- 63 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about ' Network Protocols' - blenda

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

### Network Protocols

Symbolic Model Checking

Revision Slides

Dr. Eng. Amr T. Abdel-Hamid

- Slides based on slides of:
- Jim Kurose, Keith Ross, “Computer Networking: A Top Down Approach Featuring the Internet”, 2nd edition, Addison-Wesley, July 2002.
- Jiangchuan (JC) Liu , Assistant Professor, SFU & others

Winter 2012

Functionals

- Now, we can think of all temporal operators also as functions from sets of states to sets of states
- For example:

or if we use the set notation

AX p = (S - EX(S - p))

- Logic Set
- p q p q
- p q p q
- p S – p

False

True S

Fixpoint Characterization Equivalences

AG p = y . p AX y AG p = p AX AG p

EG p = y . p EX y EG p = p EX EG p

AF p = y . p AX y AF p = p AX AF p

EF p = y . p EX y EF p = p EX EF p

A(pUq) = y . q A (p X (y)) A(pUq)=q (p AX (p AU q))

E(pUq) = y . q E (p X (y)) E(pUq) = q (p EX (p EU q))

Fixpoint CharacterizationsEF Fixpoint Computation

EF p = y . p EX y is the limit of the sequence:

, pEX , pEX(pEX ) , pEX(pEX(p EX )) , ...

which is equivalent to

, p, p EX p , p EX (p EX (p) ) , ...

EF Fixpoint Computation

p

s1

s2

s3

s4

p

Start

1st iteration

pEX = {s1,s4} EX()= {s1,s4} ={s1,s4}

2nd iteration

pEX(pEX ) = {s1,s4} EX({s1,s4})= {s1,s4} {s3}={s1,s3,s4}

3rd iteration

pEX(pEX(p EX )) = {s1,s4} EX({s1,s3,s4})= {s1,s4} {s2,s3,s4}={s1,s2,s3,s4}

4th iteration

pEX(pEX(pEX(p EX ))) = {s1,s4} EX({s1,s2,s3,s4})= {s1,s4} {s1,s2,s3,s4} = {s1,s2,s3,s4}

Greatest Fixpoint

Given a monotonic function F, its greatest fixpoint is the least upper bound (lub) of all the extensive elements:

y. F y = { y | F y y }

The greatest fixpoint y . F y is the limit of the following sequence (assuming F is -continuous):

S, F S, F2 S, F3 S, ...

If S is finite, then we can compute the greatest fixpoint using the above sequence

EG Fixpoint Computation

Similarly, EG p = y . p EX y is the limit of the sequence:

S, pEX S, pEX(p EX S) , pEX(p EX (p EX S)) , ...

which is equivalent to

S, p, p EX p , p EX (p EX (p) ) , ...

EG Fixpoint Computation

p

p

s1

s2

s3

s4

p

Start

S = {s1,s2,s3,s4}

1st iteration

pEX S = {s1,s3,s4}EX({s1,s2,s3,s4})= {s1,s3,s4}{s1,s2,s3,s4}={s1,s3,s4}

2nd iteration

pEX(pEX S) = {s1,s3,s4}EX({s1,s3,s4})= {s1,s3,s4}{s2,s3,s4}={s3,s4}

3rd iteration

pEX(pEX(pEX S)) = {s1,s3,s4}EX({s3,s4})= {s1,s3,s4}{s2,s3,s4}={s3,s4}

EG Fixpoint Computation

EG(p) states that can avoid reaching pp EX(p) EX(EX(p)) ...

• • •

EG(p)

Example

- For the FSM below, formally check the following properties, using Fixpoint Theorm:
- AG(a ∨c ∨b)
- AF(ab)
- If failed show the subset of the design the property holds for as well as the counter example

1

2

4

3

c

a

a,b

b,c

d

c

6

S = {1,2,3,4,5,6}, AP = {a,b,c,d},

R = {(1,2), (1,3),(2,3), (3,4), (4,4), (4,5), (5,2), (2,6), (6,1)}

L(1) = {a,b}, L(2) = {c}, L(3) = {b,c}, L(4) = {a}, L(5) = {c}, L(6) = {d}

5

Example (cont.)

- Remember that:
- H(a∪b) = H(a) ∪ H(b) ∪ H(c) ={1,4} ∪ {2,3,5} ∪ {1,3} = {1,2,3,4,5}
- AG(a ∨c ∨b) = AG p = y . p AX y = y . p AX y
- AX p = EX(p)
- I0 S = {1,2,3,4,5,6}
- I1 {1,2,3,4,5} ∩ S = {1,2,3,4,5} ∩ {1,3,4,5,6} = {1,2,3,4,5}
- I2 {1,2,3,4,5} ∩ AX(1,2,3,4,5) = {1,2,3,4,5} ∩ {1,3,4,5,6} = {1,3,4,5}
- This is because that : AX(1,2,3,4,5) = EX((1,2,3,4,5)) = EX(6) = (2) = S- {2 } = {1,3,4,5,6}
- I3 {1,2,3,4,5} ∩ AX(1,3,4,5) = {1,3,4,5}
- This is because that : AX(1,3,4,5) = EX((1,3,4,5)) = ****
- I3 = I2 H(AG(a∨b ∨ c)) = {1,3,4,5}
- The property does not hold, except for the above states, and it is clear that states {2,6} can be considered as counter examples.
- state 6 does not contain neither a,c,b and state 2 does not have a proceeding one on one of its pathes path (2,6)

Download Presentation

Connecting to Server..