Model Checking - PowerPoint PPT Presentation

1 / 36
About This Presentation
Title:

Model Checking

Description:

solve: Buchi monitors ( emptiness) -algorithm: strongly connected components (linear) ... Finite Emptiness. Given: finite automaton (S, S0, , , FA) ... – PowerPoint PPT presentation

Number of Views:40
Avg rating:3.0/5.0
Slides: 37
Provided by: tah93
Category:

less

Transcript and Presenter's Notes

Title: Model Checking


1
Model Checking Lecture 3
2
Specification Automata
Syntax, given a set A of atomic observations
  • S finite set of states
  • S0 ? S set of initial states
  • ? S ? S transition relation
  • S ? PL(A) where the formulas of PL are
  • ? a ? ? ? ? ?
  • for a ? A

3
Specification Omega Automata
Syntax as for finite automata,
in addition the following acceptance condition
Buchi BA ? S
4
Language L(M) of specification omega-automaton M
(S, S0, ?, ?, BA )
infinite trace t0, t1, ... ? L(M) iff there
exists an infinite run s0 ? s1 ? ... of M such
that 1. s0 ? s1 ? ... satisfies BA 2. for
all i ? 0, ti ?(si)
5
Let Inf(s) p p si for infinitely many i
.
The infinite run s satisfies the acceptance
condition BA iff Inf(s) ? BA ? ?
6
Linear semantics of specification omega
automata omega-language containment
(K,q) L M iff L(K,q) ? L(M)
infinite traces
7
Response specification automaton ? (a ? ?b)
assuming (a ? b) false
s1
a
?b
s2
s0
b
?a
s3
Buchi condition s0, s3
8
Response monitor automaton ? (a ? ?b)
assuming (a ? b) false
a
?b
true
s0
s1
s2
Buchi condition s2
9
Outline
  • 1 Specifications logic vs. automata, linear vs.
    branching, safety vs. liveness
  • 2 Graph algorithms for model checking
  • Symbolic algorithms for model checking
  • Pushdown systems

10
Model-Checking Algorithms Graph Algorithms
11
  • Safety
  • -solve finite monitors (? emptiness)
  • -algorithm reachability (linear)
  • Liveness
  • -solve Buchi monitors (?? emptiness)
  • -algorithm strongly connected components
    (linear)

We will talk about STL and CTL model checking
later.
12
From specification automata to monitor
automata determinization (exponential)
complementation (easy)
From LTL to monitor automata complementation
(easy) tableau construction (exponential)
13
Algorithms
  1. Reachability
  2. Strongly connected components
  3. Tableau construction

14
Finite Emptiness
Given finite automaton (S, S0, ?, ?, FA) Find
is there a path from a state in S0 to a state in
FA ?
15
Fix a set A of atomic observations
16
State-transition graph K
  • Q set of states
  • ? Q ? Q transition relation
  • Q ? 2A observation function

17
Monitor automaton M
  • S finite set of states
  • S0 ? S set of initial states
  • ? S ? S transition relation
  • E ? S set of final states
  • S ? PL(A) where the formulas of PL are
  • ? a ? ? ? ? ? for a ? A

18
languages over finite traces
(K,q) C M iff L(K,q) ? L(M) ?
We construct another monitor automaton M such
that L(M) L(K,q) ? L(M)
  • S (q,s) ? Q ? S q ?(s) finite set of
    states
  • (q ? S0) ? S set of initial states
  • (q,s) ? (q,s) transition relation
  • iff q ? q and s ? s
  • (Q ? E) ? S set of final states
  • ? S ? PL(A) labeling function
  • ?(q,s) conjunction of atomic observations in
    q and negated atomic observations not in q

19
Finite Emptiness
Given monitor automaton (S, S0, ?, ?, E) Find
is there a path from a state in S0 to a state in
E ?
Solution depth-first or breadth-first search
20
dfs(s) if (s ? E) then report error add
s to dfsTable for each successor t of s
if (t ? dfsTable) then dfs(t)
21
Buchi Emptiness
Given Buchi automaton (S, S0, ?, ?, BA) Find
is there an infinite path from a state in S0 that
visits some state in BA infinitely often ?
22
Monitor Buchi automaton M
  • S finite set of states
  • S0 ? S set of initial states
  • ? S ? S transition relation
  • BA ? S acceptance condition
  • S ? PL(A) where the formulas of PL are
  • ? a ? ? ? ? ? for a ? A

