Crash course Verification of Finite Automata CTL model-checking

Similar documents
Crash course Verification of Finite Automata Binary Decision Diagrams

Overview. Discrete Event Systems Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?

Finite-State Model Checking

Model Checking I. What are LTL and CTL? dack. and. dreq. and. q0bar

Computation Tree Logic (CTL) & Basic Model Checking Algorithms

Automata-based Verification - III

Temporal Logic Model Checking

Model Checking Algorithms

3-Valued Abstraction-Refinement

Model Checking I. What are LTL and CTL? dack. and. dreq. and. q0bar

Lecture 16: Computation Tree Logic (CTL)

Automata-based Verification - III

The State Explosion Problem

Model Checking. Temporal Logic. Fifth International Symposium in Programming, volume. of concurrent systems in CESAR. In Proceedings of the

Verification. Arijit Mondal. Dept. of Computer Science & Engineering Indian Institute of Technology Patna

Algorithmic verification

CS357: CTL Model Checking (two lectures worth) David Dill

Lecture 2: Symbolic Model Checking With SAT

Models for Efficient Timed Verification

Model for reactive systems/software

Model Checking: An Introduction

Formal Verification of Mobile Network Protocols

Model Checking with CTL. Presented by Jason Simas

Chapter 4: Computation tree logic

Great Theoretical Ideas in Computer Science. Lecture 4: Deterministic Finite Automaton (DFA), Part 2

CSC236 Week 11. Larry Zhang

PanHomc'r I'rui;* :".>r '.a'' W"»' I'fltolt. 'j'l :. r... Jnfii<on. Kslaiaaac. <.T i.. %.. 1 >

Lecture 3. Logic Predicates and Quantified Statements Statements with Multiple Quantifiers. Introduction to Proofs. Reading (Epp s textbook)

Finite Automata Theory and Formal Languages TMV027/DIT321 LP4 2018

Finite Automata Theory and Formal Languages TMV027/DIT321 LP4 2017

Temporal logics and explicit-state model checking. Pierre Wolper Université de Liège

Temporal Logic. M φ. Outline. Why not standard logic? What is temporal logic? LTL CTL* CTL Fairness. Ralf Huuck. Kripke Structure

A brief history of model checking. Ken McMillan Cadence Berkeley Labs

Course Runtime Verification

Sanjit A. Seshia EECS, UC Berkeley

Computer-Aided Program Design

Bounded Model Checking with SAT/SMT. Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39

Computation Tree Logic (CTL)

Reasoning under Uncertainty: Intro to Probability

Module 7 (Lecture 25) RETAINING WALLS

Summary. Computation Tree logic Vs. LTL. CTL at a glance. KM,s =! iff for every path " starting at s KM," =! COMPUTATION TREE LOGIC (CTL)

PSL Model Checking and Run-time Verification via Testers

CTL Model Checking. Wishnu Prasetya.

COMPRESSED STATE SPACE REPRESENTATIONS - BINARY DECISION DIAGRAMS

Constructions on Finite Automata

1. Draw a parse tree for the following derivation: S C A C C A b b b b A b b b b B b b b b a A a a b b b b a b a a b b 2. Show on your parse tree u,

Introduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either

Double Header. Model Checking. Model Checking. Overarching Plan. Take-Home Message. Spoiler Space. Topic: (Generic) Model Checking

PHY103A: Lecture # 4

The algorithmic analysis of hybrid system

Topics in Verification AZADEH FARZAN FALL 2017

AVACS Automatic Verification and Analysis of Complex Systems REPORTS. of SFB/TR 14 AVACS. Editors: Board of SFB/TR 14 AVACS

Partial model checking via abstract interpretation

BOOLEAN ALGEBRA INTRODUCTION SUBSETS

Büchi Automata and Their Determinization

Digital Systems. Validation, verification. R. Pacalet January 4, 2018

CTL Model checking. 1. finite number of processes, each having a finite number of finite-valued variables. Model-Checking

Learning to Verify Branching Time Properties

Computation Tree Logic

Model-Checking Games: from CTL to ATL

2.3 Exercises. (a) F P(A). (Solution)

CS Lecture 8 & 9. Lagrange Multipliers & Varitional Bounds

Real Numbers. Real numbers are divided into two types, rational numbers and irrational numbers

Temporal Logic. Stavros Tripakis University of California, Berkeley. We have designed a system. We want to check that it is correct.

