15-820A 1 LTL Model Checking 15-820A Flavio Lerda.

Slides:



Advertisements
Similar presentations
Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Advertisements

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.
Recognising Languages We will tackle the problem of defining languages by considering how we could recognise them. Problem: Is there a method of recognising.
Translating from logic to automata Book: Chapter 6.
Model Checking and Testing combined
Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
Tutorial I – An Introduction to Model Checking Peng WU INRIA Futurs LIX, École Polytechnique.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Partial Order Reduction: Main Idea
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
LINEAR TEMPORAL LOGIC Fall 2013 Dr. Eric Rozier.
ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.
CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.
Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.
PSWLAB S PIN Search Algorithm from “THE SPIN MODEL CHECKER” by G Holzmann Presented by Hong,Shin 9 th Nov SPIN Search Algorithm.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.
1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.
1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.
Temporal Logic and Model Checking. Reactive Systems We often classify systems into two types: Transformational: functions from inputs available at the.
Witness and Counterexample Li Tan Oct. 15, 2002.
A temporal logic for calls and returns P. Madhusudan University of Pennsylvania Joint work with Rajeev Alur and Kousha Etessami Talk at HCES 2004, Philadelphia.
Review of the automata-theoretic approach to model-checking.
1 Completeness and Complexity of Bounded Model Checking.
Witness and Counterexample Li Tan Oct. 15, 2002.
Automata and Formal Lanugages Büchi Automata and Model Checking Ralf Möller based on slides by Chang-Beom Choi Provable Software Lab, KAIST.
LTL – model checking Jonas Kongslund Peter Mechlenborg Christian Plesner Kristian Støvring Sørensen.
Flavio Lerda 1 LTL Model Checking Flavio Lerda. 2 LTL Model Checking LTL –Subset of CTL* of the form: A f where f is a path formula LTL model checking.
1 Carnegie Mellon UniversitySPINFlavio Lerda Bug Catching SPIN An explicit state model checker.
Model Checking and Related Techniques
15-820A 1 LTL to Büchi Automata Flavio Lerda A 2 LTL to Büchi Automata LTL Formulas Subset of CTL* –Distinct from CTL AFG p  LTL  f  CTL. f.
Wishnu Prasetya LTL Model Checking.
Model Checking Lecture 4 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
1 Completeness and Complexity of Bounded Model Checking.
Basics of automata theory
Model Checking Lecture 3 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
Languages of nested trees Swarat Chaudhuri University of Pennsylvania (with Rajeev Alur and P. Madhusudan)
CIS 842: Specification and Verification of Reactive Systems Lecture Specifications: LTL Model Checking Copyright , Matt Dwyer, John Hatcliff,
Copyright , Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.
Four Lectures on Model Checking Tom Henzinger University of California, Berkeley.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
LTL Model Checking 张文辉
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Recognising Languages We will tackle the problem of defining languages by considering how we could recognise them. Problem: Is there a method of recognising.
Translating from logic to automata (Book: Chapter 6)
1 CSEP590 – Model Checking and Automated Verification Lecture outline for July 9, 2003.
Variants of LTL Query Checking Hana ChocklerArie Gurfinkel Ofer Strichman IBM Research SEI Technion Technion - Israel Institute of Technology.
Today’s Agenda  Quiz 4  Temporal Logic Formal Methods in Software Engineering1.
6/12/20161 a.a.2015/2016 Prof. Anna Labella Formal Methods in software development.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Model Checking Lecture 2. Model-Checking Problem I |= S System modelSystem property.
Model Checking Lecture 2 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
Symbolic model checking with SAT/SMT
Formal Language & Automata Theory
Standard Representations of Regular Languages
Automatic Verification
CSEP590 – Model Checking and Automated Verification
Deterministic PDAs - DPDAs
Formal Methods in software development
Translating Linear Temporal Logic into Büchi Automata
Formal Methods in software development
Program correctness Branching-time temporal logics
Model Checking CS 680 Formal Methods Jeremy Johnson.
Presentation transcript:

15-820A 1 LTL Model Checking A Flavio Lerda

15-820A 2 LTL Model Checking LTL –Subset of CTL* of the form: A f where f is a path formula LTL model checking –Model checking of a property expressed as an LTL formula: –Given a model M and an initial state s 0 : M,s 0 ╞ A f

15-820A 3 LTL Model Checking LTL Formulas Subset of CTL* –Distinct from CTL AFG p  LTL  f  CTL. f ≠ AFG p Contains a single universal quantifier –The path formula f holds for every path Commonly: – A is omitted –G is replaced by  (box or always) –F is replaced by  (diamond or eventually)

15-820A 4 LTL Model Checking Given a model M and an LTL formula  –Build the Buchi automaton B ¬  –Compute product of M and B ¬  Each state of M is labeled with propositions Each state of B ¬  is labeled with propositions Match states with the same labels –The product accepted the traces of M that are also traces of B ¬  (  M   ¬  ) –If the product accepts any sequence We have found a counter-example

15-820A 5 LTL Model Checking Language Emptiness  M   ¬  =  Compute strongly connected components –Non trivial –Containing an accepting state None means no sequence is accepted –Proved the property Very expensive

15-820A 6 LTL Model Checking Nested Depth First Search The product is a Büchi automaton How do we find accepted sequences? –Accepted sequences must contain a cycle In order to contain accepting states infinitely often –We are interested only in cycles that contain at least an accepting state –During depth first search start a second search when we are in an accepting states If we can reach the same state again we have a cycle (and a counter-example)

15-820A 7 LTL Model Checking Example

15-820A 8 LTL Model Checking Example

15-820A 9 LTL Model Checking Nested Depth First Search procedure DFS(s) visited = visited  {s} for each successor s’ of s if s’  visited then DFS(s’) if s’ is accepting then DFS2(s’, s’) end if end for end procedure

15-820A 10 LTL Model Checking Nested Depth First Search procedure DFS2(s, seed) visited2 = visited2  {s} for each successor s’ of s if s’ = seed then return “Cycle Detect”; end if if s’  visited2 then DFS2(s’, seed) end if end for end procedure

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.