1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking...
-
Upload
alexandrina-allison -
Category
Documents
-
view
221 -
download
1
Transcript of 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking...
![Page 1: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/1.jpg)
1
Introduction to Model Checking
![Page 2: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/2.jpg)
22
Outline Model checking
– Temporal logic
– Model checking algorithms
– Expressiveness and complexity
Symbolic model checking
– The “state explosion” problem
– Binary Decision Diagrams
– Computing fixed points with BDD’s
– Application
![Page 3: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/3.jpg)
33
Propositional Linear Temporal Logic Express properties of “Reactive Systems”
– interactive, nonterminating
For PLTL, a model is an infinite state sequence
210 ,, sss
Temporal operators
– “Globally”: G p at t iff p for all t’ t.
p p p p p p p p p p p...
G p...
![Page 4: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/4.jpg)
44
Temporal operators...– “Future”: F p at t iff p for some t’ t.
p p p p p p
F p...
– “Until”: p U q at t iff
– q for some t’ t and
– p in the range [ t, t’ )
p p p p p p
p U q...
p p p q
– “Next-time”: X p at t iff p at t+1
![Page 5: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/5.jpg)
55
Examples Liveness: “if input, then eventually output”
G (input F output)
Strong fairness: “infinitely send implies infinitely recv.”
GF send GF recv
Weak until: “no output before input”
output W input
atomic props
infinitely often
p W q p U q G p
![Page 6: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/6.jpg)
66
Safety v. Liveness Safety
– Refutable by finite run
Liveness
– Refutable only by infinite run
– Every finite run extensible to satisfying run
![Page 7: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/7.jpg)
77
PLTL semantics Given an infinite sequence
– if is true in state si of .
– if is true in state s0 of .
– if is valid.
A formula is an atomic proposition, or...
true, p q, p, p U q, X p
210 ,, sss
| , is |
|
![Page 8: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/8.jpg)
88
PLTL semantics... Definition of satisfaction
iff
iff
iff
iff
iff
(atomic) |, asi (atomic) satisfies asi
psi | ,qpsi | ,pXsi | ,
psjki
qsij
k
j
| , : allfor and
| , : somefor
psi \| ,qsps ii | ,or | ,
psi | , 1 qUpsi | ,
pFGp
qUFp
qpqp
true
)(Derived operators...
![Page 9: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/9.jpg)
99
Model Checking (Clarke/Emerson, Queille/Sifakis)
MC
G(p -> F q)yes
nop
q
p
q
temporal formula
finite-state model
algorithm
counterexample
Model must now represent all behaviors
![Page 10: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/10.jpg)
1010
Kripke models A Kripke model (S,R,L) consists of
– set of states S
– set of transitions R SxS
– labeling L SxAP
Kripke models from programs
p p
repeat p := true; p := false;end
![Page 11: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/11.jpg)
1111
Mutual exclusion example
N1,N2turn=0
T1,N2turn=1
T1,T2turn=1
C1,N2turn=1
C1,T2turn=1
N1,T2turn=2
T1,T2turn=2
N1,C2turn=2
T1,C2turn=2
N = noncritical, T = trying, C = critical
![Page 12: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/12.jpg)
1212
PLTL on Kripke models A path in model M = (S,R,L) is a sequence
such that (si,si+1) R.
Ssss 210 ,,
fssss
fsM
| , of ,, paths allfor
iff
| ,
0210
0
F p
p
p
p
s0 s1s2 s3...
![Page 13: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/13.jpg)
1313
Branching time Model of time is a tree, not a sequence
Path quantifiers
fMssssomefEsM
fMsssallfAsM
| , of ,, paths for iff | ,
| , of ,, paths for iff | ,
2100
2100
AF p
p
p
p
![Page 14: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/14.jpg)
1414
Computation Tree Logic Every operator F, G, X, U preceded by A or E
Universal modalities...
p p
p
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
AG p
p p p p
p
p p
AF p
![Page 15: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/15.jpg)
1515
CTL, cont... Existential modalities
p
p
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
EG p
p p
EF p
![Page 16: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/16.jpg)
1616
CTL, cont Other modalities
AX p, EX p, A(p U q), E(p U q)
Some dualities...
Examples: mutual exclusion specs...
