revisiting the amba ahb bus case studyauthors.library.caltech.edu/57469/1/amba_coda_0.pdf ·...

Revisiting the AMBA AHB bus case studyIoannis Filippidis Richard M. Murray

May 12, 2015

Abstract

This report describes a number of changes to the ARM AMBA bus case study from [1]that lead to significant reduction in synthesis time. In addition, it identifies the reason ofblowup for the synthesized strategies in earlier studies as lack of binary decision diagram (BDD)reordering during strategy construction. Enabling dynamic BDD reordering with the groupsifting algorithm, we synthesized strategies for as many as 18 masters, with both the originaland revised specifications. This conclusion is based on detailed experimental measurements thatshow the changes of BDD sizes over time for the fixpoint and other variables during the nestedfixed point computation, including the cumulative time spent on BDD reordering and the totalnumber of BDD nodes. The measurements were obtained for eight different cases, allowing tocompare the original with the revised specifications, with strategy reordering enabled or not,and conjoining the weak fairness guarantees or merging them into a single Büchi automaton.The revised specification proposed here is expressed using the open Promela language.

Contents1 Introduction 6

2 Revising the formal specification 82.1 A1 vs ARM standard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.2 Weakening A1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.3 Proof of weakening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102.4 Updating G2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102.5 A3 becomes trivially true . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112.6 Coupling between A1 and G2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

2.6.1 Coupling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112.6.2 Modifying A1 to remove the coupling . . . . . . . . . . . . . . . . . . . . . . 13

2.7 Reducing the number of variables modeling the environment . . . . . . . . . . . . . . 152.7.1 Substitutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152.7.2 Removing array HLOCK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2.8 Merging progress guarantees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162.9 Changes to variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

1

3 Experimental results 183.1 Experimental configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3.1.1 Enabling reordering during strategy construction . . . . . . . . . . . . . . . . 183.1.2 Reordering using group sifting . . . . . . . . . . . . . . . . . . . . . . . . . . 193.1.3 Number of variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

3.2 Instrumentation of the GR(1) synthesis algorithm . . . . . . . . . . . . . . . . . . . . 203.2.1 The different configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203.2.2 Measurements for each phase . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

3.3 Observations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213.3.1 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213.3.2 Comparison of variants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3.4 Trade-off of counter in state space . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233.4.1 The two alternatives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243.4.2 Effect of reordering and memoization . . . . . . . . . . . . . . . . . . . . . . . 25

4 Relevant work 146

A Note on determinism of automata 147

B Revised AMBA AHB specification 148

C Original AMBA AHB specification 151

List of Figures1 Revising assumption A1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Automaton for guarantee G2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Abstraction of interest from the product of Fig. 1a and Fig. 2. . . . . . . . . . . . . 144 The form of a single Büchi automaton with one accepting state that is equivalent to

N weak fairness goals. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Total run time vs number of masters for synthesizing an arbiter using the revised

specification, with fairness as a Büchi automaton, and reordering enabled duringstrategy construction. These repeated experiments are different runs than thosefrom which the detailed tracing plots were generated. . . . . . . . . . . . . . . . . . . 26

6 Peak memory consumption for the experiments of Fig. 5 . . . . . . . . . . . . . . . . 277 Revised spec with BA and strategy reordering. . . . . . . . . . . . . . . . . . . . . . 288 Revised spec with BA but no strategy reordering. . . . . . . . . . . . . . . . . . . . . 299 Original spec with BA and strategy reordering. . . . . . . . . . . . . . . . . . . . . . 3010 Original spec with BA but no strategy reordering. . . . . . . . . . . . . . . . . . . . 3111 Revised spec with conjunction and strategy reordering. . . . . . . . . . . . . . . . . . 3212 Revised spec with conjunction but no strategy reordering. . . . . . . . . . . . . . . . 3313 Original spec with conjunction and strategy reordering. . . . . . . . . . . . . . . . . 3414 Original spec with conjunction but no strategy reordering (last runs with memory

upgrade). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3515 Revised with BA, w/o divided by w/ reordering. . . . . . . . . . . . . . . . . . . . . 3616 Original with BA, w/o divided by w/ reordering. . . . . . . . . . . . . . . . . . . . . 37

2

17 Revised with conjunction, w/o divided by w/ reordering. . . . . . . . . . . . . . . . . 3818 Original with conjunction, w/o divided by w/ reordering. . . . . . . . . . . . . . . . 3919 Original with conjunction and with reordering, divided by original BA w/o reordering. 4020 Revised conjunction divided by BA (both with reordering). . . . . . . . . . . . . . . 4121 Revised conjunction with reordering, divided by BA w/o reordering. . . . . . . . . . 4222 Revised conjunction divided by BA (both w/o reordering). . . . . . . . . . . . . . . 4323 Revised conjunction w/o reordering, divided by BA with reordering. . . . . . . . . . 4424 Original with BA divided by revised with BA (both w/o reordering). . . . . . . . . . 4525 Original with conjunction divided by revised with conjunction (both with reordering). 4626 Revised spec with BA and strategy reordering: 2 masters. . . . . . . . . . . . . . . . 4727 Revised spec with BA and strategy reordering: 3 masters. . . . . . . . . . . . . . . . 4828 Revised spec with BA and strategy reordering: 4 masters. . . . . . . . . . . . . . . . 4929 Revised spec with BA and strategy reordering: 5 masters. . . . . . . . . . . . . . . . 5030 Revised spec with BA and strategy reordering: 6 masters. . . . . . . . . . . . . . . . 5131 Revised spec with BA and strategy reordering: 7 masters. . . . . . . . . . . . . . . . 5232 Revised spec with BA and strategy reordering: 8 masters. . . . . . . . . . . . . . . . 5333 Revised spec with BA and strategy reordering: 9 masters. . . . . . . . . . . . . . . . 5434 Revised spec with BA and strategy reordering: 10 masters. . . . . . . . . . . . . . . 5535 Revised spec with BA and strategy reordering: 11 masters. . . . . . . . . . . . . . . 5636 Revised spec with BA and strategy reordering: 12 masters. . . . . . . . . . . . . . . 5737 Revised spec with BA and strategy reordering: 13 masters. . . . . . . . . . . . . . . 5838 Revised spec with BA and strategy reordering: 14 masters. . . . . . . . . . . . . . . 5939 Revised spec with BA and strategy reordering: 15 masters. . . . . . . . . . . . . . . 6040 Revised spec with BA and strategy reordering: 16 masters. . . . . . . . . . . . . . . 6141 Revised spec with BA and strategy reordering: 17 masters. . . . . . . . . . . . . . . 6242 Revised spec with BA and strategy reordering: 18 masters. . . . . . . . . . . . . . . 6343 Revised spec with BA and strategy reordering: 19 masters. . . . . . . . . . . . . . . 6444 Revised spec with BA and strategy reordering: 20 masters. . . . . . . . . . . . . . . 6545 Revised spec with BA but no strategy reordering: 2 masters. . . . . . . . . . . . . . 6646 Revised spec with BA but no strategy reordering: 3 masters. . . . . . . . . . . . . . 6747 Revised spec with BA but no strategy reordering: 4 masters. . . . . . . . . . . . . . 6848 Revised spec with BA but no strategy reordering: 5 masters. . . . . . . . . . . . . . 6949 Revised spec with BA but no strategy reordering: 6 masters. . . . . . . . . . . . . . 7050 Revised spec with BA but no strategy reordering: 7 masters. . . . . . . . . . . . . . 7151 Revised spec with BA but no strategy reordering: 8 masters. . . . . . . . . . . . . . 7252 Revised spec with BA but no strategy reordering: 9 masters. . . . . . . . . . . . . . 7353 Revised spec with BA but no strategy reordering: 10 masters. . . . . . . . . . . . . . 7454 Revised spec with BA but no strategy reordering: 11 masters. . . . . . . . . . . . . . 7555 Revised spec with BA but no strategy reordering: 12 masters. . . . . . . . . . . . . . 7656 Revised spec with BA but no strategy reordering: 13 masters. . . . . . . . . . . . . . 7757 Revised spec with BA but no strategy reordering: 14 masters. . . . . . . . . . . . . . 7858 Revised spec with BA but no strategy reordering: 15 masters. . . . . . . . . . . . . . 7959 Revised spec with BA but no strategy reordering: 16 masters. . . . . . . . . . . . . . 8060 Revised spec with conjunction and strategy reordering: 2 masters. . . . . . . . . . . 8161 Revised spec with conjunction and strategy reordering: 3 masters. . . . . . . . . . . 8262 Revised spec with conjunction and strategy reordering: 4 masters. . . . . . . . . . . 83

3

63 Revised spec with conjunction and strategy reordering: 5 masters. . . . . . . . . . . 8464 Revised spec with conjunction and strategy reordering: 6 masters. . . . . . . . . . . 8565 Revised spec with conjunction and strategy reordering: 7 masters. . . . . . . . . . . 8666 Revised spec with conjunction and strategy reordering: 8 masters. . . . . . . . . . . 8767 Revised spec with conjunction and strategy reordering: 9 masters. . . . . . . . . . . 8868 Revised spec with conjunction and strategy reordering: 10 masters. . . . . . . . . . . 8969 Revised spec with conjunction and strategy reordering: 11 masters. . . . . . . . . . . 9070 Revised spec with conjunction and strategy reordering: 12 masters. . . . . . . . . . . 9171 Revised spec with conjunction and strategy reordering: 13 masters. . . . . . . . . . . 9272 Revised spec with conjunction and strategy reordering: 14 masters. . . . . . . . . . . 9373 Revised spec with conjunction and strategy reordering: 15 masters. . . . . . . . . . . 9474 Revised spec with conjunction and strategy reordering: 16 masters. . . . . . . . . . . 9575 Revised spec with conjunction and strategy reordering: 17 masters. . . . . . . . . . . 9676 Revised spec with conjunction and strategy reordering: 18 masters. . . . . . . . . . . 9777 Revised spec with conjunction and strategy reordering: 19 masters. . . . . . . . . . . 9878 Revised spec with conjunction and strategy reordering: 20 masters. . . . . . . . . . . 9979 Revised spec with conjunction but no strategy reordering: 2 masters. . . . . . . . . . 10080 Revised spec with conjunction but no strategy reordering: 3 masters. . . . . . . . . . 10181 Revised spec with conjunction but no strategy reordering: 4 masters. . . . . . . . . . 10282 Revised spec with conjunction but no strategy reordering: 5 masters. . . . . . . . . . 10383 Revised spec with conjunction but no strategy reordering: 6 masters. . . . . . . . . . 10484 Revised spec with conjunction but no strategy reordering: 7 masters. . . . . . . . . . 10585 Revised spec with conjunction but no strategy reordering: 8 masters. . . . . . . . . . 10686 Revised spec with conjunction but no strategy reordering: 9 masters. . . . . . . . . . 10787 Revised spec with conjunction but no strategy reordering: 10 masters. . . . . . . . . 10888 Revised spec with conjunction but no strategy reordering: 11 masters. . . . . . . . . 10989 Original spec with BA and strategy reordering: 2 masters. . . . . . . . . . . . . . . . 11090 Original spec with BA and strategy reordering: 3 masters. . . . . . . . . . . . . . . . 11191 Original spec with BA and strategy reordering: 4 masters. . . . . . . . . . . . . . . . 11292 Original spec with BA and strategy reordering: 5 masters. . . . . . . . . . . . . . . . 11393 Original spec with BA and strategy reordering: 6 masters. . . . . . . . . . . . . . . . 11494 Original spec with BA but no strategy reordering: 2 masters. . . . . . . . . . . . . . 11595 Original spec with BA but no strategy reordering: 3 masters. . . . . . . . . . . . . . 11696 Original spec with BA but no strategy reordering: 4 masters. . . . . . . . . . . . . . 11797 Original spec with BA but no strategy reordering: 5 masters. . . . . . . . . . . . . . 11898 Original spec with BA but no strategy reordering: 6 masters. . . . . . . . . . . . . . 11999 Original spec with BA but no strategy reordering: 7 masters. . . . . . . . . . . . . . 120100 Original spec with BA but no strategy reordering: 8 masters. . . . . . . . . . . . . . 121101 Original spec with conjunction and strategy reordering: 2 masters. . . . . . . . . . . 122102 Original spec with conjunction and strategy reordering: 3 masters. . . . . . . . . . . 123103 Original spec with conjunction and strategy reordering: 4 masters. . . . . . . . . . . 124104 Original spec with conjunction and strategy reordering: 5 masters. . . . . . . . . . . 125105 Original spec with conjunction and strategy reordering: 6 masters. . . . . . . . . . . 126106 Original spec with conjunction and strategy reordering: 7 masters. . . . . . . . . . . 127107 Original spec with conjunction and strategy reordering: 8 masters. . . . . . . . . . . 128108 Original spec with conjunction and strategy reordering: 9 masters. . . . . . . . . . . 129

4

109 Original spec with conjunction and strategy reordering: 10 masters. . . . . . . . . . 130110 Original spec with conjunction and strategy reordering: 11 masters. . . . . . . . . . 131111 Original spec with conjunction and strategy reordering: 12 masters. . . . . . . . . . 132112 Original spec with conjunction and strategy reordering: 13 masters. . . . . . . . . . 133113 Original spec with conjunction and strategy reordering: 14 masters. . . . . . . . . . 134114 Original spec with conjunction and strategy reordering: 15 masters. . . . . . . . . . 135115 Original spec with conjunction and strategy reordering: 16 masters. . . . . . . . . . 136116 Original spec with conjunction and strategy reordering: 17 masters. . . . . . . . . . 137117 Original spec with conjunction and strategy reordering: 18 masters. . . . . . . . . . 138118 Original spec with conjunction but no strategy reordering (last runs with memory

upgrade): 2 masters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139119 Original spec with conjunction but no strategy reordering (last runs with memory






upgrade): 8 masters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145125 Comparison with [1]. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146126 Synthesis time for the revised specification using a BA (w/o strategy reordering),

Fig. 45 to Fig. 59, and conjoining liveness goals (using strategy reordering), Fig. 60to Fig. 78, compared to results from [1, 2]. . . . . . . . . . . . . . . . . . . . . . . . . 146

127 Listing corresponding to formula in text. . . . . . . . . . . . . . . . . . . . . . . . . . 147

5

1 IntroductionThe ARM processor Advanced Microcontroller Bus Architecture (AMBA) [3] specifies a numberof different bus protocols. Among them, the Advanced High-performance (AHB) architecture hasbeen studied extensively in the reactive synthesis [4, 5, 6, 7, 1, 8, 2, 9, 10] and verification [11, 12,13, 14, 15, 16, 17] literature.

The AHB bus comprises of masters that need to communicate with slaves, and an arbiter thatcontrols the bus and decides which master is given access to the bus. The arbiter receives requestsfrom the masters that desire to access the bus, and must reposnd in a weakly fair way. In otherwords, every master that keeps uninterruptedly requesting the bus must eventually be grantedaccess to it. Note that the AMBA technical manual does not specify any requirement on fairness,but instead leaves that decision to the designer. For automated synthesis, weak fairness is onepossible formalization that ensures servicing of all the masters.

In addition, a master can request that the access be locked. However, the arbiter makes nopromises as to whether a request for the lock will be granted. If the arbiter does lock the access,then it guarantees to maintain the lock until the request for locking is withdrawn by the masterthat currently owns the bus.

A specification for the arbiter appeared in [4] and is presented in detail in [1]. In [2], the authorsformalize also the specifications for masters and slaves connected to the bus. Here, we revise thespecification of [1], and express it in the open Promela language.

The original specification includes some properties that are not in the GR(1) fragment. In [1],these properties are translated to deterministic Büchi automata, by introducing auxiliary variablesfor representing the nodes of the automaton. These variables are added to the problem’s alphabet.The resulting formulae are much less readable, and not easy to modify and experiment with.

Here, we specify these properties directly as processes (transition systems), with progress stateswhere needed.

During expression of the specification in the Promela language, there are two possible rep-resentations of the fairness requirements. In the original specification, fairness is required by aconjunction of recurrence formulae

N−1∧i=0

(request [i] → master = i).

It is possible to rewrite this conjunction as a Büchi automaton (BA) with a single accepting state,which checks each fairness condition, one after the other. The property described by the BA isequivalent to that described by the conjunction. This change reduces the number of recurrencegoals from N to 1. In the GR(1) synthesis algorithm [18], this reduces the number of fixed pointcomputations.

An initial motivation for this modification was to obtain a specification parameterized by thedomain of a counter variable (local to the BA process), which avoids the need to regenerate thespecification from an auxiliary script (as has been typically the case in similar studies).

Another motivation was to explore the design space, and the sensitivity of the specification,by varying the amount of detail that was specified. In particular, we were interested in observingwhether the runtimes improve significantly in case that the order of goals was given and fixed. Notethat the Büchi automaton above does not fix the order that goals have to be satisfied. This variantwas an initial attempt that placed more constraints on the design, to see whether those “hints” tothe synthesizer had a significant effect, or not.

6

This experimentation revealed a notable difference between the two alternatives. When usinga Büchi automaton, there is a single liveness goal. So a single sub-strategy is synthesized forthis goal, and it need not be combined with other sub-strategies, as there are none. In contrast,when there are multiple liveness goals, the individual sub-strategies need to be combined into asingle one. The process of combining the sub-strategies is disruptive to the BDD variable ordering.As a result, it is impossible to scale synthesis using a conjunction of liveness guarantees, withoutenabling dynamic reordering during the synthesis of the final, monolithic strategy. Reorderingduring strategy construction is not necessary, and in fact, if the liveness goals are represented asBA, then reordering during that final phase of synthesis has a negative effect on runtime. Thetrade-off is introducing auxiliary variables (a counter) in the state space that are used to representthe nodes of the BA. Together with the sequencing of goals that the BA represents, this leads tolonger runtimes, but scales without difficulty to a larger number of masters, without any need forreordering during strategy construction.

The revised specification is given in Listing 1, where some additional changes involve weakeningthe assumptions, and modifying assumption A1. An instance of the original specification is given inListing 2. In [1], assumption A1 requires that for locked undefined-length bursts, masters eventuallywithdraw their request to access the bus. This assumption is not explicit in the ARM standard, sowe modify it, by requiring that masters withdraw only their request for the lock, not for bus access.Weakening the assumptions also allowed abstracting the array HLOCK of N lock requests by thetwo bits that are only referenced in it. Another difference is that a Mealy game is solved here, anda Moore in [1].

In Section 2, we describe how the specification was revised, referring to the technical ARM spec-ification. In Section 3, we present the experiments, measurements, observations, and conclusionsbased on the measurements and the GR(1) synthesis algorithm.

Acknowledgments This work was supported in part by the TerraSwarm Research Center, oneof six centers supported by the STARnet phase of the Focus Center Research Program (FCRP) aSemiconductor Research Corporation program sponsored by MARCO and DARPA.

7

2 Revising the formal specificationDeclarative specifications for this case study were presented in [4, 5, 1, 2]. These papers do notmention the processors used as hardware, so the difference in processor clock speed is unknown, sothe speedups are compared only as absolute time intervals.

We base our specifications on those of [1]. In that case study, each requirement was obtainedeither:

• by formalizing the AMBA AHB standard, or

• by adding some desired (e.g., fair arbiter) or auxiliary properties (e.g., auxiliary schedulingvariables start, decide) that are left unspecified in the standard.

