Exploiting Functional Dependencies in Finite State Machine Verification
advertisement
Exploiting Functional Dependencies in Finite State Machine Verification
C.A.J. van Eijk and J.A.G. Jess
Design Automation Section, Eindhoven University of Technology
P.O.Box 513, 5600 MB Eindhoven, The Netherlands
e-mail: C.A.J.v.Eijk@ele.tue.nl
Abstract
This paper proposes a novel verification method for finite
state machines (FSMs), which automatically exploits the
relation between the state encodings of the FSMs under
consideration. It is based on the detection and utilization of
functionally dependent state variables. This significantly
extends the ability of the verification method to handle
FSMs with similar state encodings. The effectiveness of the
proposed method is illustrated by experimental results on
well-known benchmarks.
1. Introduction
During the design of digital circuits, several descriptions of
a design are generated at various levels of detail. Verifying
the consistency of these descriptions is an important aspect
of the design process. At the logic level, a circuit is usually
modeled as a finite state machine (FSM). Therefore, it is
important to have algorithms which can efficiently verify
the equivalence of FSMs. Impressive progress has been
made in this area by the introduction of so-called symbolic
techniques, which are based on the application of binary decision diagrams (BDDs) to traverse the state space (see e.g.
[3][6][13]). Although these methods can conceivably handle large FSMs with current BDD-based implementation
techniques, the biggest problem faced is still that of scale.
Often, the two FSMs which have to be verified have similar
state encodings, because one description has been synthesized from the other one. When e.g. a design has been retimed or optimized with respect to the non-reachable state
space, there exists a relation between the state variables of
both FSMs. Existing methods are not able to exploit such
similarities.
This paper proposes a novel method to detect and exploit
the relation between the state encodings of the FSMs under
consideration. It is based on the concept of functionally dependent variables; these variables are characterized by the
property that their value can always be determined from the
values of the other state variables. Therefore, dependent
variables can be removed from the problem representation.
ED&TC ’96
0-89791-821/96 $5.00 1996 IEEE
As will be explained in section 3, this has several positive
effects on the performance of the verification method; it
may result in smaller BDD representations and reduce the
number of iterations required by the symbolic traversal
algorithm. Several techniques are presented to detect dependent state variables. These techniques are based on a functional analysis of both FSMs; they do not require
user-supplied information or name correspondences to
identify functional dependencies such as equivalent state
variables. Therefore they can also be applied when different
names are used in both descriptions.
This paper is organized as follows: The next section
introduces some preliminaries. Section 3 discusses symbolic verification methods for finite state machines and explains the efficiency gain that can be obtained by exploiting
dependent state variables. Section 4 proposes a new verification method to address this problem. The detection of the
dependencies is the subject of section 5. Some experimental
results are reported in section 6.
2. Preliminaries
A FSM M is defined as a 6-tuple (I, O, S, S 0, , ), where I
is the input alphabet, O is the output alphabet, S is the state
space, S 0 S is the set of initial states, : S I S is the
next-state function, and : S I O is the output function. The reachable state space is the set of states which can
be reached in zero or more steps from some initial state and
is denoted Reach(M). B denotes the set of boolean values
{0, 1}. In this paper, we only consider FSMs for which I, O,
and S are boolean spaces, i.e., I B m, O B p , S B n,
( 1,..., n), and ( 1,..., p). We associate a set of
boolean state variables V {v 1,...,v n} with every FSM,
which represent the registers of the circuit modeled by this
machine.
If two finite state machines have identical input and output alphabets, it is possible to compare their behavior. Then
two FSMs are called equivalent iff they produce the same
sequence of output vectors for any sequence of input
vectors. To formalize this requirement, the product machine
is defined. Given two FSMs M A = (I, O, S A, S A,0, A, A) and
M B = (I, O, S B, S B,0, B, B). The product machine M =
(I, B, S, S 0, D, L) of M A and M B is defined by S + S A S B,
S 0 + S A,0 S B,0, D(s A, s B, i) = (D A(s A, i), D B(s B, i)), and
L(s A, s B, i) = (L A(s A, i) 5 L B(s B, i)). Equivalence of FSMs
can now be formulated as follows: Two FSMs are functionally equivalent iff the output of the corresponding product
machine is assigned the value 1 in all reachable states.