23
languages over infinite traces
(K,q) C M iff L(K,q) ? L(M) ?
We construct another monitor Buchi automaton M
such that L(M) L(K,q) ? L(M)
  • S (q,s) ? Q ? S q ?(s) finite set of
    states
  • (q ? S0) ? S set of initial states
  • (q,s) ? (q,s) transition relation
  • iff q ? q and s ? s
  • (Q ? BA) ? S acceptance condition
  • ? S ? PL(A) labeling function
  • ?(q,s) conjunction of atomic observations in
    q and negated atomic observations not in q

24
Buchi Emptiness
Given Buchi automaton (S, S0, ?, ?, BA) Find
is there an infinite path from a state in S0 that
visits some state in BA infinitely often ?
Solution 1. Compute SCC graph by
depth-first search 2. Mark SCC C as fair iff
C ? BA ? ? 3. Check if some fair SCC is
reachable from S0
25
Complexity
n number of states m number of
transitions
Reachability O(nm) SCC O(nm)
26
Buchi emptiness
  • Two algorithms for SCC computation
  • forward and backward DFS
  • forward HI-LO algorithm
  • Storing SCCs requires lot of memory
  • Nested DFS
  • checks Buchi emptiness without explicitly
    computing SCCs

27
dfs(s) add s to dfsTable for each
successor t of s if (t ? dfsTable) then
dfs(t) if (s ? BA) then seed s ndfs(s)
ndfs(s) add s to ndfsTable for
each successor t of s if (t ? ndfsTable)
then ndfs(t) else if (t seed) then
report error
28
Multi-Buchi Emptiness
Given Multi-Buchi automaton (S, S0, ?, ?, BA1,
, BAn) Find is there an infinite path from a
state in S0 that infinitely often visits some
state in BAi for all i such that 1 ? i ?
n ?
Solution 1. Compute SCC graph by
depth-first search 2. Mark SCC C as fair iff
C ? BAi ? ? for all i such that 1
? i ? n. 3. Check if some fair SCC is
reachable from S0
29
Tableau Construction
Given LTL formula ? Find Multi-Buchi automaton
M? such that L(M?) L(?)
monitors subformulas of ?
Fischer Ladner 1975 Manna Wolper 1982
30
Negation normal form
?(? ? ?) ?? ? ?? ?(? ? ?) ?? ?
?? ?(??) ?(??) ?(? U ?) (?? W ??
? ??) ?(? W ?) (?? U ?? ? ??)
?, ? a ?a ? ? ? ? ? ? ?? ? U ? ?
W ?
31
Fischer-Ladner Closure of a Formula
Sub (a) a, ?a Sub (?a) a, ?a Sub
(???) ??? ? Sub (?) ? Sub (?) Sub (???)
??? ? Sub (?) ? Sub (?) Sub (??) ?? ? Sub
(?) Sub (?U?) ?U?, ?(?U?) ? Sub (?) ? Sub
(?) Sub (?W?) ?W?, ?(?W?) ? Sub (?) ? Sub
(?)
Sub (?) O(?)
32
s ? Sub (?) is consistent iff
-for all atomic propositions a (?a) ? s iff a
? s -if (???) ? Sub (?) then
(???) ? s iff ? ? s and ? ? s -if (???) ?
Sub (?) then (???) ? s iff
either ? ? s or ? ? s -if (?U?) ? Sub (?)
then (?U?) ? s iff either ? ?
s or ? ? s and ?(?U?) ? s -if (?W?) ?
Sub (?) then (?W?) ? s iff
either ? ? s or ? ? s and ?(?W?) ? s
33
Fischer-Ladner Closure of a Formula
Sub (??) ??, ??? ? Sub (?) Sub
(??) ??, ??? ? Sub (?)
34
s ? Sub (?) is consistent iff
-if (??) ? Sub (?) then (??)
? s iff either ? ? s or ??? ? s -if (??) ?
Sub (?) then (??) ? s iff ? ?
s and ??? ? s
35
Tableau M? (S, S0, ?, ?, BA1,,BAn)
S ... set of consistent subsets of Sub (?) s ?
S0 iff ? ? s s ? t iff for all (??) ? Sub
(?), if (??) ? s then ? ? t ?(s)
... conjunction of atomic observations in s
and negated atomic observations not in s There is
an acceptance condition - for each (?U?) ? Sub
(?) given by s ? ? s or (?U?) ? s - for
each (??) ? Sub (?) given by s ? ? s or
(??) ? s
36
Size of M? is O(2?).
LTL model checking PSPACE-complete
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Model Checking" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!