510 likes | 1.08k Views
Principles of Model Checking. Date: 2013. 04. 22 Speaker: Chih-Chung Wang. Outline. Model Checking Problem Formulation Temporal Logic Bisimulation and CTL* Partial Order Reduction Range-equivalent Circuit Minimization Future Work. Model Checking.
E N D
Principles of Model Checking Date: 2013. 04. 22 Speaker: Chih-Chung Wang
Outline • Model Checking • Problem Formulation • Temporal Logic • Bisimulation and CTL* • Partial Order Reduction • Range-equivalent Circuit Minimization • Future Work
Model Checking • Model checking is a veriﬁcation technique that explores all possible system states in a brute-force manner • a technique for automatically verifying correctness properties of finite-state systems
Model Checking • Problem formulation • Given: a model of a system and a specification • Goal: exhaustively and automatically check whether this model meets the given specification
Model Checking • The Model-Checking Process • Modeling • Running • Running the Model Checker • Analysis • Analyzing the Results
Transition System • Transition System (TS) • (S, Act, → ,I ,AP ,L) • ﬁnite: S, Act, and AP are ﬁnite.
Transition System • Reachable State • The size of transition system representations grows exponentially in various components, such as the number of variables in a program graph or the number of components in a concurrent system.
State Explosion Problem • A combinatorial blow up of the state-space • State Explosion Problem or Combinatorial explosion • Symbolic algorithm • avoid ever building the graph for the FSM • represent the graph implicitly using a formula in quantified propositional logic • ex. BDD • Bounded model checking algorithms unroll the FSM for a fixed number of steps and check whether a property violation can occur in or fewer steps • typically involving encoding the restricted model as an instance of SAT
Symbolic Model Checking • The state space can sometimes be traversed much more efficiently by considering large numbers of states at a single step • binary decision diagrams (BDDs) • BDD • ROBDD • Symbolic Model Checking without BDDs • bounded model checking • for the Linear Temporal Logic (LTL)
Temporal Logic • ◇ • “eventually” (eventually in the future) • □ • “always” (now and forever in the future) • ○ • “next” • U • “until” • ¬ ,∧ ,∨ , ∃, ∀ ……
Linear Temporal Logic • Encoding formulae about the future of paths • ◇ “eventually” (eventually in the future) • □“always” (now and forever in the future)
Linear Temporal Logic • LTL model checking
Linear Temporal Logic • safety properties • state that something bad never happens • every counterexample has a finite prefix such that, however it is extended to an infinite path, it is still a counterexample • SAT-Based Model Checking Without Unrolling • liveness properties • state that something good keeps happening • every finite prefix of a counterexample can be extended to an infinite path that satisfies the formula
Computation Tree Logic • Computation tree logic (CTL): a branching-time logic • ∃, ∀ • model of time is a tree-like structure in which the future is not determined
Computation Tree Logic • CTL model checking • Given: transition system TS and CTL formula Φ • Goal: TS |= Φ
Computation Tree Logic • CTL model checking • the set Sat(Φ) of all states satisfying Φ is computed recursively • a recursive descent procedure over the parse tree of the state formula to be checked • TS |= Φ if and only if I ⊆ Sat(Φ)
Computation Tree Logic • assumed that TS is ﬁnite, and has no terminal states • Sat( ∃ (Φ U Ψ) ) • smallest ﬁxed-point • Φ has to hold atleast until at some position Ψ holds. This implies that Ψ will be verified in the future • Sat( ∃□Φ ) • largest ﬁxed-point • less than or equal to all other fixed points
Computation Tree Logic • CTL model checking • Symbolic CTL model checking • symbolic: sets of states and sets of transitions are represented rather than single states and transitions • SAT-based model checking
Computation Tree Logic • Symbolic CTL model checking • construct the ROBDD representation of the transition system to be analyzed • in a compositional way by means of synthesis operators (disjunction, conjunction, etc.) • ROBDD representations of the satisfaction sets for the atomic propositions are given • ITE algorithm (to treat the propositional logic fragment of CTL) and the symbolic BFS-based algorithms
Computation Tree Logic • Timed Automaton (TA) • A = (Q, Σ,C, E, q0) • Timed CTL (TCTL) • Probabilistic • Probabilistic CTL (PCTL)
a superset of CTL and LTL • a branching time logic • it allows path quantiﬁers ∃ and ∀ to be arbitrarily nested with linear temporal operators such as ○ and U
Bisimulation • BisimulationEquivalence • binary relation • identify transition systems with the same branching structure, and which thus can simulate each other in a stepwise manner • every step of TS can be matched by one (or more) steps in TS’
Partial Order Reduction • Reducing the size of the state-space to be searched by a model checking algorithm • analyze only a fragment TS^ of the full transitionsystem TS by ignoring several interleavings of independent actions
Partial Order Reduction • Ample set • choosing ample(s) ⊆ Act(s) in state s • Nonemptiness • Dependency • Stutter • if action α moving from “right” to “left”does not aﬀect the state labeling, thenit’s stutter-equivalent • Cycle
Bounded Sequential Equivalence Checking • Checking two circuits in different timeframe • Linear Temporal Logic • Bounded Model Checking • Bound • Sequential depth • Resyn2, NAR, Node Merging, …...
Range-equivalent Circuit Minimization • Using range to minimize the circuit optimizes the bounded model checking • In model checking, we reduced the repeated reached states from different paths • Range remained - number of states remained • Partial Order Reduction
Future Work • Running some experimental results • Finding a way to solve the problem of large node numbers • Linking to model checking
Temporal Logic • ◇ • “eventually” (eventually in the future) • □ • “always” (now and forever in the future) • ○ • “next” • U • “until”