Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CTL Model Checking David L. Dill. 2 CTL syntax: AP -- atomic propositions p  AP is a formula f  g is a formula, if f and g are ¬f is a formula AX.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 CTL Model Checking David L. Dill. 2 CTL syntax: AP -- atomic propositions p  AP is a formula f  g is a formula, if f and g are ¬f is a formula AX."— Presentation transcript:

1 1 CTL Model Checking David L. Dill

2 2 CTL syntax: AP -- atomic propositions p  AP is a formula f  g is a formula, if f and g are ¬f is a formula AX f is a formula EX f is a formula A[f U g]... E[f U g]...

3 3 CTL model checking Model checker State graph from implementation (Kripke structure) CTL formulas (propeties) OK or counter- example

4 4 State graph Many representations can be translated to state graphs –circuits –concurrent programs –various description languages –SCR, statecharts Translation is usually to a BDD representation of graph, not explicit graph.

5 5 Abbreviations: AF f = A[true U f] "future" EF f = E[true U f] AG f =  EF  f "globally" EG f =  AF  f

6 6 CTL intuition p p p p p EX p AX p

7 7 AGp: p is invariantAFp: p is inevitable EFp: p potentially holds

8 8 CTL examples: Mutual exclusion: AG  (c 1  c 2 ) Fairness: AG (t 1  AF c 1 ) Resetability: AG (EF "init") (there is always a path back to init)

9 9 Request/Acknowledge example A[req U ack]  A[ack U ¬req]  A[¬req U ¬ack]  A[¬ack U ¬req] (Weak Until? A[¬ack u ¬req]) Req Ack

10 10 Algorithm for model checking Idea: progressively label states with nonatomic properties. Subformulas are treated like atomic formulas after they have been checked. labels(s) -- set of labels of state s in M. Initially, labels(s) = P(s).

11 11 Fixed point algorithm for model checking We then traverse the formula to be checked bottom- up, checking subformulas of f before checking f. Add ¬f to labels(s) if f not in labels(s) Add f  g to labels(s) if f in labels(s) and g in labels(s) Add AX f to labels(s) if f in labels(s') for all s':s R s' Add EX f to labels(s) if f in labels(s') for some s': s R s'

12 12 Fixed point algorithm for model checking Until formulas require a fixed-point iteration: Use fact that A[f U g] = g  AX A[f U g] Algorithm: 1. Whenever state g in labels(s), add A[f U g] to labels(s). 2. Repeat: Whenever all next states of s have A[f U g] in labels(s), add A [f U g] to labels(s). Similarly for E [f U g].

13 13 Z (“zed”) specifications

14 14 Z Logical specification language Probably most widely known such Very general: can describe –data structures –relations and tables –functions Few tools –syntax checkers –recently, theorem provers

15 15 Z has really been used IBM CICS specification (1992) Cyclotron specification (Jacky) Used routinely by Praxis Critical Systems, Ltd (UK)

Download ppt "1 CTL Model Checking David L. Dill. 2 CTL syntax: AP -- atomic propositions p  AP is a formula f  g is a formula, if f and g are ¬f is a formula AX."

Similar presentations

1 Verification of Parameterized Systems Reducing Model Checking of the Few to the One. E. Allen Emerson, Richard J. Trefler and Thomas Wahl Junaid Surve.

1 Verification of Parameterized Systems Reducing Model Checking of the Few to the One. E. Allen Emerson, Richard J. Trefler and Thomas Wahl Junaid Surve.
Real-Time Systems, DTU, Feb 15, 2000 Paul Pettersson, BRICS, Aalborg, Denmark. Timed Automata and Timed Computation Tree Logic Paul Pettersson

Real-Time Systems, DTU, Feb 15, 2000 Paul Pettersson, BRICS, Aalborg, Denmark. Timed Automata and Timed Computation Tree Logic Paul Pettersson
Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.

Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
1 Computation Tree Logic (CTL). 2 CTL Syntax P - a set of atomic propositions, every p  P is a CTL formula. f, g, CTL formulae, then so are  f, f 

1 Computation Tree Logic (CTL). 2 CTL Syntax P - a set of atomic propositions, every p  P is a CTL formula. f, g, CTL formulae, then so are  f, f 
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
François Fages MPRI Bio-info 2007 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraint Programming.

François Fages MPRI Bio-info 2007 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraint Programming.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.

François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.
CS6133 Software Specification and Verification

CS6133 Software Specification and Verification
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes.

1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes.
CS357: CTL Model Checking (combined notes from lectures 11/5 and 11/7) David Dill 1.

CS357: CTL Model Checking (combined notes from lectures 11/5 and 11/7) David Dill 1.
Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.

Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.

Similar presentations

Ads by Google