Presentation is loading. Please wait.

Presentation is loading. Please wait.

Model Checking Lecture 5. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Model Checking Lecture 5. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking."— Presentation transcript:

1 Model Checking Lecture 5

2 Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking 3Symbolic algorithms for model checking 4Pushdown systems

3 From Finite to Inifinite-State Systems So far, algorithms for systems with finite state spaces Sources of infinite-state –Control: recursion –Data: unbounded numeric variables, lists –Time: Systems with real-time clocks –Parameters: arbitrary number of participating processes

4 From Finite to Infinite-State Systems So far, algorithms for systems with finite state spaces Sources of infinite-state –Control: recursion –Data: unbounded numeric variables, lists –Time: Systems with real-time clocks –Parameters: arbitrary number of participating processes

5 Decidability vs. Expressiveness Unbounded state  Undecidable Is the unbounded system able to encode a Turing machine? –Single-counter machines? NO –Two-counter machines? YES –Single-stack machines? NO –Two-stack machines? YES

6 From Finite to Infinite-State Systems So far, algorithms for systems with finite state spaces Sources of infinite-state –Control: recursion –Data: unbounded numeric variables, lists –Time: Systems with real-time clocks –Parameters: arbitrary number of participating processes

7 State representation Explicit representation infeasible Symbolic representation is the key –For the transition system –For the reachable states

8 Pushdown systems (G, L, g 0, l 0,  ) g, h  G : finite set of control states l, m  L : finite set of stack symbols g 0 : initial control state l 0 : initial stack symbol  : set of transitions

9 Remarks The classical definition of a pushdown system has, in addition, an alphabet I of input symbols. Each transition depends on the control state, the top of the stack, and the input symbol. The language L  I* of a classical pushdown system contains those input sequences for which there is an execution leading to the empty stack. We are only concerned with reachability analysis and will therefore ignore I.

10 Three kinds of transitions: (g, l)  (h, m) (step) (g, l)  (h, m n) (call) (g, l)  (h,  ) (return) Configuration: g, l l  h, m g, l  h, n m g, l  h,

11 Modeling sequential programs An element in G is a valuation to global variables An element in L is a valuation to local variables and –current instruction address for the frame at the top of the stack –return instruction address for the other frames

12 Example bool a = F; void main( ) { L1: a = T; L2: flip(a); L3: } void flip(bool x) { L4: a = !x; L5: } (F,  ) (F,  _, L3  ) (F,  _, L3   T, L5  ) (T,  _, L3   T, L4  ) (T,  _, L2  ) (F,  _, L1  ) (a,  x, pc  )

13 Reachability problem Given pushdown system (G, L, g 0, l 0,  ) and control state g, does there exist a stack ls  L* such that (g 0, l 0 )  * (g, ls)?

14 Naïve algorithm Add (g 0, l 0 ) to R (g, ls)  R (g, ls)  (g’, ls’) Add (g’, ls’) to R

15 R is unbounded so algorithm won’t terminate Two solutions: –Summary-based (a.k.a. interprocedural dataflow analysis) –Automata-based Problem with the naïve algorithm

16 E(g, l, h, m) (step edges) E + (g, l, h, nm) (call edges) E - (g, l, h) (pop edges) Initially: Algorithm I E(g 0, l 0, g 0, l 0 ) E+ is empty E- is empty

17 Step rule E(g, l, h, m) (h, m)  (h’, m’) E(g, l, h’, m’)

18 Call rule E(g, l, h, m) (h, m)  (h’, n’m’) E + (g, l, h’, n’m’) E(h’, n’, h’, n’)

19 Return rule E(g, l, h, m) (h, m)  (h’,  ) E - (g, l, h’)

20 Summary rule E + (g, l, h, nm) E - (h, n, h’) E(g, l, h’, m)

21 int g = 0 main() { L0: incr() L1: g = 0 L2: incr() L3: } incr() { L4: g = g+1 L5: } E(0, L0, 0, L0) E + (0, L0, 0, L4·L1) E(0, L4, 0, L4) E(0, L4, 1, L5) E - (0, L4, 1) E(0, L0, 1, L1) E(0, L0, 0, L2) E + (0, L0, 0, L4·L3) E(0, L0, 1, L3) E - (0, L0, 1)