AG (C1 C2) mutual exclusion
AG (T1 AF C1) liveness
AG (N1 EX T1) non-blocking
pEGAFp
pEFAGp
![Page 17: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/17.jpg)
1717
CTL model checking Model checking problem:
– Determine for given M, s0 and f, whether
Simple algorithm:
– Inductive over structure of formula
– Backward propagation of formula labels
– O(f V(V + E))
fM | , 0
![Page 18: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/18.jpg)
1818
Example
N1,N2turn=0
T1,N2turn=1
T1,T2turn=1
C1,N2turn=1
C1,T2turn=1
N1,T2turn=2
T1,T2turn=2
N1,C2turn=2
T1,C2turn=2
AG (T1 AF C1)
![Page 19: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/19.jpg)
1919
CES algorithm Need only modalities EX, EU, EG.
– e.g.,
– Checking E(p U q) by backward BFS
– Checking EG p
pEGAFp
pEFAGp
q
pBFS
pSCC
SCCSCC
EG p
Complexity = O(f (V + E))
![Page 20: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/20.jpg)
2020
CTL* Contains both CTL and LTL
– path formulas
p U q, G p, Fp, Xp, p, p q
– state formulas
A p, E p
p in LTL A p in CTL*
Framework for comparing expressiveness
– Existential properties not expressible in PLTL
e.g., AG EF p
– Fairness assumptions not expressible in CTL
e.g., A (GF p GF q)
![Page 21: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/21.jpg)
2121
Model checking complexities
CTL
PLTLO(2f (V+E))
CTLO(f (V+E))
*
=
Note: all are linear in model size
PSPACE COMPLETE
![Page 22: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/22.jpg)
2222 8
Comparing CTL and LTL Think of CTL formulas as approximations to LTL
– AG EF p is weaker than G F p
So, use CTL when it applies...
– AF AG p is stronger than F G p
pGood for finding bugs...
Good for verifying...p p
CTL formulas easier to verify
![Page 23: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/23.jpg)
2323
Symbolic model checking State explosion problem
– State graph exponential in program size
Symbolic model checking approach
– Boolean formulas represent sets and relations
– Use fixed point characterizations of CTL operators
– Model checking without building state graph
Sometimes can handle much larger sate space
![Page 24: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/24.jpg)
2424
Binary Decision Diagrams (Bryant)
Ordered decision tree for f = ab + cd
0 0 0 1 0 0 0 1 0 0 0 1 1 1 1 1
d d d d d d d d
c c c c
0 1
0 1 0 1
0 1 0 1 0 1 0 1
b b
a
![Page 25: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/25.jpg)
2525
OBDD reduction Reduced (OBDD) form:
0 1
d
c
01
0 1
0 1
b
a
0
1
Key idea: combine equivalent sub-cases
![Page 26: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/26.jpg)
2626
OBDD properties
Canonical form (for fixed order)
– direct comparison
Efficient apply algorithm
– build BDD’s for large circuits f
g O(|f| |g|)
fg
Variable order strongly affects size
![Page 27: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/27.jpg)
2727
Genealogy of model checking
Logics ofPrograms
Temporal/Modal Logics
CTL ModelChecking
SymbolicModel Checking
-automataS1S
LTLMC
ATV
Tarski
-calc
QBF BDD
Many ideas from logic influence development of model checking...
![Page 28: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/28.jpg)
2828
Logics of programs Floyd/Hoare/Dijkstra
– Give precise definitions of programming languages
– Allows reasoning about programs (proofs/derivations)
– Pre-post conditions/ weakest precondition
– example: assignment axioms
{true} x :=y {x = y}
{P} x := y {P} (no x in P)
![Page 29: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/29.jpg)
2929
Pnueli
– Concurrent vs. sequential programming
– need to characterize execution sequences
– proposes use of temporal logic
Concurrent programs
sequential
A B
concurrent
A B
call
ret
![Page 30: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/30.jpg)
3030
Temporal and modal logics Roots in philosophical logic
– Tense logic -- formalizing linguistic time
“If a, then b before c”
– Modal logic -- reasoning about possibility
“If I had run I would have caught my plane”
New use in computer science:
– characterize the interactions of parallel processes
G req F ack
![Page 31: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/31.jpg)
3131
Genealogy
Logics ofPrograms
Temporal/Modal Logics
Pnueli, late 70’s
Floyd/Hoarelate ‘60’s
Aristotle 300’sBCEKripke ‘59
![Page 32: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/32.jpg)
3232
CTL Model checking Reasoning about properties of non-deterministic programs
– branching time properties of programs
– fixed point characterizations (Tarski)
