Model Checking Finite State Finite State Model Checking Finite - PDF document

Model Checking Finite State

Finite State Model Checking Finite State Systems Informationsteknologi System Description A No! Debugging Information TOOL TOOL Yes, Requirement F Prototypes C T L Executable Code Test sequences Tools: visualSTATE, SPI N , Statemate, Verilog, Formalcheck,... UC UCb

From Programs to Net wor ks Net wor ks Informationsteknologi P1 :: while True do P1 :: while True do T1 : wait( turn=1 ) T1 : wait( turn=1 ) C1 : turn:=0 C1 : turn:=0 endwhile endwhile || || P2 :: while True do P2 :: while True do T2 : wait( turn=0 ) T2 : wait( turn=0 ) C2 : turn:=1 C2 : turn:=1 endwhile endwhile Mutual Exclusion Program UC UCb

From Net wor k Net wor k Models to Kripke Structures Informationsteknologi I 1 I 2 I 1 I 2 t= 0 t= 1 I 1 T2 T1 I 2 T1 I 2 t= 1 I 1 T2 t= 0 t= 1 t= 0 T1 T2 I 1 C2 C1 I 2 T1 T2 t= 0 t= 0 t= 1 t= 1 T1 C2 C1 T2 t= 0 t= 1 UC UCb

Kripke Structures CTL Models = UCb UC Informationsteknologi

Com putation Tree Logic, CTL Clarke & Em erson 1 9 8 0 UCb Syntax UC Informationsteknologi

The set of path starting in s s 3 ... p p p s 2 s 1 Path UCb s UC Informationsteknologi

) ( Form al Sem antics UCb UC Informationsteknologi

inevitable possible . . . p . . . p AF p . . . p . . . CTL, Derived Operators . . . p . . . EF p . . . . . . UCb UC Informationsteknologi

potentially always always . . . p p . . . EG p p . . . . . . CTL, Derived Operators . . . p p . . . p AG p p . . . p p . . . p UCb UC Informationsteknologi

Theorem Informationsteknologi All operators are derivable from All operators are derivable from • EX f • EX f • EG f • EG f • E[ f U g ] • E[ f U g ] and boolean connectives and boolean connectives [ ] [ ] ( ) ≡ ¬ ¬ ¬ ∧ ¬ ∧ ¬ ¬ A U E U EG f g g f g g UC UCb

p EX p 4 p,q 2 q 3 p Exam ple 1 UCb UC Informationsteknologi

p 4 AX p p,q 2 q 3 p Exam ple 1 UCb UC Informationsteknologi

Properties of MUTEX exam ple ? ¬ ∧ AG (C C ) 1 2 HOW to DECI DE ⇒ AG[ T AF(C )] 1 1 Informationsteknologi I N GENERAL [ ] ¬ EG C 1 [ [ [ ] ] ] ( ) ⇒ ¬ ∧ ¬ AG C A C U C A C U C 1 1 1 1 2 I 1 I 2 I 1 I 2 t= 0 t= 1 I 1 T2 T1 I 2 T1 I 2 t= 1 I 1 T2 t= 0 t= 1 t= 0 T1 T2 I 1 C2 C1 I 2 T1 T2 t= 0 t= 0 t= 1 t= 1 T1 C2 C1 T2 UCb UC t= 0 t= 1

Algorithm s CTL Model Checking

Fixpoint Characterizations Informationsteknologi ≡ ∨ EF EX EF p p p or let A be the set of states satisfying EF p then ≡ ∨ A EX A p in fact A is the smallest such set (the least fixpoint) UCb UC

A A EX EF q p 4 ∨ q p,q 2 q 3 p Exam ple 1 UCb UC Informationsteknologi

Fixed points of m onotonic functions � Let τ be a function 2 S → 2 S � Say τ is monotonic when Informationsteknologi ⊆ τ ⊆ τ implies ( ) ( ) x y x y � Fixed point of τ is y such that τ y = ( ) y � If τ monotonic, then it has − least fixed point μ y . τ ( y ) − greatest fixed point ν y . τ ( y ) UC UCb

