Black Box Checking Book: Chapter 9 Model Checking Finite state description of a system B. LTL formula. Translate into an automaton P. Check whether L(B)

Slides:



Advertisements
Similar presentations
Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Advertisements

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
Avoiding Determinization Orna Kupferman Hebrew University Joint work with Moshe Vardi.
1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.
Recognising Languages We will tackle the problem of defining languages by considering how we could recognise them. Problem: Is there a method of recognising.
Recognising Languages We will tackle the problem of defining languages by considering how we could recognise them. Problem: Is there a method of recognising.
Lexical Analysis Dragon Book: chapter 3.
Model Checking and Testing combined
Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
Process Algebra Book: Chapter 8. The Main Issue Q: When are two models equivalent? A: When they satisfy different properties. Q: Does this mean that the.
October 29, 2004SAVCBS04 Presented by: Gaoyan Xie CTL Model-checking for Systems with Unspecified Components Gaoyan Xie and Zhe Dang School of Electrical.
Part VI NP-Hardness. Lecture 23 Whats NP? Hard Problems.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Lecture 24 MAS 714 Hartmut Klauck
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
1 Nondeterministic Space is Closed Under Complement Presented by Jing Zhang and Yingbo Wang Theory of Computation II Professor: Geoffrey Smith.
1 Generalized Buchi automaton. 2 Reminder: Buchi automata A=  Alphabet (finite). S: States (finite).  : S x  x S ) S is the transition relation. I.
1 CD5560 FABER Formal Languages, Automata and Models of Computation Lecture 2 Mälardalen University 2005.
1 1 CDT314 FABER Formal Languages, Automata and Models of Computation Lecture 3 School of Innovation, Design and Engineering Mälardalen University 2012.
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.
1 Linear Bounded Automata LBAs. 2 Linear Bounded Automata are like Turing Machines with a restriction: The working space of the tape is the space of the.
1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.
Quantum Automata Formalism. These are general questions related to complexity of quantum algorithms, combinational and sequential.
25/06/2015Marius Mikucionis, AAU SSE1/22 Principles and Methods of Testing Finite State Machines – A Survey David Lee, Senior Member, IEEE and Mihalis.
Specification Formalisms Book: Chapter 5. Properties of formalisms Formal. Unique interpretation. Intuitive. Simple to understand (visual). Succinct.
Review of the automata-theoretic approach to model-checking.
Theory of Computing Lecture 22 MAS 714 Hartmut Klauck.
CS Chapter 2. LanguageMachineGrammar RegularFinite AutomatonRegular Expression, Regular Grammar Context-FreePushdown AutomatonContext-Free Grammar.
Automata and Formal Lanugages Büchi Automata and Model Checking Ralf Möller based on slides by Chang-Beom Choi Provable Software Lab, KAIST.
LTL – model checking Jonas Kongslund Peter Mechlenborg Christian Plesner Kristian Støvring Sørensen.
Flavio Lerda 1 LTL Model Checking Flavio Lerda. 2 LTL Model Checking LTL –Subset of CTL* of the form: A f where f is a path formula LTL model checking.
Quantitative Languages Krishnendu Chatterjee, UCSC Laurent Doyen, EPFL Tom Henzinger, EPFL CSL 2008.
1 Carnegie Mellon UniversitySPINFlavio Lerda Bug Catching SPIN An explicit state model checker.
15-820A 1 LTL to Büchi Automata Flavio Lerda A 2 LTL to Büchi Automata LTL Formulas Subset of CTL* –Distinct from CTL AFG p  LTL  f  CTL. f.
Theory of Computing Lecture 15 MAS 714 Hartmut Klauck.
Basics of automata theory
CS490 Presentation: Automata & Language Theory Thong Lam Ran Shi.
Model Checking Lecture 3 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
Theory of Computing Lecture 17 MAS 714 Hartmut Klauck.
Doron Peled, Bar Ilan University. Testing of black box finite state machine Know: lTransition relation lSize or bound on size Wants to know: lIn what.
CIS 842: Specification and Verification of Reactive Systems Lecture Specifications: LTL Model Checking Copyright , Matt Dwyer, John Hatcliff,
Avoiding Determinization Orna Kupferman Hebrew University Joint work with Moshe Vardi.
Copyright , Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.
1 CD5560 FABER Formal Languages, Automata and Models of Computation Lecture 3 Mälardalen University 2010.
2. Regular Expressions and Automata 2007 년 3 월 31 일 인공지능 연구실 이경택 Text: Speech and Language Processing Page.33 ~ 56.
1Computer Sciences Department. Book: INTRODUCTION TO THE THEORY OF COMPUTATION, SECOND EDITION, by: MICHAEL SIPSER Reference 3Computer Sciences Department.
1 Linear Bounded Automata LBAs. 2 Linear Bounded Automata (LBAs) are the same as Turing Machines with one difference: The input string tape space is the.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Automata & Formal Languages, Feodor F. Dragan, Kent State University 1 CHAPTER 7 Time complexity Contents Measuring Complexity Big-O and small-o notation.
CS 203: Introduction to Formal Languages and Automata
Recognising Languages We will tackle the problem of defining languages by considering how we could recognise them. Problem: Is there a method of recognising.
About Alternating Automata Daniel Choi Provable Software Laboratory KAIST.
Chapter 5 Finite Automata Finite State Automata n Capable of recognizing numerous symbol patterns, the class of regular languages n Suitable for.
Today’s Agenda  Quiz 4  Temporal Logic Formal Methods in Software Engineering1.
CSCI 4325 / 6339 Theory of Computation Zhixiang Chen.
Theory of Computational Complexity Yuji Ishikawa Avis lab. M1.
1 8.4 Extensions to the Basic TM Extended TM’s to be studied: Multitape Turing machine Nondeterministic Turing machine The above extensions make no increase.
CS 154 Formal Languages and Computability May 12 Class Meeting Department of Computer Science San Jose State University Spring 2016 Instructor: Ron Mak.
Busch Complexity Lectures: Turing Machines
PROPERTIES OF REGULAR LANGUAGES
Automatic Verification
Chapter 2 FINITE AUTOMATA.
Alternating tree Automata and Parity games
Finite Automata.
Recall last lecture and Nondeterministic TMs
An explicit state model checker
Translating Linear Temporal Logic into Büchi Automata
Chapter # 5 by Cohen (Cont…)
Presentation transcript:

Black Box Checking Book: Chapter 9

Model Checking Finite state description of a system B. LTL formula. Translate into an automaton P. Check whether L(B) L(P)=. If so, S satisfies. Otherwise, the intersection includes a counterexample. Repeat for different properties.

Buchi automata ( -automata) S - finite set of states. (B has l n states) S 0 S - initial states. (P has m states) - finite alphabet. (contains p letters) S S - transition relation. F S - accepting states. Accepting run: passes a state in F infinitely often. System automata: F=S, deterministic.

Example: check a a, a a a <> a

Example: check <> a a a a a <> a

Example: check <>a Use automatic translation algorithms, e.g., [Gerth,Peled,Vardi,Wolper 95] a a a, a <>  ~a

System cb a

Every element in the product is a counter example for the checked property. b a a a a s2s2 c a s1s1 s3s3 q2q2 q1q1 s 1,q 1 s 1,q 2 s 3,q 2 s 2,q 1 a b c a Acceptance is determined by automaton P.

Testing Unknown deterministic finite state system B. Known: n states and alphabet. An abstract model C of B. C satisfies all the properties we want from B. Check conformance of B and C. Another version: only a bound n on the number of states l is known.

Model Checking / Testing Given Finite state system B. Transition relation of B known. Property represent by automaton P. Check if L(B) L(P)=. Graph theory or BDD techniques. Complexity: polynomial. Unknown Finite state system B. Alphabet and number of states of B or upper bound known. Specification given as an abstract system C. Check if B C. Complexity: polynomial if number states known. Exponential otherwise.

Black box checking Property represent by automaton P. Check if L(B) L(P)=. Graph theory techniques. Unknown Finite state system B. Alphabet and Upper bound on Number of states of B known. Complexity: exponential.

