1 / 20

Formal Verification and Model Checking

Formal Verification and Model Checking. Traian Pop. System Validation. System Validation Techniques Simulation Testing Formal Verification Model Checking. Simulation. Based on executable model of the system permits a quick and shallow evaluation of the design quality

ania
Download Presentation

Formal Verification and Model Checking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Formal Verification and Model Checking Traian Pop

  2. System Validation • System Validation Techniques • Simulation • Testing • Formal Verification • Model Checking

  3. Simulation • Based on executable model of the system • permits a quick and shallow evaluation of the design quality • not suitable for finding subtle errors

  4. Testing • based on the real implementation of the system not on a model • it is the only way of (partially) validating a design when: • the construction of a valid and reliable model of the system is difficult (due to complexity) • system parts cannot be formally modelled • the model is proprietary

  5. Formal Verification Formal Verification requires: • A model of the system • A specification method • A set of proof rules

  6. Formal Verification (cont’d) • Verification of sequential programs • pre- and post-conditions: {f} S {y} (Hoare’s triple) • {f} S {y} is partially correct if any terminating computation S that starts in a state satisfying f,terminates in a state satisfying y. • {f} S {y} is totally correct if any computation S that starts in a state satisfying f,terminates and finishes in a state satisfying y.

  7. Formal Verification (cont’d)

  8. Formal Verification (cont’d) • Formal verification of parallel systems introduces non-determinsm problems • Tools in formal verification • Proof assistants • Proof checkers • Theorem provers

  9. Model Checking • Automated technique • Verifies whether the required properties hold for a model

  10. Model Checking (cont’d) • Typical algorithm: exhaustive state-space search • Approaches (depending on requirement specificaton) • Heterogeneous (logic based) • Homogeneous (behavior based) • Bisimulation (A and B are bisimilar if A can simulate every step of B and vice-versa) • Two bisimilar models satisfy the same CTL formulas

  11. Computational Tree Logic (CTL) • Specification language for finite–state systems • Each formula describes properties of computation paths (which are infinite sequences of states) • Logical operators: NOT, AND • Operators for temporal relationships: X (next-state), G(global), U(until), F(future) • Path quantifiers: E, A

  12. Computational Tree Logic (cont’d) Descriptions • Xf holds for a path p iff it holds for succ(first(p)) • Gf =>f holds in all states of a computational path • Ff => f will hold sometime in the future • fUg holds for p if there exists a state s on p where g holds while f holds in all states preceding s • AXf holds in a state if f holds in all possible next states

  13. Binary Decision Diagrams (BDD) • Rooted, acyclic graphs representing boolean functions • Capture some of the regularities in the state-space • Total ordering on variables is needed • Support AND, OR, NOT and functional composition

  14. Model Checking with BDDs and CTL

  15. Fairness • Fairness constraint = an arbitrary formula of the logic • A path is fair with respect to a set of fairness constraints if each constraint holds infinitely often along the path • CTLF – enhanced for dealing with fair paths • Ex. • Fair = EG true • EX f EX(f  Fair) • EG f with BZ = f EX(E[Z U (Z  B)])

  16. Model Checking for RTS • Extend both the state-transition graph and the logical formulas, with quantitative timing information • TCTL (Timed CTL) – expresses desired behavior • Timed graphs – express possible behavior

  17. Timed CTL • Ef U~cg • Af U~cg • ~{, , , , } • Ef U  c g – for some computational path p there is an initial prefix of time less than c such that g holds at the last state and f holds in all intermediate states • ! No X operator for time in real domain R, as there is no unique next-state/next-time

  18. Timed graphs • Model finite-state RT systems • Composed of • Finite set of nodes • Finite set of clocks

  19. Model Checking for RTS (cont’d) • The problem consists of deciding whether a finite-state RTS modelled as a timed graph meets its specification given as a TCTL-formula • System model: G = (S, m, s0, E, C, p, t) • TCTL-structure: MG = (S x G(G), m’, f) • For a TCTL-formula f, G satisfies f iff (MG, ,(s0, u0)) satisfies f, where u0(x) = 0,  x  C

  20. Model Checking - Conclusions • Advantages • General approach • Supports partial verification • Relatively easy to use (as compared to theorem provers) • Can provide a significant increase in the level of confidence of a system • Disadvantages • Appropriate mainly to control intensive applications • Verifies the model, not the system • Only stated requirements are checked • State-space explosion problem -> complexity issues

More Related