When initially formalized in LTL, some of the requirements yield formulae that are not in theGR(1) fragment. Nonetheless, there do exist deterministic Büchi automata for these particularproperties (the notion of determinism is discussed in Appendix A). The next step in [1] is totranslate these properties to (symbolic) deterministic Büchi automata, whose states are representedby auxiliary variables that become part of the problem’s alphabet. This translation is not alwaystrivial.

The translation step can be done either manually or automatically. However, with automatictranslation the user has little control over the form of the determinized automaton. The abilityto modify the automaton itself proves important during development and, especially, while debug-ging the specification. By changing directly the automaton, one can observe what effects selectedmodifications have on realizability, and understand better the problem’s structure.

Another aspect of writing LTL formulae, instead of attempting to express the design intent as anautomaton, is that the former may require nesting of operators, which quickly becomes unmanage-able. Writing imperatively a Büchi automaton for the same property can prove easier. Moreover,as the reduction of progress conditions in the AMBA example demonstrates, the availability of im-perative elements can encourage modifications that significantly reduce the problem’s complexity,while preserving the required property. For these reasons, describing directly automata can benefitthe synthesis process.

The properties from [1] have been either:

• changed, because they did not correspond to the ARM standard, or

• expressed directly as automata, in case they do not belong to GR(1) (similarly to what wasdone in [1] by defining the automata directly in LTL), or

• equivalently expressed as automata, because this allows significant reduction in synthesis time,or

• reformulated to an equivalent, but syntactically simpler formula, in several cases due to theavailability of array arithmetic, or

• remained unchanged.

The correspondence is noted inline, for example, “G 5” is the guarantee with index 5 in [1]. Inwhat follows, we consider each specification in incremental order, using the numbering in [1].

8

2.1 A1 vs ARM standardConsider assumption A1, stating that for locked indefinite duration bursts, the master that controlsthe bus must eventually withdraw its request for access to the bus. This property is expressed intemporal logic as:

((

HMASTLOCK ∧ (HBURST = INCR))→ ¬HBUSREQ [HMASTER]

)(1)

The ARM standard states that:

• Sec.3.11.2, paragraph 2, p.3-29 and Sec. 3.11.4, p.3-33: A master can lose ownership of thebus early, because the arbiter decides to limit their access time.

• Sec.3.11.2, paragraph 3, p.3-29 and Sec. 3.11.5, p.3-34: If a master requests both:

1. bus access (by setting HIGH the signal HBUSREQ [i]), and2. locking of its access (by setting HIGH the signal HLOCK [i])

then: if the arbiter decides to give the bus to the master, and lock the access, then the arbiterguarantees that it will maintain the lock,

“until the locked sequence has completed”.

The question becomes what “completion” of a locked sequence means. If a sequence has predefinedlength (determined by HBURST and some other signals), then the arbiter knows how long therequest will last (G3 addresses this for length-4 locked bursts).

However, for indefinite length bursts, the arbiter does not know a priori when the locked sequencewill terminate. In [1], the “locked sequence” is interpreted as the time interval until the masterwho was granted locked access stops requesting bus access. The master withdraws its request foraccess by setting HBUSREQ [HMASTER] to false. As a consequence, the progress assumption A1requires that a master who requested indefinite locked access, eventually withdraw its request tocommunicate.

However, it is not clear from the standard whether this behavior is intended. In Table 2-2, entryHLOCK , p.2-5, it is stated that

“When HIGH, this signal indicates that the master requires locked access to the bus,and no other master should be granted the bus until this signal is LOW.”

The “until” above suggests that the arbiter can grant the bus to another master, after master jdeasserts the signal HLOCK [j]. This implies that deassertion of HLOCK [j] by the current mastersuffices to allow the arbiter to reassign the bus. It does not refer to the signal HBUSREQ [j].

2.2 Weakening A1Based on the previous note, we can arrive at a weaker assumption, that decouples the:

1. lock requests HLOCK , from the

2. bus access requests HBUSREQ .

9

As soon as a master withdraw its request for locking its access, the arbiter is allowed to assign thebus to another master. This does not oblige the current master to withdraw its request for busaccess. So the master is free to keep requesting bus access (HBUSREQ), but is obliged to stoprequesting the lock (HLOCK ). In other words, a master is not allowed to lock the bus forever (butmay keep forever requesting access to the bus, without ever lowering HBUSREQ [j], in agreementwith Sec. 3.11.2, paragraph 1, p.3-29 “A bus master …may request the bus during any cycle”).

The modified assumption A1 is

((HMASTLOCK ∧ (HBURST = INCR)) → ¬HLOCK [HMASTER]) (2)

Later, we will remove the conjunct (HBURST = INCR), for reasons explained then.Note that, up to here, this allows the master to stop requesting bus access (LOW HBUSREQ),

but keep requesting the lock (during an indefinite length burst). Sec 3.11.2, paragraph 6, p.3-29assumes that the master never does this. It is formulated as assumption A3 (Eq. (5)). As commentedlater, we remove assumption A3, because it is not necessary for realizability (and simplifying it hasno adverse effect – weakening of assumptions is desirable [19]).

2.3 Proof of weakeningWe now prove that the previous change to A1 from Eq. (1) to Eq. (2) weakens the assumptions.In other words, the modified asssumption Eq. (2) is implied by the assumptions in the originalspecification. The original assumptions contain the conjuncts

N−1∧i=0

((HMASTER = i) → (BUSREQ ↔ HBUSREQ [i])

)(3)

= (BUSREQ ↔ HBUSREQ [HMASTER])

((

HMASTLOCK ∧ (HBURST = INCR))→ ¬BUSREQ

)(4)

N−1∧i=0

(HLOCK [i] → HBUSREQ [i]

). (5)

Eqs. (3) and (5) imply that

(BUSREQ ↔ HBUSREQ [HMASTER]) =⇒

(¬BUSREQ → ¬HBUSREQ [HMASTER])Eq. (5)=⇒

(¬BUSREQ → ¬HLOCK [HMASTER]).

(6)

By this and Eq. (4), it follows that

((

HMASTLOCK ∧ (HBURST = INCR))→ ¬HLOCK [HMASTER]

). (7)

This proves that Eq. (2) is implied by the original specification of [1].

2.4 Updating G2The replacement of HBUSREQ [HMASTER] by HLOCK [HMASTER] in A1 implies that the samereplacement applies to G2 also.

10

2.5 A3 becomes trivially trueThe replacement of HBUSREQ [HMASTER] by HLOCK [HMASTER] in A1 allows each master i tokeep HBUSREQ [i] always HIGH. As a result, assumption A3 does not constrain the environmentin a way essential for realizability (since the environment can set HIGH all the elements of arrayHBUSREQ forever). Therefore, we drop assumption A3.

2.6 Coupling between A1 and G22.6.1 Coupling

In this section, we analyze the dependence of G2 on A1. The conclusion motivates simplifying A1.An initial (wrong) attempt to express the LTL property A1 in Promela (without using Fig.9(a)[1]) resulted in the code

assume env proctype withdraw_lock(){progress:do:: lock && (burst == INCR);

do:: ! master_lockreq; break:: true /* wait */od

:: elseod

}

We have used master_lockreq in place of HMASTLOCK [HMASTER], for reasons explained later.This automaton is shown in Fig. 1a

The correct automaton for property A1 is Fig.9(a), and is expressed by the code

assume env proctype withdraw_lock(){progress0:

do:: lock && (burst == INCR); goto S1;:: elseod;S1:do:: (! master_lockreq) && ! (lock && (burst == INCR));

goto progress0:: (! master_lockreq) && (lock && (burst == INCR));

goto progress1:: elseod;progress1:do:: master_lockreq; goto S1;

11

��

��

��

��

(a) Initial attempt to represent Eq. (2) as anautomaton.

��

��

��

��

(b) Revised assumption A1 as an automaton.

Figure 1: Revising assumption A1.

:: (! master_lockreq) && (lock && (burst == INCR));:: else;

goto progress0od

}

The specification with the first automaton as A1 is unrealizable. Using the second automaton,the specification is realizable.

Consider the first automaton and the automaton for G2, shown in Fig. 2:

assert sys proctype maintain_lock(){do:: lock && start && (burst == INCR);

do:: ! start && ! master_lockreq; break:: ! startod

:: elseod

}

Each of them has two states: an “initial” one (outer do), and a “waiting” one (inner do). Theproduct of the two automata has 4 states, and an abstraction is shown in Fig. 3:

State 0: both automata at the initial states. The system has not yet lost at this state.State 1: both automata at the “waiting” states. As soon as the environment sets master_lockreq,

the system returns to the initial state and is released, so that it can start a new bus access later.

12

��

��

��

��

Figure 2: Automaton for guarantee G2.

(The environment also returns to its initial state).State 2: the environment at the initial state, and the system at the waiting state. The system

has lost, because the initial A1 state is a progress state, and the environment can keep HBURSTdifferent from INCR, to remain at its initial state. So the environment is not obliged to withdrawthe lock request master_lockreq, leaving the system indefinitely trapped at its waiting state.

State 3: the system at the initial state, and the environment at its waiting state. Note that state3 is reachable, because the environment can reach its waiting state as soon as lock && (burst == INCR),whereas the system has to wait until start, and start can be delayed arbitrarily long by the en-vironment keeping ready LOW (G1).

If the system transitions to its waiting state, but the environment remains at its waiting state,then state 1 is reached. If the environment transitions to its initial state, but the system remainsat its initial state, then state 0 is reached. These two transitions cause no problems.

The transition that makes the system lose is if the environment returns to its initial state, andthe system transitions to its waiting state, both at the same time. If this happens, then state 2 isreached, and the system has lost. This transition is possible, only if burst == INCR can hold when! master_lockreq.

This execution is not possible with the automaton of Fig.9(a), because in order for the environ-ment to return to progress0 there, it must set both burst != INCR and ! master_lockreq atthe same time. This implies that the environment will return to its initial state, without lettingthe system transition from its initial, to its waiting state. So it prevents the transition from state3 to the losing state 1.

2.6.2 Modifying A1 to remove the coupling

The coupling analyzed previously requires that the original automaton be used for assumption A1(which can be rewritten, using structured programming constructs). The resulting specificationis more fragile (for example, the initial attempt at manually writing an automaton contained theerror above). Moreover, it results in longer synthesis time.

13

��

��

��

��

��

��

Figure 3: Abstraction of interest from the product of Fig. 1a and Fig. 2.

For these reasons, we simplify assumption A1 to

(HMASTLOCK → ¬HLOCK [HMASTER]) (8)

Using the replacement bit variable ! master_req, this is equivalent to the (much simpler) automa-ton

assume env proctype withdraw_lock(){progress:do:: lock;

do:: ! master_lockreq; break:: true /* wait */od

:: elseod

}

This automaton is shown in Fig. 1b. Note that the only modification from the erroneous initialattempt is to remove the conjunct burst == INCR from the guard lock && (burst == INCR).

The modified assumption A1 states that if the current master is granted the lock, then next itmust eventually withdraw the locking request. This assumption is reasonable, because no masterthat has been granted locked bus access is entitled to continue requesting the lock indefinitely.Moreover, it decouples the type of burst from the lock requests.

14

2.7 Reducing the number of variables modeling the environment2.7.1 Substitutions

Earlier, we used master_lockreq in place of HLOCK [HMASTER]. The reason is that assumptionA3 does not constrain HLOCK any more (and was dropped, as explained earlier), so each bit inthe array HLOCK can take any value in its domain (no constraint). Therefore, it is not significantwhich bit this is, so HMASTER can be removed, abstracting the value HLOCK [HMASTER] by asingle environment bit master_lockreq.

This implies the same replacement, of HLOCK [HMASTER] by the bit master_lockreq, alsoin G2.

The only remaining use of array HLOCK is in G7. Using arrays, the guarantee G7 can beexpressed as

[] ( decide -> (lockmemo' <-> HLOCK[grant']) )

We observe that HLOCK[grant'] above is again an element of the array HLOCK . Before re-placement with bit master_lockreq, the only constraint on HLOCK was A1. A1 required thatHLOCK [HMASTER] eventually become LOW, if locked access is granted.

In general, grant' will be a master different than the current (so as to serve all masters),therefore HLOCK[grant'] takes values independently of HLOCK [HMASTER]. So we abstractHLOCK[grant'] by a single environment bit grantee_lockreq. The bit grantee_lockreq repre-sents the lock request of that master that is selected as the next grantee. The values of grantee_lockreqare not constrained in any way.

The initial condition assumption A4 implies that master_lockreq and grantee_lockreq mustbe false initially.

2.7.2 Removing array HLOCK

The replacements:

1. HLOCK [HMASTER] by the single bit master_lockreq, and of

2. HLOCK [HGRANT [i]′] by the single bit grantee_lockreq

weaken the assumptions. Therefore, they are desirable.After these replacements, the array HLOCK does not appear in any guarantee or assumption

(except the initial condition A4). Therefore, the array HLOCK can now be removed.In the best case (N = 16 masters), the replacement of the bit array HLOCK by the 2 bits

master_lockreq and grantee_lockreq resulting in a reduction by 16 - 2 = 14 bits. So it reducesby 28 (14 unprimed and 14 primed copies) the number of environment variables in the binarydecision diagram (BDD). This reduction is significant, because environment variables are universallyquantified, leading to an exponential increase in the number of possible next inputs. This reductionreduced synthesis time.

Instead of 32 possible next environment valuations for HLOCK , this replacement reduces themto 4, so a reduction of universal branching by a factor of 8.

15

��

��

��

��

��

��

��

��

Figure 4: The form of a single Büchi automaton with one accepting state that is equivalent to Nweak fairness goals.

2.8 Merging progress guaranteesThe second significant change was the merging of the N weak fairness guarantees in G9:

N−1∧i=0

(HBUSREQ [i] → (HMASTER = i)) (9)

into an equivalent Büchi automaton with a single progress state. This reduces the N inner fixedpoint computations in the GR(1) synthesis algorithm, to only a single fixed point computation. Asa result, the number of masters N does not increase any more the number of progress goals thatthe system must satisfy.

The Büchi automaton used is

/* G9: weak fairness */assert active proctype fairness(){

int(0, N) count;do:: ! request[count] || (master == count);

if:: (count < N) && (count' == count + 1):: (count == N) && (count' == 0);

progress: skipfi

:: elseod

}

This automaton is equivalent with the conjunction of weak fairness guarantees, because it

16

• “looks” at each one of them in turn,

• waits until that progress requirement is satisfied (! request[count] || (master == count))

• then increments the counter count and waits for the next fairness guarantee to be satisfied,

until it reaches the last fairness guarantee. At this point it has completed a round of each fairnessguarantee being satisfied, so it visits the progress state, and starts a new round. The structure ofthe automaton (after unfolding of the program graph) is shown in Fig. 4.

The automaton is equivalent to the LTL property

(((

HBUSREQ [0] → (HMASTER = 0))∧

((

HBUSREQ [1] → (HMASTER = 1))∧ . . .

))) (10)

This demonstrates the merits of using a language that allows directly writing sequential com-position. Note that this automaton does not constrain in any way the order in which the arbiterchooses masters to grant the bus. In other words, it does not restrict the master to using a particularpriority for choosing masters.

Note that, after all these changes, the result is a fully parameterized program, where one needonly change a single preprocessor definition (#define N 15), in order to define a different numberof masters in the bus.

2.9 Changes to variablesNote that we use an integer variable to model the HGRANT signal. This conforms to the standard,because the standard requires that exactly one HGRANTi bit be true at a time. So we reducethe number of BDD variables by a factor exponential in the number of masters. The synthesizedinteger values of HGRANTi can readily be mapped to patterns of 7 bits, where only a single oneis true.

17

3 Experimental results3.1 Experimental configurationsThe experiments were performed with the open Promela compiler [20] and the Slugs GR(1)synthesizer as back-end [21]. The hardware used has:

1. Intel(R) Xeon® X5550 processing core

2. runs Ubuntu 14.04.1

3. 11 GB RAM (3 experiments in the last batch were run after an upgrade to 27GB RAM).

The modifiable parameters are listed in the table below. The parameters that are fixed areassigned values in the table. The remaining parameters vary over the experiments. The number ofvariables varies by the size of the masters, and is given for the different specifications in Fig. 7 toFig. 14.

In addition, there are two versions of the specification: the original from [1], and the revised oneproposed here. The original specification is obtained by translating to Python the Perl generatorscript for AMBA specifications that is distributed on the Anzu homepage. The new generatorproduces the same specifications, but in open Promela syntax (as ltl blocks for assumptions andassertions). For each specification, there are two equivalent variants that we evaluate: conjoiningthe fairness formulae, or merging them into a single Büchi automaton.

In the experiments, we are interested in the effect of the following parameters: strategy reorder-ing, machine (memory, CPU frequency), conjunction vs BA, original vs revised AMBA specification,initial variable ordering.

3.1.1 Enabling reordering during strategy construction

In all experiments, reordering is enabled during realizability. Checking realizability without re-ordering causes a memory blowup very fast, going from 309K BDD nodes in the strategy for 2masters, to 1.8M BDD nodes for 3 masters. For comparison, when dynamic reordering duringrealizability is enabled, in the worst case1, the strategy BDD for 2 masters has about 20K nodes,and about 200K nodes for 3 masters.

In Slugs, reordering during strategy construction is disabled by default. Enabling reorderingduring this second phase proved the enabling factor for scalable synthesis of the AMBA case studywhen the (weak) fairness guarantees are conjoined. In contrast, the revised specification with thefairness requirements represented as a single Büchi automaton does not require that reordering beenabled during construction of the strategy.

The price is longer runtimes. Nonetheless, when strategy reordering is deactivated, the runtimesusing a BA do not scale as quickly as memory does when using a conjunction of fairness formulae.Without reordering during strategy construction, the shared BDD quickly blows up, for both theoriginal and revised specifications, as shown in Fig. 123 and Fig. 84, respectively.

Note that in experiments with the same specification, the realizability phase has the sameparameters, independently of whether the strategy is constructed with reordering enabled or not.Typically, realizability terminates, whereas construction of a strategy can cause a memory blowup

1The worst case in terms of strategy size blowup is the original spec with reordering disabled during strategyconstruction.

18

Table 1: Parameters of the experiments (both those constant and variable).

parameter valuemem 10GBcache uint-1

min hit 1blowup 1.2reorder group sifting

reorder during strategy construction variesnumber of variables varies

universal branching (number of env vars) variesinitial var order natural order (1, 2, 10, …)

or time out, limiting the number of masters for which we could synthesize an arbiter, for certaincombinations of specification with parameters.

3.1.2 Reordering using group sifting

Rudell’s sifting [22] is the reordering algorithm used by Slugs. After experiments with differentreordering algorithms, group sifting [23] was found as the algorithm that produces the best resultsfor this case study. Group siting is an extension of sifting that automatically detects affinity betweenvariables, and creates temporary groups. Grouped variables are shifted together during swaps oflevels. This can improve the results by avoiding a situation where shifting one of the two tightlycoupled variables finds no better place, because the other variable is “pulling it back” (known asrubber-band effect), and the same happening to the second variable results in no overall change.In contrast, moving both variables together enables finding a better position for both of them.

3.1.3 Number of variables

Original vs revised specification The number of variables differs between the original andrevised specifications. It also differs for each variant of these specifications. In the original specifi-cation, the number of variables grows faster with the number of masters, than it does in the revisedone. The reasons are:

• The use of one lock request bit for each master. The lock requests have been abstracted byusing two bits, without any conflict with the requirements described in the AMBA technicalmanual [3]. This change leads to N−2 fewer environment variables, where N is the number ofmasters. It is a significant gain, because not only does it reduce the state space size, but alsothe degree of universal branching (at each state, the environment has fewer “next moves”).

