model checking infinite state systems in sal
play

Model Checking Infinite-state Systems in SAL Bruno Dutertre, SRI - PowerPoint PPT Presentation

Nov 03, 2022 •361 likes •470 views

Computer Science Laboratory, SRI International Model Checking Infinite-state Systems in SAL Bruno Dutertre, SRI International Automated Formal Methods FLoC Workshop Seattle, August 21st 2006. Computer Science Laboratory, SRI International

  1. Computer Science Laboratory, SRI International Model Checking Infinite-state Systems in SAL Bruno Dutertre, SRI International Automated Formal Methods FLoC Workshop Seattle, August 21st 2006.

  2. Computer Science Laboratory, SRI International Outline The DRT Example Counter-based Model ◦ SAL model ◦ Property specification ◦ Verification Timeout Automata Model ◦ Definition ◦ Application to DRT References 1

  3. Computer Science Laboratory, SRI International DRT Simplified Delayed Trip Reactor (inspired by Lawford and Zhang, Equivalence Verification of Timed Transition Systems , ACSD 2004) Power = low Wait 2 s Power = high Power = high a c e Pressure = high open Relay Wait 3 s close Relay if Power = low Safety Property: if power and pressure at high at time t , and power is still high at t + 30 then the relay must be open for at least 20 time units, starting at some time in [ t + 30 , t + 31] . (time unit is 0 . 1 s) 2

  4. Computer Science Laboratory, SRI International Counter-Based Model Need: model real-time delays Approach: ◦ Discrete time and synchronouus composition ◦ One transition = one discrete time step = one time unit ◦ Integer-valued counters to model delays ◦ Finite model if all delays are bounded. 3

  5. Computer Science Laboratory, SRI International Application to DRT Controller Model Safety Property ◦ Specifying the property ◦ Analysis: smc, bmc, inf-bmc A Weaker Property Variant ◦ Reactor model and verification 4

  6. Computer Science Laboratory, SRI International k -induction To show that a transition system M = ( X, I, T ) satisfies ✷ P Usual induction ◦ Base case: I ( x ) ⇒ P ( x ) ◦ Induction step: P ( x ) ∧ T ( x, x ′ ) ⇒ P ( x ′ ) k -induction ◦ Base case: I ( x 0 ) ∧ T ( x 0 , x 1 ) ∧ . . . ∧ T ( x k − 2 , x k − 1 ) ⇒ P ( x 0 ) ∧ . . . ∧ P ( x k − 1 ) ◦ Induction step: P ( x 0 ) ∧ T ( x 0 , x 1 ) ∧ . . . ∧ T ( x k − 2 , x k − 1 ) ∧ P ( x k − 1 ) ∧ T ( x k − 1 , x k ) ⇒ P ( x k ) Usual induction is k -induction with k = 1 Proving ✷ P by k -induction is the same as proving ✷ ( P ∧ ◦ P ∧ . . . ∧ ◦ k − 1 P ) by induction 5

  7. Computer Science Laboratory, SRI International Limits of Counter Models Expressiveness ◦ Not applicable to dense time Verification Issues ◦ Lots of intermediate states where nothing happens (just counters get increased or decreased) ◦ BMC or induction depth depends on constants in the model (large depth for simple system may make SMC or BMC blow up) 6

  8. Computer Science Laboratory, SRI International Timeout-Based Model State variables ◦ global time t and timeouts τ 1 , . . . , τ n (real-valued) ◦ discrete variables τ i stores a time in the future, where a discrete transition is scheduled to happen t � τ i is an invariant Discrete Transitions ◦ Enabled when t = τ i for some i ◦ Do not change t and must update τ i to a value larger than t Time-progress transitions ◦ Enabled when t < min( τ 1 , . . . , τ n ) ◦ Increase t to min( τ 1 , . . . , τ n ) 7

  9. Computer Science Laboratory, SRI International Application to DRT SAL Model ◦ Controller ◦ Reactor ◦ Clock Verification ◦ BMC: search for counterexamples ◦ k -induction: proof ◦ discovering auxiliary lemmas 8

