Presentation is loading. Please wait.

Presentation is loading. Please wait.

Review of the automata-theoretic approach to model-checking.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Review of the automata-theoretic approach to model-checking."— Presentation transcript:

1 Review of the automata-theoretic approach to model-checking

2 Overview* Kripke structures Temporal logics: LTL, CTL, CTL* From LTL to Buchi automata Model checking *Thanks for borrowed slides: Orna Grumberg, Ken McMillan

3 Program verification Given a program and a specification, does the program satisfy the specification? Not decidable! We restrict the problem to a decidable one: Finite-state abstractions Propositional temporal logics

4 Model Checking MC G(p -> F q) yes no p q p q temporal formula finite-state model algorithm counterexample Model must now represent all behaviors

5 Finite state systems Hardware designs Communication protocols High level description of non finite state systems Web service abstractions

6 Properties in temporal logic mutual exclusion: always  ( cs 1  cs 2 ) non starvation: always (request  eventually grant) communication protocols: (  get-message) until send-message

7 Kripke structures A Kripke structure (S,AP,R,L) consists of –set of states S, atomic propositions AP –set of transitions R  S  S –labeling L  S  AP Example: Kripke model of a program pp p repeat p := true; p := false; end

8 Kripke structure / transition system a,ba a b,c c a,c a,b b

9  =s 0 s 1 s 2... is a run in M from s iff s = s 0 and for every i  0: (s i,s i+1 )  R How to specify properties of runs: temporal logics!

10 Linear temporal logic: LTL AP – a set of atomic propositions LTL: propositional logic + temporal operators Gp Fp Xp pUq

11 Examples of LTL properties x=a  y=b  XXXX z=a+b pay B deliver B: “before” liveness: “if input, then eventually output” G (input  F output) strong fairness: “infinitely sent implies infinitely received” GF send  GF receive

12 Branching time logics: CTL, CTL* Model of time is a tree, not a sequence Path quantifiers A: “for every path” E: “there exists a path” AF p p p p

13 Computation Tree Logic: CTL Every operator F, G, X, U preceded by A or E Universal modalities: pp p... AG p pppp p pp AF p

14 CTL, cont... Existential modalities: p p... EG p p p EF p

15 CTL, cont Other modalities AX p, EX p, A(p U q), E(p U q) Examples: mutual exclusion specs... AG  (C 1  C 2 ) mutual exclusion AG (request  AF grant) non-starvation AG (N 1  EX T 1 ) non-blocking

16 CTL* Contains both CTL and LTL –path formulas p U q, G p, Fp, Xp,  p, p  q –state formulas A p, E p Note: p in LTL  A p in CTL* CTL* is more powerful than CTL Example: Fairness assumptions A (GF p  GF q)

17 Model checking complexities CTL LTL O(2 f (V+E)) CTL O(f (V+E)) * = Note: all are linear in model size PSPACE COMPLETE

18 LTL vs. Buchi automata Buchi automaton: finite-state automaton accepting infinite words by going forever through some accepting state a 1 a 2 a 3 ……………………………… s 0 s 1 s 2 s 3 ………. f ….. f ….. f ….. f….. Languages accepted by Buchi automata: ω-regular

19 Let φ be an LTL formula with propositions AP. There exists a Buchi automaton B(φ) over alphabet 2 AP accepting exactly the infinite words satisfying φ. Naïve construction: simple recursion on the structure of φ Examples: if φ = X p then B(φ) is if φ = p U q then B(φ) is but: each negation leads to exponential blowup! p q accept p

20 Smarter way: one-step construction exponential number of states given a state of B(φ) and an input, a next state of B(φ) can be computed in PSPACE with respect to φ

21 Example: p U q States: consistent sets of subformulas (or their negations) (  ) subformulas p U q,  (p U q), p,  p, q,  q p, q p U q p,  q, p U q p,  q,  (p U q)  p, q, p U q  p  q,  (p U q) States (consistent sets): Intuition: a state contains the formulas satisfied by all accepted infinite runs starting in that state

22 p,  q, p U q p, q, p U q  p,  q,  (p U q)  p, q, p U q p,  q,  (p U q) all Initial states: all containing p U q Transitions: on assignment in source state

23 Model checking Input: Kripke structure K LTL formula φ 1.Construct B(  φ) 2.Search for runs of K accepted by B(  φ) 3.If none found, output “yes” otherwise, output counter-example run

24 Can be done in NPSPACE, so in PSPACE: Non-deterministically generate runs of K  B(  φ) Accept when looping in where S is a state in K and f is an accepting state of B(  φ) Run of K States of B(  φ) s 0 s 1 s 2 … f …. f … Deterministic algorithm: depth-first search + some efficient bookkeeping O(2 |φ| |K|) S

25 Some other complexities Model checking for CTL: O( | φ| |K|) Satisfiability for CTL: EXPTIME-complete Model checking for CTL*: PSPACE-complete Satisfiability for CTL*: 2-EXPTIME-complete

Download ppt "Review of the automata-theoretic approach to model-checking."

Similar presentations

Model Checking Lecture 1.

Model Checking Lecture 1.
Introduction to Model Checking

Introduction to Model Checking
Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
Tutorial I – An Introduction to Model Checking Peng WU INRIA Futurs LIX, École Polytechnique.

Tutorial I – An Introduction to Model Checking Peng WU INRIA Futurs LIX, École Polytechnique.
Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.

Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.
CS6133 Software Specification and Verification

CS6133 Software Specification and Verification
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.

Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.
CS 267: Automated Verification Lecture 7: SMV Symbolic Model Checker, Partitioned Transition Systems, Counter-example Generation in Symbolic Model Checking.

CS 267: Automated Verification Lecture 7: SMV Symbolic Model Checker, Partitioned Transition Systems, Counter-example Generation in Symbolic Model Checking.

Similar presentations

Ads by Google