• The one-hot encoding of the system variables “master” and “grantee” in the original spec-ification. In the revised specification, these variables are encoded as bitvectors. The twoformulations are equivalent. As a result, in the revised specification, the number of systemvariables increases only when the number of masters reaches boundaries of powers of 2. Theeffect is reduction of state space size.

19

Table 2: Overview of results.

Strategyreordering

Specificationoriginal revised

Conjunction of fairness with slow fastw/o memory blowup memory blowup

Büchi automaton with very slow ok (slower)w/o slow ok

Fig. 7 to Fig. 14 show how the number of variables scales for the original and revised specificantionvariants considered.

Conjunction vs Büchi automaton The number of variable differs also between a specificationthat includes fairness in the form of conjoined recurrence formulae, and as a Büchi automaton. Therepresentation of a Büchi automaton requires introducing an auxiliary bitvector for representing thecurrent node of the automaton. This is also discussed later, in the section Section 3.4 analyzing thetrade-off of using a BA, instead of handling weak fairness at the level of the strategy constructionalgorithm.

Note that when using a BA in the original specification, there is one extra fairness guaranteefrom one of the automata (Eq.G2.4 in [1]. This results in one extra point in the “combined strategy”plots. The number of points in a “combined strategy” plot is equal to the number of recurrence goalsin the game, plus one (the initial point). This guarantee is not present in the revised specification,because it describes a safety property that can be represented by a process without progress states.

Optimizing away unused auxiliary variables Note that if the processes of a player do notinclude any atomic blocks, then no auxiliary variables are added for requesting and granting atomicexecution of processes. In the specification of the AMBA arbiter used here, no atomic blocks arenecessary, so the auxiliary variables ex s and pms are not used, thus the compiler does not definethem. This avoids unnecessarily increasing the number of states.

3.2 Instrumentation of the GR(1) synthesis algorithm3.2.1 The different configurations

The experiments were performed for 8 different combinations: original and revised specification,using conjunction or a BA, and with strategy reordering enabled and disabled. An overview of theresults is shown in Table 2, and in detail in Fig. 26 to Fig. 124.

3.2.2 Measurements for each phase

The measurements were obtained by inserting in Slugs statements that print the information anddumping this output to a log file. The most relevant set of changes can be found in a fork of Slugson github. There are three distinct phases of computation:

1. Fixed-point iteration that decides realizability and stores the interant sets X,Y, Z.

20

https://github.com/johnyf/slugs

2. Construction of individual strategies, one for each recurrence goal.

3. Combination of the individual strategies into a single one that iterates through them.

Each phase involves different quantities to be measured, so it is instrumented slightly differently.The realizability phase involves three nested iterations, each one computing a fixed point. The

three variables are X,Y, Z, and at a high level, the iteration has the structure of the followingµ-calculus formula νZ.µY.νX. So X,Z are greatest fixed points and Y is a least fixed point.Moreover, X is in the innermost loop, so it is the most frequently updated variable, with variableY less frequently updated, and variable Z the least frequently updated one.

Each one of the variables X,Y, Z represents a set symbolically, by reference to a BDD in theshared BDD managed by Cudd. Therefore, the size of these variables can be quantified as thenumber of BDD nodes in the referenced BDD. This number is obtained by calling the functionCudd_DagSize.

In addition, the total number of nodes in the shared BDD is recorded with Cudd_ReadNodeCount.The total size of the shared BDD corresponds to the current memory use of Cudd (though they arenot identical entities). Reordering is triggered based on growth of the shared BDD, as measuredby its number of nodes. The total number of nodes also quantifies the randomness with which newnodes have been added [24], and so how inefficiently representable the intermediate results of thefixed point computation are, compared to the final result (that is typically much smaller, as hasbeen observed in the literature [25]).

Plotting the sizes of the variables X,Y, Z provides a view into the fixed-point iteration. However,it is difficult or impossible to tell when a loop starts of ends, by only inspecting how X,Y and Zchange. For this reason, the indices of the:

1. current recurrence assumption, and

2. current recurrence guarantee

are also recorded. Finally, the total runtime is measured with the function gettimeofday fromsys/time.h, and the time spent reordering so far is measured with the function Cudd_ReadReorderingTime.

The remaining measurements are taken during construction of the strategy. During constructionof the individual strategies, the quantities recorded are the total time, reordering time so far, goalpursued by the strategy under construction, the total number of nodes in the shared BDD, thenumber of nodes in the BDD of the current strategy, as well as the number of BDD nodes in thesets of new and accumulated states.

The final phase combines the individual strategies into a single one. Besides the total andreordering time, the goal whose strategy is currently combined in the overall strategy, the totalBDD nodes, and the nodes in the combined strategy (so far) are recorded.

3.3 Observations3.3.1 General

The figures can be understood as follows. There are two sets of figures:

1. the top four figures extend through the whole computation, whereas

2. the bottom three figures contain more details for each of the individual phases.

21

In most runs, reordering takes a high, to very high, percentage of the total runtime. A senseof this ratio can be obtained visually by comparing the bisector in2 Fig. 26-(i) (dotted) to thecumulative reordering time (solid line). The final values of each run are collected in Fig. 7 toFig. 14.

The periods of constancy of the reordering curve correspond to BDD computations. The high-lighted period corresponds to the construction of individual strategies.

Fig. 26-(ii) shows the goal that is currently pursued during realizability, and the goal whosestrategy is currently being constructed during the individual strategy construction phase. For therevised specification, there is only a single recurrence goal, so this curve is constant. For the originalspecification, the successive goals appear as increments.

Fig. 26-(iii) shows the recurrence assumption that is currently being considered during the fixed-point computation of Y . For every iteration of the middle fixed-point Y , the computation takes adisjunction over all assumption, which results in fast cycling in the plot.

The total number of nodes in the shared BDD is shown in Fig. 26-(iv). We can identify thefollowing features that correspond to the computation. Initially, the total number of nodes growsslowly, and several reorderings occur (flat or slightly decreasing periods). These are triggered bythe initial exploration of the state space. The new states added to the BDD trigger changes to thevariable ordering, which tends to “adapt” to the sets that need to be represented.

After the first outer fixed point is completed, the stored iterants (X,Y over the inner iterations,to be used for constructing the strategies in the final fixed-point iteration) are deleted, if a fixed-point was not reached in the current iteration. This dereferencing appears as abrupt reductions ofthe number of nodes to almost zero (forming “teeth”). So each such reduction corresponds to oneiteration of the Z greatest fixed-point.

During construction of the strategy, the number of nodes increases monotonically, if no reorder-ing is enabled. If reordering is enabled in the strategy construction phase, then the number ofnodes may be observed to decrease, and in those cases, its rate of growth is always limited (withthe trade-off of long interruptions for reordering). Note that the allocated memory never decreases,because Cudd does not release memory, even when nodes are deleted.

In some total node count plots, a dashed line is visible, starting from the end of the highlightedperiod. This corresponds to the time between the completion of individual strategy construction,and the first iteration of combining strategies. It is included, because reordering during that periodcan defer the initial iteration of constructing the combined strategy.

In the second set of figures, Fig. 26-(v) shows the sizes of the fixed-point variables X,Y, Z. Wecan observe that X,Y are quite similar in size. This is expected, because Y is assigned the union ofX over the recurrence assumptions (and there are only two recurrence assumptions). The variableZ exhibits more interesting behavior. In the initial iteration, Z is always 1 (⊤), by definition. Itssize changes in the following iterations, remaining constant in each one of those iterations. As aresult, the curve of variable Z indicates the successive loops of the outer fixed-point iteration. Wecan also observe “humps” of X,Y during the intermediate results of each outer iteration. Note thatthese humps of X,Y , and steps of Z correspond to the teeth in Fig. 26-(vi).

Fig. 26-(vi) shows the BDD size of the strategies for the individual goals, as they are beingconstructed. It also shows the number of accumulated and new states. It is interesting that thesecurves are typically close to constant. Another observation is that, in most cases, this phase is brief,unless reordering is triggered. When strategy reordering is disabled, this phase is always of shortduration.

2Counting over the graphics within each subfigure proceeds from top to bottom.

22

Finally, the size of the cumulative strategy as the individual ones are being combined is shown inFig. 26-(vii). Note that in the revised specification, when using a BA, there is only one recurrencegoal, so only a single point in this plot (there is only a single sub-strategy, so not multiple ones tobe combined). In cases without reordering and with conjunction, the rapid growth of the combinedstrategy can be observed in this plot. Another observed feature is the triggering of reorderingduring this last phase, and that if triggered, reordering takes most of the time in this phase.

Fig. 7 to Fig. 14 summarize the previous measurements over the number of masters, per ex-perimental configuration. The top plot shows how the numbers of variables change. The numberof variables determines the size of the state space, and this is a difference between specificationvariants. The number of environment variables gives an upper bound on the amount of universalbranching in a problem.

The second plot summarizes the total number of nodes in the shared BDD, and the size of thesynthesized strategies. This is a measure of how larger the intermediate BDDs are from the desiredresult.

The third and fourth plots show how total, realizability, and reordering times scale with thenumber of masters, and how they compare to each other.

Fig. 15 to Fig. 25 are the most interesting, and compactly represent the conclusions from the allthe experiments. The show ratios of quantities between different selected pairs of configurations,those that we think are the most interesting and useful.

3.3.2 Comparison of variants

From the measurements, we observe that

• The revised specification is orders of magnitude better than the original, as seen in Figs. 24and 25.

• Using a Büchi automaton, reordering during strategy construction is not needed, and unde-sired, as seen in Figs. 15 and 16.

• Using conjunction of fairness goals, reordering is necessary, as seen in Figs. 17 and 18.

• Conjunction with reordering is clearly better than the BA, by about an order of magnitude,as seen in Figs. 19 to 21.

• Using a Büchi automaton is clearly better than conjunction without reordering, by severalorders of magnitude, as seen in Figs. 22 and 23. In absence of strategy reordering, only theBA scales.

3.4 Trade-off of counter in state spaceIn the following, by realizability phase, we refer to the fixed-point computation that stratifies theset of states to produce the layers that comprise the attractors [18, 26]. This phase stores thesesets in memory as an array of BDD nodes. By construction phase, we refer to the constructionof a strategy that satisfies the original specification, using the layers produced by the realizabilityphase. So the realizability phase precedes the construction phase.

23

3.4.1 The two alternatives

In this section, we evaluate the two (equivalent) alternatives for representing liveness goals:

1. as a conjunction of the form p0 ∧p1 ∧ · · ·pN−1

2. as a single Büchi automaton with the structure shown in Fig. 4.

Representing the Büchi automaton augments the system state by the integer counter that describesthe current node. This counter is linear in the number of fairness guarantees.

Conjoining multiple fairness goals leads to the construction of a sub-trategy for each goal. Inorder to obtain the overall strategy, these sub-strategies are combined, using a counter to keep trackof the currently active sub-strategy. This other counter comprises the transducer’s memory.

Note that both counters have the same range. In the final strategy, both counters appear asBDD variables. The difference is that the first counter is present during the attractor computations(realizability phase), whereas the second is introduced only at the end (strategy construction phase).

This means that using a Büchi automaton shifts the transducer memory from the construction,to the realizability phase. As a result, the state space of the game is multiplied by a factor of k,the number of fairness goals. In the experiments presented here, the default implementation ofthe synthesis algorithm in Slugs was used. In the worst case, the time complexity increases by afactor O(k3), measured in number of symbolic controllable preimage computations. An improvedimplementation employing fixpoint memoization [27, 1] is available as a Slugs option, but was notused. The improved implementation would be affected by a factor of O(k2).

Nonetheless, an improvement is observed, because synthesis remains scalable, even withoutreordering during the construction phase. This can be understood by considering three effects.

Including the counter in the state space encodes the problem symbolically, instead of explicitly.It avoids the combination of individual strategies later, which is an enumerated procedure thatiterates over the transducer’s memory (the counter introduced during the construction phase). Thenumber of sub-strategies to disjoin increases linearly with the number of liveness goals. This canaffect the suitability of the variable order significantly, and it does. The measurements indicatean exponential growth of the total number of nodes in the shared BDD, as the number of mastersgrows.

The second effect is the reduction of intermediate results [25] of BDD computations. As hasbeen observed in the literature [24], unstructured breadth-first search of the state space createsintermediate sets that have “a lot of ad hoc detail”. For a fixed variable ordering, this semi-randomdetail decreases the likelihood of these intermediate sets being efficiently representable as BDDs. Asdescribed in [24], an interesting analog is the entropy of random strings in information theory. TheBüchi automaton introduces structure in the state space that is relevant to the fairness constraints.

The third effect is the abruptness of changes to how far from optimal the current order is. Theexperimental results suggest that disjoining individual strategies at the end is disruptive to thevariable ordering, necessitating reordering to avoid BDD blowup. In contrast, shifting the counterto the state space allows the order to adapt over a longer number of iterations, while the BDD ischanging less abruptly (i.e., during the attractor computations).

Another effect is the reduction of size of the goal set. This can lead to a simpler BDD for the Zvariable in the fixed-point computation. It is observed as small BDD size for Z for a specificationthat uses a Büchi automaton. For example, in Fig. 26 to Fig. 57 Z is much smaller than X andY . In contrast, a conjunction of recurrence formulae leads to large Z values, much larger in manycases than the variables X,Y . This difference can be seen in Fig. 60 to Fig. 88.

24

3.4.2 Effect of reordering and memoization

In most cases, 65%„ or more, of the total runtime is spent reordering the shared BDD. A similarobservation has been made in [1]. Therefore, reordering is a controling factor of overall runtime.Reordering by sifting considers all BDDs in a “neighborhood” of the BDD being reordered. Thisallows it to cross boundaries between basins of attraction associated with different local minima.

However, it also makes sifting (and reordering in general) quite sensitive to the details of in-termediate results during the fixed-point computation. In turn, these intermediate results candepend on the order that individual goals are visited, as well as variations in the encoding, e.g., ofa program graph by integers. Overall, these variations can cause reordering to “touch” expensiveneighborhoods, resulting in significant runtime outliers being observed. The sensitivity of BDDcomputations is a common observation in the symbolic model checking literature [25].

This effect can be further amplified by the cache, where results are memoized (mapping ar-guments to results of the operation being performed). As more memory is required, results areoverwritten, causing regeneration, thus deviating from the practically bilinear cost of BDD opera-tions, to the worst-case exponential [28], Programmer’s Guide.

Configuring Cudd memory limit Initially, fragile behavior was observed with Cudd. This wasdue to the maximum memory limit of Cudd that by default3 is set to 3GB in Slugs. Increasingthis limit to that available on the machine resulted in improved performance, and very significantlyreduced fragile behavior. This limit can be set with the function Cudd_SetMaxCacheHard. Arelevant suggestion can be found in the Cudd Programmer’s manual, Sec. “Modifiable parameters”.

Effect of initial order Another factor that introduced significant variability and adversely af-fected runtime was the initial order of variables. In the initial implementation, the initial orderof variables was not controlled. The result was semi-random, because the enumeration of items inPython sets and dictionaries can vary arbitrarily.

Later, the BDD variables were initially sorted in natural order by their bitblasted “flat” name(i.e., after translation to logic and bitblasting). The flat name of a variable includes scope informa-tion in the form of a prefix. This brings together in ordering variables that are defined in the samenamespace, bits in the same bitvector, and variables with similar names (with respect to naturalordering). Initial sorting by natural order improved the results.

Using a natural lexical ordering to obtain the initial variable order brings together variablesin the same scope. The revised specification contains more information in the form of variablescopes, because local variables in the same process have the same prefix in the logic formulae (forexample, a local variable x will become pid0_x). The original specification is flat (no processes inthe syntactic description), so it contains less scoping information.

3 In BFCuddManager.h as of f9eed21813e7e6d23c0bd63563b587cc1cee95c6 (line 30).

25

http://vlsi.colorado.edu/~fabio/CUDD/node4.html#SECTION00048200000000000000

https://github.com/LTLMoP/slugs/blob/f9eed21813e7e6d23c0bd63563b587cc1cee95c6/src/BFAbstractionLibrary/BFCuddManager.h#L30

0 5 10 15 20 25 30 3510-1100101102103104105

Tota

l ti

me (

sec)

0 5 10 15 20 25 30 3510-1

100

101

102

103

104

Max R

SS m

em

ory

(M

B)

4 8 12 16 20 24 28 32100

101

102

Num

ber

of

sam

ple

s

Figure 5: Total run time vs number of masters for synthesizing an arbiter using the revised speci-fication, with fairness as a Büchi automaton, and reordering enabled during strategy construction.These repeated experiments are different runs than those from which the detailed tracing plots weregenerated.

26

100 101 102 103 104 105

time (sec)

10-1

100

101

102

103

104

mem

ory

(M

B)

2

22

222

2 22

2

2

2

2

22

2

222

2

222

2

2 222

2

2

2

222 33 3333

3 3

33

3

33

3

33 33

3

3 333 3 3

33 33

333 33

444

44

4 4

44

44

4

4

4

44 444

4

444

4444

4

4

4

4

44

4

55

5

5555 55

5

5

5

5

5

5

5 5 55 55

5

5 55 55

5

5

5

5

5

5

5

6 66666 6666

66

6 6

66

6

6666

6666

66

6

666

6 6777

7

77

77 77

77

777 7

777

7

77

7

77

77

7

77 77

78

888

888

8 88

8

888 8

8888

88

88

8

8

888888

8

8

99999

9 9

9 999 99

9 99 99

99999 9999 9

9

999

9

1010

1010

10

1010

10

10

1010 10101010

10

1010

10

1010

1010

101010

10

10

10

1010

10

10

1111

11

111111

11

11

1111 1111

11

1111

111111

111111

111111

111111

11

1111

11

11

111212

12

1212

12

12

12

12

12

12

1212

12

121212 1212

12 12 1212

12

12 1212

12

121212

121213

13

13

13

13

13

13

13

1313131313

13

13

13

13

131313 13

13

13

13

131313

13

13

13

13

1313

14

14 1414

14

141414

14

14 1414

14

1414

14

14

14

1414141414

14

14

14141414

14

1414

14

15

15

15

151515

1515

15

15

1515

15 15

1515

15

15

15

15

15

1515

15

15

15

15

15

15

15

15

1515

16

1616 1616

161616

1616

16

16

161616

16

1616

1616

16

1616

1616

16

1616

16

16

1616

1617

18

1920

21222324

25

26 27

28

29

3031

32

33

Figure 6: Peak memory consumption for the experiments of Fig. 5

Table 3: Index of measurements for each experiment.

