Presentation is loading. Please wait.

Presentation is loading. Please wait.

What is the SMV (Symbolic Model Verifier) System ?

Published byClement Andrews Modified over 6 years ago

Similar presentations

Presentation on theme: "What is the SMV (Symbolic Model Verifier) System ?"— Presentation transcript:

1 What is the SMV (Symbolic Model Verifier) System ?
MAR. 14, 2005 Kwang Yong Koh Dept. of Nuclear and Quantum Engineering KAIST

2 CONTENTS Introduction Model Checking FSM (Finite State Machine)
CTL (Computation Tree Logic) SMV (Symbolic Model Verifier) Summary Further Work Reference

3 INTRODUCTION H/S System Formal Specification Language
Increase of complexity and size => Error incidence is increasing. => Formal Method is being emphasized. Formal Specification Language Mathematical Logic Propositional Logic First Order Logic First Order Logic with Equality High Order Logic Temporal Logic Real-time Logic Linear Logic Graphical Notations FSM I/O Automata Hybrid Automata Statechart

4 INTRODUCTION (Cont’d)
Formal Verification Methods Model-based Simulation and Testing Deductive methods Model Checking

5 MODEL CHECKING Basic Procedure Strength & Weakness
System description as FMS Property description (should be verified) as CTL Automatic verification of the property (should be verified) through the exhaustive search against state space Strength & Weakness Automatic execution of verification, and Fast Counter example generation No problem with partial specification Logics can easily express many concurrency properties But, state explosion problem Too many states Data paths => Much progress has been made on this problem recently - using BDD, more than 10^ state can be verified. State space : a set of all possible state between IS and GS state space search : generate new states from the current state using the applicable operators and test if new states match with the goal state.

6 MODEL CHECKING (Cont’d)
Classification Temporal Logic Model Checker Murphi(1992), SMV(1993), Concurrency Workbench(1993), SVE(1994), FORMAT(1995), Kronos(1995), SPIN(1995), HyTech(1996) Behavior Conformance Model Checker Concurrency Workbench(1993), FDR(1994), Cospan/Formal Check System(1996) Combination Model Checker HSIS(1993), STeP(1996), VIS(1996), METAFrame(1996)

7 MODEL CHECKING (Cont’d)
Model Checker S/W tool Kripke model M and property Φ, determine M l= Φ If property is satisfied, return to YES Otherwise, return to NO and generate counter example temporal logic formula YES! NO! counterexample! finite state model G(p->Fq) Model Checker q p

8 FINITE STATE MACHINE Definition : A model of computation consisting of a set of states, a start state, an input alphabet, and a transition function that maps input symbols and current states to a next state. Procedure : Computation begins in the start state with an input string. It changes to new states depending on the transition function. Specialization : There are many variants, machines having actions (outputs) associated with transitions (Mealy machine) or states (Moore machine), multiple start states, transitions conditioned on no input symbol (a null) or more than one transition for a given symbol and state (nondeterministic finite state machine), etc.

9 FINITE STATE MACHINE (Cont’d)
Mealy machine Current state and input affect Output Combinational network , input, output, next state, state register

10 FINITE STATE MACHINE (Cont’d)
Moore machine Only current state affects output

11 COMPUTAION TREE LOGIC Temporal Logic
Is a special type of Modal Logic, a branch of philosophy. Provides a formal system for qualitatively describing and reasoning about how the truth values of assertions change over time. Is a useful formalism for specifying and verifying correctness of computer programs (Pnueli 1978) Two possible view regarding the underlying nature of time Linear-time Logic the semantics of the time structure is linear temporal modalities describe events along a single time line Linear Temporal Logic (LTL) Branching-time Logic the time has a branching, tree-like nature the temporal modalities reflect the branching nature of time Computation Tree Logic (CTL) LTL and CTL are the two most commonly used temporal logics in model checking tools. Modal logic is a form of logic that deals with sentences that are qualified by modalities such as possibly, necessarily, contingently, actually, can, could, might, may, must, ought, and others.

12 COMPUTAION TREE LOGIC (Cont’d)
Computation Tree Logic (CTL) Each operator of the logic has two parts: Path quantifier: A - “for every path” E - “there exists a path” State quantifier: FP - P will hold someday (at least once) GP - P will always be in the future XP - P holds next state P U q - P holds until q holds GF(F ∞) - infinitely often FG(G ∞) - all the time from a certain time onwards Typical CTL formulas EF P : It is possible to have P someday. AF P : It is necessary to have P someday. EG P : There exists a path along which P always holds. AG P : P is always true. All the paths from the current state satisfy property  .

