromFirst.
(this
to q is followed...
else
11.
Union
only arc pointing
return u;
10.
Fires
• the
if q--->in = 0 then
9.
Fire(in
0);
value
node
: boolean UT, satisfying
true
whether
if node node
to be updated).
is not changed,
p.lvl
p was
p is deleted, If the
It propagates
and false,
is removed,
the
work
otherwise. redundant,
change
downstream
If the
node
by calling changes,
or p is re-inserted
is recorded
by CheekNode
in the
p is UT
using
a
UT.
of int; • flag signaling
: boolean;
: int;
be continued
First(c).
if it has become
node
p is left in the
=
changed,
on next
page)
29
whether
p has changed
(continued 1. £ _
LocatStatesToExplore
2. pHasChanged 3. while
• choose any element
PickAnyElement(£);
5.
f _
FireRecursive(e,p--+dw[i]);
6.
if f _ (0,0>
7.
• f = (0,01
then
u _
9.
if u ¢ p--+dw[j]
• the firing
then
11.
Removc
12.
pHasChanged
13.
if NewStatcs
14.
SetArc(p, if pHasChanged if p---+caehed
18.
CheckNode
if e could
not fire
from i when
firing e
• remember
true;
not to remove p from
changing
it
the UT again
• if e is still enabled...
e, j) _ _ then
(First(c),
to p in this call
• we must remove p from the UT before
From U T (p); _
of e added new states change
• ...j
L:);
will have to be explored
(possibly
again)
j, u);
then
p----_dirty _
• cache entries
true;
referring
to p are invalidated
• put p back into the UT, or delete it
(p) ;
pHasChanged;
FireReeursive(in
e : event,
the address
temporary
if e is local
then
17.
return
• this is the first
then
AddEIemcnt(j,
15.
if and only
• j is a local state reachable
do
it from L:
p--_dw[i]
Union(f,p--_dw[j]); if not pHasChanged
10.
dependency
enable e
i in L: and remove
• this call returns
foreach j E NewStates(First(e),e,i)
8.
Returns
potentially
E _ _ do
i _
19.
• get all the local states that
(p, e);
page )
_= false;
4.
16.
from previous
in p : mddAddr)
: mddAddr
of a node representing
of e on levels node t in-place.
above p.lvl.
the set of states FireRecursive
Because redundant
reachable
propagates
nodes are preserved,
from
work
S(p)
only
when event
downstream,
the returned
value
e occurs,
ignoring the
since it only
changes
is guaranteed
a
to be in the UT
and at the same level as p, unless it is 10, 0). local
: set of int;
local
r, t, f : mddADdr;
local
i,j 1
: int; if p.tvI
2.
< Last(c)
return
3. if LookUpInFO(p.lvt,p, 4, return r; 5°
• end of the
then
r e= CreateNode
(p.h,l,
r) then
i *= PickAnyElement(£);
9.
f _
• f = (0,0)
foreach j E NewStates(p.Ivl, u _
13.
if u ¢ r-+dw[j]
Union(f,
16. r _
18.
InscrtInFC
19.
return
node t
enabling
e
then
• the firing
AddElement(j,
£);
CheckNode(r);
i in LZ and remove
it from £
reachable from p-_dw[i] if and only
if e could
via e not fire
e, i) do
c,j)
SetArc(r,j,
17.
local states
r_dw[j]);
if NewStates(p.lvI,
15.
any element • find states
then
12.
14.
the set /_ to all reachable
• choose
Fi,eReeursive(_',p---_dw[i]);
if f ?_ (0,0>
11.
• initialize
e);
do
8.
10.
• create a temporary
(0, 0));
6. £ *= LocalStatcsToExplore(p, 7. while£#_
recursion
p;
of e in p-_dw[i]
added
new states
_ O then • j will
have to be explored
(possibly
again)
u); • since t--rup
(p. Ivl, p_ r);
t;
3O
= _, this cannot cause recursive
deletes
upstream
Union(in
p : mddAddr,
in q : mddAddr)
: mddAddr
computation. Since redundant nodes are kept, the returned Returns the address r of the node representing S(p)US(q), of p and q, unless it is not (0, 0). local
r, u : raddAddr;
local
i : int; 1. if p = (0, 1) or q = 2. if p=
C0,0)
(0, 1) return
and q=
3. if p = q return
(0,0)
5.
return r _
CreateNode
8.
u _
9.
