Efficient Symbolic State-space Construction for ... - CiteSeerX

5 downloads 0 Views 2MB Size Report
The College of William & Mary, Williamsburg,. Virginia .... of William and. ]_Iary, \Villiamsburg,. \5\. 23187-8795,. USA, emaih. {ciardo, radu. } ...... BRAYTON,. AND.
NASA/CRICASE

+

+

i

t

r

+

I

x

1999-209827

Report

No. 99-50

t !

,

Efficient Symbolic State-space Asynchronous Systems !

Gianfranco

Ciardo

The College

of William

Construction

i

!

i

i

& Mary,

Williamsburg,

Virginia

Williamsburg,

Virginia

,

Gerald

Liittgen

ICASE,

Hampton,

Virginia

Radu Siminiceanu The College

December

of William

1999

& Mary,

for

m

The NASA

STI Program

Office...

in Profile

[] CONFERENCE

Since its founding, NASA has been dedicated to the advancement of aeronautics and space science, The NASA Scientific and Technical

Collected papers from scientific and technical conferences, symposia, seminars, or other meetings sponsored or co-sponsored by NASA.

Information (STI) Program Office plays a key part in helping NASA maintain this important role.

SPECIAL PUBLICATION. Scientific, technical, or historical information from NASA programs, projects, and missions, often concerned with subjects having substantial public interest.

The NASA STI Program Office is operated by Langley Research Center, the lead center for NASA's scientific and technical information. The NASA STI Program Office provides access to the NASA STI Database, the largest collection of aeronautical and space science STI in the world. The Program Office is also NASA's institutional mechanism for disseminating development published by Series, which types:

the results of its research and activities. These results are NASA in the NASA STI Report includes the following report

TECHNICAL PUBLICATION. Reports of completed research or a major significant phase of research that present the results of NASA programs and include extensive data or theoretical analysis. Includes compilations of significant scientific and technical data and information deemed to be of continuing reference value. NASA counter-part or peer-reviewed formal professional papers, but having less stringent limitations on manuscript length and extent of graphic pre sentati on s. TECHNICAL

MEMORANDUM.

Scientific and technical findings that are preliminary or of specialized interest, e.g., quick release reports, working papers, and bibliographies that contain minimal annotation. Does not contain extensive

analysis.

CONTRACTOR

PUBLICATIONS.

TECHNICAL TRANSLATION. Englishlanguage translations of foreign scientific and technical material pertinent to NASA's mission.

Specialized services that help round out the STI Program Office's diverse offerings include creating custom thesauri, building customized databases, organizing and publishing research results.., even providing videos. For more information

about the NASA STI

Program Office, you can: Access the NASA STI Program Home Page at http://www.sti.nasa.govlSTlhomepage.html • Email your question via the Internet to [email protected] • Fax your question to the NASA Access Help Desk at (301) 621-0134 •

Phone the NASA Access Help Desk at (301 ) 621-0390 Write to:

REPORT.

Scientific and

technical findings by NASA-sponsored contractors and grantees.

NASA Access NASA Center 7121 Standard Hanover, MD

Help Desk for AeroSpace Drive 21076-1320

Information

|

U

NASA/CRICASE

1999-209827

Report

No. 99-50

Efficient Symbolic State-space Asynchronous Systems Gianfranco

Ciardo

The College

of William

Gerald

Liittgen

ICASE,

Hampton,

Radu The

Williamsburg,

Virginia

Williamsburg,

Virginia

for

Virginia

Siminiceanu College

Institute

Computer

Langley

Hampton,

& Mar?/',

Applications

Research

Center

Universities

Space

in Science

and

Engineering

VA

Operated

National

of William

for

NASA

Space

& Mary,

Construction

by

Aeronautics

Research

Association

and

Administration

Langley Research Hampton, Virginia

December

Center 23681-2199

1999

Prepared for Langley Research under Contract NAS 1-97046

Center

Available

from the following:

NASA Center 7121 Standard Hanover,

for AeroSpace Drive

MD 21076-1320

(301) 621-0390

Information

(CASI)

National

Technical

Information

5285 Port Royal Road Springfield,

VA 22161-2171

(703) 487-4650

Service

(NTIS)

EFFICIENT

SYMBOLIC

STATE-SPACE

CONSTRUCTION

ASYNCHRONOUS

GIANFRANCO

Abstract. rely

Many

on the

generation

is based

on previous

of their of the

states.

fundamental

semantic

cache

algorithm

performs

Key

words,

Subject 1.

about event

locality,

Introduction.

mathematical

faster

However,

state

systems

memory.

One contributing

is potentially

exponential

state-exploration

In the literature,

whether

sets

Explicit state

to store these

two

techniques

represent

corresponds the state

space

explicitly

in their

or partial-order

techniques

prove

advantageous

such

especially state

*This while Langley

spaces

work

the

was

authors Research

t Department {ciardo,

radu

$ICASE,

very large,

is the

algorithm storing

locality

state-space

in the

show

that

the

generators.

is linear

state

the application

techniques,

too large

inherent

space

components.

of rigorous

including

under

to fit in a workstation's

in many

embedded

systems,

concurrent

Consequently,

research

exploration

many

and

storage

which

mode]

consideration.

of an asynchronous,

are considered,

spaces

of very

differ

from

of the

techniques

to reduce

system's

tables,

states,

states.

with

system efforts

large

each

in

state

other

by

fllrther.

of Markov

where needed

in practice

since state

to behavioral

spaces

analysis

or graphs,

the memory

which

However,

respect

the sizes of state

in the numerical

hash

[3, 6, 10, 13]. Thus,

a few million

minimization

if one is interested

by trees,

structure

number

at most

[11] may be applied

of systems

data

in the

having

form,

sometimes

concurrency

directions

requires

of these

equivalences Explicit

processes

limits

spaces

are [12]

techniques defined

over

[16].

supported were

in

Center,

by

the

residence Hampton,

of Computer

Science,

National at the VA

Aeronautics Institute

23681-2199,

P.O.

Box

8795,

and

for

Space

Computer

Administration

Applications

under in

Science

NASA and

Contract

Engineering

No.

NAS1-97046

(ICASE),

Stop

132C,

NASA

Langley

Research

NASA

USA. College

of William

and

]_Iary,

\Villiamsburg,

\5\

23187-8795,

USA,

} _lcs.wm.edu. Mail

is a

intelligent

It is implemented

net literature

sets

which

or symbolically.

of the underlying

systems

natural

The

supports

state space of the system

on the efficient

the reachable

small

for the

exploration

systems

the size of the state

research

explicitly

of a system

to fairly

event

control.

existing

Many

of the reachable

concentrated

to an entity

nets.

algorithm

the Petri

systems

algorithm

for efficiently

exploits

state-space

embed(ted

of its parallel

principal

are stored

techniques

encoded

in the number

of states

as Petri

the

the best

behavior.

to this problem

have

than

diagrams,

are usually

[20]. In fact,

techniques

spaces.

each

factor

fi'om

embedded

a new

(MDDs)

it fully

iteration

taken

faster

proper

construction

nets

Diagrams

via advanced

of today's

[8], rely on the automated

by Petri

such

Additionally,

examples

complex

we develop

models,

f

Science

checking

such as specified

SIMINICEANU

of today's

however,

decision

to their

of real-world

system

systems.

convergence

The high complexity

spaces

RADU

paper,

Decision

of magnitude

to testify

In this

approaches,

for several

Computer

techniques

spaces.

multi-valued

AND

for the verification

of asynchronous

one order

classification.

L('_TTGEN:_,

Multi-valued

to related

results

SYSTEMS*

of asynchronous

employs

property

run-time

state

space

and achieves

and

GERALD

techniques

state

In contrast

management SMART,

t,

reachable

work that

of reachable

tool

state-of-the-art

analysis

symbolic

CIARDO

FOR

Center,

Hampton,

VA

23681-2199,

USA,

e-maih

]uettgen¢_icase.edu.

emaih

Symbolic use

Binary

into which of state al.

techniques Decision state

spaces

spaces

[22] for the

for Petri

nets

is based

on the

using

of the

of Petri

has been

nets

only a single

integer

variable,

Experimental

results

larger

spaces

of size

1060

some

of these

state

1000 philosophers, while

symbolic

techniques

a memory-bound The

objective

techniques since

interleaving,

of this

many

fires.

it has been largely

ignored

on

but

event

locality,

support when

direct

jumps

a transition

update state

of the spaces

MDDs

data

structure.

is about

one order achieved

order. state

The remainder structured

state

of event

locality,

Details and

8 refer

Finally, the

of the

variants

to related

Appendices

algorithm

are work

techniques.

this

concept, MDD

it. does

Only

essentially

by employing

However,

dining

of even

the tiine

needed

[22], with

of 75 tokens.

of symbolic

state-space

net

traditional

philosophers count

but

of a Petri

generation

Thus,

shifts

from

only

not

consider

[19], it fully

The

management,

faster event

locality

is organized

spaces which

and

and present

and

MDDs.

induces

Sees.

only

our conclusions pseudo system.

in [19]. a small

tool

3 and

4 focus

on several

our new MDD-based

Sec. 6 discusses

some

as well as directions code of our

[5] and

algorithm,

reachable

events

in

is applied

to

improvement

space

issues,

algorithm

while

is

efficiency.

some background

for future

a local

this algorithm

this

performance

not

it introduces

out. that

conceptual

[5],

[19], it uses

by firing

regarding

provides

the

Moreover,

1Remarkably,

does

finishing

in [19]. Like

SMART

the

to be updated

upon

It. turns

overhead

section

approach need

convergence

only

when

in [19] touches

for building

locality.

faster

in the

The next

MDD

described

Pet.ri net models.

for deriving

in Sec. 5, while

example

achieves

one presented

as follows.

the detailed

for a small

also

this that

algorithm

event

is implemented

the

are essential

presented

exploits

of well-known

than

a new

on the algorithm

and

new algorithm of a suite

develops

that

or

techniques

presented

particular,

of the

means

generation

submarkings

out

locality,

to be updated

approach

In

interesting

of event

locality

need

state-space

to the

jumping

unlike

spaces

paper

event

transition

superficially.

corresponding

the concept

for example,

in explicit

generation

This (:lass is especially

exploits

the MDD-based

spaces;

A C contain

step-by-step

encodings

MDDs

subnet

state-space

systems.

nets,

has been investigated

of the

cache

efficiency

by a given

is based

of this paper

the

In Petri affected

which

of magnitude

regarding notion

systems.

present

by exploiting

spaces,

Our approach

The

for

[15].

token

et

generation

the representation

nets.

for the an initial

state

time

systems,

state

predefined

[6], with

asynchronous

systems.

subnets

locality

part

on the

namely

software

Similarly,

mechanism

tlle reachable

larger

is to improve

it exploits

fires.

explore

and larger

in symbolic

to the

for representing

a specific,

to store

enables

regular

minutes

system

to the

of asynchronous

an intelligent

mainly

paper

event

for particularly

efficient

of an entire are built

sizes

not rely on BDDs,

(MDDs)

state

[1],

t)5' Pastor

state-space

in [19] does

this approach

fl'om several

applied

symbolic

of the subnets

for the Kanban

in asynchronous

Whereas

states

10600

the

approaches functions

manageable

subsequently,

Diagrams

encode

spaces

and,

the

were first

Recently, taken

Decision

symbolic Boolean

pushed

BDDs

nets

[21].

[19]. The approach

ranges

class of systems,

belonging

Petri

Most

problem.

embedded

inherent

sub-markings

transition

hours

of safe

investigated

the state

space.

representing

techniques

net community,

in [19] show that

even

spaces

are able

for a particular

it includes

those

and

to a time-bound

of BDD-based

of Multi-valued

where

in sublinear

for efficiently

one to efficiently

reported

state

to several

sets

were

improved

allow

techniques.

to generate

BDDs

concept and

sets

structure

The advent

reachability

into

general

functions

reachability

as data

[4]. Ill tile Petri

significantly

more

integer

(BDDs)

1020 states

generation

classes

one to store

can be mapped.

to about

for other

represent

alh)w

Diagrams

material based

on

in two variants. results. work,

Appendix

Secs.

respectively. D illustrates

7

2.

Structured

introduction

State

and defines

2.1.

Structured that,

however,

Thus,

we interchangeably and

Consider The

a Petri

interleaving

state,

semantics

s to another

from

state

s via event

Petri

nets,

A ,' is essentially

one element. exploring set that

state

of Petri

into

a simple

fundamental solution

state

the

set

of structured

s has

requirement,

which

models

[7]. The

of L" local next-state

flmctions,

all e E g and

s C $.

in practice,

_\.

space S_, = {sk,0, sk,l,...

E N is the

additional

number

states

for example

expressed

p-invariants

In reality,

[20].

set $ of global

Once

states fs:

Sk has been

can then {0,...

Multi-valued

are data

structures

I: {0,... ,NK K, 5I

a Boolean Another

E Nand

function, special

Traditionally, side,

shows

-

1}

case,

where

integer

the decision

MDDs

coincide

functions tree

of the

defined

k_>

of the it with

in

as the smallest relation,"

the net

into I_" subnets

of a global state

partition

of _o must

approaches

characteristic

are often

represented

minimum

function

that

its reachable

explicit correct

where

insertion

of

computation

e.g., obtained

set {0, 1,...,

as the

x ._"1(c, s l ) for

techniques,

the

the

by employing

5\. - 1}.

Moreover,

a

,N1 - 1} ---+ Such

{0,1}

characteristic

flmctions

can

sections.

Decision,

Diagrams

[15], or MDDs

for short,

of the form ....

,N

21I = 2and

the better

the

Sk,

, Sl) E $.

{0

require

"true"

{0,...

functions x..-x

such

to allow for the

a

for computing

by traditional

might

satisfy

A" to be written

enough

s

function

in the following

1. When

with

this

- 1} x---x

1}

For

at most

teachability

for function

places,

characteristic

integer 1 -

reachal)le

s) contains

a partition

The

be small

that

implicit

Multi-valued

-_r/__1, fimction

Binary

Decision

mentioned

where

the

Diagrams

in the previous

by value tables or decision min(a,b,e),

,__I

trees.

variables

(BDDs)

f is [1, 2].

section.

