lecture 4 checking properties in nusmv
play

Lecture 4: Checking properties in NuSMV B. Srivathsan Chennai - PowerPoint PPT Presentation

Aug 20, 2023 •194 likes •1.11k views

Lecture 4: Checking properties in NuSMV B. Srivathsan Chennai Mathematical Institute Model Checking and Systems Verification January - April 2016 1 / 43 Outline Module 1: Synchronous Vs Asynchronous composition Module 2: More examples

  1. Lecture 4: Checking properties in NuSMV B. Srivathsan Chennai Mathematical Institute Model Checking and Systems Verification January - April 2016 1 / 43

  2. Outline ◮ Module 1: Synchronous Vs Asynchronous composition ◮ Module 2: More examples of NuSMV models and properties ◮ Module 3: A problem in concurrency ◮ Module 4: What is a property? 2 / 43

  3. Module 1: Synchronous Vs Asynchronous composition 3 / 43

  4. Acknowledgements: Content in this part of module taken from lecture slides of Prof. Supratik Chakraborty, IIT Bombay 4 / 43

  5. L 1 L 1 L 2 .red L 2 L 2 L 1 .red 5 / 43

  6. L 1 L 1 L 2 .red L 2 L 2 L 1 .red If a light is red , it can stay red for an arbitrary period If it goes yellow , it should become green within one cycle If it is green , it can stay green for an arbitrary period 5 / 43

  7. MODULE light(other) VAR state: {r,y,g}; ASSIGN init(state) := r; next(state) := case state=r & other=r : {r, y}; state=y : g; state=g : {g, r}; TRUE : state; esac; MODULE main VAR tl1: light(tl2.state); tl2: light(tl1.state); 6 / 43

  8. Synchronous composition MODULE light(other) VAR state: {r,y,g}; ASSIGN init(state) := r; next(state) := case state=r & other=r : {r, y}; state=y : g; state=g : {g, r}; TRUE : state; esac; MODULE main VAR tl1: light(tl2.state); tl2: light(tl1.state); 6 / 43

  9. Synchronous composition 7 / 43

  10. Synchronous composition Both lights can simultaneously become green ! 7 / 43

  11. Asynchronous composition MODULE light(other) VAR state: {r,y,g}; ASSIGN init(state) := r; next(state) := case state=r & other=r : {r, y}; state=y : g; state=g : {g, r}; TRUE : state; esac; MODULE main VAR tl1: process light(tl2.state); tl2: process light(tl1.state); 8 / 43

  12. Asynchronous composition ... 9 / 43

  13. Asynchronous composition ... Only one light can become green at a time 9 / 43

  14. ◮ Synchronous: ◮ all assignments to all modules made simultaneously ◮ suitable when all modules are synchronized to a global clock ◮ Asynchronous: ◮ execution of modules is interleaved ◮ at a time, only one module executes ◮ choice of next module to be executed is non-deterministic ◮ suitable when no assumptions can be made about communication delay between modules 10 / 43

  15. Synchronous vs. Asynchronous systems 11 / 43

  16. Module 2: More examples 12 / 43

  17. ... P 1 P 2 P n S HARED R ESOURCE (variable, printer, ... ) Mutual Exclusion: No two processes can access the resource simultaneously 13 / 43

  18. P 1 P 2 loop forever loop forever . . . . *non-critical actions* *non-critical actions* . . request request critical section critical section release release . . . . *non-critical actions* *non-critical actions* . . end loop end loop 14 / 43

  19. P 1 P 2 loop forever loop forever . . . . *non-critical actions* *non-critical actions* . . request request critical section critical section release release . . . . *non-critical actions* *non-critical actions* . . end loop end loop PG 1 PG 2 noncrit 1 noncrit 2 wait 1 wait 2 crit 1 crit 2 14 / 43

  20. P 1 P 2 loop forever loop forever . . . . *non-critical actions* *non-critical actions* . . 〈 if y>0 : y:=y-1 〉 〈 if y>0 : y:=y-1 〉 *request* *request* critical section critical section y:=y+1 y:=y+1 *release* *release* . . . . *non-critical actions* *non-critical actions* . . end loop end loop PG 1 PG 2 noncrit 1 noncrit 2 y:= y+1 wait 1 y:= y+1 wait 2 y>0:y:=y-1 y>0:y:=y-1 crit 1 crit 2 14 / 43