Introduction. Pedro Cabalar. Department of Computer Science University of Corunna, SPAIN 2013/2014

Finite Automata Theory and Formal Languages TMV026/TMV027/DIT321 Responsible: Ana Bove

Computation Tree Logic

Modal and temporal logic

Principles. Model (System Requirements) Answer: Model Checker. Specification (System Property) Yes, if the model satisfies the specification

NPTEL Phase-II Video course on. Design Verification and Test of. Dr. Santosh Biswas Dr. Jatindra Kumar Deka IIT Guwahati

Chap. 1.2 NonDeterministic Finite Automata (NFA)

CS256/Spring 2008 Lecture #11 Zohar Manna. Beyond Temporal Logics

Model checking the basic modalities of CTL with Description Logic

Logic Model Checking

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Tutorial on Axiomatic Set Theory. Javier R. Movellan

Large Scale Data Analysis Using Deep Learning

Logic and Automata I. Wolfgang Thomas. EATCS School, Telc, July 2014

Guest lecturer: Prof. Mark Reynolds, The University of Western Australia

MODEL CHECKING. Arie Gurfinkel

Alan Bundy. Automated Reasoning LTL Model Checking

CSE 2001: Introduction to Theory of Computation Fall Suprakash Datta

Model Checking & Program Analysis

Lecture 2: Connecting the Three Models

State-Space Exploration. Stavros Tripakis University of California, Berkeley

Constructions on Finite Automata

FORMAL METHODS LECTURE IV: COMPUTATION TREE LOGIC (CTL)

The Design Procedure. Output Equation Determination - Derive output equations from the state table

Discrete Event Systems Solution to Exercise Sheet 3

Chapter 3 Deterministic planning

Program Analysis Part I : Sequential Programs

LTL and CTL. Lecture Notes by Dhananjay Raju

Equivalence Checking of Sequential Circuits

Abstractions and Decision Procedures for Effective Software Model Checking

FORMAL METHODS LECTURE V: CTL MODEL CHECKING

Automata-Theoretic LTL Model-Checking

CSE 105 Homework 1 Due: Monday October 9, Instructions. should be on each page of the submission.

cse303 ELEMENTS OF THE THEORY OF COMPUTATION Professor Anita Wasilewska

CSE 2001: Introduction to Theory of Computation Fall Suprakash Datta

Reasoning under Uncertainty: Intro to Probability

Transcription:

Crash course Verification of Finite Automata CTL model-checking Exercise session - 07.12.2016 Xiaoxi He 1

Reminders Big picture Objective Verify properties over DES models Formal method Absolute guarantee! Problem Combinatorial explosion Huge amount of states, computationally intractable Solution Work with sets of states Symbolic Model-Checking (O)BDDs 2

Reminders First exercise session Equivalence between sets and Boolean equations BBD representation of Boolean functions 3

Let see what you remember! 4

5

Today s menu 1. Reachability of states 2. Comparison of automata 3. Formulation and verification of CTL properties Can be formulated as reachability problems 6

Reachability of states Fairly simple 1. Start from the initial set of states, 2. Compute all states you can transition to in one hop (one transition), The successor states, 3. Join the two sets, 4. Iterate from 2. until you reach a fix point. 5. Done! Is this guarantee to terminate? 7

Reachability of states Fairly simple 1. Start from the initial set of states, 2. Compute all states you can transition to in one hop (one transition), The successor states, 3. Join the two sets, 4. Iterate from 2. until you reach a fix point. 5. Done! Is this guarantee to terminate? Only if you have a finite model!! How can we formalize this problem? 8

