Download presentation

Presentation is loading. Please wait.

Published byYahir Grissom Modified over 2 years ago

1
M ODEL CHECKING -Vasvi Kakkad University of Sydney

2
I NTRODUCTION Most complicated systems routinely built today – difficult to get right Failures are costly Verification techniques needed 2 Model Checking

3
I NTRODUCTION Formal Verification Apply mathematical arguments to prove the correctness of the system Aims to find bugs in the system and aim to correct 3 Model Checking

4
F ORMAL V ERIFICATION Build a mathematical model of system Write correctness requirements Analysis – Check that model satisfies specifications Verification – Analysis either proves or disproves the correctness claim 4 Model Checking

5
M ODEL C HECKING Model Checking Technique for automated correctness verification of safety critical reactive systems. More generally Algorithmic analysis to check that a model satisfies a specified property Checks automatically whether a given formula holds in a given model 5 Model Checking

6
A PPLICATIONS Electrical Circuits Communication protocols Digital Controller Program Analysis – e.g. Java Path Finder 6 Model Checking

7
M OTIVATION Software/Hardware system – Specification Language Requirements – Temporal Logic State Space generated from the specification Algorithm returns yes, if the property holds for model returns no + counterexample, otherwise 7 Model Checking

8
P ROCESS OF M ODEL C HECKING 3 Steps Modeling Specification Verification 8 Model Checking

9
S TEP 1 : M ODELING 9 Model Checking

10
M ODELING Convert the system into a formalism – finite automata Limitation on Time and Space – Use abstraction Model a System using Kripke Structure - State Transition Graph 10 Model Checking

11
K RIPKE S TRUCTURE Structure over a set of atomic propositions M = (S, S0, R, L) S = Finite Set of States S0 S is the Set of Initial States R : S X S is a Transition Relation L : S 2 AP – Function labels each state with set of atomic propositions true in that state 11 Model Checking

12
E XAMPLE : M ICRO - OVEN C OOKING Modeling with Kripke structure M(S, S0, R, L) S = {S1, S2, S3, S4} S0 = S1 – initial state R = ({S1, S2}, {S2, S1}, {S1, S4}, {S4, S2}, {S2, S3}, {S3, S3}, {S3, S2}) L(S1) = {¬ close, ¬ start, ¬ cooking} L(S2) = { close, ¬ start, ¬ cooking} L(S3) = { close, start, cooking} L(S4) = {¬ close, start, ¬ cooking} 12 Model Checking

13
G RAPH OF K RIPKE S TRUCTURE 13 Model Checking

14
S TEP 2 : S PECIFICATION 14 Model Checking

15
S PECIFICATION Specification – Property which model needs to satisfy Can be described in Temporal Logic Temporal Logic - Two ways LTL ( Linear Temporal Logic) CTL (Computation Tree Logic) 15 Model Checking

16
C OMPARISON : LTL V / S CTL Checks temporal operators along single path Counter examples are easy Nice automata theoretic algorithm Analyzing data flow problems in Imperative language Branching time logic Operators should be preceded by path quantifiers More efficient Amenable to Symbolic techniques Analyzing reactive systems LTLCTL 16 Model Checking

17
O PERATORS FOR T EMPORAL L OGIC X – Next State F – In the Future G – Globally U – Until A – Always/All path E – Exists Basic TemporalPath Quantifiers 17 Model Checking

18
T EMPORAL OPERATORS Temporal operators: Gp Fp Xp pUq 18 Model Checking

19
CTL CTL operator: path quantifier + temporal operator Universal formulas: AX f, A(f U g), AG f, AF f Existential formulas: EX f, E(f U g), EG f, EFf 19 Model Checking

20
T EMPORAL P ROPERTIES UniversalExistential SafetyAGpEGp livenessAFpEFp Safety – Something Bad Never Happens Liveness – Something Good Eventually Happens 20 Model Checking

21
E XAMPLE : M ICRO - OVEN COOKING Specification with CTL AG ( Start AF Cooking) AG (Close ^ Start ) AF Cooking 21 Model Checking

22
S TEP 3 : V ERIFICATION 22 Model Checking

23
V ERIFICATION Temporal Logic Formula Finite State Model 23 Model Checking

24
V ERIFICATION Temporal Logic Formula Finite State Model Model Checker 24 Model Checking

25
V ERIFICATION Temporal Logic Formula Finite State Model Model Checker Counter Example OK Verification 25 Model Checking

26
E XAMPLE : M ICRO - OVEN COOKING AG ( START AF COOKING ) Convert to Negative Normal Form ¬EF (start ^ EG ¬cooking)) S(start) = {S3, S4} S( ¬cooking) = {S1, S2, S4} S(EG ¬cooking) = {S1, S2, S4} S(start ^ EG ¬cooking) = {S4} S(EF(start ^ EG ¬cooking)) = {S1, S2, S3, S4} S(¬ EF(start ^ EG ¬cooking)) = {} 26 Model Checking

27
G RAPH OF K RIPKE S TRUCTURE 27 Model Checking

28
P ROBLEM W ITH LTL M ODEL C HECKING State Space Explosion problem Number of states typically grows exponentially in the number of process 28 Model Checking

29
M AJOR T ECHNIQUES Based on Symbolic Structure Based on Automata Theory Other Models – Alternative methods 29 Model Checking

30
S YMBOLIC M ODEL C HECKING o Symbolic model checking uses Binary Decision Diagrams ( BDDs ) to represent the model as sets of states BDD Data structure for representing Boolean function Often concise in memory Canonical representation Boolean operation can be done in polynomial time in the BDD size 30 Model Checking

31
BDD IN M ODEL C HECKING Every set A can be represented by its characteristic function 1 if u A f A (u) = 0 if u A If the elements of A are encoded by sequences over {0,1} n then f A is a Boolean function and can be represented by a BDD 31 Model Checking

32
a b c 10 c 11 b c 11 b cc b 0110 a b cc 1110 ccc BDD FOR F ( A, B, C ) = ( A B ) C Decision tree a b c 10 BDD 32 Model Checking

33
S UMMARY Model Checking – Automated Verification technique Hardware/Software model – Kripke Structure Specification – Temporal Logic (LTL, CTL) Verification (Model Checking) algorithm State Space Explosion Problem Solution : Symbolic Model Checking - BDD 33 Model Checking

34
T HANK Y OU... 34 Model Checking

Similar presentations

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google