Presentation is loading. Please wait.

Presentation is loading. Please wait.

On-the-fly Model Checking from Interval Logic Specifications Manuel I. Capel & Miguel J. Hornos Dept. Lenguajes y Sistemas Informáticos Universidad de.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "On-the-fly Model Checking from Interval Logic Specifications Manuel I. Capel & Miguel J. Hornos Dept. Lenguajes y Sistemas Informáticos Universidad de."— Presentation transcript:

1 On-the-fly Model Checking from Interval Logic Specifications Manuel I. Capel & Miguel J. Hornos Dept. Lenguajes y Sistemas Informáticos Universidad de Granada (Spain) E-mail: { mcapel, mhornos}@ugr.es

2 Outline of the talk 1. Motivation 2. Context 3. Objectives 4. Specification formalism 5. Algorithm 6. Measurements & conclusions

3 Motivation + Specification and verification of concurrent systems is difficult + Infinite executions + Large number of different possible executions + Temporal Logics are appropiate formalisms to specify properties of linear behaviour + Difficult to use and understand + Textual representation  Interval logics overcome these difficulties + Intervals facilitate the definition of limited temporal contexts + Graphical representation + Specifications more understandable and intuitive 1. MOTIVATION

4 Problem context + Finite representation of system’s properties expressed as interval logic formulas + Tableau algorithm that automatically generates the equivalent automaton + No tableau algorithms for model checking on- the-fly (until now…) 2. CONTEXT + Automatic verification of reactive systems  Model checking 1. Build the property automaton A  2. Calculate the system automaton P =  P i 3. Find the product automaton P  A  4. Check non-emptiness of L ( P  A  )  L (A  ) L (P) Counterexamples L (A  )  L (A  ) L (P) L (A  )  Concurrent System P Specification 

5 Objectives + Classic approach to build a Model Checking tool + Leads to the state explosion problem + Approach to be followed: model checking on-the-fly + Nodes are generated only when are needed by the algorithm + State generation is combined with the search of a counterexample + In many cases, it is not necessary to construct the whole state space + Main objective: Integration of the tableau method with the on- the-fly approach for an interval logic 3. OBJECTIVES

6 Specification formalism + GIL ( Graphical Interval Logic ) is the specification formalism + Propositional Linear-time Temporal Logic + Interval as the key construct + Types of properties f + Initial property [ ) f + Invariant property [ ) f + Eventuality property [ ) 4. SPECIFICATION FORMALISM

7 . b1  b2 a1  a c1  c 2. d2 d1 d3 d4 Graphical syntax of GIL + Establishment of specific contexts: intervals + Use of standard operators and nested intervals . a bc d 4. SPECIFICATION FORMALISM

8 Comparison with LTL a b  c. a aa a d  + Example of a system specification in GIL + Specification of the same behaviour, but in LTL a   ( a U (  a U ((( b   c ) U a ) P a )  d U a )) U ( weak until ), U ( strong until ) and P ( precedes ) defined as f P g =  (  f U g ) + FIL ( Future Interval Logic ) is the formal basis of GIL a   [  a,  a |  a,  a,  a ) (   ( b   c )   d ) 4. SPECIFICATION FORMALISM

9 Syntax and Semantics of FIL + Restricted Syntax f  p |  f | f 1  f 2 | I f + Default-to-true Semantics + Non-negated interval formula + Either properly satisfied [a|b)c[a|b)c c ab + Negated interval formula + Only can be properly satisfied [a|b)c[a|b)c cc ab + or vacuously satisfied (the null context ocurrs)  The state located by  1 does not precede the state located by  2 + A search fails[a|)F = a[a|)F = a [b|)F =  b[b|)F =  b I  [  1 |  2 ) | [  |  2 ) | [  1 |  )  f |  f,  4. SPECIFICATION FORMALISM

10 Phase 1: Graph construction + Expansion order: Depth First Search + Analysis of each formula in the field New + The node is updated + The node is divided + The node is discarded + Creation of the transition system from the specification  Input: a FIL specification  + Output: the set Graph_Nodes  Rooted in Gerth et al. ’ s algorithm [8] 5. ALGORITHM

11 Tableau expansion rules + All the nodes are created from the initial node using expansion rules, such as the following ones: + Expansion rules derived from the reduction relation and the FIL semantics [14], so that:    i (  New  i )  (  New c (  )  X  Next c (  )) 5. ALGORITHM 12345671234567

12 T {b}{b} {b}{b} N3 N4 N2  M  Incoming ( N )  transition M  N  init  Incoming ( N )  N is an initial node + Label of node N: literals ( Old ( N )) + Output : Graph_Nodes An example of graph construction  Input :   {  [  b |  ) F }  {  b }  5. ALGORITHM

