Presentation is loading. Please wait.

Presentation is loading. Please wait.

Regular Model Checking Parosh Aziz Abdulla Uppsala University Cooperation with B. Jonsson, M. Nilsson, J. d’Orso.

Published bySibyl Ellis Modified over 9 years ago

Similar presentations

Presentation on theme: "Regular Model Checking Parosh Aziz Abdulla Uppsala University Cooperation with B. Jonsson, M. Nilsson, J. d’Orso."— Presentation transcript:

1 Regular Model Checking Parosh Aziz Abdulla Uppsala University Cooperation with B. Jonsson, M. Nilsson, J. d’Orso

2 Outline  Model Checking  Infinite-State Systems  Parameterized Systems  Regular Model Checking  Column Transducer Construction  Sufficient Conditions for Exactness  Future Work

3 Model Checking S sat  ? system specification

4 Infinite State Systems 1. Unbounded Data Structures Timed Automata Push-Down Automata Communicating Finite State Automata Counter Automata 2. Unbounded Control Structures Parameterized Systems Dynamic Systems

5 Parameterized Systems Mutual exclusion protocols Cache coherence protocols Broadcast protocols Dynamic Systems Security protocols Multi-threaded programs

6 Model Checking S sat  ? Parameterized systemspecification Classification S :  Topology  Components  Communication mechanisms  Safety properties  Liveness properties 

7 Topology set array

8 Tree

9 Matrix

10 Components Simple: finite state process Extended: clocks, counters, buffers, etc. Communication Mechanism binary (rendez-vous) broadcast Neighbour global

11 Simplest Case: Set + Finite-state + Rendez-vous W C W C W C Example: Parameterized mutual exclusion R=0? R:=1 R:=0R=0? R:=1 R:=0 R=0? R:=1 R:=0 Counter abstraction = Petri net

12 Petri Net Model W C R=0? R:=1 R:=0 W C R=0 Initial marking No token in C, 1 token in (R=0) Bad markings At least 2 tokens in C

13 Parameterized System of Finite-Sate Processes (Geman & Sistla)   Finite-state process Synchronize:  Parameterized System Petri Net Representation

14 Parameterized System of Timed Processes – (Timed Networks)   timed process Synchronize:  Parameterized System Timed Petri Net Representation x:=0 x<5 [0:0] [0:5]

15 Array of Finite-State Processes  in general: undecidable  use Regular Model Checking [Kesten et al 97]

16 Example: Szymanski’s Algorithm Pseudocode for process i 1: await  j : j  i ::  s j 2: w i, s i := true,true 3: if  j : j  i :: (pc j  1 /\  w j ) then s i := false; goto 4 else w i := false; goto 5 4: await  j : j  i :: (s j /\  w j ) then w i, s i := false,true 5: await  j : j  i ::  w j 6: await  j : j  i ::  s j 7: s i := false; goto 1

17 Linear Process Networks: Token Passing T NNNN 

18 N TNNN 

19 N NTNN 

20  Alphabet : S = {N, T }  Configurations : words over S  Initial Configurations : T N* (regular lang.)  Transition Relation : transducer : N/N T/NN/T N/N Token Passing: Model

21 N/N T/NN/T N/N T N N NInitial configuration (T N*) A Run of the Transducer : R

22 N/N T/NN/T N/N T N N N N T N N Initial configuration (T N*) A Run of the Transducer : R R

23 N/N T/NN/T N/N T N N N N T N N N N T N Initial configuration (T N*) A Run of the Transducer : R R R

24 N/N T/NN/T N/N T N N N N T N N N N T N N N N T Initial configuration (T N*) A Run of the Transducer : R R R R

25 N/N T/NN/T N/N T N* Initial configurations Symbolic Run of the Transducer : R

26 N/N T/NN/T N/N T N* N T N* Initial configurations Symbolic Run of the Transducer : R R

27 N/N T/NN/T N/N T N* N T N* N N T N* Initial configurations Symbolic Run of the Transducer : R R R

28 N/N T/NN/T N/N T N* N T N* N N T N* N N N T N* Initial configurations Symbolic Run of the Transducer : R R R R  Termination ?  Ideally: compute: R* (T N*) = N* T N*

29 N/N T/NN/T N/N T N N N N Column Transducer R q 0 q 1 q 2

30 N/N T/NN/T N/N T N N N N Column Transducer R q 0 q 1 q 2 q 2 q 0 q 1 q 2 q 2 q 2 N T N N N

31 N/N T/NN/T N/N T N N N N Column Transducer R q 0 q 1 q 2 q 2 q 0 q 1 q 2 q 2 q 2 N T N N N q 1 q 0 q 0 q 2 q 2 q 2 N N T N N