  10. Computer Science Laboratory, SRI International To Get More Information SAL and Yices ◦ http://sal.csl.sri.com & http://sal-wiki.csl.sri.com ◦ http://yices.csl.sri.com & http://yices-wiki.csl.sri.com Infinite & Timed Systems in SAL ◦ B. Dutertre and M. Sorea, Modeling and Verification of a Fault-Tolerant Real-time Startup Protocol using Calendar Automata , FORMATS/FTRTFT 2004 ( http://www.csl.sri.com/ ∼ bruno/publis/startup.pdf ) ◦ B. Dutertre and M. Sorea, Timed Systems in SAL , Technical Report, SRI-SDL-04-03, July 2004. ( http://www.csl.sri.com/ ∼ bruno/publis/sri-sdl-04-03.pdf ) ◦ L. Pike and S. Johnson, The Formal Verificaiton of a Reintegration Protocol , EMSOFT’05, ( http://www.cs.indiana.edu/ ∼ lepike/pub pages/emsoft.html ) ◦ G. Brown and L. Pike. Easy parameterized verification of biphase and 8N1 protocols , TACAS’06, ( http://www.cs.indiana.edu/ ∼ lepike/pub pages/bmp.html ) ◦ G. Brown and L. Pike. “Easy” parameterized verification of cross clock domain protocol , DCC’06, ( http://www.cs.indiana.edu/ ∼ lepike/pub pages/dcc.html ) 9

Recommend

Model Checking Finite State Finite State Model Checking Finite State Systems

Model Checking Finite State Finite State Model Checking Finite State Systems

Model Checking Finite State Finite State Model Checking Finite State Systems Informationsteknologi System Description A No! Debugging Information TOOL TOOL Yes, Requirement F Prototypes C T L Executable Code Test sequences Tools:

637 views • 34 slides
Liveness Checking as Safety Checking for Infinite State Spaces Viktor Schuppan 1 , Armin Biere 2 1

Liveness Checking as Safety Checking for Infinite State Spaces Viktor Schuppan 1 , Armin Biere 2 1

Liveness Checking as Safety Checking for Infinite State Spaces Viktor Schuppan 1 , Armin Biere 2 1 Computer Systems Institute, ETH Z urich 2 Institute for Formal Models and Verification, JKU Linz http://www.inf.ethz.ch/schuppan/

1.23k views • 18 slides
Infinite State Model-Checking of Propositional Dynamic Logics Stefan G oller and Markus Lohrey

Infinite State Model-Checking of Propositional Dynamic Logics Stefan G oller and Markus Lohrey

Infinite State Model-Checking of Propositional Dynamic Logics Stefan G oller and Markus Lohrey Universit at Stuttgart August 25, 2006 Stefan G oller and Markus Lohrey Universit at Stuttgart Infinite State Model-Checking of

1.35k views • 71 slides
Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is

Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is

Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is Model Checking? Model checking is an automated technique that, given a finite-state model of a system and a logical property , systematically

484 views • 36 slides
The Analysis of Infinite-State Systems Bernard Boigelot Universit e de Li` ege

The Analysis of Infinite-State Systems Bernard Boigelot Universit e de Li` ege

The Analysis of Infinite-State Systems Bernard Boigelot Universit e de Li` ege http://www.montefiore.ulg.ac.be/ boigelot/ 1 1. Introduction 2 Infinite-State Systems A model can have an infinite number of configurations because of

926 views • 70 slides
Bounded Model Checking for Finite-State Systems Copenhagen, 2 March 2010 Quantitative Model

Bounded Model Checking for Finite-State Systems Copenhagen, 2 March 2010 Quantitative Model

Bounded Model Checking for Finite-State Systems Copenhagen, 2 March 2010 Quantitative Model Checking PhD School Keijo Heljanko Aalto University Keijo.Heljanko@tkk.fi Bounded Model Checking Tutorial, Part I, Keijo Heljanko 1/54 Co-Author

717 views • 54 slides
Bounded Model Checking for Finite-State Systems Copenhagen, 2 March 2010 Quantitative Model

Bounded Model Checking for Finite-State Systems Copenhagen, 2 March 2010 Quantitative Model

Bounded Model Checking for Finite-State Systems Copenhagen, 2 March 2010 Quantitative Model Checking PhD School Keijo Heljanko Aalto University Keijo.Heljanko@tkk.fi Bounded Model Checking Tutorial, Part II, Keijo Heljanko 1/49 Co-Author

588 views • 55 slides
Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL Other interesting books: Model Checking by Clarke, Grumberg, and Peled Principles of Model Checking by Baier and Katoen 3 Course

636 views • 11 slides
Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole Model Checking C Model checking: normally applied to formal state transition systems checks safety and

439 views • 17 slides
Verification of Infinite-State Systems Ahmed Bouajjani LIAFA - University of Paris 7 Genova -

Verification of Infinite-State Systems Ahmed Bouajjani LIAFA - University of Paris 7 Genova -

Verification of Infinite-State Systems Ahmed Bouajjani LIAFA - University of Paris 7 Genova - November 2002 1 Why Consider Infinite-State Systems ? Real-time Constraints Embedded systems, telecommunication protocols, etc. Infinite Data

850 views • 73 slides
Model Checking in Systems Biology s Brim and Milan ska and David Lubo Ce Safr