In the sequel of this paper, M A = (I, O, S A, S A,0, D A, L A) and
M B = (I, O, S B, S B,0, D B, L B) represent the two FSMs which
are verified. The corresponding product machine is represented by M = (I, B, S, S 0, D, L).
3. Background and related work
Sequential verification methods typically proceed as follows. They start with two FSMs which have been extracted
from circuit descriptions. The product machine of these
FSMs is constructed and then its reachable state space is
calculated. This is typically done with a symbolic algorithm,
which calculates the reachable state space in a breadth first
manner and uses BDDs [2] to represent all sets and functions. The most important operation in a symbolic algorithm
is the calculation of the image of a set of states; this is the set
of states which can be reached in a single step from the given
set of states. Several techniques have been proposed to implement this calculation efficiently (see e.g. [3][4][6][13]).
Although symbolic algorithms can conceivably handle
large FSMs with current BDD-based implementation techniques, sequential verification is still not feasible for many
FSMs of practical size. The major limitations are the sizes of
the BDD representations for the next-state function and the
set of reached states, and the required number of iterations.
Therefore, new techniques are needed to improve the feasibility of sequential verification. This can be done by developing still more efficient state space calculation techniques.
We propose a complementary approach which exploits the
functional dependencies between the state variables of the
FSMs under consideration. Similar approaches are also
used in the following related work.
In [4], Cabodi et al. introduce the so-called general product machine; some explicitly known relation between the
state encodings of both machines is exploited to construct a
good encoding for the state space of this product machine.
However, no methods are proposed to derive the required
relation between the state encodings automatically. In [9],
Hu and Dill identify functionally dependent variables as a
common cause of BDD-size blowup in the verification of
concurrent systems. They address this problem by allowing
the user to declare the dependent variables in a system as a
function of the independent variables. Some other methods
exploit a specific type of dependency, namely equivalent
state variables. In [8], it is shown how corresponding state
variables can be identified before the reachable state space is
calculated. This method is also used in the industrial verification system CVE developed at Siemens [1]. In the sequen-
tial verification algorithm of the industrial synthesis system
TIGER, equivalent (and opposite) variables are detected on
the fly during state space traversal; it has been developed by
Coudert, Madre and Touati [7].
In this paper, we propose a verification method which automatically detects and uses functionally dependent state
variables. It does not require user-supplied information, and
therefore, it can also be used when the dependencies are not
fully known or when it is too laborious for a designer to
specify them explicitly. Dependent variables are detected on
the fly during the state space traversal; for every intermediate set of reached states, it is determined which variables are
dependent, and how they can be expressed as a function of
the independent variables. This function is then used to remove the corresponding state variable from the product machine; the set of reached states is only expressed over the
independent state variables.
The detection and removal of dependent state variables
can lead to significant improvements. The first and most
obvious advantage is that the removal of state variables
effectively reduces the size of the product machine. To
explain the corresponding advantages in terms of BDDs,
let’s consider the case that there exists a many-to-one
correspondence between the states of both FSMs; this is for
example the case after state minimization and recoding.
Then there exists a function F : S A ³ S B + (f 1,...,f nB)
which maps every state of M A to a corresponding state of
M B. Therefore, the state space of the product machine can be
written as:
Reach(M A) ƞ (v B,1 5 f 1(V A) ƞ ... ƞ v B,nB 5 f nB(V A)) .
This shows that all state variables of M B are functionally
dependent. By removing these variables, the BDD representation for the reachable state space of the product machine is
reduced to that of the single machine M A. This typically also
results in a representation which is less sensitive to the selected variable order. Especially with complex dependencies, it may be difficult to find a good variable order for the
entire reachable state space, because it may not be possible
to group related variables. Even when the dependencies are
a direct correspondence (i.e., they all have the form
v A,i 5 v B,j) and corresponding variables are grouped in the
variable order, the removal of these dependencies still reduces the size of the BDD representation for the reachable
state space by at least a factor two. Therefore, the removal of
dependent state variables leads to a smaller BDD representation which is less sensitive to the selected variable order.
This is also shown in [9], where an example is given of an
exponentially-sized problem which is reduced to an
O(n log n)-sized one by removing the dependent variables.
Another important advantage is that the functional dependencies may already provide enough information to conclude the equivalence of the FSMs under consideration
before the reachable state space has been completely calculated. When the non-reachable state space has not been used
as a don’t-care set while transforming M A into M B, the functional dependencies exactly provide the information that is
essential to prove the equivalence of both FSMs. In the next
section, this will be illustrated with an example.
