1 / 13

# Network Protocols - PowerPoint PPT Presentation

NETW 703. Network Protocols. Symbolic Model Checking Revision Slides. Dr. Eng. Amr T. Abdel-Hamid. Slides based on slides of: Jim Kurose, Keith Ross, “Computer Networking: A Top Down Approach Featuring the Internet”, 2nd edition, Addison-Wesley, July 2002.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

## PowerPoint Slideshow about 'Network Protocols' - blenda

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

### Network Protocols

Symbolic Model Checking

Revision Slides

Dr. Eng. Amr T. Abdel-Hamid

• Slides based on slides of:

• Jim Kurose, Keith Ross, “Computer Networking: A Top Down Approach Featuring the Internet”, 2nd edition, Addison-Wesley, July 2002.

• Jiangchuan (JC) Liu , Assistant Professor, SFU & others

Winter 2012

• Now, we can think of all temporal operators also as functions from sets of states to sets of states

• For example:

or if we use the set notation

AX p = (S - EX(S - p))

• Logic Set

• p  q p  q

• p  q p  q

• p S – p

False 

True S

AG p =  y . p  AX y AG p = p  AX AG p

EG p =  y . p  EX y EG p = p  EX EG p

AF p =  y . p  AX y AF p = p  AX AF p

EF p =  y . p  EX y EF p = p  EX EF p

A(pUq) =  y . q  A (p  X (y)) A(pUq)=q  (p  AX (p AU q))

E(pUq) =  y . q  E (p  X (y)) E(pUq) = q  (p  EX (p EU q))

Fixpoint Characterizations

EF p =  y . p  EX y is the limit of the sequence:

, pEX , pEX(pEX ) , pEX(pEX(p EX )) , ...

which is equivalent to

, p, p  EX p , p  EX (p  EX (p) ) , ...

p

s1

s2

s3

s4

p

Start

1st iteration

pEX  = {s1,s4} EX()= {s1,s4}   ={s1,s4}

2nd iteration

pEX(pEX ) = {s1,s4} EX({s1,s4})= {s1,s4} {s3}={s1,s3,s4}

3rd iteration

pEX(pEX(p EX )) = {s1,s4} EX({s1,s3,s4})= {s1,s4} {s2,s3,s4}={s1,s2,s3,s4}

4th iteration

pEX(pEX(pEX(p EX ))) = {s1,s4} EX({s1,s2,s3,s4})= {s1,s4}  {s1,s2,s3,s4} = {s1,s2,s3,s4}

EF(p)states that can reach p  p EX(p)  EX(EX(p))  ...

p

• • •

EF(p)

Given a monotonic function F, its greatest fixpoint is the least upper bound (lub) of all the extensive elements:

 y. F y =  { y | F y  y }

The greatest fixpoint  y . F y is the limit of the following sequence (assuming F is -continuous):

S, F S, F2 S, F3 S, ...

If S is finite, then we can compute the greatest fixpoint using the above sequence

Similarly, EG p =  y . p  EX y is the limit of the sequence:

S, pEX S, pEX(p  EX S) , pEX(p  EX (p  EX S)) , ...

which is equivalent to

S, p, p  EX p , p  EX (p  EX (p) ) , ...

p

p

s1

s2

s3

s4

p

Start

S = {s1,s2,s3,s4}

1st iteration

pEX S = {s1,s3,s4}EX({s1,s2,s3,s4})= {s1,s3,s4}{s1,s2,s3,s4}={s1,s3,s4}

2nd iteration

pEX(pEX S) = {s1,s3,s4}EX({s1,s3,s4})= {s1,s3,s4}{s2,s3,s4}={s3,s4}

3rd iteration

pEX(pEX(pEX S)) = {s1,s3,s4}EX({s3,s4})= {s1,s3,s4}{s2,s3,s4}={s3,s4}

EG(p)  states that can avoid reaching pp EX(p)  EX(EX(p))  ...

• • •

EG(p)

• For the FSM below, formally check the following properties, using Fixpoint Theorm:

• AG(a ∨c ∨b)

• AF(ab)

• If failed show the subset of the design the property holds for as well as the counter example

1

2

4

3

c

a

a,b

b,c

d

c

6

S = {1,2,3,4,5,6}, AP = {a,b,c,d},

R = {(1,2), (1,3),(2,3), (3,4), (4,4), (4,5), (5,2), (2,6), (6,1)}

L(1) = {a,b}, L(2) = {c}, L(3) = {b,c}, L(4) = {a}, L(5) = {c}, L(6) = {d}

5

• Remember that:

• H(a∪b) = H(a) ∪ H(b) ∪ H(c) ={1,4} ∪ {2,3,5} ∪ {1,3} = {1,2,3,4,5}

• AG(a ∨c ∨b) = AG p =  y . p  AX y =  y . p  AX y

• AX p = EX(p)

• I0  S = {1,2,3,4,5,6}

• I1  {1,2,3,4,5} ∩ S = {1,2,3,4,5} ∩ {1,3,4,5,6} = {1,2,3,4,5}

• I2  {1,2,3,4,5} ∩ AX(1,2,3,4,5) = {1,2,3,4,5} ∩ {1,3,4,5,6} = {1,3,4,5}

• This is because that : AX(1,2,3,4,5) =  EX((1,2,3,4,5)) =  EX(6) =  (2) = S- {2 } = {1,3,4,5,6}

• I3  {1,2,3,4,5} ∩ AX(1,3,4,5) = {1,3,4,5}

• This is because that : AX(1,3,4,5) =  EX((1,3,4,5)) = ****

• I3 = I2  H(AG(a∨b ∨ c)) = {1,3,4,5}

• The property does not hold, except for the above states, and it is clear that states {2,6} can be considered as counter examples.

• state 6 does not contain neither a,c,b and state 2 does not have a proceeding one on one of its pathes path (2,6)

Example (AF(ab))