Formal Verification and Linear-time Model Checking



Similar documents
Software Modeling and Verification

Model Checking: An Introduction

logic language, static/dynamic models SAT solvers Verified Software Systems 1 How can we model check of a program or system?

Algorithmic Software Verification

Model Checking II Temporal Logic Model Checking

Introduction to Software Verification

On the Modeling and Verification of Security-Aware and Process-Aware Information Systems

T Reactive Systems: Introduction and Finite State Automata

Development of dynamically evolving and self-adaptive software. 1. Background

Software Verification and Testing. Lecture Notes: Temporal Logics

Temporal Logics. Computation Tree Logic

Static Program Transformations for Efficient Software Model Checking

Using Patterns and Composite Propositions to Automate the Generation of Complex LTL

Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification

Journal of Mathematics Volume 1, Number 1, Summer 2006 pp

Model Checking of Software

Today s Agenda. Automata and Logic. Quiz 4 Temporal Logic. Introduction Buchi Automata Linear Time Logic Summary

Fixed-Point Logics and Computation

Formal Verification of Software

Model Checking based Software Verification

The Course.

Formal Verification by Model Checking

Path Querying on Graph Databases

A Classification of Model Checking-based Verification Approaches for Software Models

Introducing Formal Methods. Software Engineering and Formal Methods

A Propositional Dynamic Logic for CCS Programs

Testing LTL Formula Translation into Büchi Automata

Software Engineering using Formal Methods

Automata-based Verification - I

Fundamentals of Software Engineering

Validated Templates for Specification of Complex LTL Formulas

Combining Software and Hardware Verification Techniques

The Model Checker SPIN

Principles of Software Engineering: Course Outline. Ethan Jackson And Wolfram Schulte, Research in Software Engineering (RiSE) Microsoft Research

Model Checking LTL Properties over C Programs with Bounded Traces

Introduction to Formal Methods. Các Phương Pháp Hình Thức Cho Phát Triển Phần Mềm

CHAPTER 7 GENERAL PROOF SYSTEMS

Verifying Semantic of System Composition for an Aspect-Oriented Approach

From Workflow Design Patterns to Logical Specifications

Automated Theorem Proving - summary of lecture 1

Rigorous Software Development CSCI-GA

Lecture 9 verifying temporal logic

INF5140: Specification and Verification of Parallel Systems

Goal-Driven Adaptable Software Architecture for UAVs

Experimental Comparison of Concolic and Random Testing for Java Card Applets

PROPERTECHNIQUEOFSOFTWARE INSPECTIONUSING GUARDED COMMANDLANGUAGE

tutorial: hardware and software model checking

Software Model Checking. Equivalence Hierarchy

Software Model Checking: Theory and Practice

Semantics and Verification of Software

MetaGame: An Animation Tool for Model-Checking Games

Introduction to Functional Verification. Niels Burkhardt

Institut für Parallele und Verteilte Systeme. Abteilung Anwendersoftware. Universität Stuttgart Universitätsstraße 38 D Stuttgart

Software Model Checking: Theory and Practice

Logic in general. Inference rules and theorem proving

Formal Verification Coverage: Computing the Coverage Gap between Temporal Specifications

Feature Specification and Automated Conflict Detection

Verifying Real-Time Embedded Software by Means of Automated State-based Online Testing and the SPIN Model Checker Application to RTEdge Models

Verification of multiagent systems via ordered binary decision diagrams: an algorithm and its implementation

Formal Verification Problems in a Bigdata World: Towards a Mighty Synergy

Introduction to SPIN. Acknowledgments. Parts of the slides are based on an earlier lecture by Radu Iosif, Verimag. Ralf Huuck. Features PROMELA/SPIN

Formal Verification of Computer Systems - (INFO-F-412)

LTL Model Checking with Logic Based Petri Nets

Schedule. Logic (master program) Literature & Online Material. gic. Time and Place. Literature. Exercises & Exam. Online Material

Introduction to Promela and SPIN. LACL, Université Paris 12

Digital Design Verification

Fabio Patrizi DIS Sapienza - University of Rome

Finite Automata. Reading: Chapter 2

Regression Verification: Status Report

Network (Tree) Topology Inference Based on Prüfer Sequence

CSC 373: Algorithm Design and Analysis Lecture 16

Automated Route Planning for Milk-Run Transport Logistics with the NuSMV Model Checker

Program Synthesis is a Game

MODEL CHECKING OF SERVICES WORKFLOW RECONFIGURATION: A PERSPECTIVE ON DEPENDABILITY

CISC422/853: Formal Methods

On strong fairness in UNITY

Runtime Verification - Monitor-oriented Programming - Monitor-based Runtime Reflection

Introduction to Logic in Computer Science: Autumn 2006

System modeling. Budapest University of Technology and Economics Department of Measurement and Information Systems

CS510 Software Engineering

Transcription:

Formal Verification and Linear-time Model Checking Paul Jackson University of Edinburgh Automated Reasoning 21st and 24th October 2013

Why Automated Reasoning? Intellectually stimulating and challenging area AI Building autonomous agents that can reason and interact with each other Formal mathematics & assisting with mathematical reasoning Formal verification