Fig. 2.1, left-hand

a, b, and c are taken

fromtheset{0,1,2}. Hence, K

= 3 and NI

= .N½ = N3 = M = 3. Each

an oval, is labeled

by a variable

and has arcs directed

to the case where

the

of tile node

given

variable

level of tile tree

ordering,

which

or 2. Each value

from the

leaf in a given

to a leaf node

path

is the value

2

I

0

An MDD merged.

is a representation

More

node.

precisely,

A node

children

is considered

are identical.

provide

a canonical

implies

that

arcs

representations

trees.

However,

to l, at

the

bottom.

to the values

table,

K hash

to provide

tables

which

at level k consists

Since

we enforce

of an array

In the following,

nodes.

Note that

we let

we could

the level of a node

the node use nodes

very useful q stored

(0, 0) and

1, indicating

an MDD. node

property,

lvl-th

(0, 1) to indicate

0, 1, The

for this

path.

the

type

table

for representing

at position

the Boolean

values

ind,

tables

from

either

nodes node

0 in a is 0.

or decision

K,

at the

or both

leaf

In practice,

at a given

Hence,

as unique

to compute mddAddr

type

write

for the i-th child

1 at level 0, respectively.

Each

of the node. value

of the

require

of our data

we often

within we have

of addresses

but this would

organization

nodes

table.

the hash

the

top,

however,

level are stored nodes.

structure

simplicity,

and q_dw[i]

0 and

ranging

or not.

MDDs,

the level-wise

For notational

MDDs

is 0, whenever

the arcs to the children

array and

a to leaf

value

of non-unique

contain

of nodes

furthermore,

of this paper. table

is reachable

of this

that

of redundant

node

contains

of the nodes

which

ensure

if all its

ordering.

in levels

0, which

are

or redundant

and to be redundant

of the function

variable

subtrees

any non-unique

corresponding

detection

identical

requirements

We also refer to this data

addresses,

denote

their

a state

to simplify

where

0 connecting

nodes

level

we use the value

of mddNode;

unique

MDD

The addresses and

also use a single unique

as part

by either

the elimination

the value

on the chosen

special

two

that

with

than

whether

explicitly. to them

for the purposes

in the

is the

that

compact

We organize

there

mddNode

variable

to values.

node,

these

arc labeled

depends

of _.

at a

are labeled

graph,

of another

[15]. Note

means

more

MDDs.

represent

the reducedness

node.

will prove

b and c. This

nodes

all nodes

of the variables

do not contain

ordering,

the

access

together

node

store

these

by

corresponds

the tree have the same

to the assignment

acyclic

which

if it is a replica

For example,

0 and

fast

trees

functions

Additionally,

is no need to store

a hash

for

as directed

a fixed variable

of compactness

Structures

corresponding there

degree

tree

of integer

can be exponentially

the

Data

with

side, skips levels

MDD

2.3.

Together

i. Moreover,

by squares,

respect

is depicted

as decision tree (left) and as MDD (right)

decision

to be non-unique

can skip levels.

Fig. 2.1, right-hand

of min(a,b,c)

are reduced

representation

with

which

2

of a decision

MDDs

through

depicted

of the function

node,

The i-th branch

value

to an assignment

2

FIG. 2.1. Representation

is assigned

nodes,

corresponds

internal

children.

i.e., all paths

is a < b < c. Leaf

root

its three

consideration

by the same variable,

in our example

path

of the

are labeled

under

towards

of us to

structures (lvl, ind)

for

of q. Finally,

we

TABLE "Union"

Union(in

p : rnddAddr,

1. if p= 2. ifp

in q : mddAddr)

(0,1)

orq=

= (0,0)

3. if q = (0,0)

5.

if LookUpInUC(k,p,q,r)

6.

r _:

7.

for i--0

• deal with

(0,1);

• maximum return

• if found

r;

• otherwise,

the union needs to be computed • for the i-th

then

u _

Union(p,

then

u _

q);

• q is at a lower level than p • p and q are at the same level

else u _

Union(p-*dw[i],q-_dw[i]);

SetArc(r,

i, u);

r _

13.

InsertInUC(k,p,q,r);

• record

14.

return

r;

• return MDD

The

Union

MDDs

its arguments.

levels

the

when

finishing

of the

argument

Tim encode

base the

of the

cases

empty

Otherwise,

8 and

9).

for computing

algorithm,

which

is the

the q has node

ofp

to

set,

some ensure

the unique

many

other

table binary

child

might

MDD,

subnets.

While

this

"good"

partitions,

reachable

and

state

can i.c.,

substate

for a detailed

that

be lead

discussion

be

then

returns

it.

Note

such

as

from when

to the

lowest

level

0, and

0 to level

k.

the

represented

done

automatically,

to small of issues

MDD

MDDs

to check in

the

of the

namely

node

shows

if it

child,

returns

2.i

a naive,

can

calling

As

sK-l,...

requires

us to

it is still

an open

problem

be

easily

and

to

adapted

MDD-based

how

earlier,

is stored

partition

state

fimction

CheckNode

explained , sl)

this

(cf.

1 3 accordingly.

iterative, net.

the needs

if r is equivalent

Lines

of reachable

one

7"/. Otherwise,

in Table

(sK,

building

is redundant

by

and

(0, 1} union

is returned.

However,

r is checked r's

by a Petri s =

ll).

the

cache

by recursively

Lines

1)3' modifying

partitioning.

result

(0, 0) and

whether

7

r and

representations

regarding

the

the

maximum

3,_. (of.

state that

the

stored

returns

2.2

so a global

is used

result

algorithm

Table

that

is determined

destroys

recall

1 3, where

represented,

Construction.

Please

the

Note

builds

have.

cache

child

space

level.

can

intersection,

of a system

represented

MDDs,

r and

that

sets

is adapted

is reduced,

CheckNode

of the

is needed

in turn

explicitly

MDD

algorithm

spaces

argument

in Lines

i-th

state

that

all 0 < i
0, a union

computed

at level

one

MDDs

the

Union

representing

recursively

from

level

as

in the

the

for generating

child of r

it in the unique

union

representing

represented

to the It

argument

respectively.

been

and

that

Finally,

highest

are

store

the result of this

operation

MDD,

2.1.

ascending

function

full

essential

similar

Table

k of the by

recursive

fact

in

level

An

is very

is shown

recursions

and

of the

to

a new

MDDs

child

to build

levels

returns

[2],

MDD-based

space

and

the

r in the

MDDs.

as parameters

r' having

node

2.5.

all sets

Since

If r is redundant,

node

algorithm

context

of the

of the

CheckNode(r).

inserts

in our

MDD

i-th

care

another

sets.

p and

a new

of the

take

on

maximum

set

arguments

union

Operation

This

from

and non-redundant,

• if r is unique

algorithm

descending MDD,

• make u the i-th

CheckNode(r);

on

in r

child do...

• p is at a lower level than q

q--*dw[i]);

Union(p-4dw[i],

11. 12.

two

of the levels of p and q

in the union cache, the result is returned in r

10.

union

the base cases first

q;

1 do

else if k > q.lvl

a BDD-based

reader

return

then

to N_.-

if k > p.lvl

takes

K

: mddAddr

CreateNodc(k);

9.

which

state

MDDs

q.lvl);

8.

binary

Lines

on

p;

k 4= 2IIax(p.lvl,

is the

to

return

4.

2.4.

by

(0,1)

or p = q return

2, 1

operation

Petri

over nets

to efficiently

spaces.

We

refer

the the into find the

TABLE Iterative

[ MDDgcncration(in 1. 2. 3. 4. 5. 6. 7. 8. 9.

The

semantics

procedure

the unique SetInitial.

is fired,

not change, reachable

The

and

spaces Event

which

consideration,

wise,

it is a synchronizing

while

e depends.

e might

systems than

or might

in particular,

K h)r most

notation,

but also improves

Our

MDD Fir.st(c) Union

aim

nodes

between

becomes calls

local

stop

manipulating

these

redundant creating

by "jumping MDDs

depends

to as

e is said k,

at the root,

shown Tile

states.

After

as an MDD

enabled

until

node

Petri

the

MDD

net does

q, representing

that

levels, all local

Last(e)

the

First(e) events

-

and

To benefit

of an MDD, as is done

levels

Last(e)

at levels possibly from namely

in traditional

that

higher levels this

the

lower than

but

k-th

or Last(e)

levels

> k > 1,

For asynchronous significantly

of event e only

smaller

macro

event

rather

including

locality.

causes

only when

Last(e),

we need

First(e),

approaches,

firing

Fi_:st(e),

observation,

to level

on the

lk

does not only simplify

concept

Last(e),

than

and

for level k; other-

into a single

convention

E S

algorithm.

exploit and

of the

and minimum

Last(e).

+ 1, is usually

This

of in-

subnet

e depends

the maximum

and

concept

,. .. , sl)

K >_ k > First(e)

generation

First(e)

the k-ttl

(Sl_,sK-1

for level k are merged

algorithms

via

a local event

First(e)

of reachable

obey.

of the

Otherwise,

denote

between

of our state-space

between

inherently

level k, it is called

level k satisfying

generation

is defined

function.

and

t)lus possibly

new nodes.

root

s k' for all s =

=

of every

of affected

or non-unique,

in the middle"

the

updates

cache.

is stored every

This is done

independent

First(e)

manipulation

levels,

iteration,

interleaving,

is the identity

on any level k strictly

stored

an5" new reachable

systems

to be

if sk

only on a single

[19]. We let

MDD

which operation

to as firing

for the MDD-based

asynchronous

referred

event of level

the efficiency

states

2.2),

Union

consideration

Finally,

[-J_.c_':F_,._t(_.)=t._t (_)=_.._'k (e, ._) for all s E S.

is to define

e affects

which

i.e., if._/k(e,')

e. We assume

._.'_.(It., s) =,if

an event

also

e is independent

tile range

events

wc refer

to the MDD.

Our improvements

An

not depend

which

In each

are discovered.

locality,

subnets.

event

Hence,

satisfying

nodes

of event

or on level k. If an event

on which

states

the

net under

iteratively.

are added

(cf. Table

of e added

m of the Petri

proceeds

Locality.

E ._'(e,s),

firing

Fire applying

is returned.

or independent

. ,s_)

cache,

if the

new states

net,

in procedure

e by appropriately

use of another

then

is sometimes

from

is encoded

nlarking

reachable

of Event

of events

s' = (,_._,sK_l, ' .. subnet,

no more

of tile Petri

rely on the notion locality,

under

the initial

• clear unique table return MDD representing the initial state • start state-space exploration • clear union cache

and

• clear firing cache • truc if MDD changes in this iteration • fire event e and add newly reached states to MDD • keep iterating until fixed point is reached • return MDD representingthe reachablestate space

a flag mddChanged,

the potentially

space

study

makes

The algorithm

Concept

dependence net

tat)le,

i.e., until state

it also

updates

first clearing

under

• build

to tile firing of event

reasons,

additionally

transition

net

at q according

via procedure

state

generation

, K] of int) : mddAddr

of the Petri

rooted

For efficiency

3.

state-space

for k = 1 to K do ClearUT(k); q _ Setlnitial(m); repeat for k -- 1 to h" do ClearUC(k); for k = 1 to K do ClearFC(k); mddChanged ¢= false; foreach event e do Fire(e, q, mddChanged) until mddChanged = false; return q;

the MDD at)ore.

m : array[I,...

"2-.2

Since

updates

a node

but only until

at level recursive

to be able to access than

always

[19]. This

having

of

MDD to start

is the reason

why

wepartitionthe uniquetable,whichstoresMDDs,into a two problems treat

them

need

t.o be addressed

separately

when

in the following

one wants

K-dimensional

to access

array

an MDD

of lists

directly

of nodes.

at some

However,

level First(e).

We

two sections.

First(e)

Last(e)

Explicit nodes need to be inserted in order to deal with implicit roots at level FiJwt(e).

FIG. 3.1. Illustration of event locality and the problem of implicit roots 3.1. should

Implicit

Roots.

intuitively

play

since redundant

to a node

left-hand

side.

modify stores

words,

hnt)licit

roots

through

Last(e),

above

the

q at a level

due

a bag (nmltiset)

In other

most

are not stored.

Conceptually,

the MDD

arcs

deleted

from after

both

of MDDs.

resulting

MDD

from

slight

variation

be detected

event

when

choice

only between

compared

approaches

to the

have some

memory

new

the underlying

eliminates penalty

will become the expensive

potentially

clear need

associated

in Fig. 3.1, we explore

The

first

when

in the

for levels

and

approach to q.

First(e). reach

These

firing

next

to search them,

event

at a level

Note

that

nodes

preserves

at

will be

the reducedness

downstream

arcs

are exactly

c. Please

a canonical

+ 1

it; in our example,

redundant

so that

arcs.

First(e)

to a node

at level First(e)

approach

with

First(e)

arcs pointing

arcs

arcs

approach

of being

as upstream-arcs

tables

at level

nodes,

the nodes MDD

this.

upstream

root.

the first

property

than

of p in the bag of q's upstream

is inserted

redundant

Then,

when

to tile downstream

implicit

explicitly,

is illustrated

for doing

of how many

Thus,

the fundamental

"forwarding-arcs"

former,

same

levels.

of our algorithm

situation

at level First(e)

one or more node,

at this level

not be represented

in the unique

regardless

keeps all unique

exploring

stored

possesses

a redundant

to the

This

roots"

is an occurrence node

per node,

subsequent

still possesses

phrase

each

all nodes

is a node p at a level higher

q, corresponding

are still redundant.

approach,

we need to start

for the

i.e.,

p_ are re-routed

We refer to the two variants the

root,

there

might

are two approaches

node

node

to be inserted

e, if they

of MDDs

the

level First(e),

of them

"implicit

= q, there

by scanning

from

> k >_ Last(c).

these

e. There

p-+dw[i]

whether

Our second

exist

which

needs

p and

firing

property

nodes

arcs in each

i such that

some

whenever

First(e)

of upstream

checking

root

This happens

k satisfying

an MDD

However,

we have to re-insert

If so, an implicit

one implicit

nodes.

of event

can then and

to explore

to tile firing

for each

First(e).

one wants

the role of root

nodes

pointing

When

note

in the all the

that

this

representation.

and forwarding-arcs

approach;

section.

approach,

for implicit the former

The roots.

latter

However,

for the storage

both of the

upstreamarcs,whichcanin the worstcasedoubletile spacerequirements, andthe latter because of the preservation of redundantnodes.Wehaveimplemented both approaches, andexperimental resultsshow that thesememoryoverheads arecompensated by a smallerpeaknumberof MDDnodes,whencompared to the approach in [19]. 3.2. In-place Updates. Onceall nodesat levelFirst(e), can update Fire

the

MDD

implementing

presented there

to reflect

in Table

2.1,

with the

concept

becomes

redundant

to its unique replica

node

difference

as soon just

of event

locality.

or non-unique.

child

node

q. In the

we do not have

itself

might

nodes

be marked

in these

at the next

chains

higher

they

arcs.

operation,

later

are deleted

only after

thus,

of scanning p as deleted

chains

all the events

it points

can arise.

at level First(e)

when

it

arcs be re-directed be re-directed

to the

p only if it becomes

all the nodes

of nodes

in accordance p arises

in level

non-

First(e)

and set a forwarding

to p, so that

level

its parents.

we eliminate

Instead

its own pointer

arcs

creating

At this

MDD,

as

However,

stops

calls.

and its incoming

since p knows

nodes;

operation

of some node

its incoming

we mark

on, forwarding

update

routine

operation,

as needed.

recursive

one

+ 1 to

arc from p to q.

to q instead.

