l8 - CS 267: Automated Verification Lecture 8: SMV Symbolic...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 267: Automated Verification Lecture 8: SMV Symbolic Model Checker, Partitioned Transition Systems, Counter-example Generation in Symbolic Model Checking Instructor: Tevfik Bultan
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
SMV [McMillan 93] BDD-based symbolic model checker Finite state Temporal logic: CTL Focus: hardware verification Later applied to software specifications, protocols, etc. SMV has its own input specification language concurrency: synchronous, asynchronous shared variables boolean and enumerated variables bounded integer variables (binary encoding) SMV is not efficient for integers, but that can be fixed fixed size arrays
Background image of page 2
SMV Language An SMV specification consists of a set of modules (one of them must be called main ) Modules can have access to shared variables Modules can be composed asynchronously using the process keyword Module behaviors can be specified using the ASSIGN statement which assigns values to next values of variables in parallel Module behaviors can also be specified using the TRANS statements which allow specification of the transition relation as a logic formula where next state values are identified using the next keyword
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Example Mutual Exclusion Protocol Process 1: while (true) { out: a := true; turn := true; wait: await (b = false or turn = false); cs: a := false; } || Process 2: while (true) { out: b := true; turn := false; wait: await (a = false or turn); cs: b := false; } Two concurrently executing processes are trying to enter a critical section without violating mutual exclusion
Background image of page 4
Example Mutual Exclusion Protocol in SMV MODULE process1(a,b,turn) VAR pc: {out, wait, cs}; ASSIGN init(pc) := out; next(pc) := case pc=out : wait; pc=wait & (!b | !turn) : cs; pc=cs : out; 1 : pc; esac; next(turn) := case pc=out : 1; 1 : turn; esac; next(a) := case pc=out : 1; pc=cs : 0; 1 : a; esac; next(b) := b; FAIRNESS running MODULE process2(a,b,turn) VAR pc: {out, wait, cs}; ASSIGN init(pc) := out; next(pc) := case pc=out : wait; pc=wait & (!a | turn) : cs; pc=cs : out; 1 : pc; esac; next(turn) := case pc=out : 0; 1 : turn; esac; next(b) := case pc=out : 1; pc=cs : 0; 1 : b; esac; next(a) := a; FAIRNESS running
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Example Mutual Exclusion Protocol in SMV MODULE main VAR a : boolean; b : boolean; turn : boolean; p1 : process process1(a,b,turn); p2 : process process2(a,b,turn); SPEC AG(!(p1.pc=cs & p2.pc=cs)) Here is the output when I run SMV on this example to check the mutual exclusion property % smv mutex.smv resources used: user time: 0.01 s, system time: 0 s BDD nodes allocated: 692 Bytes allocated: 1245184 BDD nodes representing transition relation: 143 + 6
Background image of page 6
Example Mutual Exclusion Protocol in SMV The output for the starvation freedom property: % smv mutex.smv .. is true resources used: user time: 0 s, system time: 0 s BDD nodes allocated: 1251 Bytes allocated: 1245184 BDD nodes representing transition relation: 143 + 6
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Example Mutual Exclusion Protocol in SMV Let’s insert an error change pc=wait & (!b | !turn) : cs; to pc=wait & (!b | turn) : cs;
Background image of page 8
% smv mutex.smv
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/27/2011 for the course CMPSC 267 taught by Professor Bultan during the Fall '09 term at UCSB.

Page1 / 32

l8 - CS 267: Automated Verification Lecture 8: SMV Symbolic...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online