Figure 1 shows the symbolic verification algorithm which
exploits dependent variables. To improve the clarity of the
algorithm, some well-known optimizations such as frontier
set simplification have not been included; the integration of
such techniques is however straightforward.
4. The verification method
In this section, we propose a new verification algorithm
which exploits dependent state variables. First the definition
of a dependent state variable is given.
Definition 1
A state variable v i is functionally dependent in a set R Ū B n
iff there exists a function f : B n–1 ³ B such that:
ô (s 1,...,s n) Ů R : s i 5 f(s 1,...,s i–1, s i+1,...,s n) .
In our verification algorithm, dependent variables are detected on the fly during the state space traversal. For every
set of reached states R, the state variables are partitioned
into a set of independent variables V now + {v now,1,...,v now,q}
and a set of dependent variables V dep +{v dep,1,...,v dep,n–q}.
With every dependent variable v dep,i, a function f i : B q ³ B
is associated which defines the variable as a function of the
independent variables. The dependent variables can be replaced by these functions without changing the behavior of
the product machine for the states in R. This results in a new
representation for the set of reached states R now, such that R
can be written as:
R now ƞ v dep,1 5 f 1(V now) ƞ ... ƞ v dep,n–q 5 f n–q(V now) .
Similarly, new next-state functions d now,i : B q ³ B and
d dep,j : B q ³ B are calculated for respectively every independent and dependent state variable.
Because the functional dependencies have only been
proven for the states in R, these dependencies do not necessarily remain valid in the next set of reached states R next.
With the following condition, the dependency of a variable
v dep,i can be proven for all states in R next before this set is
actually calculated:
ôs Ů R now, i Ů I : d dep,i(s, i) 5 f i(D now(s, i)) ,
where D now(s, i) + (d now,1(s, i),..., d now,q(s, i)). This condition is called the next-state condition of v dep,i . It is used to
partition the state variables into a set V next for which no dependency is known for R next and a set V \ V next for which the
known dependency remains valid. The dependencies are
represented by the triple (V now, V next, F) with V now Ū V next
and F + (f 1,...,f n–q). The current set of reached states is
expressed over the variables in V now and the next set of
reached states is expressed over the variables in V next. After
the image calculation, it is tested whether the variables in
V next \ V now are still functionally dependent, and if so, which
function expresses this dependency. This way, all dependencies can be detected automatically without fully expanding
the behavior of the product machine.
D 0 := init_deps(S 0) ; R 0 := S 0[D 0] ; i := 0 ;
do {
if (õ s Ů R i, i Ů I : L[D i](s, i) 5 0)
generate counter-example and stop;
i := i ) 1 ;
D i,pre := test_deps (D i–1, R i–1) ;
R i,pre := expand (R i–1, D i,pre) Ɵimage (D[D i,pre], R i–1) ;
D i := extend_deps (D i,pre, R i,pre) ;
R i := R i,pre[D i] ;
} while (R i–1 0 R i) ;
Fig. 1. Traversal algorithm exploiting dependencies
The notation f [D] denotes the application of the given
dependencies D on a boolean function f which is expressed
in terms of state variables and possibly also next-state variables. The functions init_deps and extend_deps initialize
and extend the dependencies; the techniques used will be
explained in the next section. The function test_deps calculates V next from the given set V now by checking the next-state
conditions of the dependent variables. The function expand
reintroduces the state variables for which the dependency is
invalidated, in the set of reached states. In an actual implementation, the next-state function and the output function
are not recalculated in every iteration, but only when the
functional dependencies have changed with respect to the
previous iteration.
When the dependent variables are replaced by their corresponding functions, it may happen that the verification
condition or some of the next-state conditions become
tautologies. When this happens for all conditions, the verification algorithm can stop: it has proven the invariance of
these conditions, and thus the equivalence of both FSMs.
This is illustrated with the example shown in fig. 2, where
we verify the equivalence of two counters. All registers are
initially zero. The verification of these FSMs requires
2 n ) 1 iterations with a basic symbolic algorithm, where n
is the bit width of the registers R 1 and R 4. The dependencies
in this example are:
R 1 + (R 3+R 4) mod 2 n ,
R 2 + (R 3+R 4) div 2 n .
