Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automatic Verification of Finite-State Concurrent Systems Using Temporal Logic Specifications 1.

Published byKelly Whitehead Modified over 8 years ago

Similar presentations

Presentation on theme: "Automatic Verification of Finite-State Concurrent Systems Using Temporal Logic Specifications 1."— Presentation transcript:

1 Automatic Verification of Finite-State Concurrent Systems Using Temporal Logic Specifications 1

2 2

3 3

4 4

5 PART 1 : The Specification Language CTL 1. Formal Syntax of CTL AP is the set of atomic propositions Symbols :  - AND  - Negation Path quantifiers : A... : holds for all path (starting at the tree’s root) E... : holds for some path Temporal operators : X... : holds next time F... : holds in the future G...: always hold U….: until 5

6 The Specification Language cont. 2.Semantics of CTL 6

7 7

8 8

9 The Specification Language cont. 1. For M, s 0 |= f, means CTL formula or property f holds at state s 0 in M 2. The relation |= is defined as Atomic proposition p is true in s 0 (s 0 |= f1) and (s 0 |= f2) f1 holds true for every path starting with s 0 f1 holds true for some path starting with s 0 For all paths, f1 holds true until f2 holds There exits a path, f1 holds true until f2 holds Atomic proposition p is true in s 0 (s 0 |= f1) and (s 0 |= f2) f1 holds true for every path starting with s 0 f1 holds true for some path starting with s 0 For all paths, f1 holds true until f2 holds There exits a path, f1 holds true until f2 holds 9

10 10

11 11

12 MODEL CHECKING cont. State Labeling Algorithm : 1. Model checking can be achieved through State Labeling Algorithm 2. The algorithm basically works by iteratively determining the states that satisfy a given formula (i.e. labeling the states) 3. The basic input output of the labelling algorithm : Input : A Model M = (S, R, P) and CTL formula f Output : The set of states that satisfy formula f 12

13 State Labeling Algorithm State label algorithm handles seven cases 1. Algorithm uses DFS for f = A ( f 1 U f 2 ) 2. The recursive procedure au( f, s, b) performs the search for formula f starting from state s 3. When au terminates, boolean result parameter b will be set to true  s I= f 4. Whether s is currently on stack ST is implemented in the boolean procedure stacked(s) 13

14 State labeling algorithm cont. 14

15 15

16 State labeling algorithm cont. For CTL formula f = E(f 1 U f 2 ) 1. First find all of those states that are labeled with f 2, label it with E(f 1 Uf 2 ) 2. Then work backwards using the converse of the successor relation i.e. Repeat : Label any state with E(f 1 Uf 2 ) if 1. it is labeled with f 1 and 2. at least one of its successor is labeled with E(f 1 Uf 2 ) until there is no change 3. E(f 1 U f 2 ) == f 2 ˅ (f 1  EX E(f 1 U f 2 )) 16

17 17

18 Example LIVENESS : Whenever any process wants to enter its critical section it will eventually be permitted to do so AG(T 1 --> AFC 1 ) ==  EF(  T 1 v AFC 1 ) ==  E(T U (  T 1 v AFC 1 )) Split into sub formulas 18 In order to handle an arbitrary CTL formula f, 1. Associate with Each state s an array L[s] of size length(f) 2. Procedure add-label(s, f i ) sets L[s][f i ] to true 3. Procedure labeled(s, f i ) returns the current value of L[s][f i ] 4. Successively apply the State labeling algorithm to the sub-formulas of f 5. Starting with simplest (i.e., highest numbered) and working backwards to f 6. Entire algorithm requires O(length(f) x (card(S) + card(R)))

19 Part 3 – Introduce fairness to CTL Model Checking with Fairness 1. In the verification of model M, (s |= f ) might fail because the model M may contain unrealistic behavior 2. We need to filter out this behavior 3. Solution is put on some FAIRNESS constraint on M, so it would remove that behavior How to handle fairness? 1. Modify semantics of CTL i.e. the new logic is called CTL F 2. M is now 4-tuple (S, R, P, F) where F  2 S = set of predicates on S 3. A path p is F-fair  For each g that belongs to F, there are infinitely many states on path p that satisfies predicate g 19

20 20

21 21 CTL Formula Once we start the oven, eventually it must turn on the heating coil AG(start --> AF heat) Sub formulae heat, AF heat, start, (start -> AF heat) AG(start -> AF heat) CTL Formula Once we start the oven, eventually it must turn on the heating coil AG(start --> AF heat) Sub formulae heat, AF heat, start, (start -> AF heat) AG(start -> AF heat) 1.By applying label algorithm we see (start -> AF heat) is true in {s 4,s 7,s 6,s 3.s 1 } 2.But AG(start -> AF heat) is not true in other states 3.s 2 and s 5 are some sort of unrealistic behavior as Start -> Close the Start -> Close 4.So put some constraint while doing Model checking i.e. Fairness {start, close,  error} i.e. when its start, then close not go to error condition 5.Restrict the graph – remove s 2, s 5 6.Find SCC 7.Now AG(start -> AF heat) is true in {s 1,s 3,s 4,s 6,s 7 } 1.By applying label algorithm we see (start -> AF heat) is true in {s 4,s 7,s 6,s 3.s 1 } 2.But AG(start -> AF heat) is not true in other states 3.s 2 and s 5 are some sort of unrealistic behavior as Start -> Close the Start -> Close 4.So put some constraint while doing Model checking i.e. Fairness {start, close,  error} i.e. when its start, then close not go to error condition 5.Restrict the graph – remove s 2, s 5 6.Find SCC 7.Now AG(start -> AF heat) is true in {s 1,s 3,s 4,s 6,s 7 }

22 22

23 Part 4 - Using EMC to verify Alternating Bit Protocol 1. The Alternating Bit Protocol ABP is a protocol for correctly transmitting data on faulty channels that may lose or duplicate data 2. ABP uses two faulty channels between a sender and a receiver 3. In case of a unsuccessful transmission the attempt is repeated 4. To achieve its goal, APB keeps track on this repeated send messages using a control bit which is switched 5. The sender appends its control bit to the data to be send and keeps sending till it receives this control bit back via the acknowledgement channel 23

24 24

25 25

26 26

27 27

28 28

29 29

30 30

Download ppt "Automatic Verification of Finite-State Concurrent Systems Using Temporal Logic Specifications 1."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.

Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
1 Computation Tree Logic (CTL). 2 CTL Syntax P - a set of atomic propositions, every p  P is a CTL formula. f, g, CTL formulae, then so are  f, f 

1 Computation Tree Logic (CTL). 2 CTL Syntax P - a set of atomic propositions, every p  P is a CTL formula. f, g, CTL formulae, then so are  f, f 
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
Program correctness The State-transition model A global state S  s 0 x s 1 x … x s m {s k = local state of process k} S0  S1  S2  … Each state transition.

Program correctness The State-transition model A global state S  s 0 x s 1 x … x s m {s k = local state of process k} S0  S1  S2  … Each state transition.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.
CS6133 Software Specification and Verification

CS6133 Software Specification and Verification
Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.

Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar D D.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar D D.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.
© Katz, 2007CS236368 Formal SpecificationsLecture - Temporal logic 1 Temporal Logic Formal Specifications CS236368 Shmuel Katz The Technion.

© Katz, 2007CS Formal SpecificationsLecture - Temporal logic 1 Temporal Logic Formal Specifications CS Shmuel Katz The Technion.

Similar presentations

Ads by Google