32 N/N T/NN/T N/N T N N N N Column Transducer R q 0 q 1 q 2 q 2 q 0 q 1 q 2 q 2 q 2 N T N N N q 1 q 0 q 0 q 2 q 2 q 2 N N T N N q 0 q 0 q 0 q 1 q 2 q 2 N N N T N

33 N/N T/NN/T N/N T N N N N Column Transducer R q 0 q 1 q 2 q 2 q 0 q 1 q 2 q 2 q 2 N T N N N q 1 q 0 q 0 q 2 q 2 q 2 N N T N N q 0 q 0 q 0 q 1 q 2 q 2 N N N T N q 0 q 0 q 0 q 0 q 1 q 2 N N N N T

34 N/N T/NN/T N/N T N N N N Column Transducer R q 0 q 1 q 2 q 2 q 0 q 1 q 2 q 2 q 2 N T N N N q 1 q 0 q 0 q 2 q 2 q 2 N N T N N q 0 q 0 q 0 q 1 q 2 q 2 N N N T N q 0 q 0 q 0 q 0 q 1 q 2 N N N N T

35 Column Transducer  Configurations: columns – members of S  Transitions :  Initial configurations : columns of initial states  Final configurations : columns of final states a q 0 r 0 b q 1 r 1 q 2 r 2 q 3 r 3 c d e x yx a e + y

36 N/N T/NN/T N/N Example : Token passing R q 0 q 1 q 2 q 0 q 0 q 0 q 0 q 0 q 0 initial columns : q 0 q 0 q 0 q 0 q 2 q 2 q 2 q 2 q 2 q 2 final columns : q 2 q 2 q 2 q 2 q 2 q 1 q 0 q 0 q 2 q 2 q 1 q 0 N N q 2 q 1 q 0 q 0 q 2 q 2 q 1 q 0 N N N T N and therefore transitions : e.g.

37 N/N T/NN/T N/N Example : Token passing R q 0 q 1 q 2 q 0 q 0 q 0 q 0 q 0 q 0 initial columns : q 0 q 0 q 0 q 0 q 2 q 2 q 2 q 2 q 2 q 2 final columns : q 2 q 2 q 2 q 2  Transducer language = transitive closure  Problem : number of columns infinite !!  Solution: abstraction !! =

38 Computing Abstract Transducer  Start with original transducer  repeat  Define equivalence on columns  until construction stabilizes

39 Computing Abstract Transducer  Start with initial configurations (columns)  repeat then add  Define equivalence on columns xz a b y w b c if and XyXy zwzw a c  until construction stabilizes

40 Computing Abstract Transducer  Start with initial configurations (columns)  repeat then add  Define equivalence on columns if x y then merge x and y xz a b y w b c if and XyXy zwzw a c  until construction stabilizes

41 Defining Left-copying states Right-copying states Non-copying states N T N T T T N N T T

42 Defining Left-copying states Right-copying states Non-copying states N T N T T T N N T T x y if x = y modulo deletion of identical left- or right-copying neighbours

43 N/N T/NN/T N/N Example : Token passing R q 0 q 1 q 2 Left-copying state : Right-copying state : q 02 q q 0 q 0 q 1 q 2 q 2 q 0 q 1 q 2 q 2

