Presentation is loading. Please wait.

Presentation is loading. Please wait.

Model Checking Lecture 5. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Model Checking Lecture 5. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking."— Presentation transcript:

1 Model Checking Lecture 5

2 Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking 3Symbolic algorithms for model checking 4Pushdown systems

3 From Finite to Inifinite-State Systems So far, algorithms for systems with finite state spaces Sources of infinite-state –Control: recursion –Data: unbounded numeric variables, lists –Time: Systems with real-time clocks –Parameters: arbitrary number of participating processes

4 From Finite to Inifinite-State Systems So far, algorithms for systems with finite state spaces Sources of infinite-state –Control: recursion –Data: unbounded numeric variables, lists –Time: Systems with real-time clocks –Parameters: arbitrary number of participating processes

5 Decidability vs. Expressiveness Unbounded state  Undecidable Is the unbounded system able to encode a Turing machine? –Single-counter machines? NO –Two-counter machines? YES –Single-stack machines? NO –Two-stack machines? YES

6 From Finite to Inifinite-State Systems So far, algorithms for systems with finite state spaces Sources of infinite-state –Control: recursion –Data: unbounded numeric variables, lists –Time: Systems with real-time clocks –Parameters: arbitrary number of participating processes

7 State representation Explicit representation infeasible Symbolic representation is the key –For the transition system –For the reachable states

8 Pushdown systems (G, L, g 0, l 0,  ) g, h  G : finite set of control states l, m  L : finite set of stack symbols g 0 : initial control state l 0 : initial stack symbol  : set of transitions

9 Three kinds of transitions: (g, l)  (h, m) (step) (g, l)  (h, m n) (call) (g, l)  (h,  ) (return) Configuration: g, l l  h, m g, l  h, n m g, l  h,

10 Modeling sequential programs An element in G is a valuation to global variables An element in L is a valuation to local variables and –current instruction address for the frame at the top of the stack –return instruction address for the other frames

11 Example bool a = F; void main( ) { L1: a = T; L2: flip(a); L3: } void flip(bool x) { L4: a = !x; L5: } (F,  ) (F,  _, L3  ) (F,  _, L3   T, L5  ) (T,  _, L3   T, L4  ) (T,  _, L2  ) (F,  _, L1  ) (a,  x, pc  )

12 Reachability problem Given pushdown system (G, L, g 0, l 0,  ) and control state g, does there exist a stack ls  L* such that (g 0, l 0 )  * (g, ls)?

13 Naïve algorithm Add (g 0, l 0 ) to R (g, ls)  R (g, ls)  (g’, ls’) Add (g’, ls’) to R

14 R is unbounded so algorithm won’t terminate Two solutions: –Summary-based (a.k.a. interprocedural dataflow analysis) –Automata-based Problem with the naïve algorithm

15 E(g, l, h, m) (step edges) E + (g, l, h, nm) (call edges) E - (g, l, h) (pop edges) Initially: Algorithm I E(g 0, l 0, g 0, l 0 ) E+ is empty E- is empty

16 Step rule E(g, l, h, m) (h, m)  (h’, m’) E(g, l, h’, m’)

17 Call rule E(g, l, h, m) (h, m)  (h’, n’m’) E + (g, l, h’, n’m’) E(h’, n’, h’, n’)

18 Return rule E(g, l, h, m) (h, m)  (h’,  ) E - (g, l, h’)

19 Summary rule E + (g, l, h, nm) E - (h, n, h’) E(g, l, h’, m)

20 int g = 0 main() { L0: incr() L1: g = 0 L2: incr() L3: } incr() { L4: g = g+1 L5: } E(0, L0, 0, L0) E + (0, L0, 0, L4·L1) E(0, L4, 0, L4) E(0, L4, 1, L5) E - (0, L4, 1) E(0, L0, 1, L1) E(0, L0, 0, L2) E + (0, L0, 0, L4·L3) E(0, L0, 1, L3) E - (0, L0, 1)

21 int g = 0 main() { L0: if (*) L1: foo(0) else L2: foo(1) L3: assert(g > 0) L4: } foo(r) { L5: if (r = 0) L6: foo(r) else L7: g = g + 1 L8: } E(0, L0, 0, L0) E + (0, L0, 0,  L5,0  ·L3) E(0,  L5,0 , 0,  L5,0  ) E(0,  L5,0 , 0,  L6,0  ) E(0, L0, 0, L1) E(0, L0, 0, L2) E + (0, L0, 0,  L5,1  ·L3) E(0,  L5,1 , 0,  L5,1  ) E(0,  L5,1 , 0,  L7,1  ) E(0,  L5,1 , 1,  L8,1  ) E - (0,  L5,1 , 1) E(0, L0, 1, L3) E(0, L0, 1, L4) E - (0, L0, 1) E + (0,  L5,0 , 0,  L5,0  ·  L8,0  )

22 Reachability problem Given pushdown system (G, L, g 0, l 0,  ) and control state g, does there exist a stack ls such that (g 0, l 0 )  * (g, ls)? Algorithm I: Summary-based Yes, if E(g’, l’, g, l) for some g’, l’, and l. No, otherwise.

