1 / 32

Principles of Model Checking

Principles of Model Checking. Date: 2013. 04. 22 Speaker: Chih-Chung Wang. Outline. Model Checking Problem Formulation Temporal Logic Bisimulation and CTL* Partial Order Reduction Range-equivalent Circuit Minimization Future Work. Model Checking.

cili
Download Presentation

Principles of Model Checking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Principles of Model Checking Date: 2013. 04. 22 Speaker: Chih-Chung Wang

  2. Outline • Model Checking • Problem Formulation • Temporal Logic • Bisimulation and CTL* • Partial Order Reduction • Range-equivalent Circuit Minimization • Future Work

  3. Model Checking • Model checking is a verification technique that explores all possible system states in a brute-force manner • a technique for automatically verifying correctness properties of finite-state systems

  4. Model Checking • Problem formulation • Given: a model of a system and a specification • Goal: exhaustively and automatically check whether this model meets the given specification

  5. Model Checking

  6. Model Checking • The Model-Checking Process • Modeling • Running • Running the Model Checker • Analysis • Analyzing the Results

  7. Transition System • Transition System (TS) • (S, Act, → ,I ,AP ,L) • finite: S, Act, and AP are finite.

  8. Transition System • Reachable State • The size of transition system representations grows exponentially in various components, such as the number of variables in a program graph or the number of components in a concurrent system.

  9. State Explosion Problem • A combinatorial blow up of the state-space • State Explosion Problem or Combinatorial explosion • Symbolic algorithm • avoid ever building the graph for the FSM • represent the graph implicitly using a formula in quantified propositional logic • ex. BDD • Bounded model checking algorithms unroll the FSM for a fixed number of steps and check whether a property violation can occur in or fewer steps • typically involving encoding the restricted model as an instance of SAT

  10. Symbolic Model Checking • The state space can sometimes be traversed much more efficiently by considering large numbers of states at a single step • binary decision diagrams (BDDs) • BDD • ROBDD • Symbolic Model Checking without BDDs • bounded model checking • for the Linear Temporal Logic (LTL)

  11. Temporal Logic • ◇ • “eventually” (eventually in the future) • □ • “always” (now and forever in the future) • ○ • “next” • U • “until” • ¬ ,∧ ,∨ , ∃, ∀ ……

  12. Linear Temporal Logic • Encoding formulae about the future of paths • ◇ “eventually” (eventually in the future) • □“always” (now and forever in the future)

  13. Linear Temporal Logic • LTL model checking

  14. Linear Temporal Logic • safety properties • state that something bad never happens • every counterexample has a finite prefix such that, however it is extended to an infinite path, it is still a counterexample • SAT-Based Model Checking Without Unrolling • liveness properties • state that something good keeps happening • every finite prefix of a counterexample can be extended to an infinite path that satisfies the formula

  15. Computation Tree Logic • Computation tree logic (CTL): a branching-time logic • ∃, ∀ • model of time is a tree-like structure in which the future is not determined

  16. Computation Tree Logic • CTL model checking • Given: transition system TS and CTL formula Φ • Goal: TS |= Φ

  17. Computation Tree Logic • CTL model checking • the set Sat(Φ) of all states satisfying Φ is computed recursively • a recursive descent procedure over the parse tree of the state formula to be checked • TS |= Φ if and only if I ⊆ Sat(Φ)

  18. Computation Tree Logic • assumed that TS is finite, and has no terminal states • Sat( ∃ (Φ U Ψ) ) • smallest fixed-point • Φ has to hold atleast until at some position Ψ holds. This implies that Ψ will be verified in the future • Sat( ∃□Φ ) • largest fixed-point • less than or equal to all other fixed points

  19. Computation Tree Logic • CTL model checking • Symbolic CTL model checking • symbolic: sets of states and sets of transitions are represented rather than single states and transitions • SAT-based model checking

  20. Computation Tree Logic • Symbolic CTL model checking • construct the ROBDD representation of the transition system to be analyzed • in a compositional way by means of synthesis operators (disjunction, conjunction, etc.) • ROBDD representations of the satisfaction sets for the atomic propositions are given • ITE algorithm (to treat the propositional logic fragment of CTL) and the symbolic BFS-based algorithms

  21. Computation Tree Logic • Timed Automaton (TA) • A = (Q, Σ,C, E, q0) • Timed CTL (TCTL) • Probabilistic • Probabilistic CTL (PCTL)

  22. a superset of CTL and LTL • a branching time logic • it allows path quantifiers ∃ and ∀ to be arbitrarily nested with linear temporal operators such as ○ and U

  23. Bisimulation • BisimulationEquivalence • binary relation • identify transition systems with the same branching structure, and which thus can simulate each other in a stepwise manner • every step of TS can be matched by one (or more) steps in TS’

  24. Bisimulation

  25. Partial Order Reduction • Reducing the size of the state-space to be searched by a model checking algorithm • analyze only a fragment TS^ of the full transitionsystem TS by ignoring several interleavings of independent actions

  26. Partial Order Reduction • Ample set • choosing ample(s) ⊆ Act(s) in state s • Nonemptiness • Dependency • Stutter • if action α moving from “right” to “left”does not affect the state labeling, thenit’s stutter-equivalent • Cycle

  27. Bounded Sequential Equivalence Checking • Checking two circuits in different timeframe • Linear Temporal Logic • Bounded Model Checking • Bound • Sequential depth • Resyn2, NAR, Node Merging, …...

  28. Range-equivalent Circuit Minimization • Using range to minimize the circuit optimizes the bounded model checking • In model checking, we reduced the repeated reached states from different paths • Range remained - number of states remained • Partial Order Reduction

  29. Future Work • Running some experimental results • Finding a way to solve the problem of large node numbers • Linking to model checking

  30. Temporal Logic • ◇ • “eventually” (eventually in the future) • □ • “always” (now and forever in the future) • ○ • “next” • U • “until”

More Related