Combination lock automaton Accepts only words with a specific suffix (cdab in the example). s1s1 s2s2 s3s3 s4s4 s5s5 bdca

Conformance testing Cannot distinguish if reduced or not. a b a a b b a b a b

Conformance testing (cont.) When the black box is nondeterministic, we might never test some choices. b a a

Conformance testing (cont.) a bb a a a a b b b a Need: bound on number of states of B. a

Need reliable RESET s1s1 s3s3 s2s2 a a a b b

Vasilevskii algorithm Known automaton A has l states. Black box automaton has up to n states. Check each transition. Check that there are no "combination lock" errors. Complexity: O(l 2 n p n-l+1 ). When n=l: O(l 3 p).

Experiments aa bb cc reset a a b b c c try b a a b b c c try c fail

Simpler problem: deadlock? Nondeterministic algorithm: guess a path of length n from the initial state to a deadlock state. Linear time, logarithmic space. Deterministic algorithm: systematically try paths of length n, one after the other (and use reset), until deadlock is reached. Exponential time, linear space.

Deadlock complexity Nondeterministic algorithm: Linear time, logarithmic space. Deterministic algorithm: Exponential (p n-1 ) time, linear space. Lower bound: Exponential time (use combination lock automata). How does this conform with what we know about complexity theory?

Modeling black box checking Cannot model using Turing machines: not all the information about B is given. Only certain experiments are allowed. We learn the model as we make the experiments. Can use the model of games of incomplete information.

Games of incomplete information Two players: player, player (here, deterministic). Finitely many configurations C. Including: Initial C i, Winning : W + and W -. An equivalence relation on C (the player cannot distinguish between equivalent states). Labels L on moves (try a, reset, success, fail). The player has the moves labeled the same from configurations that are equivalent. Strategy for the player: will lead to a configuration in W + W -. Cannot distinguish equivalent conf. Nondet. strategy: ends with W +. Can distinguish.

Modeling BBC as games Each configuration contains an automaton and its current state (and more). Moves of the player are labeled with try a, reset... Moves of the -player with success, fail. c 1 c 2 when the automata in c 1 and c 2 would respond in the same way to the experiments so far.

A naive strategy for BBC Learn first the structure of the black box. Then apply the intersection. Enumerate automata with n states (without repeating isomorphic automata). For a current automata and new automata, construct a distinguishing sequence. Only one of them survives. Complexity: O((n+1) p (n+1) /n!)

On-the-fly strategy Systematically (as in the deadlock case), find two sequences v 1 and v 2 of length <=m n. Applying v 1 to P brings us to a state t that is accepting. Applying v 2 to P brings us back to t. Apply v 1 (v 2 ) n+1 to B. If this succeeds, there is a cycle in the intersection labeled with v 2, with t as the P (accepting) component. Complexity: O(n 2 p 2mn m).

Learning an automaton Use Angluins algorithm for learning an automaton. The learning algorithm queries whether some strings are in the automaton B. It can also conjecture an automaton M i and asks for a counterexample. It then generates an automaton with more states M i+1 and so forth.

A strategy based on learning Start the learning algorithm. Queries are just experiments to B. For a conjectured automaton M i, check if M i P = If so, we check conformance of M i with B (Vasilevskii algorithm). If nonempty, it contains some v 1 (v 2 ). We test B with v 1 (v 2 ) n+1. If this succeeds: error, otherwise, this is a counterexample for M i.

Black Box Checking Strategy Incremental learning Comparing counterexample Model Checking Report error No error found black box testing counterexample no counterexample false negative actual error discrepancy conformance established System PathModel

Complexity l - real size of B. n - an upper bound of size of B. p - size of alphabet. Lower bound: reachability is similar to deadlock. O(l 3 p l + l 2 mn) if there is an error. O(l 3 p l + l 2 n p n-l+1 + l 2 mn) if there is no error. If n is not known, check while time allows.

Some experiments Basic system written in SML (by Alex Groce, CMU). Experiment with black box using Unix I/O. Allows model-free model checking of C code with inter-process communication. Compiling tested code in SML with BBC program as one process.

Conclusions Black box checking is a combination of testing and model checking. If a tight bound on size of B is given: learn B first, then do model checking. Tight lower bound on complexity, up to polynomial factor. Use of games of incomplete information to model testing problems.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.