The next-state condition for R 2 is:
(R 1+c) div 2 n 5 (c+(R 3+R 4) mod 2 n) div 2 n
à ((R 3+R 4) mod 2 n+c) div 2 n 5
(c+(R 3+R 4) mod 2 n) div 2 n
à true .
b carry
a
R2
R3
o1
c
REG
sum
+
REG
c
REG
REG
a
R1
R4
sum
+
b carry
o2
Fig. 2. An example of two counters
Similarly, it can be shown that the verification condition
o 1 5 o 2 and the next-state condition for R 1 become tautologies when the functional dependencies are filled in. Therefore, the equivalence of both counters is directly proven
with these dependencies. The required number of iterations
solely depends on the iteration in which the dependencies
are discovered.
5. Detecting functional dependencies
The problem of detecting functional dependencies in a given set of states can be divided into two sub-problems, namely determining the dependent state variables, and finding the
functions which express the dependencies. The following
theorem provides the theoretical means to solve both problems; it is a reformulation of a general theorem by Schröder
to solve a boolean equation in one unknown [10]. In this
theorem, R(V)| v and R(V)| v respectively denote the positive
and negative cofactor of the expression R(V) with respect to
a variable v.
Theorem 1
A state variable v i is functionally dependent in a function
R : B n ³ B iff:
R(V)| vi ƞ R(V)| vi 5 0 .
The set of solutions for the dependency : B n–1 ³ B of v i
is defined by:
R(V)| vi v (VȀ) v R(V)| vi Ɵ þR(V)| vi ,
where VȀ + (v 1,...,v i–1, v i+1,...,v n)
Theorem 1 shows how functionally dependent variables
can be detected and solved. Clearly, in general, the solution
is not unique. In our specific application, this freedom is
very important. It is not sufficient that the solution is valid in
the current set of reached states; one should try to select a
function which is also correct in all subsequent sets. Of
course, this is very difficult to achieve, because these sets
are not yet known. However, the available freedom can be
used to find a dependency with a small support and a small
representation, for example using the techniques described
in [12]. The rationale is that a simple dependency is more
likely to remain correct, and usually also has a relatively
simple next-state condition. In our current implementation,
we use a greedy algorithm to find a dependency with a small
support. We will now suggest two other practical heuristics
to address the problem of selecting the dependency.
A special case of practical importance is formed by equivalent variables. This type of dependency has the simple form
v i 5 v j or v i 5 v j , which guarantees that it can be used very
efficiently. Therefore, it is useful to first try to detect dependencies of this special type. This can simply be done by testing these conditions for all the variables in the support of
R(V)| vi and R(V)| vi. Sequential simulation of the product machine with random input vectors can be used before the verification is started to partition the state variables into sets of
potentially equivalent variables; if for some state reached
during simulation, two variables are assigned different values, it can directly be decided that these variables are not
equivalent. Similarly, it can be decided whether one variable
can be the complement of another variable. This reduces the
number of variables which have to be taken into account.
A more general technique is to test dependencies of the
form v 5 (VȀ), where (VȀ) is the function of an internal
point in one of the finite state machines. This may be useful
in case one of the finite state machines has been retimed
during synthesis. Also with this technique, simulation can
be used to determine which points have to be taken into account. If there are several points of which the function correctly expresses the dependency of a variable in the current
set of reached states, a function which results in a tautologous next-state condition is preferred.
6. Experimental results
This section reports the results of some preliminary experiments which have been performed with the proposed verification algorithm. The method has been implemented in C++
using the BDD package developed at Eindhoven University.
Image calculation is performed using a monolithic transition relation and an image cache; furthermore, frontier set
simplification is applied to every set of reached states (see
e.g. [3] for a description of these techniques). The sifting
algorithm [11] is used to dynamically control the BDD variable order. All tests have been performed on a 99 MHz
HP9000/735 workstation.
The verification method has been used to compare pairs
of equivalent sequential circuits from the IWLS’91 benchmark set. Furthermore, we have used the logic synthesis system SIS developed at the University of California, Berkeley,
to synthesize the circuits from this benchmark set. The circuits with the postfix ‘.dc’ have been optimized with respect
to the non-reachable state space. The circuits with the postfix ‘.ret’ have been mapped to the MCNC library and then
retimed. The larger circuits in the benchmark set could not
be synthesized successfully with SIS and have therefore
been excluded from the experiments.