Revised Y Y Y YBA Y Y Y Y

Reorder Y Y Y Ymasters Experiments

2 Fig. 60 Fig. 101 Fig. 89 Fig. 94 Fig. 118 Fig. 26 Fig. 45 Fig. 793 Fig. 61 Fig. 102 Fig. 90 Fig. 95 Fig. 119 Fig. 27 Fig. 46 Fig. 804 Fig. 62 Fig. 103 Fig. 91 Fig. 96 Fig. 120 Fig. 28 Fig. 47 Fig. 815 Fig. 63 Fig. 104 Fig. 92 Fig. 97 Fig. 121 Fig. 29 Fig. 48 Fig. 826 Fig. 64 Fig. 105 Fig. 93 Fig. 98 Fig. 122 Fig. 30 Fig. 49 Fig. 837 Fig. 65 Fig. 106 Fig. 99 Fig. 123 Fig. 31 Fig. 50 Fig. 848 Fig. 66 Fig. 107 Fig. 100 Fig. 124 Fig. 32 Fig. 51 Fig. 859 Fig. 67 Fig. 108 Fig. 33 Fig. 52 Fig. 8610 Fig. 68 Fig. 109 Fig. 34 Fig. 53 Fig. 8711 Fig. 69 Fig. 110 Fig. 35 Fig. 54 Fig. 8812 Fig. 70 Fig. 111 Fig. 36 Fig. 5513 Fig. 71 Fig. 112 Fig. 37 Fig. 5614 Fig. 72 Fig. 113 Fig. 38 Fig. 5715 Fig. 73 Fig. 114 Fig. 39 Fig. 5816 Fig. 74 Fig. 115 Fig. 40 Fig. 5917 Fig. 75 Fig. 116 Fig. 4118 Fig. 76 Fig. 117 Fig. 4219 Fig. 77 Fig. 4320 Fig. 78 Fig. 44

27

2 4 6 8 10 12 14 16 18 20

Number of masters

10

15

20

25

30

35

40

45

Num

ber

of

vari

able

s

allsysenv

2 4 6 8 10 12 14 16 18 20

Number of masters

103

104

105

106

107

BD

D n

odes

Max total nodesStrategy size

2 4 6 8 10 12 14 16 18 20

Number of masters

0.0

0.5

1.0

1.5

2.0

2.5

3.0

Tim

e (

mse

c)

1e6

totalrealizabilityreordering

102 103 104 105 106 107

Total time (msec)

102

103

104

105

106

107

Const

ituent

tim

es

(mse

c)

realizabilityreordering

Figure 7: Revised spec with BA and strategy reordering.

28

2 4 6 8 10 12 14 16

Number of masters

10

15

20

25

30

35

40

Num

ber

of

vari

able

s

allsysenv

2 4 6 8 10 12 14 16

Number of masters

103

104

105

106

107

BD

D n

odes


2 4 6 8 10 12 14 16

Number of masters

0.0

0.5

1.0

1.5

2.0

2.5

3.0

3.5

4.0

Tim

e (

mse

c)

1e5


102 103 104 105 106

Total time (msec)

102

103

104

105

106

Const

ituent

tim

es

(mse

c)


Figure 8: Revised spec with BA but no strategy reordering.

29

2.0 2.5 3.0 3.5 4.0 4.5 5.0 5.5 6.0

Number of masters

5

10

15

20

25

30

35

40

45

Num

ber

of

vari

able

s

allsysenv

2.0 2.5 3.0 3.5 4.0 4.5 5.0 5.5 6.0

Number of masters

104

105

106

107

BD

D n

odes


2.0 2.5 3.0 3.5 4.0 4.5 5.0 5.5 6.0

Number of masters

0.0

0.5

1.0

1.5

2.0

2.5

3.0

3.5

4.0

Tim

e (

mse

c)

1e6


103 104 105 106 107

Total time (msec)

103

104

105

106

107

Const

ituent

tim

es

(mse

c)


Figure 9: Original spec with BA and strategy reordering.

30

2 3 4 5 6 7 8

Number of masters

0

10

20

30

40

50

60

Num

ber

of

vari

able

s

allsysenv

2 3 4 5 6 7 8

Number of masters

104

105

106

107

108

BD

D n

odes


2 3 4 5 6 7 8

Number of masters

0.0

0.2

0.4

0.6

0.8

1.0

1.2

1.4

1.6

1.8

Tim

e (

mse

c)

1e7


103 104 105 106 107 108

Total time (msec)

103

104

105

106

107

108

Const

ituent

tim

es

(mse

c)


Figure 10: Original spec with BA but no strategy reordering.

31

2 4 6 8 10 12 14 16 18 20

Number of masters

10

15

20

25

30

35

40

Num

ber

of

vari

able

s

allsysenv

2 4 6 8 10 12 14 16 18 20

Number of masters

103

104

105

106

107

BD

D n

odes


2 4 6 8 10 12 14 16 18 20

Number of masters

0.0

0.2

0.4

0.6

0.8

1.0

1.2

Tim

e (

mse

c)

1e6


102 103 104 105 106 107

Total time (msec)

102

103

104

105

106

107

Const

ituent

tim

es

(mse

c)


Figure 11: Revised spec with conjunction and strategy reordering.

32

2 3 4 5 6 7 8 9 10 11

Number of masters

10

15

20

25

30

Num

ber

of

vari

able

s

allsysenv

2 3 4 5 6 7 8 9 10 11

Number of masters

103

104

105

106

107

108

109

BD

D n

odes


2 3 4 5 6 7 8 9 10 11

Number of masters

0.0

0.5

1.0

1.5

2.0

2.5

Tim

e (

mse

c)

1e5


102 103 104 105 106

Total time (msec)

102

103

104

105

106

Const

ituent

tim

es

(mse

c)


Figure 12: Revised spec with conjunction but no strategy reordering.

33

2 4 6 8 10 12 14 16 18

Number of masters

0

10

20

30

40

50

60

70

80

90

Num

ber

of

vari

able

s

allsysenv

2 4 6 8 10 12 14 16 18

Number of masters

104

105

106

107

108

BD

D n

odes


2 4 6 8 10 12 14 16 18

Number of masters

0

1

2

3

4

5

Tim

e (

mse

c)

1e7


103 104 105 106 107 108

Total time (msec)

103

104

105

106

107

108

Const

ituent

tim

es

(mse

c)


Figure 13: Original spec with conjunction and strategy reordering.

34

2 3 4 5 6 7 8

Number of masters

5

10

15

20

25

30

35

40

45

50

Num

ber

of

vari

able

s

allsysenv

2 3 4 5 6 7 8

Number of masters

104

105

106

107

108

BD

D n

odes


2 3 4 5 6 7 8

Number of masters

0

1

2

3

4

5

6

7

8

Tim

e (

mse

c)

1e5


103 104 105 106

Total time (msec)

102

103

104

105

106

Const

ituent

tim

es

(mse

c)


Figure 14: Original spec with conjunction but no strategy reordering (last runs with memoryupgrade).

35

2 4 6 8 10121416Number of masters

10-2

10-1

100

101

Tim

e r

ati

os

total

reordering

realizability

strategy


0.0

0.5

1.0

1.5

2.0

2.5

3.0

3.5

Siz

e r

ati

os

peak total nodes

strategy nodes

all vars

env vars


10-2

10-1

100

101

Rati

o r

ati

os

reordering / total time

strategy / total nodes

env / total vars

strategy construction / realizability time

Figure 15: Revised with BA, w/o divided by w/ reordering.

36


10-3

10-2

10-1

100

101

Tim

e r

ati

os

total

reordering

realizability

strategy


0.7

0.8

0.9

1.0

1.1

1.2

1.3

1.4

Siz

e r

ati

os

peak total nodes

strategy nodes

all vars

env vars


10-3

10-2

10-1

100

101

Rati

o r

ati

os



env / total vars


Figure 16: Original with BA, w/o divided by w/ reordering.

37

2 3 4 5 6 7 8 91011Number of masters

10-2

10-1

100

101

102

Tim

e r

ati

os

total

reordering

realizability

strategy


0

1000

2000

3000

4000

5000

Siz

e r

ati

os

peak total nodes

strategy nodes

all vars

env vars


10-2

10-1

100

101

102

Rati

o r

ati

os



env / total vars


Figure 17: Revised with conjunction, w/o divided by w/ reordering.

38

2 3 4 5 6 7 8Number of masters

10-2

10-1

100

Tim

e r

ati

os

total

reordering

realizability

strategy


0

10

20

30

40

50

60

Siz

e r

ati

os

peak total nodes

strategy nodes

all vars

env vars


10-2

10-1

100

101

Rati

o r

ati

os



env / total vars


Figure 18: Original with conjunction, w/o divided by w/ reordering.

39


10-2

10-1

100

101

102

Tim

e r

ati

os

total

reordering

realizability

strategy


0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1.0

Siz

e r

ati

os

peak total nodes

strategy nodes

all vars

env vars


10-1

100

101

102

103

Rati

o r

ati

os



env / total vars


Figure 19: Original with conjunction and with reordering, divided by original BA w/o reordering.

40

2 4 6 8101214161820Number of masters

10-2

10-1

100

101

Tim

e r

ati

os

total

reordering

realizability

strategy


0.0

0.2

0.4

0.6

0.8

1.0

Siz

e r

ati

os

peak total nodes

strategy nodes

all vars

env vars


10-2

10-1

100

101

102

Rati

o r

ati

os



env / total vars


Figure 20: Revised conjunction divided by BA (both with reordering).

41


10-2

10-1

100

101

102

Tim

e r

ati

os

total

reordering

realizability

strategy


0.0

0.2

0.4

0.6

0.8

1.0

Siz

e r

ati

os

peak total nodes

strategy nodes

all vars

env vars


10-1

100

101

102

Rati

o r

ati

os



env / total vars


Figure 21: Revised conjunction with reordering, divided by BA w/o reordering.

42


10-2

10-1

100

101

102

Tim

e r

ati

os

total

reordering

realizability

strategy


0

200

400

600

800

1000

1200

Siz

e r

ati

os

peak total nodes

strategy nodes

all vars

env vars


10-1

100

101

102

103

Rati

o r

ati

os



env / total vars


Figure 22: Revised conjunction divided by BA (both w/o reordering).

43


10-3

10-2

10-1

100

101

102

Tim

e r

ati

os

total

reordering

realizability

strategy


0

100

200

300

400

500

600

Siz

e r

ati

os

peak total nodes

strategy nodes

all vars

env vars


10-2

10-1

100

101

102

103

Rati

o r

ati

os



env / total vars


Figure 23: Revised conjunction w/o reordering, divided by BA with reordering.

44


100

101

102

103

Tim

e r

ati

os

total

reordering

realizability

strategy


0

10

20

30

40

50

60

70

80

Siz

e r

ati

os

peak total nodes

strategy nodes

all vars

env vars


10-2

10-1

100

101

Rati

o r

ati

os



env / total vars


Figure 24: Original with BA divided by revised with BA (both w/o reordering).

45


100

101

102

103

104

Tim

e r

ati

os

total

reordering

realizability

strategy


0

50

100

150

200

250

Siz

e r

ati

os

peak total nodes

strategy nodes

all vars

env vars


10-1

100

101

102

Rati

o r

ati

os



env / total vars


Figure 25: Original with conjunction divided by revised with conjunction (both with reordering).

46

0 2 4 6 81e2

0

2

4

6

8

Reord

eri

ng (

ms)

1e2

0 1 2 3 4 5 6 71e2

6

4

2

0

2

4

6

Goal j

1e 2

0 1 2 3 4 5 6 71e2

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 6 71e2

0.0

0.5

1.0

1.5

2.0

2.5

Tota

l B

DD

Nodes

1e4

0 1 2 3 4 5 61e2

0

1

2

3

4

5

Fixed p

oin

ts(B

DD

nodes)

1e2X Y Z

590 595 600 605 610 615 620 625100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)

ith strategy covered states new states

5.9 6.0 6.1 6.2 6.3 6.4 6.5 6.6

time (milliseconds) 1e2

4.5

4.6

4.7

4.8

4.9

5.0

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e3

Figure 26: Revised spec with BA and strategy reordering: 2 masters.47

0 2 4 6 81e3

0

2

4

6

8

Reord

eri

ng (

ms)

1e3

0 1 2 3 4 5 6 71e3

6

4

2

0

2

4

6G

oal j

1e 2

0 1 2 3 4 5 6 71e3

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 6 71e3

0.0

0.2

0.4

0.6

0.8

1.0

Tota

l B

DD

Nodes

1e5

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e3

0.00.20.40.60.81.01.21.4

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

3500 4000 4500 5000 5500 6000 6500100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


6.1 6.2 6.3 6.4 6.5 6.6 6.7 6.8


2.45

2.50

2.55

2.60

2.65

2.70

2.75

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0 2 4 61e3

0

2

4

6

Reord

eri

ng (

ms)

1e3

0 1 2 3 4 51e3

6

4

2

0

2

4

6G

oal j

1e 2

0 1 2 3 4 51e3

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 51e3

0.0

0.2

0.4

0.6

0.8

1.0

Tota

l B

DD

Nodes

1e5

0.0 0.5 1.0 1.5 2.0 2.5 3.01e3

0.0

0.2

0.4

0.6

0.8

1.0

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

2500 3000 3500 4000 4500 5000100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


4.5 4.6 4.7 4.8 4.9 5.0 5.1


2.502.552.602.652.702.752.802.85

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0 1 2 31e4

0

1

2

3

Reord

eri

ng (

ms)

1e4

0.0 0.5 1.0 1.5 2.0 2.51e4

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.5 1.0 1.5 2.0 2.51e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.51e4

0.0

0.5

1.0

1.5

2.0

2.5

Tota

l B

DD

Nodes

1e5

0.0 0.5 1.0 1.5 2.0 2.51e4

0.00.20.40.60.81.01.21.41.61.8

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

22200 22400 22600 22800 23000 23200 23400100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.20 2.25 2.30 2.35 2.40 2.45 2.50


3.954.004.054.104.154.204.254.304.354.40

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0 1 2 31e4

0

1

2

3

Reord

eri

ng (

ms)

1e4

0.0 0.5 1.0 1.5 2.0 2.51e4

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.5 1.0 1.5 2.0 2.51e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.51e4

0.0

0.5

1.0

1.5

2.0

Tota

l B

DD

Nodes

1e5

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.61e4

0.00.20.40.60.81.01.21.4

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

15000 15200 15400 15600 15800 16000 16200 16400 16600100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.10 2.15 2.20 2.25 2.30 2.35


2.802.852.902.953.003.053.103.15

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0.0 0.5 1.0 1.5 2.01e4

0.0

0.5

1.0

1.5

2.0

Reord

eri

ng (

ms)

1e4

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.6 1.81e4

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.6 1.81e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.6 1.81e4

0.0

0.5

1.0

1.5

2.0

2.5

Tota

l B

DD

Nodes

1e5

0.0 0.2 0.4 0.6 0.8 1.0 1.21e4

0.0

0.2

0.4

0.6

0.8

1.0

1.2

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

11100 11200 11300 11400 11500 11600 11700100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.60 1.65 1.70 1.75 1.80 1.85


2.45

2.50

2.55

2.60

2.65

2.70

2.75

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0 2 4 6 81e4

0

2

4

6

8

Reord

eri

ng (

ms)

1e4

0 1 2 3 4 5 6 7 81e4

6

4

2

0

2

4

6G

oal j

1e 2

0 1 2 3 4 5 6 7 81e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 6 7 81e4

0

1

2

3

4

5

6

Tota

l B

DD

Nodes

1e5

0 1 2 3 4 51e4

0.0

0.2

0.4

0.6

0.8

1.0

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

45000 50000 55000 60000 65000 70000 75000100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


6.6 6.7 6.8 6.9 7.0 7.1 7.2 7.3 7.4


4.6

4.7

4.8

4.9

5.0

5.1

5.2

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0.0 0.5 1.0 1.5 2.01e5

0.0

0.5

1.0

1.5

2.0

Reord

eri

ng (

ms)

1e5

0.0 0.5 1.0 1.5 2.01e5

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.5 1.0 1.5 2.01e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.01e5

0

1

2

3

4

5

6

Tota

l B

DD

Nodes

1e5

0 1 2 3 4 51e4

0.00.51.01.52.02.53.03.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

45000 50000 55000 60000 65000 70000 75000 80000 85000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.70 1.75 1.80 1.85 1.90 1.95


2.752.802.852.902.953.003.053.10

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 2 4 61e4

0

2

4

6

Reord

eri

ng (

ms)

1e4

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e4

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e4

0

1

2

3

4

5

6

Tota

l B

DD

Nodes

1e5

0.0 0.2 0.4 0.6 0.8 1.0 1.21e4

0.0

0.5

1.0

1.5

2.0

2.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

10000 12000 14000 16000 18000 20000 22000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


3.90 3.95 4.00 4.05 4.10 4.15 4.20 4.25 4.30 4.35


2.10

2.15

2.20

2.25

2.30

2.35

2.40

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0.0 0.5 1.0 1.51e5

0.0

0.5

1.0

1.5

Reord

eri

ng (

ms)

1e5

0.0 0.2 0.4 0.6 0.8 1.0 1.21e5

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.2 0.4 0.6 0.8 1.0 1.21e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.21e5

0123456789

Tota

l B

DD

Nodes

1e5

0.0 0.2 0.4 0.6 0.8 1.0 1.21e5

0.0

0.2

0.4

0.6

0.8

1.0

1.2

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

115000 115500 116000 116500 117000100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.10 1.12 1.14 1.16 1.18 1.20 1.22 1.24


0.94

0.96

0.98

1.00

1.02

1.04

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 2 4 61e4

0

2

4

6

Reord

eri

ng (

ms)

1e4

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e4

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e4

0

1

2

3

4

5

Tota

l B

DD

Nodes

1e5

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.41e4

0.00.20.40.60.81.01.21.41.61.8

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

12000 14000 16000 18000 20000 22000 24000 26000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


3.9 4.0 4.1 4.2 4.3 4.4


1.75

1.80

1.85

1.90

1.95

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 1 2 31e5

0

1

2

3

Reord

eri

ng (

ms)

1e5

0.0 0.5 1.0 1.5 2.0 2.51e5

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.5 1.0 1.5 2.0 2.51e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.51e5

0.0

0.2

0.4

0.6

0.8

1.0

1.2

Tota

l B

DD

Nodes

1e6

0.0 0.5 1.0 1.5 2.0 2.51e5

0.0

0.5

1.0

1.5

2.0

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

204000 206000 208000 210000 212000 214000 216000 218000 220000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.05 2.10 2.15 2.20 2.25 2.30


1.161.181.201.221.241.261.281.30

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 1 2 31e5

0

1

2

3

Reord

eri

ng (

ms)

1e5

0.0 0.5 1.0 1.5 2.0 2.51e5

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.5 1.0 1.5 2.0 2.51e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.51e5

0.00.20.40.60.81.01.21.4

Tota

l B

DD

Nodes

1e6

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.41e5

0.00.20.40.60.81.01.21.41.6

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

120000 140000 160000 180000 200000 220000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.05 2.10 2.15 2.20 2.25 2.30


1.90

1.95

2.00

2.05

2.10

2.15

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0.0 0.5 1.01e5

0.0

0.5

1.0

Reord

eri

ng (

ms)

1e5

0 1 2 3 4 5 6 7 8 91e4

6

4

2

0

2

4

6G

oal j

1e 2

0 1 2 3 4 5 6 7 8 91e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 6 7 8 91e4

0

1

2

3

4

5

6

Tota

l B

DD

Nodes

1e5

0.0 0.5 1.0 1.5 2.0 2.5 3.01e4

0.0

0.5

1.0

1.5

2.0

2.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

25000 30000 35000 40000 45000 50000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


8.1 8.2 8.3 8.4 8.5 8.6 8.7 8.8 8.9 9.0


3.053.103.153.203.253.303.353.40

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 1 2 3 41e5

0

1

2

3

4

Reord

eri

ng (

ms)

1e5

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e5

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e5

0.00.20.40.60.81.01.21.41.6

Tota

l B

DD

Nodes

1e6

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e5

0.0

0.5

1.0

1.5

2.0

2.5

3.0

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

325000 330000 335000 340000 345000 350000 355000 360000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


