1 CTL Model Checking David L. Dill. 2 CTL syntax: AP -- atomic propositions p  AP is a formula f  g is a formula, if f and g are ¬f is a formula AX.

Slides:



Advertisements
Similar presentations
1 Verification of Parameterized Systems Reducing Model Checking of the Few to the One. E. Allen Emerson, Richard J. Trefler and Thomas Wahl Junaid Surve.
Advertisements

Real-Time Systems, DTU, Feb 15, 2000 Paul Pettersson, BRICS, Aalborg, Denmark. Timed Automata and Timed Computation Tree Logic Paul Pettersson
Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
1 Computation Tree Logic (CTL). 2 CTL Syntax P - a set of atomic propositions, every p  P is a CTL formula. f, g, CTL formulae, then so are  f, f 
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
François Fages MPRI Bio-info 2007 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraint Programming.
ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.
CS6133 Software Specification and Verification
UPPAAL Introduction Chien-Liang Chen.
1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes.
CS357: CTL Model Checking (combined notes from lectures 11/5 and 11/7) David Dill 1.
Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.
卜磊 Transition System. Part I: Introduction  Chapter 0: Preliminaries  Chapter 1: Language and Computation Part II: Models  Chapter.
SYMBOLIC MODEL CHECKING: STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.
CS 267: Automated Verification Lecture 7: SMV Symbolic Model Checker, Partitioned Transition Systems, Counter-example Generation in Symbolic Model Checking.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar D D.
About ACTL-W and the implementation of a BDD based model checker ISTI, Pisa Robert Meolic Faculty of EE&CS, Maribor, Slovenia Friday, Februar 13, 2004.
1 Temporal Logic u Classical logic:  Good for describing static conditions u Temporal logic:  Adds temporal operators  Describe how static conditions.
© Katz, 2007CS Formal SpecificationsLecture - Temporal logic 1 Temporal Logic Formal Specifications CS Shmuel Katz The Technion.
Temporal Logic and Model Checking. Reactive Systems We often classify systems into two types: Transformational: functions from inputs available at the.
Witness and Counterexample Li Tan Oct. 15, 2002.
1 Model Checking Orna Grumberg Technion Haifa, Israel Taiwan, October 8, 2009.
¹ -Calculus Based on: “Model Checking”, E. Clarke and O. Grumberg (ch. 6, 7) “Symbolic Model Checking: 10^20 States and Beyond”, Burch, Clark, et al “Introduction.
Review of the automata-theoretic approach to model-checking.
Witness and Counterexample Li Tan Oct. 15, 2002.
Flavio Lerda 1 LTL Model Checking Flavio Lerda. 2 LTL Model Checking LTL –Subset of CTL* of the form: A f where f is a path formula LTL model checking.
1 Temporal Logic-Overview FM Temporal Logic u Classical logic: Good for describing static conditions u Temporal logic: Adds temporal operators Describe.
A Simple Model Checker for CTL. The problem n We need efficient algorithms to solve the problems [1]M,s  [2]M,s  where M should have finitely many states,
Verification technique on SA applications using Incremental Model Checking 컴퓨터학과 신영주.
15-820A 1 LTL to Büchi Automata Flavio Lerda A 2 LTL to Büchi Automata LTL Formulas Subset of CTL* –Distinct from CTL AFG p  LTL  f  CTL. f.
1 Introduction to SMV and Model Checking Mostly by: Ken McMillan Cadence Berkeley Labs Small parts by: Brandon Eames ISIS/Vanderbilt.
Model Checking Lecture 4 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The syllabus and all lectures for this course are copyrighted materials and may not be used.
10/19/2015COSC , Lecture 171 Real-Time Systems, COSC , Lecture 17 Stefan Andrei.
Automatic Verification of Finite-State Concurrent Systems Using Temporal Logic Specifications 1.
On Reducing the Global State Graph for Verification of Distributed Computations Vijay K. Garg, Arindam Chakraborty Parallel and Distributed Systems Laboratory.
CTL Model Checking 张文辉
A brief history of model checking Ken McMillan Cadence Berkeley Labs
Lecture 81 Optimizing CTL Model checking + Model checking TCTL CS 5270 Lecture 9.
卜磊 Transition System. Definitions and notations Reactive System The intuition is that a transition system consists of a set of possible.
Introduction to Model Checking
Verification & Validation By: Amir Masoud Gharehbaghi
Symbolic Algorithms for Infinite-state Systems Rupak Majumdar (UC Berkeley) Joint work with Luca de Alfaro (UC Santa Cruz) Thomas A. Henzinger (UC Berkeley)
1 CSEP590 – Model Checking and Automated Verification Lecture outline for July 9, 2003.
Model Checking Lecture 2. Model-Checking Problem I |= S System modelSystem property.
Complexity of Compositional Model Checking of Computation Tree Logic on Simple Structures Krishnendu Chatterjee Pallab Dasgupta P.P. Chakrabarti IWDC 2004,
Basic concepts of Model Checking
Model Checking Formal Methods Workshop August 18, 2017 Amrita
CTL model checking algorithms
CIS 842: Specification and Verification of Reactive Systems
Semantically Equivalent Formulas
CSCI1600: Embedded and Real Time Software
Automatic Verification of Industrial Designs
Automatic Verification of Industrial Designs
Chapter 4: Model Checking of Finite State Systems
Albert M. K. Cheng Real-Time Systems Laboratory University of Houston
Formal Methods in software development
Computer Security: Art and Science, 2nd Edition
CSCI1600: Embedded and Real Time Software
Formal Methods in software development
Program correctness Branching-time temporal logics
Presentation transcript:

1 CTL Model Checking David L. Dill

2 CTL syntax: AP -- atomic propositions p  AP is a formula f  g is a formula, if f and g are ¬f is a formula AX f is a formula EX f is a formula A[f U g]... E[f U g]...

3 CTL model checking Model checker State graph from implementation (Kripke structure) CTL formulas (propeties) OK or counter- example

4 State graph Many representations can be translated to state graphs –circuits –concurrent programs –various description languages –SCR, statecharts Translation is usually to a BDD representation of graph, not explicit graph.

5 Abbreviations: AF f = A[true U f] "future" EF f = E[true U f] AG f =  EF  f "globally" EG f =  AF  f

6 CTL intuition p p p p p EX p AX p

7 AGp: p is invariantAFp: p is inevitable EFp: p potentially holds

8 CTL examples: Mutual exclusion: AG  (c 1  c 2 ) Fairness: AG (t 1  AF c 1 ) Resetability: AG (EF "init") (there is always a path back to init)

9 Request/Acknowledge example A[req U ack]  A[ack U ¬req]  A[¬req U ¬ack]  A[¬ack U ¬req] (Weak Until? A[¬ack u ¬req]) Req Ack

10 Algorithm for model checking Idea: progressively label states with nonatomic properties. Subformulas are treated like atomic formulas after they have been checked. labels(s) -- set of labels of state s in M. Initially, labels(s) = P(s).

11 Fixed point algorithm for model checking We then traverse the formula to be checked bottom- up, checking subformulas of f before checking f. Add ¬f to labels(s) if f not in labels(s) Add f  g to labels(s) if f in labels(s) and g in labels(s) Add AX f to labels(s) if f in labels(s') for all s':s R s' Add EX f to labels(s) if f in labels(s') for some s': s R s'

12 Fixed point algorithm for model checking Until formulas require a fixed-point iteration: Use fact that A[f U g] = g  AX A[f U g] Algorithm: 1. Whenever state g in labels(s), add A[f U g] to labels(s). 2. Repeat: Whenever all next states of s have A[f U g] in labels(s), add A [f U g] to labels(s). Similarly for E [f U g].

13 Z (“zed”) specifications

14 Z Logical specification language Probably most widely known such Very general: can describe –data structures –relations and tables –functions Few tools –syntax checkers –recently, theorem provers

15 Z has really been used IBM CICS specification (1992) Cyclotron specification (Jacky) Used routinely by Praxis Critical Systems, Ltd (UK)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.