Presentation is loading. Please wait.

Presentation is loading. Please wait.

State-Event Software Verification for Branching-Time Specifications Sagar Chaki, Ed Clarke, Joel Ouaknine, Orna Grumberg Natasha Sharygina, Tayssir Touili,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "State-Event Software Verification for Branching-Time Specifications Sagar Chaki, Ed Clarke, Joel Ouaknine, Orna Grumberg Natasha Sharygina, Tayssir Touili,"— Presentation transcript:

1 State-Event Software Verification for Branching-Time Specifications Sagar Chaki, Ed Clarke, Joel Ouaknine, Orna Grumberg Natasha Sharygina, Tayssir Touili, Helmut Veith

2 Software Model-Checking Challenge in computer science Tools: SLAM, BLAST, MAGIC,… Counter-Example Guided Abstraction Refinement (CEGAR)

3 CEGAR Verification Yes System OK Abstraction Model Counterexample Valid? Yes No Counterexample Abstraction Refinement No Spurious Counterexample Property

4 Limitation of CEGAR applications Verification Yes System OK Predicate Abstraction Counterexample Valid? Abstraction Refinement Yes No Counterexample No branching time properties LTL formula Abstraction Model Property

5 Verification Yes System OK Predicate Abstraction Counterexample Valid? Abstraction Refinement Yes No Counterexample LTL formula Abstraction Model Our Goal: Extension to branching-time properties Branching-time formula

6 First Problem CEGAR cannot be applied to general branching-time logics

7 What are counterexamples? property φ S φ universal

8 LTL: universal logic Describes events along a single path G(Req→ F Ack) S ╞ φ iff all the paths of S ╞ φ CEGAR natural for LTL ¬(S ╞ φ) iff exists one path p of S ¬( p╞ φ) p: Counterexample

9 Branching-time properties are not universal Existential operator: AG(EF Restart) CEGAR → Define a universal Branching-time logic

10 Verification Yes System OK Predicate Abstraction Counterexample Valid? Abstraction Refinement Yes No Counterexample Abstraction Model Our Goal: Extension to branching-time properties Branching-time formula

11 We need to: Define an expressive universal branching-time logic Define a model-checking algorithm for this logic Define suitable refinement techniques

12 State/event universal branching-time logic Industrial applications need state/event reasoning Bluetooth: when an action a is received in a q state, the next state has to be p Need to a state/event framework

13 The state/event universal logic SE-AΩ We view time operators as regular path patterns on the time line Fφ:Fφ: Xφ:Xφ: Gφ:Gφ: φUψ:φUψ:

14 The state/event universal logic SE-AΩ Regular expression over ψφφφφ aaba φ a φ

15 The state/event universal logic SE-AΩ K(φ,a): Lφ:Lφ: K(φ,a): φ and a hold at all even time points Lφ: no more than 4 time units between 2 occurrences of φ

16 The state/event universal logic SE-AΩ

17 Labeled Kripke Structure: M=(S,AP,L,Σ,T) p,q p q,r a b c

18 The state/event universal logic SE-AΩ Labeled Kripke Structure: M=(S,AP,L,Σ,T)

19 We need to: Define an expressive universal branching-time logic Define a model-checking algorithm for this logic Define suitable refinement techniques

20 Model-checking algorithm for SE-AΩ p,q p q,r a b c b

21 Model-checking algorithm for SE-AΩ p,q p q,r a b c b

22 Model-checking algorithm for SE-AΩ p,q p q,r a b c b

23 Model-checking algorithm for SE-AΩ p,q p q,r a b c b

24 Model-checking algorithm for SE-AΩ p,q p q,r a b c

25 Verification Yes System OK Predicate Abstraction Counterexample Valid? Abstraction Refinement Yes No Counterexample Abstraction Model Our Goal: Extension to branching-time properties SE-AΩ

26 What is a counterexample formally?

27 CounterExample generation for SE-AΩ Compute a counterexample either for

28 CounterExample generation for SE-AΩ Compute a counterexample for

29 CounterExample generation for SE-AΩ AG ¬p v AF ¬q q q q q p

30 CounterExample generation for SE-AΩ a b c b a b

31 Verification Yes System OK Predicate Abstraction Counterexample Valid? Abstraction Refinement Yes No Counterexample Abstraction Model Our Goal: Extension to branching-time properties SE-AΩ

32 Verification Yes System OK Predicate Abstraction Counterexample Valid? Abstraction Refinement Yes No Counterexample Abstraction Model Our Goal: Extension to branching-time properties SE-AΩ

