Presentation is loading. Please wait.

Presentation is loading. Please wait.

15-820A 1 LTL Model Checking 15-820A Flavio Lerda.

Published byJonas Sharp Modified over 8 years ago

Similar presentations

Presentation on theme: "15-820A 1 LTL Model Checking 15-820A Flavio Lerda."— Presentation transcript:

1 15-820A 1 LTL Model Checking 15-820A Flavio Lerda

2 15-820A 2 LTL Model Checking LTL –Subset of CTL* of the form: A f where f is a path formula LTL model checking –Model checking of a property expressed as an LTL formula: –Given a model M and an initial state s 0 : M,s 0 ╞ A f

3 15-820A 3 LTL Model Checking LTL Formulas Subset of CTL* –Distinct from CTL AFG p  LTL  f  CTL. f ≠ AFG p Contains a single universal quantifier –The path formula f holds for every path Commonly: – A is omitted –G is replaced by  (box or always) –F is replaced by  (diamond or eventually)

4 15-820A 4 LTL Model Checking Given a model M and an LTL formula  –Build the Buchi automaton B ¬  –Compute product of M and B ¬  Each state of M is labeled with propositions Each state of B ¬  is labeled with propositions Match states with the same labels –The product accepted the traces of M that are also traces of B ¬  (  M   ¬  ) –If the product accepts any sequence We have found a counter-example

5 15-820A 5 LTL Model Checking Language Emptiness  M   ¬  =  Compute strongly connected components –Non trivial –Containing an accepting state None means no sequence is accepted –Proved the property Very expensive

6 15-820A 6 LTL Model Checking Nested Depth First Search The product is a Büchi automaton How do we find accepted sequences? –Accepted sequences must contain a cycle In order to contain accepting states infinitely often –We are interested only in cycles that contain at least an accepting state –During depth first search start a second search when we are in an accepting states If we can reach the same state again we have a cycle (and a counter-example)

7 15-820A 7 LTL Model Checking Example

8 15-820A 8 LTL Model Checking Example

9 15-820A 9 LTL Model Checking Nested Depth First Search procedure DFS(s) visited = visited  {s} for each successor s’ of s if s’  visited then DFS(s’) if s’ is accepting then DFS2(s’, s’) end if end for end procedure

10 15-820A 10 LTL Model Checking Nested Depth First Search procedure DFS2(s, seed) visited2 = visited2  {s} for each successor s’ of s if s’ = seed then return “Cycle Detect”; end if if s’  visited2 then DFS2(s’, seed) end if end for end procedure

Download ppt "15-820A 1 LTL Model Checking 15-820A Flavio Lerda."

Similar presentations

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.

1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.
Recognising Languages We will tackle the problem of defining languages by considering how we could recognise them. Problem: Is there a method of recognising.

Recognising Languages We will tackle the problem of defining languages by considering how we could recognise them. Problem: Is there a method of recognising.
Translating from logic to automata Book: Chapter 6.

Translating from logic to automata Book: Chapter 6.
Model Checking and Testing combined

Model Checking and Testing combined
Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.

Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
Tutorial I – An Introduction to Model Checking Peng WU INRIA Futurs LIX, École Polytechnique.

Tutorial I – An Introduction to Model Checking Peng WU INRIA Futurs LIX, École Polytechnique.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Partial Order Reduction: Main Idea

Partial Order Reduction: Main Idea
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
LINEAR TEMPORAL LOGIC Fall 2013 Dr. Eric Rozier.

LINEAR TEMPORAL LOGIC Fall 2013 Dr. Eric Rozier.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.
CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.

CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.
Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.

Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.
PSWLAB S PIN Search Algorithm from “THE SPIN MODEL CHECKER” by G Holzmann Presented by Hong,Shin 9 th Nov 2007 2015-05-071SPIN Search Algorithm.

PSWLAB S PIN Search Algorithm from “THE SPIN MODEL CHECKER” by G Holzmann Presented by Hong,Shin 9 th Nov SPIN Search Algorithm.

Similar presentations

Ads by Google