3.35 3.40 3.45 3.50 3.55 3.60 3.65 3.70 3.75


2.10

2.15

2.20

2.25

2.30

2.35

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 1 2 31e6

0

1

2

3

Reord

eri

ng (

ms)

1e6

0.0 0.5 1.0 1.5 2.0 2.5 3.01e6

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.5 1.0 1.5 2.0 2.5 3.01e6

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.01e6

0.00.51.01.52.02.53.03.5

Tota

l B

DD

Nodes

1e6

0.0 0.2 0.4 0.6 0.8 1.01e6

0.0

0.5

1.0

1.5

2.0

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

920000 930000 940000 950000 960000 970000 980000 990000 10000001010000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.50 2.55 2.60 2.65 2.70 2.75 2.80


4.3

4.4

4.5

4.6

4.7

4.8

4.9

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 1 2 31e6

0

1

2

3

Reord

eri

ng (

ms)

1e6

0.0 0.5 1.0 1.5 2.0 2.51e6

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.5 1.0 1.5 2.0 2.51e6

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.51e6

0.00.51.01.52.02.53.03.54.0

Tota

l B

DD

Nodes

1e6

0 1 2 3 4 5 6 7 81e5

0.00.20.40.60.81.01.21.41.6

Fixed p

oin

ts(B

DD

nodes)

1e4X Y Z

600000 800000 1000000 1200000 1400000 1600000 1800000 2000000 2200000100101102103104105106107

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.00 2.05 2.10 2.15 2.20 2.25


7.67.77.87.98.08.18.28.38.48.5

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0.0 0.5 1.01e6

0.0

0.5

1.0

Reord

eri

ng (

ms)

1e6

0 1 2 3 4 5 6 7 8 91e5

6

4

2

0

2

4

6G

oal j

1e 2

0 1 2 3 4 5 6 7 8 91e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 6 7 8 91e5

0.00.51.01.52.02.53.03.54.0

Tota

l B

DD

Nodes

1e6

0 1 2 3 4 5 6 7 81e4

01234567

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

50000 100000 150000 200000 250000 300000 350000100101102103104105106107

Indiv

idual st

rate

gie

s(B

DD

nodes)


8.4 8.6 8.8 9.0 9.2 9.4


1.65

1.70

1.75

1.80

1.85

1.90

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e6


0 1 2 31e6

0

1

2

3

Reord

eri

ng (

ms)

1e6

0.0 0.5 1.0 1.5 2.0 2.51e6

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.5 1.0 1.5 2.0 2.51e6

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.51e6

0.00.51.01.52.02.53.03.54.04.5

Tota

l B

DD

Nodes

1e6

0 1 2 3 4 5 6 7 8 91e5

0.0

0.5

1.0

1.5

2.0

2.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

800000 1000000 1200000 1400000 1600000 1800000 2000000 2200000 2400000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.15 2.20 2.25 2.30 2.35 2.40 2.45


8.08.18.28.38.48.58.68.78.88.9

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 2 4 6 81e2

0

2

4

6

8

Reord

eri

ng (

ms)

1e2

0 1 2 3 4 5 6 71e2

6

4

2

0

2

4

6

Goal j

1e 2

0 1 2 3 4 5 6 71e2

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 6 71e2

0.0

0.5

1.0

1.5

2.0

2.5

Tota

l B

DD

Nodes

1e4

0 1 2 3 4 5 61e2

0

1

2

3

4

5

Fixed p

oin

ts(B

DD

nodes)

1e2X Y Z

590 595 600 605 610 615 620100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


5.8 5.9 6.0 6.1 6.2 6.3 6.4 6.5 6.6


4.5

4.6

4.7

4.8

4.9

5.0

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e3

Figure 45: Revised spec with BA but no strategy reordering: 2 masters.66

0 2 4 61e3

0

2

4

6

Reord

eri

ng (

ms)

1e3

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e3

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e3

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e3

0.0

0.2

0.4

0.6

0.8

1.0

1.2

Tota

l B

DD

Nodes

1e5

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e3

0.00.20.40.60.81.01.21.4

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

3750 3800 3850 3900 3950 4000 4050100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


3.80 3.85 3.90 3.95 4.00 4.05 4.10 4.15 4.20 4.25


3.103.153.203.253.303.353.403.45

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0 1 2 31e3

0

1

2

3

Reord

eri

ng (

ms)

1e3

0.0 0.5 1.0 1.5 2.0 2.5 3.01e3

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.5 1.0 1.5 2.0 2.5 3.01e3

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.01e3

0.00.20.40.60.81.01.21.41.61.8

Tota

l B

DD

Nodes

1e5

0.0 0.5 1.0 1.5 2.0 2.51e3

012345678

Fixed p

oin

ts(B

DD

nodes)

1e2X Y Z

2350 2400 2450 2500 2550 2600100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.45 2.50 2.55 2.60 2.65 2.70 2.75


5.45.55.65.75.85.96.06.1

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0 1 2 31e4

0

1

2

3

Reord

eri

ng (

ms)

1e4

0.0 0.5 1.0 1.5 2.0 2.51e4

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.5 1.0 1.5 2.0 2.51e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.51e4

0.0

0.5

1.0

1.5

2.0

2.5

Tota

l B

DD

Nodes

1e5

0.0 0.5 1.0 1.5 2.0 2.51e4

0.00.20.40.60.81.01.21.41.61.8

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

22200 22400 22600 22800 23000 23200 23400100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.20 2.25 2.30 2.35 2.40 2.45


3.954.004.054.104.154.204.254.304.354.40

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0.0 0.5 1.0 1.5 2.01e4

0.0

0.5

1.0

1.5

2.0

Reord

eri

ng (

ms)

1e4

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.6 1.81e4

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.6 1.81e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.6 1.81e4

0.0

0.5

1.0

1.5

2.0

2.5

Tota

l B

DD

Nodes

1e5

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.61e4

0.00.20.40.60.81.01.21.4

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

15000 15200 15400 15600 15800 16000 16200 16400 16600100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.56 1.58 1.60 1.62 1.64 1.66 1.68 1.70 1.72 1.74


3.003.053.103.153.203.253.303.35

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0.0 0.5 1.0 1.51e4

0.0

0.5

1.0

1.5

Reord

eri

ng (

ms)

1e4

0.0 0.2 0.4 0.6 0.8 1.0 1.21e4

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.2 0.4 0.6 0.8 1.0 1.21e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.21e4

0.0

0.5

1.0

1.5

2.0

2.5

Tota

l B

DD

Nodes

1e5

0.0 0.2 0.4 0.6 0.8 1.0 1.21e4

0.0

0.2

0.4

0.6

0.8

1.0

1.2

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

11100 11200 11300 11400 11500 11600 11700100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.10 1.12 1.14 1.16 1.18 1.20 1.22 1.24


2.852.902.953.003.053.103.153.20

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0 2 4 61e4

0

2

4

6

Reord

eri

ng (

ms)

1e4

0 1 2 3 4 5 61e4

6

4

2

0

2

4

6G

oal j

1e 2

0 1 2 3 4 5 61e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 61e4

01234567

Tota

l B

DD

Nodes

1e5

0 1 2 3 4 51e4

0.0

0.2

0.4

0.6

0.8

1.0

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

48500 49000 49500 50000 50500 51000 51500 52000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


4.9 5.0 5.1 5.2 5.3 5.4 5.5


1.00

1.02

1.04

1.06

1.08

1.10

1.12

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 2 4 61e4

0

2

4

6

Reord

eri

ng (

ms)

1e4

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e4

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e4

0.00.20.40.60.81.01.21.41.6

Tota

l B

DD

Nodes

1e6

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e4

0.00.51.01.52.02.53.03.54.04.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

39000 39500 40000 40500 41000 41500 42000 42500 43000 43500100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


4.1 4.2 4.3 4.4 4.5 4.6


5.65.75.85.96.06.16.26.3

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 2 4 6 81e4

0

2

4

6

8

Reord

eri

ng (

ms)

1e4

0 1 2 3 4 5 6 71e4

6

4

2

0

2

4

6G

oal j

1e 2

0 1 2 3 4 5 6 71e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 6 71e4

01234567

Tota

l B

DD

Nodes

1e5

0 1 2 3 4 5 6 71e4

0.0

0.2

0.4

0.6

0.8

1.0

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

60500 61000 61500 62000 62500 63000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


5.9 6.0 6.1 6.2 6.3 6.4 6.5 6.6 6.7


1.041.061.081.101.121.141.161.18

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0.0 0.5 1.0 1.51e5

0.0

0.5

1.0

1.5

Reord

eri

ng (

ms)

1e5

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.41e5

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.41e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.41e5

0.0

0.2

0.4

0.6

0.8

1.0

Tota

l B

DD

Nodes

1e6

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.41e5

0.0

0.5

1.0

1.5

2.0

2.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

123000 123500 124000 124500 125000 125500 126000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.18 1.20 1.22 1.24 1.26 1.28 1.30 1.32


1.201.221.241.261.281.301.321.34

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0.0 0.5 1.0 1.5 2.01e4

0.0

0.5

1.0

1.5

2.0

Reord

eri

ng (

ms)

1e4

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.61e4

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.61e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.61e4

0123456789

Tota

l B

DD

Nodes

1e5

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.41e4

0.00.20.40.60.81.01.21.41.61.8

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

13500 14000 14500 15000 15500 16000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.50 1.52 1.54 1.56 1.58 1.60 1.62 1.64 1.66 1.68


3.403.453.503.553.603.653.703.753.80

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 1 2 3 41e4

0

1

2

3

4

Reord

eri

ng (

ms)

1e4

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e4

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e4

012345678

Tota

l B

DD

Nodes

1e5

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e4

0.0

0.5

1.0

1.5

2.0

2.5

3.0

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

32500 33000 33500 34000 34500 35000 35500100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


3.35 3.40 3.45 3.50 3.55 3.60 3.65 3.70 3.75


3.103.153.203.253.303.353.403.45

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0.0 0.5 1.0 1.51e5

0.0

0.5

1.0

1.5

Reord

eri

ng (

ms)

1e5

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.41e5

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.41e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.41e5

0.00.20.40.60.81.01.21.41.6

Tota

l B

DD

Nodes

1e6

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.41e5

0.00.20.40.60.81.01.21.41.6

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

121500 122000 122500 123000 123500 124000 124500 125000 125500 126000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.18 1.20 1.22 1.24 1.26 1.28 1.30 1.32 1.34


1.90

1.95

2.00

2.05

2.10

2.15

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 1 2 31e4

0

1

2

3

Reord

eri

ng (

ms)

1e4

0.0 0.5 1.0 1.5 2.0 2.5 3.01e4

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.5 1.0 1.5 2.0 2.5 3.01e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.01e4

0123456789

Tota

l B

DD

Nodes

1e5

0.0 0.5 1.0 1.5 2.0 2.5 3.01e4

0.0

0.5

1.0

1.5

2.0

2.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

27000 27500 28000 28500 29000 29500 30000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.80 2.85 2.90 2.95 3.00 3.05 3.10 3.15


3.353.403.453.503.553.603.653.703.75

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 1 2 3 41e5

0

1

2

3

4

Reord

eri

ng (

ms)

1e5

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e5

6

4

2

0

2

4

6G

oal j

1e 2

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e5

0.00.20.40.60.81.01.21.41.6

Tota

l B

DD

Nodes

1e6

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e5

0.0

0.5

1.0

1.5

2.0

2.5

3.0

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

325000 330000 335000 340000 345000 350000 355000 360000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


3.35 3.40 3.45 3.50 3.55 3.60 3.65 3.70 3.75


2.10

2.15

2.20

2.25

2.30

2.35

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 1 2 3 41e2

0

1

2

3

4

Reord

eri

ng (

ms)

1e2

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e2

0.0

0.2

0.4

0.6

0.8

1.0G

oal j

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e2

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e2

0.0

0.2

0.4

0.6

0.8

1.0

Tota

l B

DD

Nodes

1e4

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e2

0.0

0.5

1.0

1.5

2.0

2.5

Fixed p

oin

ts(B

DD

nodes)

1e2X Y Z

320 322 324 326 328 330 332 334100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


3.15 3.20 3.25 3.30 3.35 3.40 3.45 3.50 3.55


1.4

1.5

1.6

1.7

1.8

1.9

2.0

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e3

Figure 60: Revised spec with conjunction and strategy reordering: 2 masters.81

0 2 4 61e2

0

2

4

6

Reord

eri

ng (

ms)

1e2

0 1 2 3 4 5 61e2

0.0

0.5

1.0

1.5

2.0G

oal j

0 1 2 3 4 5 61e2

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 61e2

0.00.20.40.60.81.01.21.41.6

Tota

l B

DD

Nodes

1e4

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e2

0.00.20.40.60.81.01.21.41.6

Fixed p

oin

ts(B

DD

nodes)

1e2X Y Z

380 385 390 395 400 405 410100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


4.0 4.2 4.4 4.6 4.8 5.0 5.2 5.4 5.6


1.52.02.53.03.54.04.55.05.5

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e3


0.0 0.5 1.0 1.51e3

0.0

0.5

1.0

1.5

Reord

eri

ng (

ms)

1e3

0.0 0.2 0.4 0.6 0.8 1.0 1.21e3

0.0

0.5

1.0

1.5

2.0

2.5

3.0G

oal j

0.0 0.2 0.4 0.6 0.8 1.0 1.21e3

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.21e3

0.0

0.5

1.0

1.5

2.0

2.5

Tota

l B

DD

Nodes

1e4

0 1 2 3 4 5 6 71e2

0.00.51.01.52.02.53.03.5

Fixed p

oin

ts(B

DD

nodes)

1e2X Y Z

660 665 670 675 680 685 690 695 700100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


0.65 0.70 0.75 0.80 0.85 0.90 0.95 1.00 1.05 1.10


23456789

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e3


0.0 0.5 1.0 1.5 2.01e3

0.0

0.5

1.0

1.5

2.0

Reord

eri

ng (

ms)

1e3

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.61e3

0.00.51.01.52.02.53.03.54.0

Goal j

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.61e3

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.61e3

0.0

0.5

1.0

1.5

2.0

2.5

3.0

Tota

l B

DD

Nodes

1e4

0.0 0.2 0.4 0.6 0.8 1.0 1.21e3

0.00.51.01.52.02.53.03.5

Fixed p

oin

ts(B

DD

nodes)

1e2X Y Z

1060 1070 1080 1090 1100 1110 1120100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.1 1.2 1.3 1.4 1.5 1.6


0.20.30.40.50.60.70.80.91.0

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0 1 2 31e3

0

1

2

3

Reord

eri

ng (

ms)

1e3

0.0 0.5 1.0 1.5 2.0 2.51e3

0

1

2

3

4

5

Goal j

0.0 0.5 1.0 1.5 2.0 2.51e3

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.51e3

0.00.51.01.52.02.53.03.5

Tota

l B

DD

Nodes

1e4

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.41e3

0

1

2

3

4

5

Fixed p

oin

ts(B

DD

nodes)

1e2X Y Z

1290 1295 1300 1305 1310 1315 1320 1325 1330100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.3 1.4 1.5 1.6 1.7 1.8 1.9 2.0 2.1 2.2


0.20.30.40.50.60.70.80.91.01.1

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0 2 4 61e3

0

2

4

6

Reord

eri

ng (

ms)

1e3

0 1 2 3 4 5 61e3

0

1

2

3

4

5

6

Goal j

0 1 2 3 4 5 61e3

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 61e3

01234567

Tota

l B

DD

Nodes

1e4

0 1 2 3 4 51e3

0.0

0.5

1.0

1.5

2.0

2.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

4580 4600 4620 4640 4660 4680 4700 4720100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


4.6 4.8 5.0 5.2 5.4 5.6 5.8


23456789

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e3


0 1 2 3 41e3

0

1

2

3

4

Reord

eri

ng (

ms)

1e3

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e3

01234567

Goal j

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e3

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e3

01234567

Tota

l B

DD

Nodes

1e4

0.0 0.5 1.0 1.5 2.0 2.51e3

01234567

Fixed p

oin

ts(B

DD

nodes)

1e2X Y Z

2440 2460 2480 2500 2520 2540 2560 2580 2600100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.4 2.6 2.8 3.0 3.2 3.4 3.6 3.8 4.0


0.20.40.60.81.01.21.41.6

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0 1 2 31e4

0

1

2

3

Reord

eri

ng (

ms)

1e4

0.0 0.5 1.0 1.5 2.0 2.51e4

012345678

Goal j

0.0 0.5 1.0 1.5 2.0 2.51e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.51e4

0.0

0.5

1.0

1.5

2.0

2.5

Tota

l B

DD

Nodes

1e5

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.61e4

0.0

0.5

1.0

1.5

2.0

2.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

15600 15700 15800 15900 16000 16100 16200100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.6 1.7 1.8 1.9 2.0 2.1 2.2 2.3


0.51.01.52.02.53.03.54.04.5

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0 1 2 31e4

0

1

2

3

Reord

eri

ng (

ms)

1e4

0.0 0.5 1.0 1.5 2.0 2.51e4

0123456789

Goal j

0.0 0.5 1.0 1.5 2.0 2.51e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.51e4

0.00.20.40.60.81.01.21.41.61.8

Tota

l B

DD

Nodes

1e5

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.6 1.81e4

0

1

2

3

4

5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

17900 18000 18100 18200 18300 18400100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.8 1.9 2.0 2.1 2.2 2.3 2.4 2.5


0.51.01.52.02.53.03.54.04.5

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0.0 0.5 1.01e4

0.0

0.5

1.0

Reord

eri

ng (

ms)

1e4

0 1 2 3 4 5 6 7 8 91e3

0.0

0.2

0.4

0.6

0.8

1.0G

oal j

1e1

0 1 2 3 4 5 6 7 8 91e3

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 6 7 8 91e3

0.00.20.40.60.81.01.21.4

Tota

l B

DD

Nodes

1e5

0 1 2 3 4 5 61e3

0.00.20.40.60.81.01.21.4

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

5580 5600 5620 5640 5660 5680 5700 5720 5740100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


5.5 6.0 6.5 7.0 7.5 8.0 8.5 9.0


0

1

2

3

4

5

6

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0 1 2 3 41e4

0

1

2

3

4

Reord

eri

ng (

ms)

1e4

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e4

0.0

0.2

0.4

0.6

0.8

1.0

1.2G

oal j

1e1

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e4

0.0

0.5

1.0

1.5

2.0

Tota

l B

DD

Nodes

1e5

0.0 0.5 1.0 1.5 2.0 2.51e4

0.00.20.40.60.81.01.21.4

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

24950 25000 25050 25100 25150 25200 25250100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.5 2.6 2.7 2.8 2.9 3.0 3.1 3.2 3.3


0.0

0.2

0.4

0.6

0.8

1.0

1.2

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0.0 0.5 1.0 1.51e5

0.0

0.5

1.0

1.5

Reord

eri

ng (

ms)

1e5

0.0 0.2 0.4 0.6 0.8 1.0 1.21e5

0.0

0.2

0.4

0.6

0.8

1.0

1.2G

oal j

1e1

0.0 0.2 0.4 0.6 0.8 1.0 1.21e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.21e5

012345678

Tota

l B

DD

Nodes

1e5

0 1 2 3 4 5 6 71e4

0.0

0.5

1.0

1.5

2.0

2.5

3.0

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

68000 68200 68400 68600 68800100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