23 Algorithm II Add (g 0, l 0 ) to R (g, ls)  R (g, ls)  (g’, ls’) Add (g’, ls’) to R Key idea: Use a finite automaton to symbolically represent R

24 Symbolic representation Pushdown system (G, L, g 0, l 0,  ) Representation automaton (Q, L, T, G, F) - Q (  G) is the set of states - L is the alphabet - T is the transition relation - G is the set of initial states - F is the set of final states

25 gs1s1 s2s2 l l m h m Represents the set of configurations: { (h, m), (g, l m* l) } A set C of configurations is regular if it is representable by an automaton Theorem (Buchi) : The set of configurations reachable from a regular set is also regular.

26 Pushdown system: (G, L, g 0, l 0,  ) - G = {g 0, g 1, g 2 } - L = {l 0, l 1, l 2 } - (g 0, l 0 )  (g 1, l 1 l 0 ) (g 1, l 1 )  (g 2, l 2 l 0 ) (g 2, l 2 )  (g 0, l 1 ) (g 0, l 1 )  (g 0,  ) g0g0 l0l0 s0s0

27 Pushdown system: (G, L, g 0, l 0,  ) - G = {g 0, g 1, g 2 } - L = {l 0, l 1, l 2 } - (g 0, l 0 )  (g 1, l 1 l 0 ) (g 1, l 1 )  (g 2, l 2 l 0 ) (g 2, l 2 )  (g 0, l 1 ) (g 0, l 1 )  (g 0,  ) g0g0 l0l0 s0s0 g1g1 g2g2

28 Pushdown system: (G, L, g 0, l 0,  ) - G = {g 0, g 1, g 2 } - L = {l 0, l 1, l 2 } - (g 0, l 0 )  (g 1, l 1 l 0 ) (g 1, l 1 )  (g 2, l 2 l 0 ) (g 2, l 2 )  (g 0, l 1 ) (g 0, l 1 )  (g 0,  ) g0g0 l0l0 s0s0 g1g1 g2g2 s 1,1 l1l1 s 2,2 l2l2

29 Pushdown system: (G, L, g 0, l 0,  ) - G = {g 0, g 1, g 2 } - L = {l 0, l 1, l 2 } - (g 0, l 0 )  (g 1, l 1 l 0 ) (g 1, l 1 )  (g 2, l 2 l 0 ) (g 2, l 2 )  (g 0, l 1 ) (g 0, l 1 )  (g 0,  ) g0g0 l0l0 s0s0 g1g1 g2g2 s 1,1 l0l0 l1l1 s 2,2 l2l2

30 Pushdown system: (G, L, g 0, l 0,  ) - G = {g 0, g 1, g 2 } - L = {l 0, l 1, l 2 } - (g 0, l 0 )  (g 1, l 1 l 0 ) (g 1, l 1 )  (g 2, l 2 l 0 ) (g 2, l 2 )  (g 0, l 1 ) (g 0, l 1 )  (g 0,  ) g0g0 l0l0 s0s0 g1g1 g2g2 s 1,1 l0l0 l1l1 s 2,2 l2l2 l0l0

31 Pushdown system: (G, L, g 0, l 0,  ) - G = {g 0, g 1, g 2 } - L = {l 0, l 1, l 2 } - (g 0, l 0 )  (g 1, l 1 l 0 ) (g 1, l 1 )  (g 2, l 2 l 0 ) (g 2, l 2 )  (g 0, l 1 ) (g 0, l 1 )  (g 0,  ) g0g0 l0l0 s0s0 g1g1 g2g2 s 1,1 l0l0 l1l1 s 2,2 l2l2 l0l0 l1l1

32 Pushdown system: (G, L, g 0, l 0,  ) - G = {g 0, g 1, g 2 } - L = {l 0, l 1, l 2 } - (g 0, l 0 )  (g 1, l 1 l 0 ) (g 1, l 1 )  (g 2, l 2 l 0 ) (g 2, l 2 )  (g 0, l 1 ) (g 0, l 1 )  (g 0,  ) g0g0 l0l0 s0s0 g1g1 g2g2 s 1,1 l0l0 l1l1 s 2,2 l2l2 l0l0 l1l1 

33 Pushdown system: (G, L, g 0, l 0,  ) - G = {g 0, g 1, g 2 } - L = {l 0, l 1, l 2 } - (g 0, l 0 )  (g 1, l 1 l 0 ) (g 1, l 1 )  (g 2, l 2 l 0 ) (g 2, l 2 )  (g 0, l 1 ) (g 0, l 1 )  (g 0,  ) g0g0 l0l0 s0s0 g1g1 g2g2 s 1,1 l0l0 l1l1 s 2,2 l2l2 l0l0 l1l1  l0l0

