Presentation is loading. Please wait.

Presentation is loading. Please wait.

SS 2017 Software Verification LTL monitoring

Published byGwendolyn Goodwin Modified over 6 years ago

Similar presentations

Presentation on theme: "SS 2017 Software Verification LTL monitoring"— Presentation transcript:

1 SS 2017 Software Verification LTL monitoring
Prof. Dr. Holger Schlingloff 1,2 Dr. Esteban Pavese 1 (1) Institut für Informatik der Humboldt Universität (2) Fraunhofer Institut für offene Kommunikationssysteme FOKUS

2 Recap What is an ω-regular language?
Can you give an ω-regular expression for the following language over the alphabet {a,b}: finitely many a’s infinitely many a’s between any two adjacent a’s there is a b What is a Büchi-automaton? Give Büchi-automata for the above languages! Are Büchi-automata closed under union, intersection, concatenation, complementation, determinisation? Is emptyness of Büchi-automata decidable? What is a Muller-automaton?

3 Fairness in LTL and CTL As we have seen, LTL can express reactivity properties (“infinitely many requests lead to infinitely many replies”) Thus, LTL can encode Büchi acceptance conditions (with additional propositions): (FG s1  ...  FG sn) Thus, a model checker for LTL on Kripke structures can be used to check LTL on Büchi automata again, modulo state/transition markings CTL can not express fairness However, often we would like to restrict attention to fair paths only Model checking CTL on (computation trees of) Büchi automata?

4 Fairness in nuSMV A fairness constraint restricts the attention only to fair execution paths. When evaluating specifications, the model checker considers path quantifiers to apply only to fair paths. NuSMV supports two types of fairness constraints, namely justice constraints and compassion constraints. A justice constraint consists of a formula f which is assumed to be true infinitely often in all the fair paths. In NuSMV justice constraints are identified by keywords JUSTICE and, for backward compatibility, FAIRNESS. A compassion constraint consists of a pair of formulas (p,q); if property p is true infinitely often in a fair path, then also formula q has to be true infinitely often in the fair path. In NuSMV compassion constraints are identified by keyword COMPASSION.(3) Fairness constraints are declared using the following syntax: fairness_declaration :: "FAIRNESS" simple_expr [";"] | "JUSTICE" simple_expr [";"] | "COMPASSION" "(" simple_expr "," simple_expr ")" [";"] “running” is a shortcut for all transitions in the current module A path is considered fair if and only if it satisfies all the constraints declared in this manner.

5 A Hilbert-style axiom system for LTL
(PL) all propositionally valid formulas (K) ⊢ (X(φ)(XφX)) (U) ⊢ (X¬ φ¬X φ) (D) ⊢ (¬X φ X¬ φ) (Rec) ⊢ (X(  φ  (φU+))  (φU+)) (N) φ ⊢ X φ (MP) φ, (φ  ) ⊢  (Ind) (X(  (φ  ))  ) ⊢((φU+)  ) (Rec) ⊢ ((φW + )  X (  φ  (φW + )) (Ind) (  X(  (φ  ))) ⊢ (  (φW+)) (Rec) ⊢ (G+φ  X(φ G+φ)) (Ind) (  X(φ  )) ⊢ (  G+φ)

6 Valid (Derivable) LTL Properties
⊢ ((Xφ  X)  X(φ  )) ⊢ (G+(φ  )  (G+φ  G+)) ⊢ ((F+φ  F+)  F+(φ  )) ⊢ ((G+φ  F+)  F+(φ  )) ⊢ ((G+F+φ  G+F+)  G+F+(φ  F+)) ⊢ (G+(φ  X+φ)  (φ  G+φ)) ⊢ (F+φ  X(φ  F+φ)) ⊢ (F+φ  (Xφ  XF+φ)) ⊢ (G+φ  X(φ  G+φ)) ⊢ (G+φ  (Xφ  XG+φ)) ⊢ ((φ U+ )  X(  (φ  (φ U+ )))) ⊢ ((φ W+ )  X(  (φ  (φ W+ ))))

7 Model checking Given a model M and a formula φ, model checking is answering the question whether M ⊨ φ somewhat easier than checking validity or satisfiability of φ usually easier than checking ⊨ φMφ sometimes easier than checking L(M)  L(φ) or ML(φ) Several variants, depending on the logic and the way the model is given e.g., consider PL and a lookup truth table for propositions  linear in |φ| e.g., consider FOL and a „computation engine“ for predicates in general model checking is an undecidable problem Here, LTL and CTL are of interest

8 Monitoring LTL We want to check whether M ⊨ φ
φ is a LTL formula (for simplicity, excluding past) M is a natural model or sequence of proposition interpretations if M is finite, then the problem is easy (exercise!) M ⊨ φ iff check(M,0,φ) = true check(M,i,p) = true iff pM(i) check(M,i, )=false check(M,i, (φψ)) = true iff check(M,i,φ) implies check(M,i, ψ) check(M,i, (φU+ψ)) = true iff for some j>i, check(M,j,ψ) = true and for all i<k<j, check(M,k,φ) = true better: check(M,i, φU+ψ) = i+1<|M| and check(M,i+1, (ψφφU+ψ))

Download ppt "SS 2017 Software Verification LTL monitoring"

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.

Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.
Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.
CS6133 Software Specification and Verification

CS6133 Software Specification and Verification
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar D D.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar D D.
Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking.

Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking.
1 Temporal Logic u Classical logic:  Good for describing static conditions u Temporal logic:  Adds temporal operators  Describe how static conditions.

1 Temporal Logic u Classical logic:  Good for describing static conditions u Temporal logic:  Adds temporal operators  Describe how static conditions.
29.4.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.

Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.
6.5.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt.

Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt.
Witness and Counterexample Li Tan Oct. 15, 2002.

Witness and Counterexample Li Tan Oct. 15, 2002.
Review of the automata-theoretic approach to model-checking.

Review of the automata-theoretic approach to model-checking.
Embedded Systems Laboratory Department of Computer and Information Science Linköping University Sweden Formal Verification and Model Checking Traian Pop.

Embedded Systems Laboratory Department of Computer and Information Science Linköping University Sweden Formal Verification and Model Checking Traian Pop.
ESE601: Hybrid Systems Introduction to verification Spring 2006.

ESE601: Hybrid Systems Introduction to verification Spring 2006.
Witness and Counterexample Li Tan Oct. 15, 2002.

Witness and Counterexample Li Tan Oct. 15, 2002.
Automata and Formal Lanugages Büchi Automata and Model Checking Ralf Möller based on slides by Chang-Beom Choi Provable Software Lab, KAIST.

Automata and Formal Lanugages Büchi Automata and Model Checking Ralf Möller based on slides by Chang-Beom Choi Provable Software Lab, KAIST.

Similar presentations

Ads by Google