Since node

In our implementation,

have been

q

the

fired and before

nodes

level are explored.

It is important levels,

upstream

and

Fire

Our

Union

in the original

be deleted

be deleted

this is trivial

p, it will update

as deleted

case, p must

states.

on the

inserted,

from

positions

are detected,

reachable

relies

Our

backtracking

with the in-place

we keep redundant

is a costly

to new,

It heavily

approaches.

when

p must

approach,

approach,

time a node accesses

case,

lead

as well as implicit,

appropriately

at the appropriate

In the former

upstream-arcs

and

to existing First(e)

only difficulty

q. In the latter

foi- arcs to p, which

The next

respect

The

c may

in See. 5.1.

are created

level

links the new sub-MDDs

However,

search

with

of event

in detail

nodes

as it reaches

In the forwarding-arcs unique.

the firing

is described

i.e., new MDD

is one important

new MDD-nodes our algorithm

that

this update

explicit

to note

that,

do not jeopardize

although

these

the correctness

in-place

updates

change

of our algorithm.

This

the meaning

of MDD-nodes

is due to the interleaving

at higher semantics

of

w

asynchronous in the

systems

state

literature space

by firing

especially

when

jump

an MDD

event

MDDs

Summarizing, improve

(cf. See. 5.3).

create

are tall and

investigation.

some

simplifications

not support

4. paves

notion

on tile time efficiency

in and out of the

localized

Improving the

present of utmost

4.1.

road

next.

the

approach

An efficient

of MDD

Cache

of the union

Iteration

of MDD-based

(:ache.

In related

The

management

of in-place

locality,

work regarding

state-space

it only

events.

we can

by the event considers

However,

it does

nor for local events.

of event

iteration

locality

control,

of the iteration

for state-space

updates

locality,

are affected

concept

and

organization

algorithms

The technique

events,

Control.

in cache

in the

us to drastically

Exploiting that

to exploit

for synchronizing

reported

states

to our sub-MDD,

allows

in the case of local

as welt as an efficient

Management.

techniques.

claims

current

of levels. that

levels

approaches

the

compared

range

systems

only those

in [19] also manipulations

and

to a small

generation

exploring

existing from

to build

for asynchronous

neither

improvements

for the performance

the efficiency

reported

updates,

reachable

i.e., it is expensive

state-space

management

in-place states

of e is restricted

thereby

Management

cache

MDD,

of MDDs

significant

performing

set of global

locality

of MDDs,

improvements

Cache

Intelligent

of event

modifications

towards

importance

us to enhance

While

the effect

of MDD-based

"middle"

and

than the

e. This is a K-level

it is the

under

Rather

encoding

also

which

wc

control

are

generation.

introduced generation

in Sec. 3.2 allows using decision

diagrams, includitig[19],thelifetimeofthecontents oftile unioncache cannr_t spanmorethanoneiteration, sincetherootofanyMDDis deletedandre-created whenever additionalreachat)le statesareincorporated in theMDD.Inotherworcts, anychange in anI_'IDDnode,i.e.,in its dw-array of pointers, is really implemented as a deletion

followed

In contrast,

in our

stopped

at level

reused

over several

nodes

t)y an insertion. approach

the

where

only

First(c), iterations,

until

in our implementation

thoroughly

(:leaning

ut) the union

flags.

More precisely,

present

in the cache

Experimental

that

the

studies

show

overall

performance

Additionally,

we devise

and

is conceptually

prediction Thus,

Union(p,

two

q).

a second

additional

a significant

at level

k, and

that is the

j ¢ .k'_.(e,i).

to the

set

of states

Union(p-+dw[i],p-+dw[j]),

whi(:h

that

we explore

p has not been deleted,

local

state

i. Hence,

previous 4.2.

in some

Table

2.2.

algorithm firing

computing

for generating

events

starts

all events

our algorithm First(_:)

at level

all states

= k and Last(e)

1 and

This specific of our cache firing the

caches caches

delayed especially

more

By working

selectively,

node deletion

regular

thus, and,

which allows

in the forwarding-arcs

also allows l_fDD-based

we presort

events

that

_> 1, i.e., the

to tile current event

it adds

the

for efficient

iteration,

macro space

in

r at

before.

of iterations

nets

[19, 22] fire

MDDgener_tion

to function from

the

I1. When

initial

Our

state

reaching

by

level k,

e satisfying

events

fire each

in

First(.).

all events

lk at level t: and all synchronizing we repeatedly

cached

the number

by firing

of

However,

computed

for Petri

event

result

again.

7 of function

p

e is enabled

r) = r. By having

can be reached

state

e in node

and assuming

find out that

according

reason

at p-+dw[i]

r bc the

explicitly

for

that

event

affect

at level k,

new states. for the correctness

tile bottom

contributes

of event

r.

entry

The

.XIDD rooted

us to reduce

in Line

the

the firing

algorithms

as indicated

Last(e)

is essential

extending

approach.

locality

in our imt)lementation,

from

thereby,

even if it was never

macro

and as long as firing

management.

this

states

= 1 and

events

to Uniou(p_dw[i],

union,

storing

Let

Our

r) will return

Union(l>-+dw[i],p--_dw[j])

for the

can be added

Moreover,

_

is identical

Existing

that

of firing

p-+dw[j]

architecture.

to 12_.

At the next

10% and

on prediction

by up

consequently,

later

this idea.

is based

Union(q,

at p-+ dw[j].

of p-+dw[j].

p again and,

iteration,

searches

rooted

at)out

employing

after

by the

and

and reused

averages

of

according

is not deleted

cache

of computer

we are exploring

flag. Instead

purging

entry

r) and

immediately

encoded

to be ._IDD

which

our algorithm

of states

however,

_> 1, i.e., the local

sequence

is more

each

First(e)

only level k and any level below. as long as it is enabled

spaces.

within

cache,

by tile MDD

Event

of MDDgeneration,

e satisfying finds

state

order

In our version then

Control.

reachable

arbitrary

set

the update

we can avoid Iteration

in the

cache,

field

entries

union

entries

Union(p,

speeds-up

c in node

p-+dw[j])

in the also

the new value

event

Union(p-+dw[i],

iteration,

Advanced

needed

becomes

for the union

Assume

the

encoded

we need to perform

if p has not changed, the

following.

Then,

cache

in the cache

cache

c, is

For this purpose,

a selective

by up to 13% when

r, then

this heuristics

union

an event

flag and a dirty

a union

be kept

studied

can be memorized

improvement

to be added

caches

some

by firing

or deleted.

a cached

of union

technique

q) returns

permits

with

may

can be improved

to associative

indicate

assume

result

of reusability

optimization

caused

we can now perform

associated

the

the rate

if Union(p,

results

Experiments

node

root,

changed

namely

each iteration,

stale,

the

This

are either

bits attached,

of our algorithm

very similar

for such

needs

us that

towards

is updated. nodes

if an MDD are not

relies on the fact that

these

a pointer

the referred

cache after

if the on.

of changes

have two status

to tile above copies

"wave"

lifetime

levels to the top levels, of cache

to higher

collection

and efficiency

entries.

hit ratios.

and removal

of the implementation

we can clear

Moreover, Our

the

firing

of non-unique

the union

access

sequence

pattern

and to

also enables

and disconnected

nodes,

In [19],repeatedlyfiring eventsis onlyappliedfor localevents,whicharerelati('elyinexpensive to process, whilesynchronizing eventsarestill firedonlyonceandin noparticularorder.Westressthat while the newiterationcontrolmeansthat ouriterationsarepotentiallymoreexpensive thanthosein [19],they arealsopotentiMlyfewer.Moreprecisely, ouralgorithmgenerates statespaces in atmostasmanyiterations asthe maximumsynchronizing distance of any reachable state s, which is defined in [19] as the minimal number

of synchronizing

5.

Details

events

of the

New

of our new MDD-based We then

discuss

the complete

the

pseudo

required

to reach

Algorithm.

algorittim.

_ from

the initial

state,

In this section,

we present

some important

We first

data

structures

used

code

of the algorithm

illustrate

and,

without

how to update

MDDs

argue

algorithm

finally,

is included

why the

in the first

three

counting

local

details

in response

on both

Please

stale

s,,..=

1it

space:

Event

F1c.

events

Illustration

5.1.

currently-known

portion

behavior

with

example

net is partitioned

respect

0 to 3. Hence, node

of

our

(0,0),

Firing

MDD

nor

any

e.

in every

i.e., First(c) at|d local

= 4 and

state

to 0, 1, and

rooted

[_L_L_I_]

of

Events.

Fig.

5.1 illustrates, each

and

each

arc

the

current

Let

Last(e)

0 at levels

= 2. Hence,

3 and 2, event

node

added

four

Function

state

the local states

Fire(e,-,

depicted

on the

Assume

reached

Fire

states,

downstream

arcs; left

further

the

.) implements

how

local

enabled

representing

example,

possible

for any local state.

net is in a global

algorithm,

to the MDD

has four

space,

event

of our

of a small

the new state

c can fire and

an

iteration

stud,,'.

having

state

"*" stands

if the

are then

by means

MDD

of the form (*, *, 3, 0, 0, *) and that

space:

to firing

each

net under

of them

has six levels, to it.

At

which

set of the Petri

into six subnets,

slate

l I

S,,_.,.t= {(0.0,*,0,0,0). (O,O,O,LI,O),(3,1,O,O,O,O)} in re.sponse

states,

lfl

works.

numbered here,

in Fig. that

we do 5.1,

event

be c is

when firing e is (*, *, 0, 1, 1, *),

described of the

by local

affected

state

subnets

3 at level 4 are updated

1, respectively.

Exploiting sub-MDDs

state

New

MDD-modification

S,.,,,._ = {(0, 0, *, 0, 0, 0), (3, 1, 0, 0, 0, 0)}, where enabled

I I I

1111

by :

reachable

to event

==_

e__(.,.,o,l,l,.)

an

of the reachability

The

not draw

Example

additional

this

from

e enabled

(.,.,3,0,0,.)

of MDD-based

are fired to discover

t

_ k > First(e) " "

.

rLast(¢)

and

let

enabled

in s and

principle

of event

or Last(c)

_'Last(c)'

''

consideration,

> k > _ 1. Then

- 1,-

,rl)c$,for

••

in our

the

global

algorithm

state

in form

_ mentioned

of local

above

_ explicitly,

MDD

explorations

is implicitly

as is clone in related

is the key for improving

inserted explicit

in and

on the performance

algorithm

each

"best"

subnet

Timing)

place

former contains

number

places.

partitions protocol, except

the

in the the

slotted-ring

token

and

nets

at a time.

transitions,

for these

for {P_M_,

Mr},

but

systems

in [19]: we consider

while we split

flexible from The

are

the FMS

and the Kanban

{P_2M3,

M3},

and

(Simulation models

manufacturing

[22], are composed latter

two models,

parameterized

are depicted

two philosophers

two

the one

four Pet ri net

the

taken

the

namely

tool SMA137[

to the

system,

regarding

to ours,

net

tool

at most

one

results

related

Petri

originally

Petri

found

closely

two models,

of places

The

performance

most

[5]. We apply

philosophers, The

a fixed

in certain

several

are implemented

and

dining

we present

with the approach

in Fig. per level

system

{P.zM2, M.,})

by

the

6.1.

To

and

one

into 19 subnets and

4 subnets

PX } for X = 1, 2, 3, 4), respectively.

6.1 presents algorithm

let

This observation

them

system.

i.e.,

tokens

we adopt

In fact,

generation.

per level for the slotted-ring

({p,,x,

set under

terminates

• S.

In this section,

Kanban

subnets,

N of initial

system

is no need to compute

for Reliability

the

safe

taken

number

variants

in [19], i.e., and

reached

implemented

and compare

Analyzer

(FMS),

originally

reachability semantics

Moreover,

state

,rl)

nodes.

Studies.

of our algorithm

system

our algorithnl

generators.

Experimental

also

for the

• , rFirst (e)+l,. s'First(e)'

s _ is. There

to state-space

variants

Markovian

states

global

is directly

of MDD

state-space

and

the

r = (rK,rK-l,---

state

approaches

reachable

_ =dr (rK,..

principle

whenever

of traditional

to the

interleaving

' for all k satisfying st_ = s_,

that

states

interleaving

our MDD

on the

C $ be arbitrary.

