1 / 32

510 likes | 1.08k Views

Principles of Model Checking. Date: 2013. 04. 22 Speaker: Chih-Chung Wang. Outline. Model Checking Problem Formulation Temporal Logic Bisimulation and CTL* Partial Order Reduction Range-equivalent Circuit Minimization Future Work. Model Checking.

Download Presentation
## Principles of Model Checking

**An Image/Link below is provided (as is) to download presentation**
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.
Content is provided to you AS IS for your information and personal use only.
Download presentation by click this link.
While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

**Principles of Model Checking**Date: 2013. 04. 22 Speaker: Chih-Chung Wang**Outline**• Model Checking • Problem Formulation • Temporal Logic • Bisimulation and CTL* • Partial Order Reduction • Range-equivalent Circuit Minimization • Future Work**Model Checking**• Model checking is a veriﬁcation technique that explores all possible system states in a brute-force manner • a technique for automatically verifying correctness properties of finite-state systems**Model Checking**• Problem formulation • Given: a model of a system and a specification • Goal: exhaustively and automatically check whether this model meets the given specification**Model Checking**• The Model-Checking Process • Modeling • Running • Running the Model Checker • Analysis • Analyzing the Results**Transition System**• Transition System (TS) • (S, Act, → ,I ,AP ,L) • ﬁnite: S, Act, and AP are ﬁnite.**Transition System**• Reachable State • The size of transition system representations grows exponentially in various components, such as the number of variables in a program graph or the number of components in a concurrent system.**State Explosion Problem**• A combinatorial blow up of the state-space • State Explosion Problem or Combinatorial explosion • Symbolic algorithm • avoid ever building the graph for the FSM • represent the graph implicitly using a formula in quantified propositional logic • ex. BDD • Bounded model checking algorithms unroll the FSM for a fixed number of steps and check whether a property violation can occur in or fewer steps • typically involving encoding the restricted model as an instance of SAT**Symbolic Model Checking**• The state space can sometimes be traversed much more efficiently by considering large numbers of states at a single step • binary decision diagrams (BDDs) • BDD • ROBDD • Symbolic Model Checking without BDDs • bounded model checking • for the Linear Temporal Logic (LTL)**Temporal Logic**• ◇ • “eventually” (eventually in the future) • □ • “always” (now and forever in the future) • ○ • “next” • U • “until” • ¬ ,∧ ,∨ , ∃, ∀ ……**Linear Temporal Logic**• Encoding formulae about the future of paths • ◇ “eventually” (eventually in the future) • □“always” (now and forever in the future)**Linear Temporal Logic**• LTL model checking**Linear Temporal Logic**• safety properties • state that something bad never happens • every counterexample has a finite prefix such that, however it is extended to an infinite path, it is still a counterexample • SAT-Based Model Checking Without Unrolling • liveness properties • state that something good keeps happening • every finite prefix of a counterexample can be extended to an infinite path that satisfies the formula**Computation Tree Logic**• Computation tree logic (CTL): a branching-time logic • ∃, ∀ • model of time is a tree-like structure in which the future is not determined**Computation Tree Logic**• CTL model checking • Given: transition system TS and CTL formula Φ • Goal: TS |= Φ**Computation Tree Logic**• CTL model checking • the set Sat(Φ) of all states satisfying Φ is computed recursively • a recursive descent procedure over the parse tree of the state formula to be checked • TS |= Φ if and only if I ⊆ Sat(Φ)**Computation Tree Logic**• assumed that TS is ﬁnite, and has no terminal states • Sat( ∃ (Φ U Ψ) ) • smallest ﬁxed-point • Φ has to hold atleast until at some position Ψ holds. This implies that Ψ will be verified in the future • Sat( ∃□Φ ) • largest ﬁxed-point • less than or equal to all other fixed points**Computation Tree Logic**• CTL model checking • Symbolic CTL model checking • symbolic: sets of states and sets of transitions are represented rather than single states and transitions • SAT-based model checking**Computation Tree Logic**• Symbolic CTL model checking • construct the ROBDD representation of the transition system to be analyzed • in a compositional way by means of synthesis operators (disjunction, conjunction, etc.) • ROBDD representations of the satisfaction sets for the atomic propositions are given • ITE algorithm (to treat the propositional logic fragment of CTL) and the symbolic BFS-based algorithms**Computation Tree Logic**• Timed Automaton (TA) • A = (Q, Σ,C, E, q0) • Timed CTL (TCTL) • Probabilistic • Probabilistic CTL (PCTL)**a superset of CTL and LTL**• a branching time logic • it allows path quantiﬁers ∃ and ∀ to be arbitrarily nested with linear temporal operators such as ○ and U**Bisimulation**• BisimulationEquivalence • binary relation • identify transition systems with the same branching structure, and which thus can simulate each other in a stepwise manner • every step of TS can be matched by one (or more) steps in TS’**Partial Order Reduction**• Reducing the size of the state-space to be searched by a model checking algorithm • analyze only a fragment TS^ of the full transitionsystem TS by ignoring several interleavings of independent actions**Partial Order Reduction**• Ample set • choosing ample(s) ⊆ Act(s) in state s • Nonemptiness • Dependency • Stutter • if action α moving from “right” to “left”does not aﬀect the state labeling, thenit’s stutter-equivalent • Cycle**Bounded Sequential Equivalence Checking**• Checking two circuits in different timeframe • Linear Temporal Logic • Bounded Model Checking • Bound • Sequential depth • Resyn2, NAR, Node Merging, …...**Range-equivalent Circuit Minimization**• Using range to minimize the circuit optimizes the bounded model checking • In model checking, we reduced the repeated reached states from different paths • Range remained - number of states remained • Partial Order Reduction**Future Work**• Running some experimental results • Finding a way to solve the problem of large node numbers • Linking to model checking**Temporal Logic**• ◇ • “eventually” (eventually in the future) • □ • “always” (now and forever in the future) • ○ • “next” • U • “until”

More Related