Model Checking in Systems Biology s Brim and Milan ska and David Lubo Ce Safr

Model Checking in Systems Biology s Brim and Milan ska and David Lubo Ce Safr anek Masaryk University Czech Republic SFM 2013 1/150 Outline Introduction 1 LTL Model Checking 2 Parallel LTL Model Checking 3 Discrete

2.18k views • 199 slides
Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking Checking Checking for Timed Automata Timed Automata Coll C l C ll b llabora orators: t ors: Peter Bulychev, Alexandre David Axel Legay, Marius

725 views • 59 slides
Higher-Order Model Checking I: Relating Families of Generators of Infinite Structures Luke Ong

Higher-Order Model Checking I: Relating Families of Generators of Infinite Structures Luke Ong

Higher-Order Model Checking I: Relating Families of Generators of Infinite Structures Luke Ong University of Oxford http://www.cs.ox.ac.uk/people/luke.ong/personal/ http://mjolnir.cs.ox.ac.uk Estonia Winter School in Computer Science, 3-8 Mar

277 views • 27 slides
Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree Logic Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge

402 views • 25 slides
Directed Model Checking (not only) for Timed Automata Sebastian Kupferschmid March, 2010 Model

Directed Model Checking (not only) for Timed Automata Sebastian Kupferschmid March, 2010 Model

Directed Model Checking (not only) for Timed Automata Sebastian Kupferschmid March, 2010 Model Checking Motivation Embedded Systems Omnipresent Safety relevant systems Pentium bug Ariane 5 Errors can be extremely harmful Correct

837 views • 67 slides
Algorithms for CTL B. Srivathsan Chennai Mathematical Institute Model Checking and Systems

Algorithms for CTL B. Srivathsan Chennai Mathematical Institute Model Checking and Systems

Algorithms for CTL B. Srivathsan Chennai Mathematical Institute Model Checking and Systems Verification January - April 2016 1 / 22 Module 1: Adequate CTL formulae 2 / 22 Recap of CTL State formulae := true | p i | 1 2 | 1

1.4k views • 123 slides
VTSA10 Summer School, Luxembourg, September 2010 Introduction Probabilistic model checking

VTSA10 Summer School, Luxembourg, September 2010 Introduction Probabilistic model checking

VTSA10 Summer School, Luxembourg, September 2010 Introduction Probabilistic model checking Model checking Automated formal verification for finite-state models Finite-state model System Result Model checker e.g. SMV, Spin Counter-

776 views • 58 slides
Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model checking historically not the first symbolic model checking approach scales better than original BDD based techniques mostly incomplete in

521 views • 28 slides
CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms

CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms

CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms for ( U ) Counter Examples and witnesses Symbolic Model Checking (Thursday) Binary Decision Trees

740 views • 40 slides
Checking Unwinding Conditions for Finite State Systems Deepak DSouza, Raghavendra K.R.

Checking Unwinding Conditions for Finite State Systems Deepak DSouza, Raghavendra K.R.

Checking Unwinding Conditions for Finite State Systems Deepak DSouza, Raghavendra K.R. Indian Institute of Science, Bangalore, India Checking Unwinding Conditions for Finite State Systems p.1/14 MAKS Framework of Heiko Events. V isible,

1.04k views • 56 slides
Hoare Logic and Model Checking Model Checking But perhaps theres a clever way of

Hoare Logic and Model Checking Model Checking But perhaps theres a clever way of

Hoare Logic and Model Checking Model Checking But perhaps theres a clever way of compiling one into the other? Both have very different models of time How do they compare? We have seen two widely used temporal logics Relative

510 views • 10 slides
Model-checking in systems biology - From Micro to Macro 1 / 62 00001 - 00:00:01 Model-checking

Model-checking in systems biology - From Micro to Macro 1 / 62 00001 - 00:00:01 Model-checking

Model-checking in systems biology - From Micro to Macro 1 / 62 00001 - 00:00:01 Model-checking in systems biology - From Micro to Macro 2 / 62 00002 - 00:02:20 Model-checking in systems biology - From Micro to Macro 3 / 62 00003 - 00:02:30

977 views • 62 slides
Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking

Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking

Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking ELEC-E8110 Automation Systems Synthesis and Analysis Igor Buzhinsky igor.buzhinskii@aalto.fi 2018 Igor Buzhinsky Lecture 5 2018 1 / 28 Symbolic

833 views • 61 slides
Model Checking in the Propositional -Calculus Ka I Violet Pun INF 9140 - Specification and

Model Checking in the Propositional -Calculus Ka I Violet Pun INF 9140 - Specification and

Model Checking in the Propositional -Calculus Ka I Violet Pun INF 9140 - Specification and Verification of Parallel Systems 13 th May, 2011 Overview Model Checking is a useful means to automatically ascertain the specification of a system

347 views • 24 slides

More recommend