33 a b c b a c Projection

34 Weak simulation a a p,q

35 Compositionality Theorem: iff

36 Verification Yes System OK Predicate Abstraction Counterexample Valid? Abstraction Refinement Yes No Counterexample Abstraction Model Our Goal: Extension to branching-time properties SE-AΩ

37 Compositional refinement P1P1 SpecP2P2 P3P3 P4P4 Abstraction Spec A1A1 A2A2 A3A3 A4A4

38 Compositional refinement P1P1 Spec Abstraction P2P2 P3P3 P4P4 Spec A1A1 A2A2 A3A3 A4A4 A1A1 Refinement

39 Compositional refinement P1P1 Spec Abstraction P2P2 P3P3 P4P4 Spec A1A1 A2A2 A4A4 A1A1 Refinement A3A3 A3A3

40 Compositional refinement P1P1 Spec Abstraction P2P2 P3P3 P4P4 Spec A1A1 A2A2 A4A4 A1A1 Refinement A3A3 A3A3 A1A1

41 Compositional refinement P1P1 Spec Abstraction P2P2 P3P3 P4P4 Spec A1A1 A2A2 A4A4 Refinement A3A3 A3A3 A2A2 A1A1 A1A1 No more counterexamples

42 Compositional refinement P1P1 Spec Abstraction P2P2 P3P3 P4P4 Spec A1A1 A2A2 A4A4 Refinement A3A3 A3A3 A2A2 A1A1 A1A1 Real counterexamples 

43 Action-guided Refinement a b b a c Abstraction a a,b b c a b Counterexample

44 Verification Yes System OK Predicate Abstraction Counterexample Valid? Abstraction Refinement Yes No Counterexample Abstraction Model Our Goal: Extension to branching-time properties Branching-time formula

45 Case study: IPC IPC (InterProcess Communication) Protocol: organize communication in a multithreaded robot controller Bug discovery Protocol has been used for 7 years Bug undetected with earlier model- checking efforts using LTL

46 Conclusion Definition of an advanced branching-time state-event logic SE-AΩ Model-checking algorithm for SE-AΩ Compositional counterexample validation and refinement techniques for SE-AΩ First application of compositional CEGAR to a branching-time specifications Bug discovery in the IPC protocol

47 Questions?

Download ppt "State-Event Software Verification for Branching-Time Specifications Sagar Chaki, Ed Clarke, Joel Ouaknine, Orna Grumberg Natasha Sharygina, Tayssir Touili,"

Similar presentations

Abstraction in Model Checking Nishant Sinha. Model Checking Given a: –Finite transition system M –A temporal property p The model checking problem: –Does.

Abstraction in Model Checking Nishant Sinha. Model Checking Given a: –Finite transition system M –A temporal property p The model checking problem: –Does.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Tutorial I – An Introduction to Model Checking Peng WU INRIA Futurs LIX, École Polytechnique.

Tutorial I – An Introduction to Model Checking Peng WU INRIA Futurs LIX, École Polytechnique.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.

Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.
Promising Directions in Hardware Design Verification Shaz Qadeer Serdar Tasiran Compaq Systems Research Center.

Promising Directions in Hardware Design Verification Shaz Qadeer Serdar Tasiran Compaq Systems Research Center.
Verification of Evolving Software Natasha Sharygina Joint work with Sagar Chaki and Nishant Sinha Carnegie Mellon University.

Verification of Evolving Software Natasha Sharygina Joint work with Sagar Chaki and Nishant Sinha Carnegie Mellon University.
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.

Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.
Chair of Software Engineering Software Verification Stephan van Staden Lecture 10: Model Checking.

Chair of Software Engineering Software Verification Stephan van Staden Lecture 10: Model Checking.
Thomas Ball, Rupak Majumdar, Todd Millstein, Sriram K. Rajamani Presented by Yifan Li November 22nd In PLDI 01: Programming Language.

Thomas Ball, Rupak Majumdar, Todd Millstein, Sriram K. Rajamani Presented by Yifan Li November 22nd In PLDI 01: Programming Language.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Demonstration Of SPIN By Mitra Purandare

Demonstration Of SPIN By Mitra Purandare
The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.

The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.
Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo Ivančić Aarti Gupta Ilya Shlyakhter Chao.

Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo Ivančić Aarti Gupta Ilya Shlyakhter Chao.
A … Framework for Verifying Concurrent C Programs Sagar Chaki Thesis Defense Talk.

A … Framework for Verifying Concurrent C Programs Sagar Chaki Thesis Defense Talk.

Similar presentations

Ads by Google