Widening for Space

As stated in the related work survey in §5.4, the ROBDD approximation algorithms of Shiple [Shi96] and Ravi et al [RMSS98] seek to improve the density of an ROBDD defined as the ratio of minterms in the represented function to the number of nodes in the representing ROBDD. Both algorithms identify the non-dense sub-ROBDDs within an ROBDD and substitute them with other sub-ROBDDs which are denser but possess more models. Ultimately this culminates in a dense over-approximation. Although this approach is well-intended, it has the following distinct disadvantages:

• density comparisons and ROBDD restructuring is limited to those sub-ROBDDs that actually arise in the ROBDD. The structure of the ROBDD to be approx- imated is heavily dependant upon the variable ordering employed (§2.2.1) hence differing approximations will be obtained for different variable orderings,

• although density is a natural measure of the efficiency of an ROBDD represen- tation of a Boolean function, an approximation algorithm that endeavours to increase density alone may produce inaccurate approximations. For instance, suppose that a Boolean function over 8 variables has 27 _{minterms and is rep-} resented by 16 nodes, thus its density is 2₁₆7 = 8. The trivial approximation true

can be represented as a single node, and therefore has density 2₁8 = 256, yet this over-approximation conveys no information at all. Thus it is not prudent to base widening on density alone.

The observation is that prime implicants are natural variable order independent candi- dates for reasoning about density whilst retaining accuracy. To illustrate this, consider a Boolean function f ∈ B_{X and the set of implicants S = {p | p |= f} of f. Observe}

that any S′ ⊆S is a sound under-approximation off in the sense that ∨S′ _{|=f where}

∨S′ ₌ W

p_∈S′p. However, different S′, even of the same size, can yield better approx- imations. For instance, consider an implicant p ∈ S and a prime implicant p′ strictly contained within it, that is, p |=p′ and p 6=p′. Then |p′_{|< |p|. Hence p}′ _contributes

2n_−|p′_|

minterms to f whereas p contributes only 2n_−|p_{|. Thusp′ is a better candidate} for inclusion inS′ thanp. Moreover, sincep′ is shorter thanp, it is likely to contribute a shorter path in an ROBDD that represents∨S′_{. The following family of widening op-}

erators draw together these ideas to compute a sound over-approximation by combining negation with systematic under-approximation.

Definition 5.1. The family of operators ∇k:B_{X →}B_{X where k∈}N_{∪ {0} are defined}

by∇k(f) =V

{¬p|p∈primes(¬f)∧ |p| ≤k}

We now proceed to prove the properties of the widening ∇k. The proposition asserts that ∇k is anti-monotonic in its parameter k and hence ∇k is uniformly more precise than ∇k₋1. Furthermore, in the limit, ∇k(f) converges onto f from above. We show

that the widening is also monotonic in its argumentf, that is, for f, f′ ∈B_{X such that}

f |=f′ then∇k(f)|=∇k(f′_).

Proposition 5.1. Suppose |X|=n. Then

• Given f ∈B_{X then f =∇n(f)|=∇n−1(f)|=. . .|=∇0(f) =true.}

• Given f, f′∈B_{X such that f |=f}′ _{and0≤k≤n then ∇k(f)|=∇k(f}′_).

• Given f, f′∈B_{X such that f |=f}′ _{and0≤ℓ < k ≤n then ∇k(f)|=∇ℓ(f}′_).

Proof.

• It is well-known that f =W

primes(f) [CH09], hence in the limit f =∇n(f). To prove for 0≤k < n. Observe,

{¬p|p∈primes(¬f)∧ |p| ≤k} ⊆ {¬p|p∈primes(¬f)∧ |p| ≤k+ 1}

hence it follows that,

^

{¬p|p∈primes(¬f)∧ |p| ≤k+ 1} |=^{¬p|p∈primes(¬f)∧ |p| ≤k}

and thus ∇k+1(f)|=∇k(f). Finally observe∇0(f) =∧∅=trueas required. • Let 0≤k≤n,p′ _{∈primes(¬f}′_{) and|p}′_{| ≤k. Sincep}′_|=¬f′_{by definition, further}

by assumption we havef |=f′then¬f′ |=¬f hencep′|=¬f′ |=¬f. Furthermore, there exists some p ∈ primes(¬f) such that p′ |= p thus |p| ≤ |p′_{| ≤ k. Since}

p′ _|=p,¬p|=¬p′_{, hence,}

∇k(f) =^{¬p|p∈primes(¬f)∧ |p| ≤k} |=¬p′

Therefore∇k(f)|=∇k(f′_{) as required.}

• Holds trivially by combining the above two cases.

From the above proposition we now proceed to show that the widening ∇k constitutes an upper closure operator on the complete lattice of Boolean formulae, and therefore the widening may be used as the basis for defining a Galois connection [CC79]. This is ironic since widening is often deployed when a Galois connection does not exist.

Definition 5.2 (Upper Closure Operator). An upper closure operator (uco) is a func- tion ρ:L→L on a complete lattice hL,⊑,⊥,⊤,⊓,⊔i such that ρ is,

• monotonic: ifx⊑y then ρ(x)⊑ρ(y) for all x, y∈L and,

• idempotent: ρ(x) =ρ(ρ(x))for all x∈L.

Corollary 5.1. The widening ∇k is an upper closure operator on the complete lattice

hB_{X,|=,0,1,∨,∧,¬i.}

Proof. The first two requirements follow as a consequence of Proposition 5.1. Suppose f′ = ∇k(f) for some f ∈ B_{X and k ∈} N_{∪ {0}. Furthermore, let f}′′ _{= ∇k(f}′_{) then}

f |=f′ _{and f}′_|=f′′ _thus¬f′′_|=¬f′_{|=¬f. Observe, by De Morgans,}

¬f′=∨{p|p∈primes(¬f)∧ |p| ≤k} ¬f′′=∨{p|p∈primes(¬f′)∧ |p| ≤k}

since f′ |= f′′ it is sufficient to show f′′ |= f′, or equivalently, ¬f′ _{|= ¬f}′′_{. By Blake}

canonical form [CH09], this sufficient condition can be reduced to the requirement

primes(¬f′)⊆primes(¬f′′). Letp∈primes(¬f′). Since ¬f′=∨{p|p∈primes(¬f)∧ |p| ≤k} it follows that|p| ≤k. Since ¬f′′_{=∨{p|p∈primes(¬f}′_{)∧ |p| ≤k}it follows}

that p |= ¬f′′_{. Suppose for the sake of a contradiction that p 6∈ primes(¬f}′′_{). Thus}

there exists some p′ |=¬f′′ such that p|=p′ and p6=p′. Hence |p′| ≤k, and p′ |=¬f′ since¬f′′_|=¬f′_{. Thusp6∈primes(¬f}′_{) and p∈primes(¬f}′′_{) as required.}