1 Example: traffic light controller Guarantee no collisions Guarantee eventual service E S N.

Slides:



Advertisements
Similar presentations
Part II Concepts.
Advertisements

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Model Checking and Testing combined
Modeling issues Book: chapters 4.12, 5.4, 8.4, 10.1.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Introduction to SMV Part 2
Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.
Traffic light contoller using FSM
Algorithmic Software Verification VII. Computation tree logic and bisimulations.
Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.
SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)
Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
FSM Revisit Synchronous sequential circuit can be drawn like below  These are called FSMs  Super-important in digital circuit design FSM is composed.
Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.
Introduction to Embedded Systems Chapter 14 Reachability Analysis (14.1, – ) Hao Zheng U of South Florida.
Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.
Multiple Shooting, CEGAR-based Falsification for Hybrid Systems
Learning Objectives Explain similarities and differences among algorithms, programs, and heuristic solutions List the five essential properties of an algorithm.
Chapter 10 Algorithmic Thinking. Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Learning Objectives List the five essential.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking.
Process Analysis Toolkit PAT is A SPIN-like self-contained environment for system specification, visualized simulation and automated verification. PAT.
© 2011 Carnegie Mellon University Introduction to SMV Part 2 Arie Gurfinkel (SEI/CMU) based on material by Prof. Clarke and others.
© Katz, 2007CS Formal SpecificationsLecture - Temporal logic 1 Temporal Logic Formal Specifications CS Shmuel Katz The Technion.
1 8. Safe Query Languages Safe program – its semantics can be at least partially computed on any valid database input. Safety is tied to program verification,
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
Component-Based Abstraction Juncao Li Dept. of Computer Science Portland State University.
Symbolic Encoding of Neural Networks using Communicating Automata with Applications to Verification of Neural Network Based Controllers* Li Su, Howard.
Contemporary Logic Design Finite State Machine Design © R.H. Katz Transparency No Chapter #8: Finite State Machine Design 8.5 Finite State Machine.
Review of the automata-theoretic approach to model-checking.
Formal verification Marco A. Peña Universitat Politècnica de Catalunya.
Traffic Light Controller Examples in SMV Himanshu Jain Bug catching (Fall 2007)
By D. Beyer et. al. Simon Fraser University (Spring 09) Presentation By: Pashootan Vaezipoor.
1 Carnegie Mellon UniversitySPINFlavio Lerda Bug Catching SPIN An explicit state model checker.
Computer-Aided Verification Introduction
Verification technique on SA applications using Incremental Model Checking 컴퓨터학과 신영주.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
SMV TUTORIAL – Part I Eriko Nurvitadhi Note: content of these slides are from “Getting started with SMV” by K. L. McMillan, Refer to this document.
Automatic Verification of Finite-State Concurrent Systems Using Temporal Logic Specifications 1.
Specifying and Verifying Event-based Fairness Enhanced Systems 1 ICFEM 2008 Specifying and Verifying Event-based Fairness Enhanced Systems Jun SUN, Yang.
BE-SECBS FISA 2003 November 13th 2003 page 1 DSR/SAMS/BASP IRSN BE SECBS – IRSN assessment Context application of IRSN methodology to the reference case.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
1 Computer-Aided Verification 電腦輔助驗證. Other names Formal methods Formal verification Automated verification.
A brief history of model checking Ken McMillan Cadence Berkeley Labs
Introduction to State Machine
CS101 Computer Programming I Chapter 4 Extra Examples.
1 CSEP590 – Model Checking and Automated Verification Lecture outline for August 6, 2003.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.
Verification & Validation By: Amir Masoud Gharehbaghi
VIS Technology Transfer Course Session 7 Fairness Constraints and Monitors Serdar Tasiran.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
1 ENGG 1015 Tutorial Three Examples of Finite State Machines Supplementary notes Learning Objectives  Learn about Design of Finite State Machines Ack.:
Automated Composition and Analysis. Web Services: Design and Analysis2 Automated Composition Given a specification of the composite service, find individual.
1 Temporal logic. 2 Prop. logic: model and reason about static situations. Example: Are there truth values that can be assigned to x,y simultaneously.
Model Checking Lecture 1. Model checking, narrowly interpreted: Decision procedures for checking if a given Kripke structure is a model for a given formula.
Calculator Overview Functional Verification. Calculator Design n Calculator has 4 functions: Add Subtract Shift left Shift right n Calculator can handle.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Today’s Agenda  Quiz 4  Temporal Logic Formal Methods in Software Engineering1.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Assertions An assertion is a statement about the design’s intended behavior Assertions can be written in a hardware description language (HDL) Assertions.
Computer-Aided Verification Introduction
Chapter - Karnaugh Maps
Abstraction, Verification & Refinement
Lecture 18 Logistics Last Lecture Today HW6 due today Midterm 2
Predicate Abstraction
SAT Based Abstraction/Refinement in Model-Checking
Presentation transcript:

1 Example: traffic light controller Guarantee no collisions Guarantee eventual service E S N

2 Specifications in temporal logic Safety (no collisions) G ~(E_Go & (N_Go | S_Go)); Liveness G (~N_Go & N_Sense -> F N_Go); G (~S_Go & S_Sense -> F S_Go); G (~E_Go & E_Sense -> F E_Go); Fairness constraints GF ~(N_Go & N_Sense); GF ~(S_Go & S_Sense); GF ~(E_Go & E_Sense); /* assume each sensor off infinitely often */

3 Controller program module main(N_SENSE,S_SENSE,E_SENSE,N_GO,S_GO,E_GO); input N_SENSE, S_SENSE, E_SENSE; output N_GO, S_GO, E_GO; reg NS_LOCK, EW_LOCK, N_REQ, S_REQ, E_REQ; /* set request bits when sense is high */ always begin if (!N_REQ & N_SENSE) N_REQ = 1; end always begin if (!S_REQ & S_SENSE) S_REQ = 1; end always begin if (!E_REQ & E_SENSE) E_REQ = 1; end

4 Example continued... /* controller for North light */ always begin if (N_REQ) begin wait (!EW_LOCK); NS_LOCK = 1; N_GO = 1; wait (!N_SENSE); if (!S_GO) NS_LOCK = 0; N_GO = 0; N_REQ = 0; end /* South light is similar... */

5 Example code, cont… /* Controller for East light */ always begin if (E_REQ) begin EW_LOCK = 1; wait (!NS_LOCK); E_GO = 1; wait (!E_SENSE); EW_LOCK = 0; E_GO = 0; E_REQ = 0; end

6 Counterexample East and North lights on at same time... E_Go E_Sense NS_Lock N_Go N_Req N_Sense S_Go S_Req S_Sense E_Req N light goes on at same time S light goes off. S takes priority and resets NS_Lock N light goes on at same time S light goes off. S takes priority and resets NS_Lock

7 Fixing the error Don’t allow N light to go on while south light is going off. always begin if (N_REQ) begin wait (!EW_LOCK & !(S_GO & !S_SENSE)); NS_LOCK = 1; N_GO = 1; wait (!N_SENSE); if (!S_GO) NS_LOCK = 0; N_GO = 0; N_REQ = 0; end

8 Another counterexample North traffic is never served... E_Go E_Sense NS_Lock N_Go N_Req N_Sense S_Go S_Req S_Sense E_ReqN and S lights go off at same time Neither resets lock Last state repeats forever

9 Fixing the liveness error When N light goes off, test whether S light is also going off, and if so reset lock. always begin if (N_REQ) begin wait (!EW_LOCK & !(S_GO & !S_SENSE)); NS_LOCK = 1; N_GO = 1; wait (!N_SENSE); if (!S_GO | !S_SENSE) NS_LOCK = 0; N_GO = 0; N_REQ = 0; end

10 All properties verified Guarantee no collisions Guarantee service assuming fairness Computational resources used: –57 states searched –0.1 CPU seconds

11 Summary Basic specification and verification techniques –Temporal logic model checking –Finite automata –Symbolic simulation Application at different levels –Local property verification –Abstract model verification –Local refinement verification Benefits –Find design errors (negative results) –Make assumptions explicit –Systematically rule out classes of design errors

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.