Model checking

1 / 34

# Model checking - PowerPoint PPT Presentation

Model checking. -Vasvi Kakkad University of Sydney. Introduction. Most complicated systems routinely built today – difficult to get right Failures are costly Verification techniques needed. Introduction. Formal Verification

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

## PowerPoint Slideshow about ' Model checking' - mateja

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

### Model checking

University of Sydney

Introduction
• Most complicated systems routinely built today – difficult to get right
• Failures are costly
• Verification techniques needed

Model Checking

Introduction
• Formal Verification
• Apply mathematical arguments to prove the correctness of the system
• Aims to find bugs in the system and aim to correct

Model Checking

Formal Verification
• Build a mathematical model of system
• Write correctness requirements
• Analysis – Check that model satisfies specifications
• Verification – Analysis either proves or disproves the correctness claim

Model Checking

Model Checking
• Model Checking
• Technique for automated correctness verification of safety critical reactive systems.
• More generally
• Algorithmic analysis to check that a model satisfies a specified property
• Checks automatically whether a given formula holds in a given model

Model Checking

Applications
• Electrical Circuits
• Communication protocols
• Digital Controller
• Program Analysis – e.g. Java Path Finder

Model Checking

Motivation
• Software/Hardware system – Specification Language
• Requirements – Temporal Logic
• State Space generated from the specification
• Algorithm
• returns yes, if the property holds for model
• returns no + counterexample, otherwise

Model Checking

Process of Model Checking
• 3 Steps
• Modeling
• Specification
• Verification

Model Checking

Step 1 : Modeling

Model Checking

Modeling
• Convert the system into a formalism – finite automata
• Limitation on Time and Space – Use abstraction
• Model a System using Kripke Structure -State Transition Graph

Model Checking

Kripke Structure
• Structure over a set of atomic propositions
• M = (S, S0, R, L)
• S = Finite Set of States
• S0  S is the Set of Initial States
• R : S X S is a Transition Relation
• L : S  2AP – Function labels each state with set of atomic propositions true in that state

Model Checking

Example : Micro-oven Cooking
• Modeling with Kripke structure
• M(S, S0, R, L)
• S = {S1, S2, S3, S4}
• S0 = S1 – initial state
• R = ({S1, S2}, {S2, S1}, {S1, S4}, {S4, S2}, {S2, S3}, {S3, S3}, {S3, S2})
• L(S1) = {¬ close, ¬ start, ¬ cooking}

L(S2) = { close, ¬ start, ¬ cooking}

L(S3) = { close, start, cooking}

L(S4) = {¬ close, start, ¬ cooking}

Model Checking

Specification
• Specification – Property which model needs to satisfy
• Can be described in Temporal Logic
• Temporal Logic - Two ways
• LTL ( Linear Temporal Logic)
• CTL (Computation Tree Logic)

Model Checking

Comparison : LTL v/s CTL

LTL

CTL

• Checks temporal operators along single path
• Counter examples are easy
• Nice automata theoretic algorithm
• Analyzing data flow problems in Imperative language
• Branching time logic
• Operators should be preceded by path quantifiers
• More efficient
• Amenable to Symbolic techniques
• Analyzing reactive systems

Model Checking

Operators for Temporal Logic

Basic Temporal

Path Quantifiers

• X – Next State
• F – In the Future
• G – Globally
• U – Until
• A – Always/All path
• E – Exists

Model Checking

Temporal operators

Temporal operators:

Gp

Fp

Xp

pUq

Model Checking

CTL

CTL operator:

path quantifier + temporal operator

Universal formulas: AX f, A(f U g), AG f , AF f

Existential formulas: EX f, E(f U g), EG f , EFf

Model Checking

Temporal Properties

Model Checking

Safety – Something Bad Never Happens

Liveness – Something Good Eventually Happens

Example : Micro-oven cooking
• Specification with CTL
• AG ( Start  AF Cooking)
• AG (Close ^ Start )  AF Cooking

Model Checking

Step 3 : Verification

Model Checking

Verification

Finite State Model

Model Checking

Temporal Logic Formula

Verification

Finite State Model

Model Checker

Model Checking

Temporal Logic Formula

Verification

OK

Finite State Model

Model Checker

Model Checking

Counter Example

Temporal Logic Formula

Verification

• Convert to Negative Normal Form

¬EF (start ^ EG ¬cooking))

• S(start) = {S3, S4}
• S(¬cooking) = {S1, S2, S4}
• S(EG ¬cooking) = {S1, S2, S4}
• S(start ^ EG ¬cooking) = {S4}
• S(EF(start ^ EG ¬cooking)) = {S1, S2, S3, S4}
• S(¬ EF(start ^ EG ¬cooking)) = {}

Model Checking

Problem With LTL Model Checking
• State Space Explosion problem
• Number of states typically grows exponentially in the number of process

Model Checking

Major Techniques
• Based on Symbolic Structure
• Based on Automata Theory
• Other Models – Alternative methods

Model Checking

Symbolic Model Checking
• Symbolic model checking uses

Binary Decision Diagrams ( BDDs )

to represent the model as sets of states

• BDD
• Data structure for representing Boolean function
• Often concise in memory
• Canonical representation
• Boolean operation can be done in polynomial time in the BDD size

Model Checking

BDD in Model Checking
• Every set A can be represented by its characteristic function

1 if uAfA(u) =

0 if u  A

• If the elements of A are encoded by sequences over {0,1}n thenfA is a Booleanfunction and can be represented by a BDD

Model Checking

a

b

b

c

c

c

c

c

c

c

0

1

0

1

0

1

1

1

BDD

a

a

b

b

b

b

c

c

c

c

0

1

0

1

1

1

1

1

BDD for f(a,b,c) = (a  b )  c

Decision tree

Model Checking

Summary
• Model Checking – Automated Verification technique
• Hardware/Software model – Kripke Structure
• Specification – Temporal Logic (LTL, CTL)
• Verification (Model Checking) algorithm
• State Space Explosion Problem
• Solution : Symbolic Model Checking - BDD

Model Checking

Thank You...

Model Checking