,s_)

we may conclude

and

new states

is based

of global

(s_,-,.s_,.__,...

locality

This

adds

of all, it is easy to see that

the following.

s = (sK,sK-1,... s'

First

several

results

[19], obtained

when

and 512 KB cache. of MDD the peak

nodes,

for the

two variants

running

SMART

For each which

of our new algorithm, on a 500 MHz

Intel

as well as the best-known Pentium

inodel

and choice

of N, we give the

is of course

independent

of the algorithm

number

of MDD

nodes

The peak number

of MDD

nodes

allocated

during

and the number

12

execution, of iterations

the

II workstation

with

size of the state used. number

Then,

space

for each

of iterations,

for the upstream-arcs

and

II -'-

WuitLefl, GetLef

....

h

tsjmch

P2_

P2 s

FIC. 6.1. Petri nets used in our experiments: left), and slotted-ring (lower right)

forwarding-arcs reported

approaches

should

introducing

fewer

MDD

we ran, nodes

made

to the core routine

Other

improvements

new algorithm

approximately slotted-ring than

essentially overhead

than

the

Fire,

which

and the

and

the upstream-arcs

already

The

approach,

and

philosophers. except

arcs

the

notion

efficiency.

in [19] indicates nets,

for the Kanban

13

This

to what the system

the peak that,

adjacent

faster,

arises

locality

inherent

contribute

an increase

from

the

on which

node

in

deletion.

structural

changes

in asynchronous

between factor

about the

linear

approach

we comment

systems. 7 lagc,, and

run-times

in speed

to be almost

forwarding-arcs

without Thus,

and with few exceptions

in average

A comparison

number

even levels.

is due to postponed

mainly

appears

where

implies

between

of magnitude

of event

Moreover,

system,

approach

optimizations

in time

FMS

nodes

improvement

our cache

Kanban

approach.

connect

is up to one order

improvement

Kanban

dining

the

forwarding-arcs

ones for the algorithm

for the the

(upper left), Kanban system (upper righO, FM,q (lower

FMS and

in the forwarding

reflects

importantly

for the

all arcs

one in [19].

to tile overall

constant model

except

our new approach

most

up to 22% in total,

dining philosophers

by one for the

nodes,

tile only memory

For the models uses

coincide,

be increased

redundant

our examt)les,

the

"1_23

ranging (in N)

fi'om for the

is slightly below.

for

Since

faster both

TABLE 6.1 Performance

results

Approach N

Philosophers

50

the

degree

more

the

number

(see.) fwd.

28

2

0.02

0.02

0.82

168

2

0.15

0.13

3.32

343

2

0.37

0.36

1.22

1.20

17

45

2

0.03

37

285

2

197

585

2

693

2

300

1.23 x 10 Iss

597

1,785

2

30.88

1,043

2

2.80

2.77 4.40

400

6.10

x 10 _'_°

500

3.03

X

600

1.51 x 10 a76

700

7.48

x 1043s

800

3.72

x 10 S°I

1.85 x 10564 9.18

x 10626

8.29

x _10

60.25

1,393

2

4.52

2

92.17

1,743

2

7.14

6.89

2

121.94

2,093

2

9.33

8.93

4,185

2

181.!2

2,443

2

12.65

12.30

4,785

2

245.76

2,793

2

16.88

16.06 20.29

797

2,385

2

997

2,985

1,197

3,585

1,397 1,597

10313

10

1,797

5,385

2

302.63

3,143

2

21.17

1,997

5,985

2

382.04

3,493

2

26.10

24.94

691

7

1.47

409

7

0.82

0.77

-

60

20

2.73

x 1020

220

4,546

12

33.32

2,328

12

12.74

12.22

30

1.04

x 1031

480

15,101

17

242.36

10,433

17

76.45

75.00

40

4.16

x 1041

840

37,066

22

1,073.64

25,374

22

297.07

293.15

50

1.72

x 1052

1,300

76,308

27

4,228.88

47,806

27

908.40

897.97

5

2.90

x 106

149

433

10

0.26

0.22

10

2.50

x 109

354

15

2.17

x 1011

634

20

6.03

x 1012

25

8.54

x 10 la

10

0.57

239

1,038

15

2.42

599

15

1.05

0.88

1,868

20

6.27

1,109

20

2.83

2.20

989

2,923

25

13.52

1,769

25

6.47

4.83

1,419

4,203

30

26.49

2,579

30

13.01

9.12

55

166.28

73.13

50

4.24

x 101_

4,694

13,978

55

209.96

8,879

75

6.98

x 1019

9,844

29,378

80

980.20

18,929

80

484.93

299.34

100

2.70

x 1021

16,869

50,403

105

2,681.80

32,729

105

1,448.16

845.91

5

2.55

x 10 _

7

47

11

0.08

55

4

0.05

0.05

10

1.01

x 109

12

87

21

1.26

155

4

0.66

0.76

15

4.70

x 10 l°

17

127

31

6.97

305

4

3.90

4.43

20

8.05

x 1011

22

167

41

24.64

505

4

I5.I1

16.76

25

7.68 x 1012

27

207

51

68.71

755

4

44.62

49.12

30

4.99 x 1013

32

247

61

161.49

1,055

4

113.99

123.67

40

9.94 x 1014

42

327

81

628.11

1,805

4

511.44

564.13

50

1.04 x 1016

52

407

101

1,681.96

2,755

4

1,586.32

1,492.21

peak

nodes,

new

algorithm our

models

locality.

importantly, of explored

require

memory

whose

model,

of event

and,

x 1{)_2

time upstr,

13.76

exception,

slotted-ring

it.

2

of our

two

#

nodes

1,185

Kanban

The

peak

(sec.)

397

FMS

an

time

[

x 10125

1,000

again

[

it.

2.47

ring

variants

#

200

900

Slotted

peak nodes

2.23 x 10 al 4.97

approach

new

final

1.86 x 106

100

Our

nodes

[$[

10

in [19]

penalty

parameter

provide For the

these

N

affects testbed

models,

widens per

fewer

is ahnost

a good

gap

nodes

significantly

event

the

where

the

Kanban

system

is

compensated. the

height

for

our

CPU

of the

ideas

times

as we continue fired

MDD

since are

up

to scale-up

is much

1.1

more

MDD,

namely

they to

give

the rise

15 times

the

nets.

contained

in

The our

dining

to tall

faster

philosophers MDDs

than

main approach,

the

reason

with ones for

compared

this

and a high for

[19],

is that to

[19].

When

MDD

than

heights

are

small,

the one in [19], but

such

as for the

the difference

FMS

and

TABLE Timing

results

for

N Approach

in [19] (see.)

Upstream-arcs

approach

Forwarding-arcs

The

results

the number several

(see.)

approach

for the

Kanban

of iterations

reasons

small

depth,

much

pay-off.

a very

proliferation

of deleted

the

reduced

number

late

node

deletion

using

that

drastically

the

results,

see an improvement

of about

might

in cases

be well-suited

thereby

memory

overhead

approach

and to redundant

is ahnost

accounted

leading

Related

Explicit eration

by successively

deserve

have

the result

on Kronecker

0.69

1.16

1.80

5.32

9.54

29.50

73.49

0.37

0.73

1.25

1.94

5.71

10.18

29.96

69.83

examples,

although

poor

compared

to the

2 - N + 1 to 4 due Kanban

net

into

only

the

garbage

garbage

collection

"good"

in Table

cannot

much

than

case

the

cannot

need

too rapidly.

observation

be found

the

of times

model

indicates

with

nodes

It is worth per level,

to N = 20 to

that

automatically

have

Usually,

with one place

to scale-up

a

to the

Combined

number

net,

are

with

contributes

we see how this can backfire.

to [19]. This

partitioning

in this

bin grows

reduces

There

to an MDD

approach

of the Kanban

We only

leads

locality

collection in bulks

partition

respect

four subnets

20

control.

the end of the iteration.

system,

6.2.

iteration

forwarding-arcs until

15

for our other

to exploit

in the

destroyed

approach,

ones

to our advanced

an), attempt policy

our algorithm

or by hand,

e.g., due

of event

to larger-sized

but not-yet-destroyed peak

nodes,

number

are partitioned

becomes

nodes

more

in case

into

many

beneficial.

The

of the upstream-arcs

in case of the forwarding-arcs

of MDD

in the literature,

nets

locality

MDD

for the generation

suggested

build

its next-state Two

approach,

nodes.

of reachable where

techniques,

state

net into

analogous

may

subnets.

for each state to the

model-checking

[7], which

data e.g.,

possess directly

13].

multi-level

state spaces

spaces

of synchronous

are represented

structures

advantages

either

using

15

suggests,

BDDs. expIMt

structures

space and

structure

under

consid-

efficiency,

various

merging of the

common underlying

in [6] and implemented

by merging

for numerical

on data

the

reported

As the name

[13]. While

of the system

To achieve

exploit

a bitvector

tools

space

data stT'uctures

the approach

one obtained

work

state

[3, 6, 10,

namely

Multi-level

needed

usually

the reachable

function

consideration,

of a Petri

is somewhat

they

is due

techniques

under

in automata-based of states,

as the exploitation

mentioning.

the storage

algebra

been

[19] when Petri

way.

introduced.

special

better

of approaches

iterating

of the system

aims at compressing

in the number

0.46

by the small

generation

on a decomposition

used

3,324.78

which

A variety

systems

bitvectors,

cessfiflly

level)

1,021.53

50 with

and deleted,

or in a symbolic

have been

indeed,

per

233.93

performs

for in practice

techniques

is based

place

111.80

doing

to tall MDDs,

state-space

representation

(one

25.07

a good

in our approach,

Work.

asynchronous

in an explicit

levels

14.02

are not truly

factor

our algorithm

subnets,

and

16

heuristics.

Summarizing,

7.

6.2 wilh

in case of the Kanban

when

faster

overhead.

6.45

the

as shown

is still

10

Clearly,

since

algoritlun

book-keeping

8

from

However,

our

5

are

in our

_'stem,

4

a finer and not. particularly

changes

to insufficient

0.16

which

is beneficial,

noting

0.20

breadth.

of iterations

for removal.

2.42

net

Kanban

due to our increased

3

garbage-collection

nodes,

are scanned

0.77

splitting

large our

Kanban

2

system

First,

Second,

the

1

is reduced

for this. but

(sec.)

the

is not as impressive

merging

common

common

Tim latter methods

technique

analyses,

employed

for explMt

bitvectors

sub-bitvectors

still require

state-space

in [5]

[3];

is also sucspace

linear

e.g., those

based

state

storage.

To avoid

tile

asynchronous techniques

build

ponent,

the

chronous

state

[12].

of the

with repeated overall

state

Symbolic tems

rather

first

applied

by Pastor of safe

introduced

underlying

diagrams,

decision

diagram

i.e.,

necessarily

techniques

a more

namely

safe,

Petri

to store

event

locality

net

introduced

Decision

in [19]

within

show which

that in turn

space

efficiency.

In summary,

when

generating

very large

our

algorithm

is the first

Regarding memory

future

architectures.

This

our

systems,

symbolic

work,

spaces

The

idea

techniques.

to parallelize

our

different

state-space

construction

further

while

chitectures.

Our

algorithm

is particularly

suited

for this

split

parallelization tions

according reported

on networks

to levels.

in the literature

of workstations

Acknowledgments. decision

diagrams

careflflly

proofreading

We believe

[18, 23, 25], especially

for building

are symbolically

Diagrams

are able

our algorithm and

faster

than

small

in the the

one

decrease

of related best

fully

achieves

well-known

penalty To the

able

to different

to store

larger

kind of parallelization

our approach

spaces

in

algorithms

of our knowledgc,

promises regarding

processors MDDs

since

to avoid

and

the

and,

thereby,

on distributed

all data

structures

run-time

distributed-memory

distributed-

penalties

arare for

implementa-

and PC clusters.

We would

like to thank

and on implementations a draft

that

new algorithm

for shared-memory

of MDDs

being

here.

locality.

algorithm

levels

the

MDD-based

with only a relatively

of event

of a

to related

Decision

run-time

node

of

of arbitrary,

of magnitude

the

and

version

in a single

management,

storage

algorithm

encoding

of examples

reduces

of the

Pastor

general

cache

one order

were

[21]. However,

work,

successfully

advantage

The

to previous

results

sys-

they

work,

invariants

carried

Binary

algorithms

symbolic

place

[19], state

an intelligent

about

to speed-up

already

unlike

Analytical

is often

using

is to map

work

in contrast

integrates

variable.

comparison

on previous

one taking

we intend

However,

hardware

[24]. In recent

a very efficient

which

control.

algorithm

improves

presented

As in previous

(MDDs),

iteration

our approach state

paper

such

for the generation

our approach

of this

to

subgraphs

net community,

for a straightforward

a repetition

in systems

our work uses a more

compared

of an asyn-

it is sufficient

(synchronous)

of information

allow

already

systems.

a single node.

an advanced

In contrast,

or

[14].

algorithm

by exploiting

the amount

from

on

hours

traces

of symmetric

aspect

as a Boolean

within

nets

MDDs

Diagrams

in asynchronons

via

community

Work.

of a net

nets

variables.

we have

of asynchronous

information

convergence

of Petri

we refrain

Future

spaces

via Multi-valued complex

exploits

and

state

represented

sections,

a BDD-based

place

encoding

Since

construction

[1, 4, 15, 17]. In the Petri

each

In particular,

several

com-

congruence

[11]; thus, symmetries

of this focused

by parallel

to a behavioral

fact. that.

the explicit

of concurrent, minimization

component

exploiting

an example

space

Compositional

of interest

Techniques

developed

[15, 19], by which

nets.

the

have traditionally

Petri

on Boolean

state

(i)

according

exploit

to avoid

of very large

efficient

MDDs

(iii)

systems

by encoding

can be increased.

Conclusions

Petri

spaces

in the previous

the reachable

faster

nets,

state

logic is still based

decision

not

techniques software

Petri

system

are also

et al. in [22]. This paper

of generating

Cortadella

8.

generation

nets

explicit

i.e., parallel

to tile properties

class.

Petri

stepwise,

techniques

respect

can be used

[9]; colored

on (asynchronous)

sets

is capable

sub-systems

state-space

reachability

with

the

key techniques.

intermediate

of each equivalence

spaces

than

of each

building

three system

(ii) Partial-order

be equivalent

only a single trace

as those

space

when

developed

of a concurrent

the state

may

explosion

have

space

specification system

explore

of state-space

researchers

and minimize

an interface

the

problem

systems,

A.S. Miner

of state-space

of this paper.

16

for man 5' fl'uitful

generation

techniques,

discussions

on nmlti-valued

as well as C(!sar

Mufioz

for

REFERENCES [1] R. BnYANT,Graph-based puters, [2] --,

35 (1986),

Symbolic

Boolean

24 (1992), [3] P.

and

Press, [4]

J.

Hierarchical

pp.

Storage

and

France,

June

CIARDO

AND

[9]

E.

[101 D.

CLARKE,

E.

[14] K.

T.

(CAV

DILL,

The

I997,

Surveys,

Workshop

on Petri

IEEE

Symbolic

HWANG,

pp.

142

Computer

Society

1245 of Lecture

Symposium Press,

(Tools Notes

checking:

for Reliability

1020

and

(IPDS

Timing,

'96),

Urbana-

p. 60.

in 9th International

Evaluation

model

170.

Analyzer

Society

.state spaces,

vol.