Formalization of reachable states δδ XX EE XXX EE qq qqq qq qq E XX δδ E XXX qqq qq XX qq XX, δδ qq, qq iiii dddddddddddddd ψψ δδ qq, qq = 1 qq XX qq XX, δδ qq, qq iiii dddddddddddddd qq XX, ψψ δδ qq, qq = 0 9

Formalization of reachable states δδ XX EE XXX EE qq qqq E XX qq E Q = Suc(Q,δδ) δδ What is Q? Q XXX qq QQ qq XX qq XX, ψψ δδ qq, qq = 1 satisfies qqq Not sufficient! We also need that qq belongs to QQ qq QQ or equivalently ψψ QQ qq = 1 10

Formalization of reachable states δδ XX EE XXX EE qq qqq E XX qq E Q = Suc(Q,δδ) δδ What is Q? Q qqq XXX qq QQ qq XX, ψψ QQ qq = 1 and ψψ δδ qq, qq = 1 qq XX, ψψ QQ qq ψψ δδ qq, qq = 1 QQ = SSSSSS QQ, δδ = qq qq XX, ψψ QQ qq ψψ δδ qq, qq = 1} 11

Formalization of reachable states δδ XX EE XXX EE qq qqq E XX qq E Q = Suc(Q,δδ) δδ Q qqq XXX QQ = SSSSSS QQ, δδ = qq qq XX, ψψ QQ qq ψψ δδ qq, qq = 1} ψψ QQQ = ψψ QQ ψψ δδ QQ RR : set of reachable states QQ RR = QQ 0 ii 0 SSSSSS(QQ ii, δδ) ψψ QQRR = ψψ QQ0 ii 0 ψψ QQii ψψ δδ 12 Again, finite union if finite model

Comparison of automata Two automata are equivalent Computation of the joint transition function, Same input produces same output Computation of the reachable states (method according to previous slides), Don t compare states! Get rid of the input Computation of the reachable output values, The automata are not equivalent if the following term is true, Compute QQ RR Deduce reachable outputs Test for equivalence 13

Formulation of CTL properties Based on atomic propositions (φφ) and quantifiers Aφφ «All φφ», φφ holds on all paths Eφφ «Exists φφ», φφ holds on at least one path Quantifiers over paths Xφφ «NeXt φφ», φφ holds on the next state Fφφ «Finally φφ», φφ holds at some state along the path Gφφ «Globally φφ», φφ holds on all states along the path φφ 1 Uφφ 2 «φφ 1 Until φφ 2», φφ 1 holds until φφ 2 holds Path-specific quantifiers 14

Formulation of CTL properties Proper CTL formula: {A,E} {X,F,G,U}φφ Missing Hypothesis Interpretation on CTL formula Quantifiers go by pairs, you need one of each. Transition functions are fully defined (i.e. every state has at least one successor) Automaton of interest Automaton to work with 15

Formulation of CTL properties EF φφ : There exists a path along which at some state φφ holds. s q φφ q EF φφ r? s? r 16

Formulation of CTL properties EF φφ : There exists a path along which at some state φφ holds. s q φφ q EF φφ r EF φφ s EF φφ r 17

Formulation of CTL properties AF φφ : On all paths, at some state φφ holds. s q φφ q AF φφ r? s? r 18

Formulation of CTL properties AF φφ : On all paths, at some state φφ holds. s q φφ q AF φφ r AF φφ s AF φφ r 19

Formulation of CTL properties AG φφ : On all paths, for all states φφ holds. q s r φφ q AG φφ r? s? 20

Formulation of CTL properties AG φφ : On all paths, for all states φφ holds. q s r φφ q AG φφ r AG φφ s AG φφ 21

Formulation of CTL properties EG φφ : There exists a path along which for all states φφ holds. q s r φφ q EG φφ r? s? 22

Formulation of CTL properties EG φφ : There exists a path along which for all states φφ holds. q s r φφ q EG φφ r EG φφ s EG φφ 23