  21. P 1 P 2 loop forever loop forever . . . . *non-critical actions* *non-critical actions* . . 〈 if y>0 : y:=y-1 〉 〈 if y>0 : y:=y-1 〉 *request* *request* critical section critical section y:=y+1 y:=y+1 *release* *release* . . . . *non-critical actions* *non-critical actions* . . end loop end loop PG 1 PG 2 noncrit 1 noncrit 2 atomic y:= y+1 wait 1 y:= y+1 wait 2 y>0:y:=y-1 y>0:y:=y-1 crit 1 crit 2 14 / 43

  22. P 1 P 2 loop forever loop forever . . . . *non-critical actions* *non-critical actions* . . 〈 if y>0 : y:=y-1 〉 〈 if y>0 : y:=y-1 〉 *request* *request* critical section critical section y:=y+1 y:=y+1 *release* *release* . . . . *non-critical actions* *non-critical actions* . . end loop end loop PG 1 PG 2 noncrit 1 noncrit 2 atomic y:= y+1 wait 1 y:= y+1 wait 2 y>0:y:=y-1 y>0:y:=y-1 crit 1 crit 2 NuSMV demo: mutex-demo.smv 14 / 43

  23. Coming next: A slight modification of previous mutual exclusion protocol 15 / 43

  24. non-crit wait PG 1 y:=y+1 y>0:y:=y-1 exiting crit non-crit wait PG 2 y:=y+1 y>0:y:=y-1 exiting crit 16 / 43

  25. non-crit wait PG 1 y:=y+1 y>0:y:=y-1 exiting crit non-crit wait PG 2 y:=y+1 y>0:y:=y-1 exiting crit NuSMV demo: mutex-demo1.smv 16 / 43

  26. Synchronous vs. Mutual Exclusion Asynchronous systems 17 / 43

  27. while x < 200 while x>0 while x=200 x := x+1 x := x-1 x := 0 m 1 n 1 l 1 x := x+1 x < 200 x:=x-1 x > 0 x:=0 x = 200 m 2 n 2 l 2 18 / 43

  28. while x < 200 while x>0 while x=200 x := x+1 x := x-1 x := 0 m 1 n 1 l 1 x := x+1 x < 200 x:=x-1 x > 0 x:=0 x = 200 m 2 n 2 l 2 NuSMV demo : three-program-demo.smv 18 / 43

  29. Synchronous vs. Mutual Exclusion Asynchronous systems Concurrent programs example 19 / 43

  30. Module 3: A problem in concurrency 20 / 43

  31. processes P 0 ... P 3 : P 0 S 3 S 0 S 0 ... S 3 : resources P 3 P 1 S 2 S 1 P 2 21 / 43

  32. processes P 0 ... P 3 : P 0 S 3 S 0 S 0 ... S 3 : resources P 3 P 1 Process P i can execute only if it has access to resources S 2 S 1 S ( i − 1 ) and S i P 2 21 / 43

  33. processes P 0 ... P 3 : P 0 S 3 S 0 S 0 ... S 3 : resources P 3 P 1 Process P i can execute only if it has access to resources S 2 S 1 S ( i − 1 ) mod 4 and S i mod 4 P 2 21 / 43

  34. processes P 0 ... P 3 : P 0 S 3 S 0 S 0 ... S 3 : resources P 3 P 1 Process P i can execute only if it has access to resources S 2 S 1 S ( i − 1 ) mod 4 and S i mod 4 P 2 How should the processes be scheduled so that every process can execute infinitely often ? 21 / 43

  35. Dining philosophers problem (Dijkstra) P 0 ... P 3 : philosophers P 0 S 3 S 0 S 0 ... S 3 : chop-sticks P 3 P 1 Philosopher P i can eat only if he has access to chop-sticks S 2 S 1 S ( i − 1 ) mod 4 and S i mod 4 P 2 22 / 43

  36. Dining philosophers problem (Dijkstra) P 0 ... P 3 : philosophers P 0 S 3 S 0 S 0 ... S 3 : chop-sticks P 3 P 1 Philosopher P i can eat only if he has access to chop-sticks S 2 S 1 S ( i − 1 ) mod 4 and S i mod 4 P 2 What should the protocol be so that every philosopher can eat infinitely often ? 22 / 43