Table 1 shows the experimental results of our method
which uses the ‘internal point’ heuristic and the general
method (theorem 1) to discover functional dependencies.
The first two columns show the circuits which are verified
and the corresponding number of state variables. The following columns list the run time, the maximum number of
BDD nodes during verification, and the number of iterations
of the verification algorithm without and with the detection
of functional dependencies. Furthermore, the number of
discovered dependencies is given.
All pairs of equivalent circuits from the IWLS’91 benchmark set have identical state encodings. Our method automatically detects and uses these correspondences; this
clearly reduces the required run time, the number of BDD
nodes, and the number of iterations. A similar observation
holds for the circuits which have been optimized with respect to the non-reachable state space. For the retimed circuits, the advantages of the proposed method are less
evident. Although sufficient dependent variables are found
in all circuits, the performance gain is limited. The main
reason is that in many intermediate sets of reached states,
dependencies between the variables of a single machine are
found, which are not valid in the entire reachable state space.
Circuit s838.1 cannot be verified within reasonable time because its state space is too deep.
In order to test if the performance of our verification
method can be improved by only selecting specific dependencies, we have repeated the experiments with a verification algorithm which only uses the ‘internal point’ heuristic
of section 5 to detect the functional dependencies; note that
this heuristic is also guaranteed to detect equivalent state
variables. Table 2 lists the circuits for which this leads to
significantly better results. When the number of iterations is
zero, the equivalence of both FSMs is proven before the first
image calculation.
7. Conclusions
In this paper, we presented a new method for FSM verification which automatically exploits the relation between the
state encodings of the FSMs under consideration. The method is based on the detection and removal of dependent state
variables from the product machine while the state space is
traversed. This reduces the size of the product machine and
results in a smaller BDD representation for the reachable
state space, which is also less sensitive to the selected variable order. Furthermore, it can reduce the number of iterations required for the state space traversal. This is also
confirmed by the experimental results, which clearly show
that the concept of dependent variables is of practical use.
There are several aspects which require further research.
The heuristics to select the functional dependencies can be
further improved. The recalculation of BDDs for the nextstate and output functions can also be implemented more
efficiently. A more challenging problem is the integration of
the proposed verification method with the decomposition
method from [4]. This may enable the verification of large
FSMs which have been automatically synthesized, including sequential transformations such as retiming.
Acknowledgements
We would like to thank Geert Janssen and Michel Berkelaar
for proofreading this manuscript.
References
[1] J. Bormann, et al., “CVE: An Industrial Formal Verification
Environment,” Siemens internal report, 1994.
[2] R.E. Bryant, “Graph-Based Algorithms for Boolean Function Manipulation,” IEEE Transactions on Computers, vol.
C-35 no. 8, pp. 677–691, August 1986.
[3] J.R. Burch, et al., “Symbolic Model Checking for Sequential
Circuit Verification,” IEEE Transactions on ComputerAided Design of Integrated Circuits and Systems, vol. 13 no.
4, pp. 401–424, April 1994.
[4] G. Cabodi, et al., “A New Model for Improving Symbolic
Product Machine Traversal,” Proc. 29th ACM/IEEE Design
Automation Conf., pp. 614–619, 1992.
[5] H. Cho, et al., “A Structural Approach to State Space Decomposition for Approximate Reachability Analysis,” Proc. Int.
Conf. on Computer Design, pp. 236–239, 1994.
[6] O. Coudert, C. Berthet, and J.C. Madre, “Verification of Synchronous Sequential Machines based on Symbolic Execution,” Proc. Workshop on Automatic Verification Methods for
Finite State Machines, pp. 365–373, LNCS vol. 407, 1989.
[7] O. Coudert, personal communication, March 1995.
[8] T. Filkorn, “Symbolische Methoden für die Verifikation endlicher Zustandssysteme,” Dissertation Institut für Informatik
der Technischen Universität München, 1992.
[9] A.J. Hu, and D.L. Dill, “Reducing BDD Size by Exploiting
Functional Dependencies,” Proc. 30th ACM/IEEE Design
Automation Conf., pp. 266–271, 1993.
[10] S. Rudeanu, “Boolean Functions and Equations,” NorthHolland Publishing, Amsterdam, 1974.
[11] R. Rudell, “Dynamic Variable Ordering for Ordered Binary
Decision Diagrams,” Proc. IEEE/ACM Int. Conf. on Computer-Aided Design, pp. 42–47, 1993.
