1 / 10

LTL Model Checking

LTL Model Checking. 15-820A Flavio Lerda. LTL Model Checking. LTL Subset of CTL* of the form: A f where f is a path formula LTL model checking Model checking of a property expressed as an LTL formula: Given a model M and an initial state s 0 : M,s 0 ╞ A f. LTL Formulas.

lumina
Download Presentation

LTL Model Checking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. LTL Model Checking 15-820A Flavio Lerda

  2. LTL Model Checking • LTL • Subset of CTL* of the form: A f where f is a path formula • LTL model checking • Model checking of a property expressed as an LTL formula: • Given a model M and an initial state s0: M,s0╞ A f

  3. LTL Formulas • Subset of CTL* • Distinct from CTL • AFG p  LTL •  f  CTL . f ≠ AFG p • Contains a single universal quantifier • The path formula f holds for every path • Commonly: • A is omitted • G is replaced by  (box or always) • F is replaced by  (diamond or eventually)

  4. LTL Model Checking • Given a model M and an LTL formula  • Build the Buchi automaton B¬ • Compute product of M and B¬ • Each state of M is labeled with propositions • Each state of B¬ is labeled with propositions • Match states with the same labels • The product accepted the traces of M that are also traces of B¬ (M ¬) • If the product accepts any sequence • We have found a counter-example

  5. Language Emptiness M ¬= • Compute strongly connected components • Non trivial • Containing an accepting state • None means no sequence is accepted • Proved the property • Very expensive

  6. Nested Depth First Search • The product is a Büchi automaton • How do we find accepted sequences? • Accepted sequences must contain a cycle • In order to contain accepting states infinitely often • We are interested only in cycles that contain at least an accepting state • During depth first search start a second search when we are in an accepting states • If we can reach the same state again we have a cycle (and a counter-example)

  7. Example

  8. Example

  9. Nested Depth First Search procedureDFS(s) visited = visited {s} for each successor s’ of s ifs’  visitedthen DFS(s’) ifs’ is accepting then DFS2(s’, s’) end if end if end for end procedure

  10. Nested Depth First Search procedure DFS2(s, seed) visited2 = visited2 {s} for each successor s’ of s ifs’ = seed then return “Cycle Detect”; end if if s’  visited2then DFS2(s’, seed) end if end for end procedure

More Related