0.65 0.70 0.75 0.80 0.85 0.90 0.95 1.00 1.05


0.0

0.5

1.0

1.5

2.0

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 1 2 31e5

0

1

2

3

Reord

eri

ng (

ms)

1e5

0.0 0.5 1.0 1.5 2.0 2.51e5

0.00.20.40.60.81.01.21.4

Goal j

1e1

0.0 0.5 1.0 1.5 2.0 2.51e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.51e5

0.0

0.2

0.4

0.6

0.8

1.0

Tota

l B

DD

Nodes

1e6

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.61e5

0.00.51.01.52.02.53.03.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

154200 154400 154600 154800 155000 155200 155400 155600 155800100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.5 1.6 1.7 1.8 1.9 2.0 2.1 2.2


0

1

2

3

4

5

6

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 1 2 3 41e4

0

1

2

3

4

Reord

eri

ng (

ms)

1e4

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e4

0.00.20.40.60.81.01.21.4

Goal j

1e1

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e4

0.00.51.01.52.02.53.03.5

Tota

l B

DD

Nodes

1e5

0.0 0.5 1.0 1.5 2.0 2.51e4

0.00.51.01.52.02.53.03.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

22100 22150 22200 22250 22300 22350 22400100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 3.0 3.1


0.00.20.40.60.81.01.21.41.61.8

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 2 4 61e4

0

2

4

6

Reord

eri

ng (

ms)

1e4

0 1 2 3 4 5 61e4

0.00.20.40.60.81.01.21.41.6

Goal j

1e1

0 1 2 3 4 5 61e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 61e4

0

1

2

3

4

5

Tota

l B

DD

Nodes

1e5

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e4

0.00.20.40.60.81.01.21.41.6

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

44900 44950 45000 45050 45100 45150 45200 45250 45300 45350100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


4.4 4.6 4.8 5.0 5.2 5.4 5.6 5.8


0.00.51.01.52.02.53.03.5

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 2 4 61e5

0

2

4

6

Reord

eri

ng (

ms)

1e5

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e5

0.00.20.40.60.81.01.21.41.6

Goal j

1e1

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e5

0.0

0.2

0.4

0.6

0.8

1.0

Tota

l B

DD

Nodes

1e6

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e5

0.0

0.2

0.4

0.6

0.8

1.0

Fixed p

oin

ts(B

DD

nodes)

1e4X Y Z

336000 336500 337000 337500 338000 338500 339000100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


3.4 3.6 3.8 4.0 4.2


0.0

0.5

1.0

1.5

2.0

2.5

3.0

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 1 2 31e5

0

1

2

3

Reord

eri

ng (

ms)

1e5

0.0 0.5 1.0 1.5 2.0 2.51e5

0.00.20.40.60.81.01.21.41.61.8

Goal j

1e1

0.0 0.5 1.0 1.5 2.0 2.51e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.51e5

0.0

0.2

0.4

0.6

0.8

1.0

Tota

l B

DD

Nodes

1e6

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.61e5

0.0

0.5

1.0

1.5

2.0

2.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

148200 148400 148600 148800 149000 149200 149400 149600 149800100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.4 1.5 1.6 1.7 1.8 1.9 2.0 2.1 2.2 2.3


0.0

0.5

1.0

1.5

2.0

2.5

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0.0 0.5 1.0 1.5 2.01e5

0.0

0.5

1.0

1.5

2.0

Reord

eri

ng (

ms)

1e5

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.61e5

0.00.20.40.60.81.01.21.41.61.8

Goal j

1e1

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.61e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.61e5

0

1

2

3

4

5

6

Tota

l B

DD

Nodes

1e5

0 1 2 3 4 5 6 7 8 91e4

0

1

2

3

4

5

6

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

89000 89100 89200 89300 89400 89500 89600 89700 89800100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


0.8 0.9 1.0 1.1 1.2 1.3 1.4 1.5 1.6


0.0

0.5

1.0

1.5

2.0

2.5

3.0

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0.0 0.5 1.0 1.51e6

0.0

0.5

1.0

1.5

Reord

eri

ng (

ms)

1e6

0.0 0.2 0.4 0.6 0.8 1.0 1.21e6

0.0

0.5

1.0

1.5

2.0G

oal j

1e1

0.0 0.2 0.4 0.6 0.8 1.0 1.21e6

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.21e6

0.0

0.5

1.0

1.5

2.0

2.5

Tota

l B

DD

Nodes

1e6

0 1 2 3 4 5 6 7 81e5

0.00.51.01.52.02.53.03.54.04.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

736500 737000 737500 738000 738500 739000100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


0.70 0.75 0.80 0.85 0.90 0.95 1.00 1.05 1.10


0.0

0.2

0.4

0.6

0.8

1.0

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e6


0 1 2 3 41e2

0

1

2

3

4

Reord

eri

ng (

ms)

1e2

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e2

0.0

0.2

0.4

0.6

0.8

1.0G

oal j

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e2

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e2

0.0

0.2

0.4

0.6

0.8

1.0

Tota

l B

DD

Nodes

1e4

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e2

0.0

0.5

1.0

1.5

2.0

2.5

Fixed p

oin

ts(B

DD

nodes)

1e2X Y Z

308 310 312 314 316 318 320 322100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


3.05 3.10 3.15 3.20 3.25 3.30 3.35 3.40


1.4

1.5

1.6

1.7

1.8

1.9

2.0

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e3

Figure 79: Revised spec with conjunction but no strategy reordering: 2 masters.100

0 1 2 3 41e2

0

1

2

3

4

Reord

eri

ng (

ms)

1e2

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e2

0.0

0.5

1.0

1.5

2.0G

oal j

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e2

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e2

0.00.20.40.60.81.01.21.41.6

Tota

l B

DD

Nodes

1e4

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e2

0.00.20.40.60.81.01.21.41.6

Fixed p

oin

ts(B

DD

nodes)

1e2X Y Z

350 355 360 365 370 375100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


3.750 3.755 3.760 3.765 3.770


1.8

2.0

2.2

2.4

2.6

2.8

3.0

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e3


0 2 4 6 81e2

0

2

4

6

8

Reord

eri

ng (

ms)

1e2

0 1 2 3 4 5 6 71e2

0.0

0.5

1.0

1.5

2.0

2.5

3.0G

oal j

0 1 2 3 4 5 6 71e2

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 6 71e2

0.00.51.01.52.02.53.03.54.04.5

Tota

l B

DD

Nodes

1e4

0 1 2 3 4 5 61e2

0.00.51.01.52.02.53.03.5

Fixed p

oin

ts(B

DD

nodes)

1e2X Y Z

600 605 610 615 620 625 630100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


6.28 6.30 6.32 6.34 6.36 6.38


0.0

0.5

1.0

1.5

2.0

2.5

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0 2 4 6 81e2

0

2

4

6

8

Reord

eri

ng (

ms)

1e2

0 1 2 3 4 5 6 7 81e2

0.00.51.01.52.02.53.03.54.0

Goal j

0 1 2 3 4 5 6 7 81e2

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 6 7 81e2

0

1

2

3

4

5

6

Tota

l B

DD

Nodes

1e4

0 1 2 3 4 5 6 7 81e2

0.00.51.01.52.02.53.03.54.0

Fixed p

oin

ts(B

DD

nodes)

1e2X Y Z

705 710 715 720 725 730100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


7.28 7.30 7.32 7.34 7.36 7.38 7.40 7.42


0.00.51.01.52.02.53.03.54.0

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0 1 2 31e3

0

1

2

3

Reord

eri

ng (

ms)

1e3

0.0 0.5 1.0 1.5 2.0 2.51e3

0

1

2

3

4

5

Goal j

0.0 0.5 1.0 1.5 2.0 2.51e3

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.51e3

0.00.20.40.60.81.01.21.41.6

Tota

l B

DD

Nodes

1e5

0.0 0.5 1.0 1.5 2.0 2.51e3

0

1

2

3

4

5

6

Fixed p

oin

ts(B

DD

nodes)

1e2X Y Z

2160 2170 2180 2190 2200 2210 2220 2230100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.22 2.23 2.24 2.25 2.26 2.27 2.28


0.00.20.40.60.81.01.21.4

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 2 4 6 81e3

0

2

4

6

8

Reord

eri

ng (

ms)

1e3

0 1 2 3 4 5 6 7 81e3

0

1

2

3

4

5

6

Goal j

0 1 2 3 4 5 6 7 81e3

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 6 7 81e3

0.0

0.5

1.0

1.5

2.0

2.5

Tota

l B

DD

Nodes

1e6

0 1 2 3 4 5 61e3

0.0

0.2

0.4

0.6

0.8

1.0

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

5460 5480 5500 5520 5540 5560 5580 5600 5620 5640100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


5.6 5.8 6.0 6.2 6.4 6.6 6.8 7.0 7.2


0.0

0.5

1.0

1.5

2.0

2.5

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e6


0.0 0.5 1.0 1.5 2.01e4

0.0

0.5

1.0

1.5

2.0

Reord

eri

ng (

ms)

1e4

0.0 0.5 1.0 1.5 2.01e4

01234567

Goal j

0.0 0.5 1.0 1.5 2.01e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.01e4

0

1

2

3

4

5

6

Tota

l B

DD

Nodes

1e6

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.61e4

0.0

0.5

1.0

1.5

2.0

2.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

14600 14700 14800 14900 15000 15100 15200100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.50 1.55 1.60 1.65 1.70 1.75 1.80 1.85 1.90 1.95


0

1

2

3

4

5

6

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e6


0 2 4 61e4

0

2

4

6

Reord

eri

ng (

ms)

1e4

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e4

012345678

Goal j

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e4

0.0

0.5

1.0

1.5

2.0

2.5

Tota

l B

DD

Nodes

1e7

0.0 0.5 1.0 1.5 2.0 2.51e4

0

1

2

3

4

5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

24050 24100 24150 24200 24250 24300 24350 24400 24450 24500100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.0 2.5 3.0 3.5 4.0 4.5


0.0

0.5

1.0

1.5

2.0

2.5

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e7


0 1 2 31e5

0

1

2

3

Reord

eri

ng (

ms)

1e5

0.0 0.5 1.0 1.5 2.0 2.51e5

0123456789

Goal j

0.0 0.5 1.0 1.5 2.0 2.51e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.51e5

0.0

0.2

0.4

0.6

0.8

1.0

1.2

Tota

l B

DD

Nodes

1e8

0 1 2 3 4 5 6 71e4

0.00.20.40.60.81.01.21.41.6

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

64800 65000 65200 65400 65600 65800 66000 66200 66400 66600100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


0.6 0.8 1.0 1.2 1.4 1.6 1.8 2.0 2.2


0.0

0.2

0.4

0.6

0.8

1.0

1.2

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e8


0 2 4 61e4

0

2

4

6

Reord

eri

ng (

ms)

1e4

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e4

0.0

0.2

0.4

0.6

0.8

1.0G

oal j

1e1

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e4

0.00.51.01.52.02.53.03.54.0

Tota

l B

DD

Nodes

1e7

0 1 2 3 4 5 61e3

0.00.20.40.60.81.01.21.4

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

5500 5520 5540 5560 5580 5600 5620 5640 5660100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.5


0.00.51.01.52.02.53.03.54.0

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e7


0 2 4 61e3

0

2

4

6

Reord

eri

ng (

ms)

1e3

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e3

0.0

0.5

1.0

1.5

2.0G

oal j

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e3

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e3

0123456789

Tota

l B

DD

Nodes

1e4

0.0 0.5 1.0 1.5 2.0 2.51e3

01234567

Fixed p

oin

ts(B

DD

nodes)

1e2X Y Z

2400 2420 2440 2460 2480 2500 2520100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0

time (milliseconds) +4.32e3

1.51.61.71.81.92.02.12.22.3

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4

Figure 89: Original spec with BA and strategy reordering: 2 masters.110

0 1 2 3 41e4

0

1

2

3

4

Reord

eri

ng (

ms)

1e4

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e4

0.0

0.5

1.0

1.5

2.0G

oal j

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e4

0

1

2

3

4

5

Tota

l B

DD

Nodes

1e5

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e4

0.00.51.01.52.02.53.03.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

32400 32500 32600 32700 32800 32900 33000 33100 33200100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


3.330 3.332 3.334 3.336 3.338 3.340 3.342


6.06.57.07.58.08.59.09.5

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0 1 2 3 41e5

0

1

2

3

4

Reord

eri

ng (

ms)

1e5

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e5

0.0

0.5

1.0

1.5

2.0G

oal j

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e5

0.00.20.40.60.81.01.21.41.6

Tota

l B

DD

Nodes

1e6

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.61e5

01234567

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

155500 156000 156500 157000 157500 158000 158500 159000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.5 2.0 2.5 3.0 3.5 4.0


2.02.22.42.62.83.03.23.43.6

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0.0 0.5 1.0 1.51e6

0.0

0.5

1.0

1.5

Reord

eri

ng (

ms)

1e6

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.41e6

0.0

0.5

1.0

1.5

2.0G

oal j

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.41e6

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.41e6

0.00.51.01.52.02.53.03.54.0

Tota

l B

DD

Nodes

1e6

0 1 2 3 4 5 61e5

01234567

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

548000 549000 550000 551000 552000 553000 554000 555000 556000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


0.6 0.8 1.0 1.2 1.4 1.6 1.8 2.0

time (milliseconds) 1e2+1.3498e6

2.5

3.0

3.5

4.0

4.5

5.0

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 1 2 3 41e6

0

1

2

3

4

Reord

eri

ng (

ms)

1e6

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e6

0.0

0.5

1.0

1.5

2.0G

oal j

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e6

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e6

0.0

0.2

0.4

0.6

0.8

1.0

Tota

l B

DD

Nodes

1e7

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e6

0.00.20.40.60.81.01.21.41.61.8

Fixed p

oin

ts(B

DD

nodes)

1e4X Y Z

3960000 3965000 3970000 3975000 3980000 3985000 3990000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


0.0 0.5 1.0 1.5 2.0 2.5


0.900.951.001.051.101.151.201.25

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e6


0 1 2 31e3

0

1

2

3

Reord

eri

ng (

ms)

1e3

0.0 0.5 1.0 1.5 2.0 2.5 3.01e3

0.0

0.5

1.0

1.5

2.0G

oal j

0.0 0.5 1.0 1.5 2.0 2.5 3.01e3

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.01e3

0.0

0.2

0.4

0.6

0.8

1.0

1.2

Tota

l B

DD

Nodes

1e5

0.0 0.5 1.0 1.5 2.0 2.51e3

01234567

Fixed p

oin

ts(B

DD

nodes)

1e2X Y Z

2400 2420 2440 2460 2480 2500 2520100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.520 2.525 2.530 2.535 2.540 2.545 2.550 2.555 2.560 2.565


1.6

1.8

2.0

2.2

2.4

2.6

2.8

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4

Figure 94: Original spec with BA but no strategy reordering: 2 masters.115

0 1 2 3 41e4

0

1

2

3

4

Reord

eri

ng (

ms)

1e4

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e4

0.0

0.5

1.0

1.5

2.0G

oal j

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e4

0

1

2

3

4

5

Tota

l B

DD

Nodes

1e5

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e4

0.00.51.01.52.02.53.03.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

32300 32400 32500 32600 32700 32800 32900 33000 33100100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


3.318 3.320 3.322 3.324 3.326 3.328


6.06.57.07.58.08.59.09.5

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0.0 0.5 1.0 1.51e5

0.0

0.5

1.0

1.5

Reord

eri

ng (

ms)

1e5

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.61e5

0.0

0.5

1.0

1.5

2.0G

oal j

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.61e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.61e5

0.00.20.40.60.81.01.21.41.61.8

Tota

l B

DD

Nodes

1e6

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.61e5

01234567

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

142000 142500 143000 143500 144000 144500 145000 145500 146000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


0 1 2 3 4 5


2.12.22.32.42.52.62.72.8

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 2 4 61e5

0

2

4

6

Reord

eri

ng (

ms)

1e5

0 1 2 3 4 5 61e5

0.0

0.5

1.0

1.5

2.0G

oal j

0 1 2 3 4 5 61e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 61e5

0.00.51.01.52.02.53.03.54.04.5

Tota

l B

DD

Nodes

1e6

0 1 2 3 4 5 61e5

01234567

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

543000 544000 545000 546000 547000 548000 549000 550000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


0 1 2 3 4 5 6 7 8


3.6

3.8

4.0

4.2

4.4

4.6

4.8

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 1 2 3 41e6

0

1

2

3

4

Reord

eri

ng (

ms)

1e6

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e6

0.0

0.5

1.0

1.5

2.0G

oal j

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e6

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e6

0.0

0.2

0.4

0.6

0.8

1.0

Tota

l B

DD

Nodes

1e7

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e6

0.00.20.40.60.81.01.21.41.61.8

Fixed p

oin

ts(B

DD

nodes)

1e4X Y Z

3770000 3775000 3780000 3785000 3790000 3795000 3800000 3805000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


0.5 1.0 1.5 2.0 2.5 3.0 3.5


0.900.951.001.051.101.151.201.25

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e6


0 2 4 61e6

0

2

4

6

Reord

eri

ng (

ms)

1e6

0 1 2 3 4 51e6

0.0

0.5

1.0

1.5

2.0G

oal j

0 1 2 3 4 51e6

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 51e6

0.00.20.40.60.81.01.21.41.6

Tota

l B

DD

Nodes

1e7

0 1 2 3 4 51e6

0.0

0.2

0.4

0.6

0.8

1.0

1.2

Fixed p

oin

ts(B

DD

nodes)

1e4X Y Z

4600000 4610000 4620000 4630000 4640000 4650000 4660000100101102103104105106107

Indiv

idual st

rate

gie

s(B

DD

nodes)


0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0


1.701.751.801.851.901.952.002.052.102.15

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e6


0.0 0.5 1.0 1.5 2.01e7

0.0

0.5

1.0

1.5

2.0

Reord

eri

ng (

ms)

1e7

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.6 1.81e7

0.0

0.5

1.0

1.5

2.0G

oal j

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.6 1.81e7

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.6 1.81e7

0.0

0.5

1.0

1.5

2.0

Tota

l B

DD

Nodes

1e7

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.61e7

0.00.20.40.60.81.01.21.4

Fixed p

oin

ts(B

DD

nodes)

1e4X Y Z

1.590 1.592 1.594 1.596 1.598 1.6001e7

100101102103104105106107

Indiv

idual st

rate

gie

s(B

DD

nodes)


0.0 0.5 1.0 1.5 2.0 2.5


2.2

2.3

2.4

2.5

2.6

2.7

2.8

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e6


0 1 2 31e3

0

1

2

3

Reord

eri

ng (

ms)

1e3

0.0 0.5 1.0 1.5 2.0 2.51e3

0.0

0.5

1.0

1.5

2.0

2.5

3.0G

oal j

0.0 0.5 1.0 1.5 2.0 2.51e3

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.51e3

0

1

2

3

4

5

Tota

l B

DD

Nodes

1e4

0.0 0.2 0.4 0.6 0.8 1.0 1.21e3

0.00.51.01.52.02.53.03.5

Fixed p

oin

ts(B

DD

nodes)

1e2X Y Z

1185 1190 1195 1200 1205 1210 1215 1220 1225100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.2 1.4 1.6 1.8 2.0 2.2


0.6

0.8

1.0

1.2

1.4

1.6

1.8

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4

Figure 101: Original spec with conjunction and strategy reordering: 2 masters.122

