Verification of Parameterized Systems

Verification of Parameterized Systems Reducing Model Checking of the Few to the One. E. Allen Emerson, Richard J. Trefler and Thomas Wahl Junaid Surve6644418

What, How, Why • WHAT IS THE GOAL?Verify; automatically and efficiently; temporal logic properties of a parameterized system for a large finite parameter range. • HOW TO ACHIEVE THE GOAL?Merge all instances into single aggregate structure capable of simulating all systems from the range in 1 go. • WHY THIS TECHNIQUE? • Trades the benefit of solving the verification problem for infinitely many instances of a system, in exchange for greatly enhanced practicability. • No manual reasoning. • Imposes no restrictions on the input syntax. • Easy to implement 2

Agenda • Introduction • Preliminaries • The Aggregate System • Efficiently Constructing the Aggregate System • Verifying the Aggregate System • Applications • Conclusion

Introduction MODEL CHECKING A technique for automatically verifying correctness properties of finite-state systems. M |= Ф Many systems composed of replicated components ↓(to allow reusability) System descriptions parameterized by the no. of components PARAMETERIZED VERIFICATION PROBLEM A given property holds for all (i.e. infinitely many) instances of the size parameter ?

Ways of approaching parameterized verification algorithmically: • Identify decidable subclasses of parameterized systems. • Restrict system and properties. • Give (almost) efficiently verifiable conditions under which the properties hold for all instances. • Realize that it is often possible and sufficient to consider a bound on the parameter size. • E.g. no. of components that fit on a particular circuit board.

TECHNIQUE TO BOUNDED PARAMETERIZED VERIFICATION • (with bound N) • Check:P1 |= Ф; P1 ||P2|= Ф; …….. ; P1 ||P2 ||P3 …. || PN|= Ф • Construct BDD‘s for all of these systems. • WHY AGGREGATION? • Instances of parameterized systems of similar form. • To use the power of symbolic data structures to compactly represent a large no. of similar structures, at lesser cost.

Aggregation technique applicable to : • Arbitrary, inhomogeneous, finite system family. • No restrictions on the syntax of the system description • or property. • The property (under investigation) : TRUE for few instances.

Preliminaries Local states : nodes in the graph Transitions : edges. Consider a token-ring solution to the n-process Mutual Exclusion problem with a shared variable tok ϵ[1::n], and the skeleton Guard tok = self N T C Action tok := (tok mod n) + 1 The transition relation Rn of the n-process concurrent system : Rn = {(s, t) : Ǝi : i ≤ n : ( s ͥ g t ͥϵ SKEL ^ V j : j ≠ i : sj = tj )} : (1)

The Aggregate System • AIM: • Develop an approach to parameterized verification that : • works for any bounded family of systems • is derived from a synchronization skeleton • is parameterized by the number of processes and arbitrary CTL* • properties. • I : No. of local states occurring in the skeleton • AP : Set of Atomic Propositions • The skeleton gives rise to a family (Mn) nϵN of Kripke structures with • Mn= (Sn; Rn; Ln). • We have • Sn = [0..(l - 1)]n , Rn⊆Snx Sn, Ln: Sn 2AP

Definition 1. For n ≤ N, the completion of a state sn = (s1,…,sn) ϵ Sn and of an edge (sn, tn) ϵRn, respectively, are defined as c(s1,…,sn) = (s1,…,sn,$,…,$) ϵ S, c (sn, tn) = (c(sn), c(tn)) ϵ R. A state s ϵS is proper if there exists a number n such that s is of the form (s1,…,sn, $,…,$), sj≠ $ V j ϵ [1::n].

n=1 n=2 n=3 (N, $,$,…,$) (N,N,$,…,$) (N,N,N,…$) (T,$,$,…,$) (T,N,$,…,$) (N,T,$,…,$) (T,N,N,…,$) (N,T,N,…,$) (N,N,T,…$)

Property 2 For (s,t) ϵR, both s and t are proper and have the same width. Corollary 3 All states along non empty paths in the aggregate structure M are proper and have the same width.

Efficiently Constructing the Aggregate System Theorem 4 Assumption : Family of systems : (Sn; Rn)n≤Ngiven as a synchronization skeleton. Then ⋃c(Rn) = {(s,t) : s is proper of some width n, and n≤N Ǝ i : i≤ n : (sigtiϵ SKEL ˄ Vj : j ≠ i : sj= tj)}

Implementation of the Aggregate System • Divide the skeleton edges in two classes: • Those independent of the system size n. • Those dependant on n. Guard tok = self N T C tok := (tok mod n) + 1 Action

Implementation of the Aggregate System • 1. R := Ф; • 2. for p := 1 to N do: • 3. forevery edge e independent of the system size: • 4. R := R ˅ e(p) • 5. for n := 1 to N do: • 6. forp := 1 to n do: • 7. forevery edge e dependent on the system size: • 8. R := R ˅ (proper (n) ^ e(p; n)) • e(p) stands for the propositional. • e(p; n) stands for the formula representing edge e executed by p. • The term proper (n) symbolizes the set of proper states of width n. • It ensures that transition e(p; n) can only be executed from a state that belongs to Mn

Verifying the Aggregate System AIM –SoundnessoftheVerificationtechnique Verification of the system accomplished by establishing N bisimulations, one between each MNand M, which contain pairs of a state and its completion. BISIMULATION Given a labeled state transition system (S, Λ, →), a bisimulation relation is a binary relation R over S R ⊆ S × S, such that both R-1 and R are simulations. (N, $,$) N (T,$,$) T

Lemma 5 For any n ≤ N, the relation snϵSn~ c(sn) ϵ S is a bisimulation relation between structures Mn and M. Theorem 6 Let f be a CTL* formula, and sn = (s1, …. , sn) Ʃ = {c(sn) ϵ S : n ≤ N} Then V n : n ≤ N : Mn, sn |= f iffV s : s ϵ Ʃ : M, s |= f.

Application comparision to the One-by One Method One-by-one method and Aggregate technique have same theoretical Power. Example A parallel program written for a particular cluster of machines with a natural upper bound on the parameter: the physical number of CPUs in the cluster. Verification technique - A variant of parallel odd-even sort. Initial state : unconstrained No. of elements to be sorted grows with N. The CTL property we verified is of the form AF sorted .

Conclusion • Technique to reduce various instances of an Arbitrary Parameterized • System into a single aggregate. • Initial states of the original system can be converted appropriatley to • the states of the aggregate. • Experimental results using a BDD-based implementation of their • technique. • Shared variables are used for communication and synchronization • among processes. They may appear in atomic propositions of CTL* • formulas

Thank You

Verification of Parameterized Systems

Verification of Parameterized Systems

Presentation Transcript

Reduced Order Modeling of Parameterized and Distributed Systems

Test and Verification of Digital Systems

Formal Verification of Digital Systems

Verification of Parameterized Hierarchical State Machines Using Action Language Verifier

Verification of Graph Transformation Systems

Keeping a Crowd Safe On the Complexity of Parameterized Verification

VERIFICATION OF PARAMETERIZED SYSTEMS

Verification and Validation of Adaptive Systems

Performance Verification of LMR Systems

Probabilistic Verification of Discrete Event Systems

Compositional reasoning for Parameterized Verification

Issues in the Verification of Systems

Going with the Flow Parameterized Verification using Message Flows

Verification of ensemble systems

Parameterized Models

Verification of ensemble systems

Verification and Synthesis of Hybrid Systems

Performance Verification of LMR Systems

Verification of Parameterized Timed Systems

Account Verification Systems

Counterexample Guided Invariant Discovery for Parameterized Cache Coherence Verification

Verification of Real Time Systems