SetArc(r,
InsertInUC(p.lvl,
12.
ifp
13.
if q ¢ r then
14.
p--+cached,
15.
return
_ r then
• record
the result of this
in r
q-+cached,
upstream
union in the UC
• add predicted
InsertlnUC(k,p,r,r);
cache requests
q, r, r);
t-+cached
4= true;
: mddAddr
is not in the UT, is not a replica or a redundant
node p is deleted
pointing
local
q : mddAddr;
local
i : int;
(if it has no incoming
arcs, this
can happen only when
to C0, 0). In any case, ChcckNode
by p. This address
1. if p--_dw[0]
= p--+dw[X] .....
2.
ReleaseMeraory(p);
3.
return C0, 0); then
5.
do
for i -- 0 to N[p.lvl]
6.
SetArc(p,
is guaranteed
node pointing
arcs) or it is marked CheckNode returns
Release
and a forwarding
i.e., never when p the set of states
to be in the UT, unless it is not (0, 0).
p-+dw[N[p.lvl]
- 1] = (0, 0) then with
• this can happen only when p-+in downstream
arcs pointing
• p is redundant,
remove
• disconnect
i, C0, 0));
• deletion
11.
SetArc(p, return
q;
return
p;
_
it, and use u instead old downstream
arcs
(p);
else l_--4deIeted
= 0
to C0, 0), delete it
• p can now be deleted
Memory
10.
arc is placed
is called from FirePromFirst,
= 0 then
if p--tin
to C0, 0), and inserts p in the
for deletion
the address of the node representing
• p is a dummy
4. else if lnsertlnUT(p,q)
14.
the union is computed
• since r--_up ----0, this cannot cause recursive deletes
p : mddAddr)
described
12.
in r
q_dw[i]);
p, q, r);
in it. If it has incoming
13.
• otherwise,
CO,0));
lnsertInUC(k,
that p, which
8. 9.
result of the union is returned
r;
UT. Otherwise,
7.
• if found,
i, u);
r 4= CheckNode(r);
initially
cases first
- 1 do
Union(p-_dw[i],
11.
is a dummy
special
C0,0);
p, q, r) then
(p.lvl,
10.
Ensures
• deal with
(0, 1_;
return
r;
7. for i = 0 to N_v.lvl]
CheckNode(in
to be in the UT and at the same level It uses and updates the UC to speed-up
q:
4. if LookUplnUO(p.lvl, 5.
value is guaranteed where p.Ivl = q.lvl.
true;
of p must
• mark
0, q);
• record
p for future the
be delayed deletion
forwarding
arc
else • p is a distinct
31
node and was inserted
in the UT
SetAre(in
p : mddAddr,
Sets the i-th count,
in i : int,
downstream
arc of node p to n, while
f the incoming-arcs
local
in n : mddAddr) at the same time maintaining
count of the old node p-_dw[i]
consistency
becomes O, this node will
with
the incoming-arcs
be removed later.
o : mddAddr; 1. o _
• old node pointed by downstream • re-direct downstream
p-_dw[i];
2. p---_dw[i] 3. if n.Ivl 4.
_
• no need to keep track of (0,0)
¢ 0 then
n-+in
5. if o.lvl 6.
n;
_
n--_in
+ 1;
• increase count
• no need to keep track
_ 0 then
o-+in
_
DeleteDownstream
o-_in
- 1;
• reduce count of upstream
If node p has no incoming
local
q : mddAddr;
local
i : int; 1. if p-+in
arcs, this
3.
for i -- 0 to N[p.lvl]
routine
removes
p from the UT and deletes
q _
5.
if q.hpl > 0 then
6.
SetAre(p,
7.
