Algorithmic Software Verification

1
Algorithmic Software Verification

• II. Modeling using FSA

2
Finite state machines

• FSM (?, X, Dx x ? X , Q, Q_in, ?, d )
• ? finite set of actions
• X finite set of variables
• Dx domain of x, for each x in X
• Q finite set of states
• Q_in ? Q set of initial states
• ? For each q ? Q,
• ?(q) is a function that maps
• each x in X to an element in
  Dx
• d ? Q x ? x Q transition relation

3
Extended Finite state machines

• EFSM (?, X, Dx x ? X , L, L_in, G_in, d
  )
• ? finite set of actions
• X finite set of variables
• Dx domain of x, for each x in X
• L finite set of control
  locations
• L_in ? Q set of initial locations
• G_in predicate over X
• ? transition relation
• l -- a, g(X), A(X) ? l where a is
  in ?.
• 
  g(X) guard
• 
  A(X) assgn

4
Kripke structure

• FSM where Dx T, F .
• Each state is hence of the form
• (l, v), where v X ? T, F

5
Reachability in FSMs is in O(n)

• Given FSM M, a target set T, call DFS(q_in)
• DFS ( q )
• Add q to Set_of_Visited_States
• for each q such that q a? q
• do if q is in T,
• print Target found
  halt.
• else if q is not in
  Set_of_Visited_States
• DFS(q)

6
Model checking FSMs

• Given FSM M and specification FSM S,
• Is every behaviour of M a behaviour of S?
• L(M) ? L(S)
• Solvable in Pspace /
• Linear in M and exponential in S.

7
Product FSMs

• M1 (?1, X1, Dx x ? X1 , Q1, Q_in1, d1)
• M2 (?2, X2, Dx x ? X2 , Q2, Q_in2, d2)
• where X1 and X2 are disjoint
• M M1 x M2
• (?1 ? ?2, X1 ? X2, Dx x ? X1 ? Dx x ?
  X2 ,
• Q1 x Q2, Q_in1 x Q_in2, d)
• (q1, q2 ) --a? (q1, q2) iff
• q1 a? q1 and q2 a? q2 a ? ?1? ?2
• q1 a? q1 and q2q2 a ?
  ?1
• q2 a? q2 and q2q2 a ? ?2

8
Homework I

• 3 cannibals and 3 missionaries are on the left
  side of a river.
• There is 1 boat that can carry two people.
• (The boat of course needs to be ferried by at
  least one person).
• If at any point, there are more cannibals than
  missionaries on
• one bank, the cannibals eat the missionaries.
• 1. Model all the possibilities of movement
  between
• the banks using an EFSM. The EFSM should
• have at least two locations, one for the
  configurations
• where the boat is on the left bank, and one
  for
• configurations where it is on the right.
• Also, model it such that checking whether
  all of them can
• get safely across to the right side reduces
  to reachability
• in the model.

9
Homework I

• Model the same situation now using component
  machines one for each cannibal, one for each
  missionary, and one for the boat.
• Aim for a clean model that is simple and
  scalable
• (i.e. easily changeable if one wants more
  missionaries/cannibals).
• (Forget solving the puzzle using
  reachability).