Presentation is loading. Please wait.

Presentation is loading. Please wait.

Symbolic Algorithms for Infinite-state Systems Rupak Majumdar (UC Berkeley) Joint work with Luca de Alfaro (UC Santa Cruz) Thomas A. Henzinger (UC Berkeley)

Published byEmery York Modified over 9 years ago

Similar presentations

Presentation on theme: "Symbolic Algorithms for Infinite-state Systems Rupak Majumdar (UC Berkeley) Joint work with Luca de Alfaro (UC Santa Cruz) Thomas A. Henzinger (UC Berkeley)"— Presentation transcript:

1 Symbolic Algorithms for Infinite-state Systems Rupak Majumdar (UC Berkeley) Joint work with Luca de Alfaro (UC Santa Cruz) Thomas A. Henzinger (UC Berkeley)

2 Closed Reactive Systems Transition systems: S Set of states (possibly infinite)  Set of actions post: S X   S Successor function

3 Lifted Transition Systems S Set of states  Set of actions Post: 2 S X   2 S Successor function –Post(R) = {t|  s  R  a. t =  (s,a)} Pre: 2 S X   2 S Predecessor function –Pre(R) = {s|  a.  (s,a)  R}

4 Observables Group interesting sets of states as observables Example: –“Processor 1 is in critical section” –“Thermostat temperature is between 32 and 40” Observable transition system = –Transition system + –Set of observables  = {O1,O2,…}, Oi  S

5 Symbolic Transition Systems S, , Pre, Post,  Set of regions R={R1,R2,…}, Ri  S –   R –Pre, Post : R X  R – , ,\ : RXR  R –  : RXR  {T,F} Computable Symbolic semi-algorithm: Start with regions in  and compute new regions using the operations above

6 Example: Rectangular Hybrid Automata General class: polyhedral hybrid systems [Alur et al] Other classes: Petri nets, FIFO automata,...

7 Verification Questions Q1 : Reachability –Is an unsafe state reachable? EF unsafe Q2 : Linear Temporal Logic (regular properties) –Is progress being made? E(GF fair  F goal) Q3 : ½ Branching temporal logic( ECTL,ACTL ) –Nested reachability EF (unsafe  EF err1  EF err2) Q4 : Branching temporal logic ( CTL ) –Is progress possible? AG(tick -> EXEF tick)

8 init final Q1 : Reachability EF Is there a trajectory to an unsafe state? final  Pre(final)... R = final loop if R  init  then “yes” if Pre(R)  R then “no” R := R  Pre(R) end Similar algorithm by iterating Post’s Operations used: Pre, 

9 final init Q2 : LTL Model Checking Example: Repeated Reachability EGF –Can a set of states be reached infinitely often? –EGF final R1 = EXEF final R2 = EXEF R1.. R Operations: Pre, ,  with observables

10 Q3 : ECTL model cecking ECTL: nested reachability –EF(goal1 /\ EF(goal2) /\ EF(goal3)) –Operations : Pre, ,  EF goal2 goal1 /\ EF goal2 /\ EF goal3 EF goal3 EF (goal1 /\ EF goal2 /\ EF goal3)

11 Q4 : CTL model checking CTL: can all trajectories from init to goal1 be extended to goal2? –AG(goal1 -> EF goal2) = ~ EF (goal1 /\ ~EF goal2) –Operations : Pre, , , \ EF goal2 EF (goal1 /\ ~EF goal2)

12 Three Specification Logics L1 : CTL (or, mu calculus) L2 : ECTL or ACTL L3 : LTL

13 Three Symbolic Semi-Algorithms A1 : Close  under pre, , , \ A2 : Close  under pre, ,  A3 : Close  under pre, ,  obs (intersection with observables) P 0 =  for i = 1,2,3, … P i = P i-1  {pre(R) | R  P i-1 }  {R1  R2 | R1,R2  P i-1 }  {R1  R2 | R1,R2  P i-1 }  {R1 \ R2 | R1,R2  P i-1 } until P i = P i-1

14 Three State Equivalences E1 : Bisimilarity E2 : Similarity (mutual simulation) E3 : Trace Equivalence

15 Similarity Similarity: moves can be matched Bisimilarity = Symmetric similarity Trace equivalence = same languages  

16 Triad L1: CTL L2: ECTL L3: LTL A1: Pre+Boolean A2: Pre +Positive Boolean A3: Pre +Positive Boolean with  only with observables E1: Bisimilarity E2: Similarity E3: Trace equivalence Logics Symbolic algorithmsState equivalences

17 E i State Equivalence A i Symbolic semi-algorithm L i State Logic i = 1,2,3 computesinduces Model-checks All regions definable by Li are generated by Ai If Ai terminates, then symbolic model checking of Li terminates

18 E i State Equivalence A i Symbolic semi-algorithm L i State Logic i = 1,2,3 computesinduces Model-checks States s and t are Ei equivalent iff for all regions R generated by Ai, s  R iff t  R Ai terminates iff Ei has finite index

19 E i State Equivalence A i Symbolic semi-algorithm L i State Logic i = 1,2,3 computesinduces Model-checks States s and t are Ei equivalent iff for all formulas  of Li, s satisfies  iff t satisfies  If Ei has finite index, then Li can be model checked on a finite quotient

20 Classification of systems [STACS00] STS1 : –A1 terminates, finite bisimilarity, can model check CTL –Ex: Timed automata, O-minimal systems STS2 : –A2 terminates, finite similarity, can model check  CTL –Ex: 2D rectangular automata STS3 : –A3 terminates, finite trace equivalence, can model check LTL –Ex: initialized rectangular automata

21 Summary The triad (algorithm, equivalence, logic) provides a useful tool to prove decidability and provide symbolic algorithms for infinite-state systems The characterization provides a symbolic model checking algorithm, given some structural property of the system

22 Summary The symbolic approach shows how to engineer a model checker: –Export a Region interface implementing the symbolic operations –The model checking algorithm is independent of the front end syntax and region representation –E.g., BLAST toolkit for software

Download ppt "Symbolic Algorithms for Infinite-state Systems Rupak Majumdar (UC Berkeley) Joint work with Luca de Alfaro (UC Santa Cruz) Thomas A. Henzinger (UC Berkeley)"

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.
Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
François Fages MPRI Bio-info 2005 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraint Programming.

François Fages MPRI Bio-info 2005 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraint Programming.
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
François Fages MPRI Bio-info 2007 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraint Programming.

François Fages MPRI Bio-info 2007 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraint Programming.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.

François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
Hybrid System Verification Synchronous Workshop 2003 A New Verification Algorithm for Planar Differential Inclusions Gordon Pace University of Malta December.

Hybrid System Verification Synchronous Workshop 2003 A New Verification Algorithm for Planar Differential Inclusions Gordon Pace University of Malta December.
Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?

Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?
From Monotonic Transition Systems to Monotonic Games Parosh Aziz Abdulla Uppsala University.

From Monotonic Transition Systems to Monotonic Games Parosh Aziz Abdulla Uppsala University.
A Fixpoint Calculus for Local and Global Program Flows Swarat Chaudhuri, U.Penn (with Rajeev Alur and P. Madhusudan)

A Fixpoint Calculus for Local and Global Program Flows Swarat Chaudhuri, U.Penn (with Rajeev Alur and P. Madhusudan)

Similar presentations

Ads by Google