Introduction to Embedded Systems Chapter 14 Reachability Analysis (14.1, 14.2.1 – 14.2-2) Hao Zheng U of South Florida.

Slides:



Advertisements
Similar presentations
1 Verification by Model Checking. 2 Part 1 : Motivation.
Advertisements

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Completeness and Expressiveness
Model Checking and Testing combined
Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
Modeling issues Book: chapters 4.12, 5.4, 8.4, 10.1.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
A Survey of Runtime Verification Jonathan Amir 2004.
Tutorial I – An Introduction to Model Checking Peng WU INRIA Futurs LIX, École Polytechnique.
50.530: Software Engineering
CSC411Artificial Intelligence 1 Chapter 3 Structures and Strategies For Space State Search Contents Graph Theory Strategies for Space State Search Using.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Partial Order Reduction: Main Idea
Planning based on Model Checking Dept. of Information Systems and Applied CS Bamberg University Seminar Paper Svetlana Balinova.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
50.530: Software Engineering Sun Jun SUTD. Week 10: Invariant Generation.
LINEAR TEMPORAL LOGIC Fall 2013 Dr. Eric Rozier.
1 Nondeterministic Space is Closed Under Complement Presented by Jing Zhang and Yingbo Wang Theory of Computation II Professor: Geoffrey Smith.
ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
1 MODULE name (parameters) “Ontology” “Program” “Properties” The NuSMV language A module can contain modules Top level: parameters less module Lower level.
Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.
CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.
Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.
Graph Theory, DFS & BFS Kelly Choi What is a graph? A set of vertices and edges –Directed/Undirected –Weighted/Unweighted –Cyclic/Acyclic.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
1 Model Checking, Abstraction- Refinement, and Their Implementation Based on slides by: Orna Grumberg Presented by: Yael Meller June 2008.
Discrete Abstractions of Hybrid Systems Rajeev Alur, Thomas A. Henzinger, Gerardo Lafferriere and George J. Pappas.
1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.
Penn ESE 535 Spring DeHon 1 ESE535: Electronic Design Automation Day 22: April 23, 2008 FSM Equivalence Checking.
Review of the automata-theoretic approach to model-checking.
Embedded Systems Laboratory Department of Computer and Information Science Linköping University Sweden Formal Verification and Model Checking Traian Pop.
1 Completeness and Complexity of Bounded Model Checking.
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
The Model Checker SPIN Written by Gerard J. Holzmann Presented by Chris Jensen.
USING SAT-BASED CRAIG INTERPOLATION TO ENLARGE CLOCK GATING FUNCTIONS Ting-Hao Lin, Chung-Yang (Ric) Huang Graduate Institute of Electrical Engineering,
50.530: Software Engineering
Parallel and Distributed Computing in Model Checking Diana DUBU (UVT) Dana PETCU (IeAT, UVT)
CSE Winter 2008 Introduction to Program Verification January 29 how wang works.
Inferring Temporal Properties of Finite-State Machines with Genetic Programming GECCO’15 Student Workshop July 11, 2015 Daniil Chivilikhin PhD student.
CSE 326: Data Structures NP Completeness Ben Lerner Summer 2007.
CS6133 Software Specification and Verification
CSCI 2670 Introduction to Theory of Computing November 29, 2005.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Introduction to Problem Solving. Steps in Programming A Very Simplified Picture –Problem Definition & Analysis – High Level Strategy for a solution –Arriving.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
CISC 235: Topic 9 Introduction to Graphs. CISC 235 Topic 92 Outline Graph Definition Terminology Representations Traversals.
CSE Winter 2008 Introduction to Program Verification January 15 tautology checking.
Verification & Validation By: Amir Masoud Gharehbaghi
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Dana Nau: Lecture slides for Automated Planning Licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License:
1 CSEP590 – Model Checking and Automated Verification Lecture outline for July 9, 2003.
ECE/CS 584: Verification of Embedded Computing Systems Model Checking Timed Automata Sayan Mitra Lecture 09.
Graphs & Paths Presentation : Part II. Graph representation Given graph G = (V, E). May be either directed or undirected. Two common ways to represent.
DEPARTMENT OF COMPUTER SCIENCE TARI ROROHIKO Control and Automation Robi Malik Department of Computer Science The University of Waikato
CS357 Lecture 13: Symbolic model checking without BDDs Alex Aiken David Dill 1.
Bounded Model Checking A. Biere, A. Cimatti, E. Clarke, Y. Zhu, Symbolic Model Checking without BDDs, TACAS’99 Presented by Daniel Choi Provable Software.
Today’s Agenda  Quiz 4  Temporal Logic Formal Methods in Software Engineering1.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Complexity of Compositional Model Checking of Computation Tree Logic on Simple Structures Krishnendu Chatterjee Pallab Dasgupta P.P. Chakrabarti IWDC 2004,
Introduction to Software Verification
CPE555A: Real-Time Embedded Systems
Automatic Verification
Review for the Midterm Exam
Formal Methods in software development
10 Design Verification and Test
Presentation transcript:

Introduction to Embedded Systems Chapter 14 Reachability Analysis (14.1, – ) Hao Zheng U of South Florida

2 The Challenge of Dependable Software in Embedded Systems “In 1 of every 12,000 settings, the software can cause an error in the programming resulting in the possibility of producing paced rates up to 185 beats/min.” Today’s medical devices run on software… software defects can have life-threatening consequences. “the patient collapsed while walking towards the cashier after refueling his car […] A week later the patient complained to his physician about an increasing feeling of unwell-being since the fall.” [different device] [Journal of Pacing and Clinical Electrophysiology, 2004]

3 Graph of FSM modeling 2 trains and a bridge traffic controller. Is it possible for the trains to be on a collision path? [Moritz Hammer, Uni. Muenchen]

4 Reachability Analysis and Model Checking Reachability analysis is the process of computing the set of reachable states for a system. all three problems can be solved using reachability analysis Model checking is an algorithmic method for determining if a system satisfies a formal specification expressed in temporal logic. Model checking typically performs reachability analysis.

5 A General View of Model Checking S E  ComposeVerify Property System Environment YES [proof] NO counterexample M

6 Open vs. Closed Systems A closed system is one with no inputs For verification, we obtain a closed system by composing the system and environment models

7 Model Checking G p Consider an LTL formula of the form Gp where p is a proposition (p is a property on a single state) To verify Gp on a system M, one simply needs to enumerate all the reachable states and check that they all satisfy p. The state space found is typically represented as a directed graph called a state graph. When M is a finite-state machine, this reachability analysis will terminate (in theory). In practice, though, the number of states may be prohibitively large consuming too much run-time or memory (the state explosion problem).

8 Traffic Light Controller Example

9 Composed FSM for Traffic Light Controller This FSM has 188 states (due to different values of count)

10 Reachability Analysis Through Graph Traversal Construct the state graph on the fly Start with initial state, and explore next states using a suitable graph-traversal strategy. A state is a collection of a FSM state and values of all variables. initial state:(red, crossing, count==0) A successor: (red, crossing, count==1

11 Depth-First Search (DFS) Maintain 2 data structures: 1.Set of visited states R 2.Stack with current path from the initial state Potential problems for a huge graph? State explosion

12 Explicit State Model Checking Example R = { (red, crossing, 0) }

13 Explicit State Model Checking Example R = { (red, crossing, 0), (red, crossing, 1) }

14 Explicit State Model Checking Example R = { (red, crossing, 0), (red, crossing, 1), … (red, crossing, 60) }

15 Explicit State Model Checking Example R = { (red, crossing, 0), (red, crossing, 1), … (red, crossing, 60), (green, none, 0) }

16 Explicit State Model Checking Example R = { (red, crossing, 0), (red, crossing, 1), … (red, crossing, 60), (green, none, 0), (green, none, 1) }

17 Explicit State Model Checking Example R = { (red, crossing, 0), (red, crossing, 1), … (red, crossing, 60), (green, none, 0), (green, none, 1), …, (green, none, 60) }

18 Explicit State Model Checking Example R = { (red, crossing, 0), (red, crossing, 1), … (red, crossing, 60), (green, none, 0), (green, none, 1), …, (green, none, 60), (yellow, waiting, 0) }

19 Explicit State Model Checking Example R = { (red, crossing, 0), (red, crossing, 1), … (red, crossing, 60), (green, none, 0), (green, none, 1), …, (green, none, 60), (yellow, waiting, 0), … (yellow, waiting, 5) }

20 Explicit State Model Checking Example R = { (red, crossing, 0), (red, crossing, 1), … (red, crossing, 60), (green, none, 0), (green, none, 1), …, (green, none, 60), (yellow, waiting, 0), … (yellow, waiting, 5), (pending, waiting, 1), …, (pending, waiting, 60) }

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.