34 Pushdown system: (G, L, g 0, l 0,  ) - G = {g 0, g 1, g 2 } - L = {l 0, l 1, l 2 } - (g 0, l 0 )  (g 1, l 1 l 0 ) (g 1, l 1 )  (g 2, l 2 l 0 ) (g 2, l 2 )  (g 0, l 1 ) (g 0, l 1 )  (g 0,  ) g0g0 l0l0 s0s0 g1g1 g2g2 s 1,1 l0l0 l1l1 s 2,2 l2l2 l0l0 l1l1  l0l0 { (g 0, l 0  l 0 l 0 +  l 1 l 0 l 0 + ), (g 1, l 1 l 0 + ), (g 2, l 2 l 0 l 0 + ) }

Download ppt "Model Checking Lecture 5. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking."

Similar presentations

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Siddharth Srivastava, Shlomo Zilberstein, Neil Immerman University of Massachusetts Amherst Hector Geffner Universitat Pompeu Fabra.

Siddharth Srivastava, Shlomo Zilberstein, Neil Immerman University of Massachusetts Amherst Hector Geffner Universitat Pompeu Fabra.
Equivalence of Extended Symbolic Finite Transducers Presented By: Loris D’Antoni Joint work with: Margus Veanes.

Equivalence of Extended Symbolic Finite Transducers Presented By: Loris D’Antoni Joint work with: Margus Veanes.
C O N T E X T - F R E E LANGUAGES ( use a grammar to describe a language) 1.

C O N T E X T - F R E E LANGUAGES ( use a grammar to describe a language) 1.
CS412/413 Introduction to Compilers Radu Rugina Lecture 37: DU Chains and SSA Form 29 Apr 02.

CS412/413 Introduction to Compilers Radu Rugina Lecture 37: DU Chains and SSA Form 29 Apr 02.
Bebop: A Symbolic Model Checker for Boolean Programs Thomas Ball Sriram K. Rajamani

Bebop: A Symbolic Model Checker for Boolean Programs Thomas Ball Sriram K. Rajamani
Timed Automata.

Timed Automata.
Pushdown Automata Chapter 12. Recognizing Context-Free Languages Two notions of recognition: (1) Say yes or no, just like with FSMs (2) Say yes or no,

Pushdown Automata Chapter 12. Recognizing Context-Free Languages Two notions of recognition: (1) Say yes or no, just like with FSMs (2) Say yes or no,
From Monotonic Transition Systems to Monotonic Games Parosh Aziz Abdulla Uppsala University.

From Monotonic Transition Systems to Monotonic Games Parosh Aziz Abdulla Uppsala University.
A Fixpoint Calculus for Local and Global Program Flows Swarat Chaudhuri, U.Penn (with Rajeev Alur and P. Madhusudan)

A Fixpoint Calculus for Local and Global Program Flows Swarat Chaudhuri, U.Penn (with Rajeev Alur and P. Madhusudan)
Pushdown Systems Koushik Sen EECS, UC Berkeley Slide Source: Sanjit A. Seshia.

Pushdown Systems Koushik Sen EECS, UC Berkeley Slide Source: Sanjit A. Seshia.
Regular Model Checking Parosh Aziz Abdulla Uppsala University Cooperation with B. Jonsson, M. Nilsson, J. d’Orso.

Regular Model Checking Parosh Aziz Abdulla Uppsala University Cooperation with B. Jonsson, M. Nilsson, J. d’Orso.
Review of topics Final exam : -May 2nd to May 7 th - Projects due on May 7th.

Review of topics Final exam : -May 2nd to May 7 th - Projects due on May 7th.
Summarizing Procedures in Concurrent Programs Shaz Qadeer Sriram K. Rajamani Jakob Rehof Microsoft Research.

Summarizing Procedures in Concurrent Programs Shaz Qadeer Sriram K. Rajamani Jakob Rehof Microsoft Research.
CS21 Decidability and Tractability

CS21 Decidability and Tractability
1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.
Introduction to Computability Theory

Introduction to Computability Theory
1 Introduction to Computability Theory Lecture7: PushDown Automata (Part 1) Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture7: PushDown Automata (Part 1) Prof. Amos Israeli.
1 91.304 Foundations of (Theoretical) Computer Science Chapter 2 Lecture Notes (Section 2.2: Pushdown Automata) Prof. Karen Daniels, Fall 2009 with acknowledgement.

Foundations of (Theoretical) Computer Science Chapter 2 Lecture Notes (Section 2.2: Pushdown Automata) Prof. Karen Daniels, Fall 2009 with acknowledgement.
Scheduling Using Timed Automata Borzoo Bonakdarpour Wednesday, April 13, 2005 Selected Topics in Algorithms and Complexity (CSE960)

Scheduling Using Timed Automata Borzoo Bonakdarpour Wednesday, April 13, 2005 Selected Topics in Algorithms and Complexity (CSE960)

Similar presentations

Ads by Google