22 int g = 0 main() { L0: if (*) L1: foo(0) else L2: foo(1) L3: assert(g > 0) L4: } foo(r) { L5: if (r = 0) L6: foo(r) else L7: g = g + 1 L8: } E(0, L0, 0, L0) E + (0, L0, 0,  L5,0  ·L3) E(0,  L5,0 , 0,  L5,0  ) E(0,  L5,0 , 0,  L6,0  ) E(0, L0, 0, L1) E(0, L0, 0, L2) E + (0, L0, 0,  L5,1  ·L3) E(0,  L5,1 , 0,  L5,1  ) E(0,  L5,1 , 0,  L7,1  ) E(0,  L5,1 , 1,  L8,1  ) E - (0,  L5,1 , 1) E(0, L0, 1, L3) E(0, L0, 1, L4) E - (0, L0, 1) E + (0,  L5,0 , 0,  L5,0  ·  L8,0  )

23 Termination Maximum number of step edges = |G| 2 |L| 2 Maximum number of call edges = |G| 2 |L| 3 Maximum number of return edges = |G| 2 |L|

24 Reachability problem Given pushdown system (G, L, g 0, l 0,  ) and control state g, does there exist a stack ls such that (g 0, l 0 )  * (g, ls)? Algorithm I: Summary-based Yes, if E(g’, l’, g, l) for some g’, l’, and l. No, otherwise.

25 Algorithm II Add (g 0, l 0 ) to R (g, ls)  R (g, ls)  (g’, ls’) Add (g’, ls’) to R Key idea: Use a finite automaton to symbolically represent R

26 Symbolic representation Pushdown system (G, L, g 0, l 0,  ) Representation automaton (Q, L, T, G, F) - Q (  G) is the set of states - L is the alphabet - T is the transition relation - G is the set of initial states - F is the set of final states

27 gs1s1 s2s2 l l m h m Represents the set of configurations: { (h, m), (g, l m* l) } A set C of configurations is regular if it is representable by an automaton Theorem (Buchi) : The set of configurations reachable from a regular set is also regular.

28 Remark Buchi’s theorem does not contradict the fact that pushdown systems can accept non-regular languages over the input alphabet I. The classical definition of a pushdown system has, in addition, an alphabet I of input symbols. The language of reachable stack configurations is a language over the alphabet L. The accepted language is a language over the alphabet I.

29 Pushdown system: (G, L, g 0, l 0,  ) - G = {g 0, g 1, g 2 } - L = {l 0, l 1, l 2 } - (g 0, l 0 )  (g 1, l 1 l 0 ) (g 1, l 1 )  (g 2, l 2 l 0 ) (g 2, l 2 )  (g 0, l 1 ) (g 0, l 1 )  (g 0,  ) g0g0 l0l0 s0s0

30 Pushdown system: (G, L, g 0, l 0,  ) - G = {g 0, g 1, g 2 } - L = {l 0, l 1, l 2 } - (g 0, l 0 )  (g 1, l 1 l 0 ) (g 1, l 1 )  (g 2, l 2 l 0 ) (g 2, l 2 )  (g 0, l 1 ) (g 0, l 1 )  (g 0,  ) g0g0 l0l0 s0s0 g1g1 g2g2

31 Pushdown system: (G, L, g 0, l 0,  ) - G = {g 0, g 1, g 2 } - L = {l 0, l 1, l 2 } - (g 0, l 0 )  (g 1, l 1 l 0 ) (g 1, l 1 )  (g 2, l 2 l 0 ) (g 2, l 2 )  (g 0, l 1 ) (g 0, l 1 )  (g 0,  ) g0g0 l0l0 s0s0 g1g1 g2g2 s 1,1 l1l1 s 2,2 l2l2

32 Pushdown system: (G, L, g 0, l 0,  ) - G = {g 0, g 1, g 2 } - L = {l 0, l 1, l 2 } - (g 0, l 0 )  (g 1, l 1 l 0 ) (g 1, l 1 )  (g 2, l 2 l 0 ) (g 2, l 2 )  (g 0, l 1 ) (g 0, l 1 )  (g 0,  ) g0g0 l0l0 s0s0 g1g1 g2g2 s 1,1 l0l0 l1l1 s 2,2 l2l2

