1 / 34

Model Checking Lecture 5

Model Checking Lecture 5. Outline. 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking Symbolic algorithms for model checking Pushdown systems. From Finite to Inifinite-State Systems.

jschwab
Download Presentation

Model Checking Lecture 5

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Model Checking Lecture 5

  2. Outline • 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness • 2 Graph algorithms for model checking • Symbolic algorithms for model checking • Pushdown systems

  3. From Finite to Inifinite-State Systems • So far, algorithms for systems with finite state spaces • Sources of infinite-state • Control: recursion • Data: unbounded numeric variables, lists • Time: Systems with real-time clocks • Parameters: arbitrary number of participating processes

  4. From Finite to Inifinite-State Systems • So far, algorithms for systems with finite state spaces • Sources of infinite-state • Control: recursion • Data: unbounded numeric variables, lists • Time: Systems with real-time clocks • Parameters: arbitrary number of participating processes

  5. Decidability vs. Expressiveness • Unbounded state  Undecidable • Is the unbounded system able to encode a Turing machine? • Single-counter machines? NO • Two-counter machines? YES • Single-stack machines? NO • Two-stack machines? YES

  6. From Finite to Inifinite-State Systems • So far, algorithms for systems with finite state spaces • Sources of infinite-state • Control: recursion • Data: unbounded numeric variables, lists • Time: Systems with real-time clocks • Parameters: arbitrary number of participating processes

  7. State representation • Explicit representation infeasible • Symbolic representation is the key • For the transition system • For the reachable states

  8. Pushdown systems (G, L, g0, l0, ) g, h  G : finite set of control states l, m  L : finite set of stack symbols g0 : initial control state l0 : initial stack symbol  : set of transitions

  9. g, Three kinds of transitions: (g, l)  (h, m) (step) (g, l)  (h, m n) (call) (g, l)  (h, ) (return) Configuration: l h, m n g, l m g, h, l   g, h, l 

  10. Modeling sequential programs • An element in G is a valuation to global variables • An element in L is a valuation to local variables and • current instruction address for the frame at the top of the stack • return instruction address for the other frames

  11. Example bool a = F; void main( ) { L1: a = T; L2: flip(a); L3: } void flip(bool x) { L4: a = !x; L5: } (a, x, pc) (F, _, L1) (T, _, L2) (T, _, L3 T, L4) (F, _, L3 T, L5) (F, _, L3) (F, )

  12. Reachability problem Given pushdown system (G, L, g0, l0, ) and control state g, does there exist a stack ls  L* such that (g0, l0) * (g, ls)?

  13. Naïve algorithm Add (g0, l0) to R (g, ls)  R (g, ls)  (g’, ls’) Add (g’, ls’) to R

  14. Problem with the naïve algorithm • R is unbounded so algorithm won’t terminate • Two solutions: • Summary-based (a.k.a. interprocedural dataflow analysis) • Automata-based

  15. Algorithm I E(g, l, h, m) (step edges) E+(g, l, h, nm) (call edges) E-(g, l, h) (pop edges) Initially: E(g0, l0, g0, l0) E+ is empty E- is empty

  16. Step rule E(g, l, h, m) (h, m) (h’, m’) E(g, l, h’, m’)

  17. Call rule E(g, l, h, m) (h, m)  (h’, n’m’) E+(g, l, h’, n’m’) E(h’, n’, h’, n’)

  18. Return rule E(g, l, h, m) (h, m)  (h’, ) E-(g, l, h’)

  19. Summary rule E+(g, l, h, nm) E-(h, n, h’) E(g, l, h’, m)

  20. E+(0, L0, 0, L4·L1) E(0, L4, 0, L4) E(0, L4, 1, L5) E-(0, L4, 1) E(0, L0, 1, L1) E(0, L0, 0, L2) E+(0, L0, 0, L4·L3) E(0, L0, 1, L3) E-(0, L0, 1) E(0, L0, 0, L0) int g = 0 main() { L0: incr() L1: g = 0 L2: incr() L3: } incr() { L4: g = g+1 L5: }

  21. E(0, L0, 0, L1) E(0, L5,0, 0, L5,0) E+(0, L0, 0, L5,0·L3) E(0, L5,0, 0, L6,0) E+(0, L5,0, 0, L5,0·L8,0) E(0, L0, 0, L2) E(0, L5,1, 0, L5,1) E+(0, L0, 0, L5,1·L3) E(0, L5,1, 0, L7,1) E(0, L5,1, 1, L8,1) E-(0, L5,1, 1) E(0, L0, 1, L3) E(0, L0, 1, L4) E-(0, L0, 1) E(0, L0, 0, L0) int g = 0 main() { L0: if (*) L1: foo(0) else L2: foo(1) L3: assert(g > 0) L4: } foo(r) { L5: if (r = 0) L6: foo(r) else L7: g = g + 1 L8: }

  22. Reachability problem Given pushdown system (G, L, g0, l0, ) and control state g, does there exist a stack ls such that (g0, l0) * (g, ls)? Algorithm I: Summary-based Yes, if E(g’, l’, g, l) for some g’, l’, and l. No, otherwise.

