Beyond Regular Model Checking
description
Transcript of Beyond Regular Model Checking
![Page 1: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/1.jpg)
{
Beyond RegularModel Checking
By Prof. Dana Fisman and Prof. Amir Pnueli
Presented by Yanir Damti
![Page 2: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/2.jpg)
State explosion problem Parameterized systems Variables over infinite range
Symbolic model checking solves this problem by representing the model implicitly
For example with BDDs
Background2
![Page 3: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/3.jpg)
Use {formal languages} for model representation
One established method is using Regular languages
Verification and formal languages3
![Page 4: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/4.jpg)
{“x is even”:
This is a counter system. Sets of states are over alphabet , and the transition relation is over alphabet
Regular model checking - Example4
![Page 5: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/5.jpg)
– Alphabet – A language over the alphabet We denote a word in :
Projection:
L - A language over Lifting:
Few Basic Definitions5
𝑤=𝑎1𝑎2⋯𝑎𝑛
𝑢=𝑏1𝑏2⋯𝑏𝑛
![Page 6: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/6.jpg)
Regular languages can be applied to several types of parameterized problems.
Many interesting parameterized systems cannot be represented by regular languages.
The Peterson mutual exclusion algorithm that we’ll see later.
We’ll see three methods using non-regular classes of languages.
Non-Regular model checking6
![Page 7: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/7.jpg)
{ {On one hand:
More expressive than the regular languages
On the other hand:
Adequate for symbolic model checking
Aim: Find a class of languages7
![Page 8: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/8.jpg)
{Size of an adequate class of languages is bounded by a set of requirements.
8
Adequacy for Symbolic Model Checking
![Page 9: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/9.jpg)
The following languages describe a model: - property to be verified - set of initial states - transition relation
Next, we see an algorithm using them.General method for symbolic model checking9
![Page 10: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/10.jpg)
For repeat
until return
Procedure Backward MC
Complementation
Intersection
Projection
Lifting
Equivalence
Emptiness
10
![Page 11: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/11.jpg)
For repeat
until return
– property to be verified, – set of initial states, – transition relation - classes of languages
We say are adequate for symbolic model checking if the requirements to follow hold.
More accurately…11
![Page 12: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/12.jpg)
Requirements for Backward MC:1. are adequate for representing
respectively.2. is closed under complementation.3. is closed under lifting.4. is closed under intersection with .5. is closed under projection.6. is closed under intersection with , and
emptiness is decidable for .7. Equivalence is decidable for two
languages in .
More accurately…12
For repeat
until return
![Page 13: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/13.jpg)
3 Methods13
1Initial states – non-regular,
the rest – regulars
2
Define a new non-regularclass of
languages
3
Private case of 2
![Page 14: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/14.jpg)
: natural initially Number of processes
: array of initially Array of priorities
: array of Array of signatures
The Peterson Algorithm for Mutual Exclusion14
![Page 15: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/15.jpg)
: integer : loop forever do
: Non-Critical : for to do
: : await
: Critical : The Peterson
Algorithm for Mutual Exclusion15
: Number of processes : Priority array : Signature array
Process :
![Page 16: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/16.jpg)
Initial states – non-regular, the rest – regulars16
1
![Page 17: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/17.jpg)
{ {Set of initial states
Context-freelanguage
Property to be verified, transition relation
Regularlanguage
Main Principle17
1
![Page 18: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/18.jpg)
We take to be the context-free languages class
We take and to be the regular languages class
The extra help from the context-free class will make Peterson’s algorithm verification possible.
Main Principle18
1
For repeat
until return
![Page 19: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/19.jpg)
⊕⋯⊕⏟0
∨⊕⋯⊕⏟1
∨⋯∨⊕⋯⊕⏟𝑁−1
∨⊕⋯⊕⏟𝑁−1
Representing Peterson’s System19
1
Σ={⊕ , |}
Priority(waiting processes)
Critical(priority still )
![Page 20: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/20.jpg)
Transition relation:
Property’s negation:
Representing Peterson’s System20
Θ= {⊕𝑖 |𝑖 : 𝑖>1}
1
![Page 21: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/21.jpg)
We defined initial states as a context-free language.
We defined the transition relation and property with regular languages.
We can model check with the Backward-MC algorithm
Goal: Show Mutual Exclusion21
1
For repeat
until return
![Page 22: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/22.jpg)
Define a new non regular class of languages22
2
![Page 23: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/23.jpg)
A DPDA is a tuple – Input alphabet – Set of states - Initial state – Stack alphabet – Stack bottom symbol – Transition relation: – Set of accepting states
Reminder: Pushdown Automata23
2
![Page 24: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/24.jpg)
The class of languages accepted by pushdown automata is denoted:
We also denote the regulars as:
Pushdown Automata Language Class24
2
![Page 25: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/25.jpg)
We define an operation:
We take a specific 1DPDA: We look at the set of all DPDA that is a
result of the above operation on with some FA, :
Main Principle25
2
DPDA with one state
![Page 26: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/26.jpg)
Let be a 1DPDA:
can be considered:
Let be a DFA:
Cascade Product26
2
Δ :Σ× Γ⟶ Γ∗𝑆× 𝑆×
𝐷𝑃𝐷𝐴≜ ⟨ Σ ,𝑆 ,𝑠0 , Γ ,⊥ , 𝜌 ,𝐹 ⟩
![Page 27: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/27.jpg)
The cascade product is a DPDA:
The transition relation:
Cascade Product27
2
![Page 28: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/28.jpg)
Let be over alphabet , for some . Let be a mapping from to . The cascade product with respect to , :
Let’s complicate…28
2
![Page 29: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/29.jpg)
Let be as before. Let be a DPDA: If for some and some , then we say is . We define the class of languages
accepted by any DPDA:
Define a Class of Languages29
2
![Page 30: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/30.jpg)
2
We will show effective closure under: Complementation Lifting Intersection with a regular language
And we will also show: Equivalence is effectively decidable Emptiness is effectively decidable
The hard part: showing closure under projection. is Adequate for Symbolic Model Checking30
For repeat
until return
![Page 31: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/31.jpg)
Let For simplification assume:
Input alphabet of A is
We compute the automaton of the projection of on the first coordinate:
Computing Projection31
2
![Page 32: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/32.jpg)
Special Case of Cascade Product32
3
![Page 33: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/33.jpg)
We consider the cascade product where:
does not look at the stack To accepted a word, stack have to be
emptied
Simple Product33
3
![Page 34: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/34.jpg)
Separate the DFA part of the representation so that projection can be computed only using the DFA.
If we can write where is regular and has certain properties, than we can use the following algorithm for model checking.
Main Principle34
3
![Page 35: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/35.jpg)
For repeat
until return
Modified Backward MC35
Original algorithm:For repeat
until return
3
![Page 36: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/36.jpg)
The computation of in both versions is identical. That is:
The Main Claim36
For repeat
until return
Originalalgorithm
𝑀 𝑖
Induction
3
![Page 37: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/37.jpg)
Definition: A language is left preserved by a bi-language if:
If and is left preserved by , than we can use the modified Forward MC
Preserved Language37
3
![Page 38: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/38.jpg)
is left preserved by
We can use the modified Forward MC
Peterson example38
3
![Page 39: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/39.jpg)
Claim: Proof:
Problem in the Claim39
3
![Page 40: Beyond Regular Model Checking](https://reader035.fdocuments.in/reader035/viewer/2022062301/568161c1550346895dd1a25f/html5/thumbnails/40.jpg)
Definition:
Fixing the Problem40