Computation Tree Logic

Similar documents
Finite State Model Checking

Finite state automata

Model checking, verification of CTL. One must verify or expel... doubts, and convert them into the certainty of YES [Thomas Carlyle]

CTL, the branching-time temporal logic

Principles. Model (System Requirements) Answer: Model Checker. Specification (System Property) Yes, if the model satisfies the specification

p,egp AFp EFp ... p,agp

Temporal Logic Model Checking

Model Checking with CTL. Presented by Jason Simas

Using BDDs to Decide CTL

Symbolic Model Checking

Lecture 16: Computation Tree Logic (CTL)

Computation Tree Logic

Memoryfull Branching-Time Logic

A brief history of model checking. Ken McMillan Cadence Berkeley Labs

Guest lecturer: Prof. Mark Reynolds, The University of Western Australia

Summary. Computation Tree logic Vs. LTL. CTL at a glance. KM,s =! iff for every path " starting at s KM," =! COMPUTATION TREE LOGIC (CTL)

Verification. Arijit Mondal. Dept. of Computer Science & Engineering Indian Institute of Technology Patna

3. Temporal Logics and Model Checking

Verification Using Temporal Logic

Finite-State Verification or Model Checking. Finite State Verification (FSV) or Model Checking

DRAFT - do not circulate

UPPAAL tutorial What s inside UPPAAL The UPPAAL input languages

Topics in Verification AZADEH FARZAN FALL 2017

Model Checking I. What are LTL and CTL? dack. and. dreq. and. q0bar

Model Checking for the -calculus. Paolo Zuliani , Spring 2011

Game Specification in the Trias Politica

Chapter 6: Computation Tree Logic

Computation Tree Logic (CTL)

Model Checking: An Introduction

Explicit State Model Checking Algorithm for CTL. CSE 814 CTL Explicit-State Model Checking Algorithm

CS357: CTL Model Checking (two lectures worth) David Dill

Computation Tree Logic

Overview. overview / 357

Model Checking I. What are LTL and CTL? dack. and. dreq. and. q0bar

ESE601: Hybrid Systems. Introduction to verification

Comp487/587 - Boolean Formulas

On the Chvatál-Complexity of Knapsack Problems

A Brief Introduction to Model Checking

Chapter 4: Computation tree logic

Model for reactive systems/software

Double Header. Model Checking. Model Checking. Overarching Plan. Take-Home Message. Spoiler Space. Topic: (Generic) Model Checking

What is Temporal Logic? The Basic Paradigm. The Idea of Temporal Logic. Formulas

Linear diophantine equations for discrete tomography

Periodic scheduling 05/06/

Introduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either

Model Checking. Temporal Logic. Fifth International Symposium in Programming, volume. of concurrent systems in CESAR. In Proceedings of the

Model checking the basic modalities of CTL with Description Logic

Model checking (III)

SAT based Abstraction-Refinement using ILP and Machine Learning Techniques

CTL Model checking. 1. finite number of processes, each having a finite number of finite-valued variables. Model-Checking

ABSTRACT MODEL REPAIR

ABSTRACT MODEL REPAIR

Simplifications to Conservation Equations

STA 250: Statistics. Notes 7. Bayesian Approach to Statistics. Book chapters: 7.2

CDH/DDH-Based Encryption. K&L Sections , 11.4.

MODEL CHECKING. Arie Gurfinkel

Radial Basis Function Networks: Algorithms

x 2 a mod m. has a solution. Theorem 13.2 (Euler s Criterion). Let p be an odd prime. The congruence x 2 1 mod p,

An Introduction To Range Searching

Computation Tree Logic (CTL) & Basic Model Checking Algorithms

Introduction to Probability and Statistics

3-Valued Abstraction-Refinement

Computation Tree Logic (CTL)

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Temporal logics and explicit-state model checking. Pierre Wolper Université de Liège

Overview. Discrete Event Systems Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?

Thorough Checking Revisited

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Topic: Lower Bounds on Randomized Algorithms Date: September 22, 2004 Scribe: Srinath Sridhar

Model Checking in the Propositional µ-calculus

where x i is the ith coordinate of x R N. 1. Show that the following upper bound holds for the growth function of H:

Lecture 14: Introduction to Decision Making

Learning to Verify Branching Time Properties

Temporal Logics. & verification. & automated verification. Why formal specifications? automated verification: specification:

Numerical Linear Algebra

Temporal & Modal Logic. Acronyms. Contents. Temporal Logic Overview Classification PLTL Syntax Semantics Identities. Concurrency Model Checking

Alternating Time Temporal Logics*

Theorem Proving beyond Deduction

SMV the Symbolic Model Verifier. Example: the alternating bit protocol. LTL Linear Time temporal Logic

An Introduction to Information Theory: Notes

Software Verification using Predicate Abstraction and Iterative Refinement: Part 1

Unbounded, Fully Symbolic Model Checking of Timed Automata using Boolean Methods

MODEL-CHECKING IN DENSE REAL-TIME SHANT HARUTUNIAN

Combinatorics of topmost discs of multi-peg Tower of Hanoi problem

Binary Decision Diagrams

Model Checking Algorithms

Practice Final Solutions

An introduction to forest-regular languages

Computation Tree Logic

Automata, Logic and Games: Theory and Application

18.312: Algebraic Combinatorics Lionel Levine. Lecture 12

Approximating min-max k-clustering

Symbolic Trajectory Evaluation (STE): Orna Grumberg Technion, Israel

Model Checking. Boris Feigin March 9, University College London

Introduction to Model Checking

Forward and Time-Jumping Symbolic Model Checking for Real Time Systems

Lecture Notes on Model Checking

On-the-Fly Model Checking for Extended Action-Based Probabilistic Operators

Finding Shortest Hamiltonian Path is in P. Abstract

Guest lecturer: Mark Reynolds, The University of Western Australia

Transcription:

Comutation Tree Logic Finite State Model Checking of Branching Time Logic Kim Guldstrand Larsen BRICS@Aalborg 1 Tool Suort Finite State Systems System Descrition A Reuirement F CTL TOOL Course Objectives: Model systems and secify reuirements Validate models using TOOLS Understand main underlying theoretical and ractical roblems No! Debugging Information Yes, Prototyes Executable Code Test seuences Tools: UPPAAL, SPIN, VisualSTATE, Statemate, Verilog, Formalcheck,... 2 1

Mutual Exclusion Token Mutual Exclusion Semafor 2

Mutual Exclusion Forward Reachability Token 5 Mutual Exclusion Forward Reachability Token 6

Mutual Exclusion Forward Reachability C1 I2 Token 7 Mutual Exclusion Forward Reachability T C1 I2 C1 T2 Token 8

Mutual Exclusion Forward Reachability T T T C1 I2 I1 C2 T T C1 T2 T1 C2 T Token 9 Mutual Exclusion Krike Structures I1 C2 C1 I2 T1 C2 C1 T2 1 5

Mutual Exclusion Forward Reachability F F F C1 I2 T F I1 C2 T C1 T2 T T1 C2 T Semafor 11 CTL Models = Krike Structures 12 6

Comutation Tree Logic, CTL Clarke & Emerson 198 Syntax 1 Path The set of ath starting in s s s 1 s 2 s... 1 7

Formal Semantics ( ) 15 CTL, Derived Oerators ossible inevitable EF AF 16 8

CTL, Derived Oerators otentially always always AG EG 17 Theorem A All oerators are derivable from EX EX f f EG EG f f E[ E[ f f U g ] and boolean connectives [ f U g] E[ gu( f g) ] EG g 18 9

Examle 1 2, 19 Examle EX 1 2, 2 1

Examle EX 1 2, 21 Examle AX 1 2, 22 11

Examle AX 1 2, 2 Examle EG 1 2, 2 12

Examle EG 1 2, 25 Examle AG 1 2, 26 1

Examle AG 1 2, 27 Examle A[ U ] 1 2, 28 1

Examle A[ U ] 1 2, 29 Proerties of MUTEX examle? AG (C C ) AG[ T AF(C )] EG [ C1] [ A[ C U ( C A[ C U C ]) ] AG C 1 1 1 2 1 1 1 1 2 HOW to DECIDE IN GENERAL I1 C2 C1 I2 T1 C2 C1 T2 15

CTL Model Checking Algorithms IDA foredrag 2..99 1 Fixoint Characterizations EF EXEF or let A be the set of states satisfying EF then A EX A in fact A is the smallest such set (the least fixoint) 2 16

Examle EF 1 2, A EX A Fixed oints of monotonic functions Let τ be a function S S Say τ is monotonic when x y imlies Fixed oint of τ is y such that τ ( y ) = y If τ monotonic, then it has least fixed oint µy. τ(y) greatest fixed oint νy. τ(y) τ ( x) τ ( y) 17

Iteratively comuting fixed oints Suose S is finite The least fixed oint µy. τ(y) is the limit of false τ (false) τ ( τ (false)) L The greatest fixed oint νy. τ(y) is the limit of true τ (true) τ ( τ (true)) L Note, since S is finite, convergence is finite 5 Examle: EF EF is characterized by EF = µ y. ( EX y) Thus, it is the limit of the increasing series... EX( EX ) EX 6 18

Examle: EG EG is characterized by EG = ν y. ( EX y) Thus, it is the limit of the decreasing series...... EX( EX ) EX 7 Examle, continued 1 2 EF EF = µ y. ( EX y), A A A 1 2 = Ø A = {2,} = {1,2,} = {1,2,} 8 19

Remaining oerators AF AG E( U ) A( U ) = = = = µ y.( AX y) νy.( AX y) µ y.( ( EX µ y.( ( AX y)) y)) 9 Proerties of MUTEX examle? AG[ T AF(C AF(C 1 1 )] 1 )] I1 C2 C1 I2 T1 C2 C1 T2 2

1 2 21

({ s s'.( s, s') R s' Q} Sat( φ)) More Efficient Check EG SCC SCC SCC 22

Examle EG, 5 Examle EG, Reduced Model 6 2

Examle EG Non trivial Strongly Connected Comonent 7 Proerties of MUTEX examle? EG [ C 1 ] I1 C2 C1 I2 T1 C2 C1 T2 8 2

Proerties of MUTEX examle? EG [ C 1 ] I1 C2 T1 C2 Reduced Model which are the non-trivial SCC s? 9 Comlexity However SS sys may sys be beexponential in in number of ofarallel comonents! -- -- FIXPOINT COMPUTATIONS may be be carried out out using ROBDD s (Reduced Ordered Binary Decision Diagrams) Bryant, 86 86 5 25

END IDA foredrag 2..99 51 26

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback