Post on 19-Dec-2015
Quantitative Verification
Arindam Chakrabarti*
Krishnendu Chatterjee*
Thomas A. Henzinger*
Orna Kupferman**
Rupak Majumdar***
*UC Berkeley **Hebrew University ***UC Los Angeles
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
2
Outline
• What is the proposal ?• What benefits do we get out of it ?• Nailing down some details…• Some interesting results.• Summary
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
3
Formal Verification: Traditional approach
• Model: Labelled transition structure.
• Property: Classification of finite and/or infinite sequences of states into good and bad sets.
• Model-checking: Verification that all sequences of states generated by model are in good set.
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
4
Traditional approach: Models
{a}
{c}{b,c}
{a,b}
{a}
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
5
Traditional approach: Models
{a}
{c}{b,c}
{a,b}
{a}
Each proposition maps each state to TRUE or FALSE.
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
6
Traditional approach: Models
{a}
{c}{b,c}
{a,b}
{a}
Each proposition maps each state to TRUE or FALSE.
Proposition: a
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
7
Traditional approach: Models
{a}
{c}{b,c}
{a,b}
{a}
Each proposition maps each state to a boolean.
Proposition: b
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
8
Extension 1: Quantitative Propositions, Models
1,3,4
0,2,5
34,23,1
8,4,9
3,2,4
Propositions: <a,b,c>
Each proposition maps each state to an integer.
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
9
Traditional approach: Properties
A(a U c)
{a}
{c}{b,c}
{a,b}
{a}
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
10
Traditional approach: Properties
A(a U c)
{a}
{c}{b,c}
{a,b}
{a}
A property maps each path to TRUE or FALSE.
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
11
Extension 2: Quantitative Properties
1,3,4
0,2,5
34,23,1
8,4,9
3,2,4
max(sum(a)) while (sum(b) < 100)
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
12
Extension 2: Quantitative Properties
max(sum(a)) while (sum(b) < 100)
1,3,4
0,2,5
34,23,1
8,4,9
3,2,4
112
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
13
Extension 2: Quantitative Properties
max(sum(a)) while (sum(b) < 100)
1,3,4
0,2,5
34,23,1
8,4,9
3,2,4
115
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
14
Extension 2: Quantitative Properties
max(sum(a)) while (sum(b) < 100)
1,3,4
0,2,5
34,23,1
8,4,9
3,2,4
188
A property maps each path to an integer.
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
15
Traditional approach: Model-checking problem
{a}
{c}{b,c}
{a,b}
{a}A(a U c)
Check if any path in model violates the property (is mapped to FALSE).
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
16
Extension 3: Quantitative Model-checking problem
1,3,4
0,2,5
34,23,1
8,4,9
3,2,4
188
max(sum(a)) while (sum(b) < 100)
Find the maximum (or minimum) value of the property on any path in the model.
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
17
Outline
• What is the proposal ?• What benefits do we get out of it ?• Nailing down some details…• Some interesting results.• Summary
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
18
Motor driver in a robot
0
stop slow fast
1 2
fast?
slow?stop?
slow?
fast?
stop?
stop? slow?
fast?
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
19
Sensornet node with buffer of size 3
0
receive send
1
send?
receive?
2
send?
receive?
3
send?
receive?
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
20
Outline
• What is the proposal ?• What benefits do we get out of it ?• Nailing down some details…• Some interesting results.• Summary
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
21
Specifying properties using quantitative automata
• Property: maps each sequence of states to an integer.
• Quantitative automaton: States, input symbols, counters, guarded instructions on transitions, nondeterminism.
• Value of a run is given by limsup of values of a designated counter R0.
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
22
A Quantitative AutomatonR1 := R1 + aR2 := R2 - bif R1 = R2 then R0 := c
R1 := R1 + aR2 := R2 + bif R1 = R2 then R0 := c
Maps each infinite sequence = hai,bi,cii… to limsup ci such that ai = (-1)i ¢ bi
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
23
Outline
• What is the proposal ?• What benefits do we get out of it ?• Nailing down some details…• Some interesting results.• Summary
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
24
Some interesting results
• Infinite det- and nondet- hierarchies.• Power of non-determinism.• Undecidability of model-checking.• Absence of finite-memory determinacy.• Parametric-bounds, decidability,
complexity.• Parameter-finding cannot be automated.• Quantitative -calculus, correlations.
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
25
Some interesting results
• Infinite det- and nondet- hierarchies.• Power of non-determinism.• Undecidability of model-checking.• Absence of finite-memory determinacy.• Parametric-bounds, decidability,
complexity.• Parameter-finding cannot be automated.• Quantitative -calculus, correlations.
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
26
Examples
• Response time• Fair maximum• Resoure lifetime
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
27
Summary
• Quantitative extension to boolean verification framework.
• Motivation for doing so.• Extended definitions for
propositions, properties, and the model-checking problem.
• Some results (+ problems, solutions), examples.
14 May 2004 4th OSQ Retreat, Santa Cruz, CA
28
Thanks for listening !
Questions, Comments, Suggestions ?