A simple model checker for ctl
Download
1 / 20

A Simple Model Checker for CTL - PowerPoint PPT Presentation


  • 114 Views
  • Uploaded on

A Simple Model Checker for CTL. (Lecture Notes from Marcello Bonsangue, LIACS - Leiden University http://www.liacs.nl/~marcello/). The problem. We need efficient algorithms to solve the problems [1] M,s  [2] M,s  where M should have finitely many states,

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' A Simple Model Checker for CTL' - hamish-preston


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
A simple model checker for ctl

A SimpleModel Checker for CTL

(Lecture Notes from

Marcello Bonsangue, LIACS - Leiden University

http://www.liacs.nl/~marcello/)


The problem
The problem

  • We need efficient algorithms to solve the problems

    [1] M,s 

    [2] M,s 

    where M should have finitely many states,

    and  is a CTL formula.

  • We concentrate to solution of [2], as [1] can be easily derived from it.

?

?


The solution
The solution

  • Input:A CTL model M and CTL formula 

  • Output: The set of states of M which satisfy 

  • Basic principles:

    • Translate any CTL formula  in terms of the connectives AF,EU,EX, ,, and .

    • Label the states of M with sub-formulas of  that are satisfied there, starting from the smallest sub-formulas and working outwards towards 

    • Output the states labeled by 


The labelling
The labelling

  • An immediatesub-formula of a formula  is any maximal-length formula y other than  itself

  • Let y be a sub-formula of  and assume the states of M have been already labeled by all immediate sub-formulas of y.

    Which states have to be labeled by y?

    We proceed by case analysis


The basic labeling
The basic labeling

  • no states are labeled

  • p label a state s with p if p  l(s)

  • y1y2 label a state s with y1y2 if s is already labeled with both y1 and y2

  • y label a state s with y if s is not already labeled with y


The af labeling
The AF labeling

  • AFy 1. Label with AFy any state s already labeled with y

    2. Repeat until no change: label any state s with AFy if all successors of s are already labeled with Afy

repeat

AFy

AFy

AFy

AFy

AFy

AFy

AFy

… until no change


The eu labeling
The EU labeling

  • E[y1Uy2] 1. Label with E[y1Uy2] any state s already labeled with y2

    2. Repeat until no change: label any state s with E[y1Uy2] if it is labeled with y1 and at least one of its successor is already labeled with E[y1Uy2]

repeat

E[y1Uy2]

E[y1Uy2]

y1

E[y1Uy2]

y1

… until no change


The ex labeling
The EX labeling

  • EXy Label with EXy any state s with one of its successors already labeled with y

y

y

EXy


The eg labeling direct
The EG labeling (direct)

  • EGy 1. Label all the states with EGy

    2. Delete the label EGy from any state s not labeled with y

    3. Repeat until no change: delete the label Egy from any state s if none f its successors is labeled with EGy

repeat

y

EGy

y

EGy

EGy

y

EGy

y

EGy

… until no change


Complexity
Complexity

The complexity of the model checking algorithm is

O(f*V*(V+E))

where f = number of connectives in 

V = number of states of M

E = number of transitions of M

It can be easily improved to an

algorithm linear both in the size of the formula and of the model


Example input
Example: Input

p

q

p

q

 = AF(E[q U p] v EXq)


Example eu step 1
Example: EU - step 1

P

E[qUp]

q

P

E[qUp]

q

1. Label with E[qUp] all states which satisfy p


Example eu step 2 1
Example: EU-step 2.1

E[qUp]

P

E[qUp]

q

E[qUp]

P

E[qUp]

q

2.1 label any state s with E[qUp] if it is labeled with q and at least one of its successor is already labeled with E[qUp]


Example eu step 2 2
Example: EU-step 2.2

E[qUp]

E[qUp]

P

E[qUp]

q

E[qUp]

P

E[qUp]

q

No!

2.2 label any state s with E[qUp] if it is labeled with q and at least one of its successor is already labeled with E[qUp]


Example ex step 3
Example: EX-step 3

E[qUp]

EXq

E[qUp]

q

EXq

P

E[qUp]

EXq

E[qUp]

P

E[qUp]

q

3. Label with EXq any state s with one of its successors already labeled with q


Example step 4
Example: -step 4

E[qUp]

EXq

E[qUp]

EXq

E[qUp]

P,

E[qUp]

,q

EXq

,P

E[qUp]

q

4. Label with  = E[qUp] v EXq any state s already labeled with E[qUp] or EXq


Example af step 5 1
Example: AF-step 5.1

f,

E[qUp]

f,

EXq

f,

E[qUp]

f,

EXq

f,

E[qUp]

P,f,

E[qUp]

f,,q

EXq

f,,P

E[qUp]

q

5.1. Label with f= AF(E[qUp]vEXq) any state already labeled with = E[qUp]vEXq


Example af step 5 2
Example: AF-step 5.2

f,

E[qUp]

f,

EXq

f,

E[qUp]

f,

EXq

f,

E[qUp]

P,f,

E[qUp]

f,,q

EXq

f,,P

E[qUp]

f,q

5.2. label any state s with f if all successors of s are already labeled with f


Example output
Example: Output

p

q

p

q

All states satisfy AF(E[q U p] v EXq)


State explosion
State explosion

  • The algorithm is linear in the size of the model but the size of the model is exponential in the number of variables, components, etc.

    Can we reduce state explosion?

  • Abstraction (what is relevant?)

  • Induction (for ‘similar’ components)

  • Composition (divide and conquer)

  • Reduction (prove semantic equivalence)

  • Ordered binary decision diagrams