I teratively com puting fixed points � Suppose S is finite − The least fixed point μ y . τ ( y ) is the limit of Informationsteknologi ⊆ τ ⊆ τ τ ⊆ L false (false) ( (false)) − The greatest fixed point ν y . τ ( y ) is the limit of ⊇ τ ⊇ τ τ ⊇ L true (true) ( (true)) Note, since S is finite, convergence is finite UCb UC

Exam ple: EF p Informationsteknologi � EF p is characterized by = μ ∨ . ( ) EF p y p EX y � Thus, it is the limit of the increasing series... p ∨ p ∨ EX p p . . . EX ( p ∨ EX p ) UC UCb

Exam ple: EG p � EG p is characterized by = ν ∧ . ( ) EG p y p EX y Informationsteknologi � Thus, it is the limit of the decreasing series... p ∧ p ∧ EX p ... p EX ( p ∧ EX p ) UC UCb

) y EX ∨ q ( EF q . y = μ } } 3 3 p } , , 4 3 2 2 , , , 1 2 q Ø 1 { { { = = = EF = 0 2 3 1 A A A A Exam ple, continued p,q 2 3 q p 1 UCb UC Informationsteknologi

Rem aining operators Informationsteknologi = μ ∨ AF p y . ( p AX y ) = ν ∧ . ( ) AG p y p AX y = μ ∨ ∧ ( ) . ( ( )) E p U q y q p EX y = μ ∨ ∧ ( ) . ( ( )) A p U q y q p AX y UC UCb

Properties of MUTEX exam ple ? ⇒ Informationsteknologi AG[ T AF(C )] 1 1 AF(C )] 1 I 1 I 2 I 1 I 2 t= 0 t= 1 I 1 T2 T1 I 2 T1 I 2 t= 1 I 1 T2 t= 0 t= 1 t= 0 T1 T2 I 1 C2 C1 I 2 T1 T2 t= 0 t= 0 t= 1 t= 1 T1 C2 C1 T2 UC UCb t= 0 t= 1

UCb UC Informationsteknologi

UCb UC Informationsteknologi

)) φ ( Sat ∩ } Q ∈ ' s ⇒ R ∈ ) ' s , s '.( s ∀ | s ({ UCb UC Informationsteknologi

p SCC More Efficient Check SCC SCC EG p UCb UC Informationsteknologi

q EG p q p,q p p Exam ple p UCb UC Informationsteknologi

Reduced Model EG p p,q p p Exam ple p UCb UC Informationsteknologi

Component Non trivial Connected Strongly EG p p p p Exam ple p UCb UC Informationsteknologi

Properties of MUTEX exam ple ? [ ] Informationsteknologi EG ¬ C 1 I 1 I 2 I 1 I 2 t= 0 t= 1 I 1 T2 T1 I 2 T1 I 2 t= 1 I 1 T2 t= 0 t= 1 t= 0 T1 T2 I 1 C2 C1 I 2 T1 T2 t= 0 t= 0 t= 1 t= 1 T1 C2 C1 T2 t= 0 t= 1 UC UCb

Properties of MUTEX exam ple ? [ ] Informationsteknologi EG ¬ C 1 I 1 I 2 I 1 I 2 t= 0 t= 1 I 1 T2 T1 I 2 T1 I 2 t= 1 I 1 T2 t= 0 t= 1 t= 0 T1 T2 I 1 C2 T1 T2 t= 0 t= 0 t= 1 Reduced Model T1 C2 which are the non-trivial SCC’s? t= 0 UC UCb

Com plexity Informationsteknologi However S sys may be EXPONENTI AL in However S sys may be EXPONENTI AL in number of parallel components! number of parallel components! -- -- FI XPOI NT COMPUTATI ONS may be carried FI XPOI NT COMPUTATI ONS may be carried out using out using ROBDD’s ROBDD’s (Reduced Ordered Binary Decision Diagrams) (Reduced Ordered Binary Decision Diagrams) Bryant, 86 Bryant, 86 UC UCb