Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Simple Model Checker for CTL. The problem n We need efficient algorithms to solve the problems [1]M,s  [2]M,s  where M should have finitely many states,

Published byJordan Wilkerson Modified over 9 years ago

Similar presentations

Presentation on theme: "A Simple Model Checker for CTL. The problem n We need efficient algorithms to solve the problems [1]M,s  [2]M,s  where M should have finitely many states,"— Presentation transcript:

1 A Simple Model Checker for CTL

2 The problem n We need efficient algorithms to solve the problems [1]M,s  [2]M,s  where M should have finitely many states, and  is a CTL formula. n We concentrate to solution of [2], as [1] can be easily derived from it. ? ?

3 The solution n Input: A CTL model M and CTL formula  n Output: The set of states of M which satisfy  n Basic principles: u Translate any CTL formula  in terms of the connectives AF,EU,EX, , , and . u Label the states of M with sub-formulas of  that are satisfied there, starting from the smallest sub-formulas and working outwards towards  u Output the states labeled by 

4 The labelling An immediate sub-formula of a formula  is any maximal-length formula  other than  itself Let  be a sub-formula of  and assume the states of M have been already labeled by all immediate sub-formulas of  Which states have to be labeled by  We proceed by case analysis

5 The basic labeling n  no states are labeled n p label a state s with p if p  l(s)  1   2 label a state s with  1   2 if s is already labeled with both  1 and  2  label a state s with  if s is not already labeled with 

6 The AF labeling AF  1. Label with AF  any state s already labeled with  2. Repeat until no change: label any state s with AF  if all successors of s are already labeled with Af  AF  repeat … until no change

7 The EU labeling E[   U   ]1. Label with E[   U   ] any state s already labeled with   2. Repeat until no change: label any state s with E[   U   ] if it is labeled with   and at least one of its successor is already labeled with E[   U   ] E[   U   ] repeat … until no change  E[   U   ]   E[   U   ]

8 The EX labeling EX  Label with EX  any state s with one of its successors already labeled with   EX  

9 The EG labeling (direct) EG  1. Label all the states with EG  2. Delete the label EG  from any state s not labeled with  3. Repeat until no change: delete the label Eg  from any state s if none f its successors is labeled with EG  EG   EG   EG   EG   EG  repeat … until no change

10 Complexity The complexity of the model checking algorithm is O(f * V * (V+E)) where f = number of connectives in  V = number of states of M E = number of transitions of M It can be easily improved to an algorithm linear both in the size of the formula and of the model

11 Example: Input  = AF(E[  q U p] v EXq) p p q q

12 Example: EU - step 1 1. Label with E[  qUp] all states which satisfy p P E[  qUp] q q P E[  qUp]

13 Example: EU-step 2.1 2.1 label any state s with E[  qUp] if it is labeled with  q and at least one of its successor is already labeled with E[  qUp] P E[  qUp] q q P E[  qUp]

14 Example: EU-step 2.2 2.2 label any state s with E[  qUp] if it is labeled with  q and at least one of its successor is already labeled with E[  qUp] P E[  qUp] q q P E[  qUp] No! E[  qUp]

15 Example: EX-step 3 3. Label with EXq any state s with one of its successors already labeled with q P E[  qUp] q EXq q P E[  qUp] EXq

16 Example:  -step 4 4. Label with  = E[  qUp] v EXq any state s already labeled with E[  qUp] or EXq P,  E[  qUp] ,q EXq q ,P E[  qUp]  E[  qUp]  E[  qUp]  E[  qUp]  EXq  EXq

17 Example: AF-step 5.1 5.1. Label with  AF(E[  qUp]vEXq) any state already labeled with  E[  qUp]vEXq P, ,  E[  qUp] , ,q EXq q , ,P E[  qUp] ,  E[  qUp] ,  E[  qUp] ,  E[  qUp] ,  EXq ,  EXq

18 Example: AF-step 5.2 5.2. label any state s with  if all successors of s are already labeled with  P, ,  E[  qUp] , ,q EXq ,q , ,P E[  qUp] ,  E[  qUp] ,  E[  qUp] ,  E[  qUp] ,  EXq ,  EXq

19 Example: Output All states satisfy AF(E[  q U p] v EXq) p p q q

20 State explosion n The algorithm is linear in the size of the model but the size of the model is exponential in the number of variables, components, etc. Can we reduce state explosion? n Abstraction (what is relevant?) n Induction (for ‘similar’ components) n Composition (divide and conquer) n Reduction (prove semantic equivalence) n Ordered binary decision diagrams

Download ppt "A Simple Model Checker for CTL. The problem n We need efficient algorithms to solve the problems [1]M,s  [2]M,s  where M should have finitely many states,"

Similar presentations

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.
Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.

Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
1 Computation Tree Logic (CTL). 2 CTL Syntax P - a set of atomic propositions, every p  P is a CTL formula. f, g, CTL formulae, then so are  f, f 

1 Computation Tree Logic (CTL). 2 CTL Syntax P - a set of atomic propositions, every p  P is a CTL formula. f, g, CTL formulae, then so are  f, f 
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.

François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes.

1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes.
SYMBOLIC MODEL CHECKING: 10 20 STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.

SYMBOLIC MODEL CHECKING: STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.
Copyright © Cengage Learning. All rights reserved. CHAPTER 5 SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION.

Copyright © Cengage Learning. All rights reserved. CHAPTER 5 SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar D D.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar D D.
Algorithms Recurrences. Definition – a recurrence is an equation or inequality that describes a function in terms of its value on smaller inputs Example.

Algorithms Recurrences. Definition – a recurrence is an equation or inequality that describes a function in terms of its value on smaller inputs Example.
1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.
CSE332: Data Abstractions Lecture 27: A Few Words on NP Dan Grossman Spring 2010.

CSE332: Data Abstractions Lecture 27: A Few Words on NP Dan Grossman Spring 2010.
Binary Decision Diagrams1 BINARY DECISION DIAGRAMS.

Binary Decision Diagrams1 BINARY DECISION DIAGRAMS.

Similar presentations

Ads by Google