33 Pushdown system: (G, L, g 0, l 0,  ) - G = {g 0, g 1, g 2 } - L = {l 0, l 1, l 2 } - (g 0, l 0 )  (g 1, l 1 l 0 ) (g 1, l 1 )  (g 2, l 2 l 0 ) (g 2, l 2 )  (g 0, l 1 ) (g 0, l 1 )  (g 0,  ) g0g0 l0l0 s0s0 g1g1 g2g2 s 1,1 l0l0 l1l1 s 2,2 l2l2 l0l0

34 Pushdown system: (G, L, g 0, l 0,  ) - G = {g 0, g 1, g 2 } - L = {l 0, l 1, l 2 } - (g 0, l 0 )  (g 1, l 1 l 0 ) (g 1, l 1 )  (g 2, l 2 l 0 ) (g 2, l 2 )  (g 0, l 1 ) (g 0, l 1 )  (g 0,  ) g0g0 l0l0 s0s0 g1g1 g2g2 s 1,1 l0l0 l1l1 s 2,2 l2l2 l0l0 l1l1

35 Pushdown system: (G, L, g 0, l 0,  ) - G = {g 0, g 1, g 2 } - L = {l 0, l 1, l 2 } - (g 0, l 0 )  (g 1, l 1 l 0 ) (g 1, l 1 )  (g 2, l 2 l 0 ) (g 2, l 2 )  (g 0, l 1 ) (g 0, l 1 )  (g 0,  ) g0g0 l0l0 s0s0 g1g1 g2g2 s 1,1 l0l0 l1l1 s 2,2 l2l2 l0l0 l1l1 

36 Pushdown system: (G, L, g 0, l 0,  ) - G = {g 0, g 1, g 2 } - L = {l 0, l 1, l 2 } - (g 0, l 0 )  (g 1, l 1 l 0 ) (g 1, l 1 )  (g 2, l 2 l 0 ) (g 2, l 2 )  (g 0, l 1 ) (g 0, l 1 )  (g 0,  ) g0g0 l0l0 s0s0 g1g1 g2g2 s 1,1 l0l0 l1l1 s 2,2 l2l2 l0l0 l1l1  l0l0

37 Pushdown system: (G, L, g 0, l 0,  ) - G = {g 0, g 1, g 2 } - L = {l 0, l 1, l 2 } - (g 0, l 0 )  (g 1, l 1 l 0 ) (g 1, l 1 )  (g 2, l 2 l 0 ) (g 2, l 2 )  (g 0, l 1 ) (g 0, l 1 )  (g 0,  ) g0g0 l0l0 s0s0 g1g1 g2g2 s 1,1 l0l0 l1l1 s 2,2 l2l2 l0l0 l1l1  l0l0 { (g 0, l 0  l 0 l 0 +  l 1 l 0 l 0 + ), (g 1, l 1 l 0 + ), (g 2, l 2 l 0 l 0 + ) }

38 Lemma 1: If (g,ls)  Begin and (g,ls)  * (g’,ls’), then g’ can reach a final state q of End along a path labeled ls’. Proof: Simple induction on the number of steps in  *. Let Begin be the initial configuration automaton Let End be the final configuration automaton

39 Lemma 2: Suppose g goes to state q in End via a path labeled ls. (1) If q is a state of Begin, then (g’,ls’)  * (g,ls) and g’ goes to state q via a path labeled ls’ in Begin (2) If q = s g’,l’ is a new state in End, then (g’,l’)  * (g,ls)

40 Begin = A 0, A 1, …, A n = End For each i  [0,n-1]: A i+1 is obtained from A i by adding a single edge Restatement of Lemma 2: Suppose g goes to state q in A i via a path of length j labeled ls. (1) If q is a state of Begin, then (g’,ls’)  * (g,ls) and g’ goes to state q via a path labeled ls’ in Begin (2) If q = s g’,l’ is a new state in End, then (g’,l’)  * (g,ls)

Download ppt "Model Checking Lecture 5. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking."

Similar presentations

Lecture 16 Deterministic Turing Machine (DTM) Finite Control tape head.

Lecture 16 Deterministic Turing Machine (DTM) Finite Control tape head.
C O N T E X T - F R E E LANGUAGES ( use a grammar to describe a language) 1.

C O N T E X T - F R E E LANGUAGES ( use a grammar to describe a language) 1.
1 1 CDT314 FABER Formal Languages, Automata and Models of Computation Lecture 3 School of Innovation, Design and Engineering Mälardalen University 2012.

1 1 CDT314 FABER Formal Languages, Automata and Models of Computation Lecture 3 School of Innovation, Design and Engineering Mälardalen University 2012.
Pushdown Automata Chapter 12. Recognizing Context-Free Languages Two notions of recognition: (1) Say yes or no, just like with FSMs (2) Say yes or no,

Pushdown Automata Chapter 12. Recognizing Context-Free Languages Two notions of recognition: (1) Say yes or no, just like with FSMs (2) Say yes or no,
Pushdown Systems Koushik Sen EECS, UC Berkeley Slide Source: Sanjit A. Seshia.

Pushdown Systems Koushik Sen EECS, UC Berkeley Slide Source: Sanjit A. Seshia.
CS21 Decidability and Tractability

CS21 Decidability and Tractability
1 Introduction to Computability Theory Lecture3: Regular Expressions Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture3: Regular Expressions Prof. Amos Israeli.
Introduction to Computability Theory

Introduction to Computability Theory
1 Introduction to Computability Theory Lecture7: PushDown Automata (Part 1) Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture7: PushDown Automata (Part 1) Prof. Amos Israeli.
CFG => PDA Sipser 2 (pages 99-118). CS 311 Fall 2008 2 Formally… A pushdown automaton is a sextuple M = (Q, Σ, Γ, δ, q 0, F), where – Q is a finite set.

CFG => PDA Sipser 2 (pages ). CS 311 Fall Formally… A pushdown automaton is a sextuple M = (Q, Σ, Γ, δ, q 0, F), where – Q is a finite set.
Model Checking Lecture 5. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

Model Checking Lecture 5. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.
Courtesy Costas Busch - RPI1 Non Deterministic Automata.

Courtesy Costas Busch - RPI1 Non Deterministic Automata.
1 Linear Bounded Automata LBAs. 2 Linear Bounded Automata are like Turing Machines with a restriction: The working space of the tape is the space of the.

1 Linear Bounded Automata LBAs. 2 Linear Bounded Automata are like Turing Machines with a restriction: The working space of the tape is the space of the.
CS 302: Discrete Math II A Review. An alphabet Σ is a finite set (e.g., Σ = {0,1}) A string over Σ is a finite-length sequence of elements of Σ For x.

CS 302: Discrete Math II A Review. An alphabet Σ is a finite set (e.g., Σ = {0,1}) A string over Σ is a finite-length sequence of elements of Σ For x.
Courtesy Costas Busch - RPI1 NPDAs Accept Context-Free Languages.

Courtesy Costas Busch - RPI1 NPDAs Accept Context-Free Languages.
1 The Chomsky Hierarchy. 2 Unrestricted Grammars: Rules have form String of variables and terminals String of variables and terminals.

1 The Chomsky Hierarchy. 2 Unrestricted Grammars: Rules have form String of variables and terminals String of variables and terminals.
FORMAL LANGUAGES, AUTOMATA AND COMPUTABILITY 15-453 www.cs.cmu.edu/~emc/flac09.

FORMAL LANGUAGES, AUTOMATA AND COMPUTABILITY
1 91.304 Foundations of (Theoretical) Computer Science Chapter 2 Lecture Notes (Section 2.2: Pushdown Automata) Prof. Karen Daniels, Fall 2009 with acknowledgement.

Foundations of (Theoretical) Computer Science Chapter 2 Lecture Notes (Section 2.2: Pushdown Automata) Prof. Karen Daniels, Fall 2009 with acknowledgement.
Fall 2004COMP 3351 Reducibility. Fall 2004COMP 3352 Problem is reduced to problem If we can solve problem then we can solve problem.

Fall 2004COMP 3351 Reducibility. Fall 2004COMP 3352 Problem is reduced to problem If we can solve problem then we can solve problem.
Fall 2006Costas Busch - RPI1 Non-Deterministic Finite Automata.

Fall 2006Costas Busch - RPI1 Non-Deterministic Finite Automata.

Similar presentations

Ads by Google