Formulation of CTL properties φφeuψ : There exists a path along which φφ holds until Ψ holds. s Ψ φφ q q φφeuψ r? s? r 24

Formulation of CTL properties φφeuψ : There exists a path along which φφ holds until Ψ holds. s Ψ φφ q q φφeuψ r φφeuψ s φφeuψ r 25

Formulation of CTL properties φφauψ : On all paths, φφ holds until Ψ holds. s Ψ φφ q q φφauψ r? s? r 26

Formulation of CTL properties φφauψ : On all paths, φφ holds until Ψ holds. s Ψ φφ q q φφauψ r φφauψ s φφauψ r 27

Formulation of CTL properties AXφφ : On all paths, the next state satisfies φφ. EXφφ : There exists a path along which the next state satisfies φφ. s φφ q q EXφφ r? s? r 28

Formulation of CTL properties AXφφ : On all paths, the next state satisfies φφ. EXφφ : There exists a path along which the next state satisfies φφ. s φφ q q EXφφ r EXφφ s EXφφ r 29

Formulation of CTL properties AG EF φφ : On all paths and for all states, there exists a path along which at some state φφ holds. s φφ q q AG EFφφ r? s? r 30

Formulation of CTL properties AG EF φφ : On all paths and for all states, there exists a path along which at some state φφ holds. s φφ q q AG EFφφ r AG EFφφ s AG EFφφ r 31

Inverting properties is sometimes useful! AG φφ EF φφ AF φφ EG φφ EF φφ AG φφ EG φφ AF φφ On all paths, for all states φφ holds. There exists no path along which at some state φφ doesn t hold. Remark There exists other temporal logics LTL (Linear Tree Logic) CTL* = {CTL,LTL} 32

How to verify CTL properties? Convert the property verification into a reachability problem 1. Start from states in which the property holds; 2. Compute all predecessor states for which the property still holds true; (same as for computing successor, with the inverse the transition function) 3. If initial states set is a subset, the property is satisfied by the model. Computation specifics are described in the lecture slides. 33

So what is Model-Checking exactly? An algorithm Input A DES model, M Finite automata, Petri nets, Kripke machine, A logic property, φφ CTL, LTL, Output M φφ? A trace for which the property does not hold! 34

Crash course Verification of Finite Automata CTL model-checking Slides online on my webpage: http://people.ee.ethz.ch/~jacobr/ Your turn to work! 35

36

Comparison of Finite Automata a) Express the characteristic function of the transition relation for both automaton, ψψ rr (xx, xx, uu). 37

Comparison of Finite Automata b) Express the joint transition function, ψψ ff. 38

Comparison of Finite Automata c) Express the characteristic function of the reachable states, ψψ XX (xx AA, xx BB ). 39

Comparison of Finite Automata d) Express the characteristic function of the reachable output, ψψ YY (xx AA, xx BB ). and 40

Comparison of Finite Automata e) Are the automata equivalent? Hint: Evaluate, for example, ψψ YY (0,1). Or, in a more general way, and implies Automata are not equivalent. 41

Temporal Logic i. EF a ii. EG a 0 iii. EX AX a iv. EF ( a AND EX NOT(a) ) 3 1 2 42

Temporal Logic i. EF a ii. EG a 0 iii. EX AX a iv. EF ( a AND EX NOT(a) ) 3 1 2 43

Temporal Logic i. EF a ii. EG a 0 iii. EX AX a iv. EF ( a AND EX NOT(a) ) 3 1 2 44

Temporal Logic i. EF a ii. EG a 0 iii. EX AX a iv. EF ( a AND EX NOT(a) ) 3 1 2 45

Temporal Logic i. EF a ii. EG a 0 iii. EX AX a iv. EF ( a AND EX NOT(a) ) 3 1 2 46

Temporal Logic Trick AF Z not(eg not(z)) 47

Crash course Verification of Finite Automata CTL model-checking See you next week! 48

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback