a simple model checker for ctl
Download
Skip this Video
Download Presentation
A Simple Model Checker for CTL

Loading in 2 Seconds...

play fullscreen
1 / 20

A Simple Model Checker for CTL - PowerPoint PPT Presentation


  • 110 Views
  • Uploaded on

A Simple Model Checker for CTL. (Lecture Notes from Marcello Bonsangue, LIACS - Leiden University http://www.liacs.nl/~marcello/). The problem. We need efficient algorithms to solve the problems [1] M,s  [2] M,s  where M should have finitely many states,

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' A Simple Model Checker for CTL' - hamish-preston


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
a simple model checker for ctl

A SimpleModel Checker for CTL

(Lecture Notes from

Marcello Bonsangue, LIACS - Leiden University

http://www.liacs.nl/~marcello/)

the problem
The problem
  • We need efficient algorithms to solve the problems

[1] M,s 

[2] M,s 

where M should have finitely many states,

and  is a CTL formula.

  • We concentrate to solution of [2], as [1] can be easily derived from it.

?

?

the solution
The solution
  • Input:A CTL model M and CTL formula 
  • Output: The set of states of M which satisfy 
  • Basic principles:
    • Translate any CTL formula  in terms of the connectives AF,EU,EX, ,, and .
    • Label the states of M with sub-formulas of  that are satisfied there, starting from the smallest sub-formulas and working outwards towards 
    • Output the states labeled by 
the labelling
The labelling
  • An immediatesub-formula of a formula  is any maximal-length formula y other than  itself
  • Let y be a sub-formula of  and assume the states of M have been already labeled by all immediate sub-formulas of y.

Which states have to be labeled by y?

We proceed by case analysis

the basic labeling
The basic labeling
  • no states are labeled
  • p label a state s with p if p  l(s)
  • y1y2 label a state s with y1y2 if s is already labeled with both y1 and y2
  • y label a state s with y if s is not already labeled with y
the af labeling
The AF labeling
  • AFy 1. Label with AFy any state s already labeled with y

2. Repeat until no change: label any state s with AFy if all successors of s are already labeled with Afy

repeat

AFy

AFy

AFy

AFy

AFy

AFy

AFy

… until no change

the eu labeling
The EU labeling
  • E[y1Uy2] 1. Label with E[y1Uy2] any state s already labeled with y2

2. Repeat until no change: label any state s with E[y1Uy2] if it is labeled with y1 and at least one of its successor is already labeled with E[y1Uy2]

repeat

E[y1Uy2]

E[y1Uy2]

y1

E[y1Uy2]

y1

… until no change

the ex labeling
The EX labeling
  • EXy Label with EXy any state s with one of its successors already labeled with y

y

y

EXy

the eg labeling direct
The EG labeling (direct)
  • EGy 1. Label all the states with EGy

2. Delete the label EGy from any state s not labeled with y

3. Repeat until no change: delete the label Egy from any state s if none f its successors is labeled with EGy

repeat

y

EGy

y

EGy

EGy

y

EGy

y

EGy

… until no change

complexity
Complexity

The complexity of the model checking algorithm is

O(f*V*(V+E))

where f = number of connectives in 

V = number of states of M

E = number of transitions of M

It can be easily improved to an

algorithm linear both in the size of the formula and of the model

example input
Example: Input

p

q

p

q

 = AF(E[q U p] v EXq)

example eu step 1
Example: EU - step 1

P

E[qUp]

q

P

E[qUp]

q

1. Label with E[qUp] all states which satisfy p

example eu step 2 1
Example: EU-step 2.1

E[qUp]

P

E[qUp]

q

E[qUp]

P

E[qUp]

q

2.1 label any state s with E[qUp] if it is labeled with q and at least one of its successor is already labeled with E[qUp]

example eu step 2 2
Example: EU-step 2.2

E[qUp]

E[qUp]

P

E[qUp]

q

E[qUp]

P

E[qUp]

q

No!

2.2 label any state s with E[qUp] if it is labeled with q and at least one of its successor is already labeled with E[qUp]

example ex step 3
Example: EX-step 3

E[qUp]

EXq

E[qUp]

q

EXq

P

E[qUp]

EXq

E[qUp]

P

E[qUp]

q

3. Label with EXq any state s with one of its successors already labeled with q

example step 4
Example: -step 4

E[qUp]

EXq

E[qUp]

EXq

E[qUp]

P,

E[qUp]

,q

EXq

,P

E[qUp]

q

4. Label with  = E[qUp] v EXq any state s already labeled with E[qUp] or EXq

example af step 5 1
Example: AF-step 5.1

f,

E[qUp]

f,

EXq

f,

E[qUp]

f,

EXq

f,

E[qUp]

P,f,

E[qUp]

f,,q

EXq

f,,P

E[qUp]

q

5.1. Label with f= AF(E[qUp]vEXq) any state already labeled with = E[qUp]vEXq

example af step 5 2
Example: AF-step 5.2

f,

E[qUp]

f,

EXq

f,

E[qUp]

f,

EXq

f,

E[qUp]

P,f,

E[qUp]

f,,q

EXq

f,,P

E[qUp]

f,q

5.2. label any state s with f if all successors of s are already labeled with f

example output
Example: Output

p

q

p

q

All states satisfy AF(E[q U p] v EXq)

state explosion
State explosion
  • The algorithm is linear in the size of the model but the size of the model is exponential in the number of variables, components, etc.

Can we reduce state explosion?

  • Abstraction (what is relevant?)
  • Induction (for ‘similar’ components)
  • Composition (divide and conquer)
  • Reduction (prove semantic equivalence)
  • Ordered binary decision diagrams
ad