Delet e Downstrearn
p--rdw[i];
k : level,
ato level-k false,
local
p : mddAddr;
local
i : int;
• disconnect
i, (0, 0));
ReIeaseMeraory
(q);
_
in initial
: mddAddr)
8.
to q arcs
: mddAddr
O;
3. fori=OtoN[k]-ldo
initial-+in
7. p--_caehed,
old downstream
node returns with allits the entries Itinalso dw updates initialized the toincoming-arcs initial, in initialized zero,initial. flags and address. count fortonode
4. p--+dw[i] 5. if initial.lvl 6.
arc pointing
• check if q still has incoming
(p);
AIIocateMemory(k);
2. p--_in
it, after having recursively examined
do
4.
1. p _
or {0, 1)
arcs for old node
= 0 then
RemoveFrornUT(p);
Allocates initialized
of (0,0)
arcs.
2.
CreateNode(in
or (0, 1)
arcs for new node
(in p : raddAddr')
each of its downstream
8.
of upstream
arc arc
4== initial; > 0 then _
initial--+in
p--+dirty
_
+ N[k];
false;
return p;
32
cached
and dirty
Appendix In the
this
D. section,
Kanban
net
D.1.
Illustration
we illustrate
depicted
into
local
event
macro
(cf. Fig.
6.1).
sa and
subnets,
L-,
the
upstream-arcs
subnet
with
In order
1 to subnet
system
4.
toki,
possesses
of our
algorithul
N = 1 for tile
to apply
Subnet
our
thick,
two synchronizing
the
-- plus
events,
of a small
example,
namely
marking.
MDD-ba._ed
i contains
tredo_, and
by means
initial
approach,
places
p,,
transition and
tsynchl_23
P,,,i, tout_
the
Kanban
pb_ck,,
and
or ti.4
pout,.
where
which
tsynch4_23,
net
is
The
applicable
we abbreviate
s2, respectively.
Given the
variant
right,
of transitions
FI(;. D.1.
In
Algorithm.
Initialization.
consists
Further,
the
6.1, upper
and
four
of
the
in Fig.
Partitioning
partitioned
by
An
this
sequel,
partitioning, we also
{(i4,i3,i2,i_)
each
abuse
Indexing
subnet
notation
of local states
for the Kanban
local
which
has four and
write
states
(I4,Is,
[i4 E I4, i3 E 13, i2 E I2, i_ E I_}.
If/j
I.,,I_),
=
we number
where
{0, 1,2,3},
subnets
Ij
0 through
C {0,1,2,3}
we write
3 as show
in Figure
1 _< j
< 4, for the
and
D.1. set
Ij ----* for short.
TABLE D.1 Transitions macro
event
/1
macro
*
*
*
*
*
*
*
*
*
*
*
*
$
*
*
*
*
*
*
1
2
1
3
0
1
{2,3}
The
initial
state
(initial
{(0, 0, 0, 0)},
which
ically
in the six tables
shown
of the considered the
event
*
{2,3}
marking)
is represented
of our
by the of Table
(on the
left),
event
MDD
D.1,
l.,
net.
macro
event
13
macro
event
14
*
*
*
*
0
1
1
2
1
*
*
1
{2,3}
2
1
*
*
*
*
*
*
2
1
*
*
*
$
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
syn.
81
syn.
s2
3
0
0
1
3
0
0
1
0
1
*
*
net
is (0,0,0,0).
depicted
one table
i.e., a set
of the example
Thus,
in Fig. D.2, per
of global
event. states,
Each and
the
left-hand column the
initially side.
global
The
of a table state
{2,3}
reachable net's
states
transitions
contains
resulting
space
an enabling
after
S
is
are schemat-
the
pattern
event
fires
(on
right). In the
following,
of the
Kanban
in the
order
First(14)
net. l_
.............
1;I:_1I I I
t
states
(4, 0) are updated
(4, 0).dw[1])
! I 1 1 I
I1.|_|1
Fireb%omFirst
of l._ is not
scheme
no local
1 I I I I
FIG. D.2.
above
our algo-
routines:
1. Fire(f1),
0 enabling
state
MDD
'LaL__L..J
_
Ilill
t 'L..[.J_.U
I_ q-TTiq
'm FIG. D.3.
Next, Fig.