  23. Algorithm II Add (g0, l0) to R (g, ls)  R (g, ls)  (g’, ls’) Add (g’, ls’) to R Key idea: Use a finite automaton to symbolically represent R

  24. Symbolic representation • Pushdown system (G, L, g0, l0, ) • Representation automaton (Q, L, T, G, F) • Q ( G) is the set of states • L is the alphabet • T is the transition relation • G is the set of initial states • F is the set of final states

  25. m l l s2 g s1 m h Represents the set of configurations: { (h, m), (g, l m* l) } A set C of configurations is regular if it is representable by an automaton Theorem (Buchi) : The set of configurations reachable from a regular set is also regular.

  26. Pushdown system: (G, L, g0, l0, ) - G = {g0,g1,g2} - L = {l0,l1,l2} - (g0, l0)  (g1, l1l0) (g1, l1)  (g2, l2l0) (g2, l2)  (g0, l1) (g0, l1)  (g0, ) l0 g0 s0

  27. Pushdown system: (G, L, g0, l0, ) - G = {g0,g1,g2} - L = {l0,l1,l2} - (g0, l0)  (g1, l1l0) (g1, l1)  (g2, l2l0) (g2, l2)  (g0, l1) (g0, l1)  (g0, ) l0 g0 s0 g1 g2

  28. Pushdown system: (G, L, g0, l0, ) - G = {g0,g1,g2} - L = {l0,l1,l2} - (g0, l0)  (g1, l1l0) (g1, l1)  (g2, l2l0) (g2, l2)  (g0, l1) (g0, l1)  (g0, ) l0 g0 s0 l1 g1 s1,1 l2 g2 s2,2

  29. Pushdown system: (G, L, g0, l0, ) - G = {g0,g1,g2} - L = {l0,l1,l2} - (g0, l0)  (g1, l1l0) (g1, l1)  (g2, l2l0) (g2, l2)  (g0, l1) (g0, l1)  (g0, ) l0 g0 s0 l0 l1 g1 s1,1 l2 g2 s2,2

  30. Pushdown system: (G, L, g0, l0, ) - G = {g0,g1,g2} - L = {l0,l1,l2} - (g0, l0)  (g1, l1l0) (g1, l1)  (g2, l2l0) (g2, l2)  (g0, l1) (g0, l1)  (g0, ) l0 g0 s0 l0 l1 g1 s1,1 l0 l2 g2 s2,2

  31. Pushdown system: (G, L, g0, l0, ) - G = {g0,g1,g2} - L = {l0,l1,l2} - (g0, l0)  (g1, l1l0) (g1, l1)  (g2, l2l0) (g2, l2)  (g0, l1) (g0, l1)  (g0, ) l0 g0 s0 l0 l1 l1 g1 s1,1 l0 l2 g2 s2,2

  32. Pushdown system: (G, L, g0, l0, ) - G = {g0,g1,g2} - L = {l0,l1,l2} - (g0, l0)  (g1, l1l0) (g1, l1)  (g2, l2l0) (g2, l2)  (g0, l1) (g0, l1)  (g0, ) l0 g0 s0 l0 l1 l1 g1 s1,1 l0  l2 g2 s2,2

  33. Pushdown system: (G, L, g0, l0, ) - G = {g0,g1,g2} - L = {l0,l1,l2} - (g0, l0)  (g1, l1l0) (g1, l1)  (g2, l2l0) (g2, l2)  (g0, l1) (g0, l1)  (g0, ) l0 g0 s0 l0 l1 l1 g1 s1,1 l0 l0  l2 g2 s2,2

  34. Pushdown system: (G, L, g0, l0, ) - G = {g0,g1,g2} - L = {l0,l1,l2} - (g0, l0)  (g1, l1l0) (g1, l1)  (g2, l2l0) (g2, l2)  (g0, l1) (g0, l1)  (g0, ) l0 g0 s0 l0 l1 l1 g1 s1,1 l0 l0  l2 g2 s2,2 { (g0, l0  l0l0+ l1l0l0+), (g1,l1l0+), (g2,l2l0l0+) }

More Related