ESE601: Hybrid Systems Introduction to verification Spring 2006.

Slides:



Advertisements
Similar presentations
1 Verification by Model Checking. 2 Part 1 : Motivation.
Advertisements

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.
Model Checking Lecture 1.
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
Modeling issues Book: chapters 4.12, 5.4, 8.4, 10.1.
Tutorial I – An Introduction to Model Checking Peng WU INRIA Futurs LIX, École Polytechnique.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Partial Order Reduction: Main Idea
Part 3: Safety and liveness
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
Game-theoretic simulation checking tool Peter Bulychev, Vladimir Zakharov, Igor Konnov Moscow State University.
Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.
CS6133 Software Specification and Verification
Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
UPPAAL Introduction Chien-Liang Chen.
Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?
Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar D D.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Review of topics Final exam : -May 2nd to May 7 th - Projects due on May 7th.
CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.
Discrete Abstractions of Hybrid Systems Rajeev Alur, Thomas A. Henzinger, Gerardo Lafferriere and George J. Pappas.
Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.
Witness and Counterexample Li Tan Oct. 15, 2002.
Specification Formalisms Book: Chapter 5. Properties of formalisms Formal. Unique interpretation. Intuitive. Simple to understand (visual). Succinct.
Review of the automata-theoretic approach to model-checking.
Embedded Systems Laboratory Department of Computer and Information Science Linköping University Sweden Formal Verification and Model Checking Traian Pop.
Witness and Counterexample Li Tan Oct. 15, 2002.
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
Model Checking LTL over (discrete time) Controllable Linear System is Decidable P. Tabuada and G. J. Pappas Michael, Roozbeh Ph.D. Course November 2005.
Flavio Lerda 1 LTL Model Checking Flavio Lerda. 2 LTL Model Checking LTL –Subset of CTL* of the form: A f where f is a path formula LTL model checking.
Approximation Metrics for Discrete and Continuous Systems Antoine Girard and George J. Pappas VERIMAG Workshop.
Regular Model Checking Ahmed Bouajjani,Benget Jonsson, Marcus Nillson and Tayssir Touili Moran Ben Tulila
Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.
1 Automatic Refinement and Vacuity Detection for Symbolic Trajectory Evaluation Orna Grumberg Technion Haifa, Israel Joint work with Rachel Tzoref.
Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The syllabus and all lectures for this course are copyrighted materials and may not be used.
Sept COMP60611 Fundamentals of Parallel and Distributed Systems Lecture 15 More Advanced Program Properties: Temporal logic and jSpin John Gurd,
ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.
- 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Validation - Formal verification -
Verification & Validation By: Amir Masoud Gharehbaghi
Symbolic Algorithms for Infinite-state Systems Rupak Majumdar (UC Berkeley) Joint work with Luca de Alfaro (UC Santa Cruz) Thomas A. Henzinger (UC Berkeley)
1 CSEP590 – Model Checking and Automated Verification Lecture outline for July 9, 2003.
1 Temporal logic. 2 Prop. logic: model and reason about static situations. Example: Are there truth values that can be assigned to x,y simultaneously.
Model Checking Lecture 1. Model checking, narrowly interpreted: Decision procedures for checking if a given Kripke structure is a model for a given formula.
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
Presented by: Belgi Amir Seminar in Distributed Algorithms Designing correct concurrent algorithms Spring 2013.
Today’s Agenda  Quiz 4  Temporal Logic Formal Methods in Software Engineering1.
Model Checking Lecture 1: Specification Tom Henzinger.
6/12/20161 a.a.2015/2016 Prof. Anna Labella Formal Methods in software development.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Model Checking Lecture 2. Model-Checking Problem I |= S System modelSystem property.
Model Checking Lecture 2 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
Basic concepts of Model Checking
CIS 842: Specification and Verification of Reactive Systems
CSCI1600: Embedded and Real Time Software
Software Verification 2 Automated Verification
CSEP590 – Model Checking and Automated Verification
Formal Methods in software development
CSCI1600: Embedded and Real Time Software
Introduction to verification
Formal Methods in software development
Program correctness Branching-time temporal logics
COMP60621 Designing for Parallelism
Presentation transcript:

ESE601: Hybrid Systems Introduction to verification Spring 2006

Suggested reading material Papers (R14) - (R16) on the website. The book “Model checking” by Clarke, Grumberg and Peled.

What is verification? We need to make sure that the engineering systems we build are safe, functioning correctly, etc. Systems can mean software, hardware, protocols, etc. Thus, not restricted to hybrid systems. In fact, verification originates in computer science, i.e. for discrete event systems. How is verification done? The system is represented as transition system, the properties to be verified are represented as temporal logic formulas, whose truth values are to be determined/verified.

