Download presentation
Presentation is loading. Please wait.
1
State-Event Software Verification for Branching-Time Specifications Sagar Chaki, Ed Clarke, Joel Ouaknine, Orna Grumberg Natasha Sharygina, Tayssir Touili, Helmut Veith
2
Software Model-Checking Challenge in computer science Tools: SLAM, BLAST, MAGIC,… Counter-Example Guided Abstraction Refinement (CEGAR)
3
CEGAR Verification Yes System OK Abstraction Model Counterexample Valid? Yes No Counterexample Abstraction Refinement No Spurious Counterexample Property
4
Limitation of CEGAR applications Verification Yes System OK Predicate Abstraction Counterexample Valid? Abstraction Refinement Yes No Counterexample No branching time properties LTL formula Abstraction Model Property
5
Verification Yes System OK Predicate Abstraction Counterexample Valid? Abstraction Refinement Yes No Counterexample LTL formula Abstraction Model Our Goal: Extension to branching-time properties Branching-time formula
6
First Problem CEGAR cannot be applied to general branching-time logics
7
What are counterexamples? property φ S φ universal
8
LTL: universal logic Describes events along a single path G(Req→ F Ack) S ╞ φ iff all the paths of S ╞ φ CEGAR natural for LTL ¬(S ╞ φ) iff exists one path p of S ¬( p╞ φ) p: Counterexample
9
Branching-time properties are not universal Existential operator: AG(EF Restart) CEGAR → Define a universal Branching-time logic
10
Verification Yes System OK Predicate Abstraction Counterexample Valid? Abstraction Refinement Yes No Counterexample Abstraction Model Our Goal: Extension to branching-time properties Branching-time formula
11
We need to: Define an expressive universal branching-time logic Define a model-checking algorithm for this logic Define suitable refinement techniques
12
State/event universal branching-time logic Industrial applications need state/event reasoning Bluetooth: when an action a is received in a q state, the next state has to be p Need to a state/event framework
13
The state/event universal logic SE-AΩ We view time operators as regular path patterns on the time line Fφ:Fφ: Xφ:Xφ: Gφ:Gφ: φUψ:φUψ:
14
The state/event universal logic SE-AΩ Regular expression over ψφφφφ aaba φ a φ
15
The state/event universal logic SE-AΩ K(φ,a): Lφ:Lφ: K(φ,a): φ and a hold at all even time points Lφ: no more than 4 time units between 2 occurrences of φ
16
The state/event universal logic SE-AΩ
17
Labeled Kripke Structure: M=(S,AP,L,Σ,T) p,q p q,r a b c
18
The state/event universal logic SE-AΩ Labeled Kripke Structure: M=(S,AP,L,Σ,T)
19
We need to: Define an expressive universal branching-time logic Define a model-checking algorithm for this logic Define suitable refinement techniques
20
Model-checking algorithm for SE-AΩ p,q p q,r a b c b
21
Model-checking algorithm for SE-AΩ p,q p q,r a b c b
22
Model-checking algorithm for SE-AΩ p,q p q,r a b c b
23
Model-checking algorithm for SE-AΩ p,q p q,r a b c b
24
Model-checking algorithm for SE-AΩ p,q p q,r a b c
25
Verification Yes System OK Predicate Abstraction Counterexample Valid? Abstraction Refinement Yes No Counterexample Abstraction Model Our Goal: Extension to branching-time properties SE-AΩ
26
What is a counterexample formally?
27
CounterExample generation for SE-AΩ Compute a counterexample either for
28
CounterExample generation for SE-AΩ Compute a counterexample for
29
CounterExample generation for SE-AΩ AG ¬p v AF ¬q q q q q p
30
CounterExample generation for SE-AΩ a b c b a b
31
Verification Yes System OK Predicate Abstraction Counterexample Valid? Abstraction Refinement Yes No Counterexample Abstraction Model Our Goal: Extension to branching-time properties SE-AΩ
32
Verification Yes System OK Predicate Abstraction Counterexample Valid? Abstraction Refinement Yes No Counterexample Abstraction Model Our Goal: Extension to branching-time properties SE-AΩ
33
a b c b a c Projection
34
Weak simulation a a p,q
35
Compositionality Theorem: iff
36
Verification Yes System OK Predicate Abstraction Counterexample Valid? Abstraction Refinement Yes No Counterexample Abstraction Model Our Goal: Extension to branching-time properties SE-AΩ
37
Compositional refinement P1P1 SpecP2P2 P3P3 P4P4 Abstraction Spec A1A1 A2A2 A3A3 A4A4
38
Compositional refinement P1P1 Spec Abstraction P2P2 P3P3 P4P4 Spec A1A1 A2A2 A3A3 A4A4 A1A1 Refinement
39
Compositional refinement P1P1 Spec Abstraction P2P2 P3P3 P4P4 Spec A1A1 A2A2 A4A4 A1A1 Refinement A3A3 A3A3
40
Compositional refinement P1P1 Spec Abstraction P2P2 P3P3 P4P4 Spec A1A1 A2A2 A4A4 A1A1 Refinement A3A3 A3A3 A1A1
41
Compositional refinement P1P1 Spec Abstraction P2P2 P3P3 P4P4 Spec A1A1 A2A2 A4A4 Refinement A3A3 A3A3 A2A2 A1A1 A1A1 No more counterexamples
42
Compositional refinement P1P1 Spec Abstraction P2P2 P3P3 P4P4 Spec A1A1 A2A2 A4A4 Refinement A3A3 A3A3 A2A2 A1A1 A1A1 Real counterexamples
43
Action-guided Refinement a b b a c Abstraction a a,b b c a b Counterexample
44
Verification Yes System OK Predicate Abstraction Counterexample Valid? Abstraction Refinement Yes No Counterexample Abstraction Model Our Goal: Extension to branching-time properties Branching-time formula
45
Case study: IPC IPC (InterProcess Communication) Protocol: organize communication in a multithreaded robot controller Bug discovery Protocol has been used for 7 years Bug undetected with earlier model- checking efforts using LTL
46
Conclusion Definition of an advanced branching-time state-event logic SE-AΩ Model-checking algorithm for SE-AΩ Compositional counterexample validation and refinement techniques for SE-AΩ First application of compositional CEGAR to a branching-time specifications Bug discovery in the IPC protocol
47
Questions?
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.