  37. Coming next: A protocol for the dining philosophers 23 / 43

  38. Philosopher i think req_left req_right sticks[i]=free sticks[i-1]=free sticks[i]:=i sticks[i-1]:=i have_left have_right sticks[i-1]=free sticks[i]=free sticks[i-1]:=i sticks[i]:=i eat return sticks[i]=free sticks[i-1]=free 24 / 43

  39. Philosopher i think req_left req_right sticks[i]=free sticks[i-1]=free sticks[i]:=i sticks[i-1]:=i have_left have_right sticks[i-1]=free sticks[i]=free sticks[i-1]:=i sticks[i]:=i eat return sticks[i]=free sticks[i-1]=free NuSMV demo 24 / 43

  40. A deadlock Sticks 〈 think, think, think, think 〉 0 1 2 3 〈 have_left, have_left, have_left, have_left 〉 25 / 43

  41. Question: What properties should be checked to detect deadlocks ? 26 / 43

  42. Question: What properties should be checked to detect deadlocks ? ◮ Next module: Attach a mathematical meaning to properties 26 / 43

  43. Question: What properties should be checked to detect deadlocks ? ◮ Next module: Attach a mathematical meaning to properties ◮ Next lecture: Classification of properties into various types 26 / 43

  44. Question: What properties should be checked to detect deadlocks ? ◮ Next module: Attach a mathematical meaning to properties ◮ Next lecture: Classification of properties into various types ◮ Next lecture: Answer to the above question 26 / 43

  45. Module 4: What is a “property”? 27 / 43

  46. Goal: Attach a mathematical meaning to “property” 28 / 43

  47. MODULE main request=1 request=1 VAR ready busy request: boolean; status: {ready, busy} ASSIGN init(status) := ready; next(status) := case request=0 request=0 request : busy; ready busy TRUE : {ready,busy}; esac; 29 / 43

  48. MODULE main request=1 request=1 VAR ready busy request: boolean; status: {ready, busy} ASSIGN init(status) := ready; next(status) := case request=0 request=0 request : busy; ready busy TRUE : {ready,busy}; esac; p 1 : (request=1) p 2 : (status=busy) 29 / 43

  49. MODULE main request=1 request=1 VAR ready busy request: boolean; status: {ready, busy} ASSIGN init(status) := ready; next(status) := case request=0 request=0 request : busy; ready busy TRUE : {ready,busy}; esac; Atomic propositions p 1 : (request=1) p 2 : (status=busy) 29 / 43

  50. { p 1 } MODULE main request=1 request=1 VAR ready busy request: boolean; status: {ready, busy} ASSIGN init(status) := ready; next(status) := case request=0 request=0 request : busy; ready busy TRUE : {ready,busy}; esac; Atomic propositions p 1 : (request=1) p 2 : (status=busy) 29 / 43

Recommend

Automated Reasoning Lecture 3: Tie NuSMV Model Checler Jacques Fleuriot jdf@inf.ed.ac.uk Recap

Automated Reasoning Lecture 3: Tie NuSMV Model Checler Jacques Fleuriot jdf@inf.ed.ac.uk Recap

Automated Reasoning Lecture 3: Tie NuSMV Model Checler Jacques Fleuriot jdf@inf.ed.ac.uk Recap Previously: Model Checking Introduction Linear Temporal Logic Tiis time: An implementation of LTL Model Checking NuSMV NuSMV

442 views • 23 slides
Hoare Logic and Model Checking Model Checking See NuSMV homepage to download: http://nusmv.fbk.eu/

Hoare Logic and Model Checking Model Checking See NuSMV homepage to download: http://nusmv.fbk.eu/

Hoare Logic and Model Checking Model Checking See NuSMV homepage to download: http://nusmv.fbk.eu/ Was popular in semiconductor industry via Cadence SMV Could handle large models A re-implementation of the SMV model checker: Good

110 views • 10 slides
Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking

Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking

Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking ELEC-E8110 Automation Systems Synthesis and Analysis Igor Buzhinsky igor.buzhinskii@aalto.fi 2018 Igor Buzhinsky Lecture 5 2018 1 / 28 Symbolic