Transition Systems A transition system consists of A set of states Q A set of events A set of observations O The transition relation The observation map Initial may be incorporated The sets Q,, and O may be infinite Language of T is all sequences of observations

A painful example The parking meter tick 5p States Q ={0,1,2,…,60} Events {tick,5p} Observations {exp,act} A possible string of observations (exp,act,act,act,act,act,exp,…) expact

Temporal logic (informal) Temporal logic involves logical propositions whose truth values depend on time. “Tomorrow is Thursday” The time is related to the execution steps of the transition system. The asserted property is related to the observation of the transition system. “At the next state, the meter expires”

The basic verification problem Basic verification problem Given transition system T, and temporal logic formula The transition system satisfies the formula if: -All executions satisfy the formula (linear time) -The initial states satisfy the formula (branching time)

Another verification problem Given transition system T, and specification system S Language inclusion problems. Recall supervisory control problem.

Linear temporal logic syntax The LTL formulas are defined inductively as follows Atomic propositions All observation symbols p are formulas Boolean operators If and are formulas then Temporal operators If and are formulas then Linear temporal logic

LTL formulas are evaluated over (infinite) sequences of execution, which are called words. Ex: w=(exp,act,act,act,act,act,exp,…) A word w satisfies a formula iff (w,0) satisfies it.

Express temporal specifications along sequences Informally SyntaxSemantics Eventually p Always p If p then next q p until q Linear temporal logic

Syntactic boolean abbreviations Conjunction Implication Equivalence Syntactic temporal abbreviations Eventually Always In 3 steps Linear temporal logic

The LTL formulas are interpreted over infinite (omega) words Linear temporal logic semantics

Two processors want to access a critical section. Each processor can has three observable states p1={inCS, outCS, reqCS} p2={inCS, outCS, reqCS} Mutual exclusion Both processors are not in the critical section at the same time. Starvation freedom If process 1 requests entry, then it eventually enters the critical section. LTL examples

LTL Model Checking LTL model checking Given transition system and LTL formula we have The transition system satisfies the formula if all executions satisfy it. LTL model checking is decidable for finite T Complexity : Determine if states transitions formula length System verified Counterexample

Computational tree logic (CTL) CTL is based on branching time. Its formulas are evaluated over the tree of trajectories generated from a given state of the transition system.

Computation tree logic CTL syntax The CTL formulas are defined inductively as follows Atomic propositions All observation symbols p are formulas Boolean operators If and are formulas then Temporal operators If and are formulas then

Express specifications in computation trees (branching time) Informally SyntaxSemantics Inevitably next p Possibly always p Computation tree logic (informally)

CTL Model Checking CTL model checking Given transition system and CTL formula we have The transition system satisfies the formula if all initial states satisfy it. CTL model checking is decidable for finite T Complexity : Determine if states transitions formula length System verified Counterexample

Comparing logics LTLCTL CTL*

Dealing with complexity Bisimulation Simulation Language Inclusion

Language Equivalence Consider two transition systems and over same and O Languanges are equivalent L( )=L( )

LTL equivalence Consider two transition systems and and an LTL formula Language equivalence and inclusion are difficult to check Language equivalence Language inclusion

Language Equivalence CTL equivalence falsetrue

Simulation Relations Consider two transition systems over the same set of labels and observations. A relation is called a simulation relation (of by ) if it 1. Respects observations 2. Respects transitions If a simulation relation exists, then

Game theoretic semantics Simulation is a matching game between the systems Check that but it is not true that

The parking example The parking meter A coarser model tick 5p expact 5p 0 tick exp many 5p act tick

Simulation relations Consider two transition systems and Complexity of Simulation implies language inclusion

Two important cases Abstraction Refinement

Bisimulation Relations Consider two transition systems over the same set of labels and observations. A relation is called a bisimulation relation if it 1. Respects observations 2. Respects transitions If a simulation relation exists, then

Bisimulation Consider two transition systems and Bisimulation is a symmetric simulation Strong notion of equivalence for transition systems Bisimulation CTL* (and LTL) equivalence

Special quotients Abstraction When is the quotient language equivalent or bisimilar to T ?

Quotient Transition Systems Given a transition system and an observation preserving partition, define naturally using 1. Observation Map 2. Transition Relation

Bisimulation Algorithm Quotient system always simulates the original system When does original system simulate the quotient system ?

Bisimulation Algorithm Quotient system always simulates the original system When does original system simulate the quotient system ?

Transition Systems A region is a subset of states We define the following operators

If T is finite, then algorithm computes coarsest quotient. If T is infinite, there is no guarantee of termination Bisimulation algorithm Bisimulation Algorithm initialize while such that end while

Relationships Bisimulation Simulation Language Inclusion Strongest, more properties, easiest to check Weaker, less properties, easy to check Weakest, less properties, difficult to check

Complexity comparisons Bisimulation Simulation Language Equivalence

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.