Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.

Slides:



Advertisements
Similar presentations
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
Advertisements

Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.
Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.
1 Computation Tree Logic (CTL). 2 CTL Syntax P - a set of atomic propositions, every p  P is a CTL formula. f, g, CTL formulae, then so are  f, f 
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.
1 MODULE name (parameters) “Ontology” “Program” “Properties” The NuSMV language A module can contain modules Top level: parameters less module Lower level.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.
CS6133 Software Specification and Verification
UPPAAL Introduction Chien-Liang Chen.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar D D.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking.
Review of topics Final exam : -May 2nd to May 7 th - Projects due on May 7th.
1 Temporal Logic u Classical logic:  Good for describing static conditions u Temporal logic:  Adds temporal operators  Describe how static conditions.
© Katz, 2007CS Formal SpecificationsLecture - Temporal logic 1 Temporal Logic Formal Specifications CS Shmuel Katz The Technion.
1 Model Checking, Abstraction- Refinement, and Their Implementation Based on slides by: Orna Grumberg Presented by: Yael Meller June 2008.
1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.
Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.
Temporal Logic and Model Checking. Reactive Systems We often classify systems into two types: Transformational: functions from inputs available at the.
Witness and Counterexample Li Tan Oct. 15, 2002.
¹ -Calculus Based on: “Model Checking”, E. Clarke and O. Grumberg (ch. 6, 7) “Symbolic Model Checking: 10^20 States and Beyond”, Burch, Clark, et al “Introduction.
Review of the automata-theoretic approach to model-checking.
Embedded Systems Laboratory Department of Computer and Information Science Linköping University Sweden Formal Verification and Model Checking Traian Pop.
Witness and Counterexample Li Tan Oct. 15, 2002.
Flavio Lerda 1 LTL Model Checking Flavio Lerda. 2 LTL Model Checking LTL –Subset of CTL* of the form: A f where f is a path formula LTL model checking.
1 Temporal Logic-Overview FM Temporal Logic u Classical logic: Good for describing static conditions u Temporal logic: Adds temporal operators Describe.
1 Carnegie Mellon UniversitySPINFlavio Lerda Bug Catching SPIN An explicit state model checker.
1 Introduction to SMV and Model Checking Mostly by: Ken McMillan Cadence Berkeley Labs Small parts by: Brandon Eames ISIS/Vanderbilt.
Model Checking Lecture 4 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
Model Checking Lecture 3 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The syllabus and all lectures for this course are copyrighted materials and may not be used.
10/19/2015COSC , Lecture 171 Real-Time Systems, COSC , Lecture 17 Stefan Andrei.
Automatic Verification of Finite-State Concurrent Systems Using Temporal Logic Specifications 1.
Introduction to Formal Verification using Rulebase April 18, 2001 Rebecca Gott eServer I/O Development Hardware Verification
Lecture 81 Optimizing CTL Model checking + Model checking TCTL CS 5270 Lecture 9.
卜磊 Transition System. Definitions and notations Reactive System The intuition is that a transition system consists of a set of possible.
- 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Validation - Formal verification -
Verification & Validation By: Amir Masoud Gharehbaghi
VIS Technology Transfer Course Session 7 Fairness Constraints and Monitors Serdar Tasiran.
1 CSEP590 – Model Checking and Automated Verification Lecture outline for July 9, 2003.
Model Checking Lecture 1. Model checking, narrowly interpreted: Decision procedures for checking if a given Kripke structure is a model for a given formula.
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
Model Checking Lecture 1: Specification Tom Henzinger.
Lecture 7 Discuss midterm Scheduling. Alternative Directory Structure See hw 1 and hw 2. This one more aligned with UNIX directory structure. Idea for.
6/12/20161 a.a.2015/2016 Prof. Anna Labella Formal Methods in software development.
Model Checking Lecture 2. Model-Checking Problem I |= S System modelSystem property.
Model Checking Lecture 2 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
What is the SMV (Symbolic Model Verifier) System ?
CIS 842: Specification and Verification of Reactive Systems
CSCI1600: Embedded and Real Time Software
Automatic Verification of Industrial Designs
Albert M. K. Cheng Real-Time Systems Laboratory University of Houston
Formal Methods in software development
Computer Security: Art and Science, 2nd Edition
CSCI1600: Embedded and Real Time Software
ICT Programming Lesson 3:
Formal Methods in software development
Program correctness Branching-time temporal logics
Program correctness Model-checking CTL
10 Design Verification and Test
Presentation transcript:

Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds for the design. A counterexample if the property does not hold. Model checking is the alternative to simulation

Computational Tree Logic (CTL) CTL is a logic used to express properties for model checking CTL is useful because there is an efficient technique to check it A temporal logic is a logic which can express aspects of time CTL makes statements about the computational tree of a state machine Traffic light FSM Computational tree for FSM R GY R G Y R RGG

CTL Formulae A CTL formula is built from three things: 1.Atomic propositions - These are the variables 2.Boolean connectives - AND, OR, NOT, etc. 3.Temporal operators - Express something about paths in the computational tree A temporal operator has two parts: 1.A path quantifier - A (for all paths) or E (there exists a path) 2.A temporal modality - Describe the ordering of events in time

Temporal Modalities Assume that p is a CTL formula. F p - “p holds sometime in the future” Is true of a path is there exists a state on the path where p is true G p - “p is true globally” Is true of a path if p is true at all states on the path X p - “p holds in the next state” Is true of a path if p is true in the state immediately after the current state p1 U p2 - “p1 holds until p2 holds” Is true if p2 is true in a state and p1 is true in all preceding states

A CTL Property All temporal modalities, except G, are evaluated from the start state of the path AG (req -> AF ack) For all reachable states, if req is asserted then we must reach a state where ack is asserted AG is interpreted relative to the start state AG selects all states reachable from start state AF is interpreted relative to where req is asserted

Another CTL Property AG AF enabled For every reachable state, for all paths starting at that state we must reach another state where enabled is asserted AG EF restart From any reachable state, there must exist a path reaching a state where restart is asserted In other words, it must always be possible to reach the restart state

Fairness Constraints Fairness is when a set of constraints must be satisfied “infinitely often” “Buchi” type of constraints This can ensure fair access to a resource (bus access)

Traffic Light Controller Constraint AG ( !((farm_light = GREEN) * (hwy_light = GREEN)) ); Both lights can’t be green at the same time

Model Checking in VIS VerilogBlif-MV CTL vl2mv VIS We use VIS for model checking, not synthesis

Running VIS % module load vis % vl2mv tlc.v % vis vis> read_blif_mv tlc.mv vis> init_verify vis> model_check -i tlc.ctl  Setup environment vars  Convert verilog to blif_mv  Start VIS  Read the blif  Initialize for verification  Model check with properties (tlc.ctl)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.