833 views • 61 slides
Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL Other interesting books: Model Checking by Clarke, Grumberg, and Peled Principles of Model Checking by Baier and Katoen 3 Course

636 views • 11 slides
NuSMV and Symbolic Model Checking A. Cimatti, M. Pistore, and M. Roveri NuSMV Project Sep 1,

NuSMV and Symbolic Model Checking A. Cimatti, M. Pistore, and M. Roveri NuSMV Project Sep 1,

NuSMV and Symbolic Model Checking A. Cimatti, M. Pistore, and M. Roveri NuSMV and Symbolic Model Checking A. Cimatti, M. Pistore, and M. Roveri NuSMV Project Sep 1, 2002 Trento (Italy) NuSMV Project, Sep 1, 2002, Trento (Italy) 1

1.24k views • 105 slides
Verifying Timed Reachability Properties Lecture #17 of Advanced Model Checking Joost-Pieter

Verifying Timed Reachability Properties Lecture #17 of Advanced Model Checking Joost-Pieter

Verifying Timed Reachability Properties Lecture #17 of Advanced Model Checking Joost-Pieter Katoen Lehrstuhl 2: Software Modeling &amp; Verification E-mail: katoen@cs.rwth-aachen.de June 30, 2014 c JPK Advanced model checking Timelock,

720 views • 31 slides
Checking Graph Properties with GP Chris Poskitt (cmp501@cs.york.ac.uk) The University of York

Checking Graph Properties with GP Chris Poskitt (cmp501@cs.york.ac.uk) The University of York

Checking Graph Properties with GP Checking Graph Properties with GP Chris Poskitt (cmp501@cs.york.ac.uk) The University of York PLASMA Seminar: 5th March 2009 Checking Graph Properties with GP Motivation Todays Talk 1. Motivation 2. GP

874 views • 52 slides
Liveness Checking as Safety Checking to Find Shortest Counterexamples to Linear Time Properties

Liveness Checking as Safety Checking to Find Shortest Counterexamples to Linear Time Properties

Liveness Checking as Safety Checking to Find Shortest Counterexamples to Linear Time Properties Viktor Schuppan Computer Systems Institute, ETH Z urich http://www.inf.ethz.ch/schuppan/ Defense Thesis ETH 16268 September 28, 2005, Z

382 views • 19 slides
Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree Logic Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge

402 views • 25 slides
Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole Model Checking C Model checking: normally applied to formal state transition systems checks safety and

439 views • 17 slides
Unit-11: Binary Decision Diagrams (BDDs) B. Srivathsan Chennai Mathematical Institute

Unit-11: Binary Decision Diagrams (BDDs) B. Srivathsan Chennai Mathematical Institute

Unit-11: Binary Decision Diagrams (BDDs) B. Srivathsan Chennai Mathematical Institute NPTEL-course July - November 2015 1 / 24 Module 1: Introduction to BDDs 2 / 24 Model-checking Transition Systems + Properties + NuSMV State-space Bchi

835 views • 81 slides
Efficient Model Checking of Safety Properties Timo Latvala timo.latvala@hut.fi Laboratory for

Efficient Model Checking of Safety Properties Timo Latvala timo.latvala@hut.fi Laboratory for

Efficient Model Checking of Safety Properties Timo Latvala timo.latvala@hut.fi Laboratory for Theoretical Computer Science Helsinki University of Technology Finland Spin 2003 p.1/16 Introduction Safety properties properties

669 views • 44 slides
Type Checking General properties of type systems Types in programming languages

Type Checking General properties of type systems Types in programming languages

Outline Type Checking General properties of type systems Types in programming languages Notation for type rules Logical rules of inference Common type rules 2 Static Checking Static Checking (Cont.) Refers to

896 views • 10 slides
Lecture 3: Model-checker NuSMV B. Srivathsan Chennai Mathematical Institute NPTEL-course July -

Lecture 3: Model-checker NuSMV B. Srivathsan Chennai Mathematical Institute NPTEL-course July -

Lecture 3: Model-checker NuSMV B. Srivathsan Chennai Mathematical Institute NPTEL-course July - November 2015 1 / 31 Model-checker Specify the model of the system Specify the requirements Model-checker will automatically check if system

1.72k views • 112 slides
Checking Extended CTL Properties Using Guarded Quotient Structure Xiaodong Wang advised by:

Checking Extended CTL Properties Using Guarded Quotient Structure Xiaodong Wang advised by:

Checking Extended CTL Properties Using Guarded Quotient Structure Xiaodong Wang advised by: Professor Sistla Outline Part I: Symmetry based method Part II: CCTL logic Part III: Input language Part IV: Model checking algorithm

630 views • 60 slides
Scalable Verification of Design with Multiple Properties Rohit Dureja Iowa State University

Scalable Verification of Design with Multiple Properties Rohit Dureja Iowa State University

Scalable Verification of Design with Multiple Properties Rohit Dureja Iowa State University October 23, 2019 Model Checking 2 Model Checking Usually multiple properties to be verified 3 Model Checking Report 4 Model Checking Report

446 views • 9 slides
Hoare Logic and Model Checking Model Checking Lecture 7: Introduction and background Dominic

Hoare Logic and Model Checking Model Checking Lecture 7: Introduction and background Dominic

Hoare Logic and Model Checking Model Checking Lecture 7: Introduction and background Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group, University of Cambridge Academic year

972 views • 41 slides
Hoare Logic and Model Checking Model Checking Lecture 10: Computation Tree Logic (CTL) Dominic

Hoare Logic and Model Checking Model Checking Lecture 10: Computation Tree Logic (CTL) Dominic

Hoare Logic and Model Checking Model Checking Lecture 10: Computation Tree Logic (CTL) Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge Academic year

1.15k views • 48 slides
Outline Lecture 1, part 1 Motivation Model Checking Lecture 1, part 2

Outline Lecture 1, part 1 Motivation Model Checking Lecture 1, part 2

Outline Lecture 1, part 1 Motivation Model Checking Lecture 1, part 2 State/Event-based software model checking Lecture 2 Component Substitutability Substitutability Check Assembly A P ? Component C Component C

751 views • 19 slides
Database Management Objectives of Lecture 6 Systems Properties of Transactions Properties of

Database Management Objectives of Lecture 6 Systems Properties of Transactions Properties of

Lecture 6 Database Management Objectives of Lecture 6 Systems Properties of Transactions Properties of Transactions Introduce some important notions related to Winter 2004 DBMSs such as transactions, scheduling, CMPUT 391: Properties of

230 views • 9 slides
On the Decidability of Model-Checking Information Flow Properties Raghavendra K. R. Joint Work:

On the Decidability of Model-Checking Information Flow Properties Raghavendra K. R. Joint Work:

Introduction Noninteference BSPs Results Conclusion On the Decidability of Model-Checking Information Flow Properties Raghavendra K. R. Joint Work: Deepak DSouza, Janardhan Kulkarni, Barbara Sprick, Raveendra Holla Indian Institute of

717 views • 26 slides
Type checking liveness properties of mobile processes Maxime Gamboni 1 Instituto de

Type checking liveness properties of mobile processes Maxime Gamboni 1 Instituto de

Type checking liveness properties of mobile processes Maxime Gamboni 1 Instituto de Telecomunica c oes, Instituto Superior T ecnico October 30, 2008 1 Joint work with Ant onio Ravara Motivation TyPiCal Receptiveness,

983 views • 59 slides
Efficient Probabilistic Model Checking of Systems with Ranged Probabilities Khalil Ghorbal 1 , 2

Efficient Probabilistic Model Checking of Systems with Ranged Probabilities Khalil Ghorbal 1 , 2

Introduction Bounded Properties Unbounded Properties Experiments Efficient Probabilistic Model Checking of Systems with Ranged Probabilities Khalil Ghorbal 1 , 2 Parasara Sridhar Duggirala 1 , 3 c 1 Vineet Kahlon 1 Aarti Gupta 1 Franjo Ivan

400 views • 28 slides
Model Checking Lots of Systems Efficient Verification of Temporal Properties in Software Product

Model Checking Lots of Systems Efficient Verification of Temporal Properties in Software Product

Model Checking Lots of Systems Efficient Verification of Temporal Properties in Software Product Lines Andreas Classen, Patrick Heymans, Pierre-Yves Schobbens, Axel Legay, Jean-Franois Raskin (2010) Presented by Laura Walsh 1 Overview 1.

401 views • 28 slides

More recommend