– every monotonic function has least/greatest fixed point
– key idea: apply to finite graphs, not infinite trees
– can directly calculate Tarski fixed points
Applications
– finite state machines in hardware
– protocols
– proved incorrectness of some published designs
![Page 33: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/33.jpg)
3333
Genealogy, cont
Logics ofPrograms
Temporal/Modal Logics
CTL ModelChecking
Tarski
Clarke/EmersonEarly 80’s
50’s
Some published circuits are proved incorrect
![Page 34: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/34.jpg)
3434
Decidable logics and automata Büchi
– S1S -- reason about sets of natural numbers
– Automata on infinite words
– characterize set of models of formula
– example: sets that contain the odd numbers
– Deep connection between logics and automata
0,1
0,1
1
0
![Page 35: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/35.jpg)
3535
LTL model checking Vardi and Wolper
– Apply Büchi’s technique to LTL
– Automaton construction yields optimal decision algorithm
Kurshan
– Specify properties directly as automata
– example: infinitely often p (GFp)
p
true
p
![Page 36: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/36.jpg)
3636
Genealogy
Logics ofPrograms
Temporal/Modal Logics
CTL ModelChecking
-automataS1S
LTLMC
ATV
TarskiBüchi, 60
Kurshan Vardi/Wolper
mid 80’s
![Page 37: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/37.jpg)
3737
Symbolic Model Checking State explosion problem
– graph model guarantees worst-case complexity
Characterize sets and relations by Boolean formulas
– compute Tarski fixed points directly on formulas
– Use BDD’s to represent formulas
– efficient canonical form
![Page 38: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/38.jpg)
3838
Mu-calculus Park’s Mu-Calculus
– Logic of relations with fixed point operator
– Can express transitive closure
– Nicely characterizes what SMC can compute
– SMC algorithm for Mu-calculus
– Use to express symbolic algorithms for
– CTL, LTL model checking
– Automaton containment, etc...
– Note: bad specification logic, but good for describing algorithms
AFp = Q. p AX Q
![Page 39: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/39.jpg)
3939
Exercise
![Page 40: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/40.jpg)
4040
Exercise
![Page 41: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/41.jpg)
4141
Exercise
{}
)(. yEXpypEF
![Page 42: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/42.jpg)
4242
Exercise
},,,{,{}
)(.
4321 ssss
yEXpypEF
![Page 43: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/43.jpg)
4343
Exercise
},,,,{},,,,{,{}
)(.
432104321 sssssssss
yEXpypEF
![Page 44: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/44.jpg)
4444
Exercise
},,,,{
)(.
][
43210 sssss
yAXpypAG
pAGEF
![Page 45: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/45.jpg)
4545
Exercise
},,,{},,,,,{
)(.
][
432143210 sssssssss
yAXpypAG
pAGEF
![Page 46: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/46.jpg)
4646
Exercise
},,,{},,,,,{
)(.
][
432143210 sssssssss
yAXpypAG
pAGEF
},,,{
)(.
4321 ssss
yEXpypEF
![Page 47: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/47.jpg)
4747
Exercise
},,,{},,,,,{
)(.
][
432143210 sssssssss
yAXpypAG
pAGEF
},,,,{},,,,{{},
)(.
432104321 sssssssss
yEXpypEF
![Page 48: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/48.jpg)
4848
Genealogy, cont.
– Note first commercial application in 1990
– Encore Gigamax cache protocols
Logics ofPrograms
Temporal/Modal Logics
CTL ModelChecking
SymbolicModel Checking
-automataS1S
LTLMC
ATV
Tarski
-calc
QBF BDD
Park60’s
Bryantmid 80’s
late 80’s
![Page 49: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/49.jpg)
4949
Applications Hardware Design
– Encore Gigamax
– Intel instruction decoder
– SGI cache protocol chip
Other areas
– Avionics (TCAS)
– Chemical plant control
– Nuclear storage facilities (!)
Commercial tools
– Cadence, IBM, Synopsys
![Page 50: 1 Introduction to Model Checking. 2 2 Outline l Model checking –Temporal logic –Model checking algorithms –Expressiveness and complexity l Symbolic model.](https://reader033.fdocuments.in/reader033/viewer/2022051215/5697bf8b1a28abf838c8b0e4/html5/thumbnails/50.jpg)
5050
A convergence of research areas in logic Many areas of logic have shaped the discourse in model
checking
– Logics of programs
– Temporal/Modal logics
– Tarski fixed point theory
– Decidable logics -- S1S/automata
– Park’s mu-calculus
Much of this work is quite abstract, but has strongly influenced practical work in model checking