Chapter 4: Model Checking of Finite State Systems
9
Chapter 4: Model Checking of Finite State Systems Albert M. K. Cheng
-
Upload
dalton-whitehead -
Category
Documents
-
view
52 -
download
4
description
Chapter 4: Model Checking of Finite State Systems. Albert M. K. Cheng. Model Checking. Is the finite-state graph a model of the temporal logic formula?. Specification represented as a labeled finite-state Graph (Kripke structure). Safety assertion written as temporal logic formula. - PowerPoint PPT Presentation
Transcript of Chapter 4: Model Checking of Finite State Systems
Chapter 4: Model Checking of Finite State Systems
Albert M. K. Cheng
Model Checking
Specificationrepresented asa labeledfinite-stateGraph (Kripkestructure)
Safety assertionwritten as temporallogic formula
Is the finite-state grapha model of the temporallogic formula?
Computation Tree Logic CTL Propositional,
branching-time temporal logic
Next-time operator X, Until operator U
A(E)X f : f holds in every (some) immediate successor of current state
A(E)[f1 U f2] : for every (some) computation path, there exists an initial prefix of the path such that f2 holds at the last state of the prefix and f1 holds at all other states along the prefix
Example; Solution to Mutual Exclusion Problem
N1,N2
T1,N2
C1,T2
N1,T2
C1,N2 T1,T2 T1,T2 N1,C2
T1,C2
CTL abbreviations AF(f) = A[True U f]: f holds in the future
along every path from the initial state s0, so f is inevitable
EG(f) = NOT AF(NOT f)
EF(f) = E[True U f]: there is some path from the initial state s0 that leads to a state at which f holds, so f potentially holds
AG(f) = NOT EF(NOT f)
Explicit-State Model Checking
for (fi=flength; fi >= 1; fi--) labelgraph(fi,s,&correct);labelgraph (fi,s,b)short fi, s;Boolean *b;{ short i; switch(nf[fi-1][0].opcode) { case atomic: atf(fi,s,b); break;
case nt: ntf(fi,s,b); break; case ad: adf(fi,s,b); break; case ax: axf(fi,s,b); break; case ex: exf(fi,s,b); break;
case au:
for (i=0; i <= numstates; i++)
marked[i] = false;
for (i=0; i <= numstates; i++)
if (!marked[i])
auf(fi,s,b);
break;
case eu:
euf(fi,s,b);
break;
}
}
Explicit-State Model Checking
Symbolic Model Checking Transition relation between the values of
the variables in the current and the next states can be stated as a Boolean formula
Use Binary Decision Diagrams (BDDs) to present this Boolean formula
Apply model checker to finite-state graph represented as BBDs
Real-Time CTL Existentially Bounded Until operator: E[f_1 U[x,y] f_2] at state s_0 means there
exists a path beginning at s_0 and some i such that x <= i <= y and f_2 holds at state s_i and forall j < i, f_1 holds at state s_j
Min/max delays Min/max number of condition occurrences
