- 108 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about ' Model checking' - mateja

**An Image/Link below is provided (as is) to download presentation**
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

Presentation Transcript

Introduction

- Most complicated systems routinely built today – difficult to get right
- Failures are costly
- Verification techniques needed

Model Checking

Introduction

- Formal Verification
- Apply mathematical arguments to prove the correctness of the system
- Aims to find bugs in the system and aim to correct

Model Checking

Formal Verification

- Build a mathematical model of system
- Write correctness requirements
- Analysis – Check that model satisfies specifications
- Verification – Analysis either proves or disproves the correctness claim

Model Checking

Model Checking

- Model Checking
- Technique for automated correctness verification of safety critical reactive systems.

- More generally
- Algorithmic analysis to check that a model satisfies a specified property
- Checks automatically whether a given formula holds in a given model

Model Checking

Applications

- Electrical Circuits
- Communication protocols
- Digital Controller
- Program Analysis – e.g. Java Path Finder

Model Checking

Motivation

- Software/Hardware system – Specification Language
- Requirements – Temporal Logic
- State Space generated from the specification
- Algorithm
- returns yes, if the property holds for model
- returns no + counterexample, otherwise

Model Checking

Step 1 : Modeling

Model Checking

Modeling

- Convert the system into a formalism – finite automata
- Limitation on Time and Space – Use abstraction
- Model a System using Kripke Structure -State Transition Graph

Model Checking

Kripke Structure

- Structure over a set of atomic propositions
- M = (S, S0, R, L)
- S = Finite Set of States
- S0 S is the Set of Initial States
- R : S X S is a Transition Relation
- L : S 2AP – Function labels each state with set of atomic propositions true in that state

Model Checking

Example : Micro-oven Cooking

- Modeling with Kripke structure
- M(S, S0, R, L)
- S = {S1, S2, S3, S4}
- S0 = S1 – initial state
- R = ({S1, S2}, {S2, S1}, {S1, S4}, {S4, S2}, {S2, S3}, {S3, S3}, {S3, S2})
- L(S1) = {¬ close, ¬ start, ¬ cooking}
L(S2) = { close, ¬ start, ¬ cooking}

L(S3) = { close, start, cooking}

L(S4) = {¬ close, start, ¬ cooking}

Model Checking

Graph of Kripke Structure

Model Checking

Step 2 : Specification

Model Checking

Specification

- Specification – Property which model needs to satisfy
- Can be described in Temporal Logic
- Temporal Logic - Two ways
- LTL ( Linear Temporal Logic)
- CTL (Computation Tree Logic)

Model Checking

Comparison : LTL v/s CTL

LTL

CTL

- Checks temporal operators along single path
- Counter examples are easy
- Nice automata theoretic algorithm
- Analyzing data flow problems in Imperative language

- Branching time logic
- Operators should be preceded by path quantifiers
- More efficient
- Amenable to Symbolic techniques
- Analyzing reactive systems

Model Checking

Operators for Temporal Logic

Basic Temporal

Path Quantifiers

- X – Next State
- F – In the Future
- G – Globally
- U – Until

- A – Always/All path
- E – Exists

Model Checking

CTL

CTL operator:

path quantifier + temporal operator

Universal formulas: AX f, A(f U g), AG f , AF f

Existential formulas: EX f, E(f U g), EG f , EFf

Model Checking

Temporal Properties

Model Checking

Safety – Something Bad Never Happens

Liveness – Something Good Eventually Happens

Example : Micro-oven cooking

- Specification with CTL
- AG ( Start AF Cooking)
- AG (Close ^ Start ) AF Cooking

Model Checking

Step 3 : Verification

Model Checking

Verification

OK

Finite State Model

Model Checker

Model Checking

Counter Example

Temporal Logic Formula

Verification

Example : Micro-oven cooking AG (start AF cooking)

- Convert to Negative Normal Form
¬EF (start ^ EG ¬cooking))

- S(start) = {S3, S4}
- S(¬cooking) = {S1, S2, S4}
- S(EG ¬cooking) = {S1, S2, S4}
- S(start ^ EG ¬cooking) = {S4}
- S(EF(start ^ EG ¬cooking)) = {S1, S2, S3, S4}
- S(¬ EF(start ^ EG ¬cooking)) = {}

Model Checking

Graph of Kripke Structure

Model Checking

Problem With LTL Model Checking

- State Space Explosion problem
- Number of states typically grows exponentially in the number of process

Model Checking

Major Techniques

- Based on Symbolic Structure
- Based on Automata Theory
- Other Models – Alternative methods

Model Checking

Symbolic Model Checking

- Symbolic model checking uses
Binary Decision Diagrams ( BDDs )

to represent the model as sets of states

- BDD
- Data structure for representing Boolean function
- Often concise in memory
- Canonical representation
- Boolean operation can be done in polynomial time in the BDD size

Model Checking

BDD in Model Checking

- Every set A can be represented by its characteristic function
1 if uAfA(u) =

0 if u A

- If the elements of A are encoded by sequences over {0,1}n thenfA is a Booleanfunction and can be represented by a BDD

Model Checking

b

b

c

c

c

c

c

c

c

0

1

0

1

0

1

1

1

BDD

a

a

b

b

b

b

c

c

c

c

0

1

0

1

1

1

1

1

BDD for f(a,b,c) = (a b ) c

Decision tree

Model Checking

Summary

- Model Checking – Automated Verification technique
- Hardware/Software model – Kripke Structure
- Specification – Temporal Logic (LTL, CTL)
- Verification (Model Checking) algorithm
- State Space Explosion Problem
- Solution : Symbolic Model Checking - BDD

Model Checking

Thank You...

Model Checking

Download Presentation

Connecting to Server..