1 / 34

Model checking

Model checking. -Vasvi Kakkad University of Sydney. Introduction. Most complicated systems routinely built today – difficult to get right Failures are costly Verification techniques needed. Introduction. Formal Verification

mateja
Download Presentation

Model checking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Model checking -Vasvi Kakkad University of Sydney

  2. Introduction • Most complicated systems routinely built today – difficult to get right • Failures are costly • Verification techniques needed Model Checking

  3. Introduction • Formal Verification • Apply mathematical arguments to prove the correctness of the system • Aims to find bugs in the system and aim to correct Model Checking

  4. Formal Verification • Build a mathematical model of system • Write correctness requirements • Analysis – Check that model satisfies specifications • Verification – Analysis either proves or disproves the correctness claim Model Checking

  5. Model Checking • Model Checking • Technique for automated correctness verification of safety critical reactive systems. • More generally • Algorithmic analysis to check that a model satisfies a specified property • Checks automatically whether a given formula holds in a given model Model Checking

  6. Applications • Electrical Circuits • Communication protocols • Digital Controller • Program Analysis – e.g. Java Path Finder Model Checking

  7. Motivation • Software/Hardware system – Specification Language • Requirements – Temporal Logic • State Space generated from the specification • Algorithm • returns yes, if the property holds for model • returns no + counterexample, otherwise Model Checking

  8. Process of Model Checking • 3 Steps • Modeling • Specification • Verification Model Checking

  9. Step 1 : Modeling Model Checking

  10. Modeling • Convert the system into a formalism – finite automata • Limitation on Time and Space – Use abstraction • Model a System using Kripke Structure -State Transition Graph Model Checking

  11. Kripke Structure • Structure over a set of atomic propositions • M = (S, S0, R, L) • S = Finite Set of States • S0  S is the Set of Initial States • R : S X S is a Transition Relation • L : S  2AP – Function labels each state with set of atomic propositions true in that state Model Checking

  12. Example : Micro-oven Cooking • Modeling with Kripke structure • M(S, S0, R, L) • S = {S1, S2, S3, S4} • S0 = S1 – initial state • R = ({S1, S2}, {S2, S1}, {S1, S4}, {S4, S2}, {S2, S3}, {S3, S3}, {S3, S2}) • L(S1) = {¬ close, ¬ start, ¬ cooking} L(S2) = { close, ¬ start, ¬ cooking} L(S3) = { close, start, cooking} L(S4) = {¬ close, start, ¬ cooking} Model Checking

  13. Graph of Kripke Structure Model Checking

  14. Step 2 : Specification Model Checking

  15. Specification • Specification – Property which model needs to satisfy • Can be described in Temporal Logic • Temporal Logic - Two ways • LTL ( Linear Temporal Logic) • CTL (Computation Tree Logic) Model Checking

  16. Comparison : LTL v/s CTL LTL CTL • Checks temporal operators along single path • Counter examples are easy • Nice automata theoretic algorithm • Analyzing data flow problems in Imperative language • Branching time logic • Operators should be preceded by path quantifiers • More efficient • Amenable to Symbolic techniques • Analyzing reactive systems Model Checking

  17. Operators for Temporal Logic Basic Temporal Path Quantifiers • X – Next State • F – In the Future • G – Globally • U – Until • A – Always/All path • E – Exists Model Checking

  18. Temporal operators Temporal operators: Gp Fp Xp pUq Model Checking

  19. CTL CTL operator: path quantifier + temporal operator Universal formulas: AX f, A(f U g), AG f , AF f Existential formulas: EX f, E(f U g), EG f , EFf Model Checking

  20. Temporal Properties Model Checking Safety – Something Bad Never Happens Liveness – Something Good Eventually Happens

  21. Example : Micro-oven cooking • Specification with CTL • AG ( Start  AF Cooking) • AG (Close ^ Start )  AF Cooking Model Checking

  22. Step 3 : Verification Model Checking

  23. Verification Finite State Model Model Checking Temporal Logic Formula

  24. Verification Finite State Model Model Checker Model Checking Temporal Logic Formula

  25. Verification OK Finite State Model Model Checker Model Checking Counter Example Temporal Logic Formula Verification

  26. Example : Micro-oven cooking AG (start  AF cooking) • Convert to Negative Normal Form ¬EF (start ^ EG ¬cooking)) • S(start) = {S3, S4} • S(¬cooking) = {S1, S2, S4} • S(EG ¬cooking) = {S1, S2, S4} • S(start ^ EG ¬cooking) = {S4} • S(EF(start ^ EG ¬cooking)) = {S1, S2, S3, S4} • S(¬ EF(start ^ EG ¬cooking)) = {} Model Checking

  27. Graph of Kripke Structure Model Checking

  28. Problem With LTL Model Checking • State Space Explosion problem • Number of states typically grows exponentially in the number of process Model Checking

  29. Major Techniques • Based on Symbolic Structure • Based on Automata Theory • Other Models – Alternative methods Model Checking

  30. Symbolic Model Checking • Symbolic model checking uses Binary Decision Diagrams ( BDDs ) to represent the model as sets of states • BDD • Data structure for representing Boolean function • Often concise in memory • Canonical representation • Boolean operation can be done in polynomial time in the BDD size Model Checking

  31. BDD in Model Checking • Every set A can be represented by its characteristic function 1 if uAfA(u) = 0 if u  A • If the elements of A are encoded by sequences over {0,1}n thenfA is a Booleanfunction and can be represented by a BDD Model Checking

  32. a b b c c c c c c c 0 1 0 1 0 1 1 1 BDD a a b b b b c c c c 0 1 0 1 1 1 1 1 BDD for f(a,b,c) = (a  b )  c Decision tree Model Checking

  33. Summary • Model Checking – Automated Verification technique • Hardware/Software model – Kripke Structure • Specification – Temporal Logic (LTL, CTL) • Verification (Model Checking) algorithm • State Space Explosion Problem • Solution : Symbolic Model Checking - BDD Model Checking

  34. Thank You... Model Checking

More Related