Create Presentation
Download Presentation

Download Presentation
## Principles of Model Checking

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -

**Principles of Model Checking**Date: 2013. 04. 22 Speaker: Chih-Chung Wang**Outline**• Model Checking • Problem Formulation • Temporal Logic • Bisimulation and CTL* • Partial Order Reduction • Range-equivalent Circuit Minimization • Future Work**Model Checking**• Model checking is a veriﬁcation technique that explores all possible system states in a brute-force manner • a technique for automatically verifying correctness properties of finite-state systems**Model Checking**• Problem formulation • Given: a model of a system and a specification • Goal: exhaustively and automatically check whether this model meets the given specification**Model Checking**• The Model-Checking Process • Modeling • Running • Running the Model Checker • Analysis • Analyzing the Results**Transition System**• Transition System (TS) • (S, Act, → ,I ,AP ,L) • ﬁnite: S, Act, and AP are ﬁnite.**Transition System**• Reachable State • The size of transition system representations grows exponentially in various components, such as the number of variables in a program graph or the number of components in a concurrent system.**State Explosion Problem**• A combinatorial blow up of the state-space • State Explosion Problem or Combinatorial explosion • Symbolic algorithm • avoid ever building the graph for the FSM • represent the graph implicitly using a formula in quantified propositional logic • ex. BDD • Bounded model checking algorithms unroll the FSM for a fixed number of steps and check whether a property violation can occur in or fewer steps • typically involving encoding the restricted model as an instance of SAT**Symbolic Model Checking**• The state space can sometimes be traversed much more efficiently by considering large numbers of states at a single step • binary decision diagrams (BDDs) • BDD • ROBDD • Symbolic Model Checking without BDDs • bounded model checking • for the Linear Temporal Logic (LTL)**Temporal Logic**• ◇ • “eventually” (eventually in the future) • □ • “always” (now and forever in the future) • ○ • “next” • U • “until” • ¬ ,∧ ,∨ , ∃, ∀ ……**Linear Temporal Logic**• Encoding formulae about the future of paths • ◇ “eventually” (eventually in the future) • □“always” (now and forever in the future)**Linear Temporal Logic**• LTL model checking**Linear Temporal Logic**• safety properties • state that something bad never happens • every counterexample has a finite prefix such that, however it is extended to an infinite path, it is still a counterexample • SAT-Based Model Checking Without Unrolling • liveness properties • state that something good keeps happening • every finite prefix of a counterexample can be extended to an infinite path that satisfies the formula**Computation Tree Logic**• Computation tree logic (CTL): a branching-time logic • ∃, ∀ • model of time is a tree-like structure in which the future is not determined**Computation Tree Logic**• CTL model checking • Given: transition system TS and CTL formula Φ • Goal: TS |= Φ**Computation Tree Logic**• CTL model checking • the set Sat(Φ) of all states satisfying Φ is computed recursively • a recursive descent procedure over the parse tree of the state formula to be checked • TS |= Φ if and only if I ⊆ Sat(Φ)**Computation Tree Logic**• assumed that TS is ﬁnite, and has no terminal states • Sat( ∃ (Φ U Ψ) ) • smallest ﬁxed-point • Φ has to hold atleast until at some position Ψ holds. This implies that Ψ will be verified in the future • Sat( ∃□Φ ) • largest ﬁxed-point • less than or equal to all other fixed points**Computation Tree Logic**• CTL model checking • Symbolic CTL model checking • symbolic: sets of states and sets of transitions are represented rather than single states and transitions • SAT-based model checking**Computation Tree Logic**• Symbolic CTL model checking • construct the ROBDD representation of the transition system to be analyzed • in a compositional way by means of synthesis operators (disjunction, conjunction, etc.) • ROBDD representations of the satisfaction sets for the atomic propositions are given • ITE algorithm (to treat the propositional logic fragment of CTL) and the symbolic BFS-based algorithms**Computation Tree Logic**• Timed Automaton (TA) • A = (Q, Σ,C, E, q0) • Timed CTL (TCTL) • Probabilistic • Probabilistic CTL (PCTL)**a superset of CTL and LTL**• a branching time logic • it allows path quantiﬁers ∃ and ∀ to be arbitrarily nested with linear temporal operators such as ○ and U**Bisimulation**• BisimulationEquivalence • binary relation • identify transition systems with the same branching structure, and which thus can simulate each other in a stepwise manner • every step of TS can be matched by one (or more) steps in TS’**Partial Order Reduction**• Reducing the size of the state-space to be searched by a model checking algorithm • analyze only a fragment TS^ of the full transitionsystem TS by ignoring several interleavings of independent actions**Partial Order Reduction**• Ample set • choosing ample(s) ⊆ Act(s) in state s • Nonemptiness • Dependency • Stutter • if action α moving from “right” to “left”does not aﬀect the state labeling, thenit’s stutter-equivalent • Cycle**Bounded Sequential Equivalence Checking**• Checking two circuits in different timeframe • Linear Temporal Logic • Bounded Model Checking • Bound • Sequential depth • Resyn2, NAR, Node Merging, …...**Range-equivalent Circuit Minimization**• Using range to minimize the circuit optimizes the bounded model checking • In model checking, we reduced the repeated reached states from different paths • Range remained - number of states remained • Partial Order Reduction**Future Work**• Running some experimental results • Finding a way to solve the problem of large node numbers • Linking to model checking**Temporal Logic**• ◇ • “eventually” (eventually in the future) • □ • “always” (now and forever in the future) • ○ • “next” • U • “until”