Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik

Slide 2 H. Schlingloff, SS2012: SWV 2 CTL model checking For each LTS/model there is exactly one computation tree CTL model checking works directly on the model (no need to extract computation sequences) For all subformulas of a formula and all states of a given model, mark whether the state satisfies the subformula iteration on formulas according to their inductive definition if p is an atomic proposition, then p M = I(p) M ={} (φ ψ) M = (M-φ M +ψ M ) (EXφ) M = {w | w (wRw w φ M )} (AXφ) M = {w | Aw (wRw w φ M )}

Slide 3 H. Schlingloff, SS2012: SWV 2 Symbolic Representation Modelchecking algorithm deals with sets of states and with relations (sets of pairs of states) Need an efficient representation BDD of the set {x | x >12 or even} x 1 &x 2 | !x

Slide 4 H. Schlingloff, SS2012: SWV 2 Calculation of BDDs

Slide 5 H. Schlingloff, SS2012: SWV 2 The Influence of Variable Ordering Heuristics: keep dependent variables close together!

Slide 6 H. Schlingloff, SS2012: SWV 2 Operations on BDDs Negation: easy (exchange T and F) Falsum: trivial and, or: Shannon expansion (φ OP ψ) = x (φ{x:=T} OP ψ{x:=T}) ¬ x (φ{x:= } OP ψ{x:= }) (φ ψ) = (x (φ{x:=T} ψ{x:=T})) (¬ x (φ{x:= } ψ{x:= })) BDD realization?

Slide 7 H. Schlingloff, SS2012: SWV 2 BDD-implies

Slide 8 H. Schlingloff, SS2012: SWV 2 Transitive Closure Each finite (transition) relation can be represented as a boolean formula / BDD The transitive closure of a relation R is defined recursively by Thus, transitive closure be calculated by an iteration on BDDs Logical operations (,, ) can be directly performed on BDDs

Slide 9 H. Schlingloff, SS2012: SWV 2 Reachability State s is reachable iff s 0 R*s, where s 0 S 0 is an initial state and R is the transition relation Reachability is one of the most important properties in verification most safety properties can be reduced to it in a search algorithm, is the goal reachable? Can be arbitrarily hard for infinite state systems undecidable Can be efficiently calculated with BDDs

Slide 10 H. Schlingloff, SS2012: SWV 2 Intuitively, xR*y iff there is a sequence w 0 w 1... w n of nodes connecting x with y In a finite model, this sequence must be smaller than the number of states. In practice, usually a few dozen steps are sufficient

Slide 11 H. Schlingloff, SS2012: SWV 2 Reflection What has been achieved Vorläufige Vorlesungsplanung - Einführung - Modellierung von Systemen - Temporale Logik - Modellprüfung - Symbolische Repräsentation - Abstraktion - Realzeit Where this is relevant HW design (IEEE 1850 PSL) Safety-critical SW design Embedded systems design

Slide 12 H. Schlingloff, SS2012: SWV 2 Feedback