Network Protocols

1. NETW 703 Network Protocols Symbolic Model Checking Revision Slides Dr. Eng. Amr T. Abdel-Hamid • Slides based on slides of: • Jim Kurose, Keith Ross, “Computer Networking: A Top Down Approach Featuring the Internet”, 2nd edition, Addison-Wesley, July 2002. • Jiangchuan (JC) Liu , Assistant Professor, SFU & others Winter 2012

2. Functionals • Now, we can think of all temporal operators also as functions from sets of states to sets of states • For example: or if we use the set notation AX p = (S - EX(S - p)) • Logic Set • p  q p  q • p  q p  q • p S – p False  True S

3. Fixpoint Characterization Equivalences AG p =  y . p  AX y AG p = p  AX AG p EG p =  y . p  EX y EG p = p  EX EG p AF p =  y . p  AX y AF p = p  AX AF p EF p =  y . p  EX y EF p = p  EX EF p A(pUq) =  y . q  A (p  X (y)) A(pUq)=q  (p  AX (p AU q)) E(pUq) =  y . q  E (p  X (y)) E(pUq) = q  (p  EX (p EU q)) Fixpoint Characterizations

4. EF Fixpoint Computation EF p =  y . p  EX y is the limit of the sequence: , pEX , pEX(pEX ) , pEX(pEX(p EX )) , ... which is equivalent to , p, p  EX p , p  EX (p  EX (p) ) , ...

5. EF Fixpoint Computation p s1 s2 s3 s4 p Start  1st iteration pEX  = {s1,s4} EX()= {s1,s4}   ={s1,s4} 2nd iteration pEX(pEX ) = {s1,s4} EX({s1,s4})= {s1,s4} {s3}={s1,s3,s4} 3rd iteration pEX(pEX(p EX )) = {s1,s4} EX({s1,s3,s4})= {s1,s4} {s2,s3,s4}={s1,s2,s3,s4} 4th iteration pEX(pEX(pEX(p EX ))) = {s1,s4} EX({s1,s2,s3,s4})= {s1,s4}  {s1,s2,s3,s4} = {s1,s2,s3,s4}

6. EF Fixpoint Computation EF(p)states that can reach p  p EX(p)  EX(EX(p))  ... p • • • EF(p)

7. Greatest Fixpoint Given a monotonic function F, its greatest fixpoint is the least upper bound (lub) of all the extensive elements:  y. F y =  { y | F y  y } The greatest fixpoint  y . F y is the limit of the following sequence (assuming F is -continuous): S, F S, F2 S, F3 S, ... If S is finite, then we can compute the greatest fixpoint using the above sequence

8. EG Fixpoint Computation Similarly, EG p =  y . p  EX y is the limit of the sequence: S, pEX S, pEX(p  EX S) , pEX(p  EX (p  EX S)) , ... which is equivalent to S, p, p  EX p , p  EX (p  EX (p) ) , ...

9. EG Fixpoint Computation p p s1 s2 s3 s4 p Start S = {s1,s2,s3,s4} 1st iteration pEX S = {s1,s3,s4}EX({s1,s2,s3,s4})= {s1,s3,s4}{s1,s2,s3,s4}={s1,s3,s4} 2nd iteration pEX(pEX S) = {s1,s3,s4}EX({s1,s3,s4})= {s1,s3,s4}{s2,s3,s4}={s3,s4} 3rd iteration pEX(pEX(pEX S)) = {s1,s3,s4}EX({s3,s4})= {s1,s3,s4}{s2,s3,s4}={s3,s4}

10. EG Fixpoint Computation EG(p)  states that can avoid reaching pp EX(p)  EX(EX(p))  ... • • • EG(p)

11. Example • For the FSM below, formally check the following properties, using Fixpoint Theorm: • AG(a ∨c ∨b) • AF(ab) • If failed show the subset of the design the property holds for as well as the counter example 1 2 4 3 c a a,b b,c d c 6 S = {1,2,3,4,5,6}, AP = {a,b,c,d}, R = {(1,2), (1,3),(2,3), (3,4), (4,4), (4,5), (5,2), (2,6), (6,1)} L(1) = {a,b}, L(2) = {c}, L(3) = {b,c}, L(4) = {a}, L(5) = {c}, L(6) = {d} 5

12. Example (cont.) • Remember that: • H(a∪b) = H(a) ∪ H(b) ∪ H(c) ={1,4} ∪ {2,3,5} ∪ {1,3} = {1,2,3,4,5} • AG(a ∨c ∨b) = AG p =  y . p  AX y =  y . p  AX y • AX p = EX(p) • I0  S = {1,2,3,4,5,6} • I1  {1,2,3,4,5} ∩ S = {1,2,3,4,5} ∩ {1,3,4,5,6} = {1,2,3,4,5} • I2  {1,2,3,4,5} ∩ AX(1,2,3,4,5) = {1,2,3,4,5} ∩ {1,3,4,5,6} = {1,3,4,5} • This is because that : AX(1,2,3,4,5) =  EX((1,2,3,4,5)) =  EX(6) =  (2) = S- {2 } = {1,3,4,5,6} • I3  {1,2,3,4,5} ∩ AX(1,3,4,5) = {1,3,4,5} • This is because that : AX(1,3,4,5) =  EX((1,3,4,5)) = **** • I3 = I2  H(AG(a∨b ∨ c)) = {1,3,4,5} • The property does not hold, except for the above states, and it is clear that states {2,6} can be considered as counter examples. • state 6 does not contain neither a,c,b and state 2 does not have a proceeding one on one of its pathes path (2,6)

13. Example (AF(ab))