Institute

A.

operators

for Computer

Automatic

SISTLA,

ACM

Conference '97),

R.

on Modelling

Marie,

in Computer

for the solution

Applications

verification

Transactions

GRAF,

B.

B. Plateau,

Science,

St.

of generalized

in Science

of finite-state

on Programming

verification

eds.,

Malo,

and

stochas-

Engineering,

concurrent

Languages

systems

and Systems,

S

STEFFEN,

AND

The

model

pp. 279

295. Special

JENSEN,

Coloured

KEMPER,

R.

Numerical pp. 615

BRAYTON,

and applications, analysis

in Computer

Verification

Science,

Verification

Aided

Science,

(CAV

'96),

New Brunswick,

Notes

of Concurrent in Computer

Compositional

Aspects

of Computing,

Spin,

on Formal

vol.

Aided

in Computer

the

LLTTGEN,

checker

Springer-\'erlag,

VILLA,

Theory

for

nets, in Petri

Course,

1987,

G.

issue

Petri

Notes

Notes

in Computer

Ver-

Elounda,

462.

in Computer

vol. 1032 of Lecture

Formal

in model checking,

R. Alur

and

N J, USA,

July

393.

Methods

Problem,

Advanced

system,

390

Partial-order

HOLZMANN,

pp. 450

vol. 1102 of Lecture pp.

symmetry

ed., vol. 697 of Lecture

1993, Springer-Verlag,

.specifications,

T.

Exploiting

'93), C. Courcoubetis,

Murphi

GODEFROID,

(1996),

Computer

Performance

AND S. JnA,

Springer-Verlag,

grams: [16] P.

Computing

1996. AND

FILKORN,

June/July

I_[AM,

ACM

pp. 44-57.

logic specifications,

Greece,

September [151 T.

L.

98 (1992),

the use of Kronecker

96-35,

May

EMERSON,

ification

of an

on Com-

pp. 244--263.

interface

[13] G.

June

and Dependal)ility

1996, IEEE

eds.,

On

Report

the State-explosion

[12] S.

Transactions

in 7th International

and Markovian

Performance

Springer-\%rlag,

TILGNER,

Tech.

T. Henzinger,

[111P.

IEEE

diagrams,

France,

AND

Coml)utation, Simulation

G. Rubino,

1997,

temporal

CLARKE,

1996,

and

for Computer

VA, USA,

(1986),

GSPNs,

St. Malo,

DILL,

.for large structured

Tools

HI.

D.

SMART:

Computer

and

nets,

Hampton,

using

'97),

_{C]_.'IILLAN,

Information

aIte_7tatives

M. Calzarossa,

tic Petri

manipulation,

binary-decision

of superposed

(PNPM

IL, USA, September

Techniques

E.

K.

International

Champaign,

[8]

structuring

AND A. MINER,

in IEEE

[7"] G.

with ordered

Models

CLARKE,

and beyond,

[5] G. CIARDO

[6] --,

function

81 90.

E.

states

manipulation

Performance

BURCH,

for Boolean

691.

pp. 393-418.

BUCHHOLZ, Nets

algorithms

pp. 677

IEEE

Transactions

Methods

in Software

Nets:

Central

254 of Lecture

Models

Notes

Science,

minimisation 8 (1996), on

Systems

An

Approach

Springer-\%flag,

of finite

state

to

1996.

systems

using

pp. 60T 616. Software

Engineering,

23

(1997),

Practice. and Their

in Computer

Properties,

Science,

Bad

Part

I, Proceedings

Honnef,

Germany,

pp. 248-299. AND

,At.

of superposed"

Multi-valued

SANGIOVANNI-VINCENTELLI,

Multiple-Valued GSPNs,

628.

17

Logic, IEEE

4 (1998),

decision

dia-

pp. 9 62.

Transactions

on Software

Engineering,

22

[17] K.

MC_,IILLAN,

Symbolic

Carnegie-Mellon

[18] K.

Model

University,

MILVANG-JENSEN

[19] A. MINER

AND

in 20th and

[21] E.

1999,

541

AND

J.

BDD

package,

'98), G. Gopalakrislman

Palo

Alto,

teachability

CA,

USA,

1639 of Lecture

and

Notes

in Second and

PhD

thesis,

1998,

and storage

Theory

of Petri

in Computer

International

P. Windley,

November

set generation

on Application

pp.

501

using

Nets

col. 1522

512.

decision

(ICATPN

Science,

Confer-

eds.,

diagrams,

'99),

Williamsburg,

J. Kleijn \\-k, USA,

pp. 6 25.

Properties,

analysis

PASTOR,

on Design,

Computer

O.

ROIG,

tion, in 15th R. Valette,

Efficient

CORTADELLA.

Conference

1998, IEEE

[22] E.

nets:

Problem,

and

applications,

Proceedings

of the

IEEE,

77 (1989),

579.

PASTOR

IEEE

col.

Springer-\_rlag, Petri

to the State-explosion

l_:" A parallel

Science,

Conference eds.,

Approach

(FMCAD

Efficient

CIARDO,

International

MURATA, pp.

G.

BDDNO

HU,

Design

in Computer

S. Donatelli,

June [20] T.

Notes

An

1992.

AND i.

ence oil Computer-Aided of Lecture

Checking:

Society J.

Automation Press,

Notes

for

symbolic

in Europe

analysis

(DATE

'98),

of Petri

Paris,

nets,

France,

in

March

795.

R.

on the

schemes

Test

790

AND

Conference

ed., voI. 815 of Lecture

and

pp.

CORTADELLA,

International

encoding

Petri

BADIA,

Application

in Computer

net

analysis

and Theory

Science,

using

of Petri

Boolean Nets

Springer-Verlag,

manipula-

(ICATPN

June

'94),

1994, pp. 416

435. [23] R.

PtANJAN,

J.

diagrams (ICCD [24] O.

t'{OIG,

SANGHAVI,

on '96),

J.

network Austin,

of Petri

(ICATPN

'95),

St)ringer-Verlag, [25] T.

BRAYTON,

of workstations, TX, USA,

CORTADELLA,

checking

R.

nets,

AND A. in IEEE

October

in 16th International

June

AND F.

Autonmtion

Conference

Machinery,

pp. 641--644.

BREWER,

(DAC

col.

on

Press, circuits

on the Application 815 of Lecture

Binary Computer

pp.

358

Design

364.

by BDD-based

and Theory

Notes

decision

model

of Petri

in Computer

Nets

Science,

391.

Implcmentiou '96),

Society

of asynchronous

Conference eds.,

Conference

Computer

lJ_rification

and M. Diaz,

1995, pp. 374

STORNETTA

International

1996, IEEE

AND E. PASTOR,

G. De Michelis

SANGIOVANNI-VINCENTELLI,

of an efficient

Las Vegas,

18

NV,

USA,

parallel June

BDD

1996,

package,

Association

in 33rd

Design

for Computing

Appendix A. Data Types and This

section

purpose

contains

routines

A.1.

• The

the definitions

for operating

Data

types.

type

The data

type

First(e

event

i.e.,

affected that

-

for level

mddNode(k

dw : array

: level)

under

-

cached dirty

: boolean, : boolean,

mddAddr

a 32-bit bits

encode

denotes

Upon

the pseudo level) through

• The unique

of the

(UT),

cache

(UC),

computed

mddAddr),

while

if k = max(p.lvl, tables

dimension

it.

its current

size (more

nodes.

lt[1..k],

with

within

of MDDs

values.

Functions

0 sorts

the events

according

we also use the notation by PreprocessEvents.

e' < e

Note

that

lk. having

the following

is an array The hash

whether

which

fields:

arcs for all K children

referring

level.

In the

to this node.

the cached

is a pair

the level

copies

(lvl, ind)

Ivl of a node,

pseudo

code,

are stale.

represented the

S(p

by

remaining : mddAddr)

at p:

T[1../x']

of heap-arrays,

by pages. procedures

mddAddv),

entry

encode

dynamically

fast

cached

rooted

and release

a cache

node,

that

is a vector

separate

\_

of hash

use a 1024 node

tables,

nodes

and

one hash

node

per level.

page

size.

In

by AllocateMemory(k

These

to the deleted

key of an MDD

one heap-array

are denoted

respectively.

access

q.lvl),

then

of elements

a preset

precisely,

upper

A UC

table

entry

has type

the

reaches

number bound,

is hashed

the

prime

size of the table, smaller

than

_[1../x'], has

(p : mddAddr,

size of a table

to the next

_ th of the prime

(FC),

the triplet

number

to the next

cache

entry

above,

If the

and firing

operations.

_t FC table

mentioned

is less than

than

node

allocation

allows

exists

bits of an address

nodes

UT[1..K],

MDD

of already

of elements

of

are also

the non-deleted table

per level,

is computed

:

accessible nodes.

which

solely over the

store values

dw-pointers.

• The union

For all hash

type

number

and last level affected

the N[k] downstream

there

of an MDD

ReleaseMemory(p:

list which

table

whether

for 7- is allocated

and

to unique

general-

arcs.

by the MDD

MDD

the memory

a linked

pointers

represented

memory

code,

event

is a record

in combination

ind of the

space

: rnddAddr

code,

first

the degree

as integer

of the

imposed

macro

upstream

address

[log 2 K]

for "physical"

request,

In the pseudo

which stores

stores

is a "virtual"

position

the state

index

to the order

nodes

a flag indicating

The first

the

• The storage

which

a flag signaling

type

integer.

for MDD

are encoded the

encoding

the branching

PreprocessEvents

into a single

1)] of mddAddr,

up : bag of mddAddr,

-

as well as some

consideration.

-

• The

order.

e according

k are merged

[0..(N[k]-

of the node

than

Procedure

constant

represents

names

: level return

respectively.

e' is smaller

code,

are the following: integer

of int

event

: event)

level, in increasing

• The type

is larger

is integer,

to their

all local events

precisely,

array[1..K]

event,

first

used in our pseudo

Ix" is a positive

N of type

by the corresponding

to indicate

types

by our algorithm

where

: level and Last(e

Routines.

types.

employed

is [1..K],

for events

: event)

data

types

level of levels

Purpose

of the data

on these

MDD levels. The constant for each level. •Ttle

General

larger

i.e.,

table, than

that

: mddAddr,

store

the results

q : mddAddr},r

Also, for the union

insertions

we enlarge twice

the table

half the current

19

({p

r : mddAddr).

is dynamic,

we shrink

and is not decreased

type

tables

:

cache,

in UC[k].

size of the

number

are hash

The

if it is smaller

than

the

the current

to about

size).

and

table

deletions

table size).

may

to about

twice

If the number

half its current

size (more

size is not increased

a preset

re-

lower bound.

if it

A.2.

Routines

for

• h_serth_UT(in Searches

Managing

p : mddAddr,

UT[p.lvl]

of this node,

r is left unchanged,

an(t the

Removes

p fi'om

ClearUT(in Clears

A.3.

Routines

order

true.

Managing

Otherwise,

and

the entry

Routines

form

for

.). If such and

returns

a ({p, q},x) false.

in q : mddAddr,

q.lvl}.

({p,q},

The

is found, result

it sets r to x and

is independent

of the

q are supplied.

The effect

in p : mddAddr,

of the form

in r : mddAddr) does not contain

on L/[k] is independent

an); element

of the

order

of the

in whi(:h

in q : mddAddr

.) from L/[k].

in/4[k]. Managing

Otherwise,

the

k : level,

(p, r) in )V[k].

Firing

Cache.

in p : mddAddr,

it leaves

of the

out r : mddAddr)

form

r unchanged in p:

Given

If such

and returns

mddAddr, the logic

(p,-).

boolean

a (p,x)

is found,

it sets r to x and

returns

false.

in r : mddAddr) of our

algorithm,

)r[k] does

Bags.

Sets of integers

not

contain

an)'

element

of the

(p, .) and k >_p.lvl. k : level)

all entries

from

in F[k].

for Managing the head

• PickAnyElement(inout Selects of mddAddr

following

to UT[p.lvl],

out r : mddAddr)

the logic of our algorithm,//[k]

k = max{p.lvl,

k : level,

Routines

can be picked

Bags

p and

Given

J-[k] for an element

ClearFC(in Clears

p is added

k: level)

all entries

Inserts

({p,q},

r unchanged

k : level,

• lnserth_FC(in

A.5.

it leaves

RemoveFromUC(in

true.

Otherwise,

If it is found,

false.

in q : mddAddr,

form

p and q are supplied.

• LookUphtFC(in



of the

the two parameters

Searches

true.

as p--+dw.

Cache.

in p : mddAddr,

tile two parameters

({p, q},-)

Clears

i

Union

k : level, in p : mddAddr,

• ClearUC(in

A.4.

the

({p, q}, r) in U[k].

Removes

returns

arcs

mddAddr)

k : level,

• InsertlnUC(in

form

returns

of downstream

in UT[k].

for

in which

Inserts

pattern

and tile fimction

function

H[k] for an element

returns

: boolean

tile same

k: level)

all entries

Searches

Table.

UT[p.h:l].

• LookUpbtbrC(in



with

is set to the address

p:

Unique

out r : mddAddr)

for a node

* RemoveFromUT(in



the

and

removes

(FIFO)

Sets

and

and from

£ : set of int) an arbitrary

are implemented

the tail (LIFO)

according

arid returns

it.

as queues. to the desired

Elements strategy.

: int

element

as linked

are implemented

of a queue,

lists

from

set £,

of pairs

two functions:

20

(mddAddr,

count).

They

are managed

via the

r

AddEIement(in

p : mddAddr,

If bag b contains list of elements

p : mddAddr,

If bag b contains

Often

A.6.

p with

of p, followed

the symbols

"E",

Routines

and

routine



deleted

for type

int, which

of type

obtained

with count

plus to tlw

next-state

the routine

becomes

in the context

subtracts

O. Otherwise,

of bags,

minus

from the

b is left unchanged.

with their

obvious

meanings.

the number

its unique

since

downstream

arcs

Thus,

level

parameter

k can

signals

forwarding

the

for the subnet

firing

by local state

encoded

of e leaves

Approach. by the

following

of incoming whether

the

arc is stored

do not skip levels, be removed

e, when e is enabled

i at level k.

in level k.

level k unchanged.

