Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hierarchical and Recursive State Machines with Context- Dependent Properties Salvatore La Torre, Margherita Napoli, Mimmo Parente and Gennaro Parlato Dipartimento.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Hierarchical and Recursive State Machines with Context- Dependent Properties Salvatore La Torre, Margherita Napoli, Mimmo Parente and Gennaro Parlato Dipartimento."— Presentation transcript:

1 Hierarchical and Recursive State Machines with Context- Dependent Properties Salvatore La Torre, Margherita Napoli, Mimmo Parente and Gennaro Parlato Dipartimento di Informatica ed Applicazioni Università degli Studi di Salerno

2 Given : –A system model M (Kripke structure) –A high-level specification  (logic formula) Is M a model of  ? System Verification (Model Checking) Complexity of model checking O ( ·2 |  | ) |M||M| State-Space Explosion O (| M |·2 |  | )

3 Our Target Propose a “new model” to represent models succintly And solve model cheching problems efficiently on it –Reachability –Cycle detection –L TL -ModelChecking

4 Recursive State Machine A RSM M =(M 1,…, M k ) is composed by –k machines modelling k procedures –machines can call each other recursively –Machines are represented through graphs

5 Vertices Machines has two kind of vertices: Nodes (internal state) Boxes (procedure-call)

6 Entry and Exit Nodes parameters e3e3 e2e2 e1e1 ex 3 ex 4 ex 2 ex 1 Entry nodes Exit nodes return values

7 Edges Node-to-Node Box-to-NodeNode-to-Box Box-to-Box

8 Labelling Given a set of Atomic Proposition We associates to both nodes and boxes set of AP p,q,r t,r,p

9 M1M1 M2M2 M3M3 second 0 second 59 minute 0 minute 59 hour 0 hour 23 Seconds Minutes Hours Example: Digital Clock modelled by Hierarchical State Machine min 59 min 0 out 3 start 3 h 23 h0h0 start 2 out 2 sec 0 out 1 sec 59 start 1

10 sec 0 sec 60 Flat Model M1FM1F out 2 start 2 M2FM2F min 59 min 0 minute 0 minute 59 sec 0 sec 60 sec 0 sec 60 The flat model has 24·60·60=86,400 states Our model has 24+60+60+6=150 vertices. sec 0 sec 60 M1FM1F

11 HSMs in [AY98] Only nodes are labeled with atomic propositions: a model and its flat have the same number of different labels To check properties with a precise time (i.e., check for time 10:20: 45 ) the model must have at least a node for each possible hh.mm.ss. Our model can be exponentially more succinct

12 Related Work Model checking of hierarchical state machines. [Alur, Yannakakis 1998] Analysis of recursive state machines. [Alur, Etessami, Yannakakis 2001] Model checking of unrestricted hierarchical state machines. [Benedikt, Godefroid, Reps 2001] Visibly pushdown languages [Alur, Madhusudan 2004] A temporal logic of nested calls and returns[Alur,Etessami,Madhusudan 2004]

13 Outline Overview  Reachability problem LTL-Model Checking Conclusion

14 MFMF [in k ] Reachability Problem Given a HSM M and a propositional boolean formula , the Reachability Problem is: Is there a reachable state (in the flat of M ) on which  holds ? X  (label(X))=TRUE

15 Computational Complexity The reachability problem is NP-complete –NP-hardness 3-CNF-SAT  Reachability (with AND of literals) –NP-membership 1.guess a state X of M F 2.check if X is reachable in M F 3.verify  on X We can solve Reachability in O (| M |·|  |·2 |AP| ) time

16 A Solution in O (λ·|M|·|  |) MiFMiF Start i q  (L(q)UP)=TRUE Reach  (i,P)=TRUE   a reachable state of M i F satisfying  (assume propositions P hold TRUE on all states of M i F ) Reach  (k,Ø) P

17 Reach  (expand(b), )=TRUE Start i q  (L(q)UP)=TRUE How to compute Reach  (i,P) MiMi b L(b) PP U

18 Our Algorithm Reach  (i,P) = = V  (P U label (u)) V u is a reachable node of M i V Reach  (expand (b),P U label (b)) b is reachable box of M i Reach  (i,P) takes O(|M i |·|φ|) time + time for calls Reach  (expand (b),P U label (b)) Total time is O(λ·|M|·|  |) (λ is the max # of different sets P for machine)

19 Good cases Reach  (k,Ø) takes O(λ·|M|·|  |) with λ≤2 |AP| If λ is bounded by a costant, then Reach  (k,Ø) takes O(|M|·|  |) In particular, if M is a Alur and Yannakakis machine, every M i inherits only the empty set (λ =1)

20 u p Restricted HSM p

21 Efficient Solution on Restricted HSM Reachability on Restricted HSM and formulas in DNF is decidable in O(|M|·|  |) time Reachability is NP-hard if either: –M is a nonrestricted HSM or –  is a (general) boolean formula Reachability is decidable in O(|M|·2 |  | ) time on Restricted HSM

22 Outline Overview Reachability problem  L TL -Model Checking Conclusion

23 L TL Model Checking We use the automata-theoretic approach Given a HSM M and an L TL -formula , the problem is: Does every trace of the flat model of M satisfy  ?