13  The graph obtained allows some runs inducing sequences that are not models of the specification  Phase 2: Transforming the graph into the Büchi automaton 5. ALGORITHM + Solution: to impose generalized Büchi acceptance conditions  Acceptance condition (AC) is defined by each set of eventuality formulas that share their last search  AC i {  [  i,1,  i |  ) F,  [  i,2,  i |  ) F, …,  [  i,n,  i |  ) F } + A node satisfies the condition defined by an acceptance set if: + Either if does not promise any of the eventuality formulas in the acceptance set + or it immediately satisfies the eventualities from this set that it promises

14 Determining the accepting states + Accepting states determination procedure 1. Search all the eventuality formulas in the set Graph 2. Define acceptance conditions 3. A node will satisfy an acceptance condition if it does not contain any of its eventualities in the field Next T {b}{b} {b}{b} N4 N3 N2 AC 0 {  [  b|  ) F } ; N3, N4 sat AC 0  N2  sat AC 0 5. ALGORITHM

15 Obtaining a single set of accepting states Labelled Generalized Buchi Automaton (S, R, L, I, F), F = {F 1, F 2, …, F k }  S  is accepting iff  F i  F, inf (  )  F i   + Possible scenarios  k = 0, satisfied by formulas of type I F and purely propositional ones + k = 1, the LGBA coincides with an LBA  k > 1, we must obtain a single set of accepting states F  Determination of F  For Büchi automata representing FIL formulas, it always hold that F =  F i 5. ALGORITHM

16 Measurements of the automaton generation + Quite a bit smaller automata than with global construction ( local automaton + eventuality automaton). + For simple specifications, similar measurements than those obtained with Gerth et al.’s algorithm for LTL.  For complex specifications, FIL formulas are more concise and easier to interpret than LTL ones  less complex automata. 6. MEASUREMENTS & CONCLUSIONS

17 Conclusions + Algorithm for generating a semantically equivalent automaton from a FIL specification + Improvements on Gerth et al.’s algorithm [8] to obtain smaller automata + Our tableau rules succinctly codify the notion of limited temporal scope + Intended for on-the-fly model checking + Explore the state space in a demand-driven manner + Avoid the whole state space construction + First on-the-fly tableau algorithm for an interval logic 6. MEASUREMENTS & CONCLUSIONS

18 References + [3] C.Courcoubetis, O.Grumberg and D. Peled “Memory-efficient algorithms for the verification of temporal properties”, Formal Methods in System Design, 1, 1992, pp.275-288. + [8] R.Gerth, P.Peled, M.Y.Vardi, P.Wolper, “Simple On-the-Fly Automatic Verification of Linear Temporal Logic”, Proceedings of the 15 th International Symposium on Protocol Specification, Testing and Verification, Warsaw, Poland, June 1995, pp.3-18. + [9] M.Hornos, M.I. Capel, “Automata Generation for On-the-Fly Automatic Verification Using Formulas of an Interval Logic”, 2 nd International Conference on Application of Concurrency to System Design, Newcastle Upon Tyne, U.K., June 2001, pp.221-230. + [14] Y.S.Ramakrishna, P.M.Melliar-Smith, L.E.Moser and L.K.Dillon and G.Kutty, “Interval Logics and their Decision Procedures. Part I: An Interval Logic”, Theoretical Computer Science, 166, 1996, pp.1-47.

19 On-the-fly Model Checking from Interval Logic Specifications END OF PRESENTATION Manuel I. Capel & Miguel J. Hornos Dept. Lenguajes y Sistemas Informáticos Universidad de Granada (Spain) E-mail: { mcapel, mhornos}@ugr.es

Download ppt "On-the-fly Model Checking from Interval Logic Specifications Manuel I. Capel & Miguel J. Hornos Dept. Lenguajes y Sistemas Informáticos Universidad de."

Similar presentations

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.
Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
Translating from logic to automata Book: Chapter 6.

Translating from logic to automata Book: Chapter 6.
Model Checking and Testing combined

Model Checking and Testing combined
Black Box Checking Book: Chapter 9 Model Checking Finite state description of a system B. LTL formula. Translate into an automaton P. Check whether L(B)

Black Box Checking Book: Chapter 9 Model Checking Finite state description of a system B. LTL formula. Translate into an automaton P. Check whether L(B)
Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.

Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
An improved on-the-fly tableau construction for a real-time temporal logic Marc Geilen 12 July 2003 /e.

An improved on-the-fly tableau construction for a real-time temporal logic Marc Geilen 12 July 2003 /e.
A Survey of Runtime Verification Jonathan Amir 2004.

A Survey of Runtime Verification Jonathan Amir 2004.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Knowledge Based Synthesis of Control for Distributed Systems Doron Peled.

Knowledge Based Synthesis of Control for Distributed Systems Doron Peled.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?

Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?

Similar presentations

Ads by Google