SS 2017 Software Verification Tableaus, CTL model checking Prof. Dr. Holger Schlingloff 1,2 Dr. Esteban Pavese 1 (1) Institut für Informatik der Humboldt Universität (2) Fraunhofer Institut für offene Kommunikationssysteme FOKUS

Excursion: Propositional Tableaus Multimodal extension:

Temporal Tableaus

Example

Another Example

Recap What is an atom in LTL modelchecking? What is the atom graph ? How is it built? Why are SCCs important? What does Tarjan‘s algorithm compute? In which time complexity?

Eventualities if m contains (φU+ψ), some m‘ containing ψ must be reachable „reachable“ means „in the same strongly connected component“ (SCC) self-fulfilling SCC: for any α=(w,m) and (φU+ψ) m there is a reachable α‘=(w‘,m‘) and ψm‘ we have to decompose the atom graph into SCCs Tarjan’s algorithm is a clever solution to this linear complexity (enumerates SCCs as they are encountered) overall complexity: |M|*2|φ| meaning: The model must be traversed only once

LTL Model Checking Algorithm

Improvements bitstate hashing incomplete hashing partial order techniques Remark: Wikipedia is amazing, it even has a page on translating LTL to BA: https://en.wikipedia.org/wiki/Linear_temporal_logic_to_B%C3%BCchi_automaton