13 COMPUTAION TREE LOGIC (Cont’d)

14 SYMBOLIC MODEL VERIFIER
Definition The SMV system is a tool for checking finite state systems against specifications in the temporal logic CTL. Feature Developed by K. L. McMillan Input language allows the description of finite state systems. System can be specified as a synchronous Mealy machine, or as an asynchronous network. Symbolic representation of states and transitions Properties : CTL formulae Counter example : powerful debugging

15 SYMBOLIC MODEL VERIFIER (Cont’d)
Strength Automatic and exhaustive search Easy to use CTL allows a rich class of temporal properties, including safety, liveness, fairness and deadlock freedom and so on, to be specified in a concise syntax.

16 SYMBOLIC MODEL VERIFIER (Cont’d)
Reachability Properties Definition : Some particular situation can be reached. EF  : there exists a path from the current state along which some state satisfied . Safety Properties Definition : Under certain conditions, an event never occurs. Without condition : AGㄱ AGㄱoverflow : memory overflow will never occur. With condition : AㄱU Aㄱstarts U key : as long as the key is not inserted, the car won’t start. Liveness Properties Definition : Under certain conditions, some event will ultimately occur. Simple liveness - progress Repeated liveness - fairness EF combinator is the representative example which can achieve.

17 SYMBOLIC MODEL VERIFIER (Cont’d)
Fairness Properties Definition : Under certain conditions, an event will occur infinitely often. A F∞ P (=AG AFP) A F ∞ gate raised : the gate will be raised infinitely often. Deadlock-freeness Definition : The system can never be in a situation in which no progress is possible. AGEX true : whatever the state reached may be (AG), there will exist an immediate successor state ( Ex true). Actually the symbol of infinity should be on the top of F. But because it can’t be expressed like that, so I wrote it like this. F ∞ means “infinitely often”. AF ∞ P is equivalent to AG AFP

18 SYMBOLIC MODEL VERIFIER (Cont’d)
SMV language Module Module name VAR Variable declaration Boolean, scalar, Bounded Integer and so on ASSIGN Initial and next value of variables DEFINE Macros TRANS Constraint on system’s transition relation SPEC Property to check

19 SYMBOLIC MODEL VERIFIER (Cont’d)
MODULE main VAR state : {s0, s1, s2}; ASSIGN init(state) := s0; next(state) := case state=s0 : s1; state=s1 : s2; state=s2 : {s2, s0}; 1 : state; esac; DEFINE p := state=s0; q := state=s2; SPEC AG(p  AFq) SPEC AG AF p  true  false Counter example : s0,s1,s2,s2,s2… SMV code

20 SUMMARY Formal Method - Emphasized
Model checking - Formal verification method System description as FMS Property description as CLT Automatic execution of verification, and Counter example generation But, state explosion problem FSM - State and transition function CTL - Branching-time Logic Path quantifier (A, E) State quantifier (F, G, X, U) SMV system - Model checking method Rich class of temporal properties in a concise syntax - reachability (EF), safety (AGㄱ, AㄱU), liveness, fairness (A F∞ P) and deadlock freedom (AGEX true) Automatic and exhaustive search Easy to use SMV system is a tool for checking finite state systems against specifications in the temporal logic CTL. CTL allows a rich class of temporal properties, including safety, liveness, fairness and deadlock freedom and so on, to be specified in a concise syntax.

21 Further work To study on other formal verification methods (especially, temporal logic model checker) SPIN KRONOS HYTECH Comparison Find out merit or demerit of each of them in following two presentation

22 REFERENECE www.wordiq.com http://mind.kaist.ac.kr/6_cour/ai2002/ss.pdf
NuSCR and NuSRS Tutorial Myungjun Song , “Development of a Verification Method for the FBD-style Design Specification Using ESTD and SMV” K. L. McMillan, “The SMV system for SMV version ”, Nov. 6, 2000 M. Bidoit, et al. , “System and Software Verification” Tirumale Sreemani and Joanne M. Atlee, “Feasibility of Model Checking Software Requirements”, COMPASS 96 (11th Annual Conference on Computer Assurance), June 1996. J. B Yoo, S. D. Cha, “A Formal Software Requirement specification method for Digital Plants protection System”, KAIST CS/TR , 2003

Download ppt "What is the SMV (Symbolic Model Verifier) System ?"

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.
Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.

Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.

Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.

François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.
CS6133 Software Specification and Verification

CS6133 Software Specification and Verification
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
Timed Automata.

Timed Automata.
Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.

Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.
卜磊 Transition System. Part I: Introduction  Chapter 0: Preliminaries  Chapter 1: Language and Computation Part II: Models  Chapter.

卜磊 Transition System. Part I: Introduction  Chapter 0: Preliminaries  Chapter 1: Language and Computation Part II: Models  Chapter.

Similar presentations

Ads by Google