Loading in 5 sec....

A Simple Model Checker for CTLPowerPoint Presentation

A Simple Model Checker for CTL

- 110 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about ' A Simple Model Checker for CTL' - hamish-preston

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

### A SimpleModel Checker for CTL

(Lecture Notes from

Marcello Bonsangue, LIACS - Leiden University

http://www.liacs.nl/~marcello/)

The problem

- We need efficient algorithms to solve the problems
[1] M,s

[2] M,s

where M should have finitely many states,

and is a CTL formula.

- We concentrate to solution of [2], as [1] can be easily derived from it.

?

?

The solution

- Input:A CTL model M and CTL formula
- Output: The set of states of M which satisfy
- Basic principles:
- Translate any CTL formula in terms of the connectives AF,EU,EX, ,, and .
- Label the states of M with sub-formulas of that are satisfied there, starting from the smallest sub-formulas and working outwards towards
- Output the states labeled by

The labelling

- An immediatesub-formula of a formula is any maximal-length formula y other than itself
- Let y be a sub-formula of and assume the states of M have been already labeled by all immediate sub-formulas of y.
Which states have to be labeled by y?

We proceed by case analysis

The basic labeling

- no states are labeled
- p label a state s with p if p l(s)
- y1y2 label a state s with y1y2 if s is already labeled with both y1 and y2
- y label a state s with y if s is not already labeled with y

The AF labeling

- AFy 1. Label with AFy any state s already labeled with y
2. Repeat until no change: label any state s with AFy if all successors of s are already labeled with Afy

repeat

AFy

AFy

AFy

AFy

AFy

AFy

AFy

… until no change

The EU labeling

- E[y1Uy2] 1. Label with E[y1Uy2] any state s already labeled with y2
2. Repeat until no change: label any state s with E[y1Uy2] if it is labeled with y1 and at least one of its successor is already labeled with E[y1Uy2]

repeat

E[y1Uy2]

E[y1Uy2]

y1

E[y1Uy2]

y1

… until no change

The EX labeling

- EXy Label with EXy any state s with one of its successors already labeled with y

y

y

EXy

The EG labeling (direct)

- EGy 1. Label all the states with EGy
2. Delete the label EGy from any state s not labeled with y

3. Repeat until no change: delete the label Egy from any state s if none f its successors is labeled with EGy

repeat

y

EGy

y

EGy

EGy

y

EGy

y

EGy

… until no change

Complexity

The complexity of the model checking algorithm is

O(f*V*(V+E))

where f = number of connectives in

V = number of states of M

E = number of transitions of M

It can be easily improved to an

algorithm linear both in the size of the formula and of the model

Example: EU-step 2.1

E[qUp]

P

E[qUp]

q

E[qUp]

P

E[qUp]

q

2.1 label any state s with E[qUp] if it is labeled with q and at least one of its successor is already labeled with E[qUp]

Example: EU-step 2.2

E[qUp]

E[qUp]

P

E[qUp]

q

E[qUp]

P

E[qUp]

q

No!

2.2 label any state s with E[qUp] if it is labeled with q and at least one of its successor is already labeled with E[qUp]

Example: EX-step 3

E[qUp]

EXq

E[qUp]

q

EXq

P

E[qUp]

EXq

E[qUp]

P

E[qUp]

q

3. Label with EXq any state s with one of its successors already labeled with q

Example: -step 4

E[qUp]

EXq

E[qUp]

EXq

E[qUp]

P,

E[qUp]

,q

EXq

,P

E[qUp]

q

4. Label with = E[qUp] v EXq any state s already labeled with E[qUp] or EXq

Example: AF-step 5.1

f,

E[qUp]

f,

EXq

f,

E[qUp]

f,

EXq

f,

E[qUp]

P,f,

E[qUp]

f,,q

EXq

f,,P

E[qUp]

q

5.1. Label with f= AF(E[qUp]vEXq) any state already labeled with = E[qUp]vEXq

Example: AF-step 5.2

f,

E[qUp]

f,

EXq

f,

E[qUp]

f,

EXq

f,

E[qUp]

P,f,

E[qUp]

f,,q

EXq

f,,P

E[qUp]

f,q

5.2. label any state s with f if all successors of s are already labeled with f

State explosion

- The algorithm is linear in the size of the model but the size of the model is exponential in the number of variables, components, etc.
Can we reduce state explosion?

- Abstraction (what is relevant?)
- Induction (for ‘similar’ components)
- Composition (divide and conquer)
- Reduction (prove semantic equivalence)
- Ordered binary decision diagrams

Download Presentation

Connecting to Server..