0.0 0.5 1.0 1.5 2.01e4

0.0

0.5

1.0

1.5

2.0

Reord

eri

ng (

ms)

1e4

0.0 0.5 1.0 1.5 2.01e4

0.00.51.01.52.02.53.03.54.0

Goal j

0.0 0.5 1.0 1.5 2.01e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.01e4

0.0

0.5

1.0

1.5

2.0

2.5

Tota

l B

DD

Nodes

1e5

0.0 0.2 0.4 0.6 0.8 1.0 1.21e4

0.0

0.2

0.4

0.6

0.8

1.0

1.2

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

10950 11000 11050 11100 11150 11200 11250100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 1.9


12345678

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4


0 2 4 6 81e4

0

2

4

6

8

Reord

eri

ng (

ms)

1e4

0 1 2 3 4 5 6 71e4

0

1

2

3

4

5

Goal j

0 1 2 3 4 5 6 71e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 6 71e4

0

1

2

3

4

5

Tota

l B

DD

Nodes

1e5

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e4

0.0

0.5

1.0

1.5

2.0

2.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

32000 32100 32200 32300 32400 32500 32600 32700 32800100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


3.0 3.5 4.0 4.5 5.0 5.5 6.0 6.5


0.20.30.40.50.60.70.80.91.0

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 2 4 61e5

0

2

4

6

Reord

eri

ng (

ms)

1e5

0 1 2 3 4 5 61e5

0

1

2

3

4

5

6

Goal j

0 1 2 3 4 5 61e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 61e5

0.0

0.5

1.0

1.5

2.0

2.5

Tota

l B

DD

Nodes

1e6

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.41e5

0.00.51.01.52.02.53.03.54.0

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

120000 140000 160000 180000 200000 220000 240000 260000 280000 300000100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.5 3.0 3.5 4.0 4.5 5.0 5.5


012345678

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 2 4 61e5

0

2

4

6

Reord

eri

ng (

ms)

1e5

0 1 2 3 4 5 61e5

01234567

Goal j

0 1 2 3 4 5 61e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 61e5

0.0

0.5

1.0

1.5

2.0

2.5

Tota

l B

DD

Nodes

1e6

0.0 0.5 1.0 1.5 2.0 2.5 3.01e5

0.0

0.5

1.0

1.5

2.0

2.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

264000 264500 265000 265500 266000 266500 267000100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.5 3.0 3.5 4.0 4.5 5.0 5.5


0123456789

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0.0 0.5 1.01e6

0.0

0.5

1.0

Reord

eri

ng (

ms)

1e6

0.0 0.2 0.4 0.6 0.8 1.01e6

012345678

Goal j

0.0 0.2 0.4 0.6 0.8 1.01e6

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.01e6

0.0

0.5

1.0

1.5

2.0

2.5

3.0

Tota

l B

DD

Nodes

1e6

0 1 2 3 4 5 61e5

0.00.51.01.52.02.53.03.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

560000 560500 561000 561500 562000 562500 563000 563500 564000 564500100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


0.55 0.60 0.65 0.70 0.75 0.80 0.85 0.90 0.95 1.00


1

2

3

4

5

6

7

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0.0 0.5 1.0 1.51e6

0.0

0.5

1.0

1.5

Reord

eri

ng (

ms)

1e6

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.41e6

0123456789

Goal j

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.41e6

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.41e6

0.00.51.01.52.02.53.03.54.04.5

Tota

l B

DD

Nodes

1e6

0 1 2 3 4 5 6 71e5

0.00.51.01.52.02.53.03.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

634000 635000 636000 637000 638000 639000 640000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


0.6 0.7 0.8 0.9 1.0 1.1 1.2 1.3 1.4


0.00.20.40.60.81.01.21.41.61.8

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e6


0 1 2 31e6

0

1

2

3

Reord

eri

ng (

ms)

1e6

0.0 0.5 1.0 1.5 2.0 2.51e6

0.0

0.2

0.4

0.6

0.8

1.0G

oal j

1e1

0.0 0.5 1.0 1.5 2.0 2.51e6

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.51e6

0

1

2

3

4

5

6

Tota

l B

DD

Nodes

1e6

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.41e6

0

1

2

3

4

5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

1226000 1228000 1230000 1232000 1234000 1236000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.2 1.4 1.6 1.8 2.0 2.2


0.00.20.40.60.81.01.21.41.6

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e6


0 1 2 3 41e6

0

1

2

3

4

Reord

eri

ng (

ms)

1e6

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e6

0.0

0.2

0.4

0.6

0.8

1.0

1.2G

oal j

1e1

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e6

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.01e6

0123456789

Tota

l B

DD

Nodes

1e6

0.0 0.5 1.0 1.5 2.0 2.51e6

01234567

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

2222000 2224000 2226000 2228000 2230000 2232000 2234000 2236000 2238000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.2 2.4 2.6 2.8 3.0 3.2 3.4 3.6


0.0

0.5

1.0

1.5

2.0

2.5

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e6


0 2 4 61e6

0

2

4

6

Reord

eri

ng (

ms)

1e6

0 1 2 3 4 5 61e6

0.0

0.2

0.4

0.6

0.8

1.0

1.2G

oal j

1e1

0 1 2 3 4 5 61e6

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 61e6

0.00.20.40.60.81.01.21.4

Tota

l B

DD

Nodes

1e7

0.0 0.5 1.0 1.5 2.0 2.5 3.01e6

01234567

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

2680000 2685000 2690000 2695000 2700000 2705000 2710000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.5 3.0 3.5 4.0 4.5 5.0 5.5 6.0


0.0

0.5

1.0

1.5

2.0

2.5

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e6


0.0 0.5 1.0 1.51e7

0.0

0.5

1.0

1.5

Reord

eri

ng (

ms)

1e7

0.0 0.2 0.4 0.6 0.8 1.0 1.21e7

0.00.20.40.60.81.01.21.4

Goal j

1e1

0.0 0.2 0.4 0.6 0.8 1.0 1.21e7

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.21e7

0.00.20.40.60.81.01.21.41.6

Tota

l B

DD

Nodes

1e7

0 1 2 3 4 5 6 7 81e6

0.0

0.2

0.4

0.6

0.8

1.0

Fixed p

oin

ts(B

DD

nodes)

1e4X Y Z

7200000 7205000 7210000 7215000 7220000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


0.7 0.8 0.9 1.0 1.1 1.2


0.00.51.01.52.02.53.03.54.0

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e6


0.0 0.5 1.0 1.51e7

0.0

0.5

1.0

1.5

Reord

eri

ng (

ms)

1e7

0.0 0.2 0.4 0.6 0.8 1.0 1.21e7

0.00.20.40.60.81.01.21.4

Goal j

1e1

0.0 0.2 0.4 0.6 0.8 1.0 1.21e7

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.21e7

0.0

0.5

1.0

1.5

2.0

Tota

l B

DD

Nodes

1e7

0 1 2 3 4 5 6 7 81e6

0.0

0.2

0.4

0.6

0.8

1.0

Fixed p

oin

ts(B

DD

nodes)

1e4X Y Z

7140000 7145000 7150000 7155000 7160000 7165000 7170000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


0.7 0.8 0.9 1.0 1.1 1.2


0

1

2

3

4

5

6

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e6


0.0 0.5 1.0 1.51e7

0.0

0.5

1.0

1.5

Reord

eri

ng (

ms)

1e7

0.0 0.2 0.4 0.6 0.8 1.0 1.21e7

0.00.20.40.60.81.01.21.41.6

Goal j

1e1

0.0 0.2 0.4 0.6 0.8 1.0 1.21e7

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.21e7

0.0

0.5

1.0

1.5

2.0

2.5

Tota

l B

DD

Nodes

1e7

0 1 2 3 4 5 6 71e6

0.0

0.2

0.4

0.6

0.8

1.0

1.2

Fixed p

oin

ts(B

DD

nodes)

1e4X Y Z

6480000 6485000 6490000 6495000 6500000 6505000 6510000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


0.6 0.7 0.8 0.9 1.0 1.1 1.2


0.00.51.01.52.02.53.03.5

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e6


0 1 2 3 41e7

0

1

2

3

4

Reord

eri

ng (

ms)

1e7

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e7

0.00.20.40.60.81.01.21.41.6

Goal j

1e1

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e7

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.51e7

0.0

0.5

1.0

1.5

2.0

2.5

3.0

Tota

l B

DD

Nodes

1e7

0.0 0.5 1.0 1.5 2.0 2.51e7

0.00.20.40.60.81.01.21.4

Fixed p

oin

ts(B

DD

nodes)

1e4X Y Z

0 10000 20000 30000 40000 50000 60000 70000+2.225e7

100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.2 2.4 2.6 2.8 3.0 3.2 3.4 3.6


0.0

0.2

0.4

0.6

0.8

1.0

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e7


0 1 2 31e7

0

1

2

3

Reord

eri

ng (

ms)

1e7

0.0 0.5 1.0 1.5 2.0 2.51e7

0.00.20.40.60.81.01.21.41.61.8

Goal j

1e1

0.0 0.5 1.0 1.5 2.0 2.51e7

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.51e7

0.00.51.01.52.02.53.03.5

Tota

l B

DD

Nodes

1e7

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.41e7

0.0

0.2

0.4

0.6

0.8

1.0

1.2

Fixed p

oin

ts(B

DD

nodes)

1e4X Y Z

0 5000 10000 15000 20000 25000 30000 35000 40000 45000+1.233e7

100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.2 1.4 1.6 1.8 2.0 2.2 2.4


0123456789

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e6


0 2 4 61e7

0

2

4

6

Reord

eri

ng (

ms)

1e7

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e7

0.00.20.40.60.81.01.21.41.61.8

Goal j

1e1

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e7

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.51e7

0.00.51.01.52.02.53.03.54.04.5

Tota

l B

DD

Nodes

1e7

0.0 0.5 1.0 1.5 2.0 2.5 3.01e7

0.00.20.40.60.81.01.21.4

Fixed p

oin

ts(B

DD

nodes)

1e4X Y Z

2.634 2.636 2.638 2.640 2.642 2.644 2.646 2.6481e7

100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.5 3.0 3.5 4.0 4.5


0.00.20.40.60.81.01.21.4

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e7


0 2 4 61e7

0

2

4

6

Reord

eri

ng (

ms)

1e7

0 1 2 3 4 51e7

0.0

0.5

1.0

1.5

2.0G

oal j

1e1

0 1 2 3 4 51e7

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 51e7

0

1

2

3

4

5

6

Tota

l B

DD

Nodes

1e7

0.0 0.5 1.0 1.5 2.0 2.5 3.01e7

0.00.20.40.60.81.01.21.41.6

Fixed p

oin

ts(B

DD

nodes)

1e4X Y Z

2.678 2.680 2.682 2.684 2.686 2.688 2.690 2.692 2.694 2.6961e7

100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.5 3.0 3.5 4.0 4.5 5.0


0.0

0.5

1.0

1.5

2.0

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e7


0.0 0.5 1.0 1.51e3

0.0

0.5

1.0

1.5

Reord

eri

ng (

ms)

1e3

0.0 0.2 0.4 0.6 0.8 1.0 1.21e3

0.0

0.5

1.0

1.5

2.0

2.5

3.0G

oal j

0.0 0.2 0.4 0.6 0.8 1.0 1.21e3

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.21e3

0

1

2

3

4

5

6

Tota

l B

DD

Nodes

1e4

0.0 0.2 0.4 0.6 0.8 1.0 1.21e3

0.00.51.01.52.02.53.03.5

Fixed p

oin

ts(B

DD

nodes)

1e2X Y Z

1110 1115 1120 1125 1130 1135 1140 1145100

101

102

103

104

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.146 1.148 1.150 1.152 1.154 1.156 1.158 1.160 1.162 1.164


0.60.81.01.21.41.61.82.02.22.4

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e4

Figure 118: Original spec with conjunction but no strategy reordering (last runs with memoryupgrade): 2 masters. 139

0.0 0.5 1.0 1.51e4

0.0

0.5

1.0

1.5

Reord

eri

ng (

ms)

1e4

0.0 0.2 0.4 0.6 0.8 1.0 1.21e4

0.00.51.01.52.02.53.03.54.0

Goal j

0.0 0.2 0.4 0.6 0.8 1.0 1.21e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.21e4

0.00.51.01.52.02.53.03.54.0

Tota

l B

DD

Nodes

1e5

0.0 0.2 0.4 0.6 0.8 1.01e4

0.0

0.2

0.4

0.6

0.8

1.0

1.2

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

9750 9800 9850 9900 9950 10000100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.000 1.005 1.010 1.015 1.020 1.025


0.0

0.5

1.0

1.5

2.0

2.5

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0 1 2 31e4

0

1

2

3

Reord

eri

ng (

ms)

1e4

0.0 0.5 1.0 1.5 2.0 2.5 3.01e4

0

1

2

3

4

5

Goal j

0.0 0.5 1.0 1.5 2.0 2.5 3.01e4

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.5 3.01e4

0123456789

Tota

l B

DD

Nodes

1e5

0.0 0.5 1.0 1.5 2.0 2.5 3.01e4

0.0

0.5

1.0

1.5

2.0

2.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

26900 27000 27100 27200 27300 27400 27500 27600100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.76 2.77 2.78 2.79 2.80 2.81 2.82


0.00.51.01.52.02.53.03.54.04.5

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e5


0.0 0.5 1.0 1.51e5

0.0

0.5

1.0

1.5

Reord

eri

ng (

ms)

1e5

0.0 0.2 0.4 0.6 0.8 1.0 1.21e5

0

1

2

3

4

5

6

Goal j

0.0 0.2 0.4 0.6 0.8 1.0 1.21e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.2 0.4 0.6 0.8 1.0 1.21e5

0.00.51.01.52.02.53.03.54.04.5

Tota

l B

DD

Nodes

1e6

0.0 0.2 0.4 0.6 0.8 1.0 1.21e5

0.00.51.01.52.02.53.03.54.0

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

100500 101000 101500 102000 102500 103000100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


1.02 1.03 1.04 1.05 1.06 1.07 1.08


0.0

0.5

1.0

1.5

2.0

2.5

3.0

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e6


0 1 2 31e5

0

1

2

3

Reord

eri

ng (

ms)

1e5

0.0 0.5 1.0 1.5 2.0 2.51e5

01234567

Goal j

0.0 0.5 1.0 1.5 2.0 2.51e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0.0 0.5 1.0 1.5 2.0 2.51e5

0.0

0.2

0.4

0.6

0.8

1.0

1.2

Tota

l B

DD

Nodes

1e7

0.0 0.5 1.0 1.5 2.0 2.51e5

0.0

0.5

1.0

1.5

2.0

2.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

227000 227500 228000 228500 229000 229500100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


2.28 2.30 2.32 2.34 2.36 2.38 2.40 2.42 2.44 2.46


0.0

0.2

0.4

0.6

0.8

1.0

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e7


0 2 4 61e5

0

2

4

6

Reord

eri

ng (

ms)

1e5

0 1 2 3 4 5 61e5

012345678

Goal j

0 1 2 3 4 5 61e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 61e5

0.00.51.01.52.02.53.03.54.0

Tota

l B

DD

Nodes

1e7

0 1 2 3 4 51e5

0.00.51.01.52.02.53.03.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

454000 455000 456000 457000 458000 459000 460000100

101

102

103

104

105

Indiv

idual st

rate

gie

s(B

DD

nodes)


4.5 4.6 4.7 4.8 4.9 5.0 5.1 5.2 5.3 5.4


0.00.51.01.52.02.53.03.5

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e7


0 2 4 6 81e5

0

2

4

6

8

Reord

eri

ng (

ms)

1e5

0 1 2 3 4 5 6 7 81e5

0123456789

Goal j

0 1 2 3 4 5 6 7 81e5

0.0

0.2

0.4

0.6

0.8

1.0

Ass

um

pti

on i

0 1 2 3 4 5 6 7 81e5

012345678

Tota

l B

DD

Nodes

1e7

0 1 2 3 4 5 61e5

0.00.51.01.52.02.53.03.5

Fixed p

oin

ts(B

DD

nodes)

1e3X Y Z

576500 577000 577500 578000 578500 579000 579500 580000 580500 581000100

101

102

103

104

105

106

Indiv

idual st

rate

gie

s(B

DD

nodes)


5.8 6.0 6.2 6.4 6.6 6.8 7.0 7.2 7.4 7.6


012345678

Com

bin

ed s

trate

gy

(BD

D n

odes)

1e7


2 4 6 8 10 12 14 16 18 20Number of masters

10-1

100

101

102

103

104

105

Tim

e (

sec)

conj revised, reorderBA revised, w/o reordertime from [Bloem et al.`12]time from [Godhal et al.`13]

Figure 125: Comparison with [1].

Figure 126: Synthesis time for the revised specification using a BA (w/o strategy reordering),Fig. 45 to Fig. 59, and conjoining liveness goals (using strategy reordering), Fig. 60 to Fig. 78,compared to results from [1, 2].

4 Relevant workThe specification that we considered was proposed in [5, 4, 1]. The time reported there for 12masters is in the order of 20 hours, using the synthesizer Anzu [29]. Both Anzu (Perl) andSlugs (C++) use Cudd [28] as BDD library.

In [2], a more complete specification was presented for the AHB arbiter, by extending thespecification of [1], but without revisions of the form proposed here. In particular, [2] refines thespecification, adding more detail, whereas we abstract it, weakening and modifying assumptions.The times reported there are much improved compared to [1], but still scale to above an hour for 16masters. In contrast, the revised specification with conjunction synthesizes in the order of minutes(with strategy reordering enabled).

In [8], a different algorithm is proposed for constructing the winning strategy from the interme-diate sets produced by the fixed point iteration that decides realizability. The resulting strategyis eager to progress in reaching multiple goals, when the opportunity exists, cycling faster throughliveness goals. The times reported there are in the order of 6 and 10 hours (for the various strategyconstruction algorithms) for 15 masters.

146

1 do2 :: φ1;3 if4 :: φ2

5 :: φ3

6 fi7 do8 :: φ4; break9 :: φ5;

10 :: else11 od12 φ6

13 :: else14 od

Figure 127: Listing corresponding to formula in text.

A Note on determinism of automataNote that the (symbolic) automaton is deterministic, because it commits to the choices it makes,i.e., its existential branching is visible to the property (the variables that represent the state areletters in the alphabet). (For automated determinization of LTL properties to either parity or Büchiautomata, prior to solving a parity game, see [30]).

For example, an automaton with four nodes can be represented by introducing an auxiliaryinteger variable u ∈ {0, 1, 2, 3}. Suppose that it has the transitions ((u = 0) → ((φ1 ∧ (u =1)) ∨ (¬φ1 ∧ (u = 0)))) ∧ ((u = 1) → ((φ2 ∧ (u = 2)) ∨ (φ3 ∧ (u = 2)))) ∧ ((u = 2) →((φ4 ∧(u = 3)) ∨ (φ5 ∧(u = 2)) ∨ (¬φ4 ∧ ¬φ5 ∧(u = 2)))) ∧ ((u = 3) → (φ6 ∧(u = 0)). Itcan be argued that this formula is much less readable and editable than the listing of Fig. 127.