Note

that

disabled.

is replaced

which

function

level k when

Forwarding-arcs

stores

event

: boolean

the

boolean,

to minus,

: set of int

by firing

mddNode

Moreover,

and

p is added

b : bag)

in case the count

in i : int)

of some

and

the

ofp

fi'om e being

redundant,

LookUpInFC,

Otherwise,

inout

or equal

"_)" are also used

is the local

is different

Modifications

: int,

than

k : level, in e : event)

field up of node in of type

b : bag)

by plus.

events.

e is indet)endent

this property



greater

k : level, in e : event,

this

An event

A.7.

"¢",

handling

• IsIndependent(in

record

count

the set of local states

Basically,

inout

in minus

by the deletion

"=",

for

• NewStates(in Returns

: int,

of p is increased

in b.

• RemoveElement(in

count

in plus

p, the count

for

entries routines

InsertInFC.

21

In the

arcs from the node

forwarding-arcs

approach,

the

two fields:

has been

next

higher

marked

level, and

for deletion.

If so, it is

in dw[0]. of H[k] and ¢-[k] refer only LookUpInUC,

InsertInUC,

to nodes

at level k.

RemoveFromUC,

Appendix

B.

MDDgeneration(in Generates local

Detailed

Pseudo

m : array[1..K]

of int)

space of a model

the state

Code

for

the

"Upstream-arcs"

: mddAddr respect to the

with

initial

state

and

returns

the

address

of the MDD's

root.

k : level;

local

e : event;

local

q : mddAddr;

local

mddChanged

• flag signaling

: boolean;

fork=l

1.

4.

ClearUC(k);

5.

ClearFC(k

g.

• the UC is initialized

foreach

Fire

node

First(e)

inout

MDD

regarding

changes

First(.)

in this iteration

= k do

mddChanged

reachable

at a level k, with

creates a temporary

re-exploring

which

First(e)

known

propagates

> k > Last(e),

redundant

(formerly

: boolean)

from the currently

it calls FireFromFirst,

at the end, if, after exploration,

one, to avoid

if any node of the

order

= false;

and inserts the states

for any

is removed

entries

q, mddChangcd);

in s : mddAddr,

at level First(e),

• true

event e satisfying

Fire(e,

e : event,

First(e),

of out-of-date

here and at the end of each Fire

• sort events in increasing

0;

13. until mddChanged 14. return q;

Then,

here and later purged

• the FC is cleared

);

Events

12.

Generates

are needed

1do

mddChanged _ false; for k= 1 to h'do

11.

Fire(in

iterations

Setlnitial(m);

7. Preprocess 8. repeat 10.

more

• the UT is cleared only once at the beginning

ClearUT(k); 3. for k= 1 to K-

6. q _

whether

toKdo

2.

node

Variant.

state space represented by s via event e. For any

work

downstream

having

node at level First(e), it is still redundant.

redundant)

nodes just

by calling

incoming

Union

downstream

and calls FireFromFirst

This second

introduced.

and FireRecursive.

arcs

from

a level above

on it. The dummy

phase must be performed

The flag mddChanged

node

after the first

is passed through

and

updated. local

k : level;

local

i : int;

local

p, q, r, d : mddAddr;

local

pHasDummy 1. foreach

: boolean; p E T[First(c)]

2.

if FireFromFirst(e,p)

3.

mddChanged

4. for k = Last(c)

6.

pHasDummy

7.

foreach

if not

(to be continued

• check for downstream

arcs skipping

over First(e)

q to p skips

over First(e)

do then

pHasDummy

Insertln

15

- 1 do

> First(e) d _

14.

in level First(e)

_ false;

11.

13.

at nodes

do

10.

12.

• fire e starting

root has to be inserted

true;

q E p_up

if q.lvl

if an implicit

then _

foreach p E T[k]

9.

do

to First(c)

5.

8.

• signals

• downstream

arc from

then

CreateNode(First(e),p);

• insert

a redundant

node

d at level First(e)

pointing

to p

UT( d, null);

pHasDummy

_

true;

for i = 0 to N[q.lvl] if q_dw[i] SetArc(q,

do

• d is not • find all downstream

= p then i, d);

on next page)

22

in the

UT, since

arcs from

it is a redundant

q to p and

re-direct

them

node to d

(continued

16.

if pHasDummy

17.

if not

18.

Remove

19.

CheckNode

20.

for k = First(e) foreach

21.

23.

or (p--+dirty)

26.

to p any arc that

explore

it

it is still redundant... d from the UT and...

was re-directed

to d, then

delete d

• must clean up in this order for this to work

= 0) or (r.lvI

or (q--+dirty)

p E T[k]

Last(e)

or (r.lvl

• disconnected

> 0 and r'--+up = 0)

> 0 and r---_dirty)

nodes...

• ...and out-of-date

then

• ...are

UC (k, p, q);

removed

• clear disconnected

do

entries...

from the UC

nodes at level k

(p);

to First(e)

- 1 do

• clear firing

caches

at levels

below

First(e)

ClearFC(k);

FireFromFirst(in event

Union

e : event, e starting

in p : mddAddr)

from

node

and FireRecursive.

removed

from

UT (this

the

If the

£ : set of int;

local

pHasChanged

local

f,u

: mddAddr;

local

i,j

: int;

true,

its hash

is not changed,

value).

p was itself

_

=

First(e).

changed,

is deleted,

If the

node

It propagates

and false,

otherwise.

if it has become

is removed,

the

work

downstream

If p changes,

redundant,

change

by calling its address

is

or p is re-inserted

is propagated

upstream

in using

UT.

• flag signaling

whether

MDD

with

• get all the local states that

c);

root

p has changed

potentially

enable e

false;

_ ¢ _ do

4.

i _

PickAnyEIement(£);

5.

f _

FireRecursive(First(e)

6.

if f

• choose - 1, c,p-+dw[i]);

• f = (0,0)

j C NewStates(First(e),e,i)

8.

u _

9.

if u _ F-+dw[j]

10. 11.

remove

p-+dw[i]

if and only

• j is a local state reachable

do

12.

pHasChanged if NewStates

14.

if pHasChanged

17.

if p_cached

18.

CheekNode(p);

• this is the first

then U T (p); _

ife

it from

E

if e is local could

not fire

i when firing

from

of e added

e

• remember

new states

change to p in this

• p must be removed from the UT before

true;

(First(e),

AddElement SetArc(p,

16.

• the firing

then

pHasChanged

RemoveF)'om

15.

i in Z_ and

Union(f,F-+dw[j]); if not

13.

any element

• this call returns

# (0, 0) do foreach

return

node

p is left in the

LoeaIStatesToExplore(p,

7.

if node

the

p.lvl

: boolean;

2. pHasChanged 3. while

UT, satisfying

either

for updating

local

1. £ _

Moreover,

node

: boolean

p in the

It returns

UT.

allows

CheckNode.

19.

• ...re-direct 1 do

= I_) or (q-+up

DeleteDownstream for k

28.

Fires

(d);

1 downto

node has been created,

• if it is unchanged, • ...remove

From U T (d) ;

RemoveFrom foreach

2?.

d) then

page)

({p, q}, r) E L/[k] do

if (p--_up

24.

the

-

22.

25.

• if a redundant

then

FireFromFirst(e,

from previous

call

changing it

not to remove p from the UT again

e, j) _ {bthen

(j, L:);

• j needs to be explored

(possibly

again)

j, u);

then then

p-+dirty

_

• cache entries referring

true;

to p are stale

• put back p into the UT, or delete it

pHasChanged;

23

FireRecursive(in Returns

k : level,

the

address

in e : event,

of a node

representing

dependency

of e on levels above

a temporary

node

local

: set

t in-place.

p.lvl.

The

the

set of states

Function

returned

: mddAddr reachable

FireRe.cursive

value

from

propagates

is guaranteed

S(p)

when

event

e occurs,

work only downstream,

to be in the

UT, unless

it is not

since

ignoring

7",t, f : mddAddr;

local

atSamcLevel

local

i,j

(0, 1) or (0, 0).

: boolean;

• p.lvl

= k ?

: int;

1. if k < Last(c) 2.

return

3. if p.lvl 4.

• the end of the recursion

then

< k and

return

6.

IsIndependent(k,

FireReeursive(k

return

• continue at the next level

r;

t ¢= CreateNode(k,

8.

if p.lvl

• create a temporary

(0, 0));

• at this

< k then

atSameLevel

10.

• e does not depend on level k

e) then

- 1, e,p);

r) then

7,

9.

£ _

_

point,

• initialize

(k, e);

the set £ to all local states enabling

atSameLevel £ _ while

¢= true;

LocaIStatcsToExplore(p,

e);

• initialize

the

i _ PiekAnyElemcnt(£); if atSameLevel then

17. 18.

else

19.

• choose

f _

FireReeursive(k

- 1,e,p---÷dw[i]);

f _

FircRecursivc(k

- 1, e,p);

• nothing

foreach u _

23.

if u 7_ t--+dw[j]

24.

Union(f,

SetArc(t,j,

InsertInFC(k,p,t);

29.

return

the address

i : int;

local

r,u

c

to explore

here;

move

from

it from

L:

p_dw[i]

on to the

via e

next

if and only if e could

level

not fire

• the firing of e in p---rdw[i]

(j, £);

• j will have

added new states • e is still enabled

to be explored

(possibly

i

again)

u); • since t_up

= O, this cannot

cause recursive deletes

upstream

t;

p : mddAddr,

k:level;

enabling

i in L; and remove reachable

c, j) _ 0 then

CheckNode(t);

28.

local

states

i) do

then

AddElement

26.

local

local

t-+dw[j]);

if NewStates(k,

25.

any element

• f = (0,0)

j E NewStates(k,c,

22.

returned

£ to ali reachable

• find states

if f ¢ (0,0 / then

21.

Returns

set

£ _ ¢) do

15. 16.

Union(in

e

• k = p. Ivl

13.

27'. t _

on k

false;

LocalStatesEnablingEvent

12.

20.

node t

e depends

else

11.

is reached

p;

5. if LookUpInFC(k,p,

14.

the]

it only changes

of int;

local

The

in p : mddAddr)

value

in q : mddAddr) r of the is guaranteed

node

: mddAddr

representing to be in the

S(p)

U S(q).

UT, unless

It uses

it is not

and

updates

(0, 1) or (0,0).

the

UC to speed-up

Of course,

r.lvt

computation,

< Max(p.lvt,

q.tvl).[l

: mddAddr;

1. if p =

(0, 1) or q = (0, 1) return

2. if p =

(0,0)

3. if q---- (0,0) (to be continued

or p = q return return

• deal with special cases first

(0, 1);

q;

p;

on next page)

24

t

(continued 4.

k 4= Max(p.lvl,

5.

if LookUplnUC(k,p,q,r)

6.

return

in r

• otherwise,

(0,0));

the union

is computed

in r

• p is at a lower level than q

then

u 4= Union(p,q---_dw[i]); • q is at a lower level than

else if k > q.lvl then

12.

u 4= Union(p_dw[i],

13.

p

q);

else

14.

• p and q are at the same level

u 4= Union(_--_dw[i], q--*dw[i]);

15.

SetArc(r,

i, u);

16.

r 4= CheekNode(r);

17.

lnsertlnUC(k,p,

18.

ifp

19.

ifq_

20.

p---_eaehed,

21.

return

• since r-_up

----(_, this cannot cause recursive deletes • record

q, r);

5_ 7' then

InsertInUC(k,p,r,r);

7"then

InsertlnUC(k,q,r,r);

CheckNode(in

q---_cached,

the result of this • add predicted

r--+caehed

upstream

union in the UC cache requests

4= true;

r;

p:

mddAddr)

: mddAddr

Enforces

the MDD

replica.

If so, p is inserted

DeleteUpstreara,

properties

which

for node p, which

in the UT. Otherwise,

in turn

calls

node does not have to be deleted.

it

result of the union is returned

do

if k > p.lvl

11.

initially

• if found,

then

r;

8. fori=0toN[k]-i 9.

page)

q.lvl);

7. r 4= CreateNode(k,

10.

from previous

described

is not in the UT. It ensures that node p is disconnected

CheckNode

Function

by p, and this address

on these nodes,

CheckNode

is guaranteed

returns

this

node is neither

from upstream

and so on.

the address

redundant

nodes and deleted

The recursion

stops

when

of the node representing

to be in the UT. As we allow a redundant

nor a

by calling a modified

the set of states

root node, we treat

as a special case. local

X:

i.

mddAddr; if p.lvl

=/C

then

2.

InsertInUT(p,

3.

return

• check null);

p;

4. if p--_dw[0]

• this allows = p---_dw[1] .....

5.

x 4= p-_dw[O];

6.

DeleteUpstream(p,

7.

return

- 1] then

x);

return

the

root

arcs

node

node

• p is redundant;

• all downstream

pointing

• p is a replica

then

• all downstream

DeleteUpstream(p,x);

10. 11.

p---_dw[N[k]

for keeping

root

back

special into

the

case UT

even if it is redundant

delete

it and use its child

to p must

now point

to x

x;

8. else if InsertInUT(p,x) 9.

• put the

of x; delete it and use x instead

arcs pointing

to p must now point

to x

x;

else

12.

return p;

DeleteUpstream(in

o : mddAddr,

Changes

any downstream

instead,

thus disconnecting

upstream

• p is a distinct

arc pointing node o.

bag of o, it removes p from

p : mddAddr;

local

i : int;

(to be continued

in the UT

in n : mddAddr) to the old node o, not present Then

it deletes

o.

After

in the UT, so that

changing the

the UT and enforces the reducedness

in turn may call DeletcUpstrearn. local

node and was inserted

on next page)

25

downstream

property

it points

to the new node n

arcs of any node p in the

on it by calling

CheckNodc,

which

(continued I. foreach

p E o-+up

RemoveFrom

3.

for i = 0 to N[p.lvl]

CheckNode

8.

SetArc(o,

9.

ReleaseMcmory(o);

local

i-th

or re-inserted

upstream

in the UT by CheckNode

1 do • this call does not need a downstream

i, n);

• enforce

recursion

reducedness

property

do • disconnect

i, {0, 0));

p : mddAddr,

the

be deleted

(p);

7. for i = 0 to N[o.lvl]

SetArc(in

-

node will

page)

= o then

SctArr(p,

6.

• updated

UT (p);

if p--_dw[i]

5.

Sets

• check all nodes directly

do

2.

4.

from previous

node...

• ...and

in i : int,

downstream

in n : mddAddr) p to

of node

arc

kill it

while

maintaining

consistency

with

the

upstream

arcs.

