Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Verification of Parameterized Systems Reducing Model Checking of the Few to the One. E. Allen Emerson, Richard J. Trefler and Thomas Wahl Junaid Surve.

Similar presentations


Presentation on theme: "1 Verification of Parameterized Systems Reducing Model Checking of the Few to the One. E. Allen Emerson, Richard J. Trefler and Thomas Wahl Junaid Surve."— Presentation transcript:

1 1 Verification of Parameterized Systems Reducing Model Checking of the Few to the One. E. Allen Emerson, Richard J. Trefler and Thomas Wahl Junaid Surve

2 22 What, How, Why 1.WHAT IS THE GOAL? Verify; automatically and efficiently; temporal logic properties of a parameterized system for a large finite parameter range. 2.HOW TO ACHIEVE THE GOAL? Merge all instances into single aggregate structure capable of simulating all systems from the range in 1 go. 3.WHY THIS TECHNIQUE? Trades the benefit of solving the verification problem for infinitely many instances of a system, in exchange for greatly enhanced practicability. No manual reasoning. Imposes no restrictions on the input syntax. Easy to implement

3 3 Agenda 1.Introduction 2.Preliminaries 3.The Aggregate System 4.Efficiently Constructing the Aggregate System 5.Verifying the Aggregate System 6.Applications 7.Conclusion

4 4 Introduction MODEL CHECKING A technique for automatically verifying correctness properties of finite- state systems. M |= Ф Many systems composed of replicated components (to allow reusability) System descriptions parameterized by the no. of components PARAMETERIZED VERIFICATION PROBLEM A given property holds for all (i.e. infinitely many) instances of the size parameter ?

5 5 Ways of approaching parameterized verification algorithmically: 1.Identify decidable subclasses of parameterized systems. Restrict system and properties. Give (almost) efficiently verifiable conditions under which the properties hold for all instances. 2.Realize that it is often possible and sufficient to consider a bound on the parameter size. E.g. no. of components that fit on a particular circuit board.

6 TECHNIQUE TO BOUNDED PARAMETERIZED VERIFICATION (with bound N) 1.Check: P 1 |= Ф; P 1 ||P 2 |= Ф; …….. ; P 1 ||P 2 ||P 3 …. || P N |= Ф 2.Construct BDDs for all of these systems. WHY AGGREGATION? 1.Instances of parameterized systems of similar form. 2.To use the power of symbolic data structures to compactly represent a large no. of similar structures, at lesser cost. 6

7 7 Aggregation technique applicable to : Arbitrary, inhomogeneous, finite system family. No restrictions on the syntax of the system description or property. The property (under investigation) : TRUE for few instances.

8 8 Agenda 1.Introduction 2.Preliminaries 3.The Aggregate System 4.Efficiently Constructing the Aggregate System 5.Verifying the Aggregate System 6.Applications 7.Conclusion

9 9 Local states : nodes in the graph Transitions : edges. Consider a token-ring solution to the n-process Mutual Exclusion problem with a shared variable tok ϵ [1::n], and the skeleton Preliminaries NTC tok = self tok := (tok mod n) + 1 Guard Action The transition relation R n of the n-process concurrent system : R n = {(s, t) : Ǝi : i n : ( s ͥ g t ͥ ϵ SKEL ^ V j : j i : s j = t j )} : (1)

10 10 Agenda 1.Introduction 2.Preliminaries 3.The Aggregate System 4.Efficiently Constructing the Aggregate System 5.Verifying the Aggregate System 6.Applications 7.Conclusion

11 11 The Aggregate System AIM: Develop an approach to parameterized verification that : works for any bounded family of systems is derived from a synchronization skeleton is parameterized by the number of processes and arbitrary CTL* properties. I : No. of local states occurring in the skeleton AP : Set of Atomic Propositions The skeleton gives rise to a family (M n ) nϵN of Kripke structures with M n = (S n ; R n ; L n ). We have S n = [0..(l - 1)] n, R n S n x S n, L n : S n 2 AP

12 12 Definition 1. For n N, the completion of a state s n = (s 1,…,s n ) ϵ S n and of an edge (s n, t n ) ϵ R n, respectively, are defined as c(s 1,…,s n ) = (s 1,…,s n,$,…,$) ϵ S, c (s n, t n ) = (c(s n ), c(t n )) ϵ R. A state s ϵ S is proper if there exists a number n such that s is of the form (s 1,…,s n, $,…,$), s j $ V j ϵ [1::n].

