Presentation is loading. Please wait.

Presentation is loading. Please wait.

Albert M. K. Cheng Real-Time Systems Laboratory University of Houston

Published byΤῑτάν Παππάς Modified over 6 years ago

Similar presentations

Presentation on theme: "Albert M. K. Cheng Real-Time Systems Laboratory University of Houston"— Presentation transcript:

1 Albert M. K. Cheng Real-Time Systems Laboratory University of Houston
Chapter 4: Model Checking for Formal Analysis and Verification of Real-Time Systems Albert M. K. Cheng Real-Time Systems Laboratory University of Houston

2 Correctness of Real-Time Systems
Satisfaction of logical correctness constraints Satisfaction of timing constraints

3 Presentation Outline Model of a real-time system
Specification, analysis, and verification Explicit-state and symbolic model checking

4 A Real-Time System A Sensor input Decision, action X Y D S State

5 Analysis Techniques Simulation Testing Verification
Run-time monitoring

6 Model Checking Is the finite-state graph a model of the temporal
logic formula? Specification represented as a labeled finite-state Graph (Kripke structure) Safety assertion written as temporal logic formula

7 Computation Tree Logic CTL
Propositional, branching-time temporal logic Next-time operator X, Until operator U A(E)X f : f holds in every (some) immediate successor of current state A(E)[f1 U f2] : for every (some) computation path, there exists an initial prefix of the path such that f2 holds at the last state of the prefix and f1 holds at all other states along the prefix

8 Example: Solution to Mutual Exclusion Problem
N1,N2 T1,N2 N1,T2 C1,N2 T1,T2 T1,T2 N1,C2 C1,T2 T1,C2

9 CTL abbreviations AF(f) = A[True U f]:
f holds in the future along every path from the initial state s0, so f is inevitable EG(f) = NOT AF(NOT f) EF(f) = E[True U f]: there is some path from the initial state s0 that leads to a state at which f holds, so f potentially holds AG(f) = NOT EF(NOT f)

10 Representing a Computation Tree Logic (CTL) Formula in Prefix Notation
f = A [ !X U ( Y V Z ) ] = (AU (NOT X) (OR Y Z)) nf[1]: (AU (NOT X) (OR Y Z)) sf[1]: (2 4) nf[2]: (NOT X) sf[2]: (3) nf[3]: X sf[3]: nil nf[4]: (OR Y Z) sf[4]: (5 6) nf[5]: Y sf[5]: nil nf[6]: Z sf[6]: nil

11 Functions Formula f = A [f1 U f2] arg1(f) = first argument of formula f arg2(f) = second argument of formula f labeled(s,f): state s is labeled with formula f add_label(s,f): add label to state s marked(s): state has been marked or visited

12 Explicit-State Model Checking
for (fi=flength; fi >= 1; fi--) labelgraph(fi,s,&correct); labelgraph (fi,s,b) short fi, s; Boolean *b; { short i; switch(nf[fi-1][0].opcode) case atomic: atf(fi,s,b); break; case nt: ntf(fi,s,b); break; case ad: adf(fi,s,b); case ax: axf(fi,s,b); case ex: exf(fi,s,b);

13 Explicit-State Model Checking
case au: for (i=0; i <= numstates; i++) marked[i] = false; if (!marked[i]) auf(fi,s,b); break; case eu: euf(fi,s,b); }

14 function au(f,s,b) if marked(s) then { if labeled(s,f) then {b := true; return} b := false; return} marked(s) := true; if labeled(s, arg2(f)) then { add_label(s,f); b:= true; return} else if !labeled(s, arg1(f)) then { b := false; return } for all s1 in successors(s) do { au(f, s1, b1); if !b1 then { b := false; return } } add_label(s,f); b := true; return.

15 Symbolic Model Checking
Transition relation between the values of the variables in the current and the next states can be stated as a Boolean formula Use Binary Decision Diagrams (BDDs) to present this Boolean formula Apply model checker to finite-state graph represented as BBDs

16 Real-Time CTL Existentially Bounded Until operator:
E[f_1 U[x,y] f_2] at state s_0 means there exists a path beginning at s_0 and some i such that x <= i <= y and f_2 holds at state s_i and forall j < i, f_1 holds at state s_j Min/max delays Min/max number of condition occurrences

Download ppt "Albert M. K. Cheng Real-Time Systems Laboratory University of Houston"

Similar presentations

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.
Model Checking Lecture 1.

Model Checking Lecture 1.
Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
1 Verification of Parameterized Systems Reducing Model Checking of the Few to the One. E. Allen Emerson, Richard J. Trefler and Thomas Wahl Junaid Surve.

1 Verification of Parameterized Systems Reducing Model Checking of the Few to the One. E. Allen Emerson, Richard J. Trefler and Thomas Wahl Junaid Surve.
Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.

Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
1 Computation Tree Logic (CTL). 2 CTL Syntax P - a set of atomic propositions, every p  P is a CTL formula. f, g, CTL formulae, then so are  f, f 

1 Computation Tree Logic (CTL). 2 CTL Syntax P - a set of atomic propositions, every p  P is a CTL formula. f, g, CTL formulae, then so are  f, f 
Planning based on Model Checking Dept. of Information Systems and Applied CS Bamberg University Seminar Paper Svetlana Balinova.

Planning based on Model Checking Dept. of Information Systems and Applied CS Bamberg University Seminar Paper Svetlana Balinova.
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.

François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.

Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.
卜磊 Transition System. Part I: Introduction  Chapter 0: Preliminaries  Chapter 1: Language and Computation Part II: Models  Chapter.

卜磊 Transition System. Part I: Introduction  Chapter 0: Preliminaries  Chapter 1: Language and Computation Part II: Models  Chapter.
SYMBOLIC MODEL CHECKING: 10 20 STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.

SYMBOLIC MODEL CHECKING: STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.
CS 267: Automated Verification Lecture 7: SMV Symbolic Model Checker, Partitioned Transition Systems, Counter-example Generation in Symbolic Model Checking.

CS 267: Automated Verification Lecture 7: SMV Symbolic Model Checker, Partitioned Transition Systems, Counter-example Generation in Symbolic Model Checking.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar D D.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar D D.

Similar presentations

Ads by Google