1 / 48

Logic in computer science ES c233

Logic in computer science ES c233. Prof. Navneet Goyal , CSIS Department, BITS- Pilani Material taken from different sources!!! Some from Text Book ( Huth & Ryan). Topics. Introduction to Verification Approaches to Verification Verification by model checking Temporal logic

iain
Download Presentation

Logic in computer science ES c233

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Logic in computer scienceES c233 Prof. NavneetGoyal, CSIS Department, BITS-Pilani Material taken from different sources!!! Some from Text Book (Huth & Ryan)

  2. Topics • Introduction to Verification • Approaches to Verification • Verification by model checking • Temporal logic • LTL (linear time logic) • CTL (computational time logic)

  3. Verification • Verifying correctness of a computer system is a very critical job (HW, SW, or both) • This is most obvious in the case of safety-critical systems • ex. Cars, avionics, medical devices • Also applies to mass-produced embedded devices • ex. handphone, USB memory, MP3 players, etc • Formal verification methods are in huge demand!

  4. Try 4195835 – 4195835 / 3145727 * 3145727. In 94’ Pentium, it doesn’t return 0, but 256. Intel uses the SRT algorithm for floating point division. Five entries in the lookup table are missing. Cost: $500 million Intel Pentium FDIV Bug

  5. AMD’s TLB Bug?? • AMD Family 10h revision B2 processors suffer from an issue in the processor TLB (Translation Lookaside Buffer). • Launch date of these processors was delayed in September, 2007. • AMD doesn’t have official announcement yet, but you can google “AMD Barcelona bug” for plenty of discussion.

  6. Verification • Verification comprises of 3 parts • a system description language • a requirement specification language • a verification method to establish whether the description of a system satisfies the requirement specification

  7. Approaches to Verification • Proof-based vs. model-based • Degree of automation • Full vs. property verification • Intended domain of application • Pre- vs. post-development

  8. Proof-based vs. model-based • Proof-based • System description is a set of formulas in a suitable logic • Specification is another formula ϕ • Verification method consists of trying to prove that • Model-based • System is represented by a model for an appropriate logic • Specification is represented by formula ϕ • Check whether • Automatic for finite models

  9. Proof-based vs. model-based

  10. Model Checking • Model based • Automatic • Post-development • Property verification • Focuses explicitly on temporal properties & temporal evolutions of a system • Based on “temporal logic”

  11. Model Checking • Model checking is an automatic verification techniquefor finite state concurrent systems. • Developed independently by Clarke and Emerson and by Queille and Sifakisin early 1980’s. • Specifications are written in propositional temporal logic. • Verification procedure is an exhaustive search of the state space of the design.

  12. Temporal Logic • Temporal logic is to reason about time • Temporal logic is applicable in many engineering fields • since the behavior of a target system can be described as a function of time • unlike mathematical expressions such as 1+1 = 2 whose behavior is static • Consider the statement: "I am hungry." • Though its meaning is constant in time, the truth value of the statement can vary in time. • Sometimes the statement is true, and sometimes the statement is false, but the statement is never true and false simultaneously. • In a temporal logic, statements can have a truth value which can vary in time. • Contrast this with predicate logic, which can only handle statements whose truth value is constant in time.

  13. Temporal Logic • Temporal logic refers modal-logic type of approach introduced around 1960 by Arthur Prior under the name of Tense Logic • subsequently developed further by logicians and computer scientists such as Amir Pnueli • Received great attention for its application on formal verification • Example: • File server: If a request is made to print a file, eventually the file will be printed • Operating system: The system will always run. The system will never crash • In temporal logic, new operators are introduced that enable the time variables and their relationships (e.g. t2 ≥ t1) to be implicitly indicated

  14. Temporal Logic • Temporal logic has received great attention for its application in verification field since 1980 • Many temporal logics have been proposed • We focus on two main types • Linear time logic (LTL) • Linear – each moment in time has a unique possible future. • Branching time logic • Branching – each moment in time can split into various possible futures • Computation tree logic (CTL). • LTL & CTL have been extremely useful in verifying HW and communication protocols and also to verification of SW

  15. Linear Time Logic • LTL models time as a sequence of states, extending infinitely into the future • sometimes a sequence of states is called a computation path or an execution path, or simply a path

  16. Model of computation Microwave Oven Example State-transition graph describes system evolving over time. ~ Start ~ Close ~ Heat ~ Error ~ Start Close Heat ~ Error Start ~ Close ~ Heat Error ~ Start Close ~ Heat ~ Error Start Close ~ Heat Error Start Close ~ Heat ~ Error Start Close Heat ~ Error

  17. The oven doesn’t heat up until the door is closed. Notheat_up holds untildoor_closed (~heat_up) Udoor_closed Temporal Logic and Model Checking