13 13 n=1 n=2 n=3 (N, $,$,…,$) (N,N,$,…,$) (N,N,N,…$) (T,$,$,…,$) (T,N,$,…,$) (N,T,$,…,$) (T,N,N,…,$) (N,T,N,…,$) (N,N,T,…$)

14 14 Property 2 For (s,t) ϵ R, both s and t are proper and have the same width. Corollary 3 All states along non empty paths in the aggregate structure M are proper and have the same width.

15 15 Agenda 1.Introduction 2.Preliminaries 3.The Aggregate System 4.Efficiently Constructing the Aggregate System 5.Verifying the Aggregate System 6.Applications 7.Conclusion

16 16 Efficiently Constructing the Aggregate System Theorem 4 Assumption : Family of systems : (S n ; R n ) nN given as a synchronization skeleton. Then c(R n ) = {(s,t) : s is proper of some width n, and nN Ǝ i : i n : (s i g t i ϵ SKEL ˄ V j : j i : s j = t j ) }

17 17 Implementation of the Aggregate System Divide the skeleton edges in two classes: 1.Those independent of the system size n. 2.Those dependant on n. NTC tok = self tok := (tok mod n) + 1 Guard Action

18 18 Implementation of the Aggregate System 1. R := Ф; 2. for p := 1 to N do: 3. for every edge e independent of the system size: 4. R := R ˅ e(p) 5. for n := 1 to N do: 6. for p := 1 to n do: 7. for every edge e dependent on the system size: 8. R := R ˅ (proper (n) ^ e(p; n)) e(p) stands for the propositional. e(p; n) stands for the formula representing edge e executed by p. The term proper (n) symbolizes the set of proper states of width n. It ensures that transition e(p; n) can only be executed from a state that belongs to M n

19 19 Agenda 1.Introduction 2.Preliminaries 3.The Aggregate System 4.Efficiently Constructing the Aggregate System 5.Verifying the Aggregate System 6.Applications 7.Conclusion

20 20 Verifying the Aggregate System AIM –Soundness of the Verification technique Verification of the system accomplished by establishing N bisimulations, one between each M N and M, which contain pairs of a state and its completion. BISIMULATION Given a labeled state transition system (S, Λ, ), a bisimulation relation is a binary relation R over S R S × S, such that both R -1 and R are simulations. (N, $,$)N (T,$,$) T

21 21 Lemma 5 For any n N, the relation s n ϵ S n ~ c(s n ) ϵ S is a bisimulation relation between structures M n and M. Theorem 6 Let f be a CTL* formula, and s n = (s 1, …., s n ) Ʃ = {c(s n ) ϵ S : n N} Then V n : n N : M n, s n |= f iff V s : s ϵ Ʃ : M, s |= f.

22 22 Agenda 1.Introduction 2.Preliminaries 3.The Aggregate System 4.Efficiently Constructing the Aggregate System 5.Verifying the Aggregate System 6.Applications 7.Conclusion

23 23 Application comparision to the One-by One Method One-by-one method and Aggregate technique have same theoretical Power. Example A parallel program written for a particular cluster of machines with a natural upper bound on the parameter: the physical number of CPUs in the cluster. Verification technique - A variant of parallel odd-even sort. Initial state : unconstrained No. of elements to be sorted grows with N. The CTL property we verified is of the form AF sorted.

24 24

25 25 Agenda 1.Introduction 2.Preliminaries 3.The Aggregate System 4.Efficiently Constructing the Aggregate System 5.Verifying the Aggregate System 6.Applications 7.Conclusion

26 26 Conclusion Technique to reduce various instances of an Arbitrary Parameterized System into a single aggregate. Initial states of the original system can be converted appropriatley to the states of the aggregate. Experimental results using a BDD-based implementation of their technique. Shared variables are used for communication and synchronization among processes. They may appear in atomic propositions of CTL* formulas

27 27 Thank You


Download ppt "1 Verification of Parameterized Systems Reducing Model Checking of the Few to the One. E. Allen Emerson, Richard J. Trefler and Thomas Wahl Junaid Surve."

Similar presentations


Ads by Google