Formal Verification Create a formal model of some system of interest Hardware Communication protocol Software, esp. concurrent software Describe formally a specification which we desire the model to satisfy Check the model satisfies the specification Interactive theorem proving Model checking

Formal Verification Examples Floating Point Hardware Verification FDIV bug. Cost Intel $500M. Now cost would be several $B. Concurrent Software Verification Microsoft s Static Driver Verifier

Model Checking Introduction - Models A model of some system has A set of states A subset of states consider the initial states A transition relation which, given a current state, describes which next states a system Good for Software, both sequential and concurrent Digital hardware Communication protocols Refinements handle state with continuous components and continuous rather than step-wise state evolution. Good for hybrid and control systems

Model Checking Introduction - Specifications Interested in specifying behaviours of systems over time Elementary parts of specifications refer to properties of individual states Temporal specifications then relate properties at different times At all times, the read and write signals are never simultaneously asserted If a request signal is asserted at some time, a corresponding grant signal will be asserted within 10 time units. Two common treatments of time Linear Branching Differ in how they incorporate reasoning about non-determinism

Non-determinism In general system descriptions are non-deterministic A system is non-deterministic when, from some state there are multiple alternative next states the system could transition to. Non-determinism good for Modelling alternate inputs to the system from its environment (External non-determinism) Allowing model to be under-specified, allowing it to capture many possible system implementations. (Internal non-determinism)

Linear vs. Branching Time Linear Time Considers paths (sequences of states) If system non-deterministic, many paths for each initial state Questions of form For all paths, does some path property hold? Does there exist a path such that some path property holds? Branching Time Considers tree of possible future states from each initial state If system non-deterministic at some state, tree forks Questions more complex. E.g. For all states reachable from an initial state, does there exist an onwards path to a state satisfying some property? Most-basic branching-time logic (CTL) is complementary to most-basic linear-time logic (LTL) Richer branching-time logic (CTL*) incorporates both CTL and LTL.

LTL Syntax LTL = Linear Temporal Logic Assume some set Atom of atomic propositions Syntax of LTL formulas φ: φ ::= p φ φ φ φ φ φ φ X φ F φ G φ φ U φ where p Atom Temporal operators are X NeXt G Globally F Future U Until Other common temporal operators are W (Weak until) and R (Release) Precedence high-to-low: (X, F, G, ), ( U, R ), (, ),

LTL Semantics 1: Transition Systems and Paths Definition (Transition System) A transition system M = S,, L consists of S S S L : S P(Atom) such that s. t. s t. Definition (Path) set of states transition relation labelling function A path in a model M = S,, L is an infinite sequence of states s 0, s 1,... such that i 0. s i s i+1. We write the path as s 0 s 1....

LTL Semantics 2: Satisfaction by Path Satisfaction relation π = i φ read as path π at position i satisfies LTL formula φ. π = i π = i π = i p iff p L(s i ) π = i φ iff π = i φ π = i φ 1 φ 2 iff π = i φ 1 and π = i φ 2 π = i φ 1 φ 2 iff π = i φ 1 or π = i φ 2 π = i φ 1 φ 2 iff π = i φ 1 implies π = i φ 2 π = i X φ iff π = i+1 φ π = i F φ iff j i. π = j φ π = i G φ iff j i. π = j φ π = i φ 1 U φ 2 iff j i. π = j φ 2 and k {i..j 1}. π = k φ 1 π = i φ 1 R φ 2 iff ( j i. π = j φ 2 ) or k i. π = k φ 1 and j {i..k}. π = k φ 2

LTL Semantics 3: Alternative Satisfaction by Path Alternatively, we can define π = φ using the notion of ith suffix π i = s i s i+1... of a path π = s 0 s 1.... E.g. write instead of π = G φ iff j 0. π j = φ π = i G φ iff j i. π = j φ π = i φ better for understanding and needed for past time operators. π = φ needed for semantics of CTL branching-time temporal logic.

LTL Semantics 4: Satisfaction by Model We write M, s = φ if, for every execution path π of model M starting at state s, we have π = 0 φ.

LTL Formula Examples 1. G invar 2. G (read write) 3. G (request F grant) 4. G (request (request U grant)) 5. G F enabled 6. F G stable Understand formulas by using semantics: e.g. π = 0 F G stable i 0. j i. stable L(s j )

LTL Equivalences 1 φ ψ. = M. π M. π = 0 φ π = 0 ψ Dualities in Propositional Logic (φ ψ) φ ψ (φ ψ) φ ψ Dualities in LTL X φ X φ G φ F φ F φ G φ (φ U ψ) φ R ψ (φ R ψ) φ U ψ Distributive laws G (φ ψ) G φ G ψ F (φ ψ) F φ F ψ

LTL Equivalences 2 Inter-definitions F φ G φ G φ F φ F φ U φ Idempotency F F φ F φ Weak and strong Until φ U ψ φ W ψ F ψ G φ R φ G G φ G φ φ W ψ φ U ψ G φ Some more suprising equivalences G F G φ F G φ F G F φ G F φ G (F φ F ψ) G F φ G F ψ

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information