Symbolic Model Checking 10 20 States and Beyond Burch Clarke - PowerPoint PPT Presentation

The Mu-Calculus Model Checking Example Results Symbolic Model Checking 10 20 States and Beyond Burch Clarke McMillan Dill Hwang Seminal Papers in Verification March 23, 2012 Andreína Francisco Symbolic Model Checking

The Mu-Calculus Model Checking Example Results Outline The Mu-Calculus 1 Model Checking 2 Example 3 Results 4 Andreína Francisco Symbolic Model Checking

The Mu-Calculus Model Checking Example Results The Mu-Calculus The Mu-Calculus is similar to standard first-order logic. Does not include relational symbols or constant symbols. Relational symbols are replaced by relational variables. µ P [ R ] denotes the least fixed point of an n -ary relational term R and P is an n -ary relational variable. Andreína Francisco Symbolic Model Checking

The Mu-Calculus Model Checking Example Results Symbolic Model Checking Use BDDs as internal representation Recursively translate formula to BDD CTL expressions can be translated into efficient BDD operations. FalseBDD and TrueBDD correspond to trees with only one terminal node, 0 or 1 respectively. Andreína Francisco Symbolic Model Checking

Translating formulas Over the structure of formulas & terms BDD f : Formulas f is individual var BDDAtom ( f ) f = f 1 ^ f 2 BDDAnd ( BDD f ( f 1 ) , BDD f ( f 2 )) f = ¬ f 1 BDDNegate ( BDD f ( f 1 )) f = 9 x . f BDDExists ( x , BDD f ( f 1 )) f = R ( x 1 , . . . , x n ) BDD R ( R ) h d 1 ← x 1 , . . . , d n ← x n i BDD R : Terms R is relational var I R ( R ) R = λ x 1 , . . . , x n . f BDD f ( f ) h x 1 ← d 1 , . . . , x n ← d n i R = µ P [ R 0 ] FixedPoint ( P , R 0 , FalseBDD )

The Mu-Calculus Model Checking Example Results AF f 1 = µ Z . f 1 ∨ AX Z EF f 1 = µ Z . f 1 ∧ EX Z A [ f 1 U f 2 ] = µ Z . f 2 ∨ ( f 1 ∧ AX Z ) E [ f 1 U f 2 ] = µ Z . f 2 ∨ ( f 1 ∧ EX Z ) Andreína Francisco Symbolic Model Checking

The Mu-Calculus Model Checking Example Results s 0 { a , b } The set of atomic prepositions AP = { a , b , c } The set of states S = { s 0 , s 1 , s 2 } s 2 The set of transitions T = { ( s 0 , s 1 ) , ( s 1 , s 0 ) , ( s 0 , s 2 ) , ( s 2 , s 1 ) } { a , c } The labelling function s 1 L = { ( s 0 , { a , b } ) , ( s 1 , { b , c } ) , ( s 2 , { a , c } ) } { b , c } Andreína Francisco Symbolic Model Checking

The Mu-Calculus Model Checking Example Results s 0 { a , b } CTL formulae: f = EX c s 2 Mu-Calculus: { a , c } s 1 R = λ s [ ∃ t [ c ( t ) ∧ T ( s , t )]] { b , c } Andreína Francisco Symbolic Model Checking

The Mu-Calculus Model Checking Example Results States are described by means of a vector of boolean variables s i = ( x 1 , x 2 ) Boolean vectors can be represented as formulas s 0 = ¬ e 1 ∧ e 2 , s 1 = ¬ e 1 ∧ e 2 , s 2 = e 1 ∧ e 2 Trasitions, described by the pairs ( s i , s ′ i ) , can be represented as s i ∧ s ′ i Andreína Francisco Symbolic Model Checking

The Mu-Calculus Model Checking Example Results T ( s , t ) c ( t ) e ′ 2 e 2 e 2 e ′ 2 e ′ e ′ 1 1 0 1 e 1 e 1 0 1 Andreína Francisco Symbolic Model Checking

The Mu-Calculus Model Checking Example Results c ( t ) ∧ T ( s , t ) e ′ 2 e 2 e ′ 1 e 1 e 1 0 1 Andreína Francisco Symbolic Model Checking

The Mu-Calculus Model Checking Example Results ∃ t [ c ( t ) ∧ T ( s , t )] e 2 e ′ 2 = 0 ∧ e ′ 1 = 0 e 1 e 1 0 e ′ 2 = 1 ∧ e ′ 1 = 0 0 1 e 2 e ′ 2 = 0 ∧ e ′ 1 = 1 e 1 0 e ′ 2 = 1 ∧ e ′ 1 = 1 0 1 Andreína Francisco Symbolic Model Checking

The Mu-Calculus Model Checking Example Results ∃ t [ c ( t ) ∧ T ( s , t )] = [ c ( t ) ∧ T ( s , t )] e ′ 1 = 0 ∨ [ c ( t ) ∧ T ( s , t )] e ′ 1 = 1 ∨ ... 2 = 0 , e ′ 2 = 0 , e ′ e 2 e 1 e 1 0 1 { s 0 , s 2 } Andreína Francisco Symbolic Model Checking

The Mu-Calculus Model Checking Example Results Symbolic model checking allows larger models (many magnitudes). Interesting result: BDDs grow linearly State space very large Execution time still rises quickly Andreína Francisco Symbolic Model Checking

Outline Representing Set of States as OBDD’s Symbolic Model-Checking Algorithm Symbolic Model Checkers . Most hardware design companies have their own Symbolic Model Checker(s) Intel, IBM, Motorola, Siemens, ST, Cadence, ... very advanced tools proprietary technolgy! . On the academic side CMU SMV [McMillan] VIS [Berkeley, Colorado] Bwolen Yang’s SMV [CMU] NuSMV [CMU, IRST, UNITN, UNIGE] ... Alessandro Artale Formal Methods Lecture VII Symbolic Model Checking