24 Automata-Theoretic Approach 1. Given an L TL -formula , we build a Büchi automaton A ¬ . 3.  is satisfied on M  L ( M ‘)=Ø. O (2 |  | ) [Vardi and Wolper] O (| M |·16 |  | ) O ( M‘ ) [Alur at al.] 2. We build a new HSM M ‘ as a product of M and A ¬ . Main Result LTL Model-Checking can be solved in O (| M |·16 |  | ) time

25 Structures of M ’ M ‘ consists of graphs M (i,j,P) M (i,j,P) is contained in the Cartesian product of M i and A ¬  : –start i is coupled with j (A ¬  state) –the set of atomic propositions P is inherited from its ancestors

26 Nodes of M (i,j,P) PUP u =P q Node of M (i,j,P) [u,q,j,P] PuPu State of A ¬  q PqPq Node of M i u PuPu

27 Boxes of M (i,j,P) State of A ¬  q PqPq PUP b U P start h =P q Box of M i b start h P start h PbPb Box of M (i,j,P) [b,q,j,P] PbPb M (h,q,PUP b )

28 Edges from node of M (i,j,P) Edge from node of M i u v Node of M (i,j,P) [u,q’,j,P] [v,q’’,j,P] Edge of A ¬  q’ q’’

29 Edges from box of M (i,j,P) A edge of A ¬  q’’q’ A edge from box of M i b v o A edge from box of M (i,j,P) [b,q,j,P] [v,q’’,j,P] [o,q’,h,P’]

30 Outline Overview Reachability problem L TL -Model Checking  Conclusion

31 Cycle Detection Cycle detection problem: Is there a cycle in M F containing a reachable state on which  holds? Computational complexity: –NP-complete –solution in time O(| M |·|  |·2 |  | ) (same as reachability)

32 Conclusion Decision problems: –Reachability –Cycle detection –LTL model-checking Restricted HSMs Recursive Finite State Machines (Expansions model recursive calls)

33 Recursive Finite State Machines RSM = HSM with recursive expansions b MiMi MiMi b

34 Main results Reachability Cycle detection L TL Model Cheching RSM NP-complete O(| M |·|  |·2 |  | ) Pspace-complete O(|M|·16 |  | ) restricted HSM  in DNF O(|M|·|  |) Pspace-complete O(|M|·8 |  | )

Download ppt "Hierarchical and Recursive State Machines with Context- Dependent Properties Salvatore La Torre, Margherita Napoli, Mimmo Parente and Gennaro Parlato Dipartimento."

Similar presentations

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
1 Verification of Parameterized Systems Reducing Model Checking of the Few to the One. E. Allen Emerson, Richard J. Trefler and Thomas Wahl Junaid Surve.

1 Verification of Parameterized Systems Reducing Model Checking of the Few to the One. E. Allen Emerson, Richard J. Trefler and Thomas Wahl Junaid Surve.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Partial Order Reduction: Main Idea

Partial Order Reduction: Main Idea
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Planning based on Model Checking Dept. of Information Systems and Applied CS Bamberg University Seminar Paper Svetlana Balinova.

Planning based on Model Checking Dept. of Information Systems and Applied CS Bamberg University Seminar Paper Svetlana Balinova.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
The Theory of NP-Completeness

The Theory of NP-Completeness
1 NP-Complete Problems. 2 We discuss some hard problems:  how hard? (computational complexity)  what makes them hard?  any solutions? Definitions 

1 NP-Complete Problems. 2 We discuss some hard problems:  how hard? (computational complexity)  what makes them hard?  any solutions? Definitions 
CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.

CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.
A Fixpoint Calculus for Local and Global Program Flows Swarat Chaudhuri, U.Penn (with Rajeev Alur and P. Madhusudan)

A Fixpoint Calculus for Local and Global Program Flows Swarat Chaudhuri, U.Penn (with Rajeev Alur and P. Madhusudan)
SYMBOLIC MODEL CHECKING: 10 20 STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.

SYMBOLIC MODEL CHECKING: STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.
 Dr. Vered Gafni 1 LTL Decidability Enables consistency check, but also base for verification.

 Dr. Vered Gafni 1 LTL Decidability Enables consistency check, but also base for verification.
Review of topics Final exam : -May 2nd to May 7 th - Projects due on May 7th.

Review of topics Final exam : -May 2nd to May 7 th - Projects due on May 7th.
Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Strichman Carnegie Mellon University.

Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Strichman Carnegie Mellon University.
The Language Theory of Bounded Context-Switching Gennaro Parlato (U. of Illinois, U.S.A.) Joint work with: Salvatore La Torre (U. of Salerno, Italy) P.

The Language Theory of Bounded Context-Switching Gennaro Parlato (U. of Illinois, U.S.A.) Joint work with: Salvatore La Torre (U. of Salerno, Italy) P.
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.

Similar presentations

Ads by Google