Presentation is loading. Please wait.

Presentation is loading. Please wait.

Formal Methods: Model Checkers and Theorem Provers

Published byJulie Bailey Modified over 6 years ago

Similar presentations

Presentation on theme: "Formal Methods: Model Checkers and Theorem Provers"— Presentation transcript:

1 Formal Methods: Model Checkers and Theorem Provers
Emerson Murphy-Hill (Slides from Travis Breaux)

2 Verification The process of verification involves identifying inconsistencies and ambiguities in a system, which are otherwise likely to go undetected. Some of the formal verification techniques include: Model checking and Theorem proving [3] Edmund M. Clarke, Jeannette M. Wing: Formal Methods: State of the Art and Future Directions   2

3 Model Checking Model checking involves building a finite model of the system to verify its properties. Involves an exhaustive state-space search. Primarily used in hardware and protocol verification. What are the different approaches to model checking? Temporal model checking : specifications are represented as temporal logic expressions and systems modeled as finite state machines and the two are compared to ensure that the finite state machine correctly models the specifications. Second approach: Both specifications and the system are represented by an automaton and compared to identify conformance. [3] Edmund M. Clarke, Jeannette M. Wing: Formal Methods: State of the Art and Future Directions   3

4 State space explosion problem
The number of states in a system grows exponentially with an increase in the number of variables in a program. For instance, consider a program with 5 boolean variables and 6 integers. The number of states that would need to be checked = 2 ^ 5 * 10 ^ 6 = states. Since every value that the variable is likely to take should be checked, it results in an explosion of states. Heuristics can be used to prioritize state space search. For instance, identifying and exploring important states first. 4

5 Case study Formal modeling and verification techniques were applied to the International Telecommunications Union (formerly CCITT) ISDN/IUPP (ISDN User Part Protocol). 145 requirements were formalized using temporal logic and proofs were produced by automated model checkers. 112 errors were detected and fixed and about 55% of the original design was found to be logically inconsistent. [3] Edmund M. Clarke, Jeannette M. Wing: Formal Methods: State of the Art and Future Directions   5

6 Theorem Proving Theorem proving is the technique in which both the system and its properties are expressed as formulae. It defines a set of axioms and inference rules for the system. Theorem proving involves obtaining a proof for a system’s property by making use of its axioms and rules. Theorem provers could be highly automated for general purpose operations or be interactive in nature, to assist in special-purpose operations. [3] Edmund M. Clarke, Jeannette M. Wing: Formal Methods: State of the Art and Future Directions   6

7 Case study Nqthm - a theorem prover, has been used to check a proof of Godel’s first incompleteness theorem, and in a variety of large-scale verification efforts. Boyer and Yu used Nqthm’s specification of the Motorola microprocessor (binary machine code programs) to verify their correctness. [3] Edmund M. Clarke, Jeannette M. Wing: Formal Methods: State of the Art and Future Directions   7

8 Comparison of Model Checkers and Theorem Provers
Model checkers are completely automatic and generate results faster than theorem provers. They can be used to verify partial specifications, even if a system’s full specifications are not available. Model checkers face the state space explosion problem whereas theorem proving can deal with infinite state spaces. Interactive theorem provers allow humans to interact with the provers, which might result in a slow and error-prone process. [3] Edmund M. Clarke, Jeannette M. Wing: Formal Methods: State of the Art and Future Directions   8

Download ppt "Formal Methods: Model Checkers and Theorem Provers"

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Functional Decompositions for Hardware Verification With a few speculations on formal methods for embedded systems Ken McMillan.

Functional Decompositions for Hardware Verification With a few speculations on formal methods for embedded systems Ken McMillan.
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Conclusion Summary Research trends Resources.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Conclusion Summary Research trends Resources.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.

Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
A Survey of Runtime Verification Jonathan Amir 2004.

A Survey of Runtime Verification Jonathan Amir 2004.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Formal Semantics of Programming Languages 虞慧群 Topic 5: Axiomatic Semantics.

Formal Semantics of Programming Languages 虞慧群 Topic 5: Axiomatic Semantics.
What are Formal Verification Methods Mathematically based languages, techniques and tools for specifying and verifying systems Language – Clear unambiguous.

What are Formal Verification Methods Mathematically based languages, techniques and tools for specifying and verifying systems Language – Clear unambiguous.
Model Checking : Making Automatic Formal Verification Scale Shaz Qadeer EECS Department University of California at Berkeley.

Model Checking : Making Automatic Formal Verification Scale Shaz Qadeer EECS Department University of California at Berkeley.
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.

Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.
CS 355 – Programming Languages

CS 355 – Programming Languages
Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (www.dcs.warwick.ac.uk/~doron/notes.html)

Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.
Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.

Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.

Similar presentations

Ads by Google