Download presentation
Presentation is loading. Please wait.
Published byYahir Grissom Modified over 9 years ago
1
M ODEL CHECKING -Vasvi Kakkad University of Sydney
2
I NTRODUCTION Most complicated systems routinely built today – difficult to get right Failures are costly Verification techniques needed 2 Model Checking
3
I NTRODUCTION Formal Verification Apply mathematical arguments to prove the correctness of the system Aims to find bugs in the system and aim to correct 3 Model Checking
4
F ORMAL V ERIFICATION Build a mathematical model of system Write correctness requirements Analysis – Check that model satisfies specifications Verification – Analysis either proves or disproves the correctness claim 4 Model Checking
5
M ODEL C HECKING Model Checking Technique for automated correctness verification of safety critical reactive systems. More generally Algorithmic analysis to check that a model satisfies a specified property Checks automatically whether a given formula holds in a given model 5 Model Checking
6
A PPLICATIONS Electrical Circuits Communication protocols Digital Controller Program Analysis – e.g. Java Path Finder 6 Model Checking
7
M OTIVATION Software/Hardware system – Specification Language Requirements – Temporal Logic State Space generated from the specification Algorithm returns yes, if the property holds for model returns no + counterexample, otherwise 7 Model Checking
8
P ROCESS OF M ODEL C HECKING 3 Steps Modeling Specification Verification 8 Model Checking
9
S TEP 1 : M ODELING 9 Model Checking
10
M ODELING Convert the system into a formalism – finite automata Limitation on Time and Space – Use abstraction Model a System using Kripke Structure - State Transition Graph 10 Model Checking
11
K RIPKE S TRUCTURE Structure over a set of atomic propositions M = (S, S0, R, L) S = Finite Set of States S0 S is the Set of Initial States R : S X S is a Transition Relation L : S 2 AP – Function labels each state with set of atomic propositions true in that state 11 Model Checking
12
E XAMPLE : M ICRO - OVEN C OOKING Modeling with Kripke structure M(S, S0, R, L) S = {S1, S2, S3, S4} S0 = S1 – initial state R = ({S1, S2}, {S2, S1}, {S1, S4}, {S4, S2}, {S2, S3}, {S3, S3}, {S3, S2}) L(S1) = {¬ close, ¬ start, ¬ cooking} L(S2) = { close, ¬ start, ¬ cooking} L(S3) = { close, start, cooking} L(S4) = {¬ close, start, ¬ cooking} 12 Model Checking
13
G RAPH OF K RIPKE S TRUCTURE 13 Model Checking
14
S TEP 2 : S PECIFICATION 14 Model Checking
15
S PECIFICATION Specification – Property which model needs to satisfy Can be described in Temporal Logic Temporal Logic - Two ways LTL ( Linear Temporal Logic) CTL (Computation Tree Logic) 15 Model Checking
16
C OMPARISON : LTL V / S CTL Checks temporal operators along single path Counter examples are easy Nice automata theoretic algorithm Analyzing data flow problems in Imperative language Branching time logic Operators should be preceded by path quantifiers More efficient Amenable to Symbolic techniques Analyzing reactive systems LTLCTL 16 Model Checking
17
O PERATORS FOR T EMPORAL L OGIC X – Next State F – In the Future G – Globally U – Until A – Always/All path E – Exists Basic TemporalPath Quantifiers 17 Model Checking
18
T EMPORAL OPERATORS Temporal operators: Gp Fp Xp pUq 18 Model Checking
19
CTL CTL operator: path quantifier + temporal operator Universal formulas: AX f, A(f U g), AG f, AF f Existential formulas: EX f, E(f U g), EG f, EFf 19 Model Checking
20
T EMPORAL P ROPERTIES UniversalExistential SafetyAGpEGp livenessAFpEFp Safety – Something Bad Never Happens Liveness – Something Good Eventually Happens 20 Model Checking
21
E XAMPLE : M ICRO - OVEN COOKING Specification with CTL AG ( Start AF Cooking) AG (Close ^ Start ) AF Cooking 21 Model Checking
22
S TEP 3 : V ERIFICATION 22 Model Checking
23
V ERIFICATION Temporal Logic Formula Finite State Model 23 Model Checking
24
V ERIFICATION Temporal Logic Formula Finite State Model Model Checker 24 Model Checking
25
V ERIFICATION Temporal Logic Formula Finite State Model Model Checker Counter Example OK Verification 25 Model Checking
26
E XAMPLE : M ICRO - OVEN COOKING AG ( START AF COOKING ) Convert to Negative Normal Form ¬EF (start ^ EG ¬cooking)) S(start) = {S3, S4} S( ¬cooking) = {S1, S2, S4} S(EG ¬cooking) = {S1, S2, S4} S(start ^ EG ¬cooking) = {S4} S(EF(start ^ EG ¬cooking)) = {S1, S2, S3, S4} S(¬ EF(start ^ EG ¬cooking)) = {} 26 Model Checking
27
G RAPH OF K RIPKE S TRUCTURE 27 Model Checking
28
P ROBLEM W ITH LTL M ODEL C HECKING State Space Explosion problem Number of states typically grows exponentially in the number of process 28 Model Checking
29
M AJOR T ECHNIQUES Based on Symbolic Structure Based on Automata Theory Other Models – Alternative methods 29 Model Checking
30
S YMBOLIC M ODEL C HECKING o Symbolic model checking uses Binary Decision Diagrams ( BDDs ) to represent the model as sets of states BDD Data structure for representing Boolean function Often concise in memory Canonical representation Boolean operation can be done in polynomial time in the BDD size 30 Model Checking
31
BDD IN M ODEL C HECKING Every set A can be represented by its characteristic function 1 if u A f A (u) = 0 if u A If the elements of A are encoded by sequences over {0,1} n then f A is a Boolean function and can be represented by a BDD 31 Model Checking
32
a b c 10 c 11 b c 11 b cc b 0110 a b cc 1110 ccc BDD FOR F ( A, B, C ) = ( A B ) C Decision tree a b c 10 BDD 32 Model Checking
33
S UMMARY Model Checking – Automated Verification technique Hardware/Software model – Kripke Structure Specification – Temporal Logic (LTL, CTL) Verification (Model Checking) algorithm State Space Explosion Problem Solution : Symbolic Model Checking - BDD 33 Model Checking
34
T HANK Y OU... 34 Model Checking
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.