]

o : mddAddr; 1. o _

3. if n.lvl 4.

• old node pointed

p-_dw[i];

2. l_--_dw[i]

_

• increase count

1, n--+up );

of upstream

RemoveElement

DcletcDownstream(in

p:

q : mddAddr;

local

i : int; 1. if p--+up

RemoveF_om

3.

for i = 0 to N_.tvl] q _

5.

SetArc(p,

6.

DeleteDownstream

the MDD

p,q

local

k : int;

routine

removes

p from the UT and deletes it, after

having

recursively

examined

do • disconnect

i, (0, 0));

old downstream • check

(q);

arc pointing

to q

if q still has incoming

arcs

• kill node p

(p);

m : array [1..K]

local

arcs for old node

p--+dw[i];

ReleaseMemory

I Constructs

to

or (0, ])

UT(p);

4.

Sethdtial(in

of upstream

(0,0)

= 0 then

2.

7.

or (0, 1)

mddAddr)

If node no incomingarcs.arcs, this each of pits has downstream local

• reduce count

(p, 1, o-+up);

arc

arcs for the new node pointed • no need to unllnk

5. if o.lvl ¢ 0 then

arc

downstream

• no need to link (0,0}

¢ 0 then

AddElement(p,

6.

by the downstream

• re-direct

n;

of int)

representing

: mddAddr

the initial

state m of the model, and returns

a pointer

to the MDD's

root.

l

: mddAddr;

1. q _

• initialize

(O, 1);

2. for k=

1 toKdo

3.

p _

CreateNode(k,

4.

SctArc(p,

5.

lnsertlnUT(p,

6.

q_p;

7. return

m[k], q);

q to node

(0, 1)

(0, 0)); • link new node,

at level k, to the

• use null because

null);

q;

26

one below,

p is known

at level k - 1

to be a new

node

CreatcNodc(in

k : level,

in initial

: mddAddr')

Allocates

a level-k

node with

initialized

to false,

and returns its address.

local

p : mddAddr;

local

i : int; 1. p _

: mddAddr

all the entries in dw initialized

to initial,

up initialized

It also updates the bag of upstream

to O, flags cached

and dirty

arcs for node initial.

AllocateMemory(k);

2. F-_up

_

q);

3. fori=Oto

N[k]-I

4.

_

p--_dw[i]

5. if initial.lvl 6.

do

initial;

> 0 then

AddElemeat(p,

7. p--_cached,

N[k],

p-+dirty

_

initial-+up); ,false;

8. return p;

LocaIStatesEnablingEvent(in I Returns

k : level,

in e : event)

the set of local states at level k which

local

L_ : set

local

i : int;

: set of int

enable e.

I

of int;

I. £¢=_; 2. fori=OtoN[k]-I 3.

do

if NewStates(k,

4.

• refer to the local next-state

e, i) _ 0 then

AddElement

function

of the underlying

model

(i, E) ;

5. return L:;

LocaIStatesToExpIore(in Returns and

in c : event)

the set of local states at level p.lvl

(2) enable

i.e., all local local local

p : mddAddr,

c. If c is independent

states

: set

which

of level p.lvl,

at this level enable

(I)

: set of int are currently reachable only Condition

c.

of int;

i : int; 1. £ ¢: q); 2. for i = 0 to N[p.lvl] 3.

if p_dw[i]

- 1 do

# (0, O) and

4.

AddElement(i,

5. return

tT;

NewStates(p.lvl,

e, i) # O)then

£);

27

via the considered

(1) is restrictive,

since

path from the root to p

NewStates(p.lvl,

c, i) = {i},

Appendix C. Detailed PseudoCode Routines TILe other

Sethdtial, routines

I Generates

the

local

k : level;

local

q : mddAddr;

local

mddChanged

2.

given

including

some

m : array[1..K]

of int)

: mddAddr

with

the

and

here,

space of a model

state

1. for k=

LocaIStatesEnabIingEvent,

are

MDDgeneration(in

for

new

"Forwarding-arcs"

LocalStatesToEzplore

are as for the upstream-arcs

approach.

ones.

respect to initial state

/71,

: boolean;

and returns

the address

• flag signaling

whether

of the

more

MDD's

iterations

root.

are needed

1 toKdo • the UT is cleared only once at the beginning

ClearUT(k);

3. for k=

1 to K-ldo • the UC is initialized

4. ClearUC(k); 5. for k = l to K6.

Variant.

here and later purged of out-of-date

entries

l do • the FC is cleared here and at the end of each Five

ClearFC(k);

7. q 4= SctInitial(m); 8. PreproeessEvents 9.

• sort events in increasing order regarding First(.)

0;

repeat

10.

mddChanged

I1.

Fire(ll);

_

12.

for k=2toKdo DeleteForwardmg

14.

foreach

until

e satisfying

the downstream

back in. Thus,

local

p, u : mddAddr;

local

pHasOhanged

local

i : int;

cause nodes at level k to become marked

for i = 0 to N[k]

6.

if u _ p--+dw[i]

i);

8.

Remove

9.

pHasChanged SetArc(p,

• update

arc p--+dw[i],

= false

at level k - 1

_

it points to a node

does

point

to a node

marked

for deletion

marked

for deletion

then • p must be removed from

From U T (p ) :

i, u);

in case

• F--_dw[i]

then

if pHasChanged

CheckNode

for deletion

> O then

u 4= UpdateArc(p,

12.

arcs and nodes marked

p has changed

- 1 do

5.

if pHasChanged

forwarding

whether

false;

ifp-+dw[i].Ivl

11.

for deletion.

• flag signaling

• eliminate

_

chain, after appropriately

nodes at level k. This requires to remove these nodes from the UT and to check

might

do

p E T[k]

3.

10.

1 and destroys the corresponding forwarding

: boolean;

pHasChanged

7.

at level k-

arcs from

this procedure

2. 4.

nodes at level k

k : level)

them

1. foreach

non-unique

= k do

= false;

Removes all nodes marked for deletion re-directing

First(e)

event at level 1

q, mddChanged);

mddChanged

DeleteForwarding(in

• eliminate

(k);

event

Fire(e,

15.

if any node changes in this iteration • fire the local macro

13.

15.

• true

false;

• remember

true; • point

p-->dw[i]

the UT before

changing it

not to remove p from the UT again

to the equivalent

node not marked

for deletion

then * this might

(p);

28

mark p for deletion

UpdateAre(in

p : mddAddr,

If q = p--+dw[i]

is not

the forwarding more

chain - after

efficiently,

local

in i : int)

marked

: mddAddr

for deletion, (1) either

or (2) deleting

q is returned.

re-directing

Otherwise,

q's forwarding

q, if one just followed

the

u is returned

- where

arcs to u, so that

last arc reaching

further

it (either

it is the accesses

"ultimate"

node

in

to q will determine

downstream

u

or forwarding).

q, u : mddAddr; 1. q 4= p--4dw[i]; 2. if (q.lvl

> O) and

q---->deleted then

3.

u _

UpdateArc(q,

4.

if q--+in = 1 then

5.

SetAre(p,

6.

ReIeaseMemory

7.

SctArc(q,

8.

return

e : event,

Generates

O, (0, 0));

• q cannot

be deleted,

but its forwarding

be deleted

arc can be set to the end of the chain • u is not marked for deletion

in q : mddAddr,

inout

and inserts the states

k : level;

local

p, q, r : raddAddr; 1. foreach

p C T[First(e)]

2.

if FireFromFirst(e,p)

3.

mddChanged

4. for k = First(e) 5.

foreach

if (p_up

or (p-->dirty)

FireFromFirst(in event and

nodes...

• ...and out-of-date

then

• ...are removed • clear disconnected

do

entries...

from the UC

nodes at level k

(p );

to First(e)

e : event, e starting

- 1 do

• clear

allows

from

in p : raddAddr) node

FireReeursive.

from

forwarding

• disconnected

= @)

or (t-+dirty)

firing

caches

at levels

below

First(e)

Y[k] _ O;

12.

removed

it

do

U C (k, p, q);

p C T[k]

for k = Last(e)

at nodes in the first level affecting

• must clean up in this order for this to work

1 do

or (q-+dirty)

DeleteDownstream

11.

• fire e starting

= O) or (q---_uv = O) or (t-+up

RemoveFrom

10.

and updated.

then

({p, q}, r) 6 U[k]

foreach

is passed through

it

4= true;

7. 8.

: boolean)

the current state space via event e. For any node at level First(c),

do

- 1 downto

6.

9.

mddChanged

reachable from

The flag mddChanged

local

the

for the arc.

hash

If the

£ : set

local

pHasChanged

local

f, u : mddAddr;

local

i,j

p in the

It returns

UT. Moreover,

local

(to

• ...so q can finally

( q) ;

O, u);

q;

calls FireFromFirst.

(this

to q is followed...

else

11.

Union

only arc pointing

return u;

10.

Fires

• the

if q--->in = 0 then

9.

Fire(in

0);

value

node

: boolean UT, satisfying

true

whether

if node node

to be updated).

is not changed,

p.lvl

p was

p is deleted, If the

It propagates

and false,

is removed,

the

work

otherwise. redundant,

change

downstream

If the

node

by calling changes,

or p is re-inserted

is recorded

by CheekNode

in the

p is UT

using

a

UT.

of int; • flag signaling

: boolean;

: int;

be continued

First(c).

if it has become

node

p is left in the

=

changed,

on next

page)

29

whether

p has changed

(continued 1. £ _

LocatStatesToExplore

2. pHasChanged 3. while

• choose any element

PickAnyElement(£);

5.

f _

FireRecursive(e,p--+dw[i]);

6.

if f _ (0,0>

7.

• f = (0,01

then

u _

9.

if u ¢ p--+dw[j]

• the firing

then

11.

Removc

12.

pHasChanged

13.

if NewStatcs

14.

SetArc(p, if pHasChanged if p---+caehed

18.

CheckNode

if e could

not fire

from i when

firing e

• remember

true;

not to remove p from

changing

it

the UT again

• if e is still enabled...

e, j) _ _ then

(First(c),

to p in this call

• we must remove p from the UT before

From U T (p); _

of e added new states change

• ...j

L:);

will have to be explored

(possibly

again)

j, u);

then

p----_dirty _

• cache entries

true;

referring

to p are invalidated

• put p back into the UT, or delete it

(p) ;

pHasChanged;

FireReeursive(in

e : event,

the address

temporary

if e is local

then

17.

return

• this is the first

then

AddEIemcnt(j,

15.

if and only

• j is a local state reachable

do

it from L:

p--_dw[i]

Union(f,p--_dw[j]); if not pHasChanged

10.

dependency

enable e

i in L: and remove

• this call returns

foreach j E NewStates(First(e),e,i)

8.

Returns

potentially

E _ _ do

i _

19.

• get all the local states that

(p, e);

page )

_= false;

4.

16.

from previous

in p : mddAddr)

: mddAddr

of a node representing

of e on levels node t in-place.

above p.lvl.

the set of states FireRecursive

Because redundant

reachable

propagates

nodes are preserved,

from

work

S(p)

only

when event

downstream,

the returned

value

e occurs,

ignoring the

since it only

changes

is guaranteed

a

to be in the UT

and at the same level as p, unless it is 10, 0). local

: set of int;

local

r, t, f : mddADdr;

local

i,j 1

: int; if p.tvI

2.

< Last(c)

return

3. if LookUpInFO(p.lvt,p, 4, return r; 5°

• end of the

then

r e= CreateNode

(p.h,l,

r) then

i *= PickAnyElement(£);

9.

f _

• f = (0,0)

foreach j E NewStates(p.Ivl, u _

13.

if u ¢ r-+dw[j]

Union(f,

16. r _

18.

InscrtInFC

19.

return

node t

enabling

e

then

• the firing

AddElement(j,

£);

CheckNode(r);

i in LZ and remove

it from £

reachable from p-_dw[i] if and only

if e could

via e not fire

e, i) do

c,j)

SetArc(r,j,

17.

local states

r_dw[j]);

if NewStates(p.lvI,

15.

any element • find states

then

12.

14.

the set /_ to all reachable

• choose

Fi,eReeursive(_',p---_dw[i]);

if f ?_ (0,0>

11.

• initialize

e);

do

8.

10.

• create a temporary

(0, 0));

6. £ *= LocalStatcsToExplore(p, 7. while£#_

recursion

p;

of e in p-_dw[i]

added

new states

_ O then • j will

have to be explored

(possibly

again)

u); • since t--rup

(p. Ivl, p_ r);

t;

3O

= _, this cannot cause recursive

deletes

upstream

Union(in

p : mddAddr,

in q : mddAddr)

: mddAddr

computation. Since redundant nodes are kept, the returned Returns the address r of the node representing S(p)US(q), of p and q, unless it is not (0, 0). local

r, u : raddAddr;

local

i : int; 1. if p = (0, 1) or q = 2. if p=

C0,0)

(0, 1) return

and q=

3. if p = q return

(0,0)

5.

return r _

CreateNode

8.

u _

9.

SetArc(r,

InsertInUC(p.lvl,

12.

ifp

13.

if q ¢ r then

14.

p--+cached,

15.

return

_ r then

• record

the result of this

in r

q-+cached,

upstream

union in the UC

• add predicted

InsertlnUC(k,p,r,r);

cache requests

q, r, r);

t-+cached

4= true;

: mddAddr

is not in the UT, is not a replica or a redundant

node p is deleted

pointing

local

q : mddAddr;

local

i : int;

(if it has no incoming

arcs, this

can happen only when

to C0, 0). In any case, ChcckNode

by p. This address

1. if p--_dw[0]

= p--+dw[X] .....

2.

ReleaseMeraory(p);

3.

return C0, 0); then

5.

do

for i -- 0 to N[p.lvl]

6.

SetArc(p,

is guaranteed

node pointing

arcs) or it is marked CheckNode returns

Release

and a forwarding

i.e., never when p the set of states

to be in the UT, unless it is not (0, 0).

p-+dw[N[p.lvl]

- 1] = (0, 0) then with

• this can happen only when p-+in downstream

arcs pointing

• p is redundant,

remove

• disconnect

i, C0, 0));

• deletion

11.