D.3).
series
the The
synchronizing routine
Fig.
s2 becomes
FircFromFirsl,
called
enable(t with
due
respect
l, event
s2
to
sequence
the
to node
of FireRecursive
calls:
1. FireRecursive
(2, .s2, (2, 0)) = (2, 1) and
(2, 1).dw[1]
= (1,0)
s:, (3, 0)) = {a, 1) and
(3, 1).dw[1]
= (2, 1)
2. FircRecursivc(3, In
event
Iteration
D.3,
left-hand
it is to complete
the
side,
also
representation
a node
(4, 1) is depicted,
of {(0, 1, 1, 0)},
which
which
is the
3,t
(4,0)
is not new
(4,0)-2-_(3, builds
actually
state
obtained
the
created.
0)--+(2,0>--+(1, o o
MDD
rooted
The
1)5' firing
purpose ._.
at
0)
(cf.
(3, 1) in
of showing
By calling
Union
a
regarding nodes(3,0} and(3,1)= (3,2),ttlenewstateis added to S. {(*, 0, 0, 0), (0, 1, 1,0)}.
Moreover,
node
(3, 2) is linked
as tlle
0-th
to tile
tlle firing.
Since
the temporary
MDD
rooted
pattern
enabling
is disconnected,
it is removed
by the
next
DeleteDownstream
call,
_
_
_'7
D.3.
Second
1 in node
Event
l., fires
reachable
Iteration.
(2, 1). twice
state
(cf. Fig.
space
In the
However, D.4,
tile
second
right-hand
Iteration
iteration,
exploration
from side)
the
first
and
adds
the
for computing
new
=
MDD
the union,
iteration.
I_1_1 I 1
LIi............. I I I_111
2, event
local
node
to S U {(0, 1, 1, 0)} to bind
L_.._
,I............ :1 :l _
--%
.... b---i................
/I
I I I
FIG. D.10.
Next level.
to be examined
As a result,
the
I I
are the local
first links of nodes
macro
events
(2, 5) and
_\',A
Iteration
12 and
3, events
13.
Both
{3, 4) are copied
37
I,,I
I I I
12 and la
are enabled in the last
hy a single
two locations
node
at the corresponding
of the array
of dmvnstream
pointers. Theresulting MDDrepresents statespace S =
{(*, 0, 0, *), (0, {1, 2, 3}, {1, 2, 3}, *), (*, {1, 2, 3}, {1,2,
(cf. Fig. D.10).
{3, 2)_-r(2,
However,
no
encoded
Event new
in $.
states
Thus,
i
sl is then
the
enabled
need
to be
MDD
remains
by the sequences adde(1,
since
the
outcomes
1)_+{1, (3, 0,0,
1) and
I 1,1,1,1
event
14 Call fire again
the union
of nodes
{3, 2) and
of the
encoded
by the
set
{3, 2) becomes purged
MDD
(cf. Fig.
D.5. terminates Fig. D.12.
now
from
(3, 4), which
sub-MDD
disconnected
and
stores
the
State
Space.
rooted is deleted
state
respectively,
are
1}.
ah'eady
I(1'1
.........................................
I Ik.[_
space
node
along
(3, 2).
with
3, event
The
{3, 4}, since
at node
,9 =
Iteration
(4, 0).
is node
--'-v-r_'-v-'
_-
F1(_. D.11.
local
0, 1),
5)-:---+(0,
i
_
Finally,
(0,0,
3}, 0)}
3*
{3, 4}--+{2,
_
t ....._; ................................................................................................
[
3
1) and
unchanged.
I ! J lAl_l
......................
0)_+(0,
last
14
three
of its downstream
the suh-MDD
With
rooted
at node
all of its upstream
its descendants
pointers
by a call of routine and
the
replaced
(3, 4} encodes
arcs removed
{(*, 0, 0, *), (*, {1, 2, 3}, {1, 2, 3}, *)},
are
from
a superset
its bag,
DeleteDownstream. third
iteration
by
node The
is finished
D.11).
Final and Note
returns that
the level
root
In the fourth
iteration,
to
representing
1 is empty;
tile the
MDD dotted
node
no new reachable the
final
state
states space.
are detected.