Note that the above automaton can have more than a single enabled transition. Nonetheless,it represents a deterministic Buchi automaton, because the program counter u is visible to theenvironment. This forces the system to commit to its future strategy during GR(1) synthesis, whenit selects a valuation of its variables as reaction. In other words, the non-determinism is visible,because u is part of the alphabet and so of the moves that the synthesis algorithm takes in thegame. For the above symbolic automaton to be non-deterministic, the variable u must not be partof the alphabet, so not a visible output. This is not the case in GR(1) synthesis. Strictly speaking,the previous can be regarded as a symbolic representation of an automaton, but not as a Büchiautomaton. If each edge label is conjoined with a formula of the form (u = j), then the resultingrepresentation will indeed be a deterministic Büchi automaton.

147

B Revised AMBA AHB specification

Listing 1: The revised AMBA AHB specification.1 #define N 2 /* N + 1 masters */2 #define SINGLE 03 #define BURST4 14 #define INCR 2567 /* variables of masters and slaves */8 /* A4: initial condition */9 free env bool ready = false;

10 free env int(0, 2) burst;11 free env bool request[N + 1] = false;12 free env bool grantee_lockreq = false;13 free env bool master_lockreq = false;1415 /* arbiter variables */16 /* G11: sys initial condition */17 free bool start = true;18 free bool decide = true;19 free bool lock = false;20 free bool lockmemo;21 free int(0, N) master = 0;22 free int(0, N) grant;2324 /* A2: slaves must progress with receiving data */25 assume ltl { []<> ready }2627 /* A3: dropped, weakening the assumptions */2829 /* A1: if current master is granted locked access,30 * then it must progress by withdrawing the lock request.31 */32 assume env proctype withdraw_lock(){33 progress:34 do35 :: lock;36 do37 :: ! master_lockreq; break38 :: true /* wait */39 od40 :: else41 od42 }

148

434445 assert ltl {46 [](47 /* G1: new access starts only when slave is ready

*/48 (start' −> ready)49 /* G4,5: current master and lock updated50 * only when communicating slave signals51 * that it completed receiving data.52 */53 && (ready −> ((master' == grant) && (lock' <−>

lockmemo)))54 /* G6: current master and locking may change only55 * when an access starts, and remain invariant

otherwise56 */57 && (! start' −> (58 (master' == master) &&59 (lock' <−> lock)))60 /* G7: when deciding, remember if the requestor61 * requested also locking.62 * when implementing the circuit, route:63 * grantee_lockreq = lockreq[grant']64 */65 && (decide −> (lockmemo' <−> grantee_lockreq))66 /* G8: current grantee and locking memo67 * remain invariant while not deciding.68 */69 && (! decide −> (70 (grant' == grant) &&71 (lockmemo' <−> lockmemo)))72 /* G10: only a requestor can become grantee */73 && ((grant' == grant) || (grant' == 0) || request[

grant'])74 )75 }7677 /* all properties must hold synchronously */78 sync{7980 /* G9: weak fairness */81 assert sys proctype fairness(){82 int(0, N) count;83 do84 :: (! request[count] || (master == count));

149

85 if86 :: (count < N) && (count' == count + 1)87 :: (count == N) && (count' == 0);88 progress: skip89 fi90 :: else91 od92 }9394 /* G2: if locked access of unspecified length starts,95 * then locking shall be withdrawn before starting96 * another access.97 */98 assert sys proctype maintain_lock(){99 do

100 :: (lock && start && (burst == INCR));101 do102 :: (! start && ! master_lockreq); break103 :: ! start104 od105 :: else106 od107 }108109 /* G3: for a BURST4 access,110 * count the "ready" time steps.111 */112 assert sys proctype count_burst(){113 int(0, 3) count;114 do115 :: (start && lock &&116 (burst == BURST4) &&117 (!ready || (count' == 1)) &&118 (ready || (count' == 0)) );119 do120 :: (! start && ! ready)121 :: (! start && ready && (count < 3) &&122 (count' == count + 1))123 :: (! start && ready && (count >= 3)); break124 od125 :: else126 od127 }128129 }

150

C Original AMBA AHB specificationThe following specification was created by a translator based on the original one from the Anzuwebsite [29].

Listing 2: The original AMBA AHB specification from [1], for the case of 2 masters.1 free env bit hready, hburst0, hburst1, hbusreq0, hlock0, hbusreq1,

hlock1;2 free sys bit hmaster0, hmastlock, start, locked, decide, hgrant0,

busreq, stateA1_0, stateA1_1, stateG2, stateG3_0, stateG3_1,stateG3_2, hgrant1, stateG10_1;

3 assume ltl {4 hready == 0 &&5 hbusreq0 == 0 &&6 hlock0 == 0 &&7 hbusreq1 == 0 &&8 hlock1 == 0 &&9 hburst0 == 0 &&

10 hburst1 == 0 &&1112 []( hlock0 == 1 −> hbusreq0 == 1 ) &&13 []( hlock1 == 1 −> hbusreq1 == 1 ) &&1415 [](<>(stateA1_1 == 0)) &&16 [](<>(hready == 1))1718 }19 assert ltl {20 hmaster0 == 0 &&21 hmastlock == 0&&22 start == 1&&23 decide == 1&&24 locked == 0&&25 hgrant0 == 1&&26 hgrant1 == 0 &&27 busreq==0 &&28 stateA1_0 == 0 &&29 stateA1_1 == 0 &&30 stateG2 == 0 &&31 stateG3_0 == 0 &&32 stateG3_1 == 0 &&33 stateG3_2 == 0 &&34 stateG10_1 == 0 &&3536 []((hmaster0 == 0) −> (hbusreq0 == 0 <−> busreq==0)) &&37 []((hmaster0 == 1) −> (hbusreq1 == 0 <−> busreq==0)) &&

151

38 [](((stateA1_1 == 0) && (stateA1_0 == 0) && ((hmastlock == 0) || (hburst0 == 1) || (hburst1 == 1))) −>

39 X((stateA1_1 == 0) && (stateA1_0 == 0))) &&40 [](((stateA1_1 == 0) && (stateA1_0 == 0) && (hmastlock == 1) && (

hburst0 == 0) && (hburst1 == 0)) −>41 X((stateA1_1 == 1) && (stateA1_0 == 0))) &&42 [](((stateA1_1 == 1) && (stateA1_0 == 0) && (busreq == 1)) −>43 X((stateA1_1 == 1) && (stateA1_0 == 0))) &&44 [](((stateA1_1 == 1) && (stateA1_0 == 0) && (busreq == 0) && ((

hmastlock == 0) || (hburst0 == 1) || (hburst1 == 1))) −>45 X((stateA1_1 == 0) && (stateA1_0 == 0))) &&46 [](((stateA1_1 == 1) && (stateA1_0 == 0) && (busreq == 0) && (

hmastlock == 1) && (hburst0 == 0) && (hburst1 == 0)) −>47 X((stateA1_1 == 0) && (stateA1_0 == 1))) &&48 [](((stateA1_1 == 0) && (stateA1_0 == 1) && (busreq == 1)) −>49 X((stateA1_1 == 1) && (stateA1_0 == 0))) &&50 [](((stateA1_1 == 0) && (stateA1_0 == 1) && (hmastlock == 1) && (

hburst0 == 0) && (hburst1 == 0)) −>51 X((stateA1_1 == 1) && (stateA1_0 == 0))) &&52 [](((stateA1_1 == 0) && (stateA1_0 == 1) && (busreq == 0) && ((

hmastlock == 0) || (hburst0 == 1) || (hburst1 == 1))) −>53 X((stateA1_1 == 0) && (stateA1_0 == 0))) &&54 []((hready == 0) −> X(start == 0)) &&55 [](((stateG2 == 0) && ((hmastlock == 0) || (start == 0) || (

hburst0 == 1) || (hburst1 == 1))) −> X(stateG2 == 0)) &&56 [](((stateG2 == 0) && (hmastlock == 1) && (start == 1) && (

hburst0 == 0) && (hburst1 == 0)) −> X(stateG2 == 1)) &&57 [](((stateG2 == 1) && (start == 0) && (busreq == 1)) −> X(stateG2

== 1)) &&58 [](((stateG2 == 1) && (start == 1)) −> false) &&59 [](((stateG2 == 1) && (start == 0) && (busreq == 0)) −> X(stateG2

== 0)) &&60 [](((stateG3_0 == 0) && (stateG3_1 == 0) && (stateG3_2 == 0) &&61 ((hmastlock == 0) || (start == 0) || ((hburst0 == 1) || (hburst1

== 0)))) −>62 (X(stateG3_0 == 0) && X(stateG3_1 == 0) && X(stateG3_2 == 0)))

&&63 [](((stateG3_0 == 0) && (stateG3_1 == 0) && (stateG3_2 == 0) &&64 ((hmastlock == 1) && (start == 1) && ((hburst0 == 0) && (hburst1

== 1)) && (hready == 0))) −>65 (X(stateG3_0 == 1) && X(stateG3_1 == 0) && X(stateG3_2 == 0)))

&&66 [](((stateG3_0 == 0) && (stateG3_1 == 0) && (stateG3_2 == 0) &&67 ((hmastlock == 1) && (start == 1) && ((hburst0 == 0) && (hburst1

== 1)) && (hready == 1))) −>68 (X(stateG3_0 == 0) && X(stateG3_1 == 1) && X(stateG3_2 == 0)))

152

&&6970 [](((stateG3_0 == 1) && (stateG3_1 == 0) && (stateG3_2 == 0) && ((

start == 0) && (hready == 0))) −>71 (X(stateG3_0 == 1) && X(stateG3_1 == 0) && X(stateG3_2 == 0)))




start == 1))) −> false) &&767778 [](((stateG3_0 == 0) && (stateG3_1 == 1) && (stateG3_2 == 0) && ((














&&94

153

95 [](((stateG3_0 == 0) && (stateG3_1 == 0) && (stateG3_2 == 1) && ((start == 1))) −> false) &&

96 []((hready == 1) −> ((hgrant0 == 1) <−> (X(hmaster0 == 0)))) &&97 []((hready == 1) −> ((hgrant1 == 1) <−> (X(hmaster0 == 1)))) &&98 []((hready == 1) −> (locked == 0 <−> X(hmastlock == 0))) &&99 [](X(start == 0) −> (((hmaster0 == 0)) <−> (X(hmaster0 == 0)))) &&

100 [](X(start == 0) −> (((hmaster0 == 1)) <−> (X(hmaster0 == 1)))) &&101 [](((X(start == 0))) −> ((hmastlock == 1) <−> X(hmastlock == 1)))

&&102 []((decide == 1 && hlock0 == 1 && X(hgrant0 == 1))−>X(locked == 1)

) &&103 []((decide == 1 && hlock0 == 0 && X(hgrant0 == 1))−>X(locked == 0)



) &&106 []((decide == 0) −> (((hgrant0 == 0)<−> X(hgrant0 == 0)))) &&107 []((decide == 0) −> (((hgrant1 == 0)<−> X(hgrant1 == 0)))) &&108 []((decide == 0)−>(locked == 0 <−> X(locked == 0))) &&109 [](((stateG10_1 == 0) && (((hgrant1 == 1) ||(hbusreq1 == 1)))) −>

X(stateG10_1 == 0)) &&110 [](((stateG10_1 == 0) && ((hgrant1 == 0) && (hbusreq1 == 0))) −> X

(stateG10_1 == 1)) &&111 [](((stateG10_1 == 1) && ((hgrant1 == 0) && (hbusreq1 == 0)))−> X(

stateG10_1 == 1)) &&112 [](((stateG10_1 == 1) && (((hgrant1 == 1)) && (hbusreq1 == 0))) −>

false) &&113 [](((stateG10_1 == 1) && (hbusreq1 == 1)) −> X(stateG10_1 == 0))

&&114 []((decide==1 && hbusreq0 == 0 && hbusreq1 == 0) −> X(hgrant0==1)

) &&115116 [](<>(stateG2 == 0)) &&117 [](<>((stateG3_0 == 0) && (stateG3_1 == 0) && (stateG3_2 == 0)

))118 && [](<>(((hmaster0 == 0)) || hbusreq0 == 0))&&119 [](<>(((hmaster0 == 1)) || hbusreq1 == 0))120 }

154

References[1] R. Bloem, B. Jobstmann, N. Piterman, A. Pnueli, and Y. Sa’ar, “Synthesis of Reactive(1)

designs,” Journal of Computer and System Sciences, vol. 78, no. 3, pp. 911 – 938, 2012, inCommemoration of Amir Pnueli. 1, 5, 6, 7, 8, 9, 10, 11, 18, 20, 24, 25, 146, 151

[2] Y. Godhal, K. Chatterjee, and T. A. Henzinger, “Synthesis of AMBA AHB from formal specifi-cation: a case study,” International Journal on Software Tools for Technology Transfer, vol. 15,no. 5-6, pp. 585–601, 2013. 5, 6, 8, 146

[3] AMBA™ Specification, Rev 2.0 ed., ARM Ltd., 1999. 6, 19

[4] R. Bloem, S. Galler, B. Jobstmann, N. Piterman, A. Pnueli, and M. Weiglhofer, “Interactivepresentation: Automatic hardware synthesis from specifications: A case study,” in Proceedingsof the Conference on Design, Automation and Test in Europe, ser. DATE ’07. San Jose, CA,USA: EDA Consortium, 2007, pp. 1188–1193. 6, 8, 146

[5] ——, “Specify, compile, run: Hardware from PSL,” Electronic Notes in Theoretical Com-puter Science, vol. 190, no. 4, pp. 3 – 16, 2007, proceedings of the Workshop on CompilerOptimization meets Compiler Verification (COCV 2007). 6, 8, 146

[6] A. Morgenstern, “Symbolic controller synthesis for LTL specifications,” Ph.D. dissertation,Computer Science, February 2010. [Online]. Available: http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:hbz:386-kluedo-25721 6

[7] W. Li, L. Dworkin, and S. A. Seshia, “Mining assumptions for synthesis,” in Formal Methodsand Models for Codesign (MEMOCODE), 2011 9th IEEE/ACM International Conference on.IEEE, 2011, pp. 43–50. 6

[8] M. Schlaipfer, G. Hofferek, and R. Bloem, “Generalized reactivity (1) synthesis without amonolithic strategy,” in Hardware and Software: Verification and Testing. Springer, 2012,pp. 20–34. 6, 146

[9] R. Bloem, S. Jacobs, and A. Khalimov, “Parameterized synthesis case study: AMBA AHB(extended version),” 06 2014. [Online]. Available: http://arxiv.org/abs/1406.7608 6

[10] R. Ehlers, R. Kunighofer, and G. Hofferek, “Symbolically synthesizing small circuits,” in For-mal Methods in Computer-Aided Design (FMCAD), 2012, Oct 2012, pp. 91–100. 6

[11] J. Schmaltz and D. Borrione, “Validation of a parameterized bus architecture model,” Proc.TIMA-VDS, 2003. 6

[12] K. W. Susanto, “A verification platform for system on chip,” Ph.D. dissertation, Dept. ofComputing Science, Glasgow, UK, October 2003. 6

[13] K. W. Susanto and T. Melham, “An AMBA-ARM7 formal verification platform,” in FormalMethods and Software Engineering. Springer, 2003, pp. 48–67. 6

[14] A. Roychoudhury, T. Mitra, and S. Karri, “Using formal techniques to debug the AMBAsystem-on-chip bus protocol,” in Design, Automation and Test in Europe Conference andExhibition, 2003. IEEE, 2003, pp. 828–833. 6

155

http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:hbz:386-kluedo-25721

http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:hbz:386-kluedo-25721

http://arxiv.org/abs/1406.7608

[15] A. A. McEwan and S. Schneider, “Modelling and analysis of the AMBA bus using CSP andB,” Concurrency and Computation: Practice and Experience, vol. 22, no. 8, pp. 949–964, 2010.6

[16] G. Madl, S. Pasricha, L. A. D. Bathen, N. Dutt, and Q. Zhu, “Formal performance evalua-tion of AMBA-based system-on-chip designs,” in Proceedings of the 6th ACM & IEEEInternational conference on Embedded software. ACM, 2006, pp. 311–320. 6

[17] M. Pockrandt, P. Herber, and S. Glesner, “Model checking a SystemC/TLM design of theAMBA AHB protocol,” in Embedded Systems for Real-Time Multimedia (ESTIMedia), 20119th IEEE Symposium on. IEEE, 2011, pp. 66–75. 6

[18] N. Piterman, A. Pnueli, and Y. Sa’ar, “Synthesis of Reactive(1) designs,” in Verification, ModelChecking, and Abstract Interpretation (VMCAI). Charleston, SC, USA: Springer, January2006, pp. 364–380. 6, 23

[19] E. W. Dijkstra, “Guarded commands, nondeterminacy and formal derivation of programs,”Commun. ACM, vol. 18, no. 8, pp. 453–457, Aug. 1975. 10

[20] I. Filippidis, R. M. Murray, and G. J. Holzmann, “Synthesis from multi-paradigmspecifications,” California Institute of Technology, Tech. Rep., March 2015. [Online]. Available:http://resolver.caltech.edu/CaltechCDSTR:2015.003 18

[21] R. Ehlers and V. Raman, “Low-effort specification debugging and analysis,” EPTCS, vol. 157,pp. 117–133, 07 2014. 18

[22] R. Rudell, “Dynamic variable ordering for ordered binary decision diagrams,” in Proceedingsof the 1993 IEEE/ACM international conference on Computer-aided design. IEEE ComputerSociety Press, 1993, pp. 42–47. 19

[23] S. Panda and F. Somenzi, “Who are the variables in your neighbourhood,” in Computer-Aided Design, 1995. ICCAD-95. Digest of Technical Papers., 1995 IEEE/ACM InternationalConference on. IEEE, 1995, pp. 74–77. 19

[24] M. Byrod, B. Lennartson, A. Vahidi, and K. Akesson, “Efficient reachability analysis on mod-ular discrete-event systems using binary decision diagrams,” in Discrete Event Systems, 20068th International Workshop on. IEEE, 2006, pp. 288–293. 21, 24

[25] J. Geldenhuys and A. Valmari, “Techniques for smaller intermediary bdds,” in CONCUR2001—Concurrency Theory. Springer, 2001, pp. 233–247. 21, 24, 25

[26] W. Thomas, “Solution of church’s problem: A tutorial,” New Perspectives on Games andinteraction, vol. 5, 2008. 23

[27] A. Browne, E. M. Clarke, S. Jha, D. E. Long, and W. Marrero, “An improved algorithm for theevaluation of fixpoint expressions,” Theoretical Computer Science, vol. 178, no. 1, pp. 237–255,1997. 24

[28] F. Somenzi, “Cudd: CU Decision Diagram package - release 2.5.0,” University of Coloradoat Boulder, 2012. [Online]. Available: http://vlsi.colorado.edu/~fabio/CUDD/cuddIntro.html25, 146

156

http://resolver.caltech.edu/CaltechCDSTR:2015.003

http://vlsi.colorado.edu/~fabio/CUDD/cuddIntro.html

[29] B. Jobstmann, S. Galler, M. Weiglhofer, and R. Bloem, “Anzu: A tool for propertysynthesis,” in Computer Aided Verification. Springer, 2007, pp. 258–262. [Online]. Available:http://www.iaik.tugraz.at/content/research/design_verification/anzu/ 146, 151

[30] S. Sohail, F. Somenzi, and K. Ravi, “A hybrid algorithm for LTL games,” in Verification,Model Checking, and Abstract Interpretation. Springer, 2008, pp. 309–323. 147

157

http://www.iaik.tugraz.at/content/research/design_verification/anzu/

revisiting the amba ahb bus case studyauthors.library.caltech.edu/57469/1/amba_coda_0.pdf ·...

Documents