SetArc(p, return

q;

return

p;

_

it, and use u instead old downstream

arcs

(p);

else l_--4deIeted

= 0

to C0, 0), delete it

• p can now be deleted

Memory

10.

arc is placed

is called from FirePromFirst,

= 0 then

if p--tin

to C0, 0), and inserts p in the

for deletion

the address of the node representing

• p is a dummy

4. else if lnsertlnUT(p,q)

14.

the union is computed

• since r--_up ----0, this cannot cause recursive deletes

p : mddAddr)

described

12.

in r

q_dw[i]);

p, q, r);

in it. If it has incoming

13.

• otherwise,

CO,0));

lnsertInUC(k,

that p, which

8. 9.

result of the union is returned

r;

UT. Otherwise,

7.

• if found,

i, u);

r 4= CheckNode(r);

initially

cases first

- 1 do

Union(p-_dw[i],

11.

is a dummy

special

C0,0);

p, q, r) then

(p.lvl,

10.

Ensures

• deal with

(0, 1_;

return

r;

7. for i = 0 to N_v.lvl]

CheckNode(in

to be in the UT and at the same level It uses and updates the UC to speed-up

q:

4. if LookUplnUO(p.lvl, 5.

value is guaranteed where p.Ivl = q.lvl.

true;

of p must

• mark

0, q);

• record

p for future the

be delayed deletion

forwarding

arc

else • p is a distinct

31

node and was inserted

in the UT

SetAre(in

p : mddAddr,

Sets the i-th count,

in i : int,

downstream

arc of node p to n, while

f the incoming-arcs

local

in n : mddAddr) at the same time maintaining

count of the old node p-_dw[i]

consistency

becomes O, this node will

with

the incoming-arcs

be removed later.

o : mddAddr; 1. o _

• old node pointed by downstream • re-direct downstream

p-_dw[i];

2. p---_dw[i] 3. if n.Ivl 4.

_

• no need to keep track of (0,0)

¢ 0 then

n-+in

5. if o.lvl 6.

n;

_

n--_in

+ 1;

• increase count

• no need to keep track

_ 0 then

o-+in

_

DeleteDownstream

o-_in

- 1;

• reduce count of upstream

If node p has no incoming

local

q : mddAddr;

local

i : int; 1. if p-+in

arcs, this

3.

for i -- 0 to N[p.lvl]

routine

removes

p from the UT and deletes

q _

5.

if q.hpl > 0 then

6.

SetAre(p,

7.

Delet e Downstrearn

p--rdw[i];

k : level,

ato level-k false,

local

p : mddAddr;

local

i : int;

• disconnect

i, (0, 0));

ReIeaseMeraory

(q);

_

in initial

: mddAddr)

8.

to q arcs

: mddAddr

O;

3. fori=OtoN[k]-ldo

initial-+in

7. p--_caehed,

old downstream

node returns with allits the entries Itinalso dw updates initialized the toincoming-arcs initial, in initialized zero,initial. flags and address. count fortonode

4. p--+dw[i] 5. if initial.lvl 6.

arc pointing

• check if q still has incoming

(p);

AIIocateMemory(k);

2. p--_in

it, after having recursively examined

do

4.

1. p _

or {0, 1)

arcs for old node

= 0 then

RemoveFrornUT(p);

Allocates initialized

of (0,0)

arcs.

2.

CreateNode(in

or (0, 1)

arcs for new node

(in p : raddAddr')

each of its downstream

8.

of upstream

arc arc

4== initial; > 0 then _

initial--+in

p--+dirty

_

+ N[k];

false;

return p;

32

cached

and dirty

Appendix In the

this

D. section,

Kanban

net

D.1.

Illustration

we illustrate

depicted

into

local

event

macro

(cf. Fig.

6.1).

sa and

subnets,

L-,

the

upstream-arcs

subnet

with

In order

1 to subnet

system

4.

toki,

possesses

of our

algorithul

N = 1 for tile

to apply

Subnet

our

thick,

two synchronizing

the

-- plus

events,

of a small

example,

namely

marking.

MDD-ba._ed

i contains

tredo_, and

by means

initial

approach,

places

p,,

transition and

tsynchl_23

P,,,i, tout_

the

Kanban

pb_ck,,

and

or ti.4

pout,.

where

which

tsynch4_23,

net

is

The

applicable

we abbreviate

s2, respectively.

Given the

variant

right,

of transitions

FI(;. D.1.

In

Algorithm.

Initialization.

consists

Further,

the

6.1, upper

and

four

of

the

in Fig.

Partitioning

partitioned

by

An

this

sequel,

partitioning, we also

{(i4,i3,i2,i_)

each

abuse

Indexing

subnet

notation

of local states

for the Kanban

local

which

has four and

write

states

(I4,Is,

[i4 E I4, i3 E 13, i2 E I2, i_ E I_}.

If/j

I.,,I_),

=

we number

where

{0, 1,2,3},

subnets

Ij

0 through

C {0,1,2,3}

we write

3 as show

in Figure

1 _< j

< 4, for the

and

D.1. set

Ij ----* for short.

TABLE D.1 Transitions macro

event

/1

macro

*

*

*

*

*

*

*

*

*

*

*

*

$

*

*

*

*

*

*

1

2

1

3

0

1

{2,3}

The

initial

state

(initial

{(0, 0, 0, 0)},

which

ically

in the six tables

shown

of the considered the

event

*

{2,3}

marking)

is represented

of our

by the of Table

(on the

left),

event

MDD

D.1,

l.,

net.

macro

event

13

macro

event

14

*

*

*

*

0

1

1

2

1

*

*

1

{2,3}

2

1

*

*

*

*

*

*

2

1

*

*

*

$

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

syn.

81

syn.

s2

3

0

0

1

3

0

0

1

0

1

*

*

net

is (0,0,0,0).

depicted

one table

i.e., a set

of the example

Thus,

in Fig. D.2, per

of global

event. states,

Each and

the

left-hand column the

initially side.

global

The

of a table state

{2,3}

reachable net's

states

transitions

contains

resulting

space

an enabling

after

S

is

are schemat-

the

pattern

event

fires

(on

right). In the

following,

of the

Kanban

in the

order

First(14)

net. l_


.............

1;I:_1I I I

t

states

(4, 0) are updated

(4, 0).dw[1])

! I 1 1 I

I1.|_|1



Fireb%omFirst



of l._ is not

scheme

no local

1 I I I I

FIG. D.2.

above

our algo-

routines:

1. Fire(f1),

0 enabling

state

MDD



'LaL__L..J

_





Ilill

t 'L..[.J_.U



I_ q-TTiq



'm FIG. D.3.

Next, Fig.

D.3).

series

the The

synchronizing routine

Fig.

s2 becomes

FircFromFirsl,

called

enable(t with

due

respect

l, event

s2

to

sequence

the

to node

of FireRecursive

calls:

1. FireRecursive

(2, .s2, (2, 0)) = (2, 1) and

(2, 1).dw[1]

= (1,0)

s:, (3, 0)) = {a, 1) and

(3, 1).dw[1]

= (2, 1)

2. FircRecursivc(3, In

event

Iteration

D.3,

left-hand

it is to complete

the

side,

also

representation

a node

(4, 1) is depicted,

of {(0, 1, 1, 0)},

which

which

is the

3,t

(4,0)

is not new

(4,0)-2-_(3, builds

actually

state

obtained

the

created.

0)--+(2,0>--+(1, o o

MDD

rooted

The

1)5' firing

purpose ._.

at

0)

(cf.

(3, 1) in

of showing

By calling

Union

a

regarding nodes(3,0} and(3,1)= (3,2),ttlenewstateis added to S. {(*, 0, 0, 0), (0, 1, 1,0)}.

Moreover,

node

(3, 2) is linked

as tlle

0-th

to tile

tlle firing.

Since

the temporary

MDD

rooted

pattern

enabling

is disconnected,

it is removed



by the

next

DeleteDownstream

call,

_

_





_'7

D.3.

Second

1 in node

Event

l., fires

reachable

Iteration.

(2, 1). twice

state

(cf. Fig.

space



In the

However, D.4,

tile

second

right-hand

Iteration

iteration,

exploration

from side)

the

first

and

adds

the

for computing

new

=

MDD

the union,

iteration.

I_1_1 I 1

LIi............. I I I_111

2, event

local

node

to S U {(0, 1, 1, 0)} to bind

L_.._

,I............ :1 :l _

--%

.... b---i................

/I

I I I

FIG. D.10.

Next level.

to be examined

As a result,

the

I I

are the local

first links of nodes

macro

events

(2, 5) and

_\',A

Iteration

12 and

3, events

13.

Both

{3, 4) are copied

37

I,,I

I I I

12 and la

are enabled in the last

hy a single

two locations

node

at the corresponding

of the array

of dmvnstream

pointers. Theresulting MDDrepresents statespace S =

{(*, 0, 0, *), (0, {1, 2, 3}, {1, 2, 3}, *), (*, {1, 2, 3}, {1,2,

(cf. Fig. D.10).

{3, 2)_-r(2,

However,

no

encoded

Event new

in $.

states

Thus,

i

sl is then

the

enabled

need

to be

MDD

remains

by the sequences adde(1,

since

the

outcomes

1)_+{1, (3, 0,0,

1) and

I 1,1,1,1





event

14 Call fire again

the union

of nodes

{3, 2) and

of the

encoded

by the

set

{3, 2) becomes purged

MDD

(cf. Fig.

D.5. terminates Fig. D.12.

now

from

(3, 4), which

sub-MDD

disconnected

and

stores

the

State

Space.

rooted is deleted

state

respectively,

are

1}.

ah'eady

I(1'1

.........................................

I Ik.[_

space

node

along

(3, 2).

with

3, event

The

{3, 4}, since

at node

,9 =

Iteration

(4, 0).

is node

--'-v-r_'-v-'

_-

F1(_. D.11.

local

0, 1),

5)-:---+(0,

i

_



Finally,

(0,0,

3}, 0)}

3*

{3, 4}--+{2,

_

t ....._; ................................................................................................

[

3

1) and

unchanged.

I ! J lAl_l

......................

0)_+(0,

last

14

three

of its downstream

the suh-MDD

With

rooted

at node

all of its upstream

its descendants

pointers

by a call of routine and

the

replaced

(3, 4} encodes

arcs removed

{(*, 0, 0, *), (*, {1, 2, 3}, {1, 2, 3}, *)},

are

from

a superset

its bag,

DeleteDownstream. third

iteration

by

node The

is finished

D.11).

Final and Note

returns that

the level

root

In the fourth

iteration,

to

representing

1 is empty;

tile the

MDD dotted

node

no new reachable the

final

state

states space.

are detected.

Hence,

the algorithm

The

MDD

is depicted

is redlHldant.

ur7

Ill I i-

....

t___

FIG, D.12.

Final

MDD

representing

t

_

j

the complete

38

reachable

state space

final

in

REPORT

DOCUMENTATION

Form Approved OMBNo 0704-0188

PAGE

i Public reporting burden for this collection of information is estimated to average 1 hour gathering and maintaining the data needed, and completing and reviewing the collection collection of information, including suggestions for reducing this burden, to Washington Davis Highway, Suite 1204, Arlington, VA 22202-4302, and to the OfFice of Management

1. AGENCY

USE ONLY(Leave

blank)

2. REPORT

TITLE

AND

Etficient

3.

DATE

December 4.

per response, of information Headquarters and Budget,

including the time for reviewing instructions, searching existing data sources, Send comments regarding th;s burden estimate or any other aspect of this Services, Directorate for Information Operations and Reports, 1215 Jefferson Paperwork Reduction Project (0704-0188), Washington, DC 20503,

REPORT

1999

TYPE

Contractor

AND

SUBTITLE

symbolic

DATES

COVERED

Report 5. FUNDING

state-space

construction

for

asynchronous

NUMBERS

systems C NAS1-97046 WU

505-90-52-01

6. AUTHOR(S) Gianfranco Gerald Radu

Ciardo

Liittgen Siminiceanu

7. PERFORMING Institute Mail

ORGANIZATION

for Stop

Computer

132C,

Hampton,

VA

NAME(S)

Applications

NASA

Langley

Research

Hampton,

11.

VA

Final

and

Engineering

Center

ICASE

Space

NAME(S)

AND

Report

No.

99-50

10. SPONSORING/MONITORING AGENCY REPORT NUMBER

ADDRESS(ES)

Administration

Center

NASA

/CR-1999-

ICASE

Report

209827 No.

99-50

NOTES

Technical

Monitor:

Dennis

M.

Bushnell

Report

Submitted 12a.

and

23681-2199

SUPPLEMENTARY Langley

Research

AGENCY

Aeronautics

Langley

8. PERFORMING ORGANIZATION REPORT NUMBER

ADDRESS(ES)

Science

23681-2199

9. SPONSORING/MONITORING National

AND in

to

the

21st

International

DISTRIBUTION/AVAILABILITY Unclassified

Conference

on

Applications

and

Theory

on

Petri

Nets.

12b.

STATEMENT

DISTRIBUTION

CODE

Unlimited

Subject Category 60, 61 Distribution: Nonstandard Availability:

NASA-CASI

'T3. ABSTRACT Many

(Maximum

state-of-the-art

reachable

state

asynchronous Decision it fully

system

14. SUBJECT event

In

the

for

this

intelligent the tool

algorithm

the

paper,

models,

Diagrams (MDDs) exploits event locality

that

621-0390

techniques spaces.

algorithm supports is implemented in show

(301)

200 words)

such for

verification we

of today's

develop

as Petri

a new

nets.

The

efficiently storing sets which is a fimdamental

cache SMART,

performs

management and run-time about

one

order

complex

algorithm

embedded for

algorithm

is based

of reachable semantic

states. property

and achieves results for of magnitude

faster several faster

the on

systems

syml)olic previous

work

In contrast to of asynchronous convergence examples than

the

via taken best

decision

diagrams,

state-space

the of

that

analysis

the

state

employs

of their space

of

Multi-_+alued

related approaches, however, systems. Additionally, the

existing

iteration control. Petri net literature

state-space

i15. multi-valued

on

ad_"anced from the

TERMS

locality,

rely

generation

It

generators.

NUMBER

OF PAGES

43

exploration 16. PRICE

CODE

A03 17. SECURITY CLASSIFICATION OF REPORT Unclassified JSN 7540-01-280-5500

18. SECURITY CLASSIFICATIOI_ OF THIS PAGE Unclassified

19. SECURITY CLASSIFICATION OF ABSTRACT

20. LIMITATION OF ABSTRACT

,tandard Prescribed 29B+102

Form 298(Rev. by ANSI

Std

Z39-18

2-89)