Hence,
the algorithm
The
MDD
is depicted
is redlHldant.
ur7
Ill I i-
....
t___
FIG, D.12.
Final
MDD
representing
t
_
j
the complete
38
reachable
state space
final
in
REPORT
DOCUMENTATION
Form Approved OMBNo 0704-0188
PAGE
i Public reporting burden for this collection of information is estimated to average 1 hour gathering and maintaining the data needed, and completing and reviewing the collection collection of information, including suggestions for reducing this burden, to Washington Davis Highway, Suite 1204, Arlington, VA 22202-4302, and to the OfFice of Management
1. AGENCY
USE ONLY(Leave
blank)
2. REPORT
TITLE
AND
Etficient
3.
DATE
December 4.
per response, of information Headquarters and Budget,
including the time for reviewing instructions, searching existing data sources, Send comments regarding th;s burden estimate or any other aspect of this Services, Directorate for Information Operations and Reports, 1215 Jefferson Paperwork Reduction Project (0704-0188), Washington, DC 20503,
REPORT
1999
TYPE
Contractor
AND
SUBTITLE
symbolic
DATES
COVERED
Report 5. FUNDING
state-space
construction
for
asynchronous
NUMBERS
systems C NAS1-97046 WU
505-90-52-01
6. AUTHOR(S) Gianfranco Gerald Radu
Ciardo
Liittgen Siminiceanu
7. PERFORMING Institute Mail
ORGANIZATION
for Stop
Computer
132C,
Hampton,
VA
NAME(S)
Applications
NASA
Langley
Research
Hampton,
11.
VA
Final
and
Engineering
Center
ICASE
Space
NAME(S)
AND
Report
No.
99-50
10. SPONSORING/MONITORING AGENCY REPORT NUMBER
ADDRESS(ES)
Administration
Center
NASA
/CR-1999-
ICASE
Report
209827 No.
99-50
NOTES
Technical
Monitor:
Dennis
M.
Bushnell
Report
Submitted 12a.
and
23681-2199
SUPPLEMENTARY Langley
Research
AGENCY
Aeronautics
Langley
8. PERFORMING ORGANIZATION REPORT NUMBER
ADDRESS(ES)
Science
23681-2199
9. SPONSORING/MONITORING National
AND in
to
the
21st
International
DISTRIBUTION/AVAILABILITY Unclassified
Conference
on
Applications
and
Theory
on
Petri
Nets.
12b.
STATEMENT
DISTRIBUTION
CODE
Unlimited
Subject Category 60, 61 Distribution: Nonstandard Availability:
NASA-CASI
'T3. ABSTRACT Many
(Maximum
state-of-the-art
reachable
state
asynchronous Decision it fully
system
14. SUBJECT event
In
the
for
this
intelligent the tool
algorithm
the
paper,
models,
Diagrams (MDDs) exploits event locality
that
621-0390
techniques spaces.
algorithm supports is implemented in show
(301)
200 words)
such for
verification we
of today's
develop
as Petri
a new
nets.
The
efficiently storing sets which is a fimdamental
cache SMART,
performs
management and run-time about
one
order
complex
algorithm
embedded for
algorithm
is based
of reachable semantic
states. property
and achieves results for of magnitude
faster several faster
the on
systems
syml)olic previous
work
In contrast to of asynchronous convergence examples than
the
via taken best
decision
diagrams,
state-space
the of
that
analysis
the
state
employs
of their space
of
Multi-_+alued
related approaches, however, systems. Additionally, the
existing
iteration control. Petri net literature
state-space
i15. multi-valued
on
ad_"anced from the
TERMS
locality,
rely
generation
It
generators.
NUMBER
OF PAGES
43
exploration 16. PRICE
CODE
A03 17. SECURITY CLASSIFICATION OF REPORT Unclassified JSN 7540-01-280-5500
18. SECURITY CLASSIFICATIOI_ OF THIS PAGE Unclassified
19. SECURITY CLASSIFICATION OF ABSTRACT
20. LIMITATION OF ABSTRACT
,tandard Prescribed 29B+102
Form 298(Rev. by ANSI
Std
Z39-18
2-89)