  18. LTL • Allows us to refer to the future • Models time as a sequence of states, extending infinitely into the future • Sequence of states is called as computation path or simply path • We consider several paths (possibilities) representing different possible futures • Only one path might be the actual path that is realized

  19. LTL • Atoms • Atoms represent atomic facts • Printer P1 is busy • Processor 2 is idle • Register R1 has integer value 6 • Syntax of LTL – pp 175 • Temporal Connectives – X, F, G, U, R, & W

  20. Linear Time Logic

  21. LTL: Syntax & Semantics

  22. LTL - Linear Time Logic Determines Patterns on Infinite Traces Atomic Propositions Boolean Operations Temporal operators a“a is true now”X a “a is true in the neXt state”Fa “a will be true in the Future”Ga “a will be Globally true in the future”a U b “a will hold true Until b becomes true” a

  23. LTL - Linear Time Logic Determines Patterns on Infinite Traces Atomic Propositions Boolean Operations Temporal operators a “a is true now”X a“a is true in the neXt state”Fa “a will be true in the Future”Ga “a will be Globally true in the future”a U b “a will hold true Until b becomes true” a

  24. LTL - Linear Time Logic Determines Patterns on Infinite Traces Atomic Propositions Boolean Operations Temporal operators a “a is true now”X a “a is true in the neXt state”Fa“a will be true in the Future”Ga “a will be Globally true in the future”a U b “a will hold true Until b becomes true” a

  25. LTL - Linear Time Logic Determines Patterns on Infinite Traces Atomic Propositions Boolean Operations Temporal operators a “a is true now”X a “a is true in the neXt state”Fa “a will be true in the Future”Ga“a will be Globally true in the future”a U b “a will hold true Until b becomes true” a a a a a

  26. LTL - Linear Time Logic Determines Patterns on Infinite Traces Atomic Propositions Boolean Operations Temporal operators a “a is true now”X a “a is true in the neXt state”Fa “a will be true in the Future”Ga “a will be Globally true in the future”a U b“a will hold true Until b becomes true” a a a a b

  27. LTL • Systems we are interested in verifying using LTL may be modeled as transition systems • Transitions Systems • States (static structure) • Transitions (dynamic structure) • Definition – pp 178 • Requirement of a transition system – NO STATE CAN BE DEADLOCKED!

  28. What We can Express in LTL • All Boolean logic properties. “Process 2 is in the critical section” • next p – p holds in the next state. “Process 2 will be in the critical section in the next state” • eventually! p – eventually p holds. “eventually process 2 will enter the critical section”

  29. What We Cannot Express in LTL? • Counting example: “p is asserted in every even cycle” All the following traces satisfy this property !p,p,!p,p,… p,p,p,p,…. p,p,!p,p,p,p… • No linear-time temporal formula can express this property.

  30. Semantics of LTL

  31. Semantics of LTL

  32. Semantics of LTL

  33. Branching-time Logic • LTL formulas are evaluated on paths • State of a transition system satisfies an LTL formula if all paths from the given state satisfy it • LTL implicitly quantifies universally over paths • As a result, properties which assert existence of a path cannot be expressed in LTL • Consider the negation of the property in question • To check whether there exists a path s satisfying LTL formula ϕ, we check whether all paths satisfy ¬ϕ • A +ve answer to the this is a –ve answer to the original question, and vice-versa.

  34. Branching-time Logic • Properties that mix universal and existential path quantifiers can not be model checked using this approach • Complementation would still have a mix! • BTL solves this problem by allowing us to quantify explicitly over paths • Enter CTL (Computation Tree Logic) • In addition to temporal connectives U, F, G & X, we also have quantifiers E (exists a path) & A (all paths) • A reachable state satisfying q: EF q

  35. Computation Tree Logic • A BTL • Model of time is a tree like structure • Future is not determined • Different paths in the future, any one of which might be the actual path that is realized • Syntax of CTL – pp 208 ( the familiar Backus Naur form) • A means along all paths – inevitably • E means along at least one path – possibly

  36. Computation Tree Logic • Precedence • AG, EG, AF, EF,AX, EX,,V →, AU, EU • Note that the following formulas are not well-formed CTL • formulas • EF G r • A ¬G ¬ p • F (r U q) • EF (r U q) • AEF r • A ((r U q)  (p U r))

  37. Computation Tree Logic A [(AX ¬p) U (E [(EX pVq) U ¬p)]]

  38. Semantics of CTL

  39. Semantics of CTL

  40. Semantics of CTL

  41. Comparison of LTL & CTL

  42. LTL, CTL & CTL*

  43. LTL, CTL, & CTL* • CTL allows explicit quantification over paths and in this respect is more expressive than LTL • CTL does not allow one to select a range of paths by describing them with a formula, as LTL does. In this respect LTL is more expressive. • All paths which have a p also have a q among them – LTL FpFq • Not possible in CTL because of the constraint that every F as an associated E or A. • AF p  AF q

More Related