44 N/N N/T N/N Example : Token passing q 2 T/N q 1 q 0

45 N/N T/N N/T N/N Example : Token passing q 2 q 0 q 0 q 1 q 0 T/N q 1 q 0

46 N/N T/N N/T N/N Example : Token passing q 2 q 0 q 0 q 1 q 0 T/N q 1 q 0

47 N/T N/N Example : Token passing q 2 q 1 q 0 T/N q 1 q 0 N/N

48 T/N N/T N/N Example : Token passing q 2 q 1 q 0 T/N q 1 q 0 q 2 q 1 N/N

49 T/N N/T N/N Example : Token passing q 2 q 1 q 0 T/N q 1 q 0 q 2 q 1 q 2 q 2 N/T N/N

50 T/N N/T N/N Example : Token passing q 2 q 1 q 0 T/N q 1 q 0 q 2 q 1 q 2 q 2 N/T N/N

51 T/N N/T N/N Example : Token passing q 2 q 1 q 0 T/N q 1 q 0 q 2 q 1 N/T N/N

52 T/N N/T N/N Example : Token passing q 2 q 1 q 0 T/N q 1 q 0 q 2 q 1 N/T q 0 q 2 q 1 q 0 q 1 q 0 N/N

53 T/N N/T N/N Example : Token passing q 2 q 1 q 0 T/N q 1 q 0 q 2 q 1 N/T q 0 q 2 q 1 q 0 q 1 q 0 N/N

54 T/N N/T N/N Example : Token passing q 2 T/N q 1 q 0 q 2 q 1 N/T q 2 q 1 q 0 q 1 q 0 N/N

55 T/N N/T N/N Example : Token passing q 2 T/N q 1 q 0 q 2 q 1 N/T q 2 q 1 q 0 q 1 q 0 N/N q 2 q 2 q 1

56 T/N N/T N/N Example : Token passing q 2 T/N q 1 q 0 q 2 q 1 N/T q 2 q 1 q 0 q 1 q 0 N/N q 2 q 2 q 1

57 T/N N/T N/N Example : Token passing q 2 T/N q 1 q 0 q 2 q 1 N/T q 2 q 1 q 0 q 1 q 0 N/N

58 T/N N/T N/N Example : Token passing q 2 T/N q 1 q 0 q 2 q 1 N/T q 2 q 1 q 0 q 1 q 0 N/N q 2 q 1 q 0 q 0

59 T/N N/T N/N Example : Token passing q 2 T/N q 1 q 0 q 2 q 1 N/T q 2 q 1 q 0 q 1 q 0 N/N q 2 q 1 q 0 q 0

60 T/N N/T N/N Example : Token passing q 2 T/N q 1 q 0 q 2 q 1 N/T q 2 q 1 q 0 q 1 q 0 N/N

61 initial states equivalence class final states x y Exactness of

62 initial states equivalence class final states x y Exactness of z

63 initial states equivalence class final states x y Exactness of z How to define ?

64 Forward Simulation F x1x1 x2x2 y1y1 F

65 F x1x1 x2x2 y1y1 F  y2y2 F

66 F x1x1 x2x2 y1y1 F  y2y2 F Backward Simulation B x1x1 y1y1 y2y2 B

67 Forward Simulation F x1x1 x2x2 y1y1 F  y2y2 F Backward Simulation B x1x1 y1y1 y2y2 B  y1y1 B

68 x y  z  w y x F F B B iff Equivalence FB, independent: y  w z F B F B x

69 Example B xyx = y modulo deletion of identical left-copying neighbours

70 Example B xyx = y modulo deletion of identical left-copying neighbours q 0 q 0 q 1 q 2 q 0 q 1 q 2 B

71 Example B xyx = y modulo deletion of identical left-copying neighbours q 0 q 0 q 1 q 2 q 0 q 1 q 2 B F xy q 0 q 1 q 2 F x = y modulo deletion of identical right-copying neighbours q 0 q 1 q 2 q 2

72 q 0 q 0 q 1 q 2 q 0 q 0 q 0 q 1 q 2 q 0 q 0 q 0 q 1 q 2 q 0 q 2 Independence F B

73 q 0 q 0 q 1 q 2 q 0 q 0 q 0 q 1 q 2 q 0 q 0 q 0 q 1 q 2 q 0 q 2 F B F B

74 q 0 q 0 q 1 q 2 q 0 q 0 q 0 q 1 q 2 q 0 q 0 q 0 q 1 q 2 q 0 q 2 q 0 F B F B

75 q 0 q 0 q 1 q 2 q 0 q 0 q 0 q 1 q 2 q 0 q 0 q 0 q 1 q 2 q 0 q 2 q 0 q 1 F B F B

76 q 0 q 0 q 1 q 2 q 0 q 0 q 0 q 1 q 2 q 0 q 0 q 0 q 1 q 2 q 0 q 2 q 0 q 1 q 2 q 2 F B F B

77 q 0 q 0 q 1 q 2 q 0 q 0 q 0 q 1 q 2 q 0 q 0 q 0 q 1 q 2 q 0 q 2 q 0 q 0 q 1 q 2 q 0 q 2 F B F B

78 Example B xyx = y modulo deletion of identical left-copying neighbours F xy x = y modulo deletion of identical right-copying neighbours xx = y modulo deletion of identical left- or right-copying neighbours y Induced equivalence :

79 Consequence w F x y

80 w F x y z  B F

81 [x 0 ][x 1 ][x 2 ][x 3 ] y1y1 y2y2 y3y3

82 [x 0 ][x 1 ][x 2 ][x 3 ] y1y1 w0w0 F y2y2 y3y3 x 0 =

83 [x 0 ][x 1 ][x 2 ][x 3 ] y1y1 w0w0 v1v1 FF y2y2 y3y3 x 0 =

84 [x 0 ][x 1 ][x 2 ][x 3 ] y1y1 w0w0 v1v1 FF B y2y2 w1w1 F y3y3 x 0 =

85 [x 0 ][x 1 ][x 2 ][x 3 ] y1y1 w0w0 v1v1 FF B y2y2 w1w1 v2v2 FF B y3y3 F w2w2 x 0 =

86 [x 0 ][x 1 ][x 2 ][x 3 ] y1y1 w0w0 v1v1 FF B y2y2 w1w1 v2v2 FF B y3y3 w3w3 v3v3 FF B w2w2 F x 0 =

87 [x 0 ][x 1 ][x 2 ][x 3 ] y1y1 w0w0 v1v1 FF B y2y2 w1w1 v2v2 FF B y3y3 w3w3 v3v3 FF B w2w2 F z3z3 B x 0 = w3w3

88 [x 0 ][x 1 ][x 2 ][x 3 ] y1y1 w0w0 v1v1 FF B y2y2 w1w1 v2v2 FF B y3y3 w3w3 v3v3 FF B w2w2 F z3z3 B z2z2 B x 0 = w3w3

89 [x 0 ][x 1 ][x 2 ][x 3 ] y1y1 w0w0 v1v1 FF B y2y2 w1w1 v2v2 FF B y3y3 w3w3 v3v3 FF B w2w2 F z3z3 B z2z2 B z1z1 B x 0 = w3w3

90 [x 0 ][x 1 ][x 2 ][x 3 ] y1y1 w0w0 v1v1 FF B y2y2 w1w1 v2v2 FF B y3y3 w3w3 v3v3 FF B w2w2 F z3z3 B z2z2 B z1z1 B z0z0 B x 0 = w3w3

91 Other Examples: Szymanski’s Algorithm (idealized) Pseudocode for process i 1: await  j : j  i ::  s j 2: w i, s i := true,true 3: if  j : j  i :: (pc j  1 /\  w j ) then s i := false; goto 4 else w i := false; goto 5 4: await  j : j  i :: (s j /\  w j ) then w i, s i := false,true 5: await  j : j  i ::  w j 6: await  j : j  i ::  s j 7: s i := false; goto 1

92 Built states in transitive closures

93 www.regularmodelchecking.com All implementation available Implementation of automata with symbolic edges (BDDs) Source available under GPL

94 Future Work Tree-like Topologies Liveness properties Non-structure-preserving Other kinds of systems: stacks, queues, timed, etc

Download ppt "Regular Model Checking Parosh Aziz Abdulla Uppsala University Cooperation with B. Jonsson, M. Nilsson, J. d’Orso."

Similar presentations

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.
Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Recognising Languages We will tackle the problem of defining languages by considering how we could recognise them. Problem: Is there a method of recognising.

Recognising Languages We will tackle the problem of defining languages by considering how we could recognise them. Problem: Is there a method of recognising.
CS 345: Chapter 9 Algorithmic Universality and Its Robustness

CS 345: Chapter 9 Algorithmic Universality and Its Robustness
4b Lexical analysis Finite Automata

4b Lexical analysis Finite Automata
Tree Regular Model Checking P. Abdulla, B. Jonsson, P. Mahata and J. d’Orso Uppsala University.

Tree Regular Model Checking P. Abdulla, B. Jonsson, P. Mahata and J. d’Orso Uppsala University.
Lecture 24 MAS 714 Hartmut Klauck

Lecture 24 MAS 714 Hartmut Klauck
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Equivalence of Extended Symbolic Finite Transducers Presented By: Loris D’Antoni Joint work with: Margus Veanes.

Equivalence of Extended Symbolic Finite Transducers Presented By: Loris D’Antoni Joint work with: Margus Veanes.
Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?

Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?
Keeping a Crowd Safe On the Complexity of Parameterized Verification Javier Esparza Technical University of Munich.

Keeping a Crowd Safe On the Complexity of Parameterized Verification Javier Esparza Technical University of Munich.
Parosh Aziz Abdulla Pritha Mahata Aletta Nyl é n Uppsala University Downward Closed Language Generators.

Parosh Aziz Abdulla Pritha Mahata Aletta Nyl é n Uppsala University Downward Closed Language Generators.
From Monotonic Transition Systems to Monotonic Games Parosh Aziz Abdulla Uppsala University.

From Monotonic Transition Systems to Monotonic Games Parosh Aziz Abdulla Uppsala University.
Compatibility between shared variable valuations in timed automaton network model- checking Zhao Jianhua, Zhou Xiuyi, Li Xuandong, Zheng Guoliang Presented.

Compatibility between shared variable valuations in timed automaton network model- checking Zhao Jianhua, Zhou Xiuyi, Li Xuandong, Zheng Guoliang Presented.
Pushdown Systems Koushik Sen EECS, UC Berkeley Slide Source: Sanjit A. Seshia.

Pushdown Systems Koushik Sen EECS, UC Berkeley Slide Source: Sanjit A. Seshia.
CS21 Decidability and Tractability

CS21 Decidability and Tractability
Verification of Parameterized Timed Systems Parosh Aziz Abdulla Uppsala University Johann Deneux Pritha Mahata Aletta Nylen.

Verification of Parameterized Timed Systems Parosh Aziz Abdulla Uppsala University Johann Deneux Pritha Mahata Aletta Nylen.
EECS 20 Lecture 38 (April 27, 2001) Tom Henzinger Review.

EECS 20 Lecture 38 (April 27, 2001) Tom Henzinger Review.
1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.

Similar presentations

Ads by Google