model checking
Download
Skip this Video
Download Presentation
Model checking

Loading in 2 Seconds...

play fullscreen
1 / 34

Model checking - PowerPoint PPT Presentation


  • 109 Views
  • Uploaded on

Model checking. -Vasvi Kakkad University of Sydney. Introduction. Most complicated systems routinely built today – difficult to get right Failures are costly Verification techniques needed. Introduction. Formal Verification

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Model checking' - mateja


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
model checking

Model checking

-Vasvi Kakkad

University of Sydney

introduction
Introduction
  • Most complicated systems routinely built today – difficult to get right
  • Failures are costly
  • Verification techniques needed

Model Checking

introduction1
Introduction
  • Formal Verification
    • Apply mathematical arguments to prove the correctness of the system
    • Aims to find bugs in the system and aim to correct

Model Checking

formal verification
Formal Verification
  • Build a mathematical model of system
  • Write correctness requirements
  • Analysis – Check that model satisfies specifications
  • Verification – Analysis either proves or disproves the correctness claim

Model Checking

model checking1
Model Checking
  • Model Checking
    • Technique for automated correctness verification of safety critical reactive systems.
  • More generally
    • Algorithmic analysis to check that a model satisfies a specified property
    • Checks automatically whether a given formula holds in a given model

Model Checking

applications
Applications
  • Electrical Circuits
  • Communication protocols
  • Digital Controller
  • Program Analysis – e.g. Java Path Finder

Model Checking

motivation
Motivation
  • Software/Hardware system – Specification Language
  • Requirements – Temporal Logic
  • State Space generated from the specification
  • Algorithm
    • returns yes, if the property holds for model
    • returns no + counterexample, otherwise

Model Checking

process of model checking
Process of Model Checking
  • 3 Steps
    • Modeling
    • Specification
    • Verification

Model Checking

step 1 modeling
Step 1 : Modeling

Model Checking

modeling
Modeling
  • Convert the system into a formalism – finite automata
  • Limitation on Time and Space – Use abstraction
  • Model a System using Kripke Structure -State Transition Graph

Model Checking

kripke structure
Kripke Structure
  • Structure over a set of atomic propositions
  • M = (S, S0, R, L)
    • S = Finite Set of States
    • S0  S is the Set of Initial States
    • R : S X S is a Transition Relation
    • L : S  2AP – Function labels each state with set of atomic propositions true in that state

Model Checking

example micro oven cooking
Example : Micro-oven Cooking
  • Modeling with Kripke structure
  • M(S, S0, R, L)
    • S = {S1, S2, S3, S4}
    • S0 = S1 – initial state
    • R = ({S1, S2}, {S2, S1}, {S1, S4}, {S4, S2}, {S2, S3}, {S3, S3}, {S3, S2})
    • L(S1) = {¬ close, ¬ start, ¬ cooking}

L(S2) = { close, ¬ start, ¬ cooking}

L(S3) = { close, start, cooking}

L(S4) = {¬ close, start, ¬ cooking}

Model Checking

specification
Specification
  • Specification – Property which model needs to satisfy
  • Can be described in Temporal Logic
  • Temporal Logic - Two ways
    • LTL ( Linear Temporal Logic)
    • CTL (Computation Tree Logic)

Model Checking

comparison ltl v s ctl
Comparison : LTL v/s CTL

LTL

CTL

  • Checks temporal operators along single path
  • Counter examples are easy
  • Nice automata theoretic algorithm
  • Analyzing data flow problems in Imperative language
  • Branching time logic
  • Operators should be preceded by path quantifiers
  • More efficient
  • Amenable to Symbolic techniques
  • Analyzing reactive systems

Model Checking

operators for temporal logic
Operators for Temporal Logic

Basic Temporal

Path Quantifiers

  • X – Next State
  • F – In the Future
  • G – Globally
  • U – Until
  • A – Always/All path
  • E – Exists

Model Checking

temporal operators
Temporal operators

Temporal operators:

Gp

Fp

Xp

pUq

Model Checking

slide19
CTL

CTL operator:

path quantifier + temporal operator

Universal formulas: AX f, A(f U g), AG f , AF f

Existential formulas: EX f, E(f U g), EG f , EFf

Model Checking

temporal properties
Temporal Properties

Model Checking

Safety – Something Bad Never Happens

Liveness – Something Good Eventually Happens

example micro oven cooking1
Example : Micro-oven cooking
  • Specification with CTL
    • AG ( Start  AF Cooking)
    • AG (Close ^ Start )  AF Cooking

Model Checking

step 3 verification
Step 3 : Verification

Model Checking

verification
Verification

Finite State Model

Model Checking

Temporal Logic Formula

verification1
Verification

Finite State Model

Model Checker

Model Checking

Temporal Logic Formula

verification2
Verification

OK

Finite State Model

Model Checker

Model Checking

Counter Example

Temporal Logic Formula

Verification

example micro oven cooking ag start af cooking
Example : Micro-oven cooking AG (start  AF cooking)
  • Convert to Negative Normal Form

¬EF (start ^ EG ¬cooking))

    • S(start) = {S3, S4}
    • S(¬cooking) = {S1, S2, S4}
    • S(EG ¬cooking) = {S1, S2, S4}
    • S(start ^ EG ¬cooking) = {S4}
    • S(EF(start ^ EG ¬cooking)) = {S1, S2, S3, S4}
    • S(¬ EF(start ^ EG ¬cooking)) = {}

Model Checking

problem with ltl model checking
Problem With LTL Model Checking
  • State Space Explosion problem
  • Number of states typically grows exponentially in the number of process

Model Checking

major techniques
Major Techniques
  • Based on Symbolic Structure
  • Based on Automata Theory
  • Other Models – Alternative methods

Model Checking

symbolic model checking
Symbolic Model Checking
  • Symbolic model checking uses

Binary Decision Diagrams ( BDDs )

to represent the model as sets of states

  • BDD
    • Data structure for representing Boolean function
    • Often concise in memory
    • Canonical representation
    • Boolean operation can be done in polynomial time in the BDD size

Model Checking

bdd in model checking
BDD in Model Checking
  • Every set A can be represented by its characteristic function

1 if uAfA(u) =

0 if u  A

  • If the elements of A are encoded by sequences over {0,1}n thenfA is a Booleanfunction and can be represented by a BDD

Model Checking

slide32

a

b

b

c

c

c

c

c

c

c

0

1

0

1

0

1

1

1

BDD

a

a

b

b

b

b

c

c

c

c

0

1

0

1

1

1

1

1

BDD for f(a,b,c) = (a  b )  c

Decision tree

Model Checking

summary
Summary
  • Model Checking – Automated Verification technique
  • Hardware/Software model – Kripke Structure
  • Specification – Temporal Logic (LTL, CTL)
  • Verification (Model Checking) algorithm
  • State Space Explosion Problem
  • Solution : Symbolic Model Checking - BDD

Model Checking

thank you
Thank You...

Model Checking

ad