[12] T.R. Shiple, et al., “Heuristic Minimization of BDDs using
Don’t Cares,” Proc. 31st ACM/IEEE Design Automation
Conf., pp. 225–231, 1994.
[13] H.J. Touati, et al., “Implicit State Enumeration of Finite State
Machines using BDD’s,” Proc. IEEE Int. Conf. on Computer-Aided Design, pp. 130–133, 1990.
Table 1. Experimental results for the general algorithm
circuits
#vars
s344 – s349
s382 – s400
s526 – s526n
s641 – s713
s820 – s832
s1196 – s1238
s1488 – s1494
s27 – s27.dc
s208.1 – s208.1.dc
s298 – s298.dc
s344 – s349.dc
s382 – s400.dc
s386 – s386.dc
s420.1 – s420.1.dc
s444 – s444.dc
s510 – s510.dc
s526 – s526n.dc
s641 – s713.dc
s820 – s832.dc
s1196 – s1238.dc
s1488 – s1494.dc
s208.1 – s208.1.ret
s298 – s298.ret
s420.1 – s420.1.ret
s510 – s510.ret
s526 – s526.ret
s838.1 – s838.1.ret
s1488 – s1488.ret
15+15
21+21
21+21
19+19
5+5
18+18
6+6
3+3
8+8
14+14
15+15
21+21
6+6
16+16
21+21
6+6
21+21
19+14
5+5
18+18
6+6
8+10
14+31
16+26
6+18
21+47
32+52
6+11
without dependencies
time (s) max. nodes
#it.
time (s)
6.6
9840
7
2.7
14.0
18122
151
2.8
36.1
18491
151
4.3
59.0
41953
7
8.3
0.3
4097
11
0.5
43.2
28171
3
12.8
1.4
4770
22
1.0
0.1
394
3
0.1
0.5
4097
256
0.3
14.6
67000
19
2.1
7.1
9784
7
4.0
13.6
18291
151
18.3
0.2
2809
8
0.2
90.5
17961
65536
1.7
39.0
19263
151
10.9
1.0
4436
47
0.3
46.5
35603
151
18.9
8.2
8397
7
4.1
0.3
4097
11
0.5
51.0
28520
3
12.7
1.3
4803
22
1.1
0.5
4097
256
0.7
29.6
35154
20
15.7
598.4
12955
65536
94.8
3.2
10721
48
42.7
178.2
81797
152 115.8
–––
–––
–––
–––
1.6
6072
22
3.3
with dependencies
max. nodes
#it.
6039
4
5909
46
5300
42
11633
4
4097
4
19091
2
4097
5
290
3
1530
19
5015
19
7242
7
16692
151
2897
8
4097
27
9677
151
3187
9
15828
151
6048
4
4097
11
19415
2
4097
22
4097
256
18790
20
17249
65536
36954
48
69353
152
–––
–––
5230
7
#deps
15
21
22
24
5
18
6
3
8
16
15
23
6
16
22
6
23
19
5
18
6
8
25
25
8
39
–––
6
Table 2. Experimental results when only the ‘internal point’ heuristic is used
circuits
#vars
s344 – s349
s641 – s713
s1196 – s1238
s344 – s349.dc
s382 – s400.dc
s444 – s444.dc
s510 – s510.dc
s526 – s526n.dc
s641 – s713.dc
s1196 – s1238.dc
s510 – s510.ret
s526 – s526.ret
s1488 – s1488.ret
15+15
19+19
18+18
15+15
21+21
21+21
6+6
21+21
19+14
18+18
6+18
21+47
6+11
without dependencies
time (s) max. nodes
#it.
6.6
9840
7
59.0
41953
7
43.2
28171
3
7.1
9784
7
13.6
18291
151
39.0
19263
151
1.0
4436
47
46.5
35603
151
8.2
8397
7
51.0
28520
3
3.2
10721
48
178.2
81797
152
1.6
6072
22
time (s)
0.2
2.8
1.2
1.3
6.9
5.6
0.1
13.1
1.0
1.2
0.4
4.8
0.7
with dependencies
max. nodes
#it.
1925
0
5181
0
5099
0
6230
7
9021
151
6282
151
1709
0
8900
151
5801
0
5104
0
4097
0
5166
42
4097
5
#deps
15
24
18
15
21
21
6
21
19
18
6
21
6
