{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

# l9 - CS 267 Automated Verification Lecture 9 Automata...

This preview shows pages 1–9. Sign up to view the full content.

CS 267: Automated Verification Lecture 9: Automata Theoretic Model Checking Instructor: Tevfik Bultan

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
LTL Properties Büchi automata [Vardi and Wolper LICS 86] Büchi automata: Finite state automata that accept infinite strings The better known variant of finite state automata accept finite strings (used in lexical analysis for example) A Büchi automaton accepts a string when the corresponding run visits an accepting state infinitely often Note that an infinite run never ends, so we cannot say that an accepting run ends at an accepting state LTL properties can be translated to Büchi automata The automaton accepts a path if and only if the path satisfies the corresponding LTL property
LTL Properties Büchi automata G p p ¬ p true F p p ¬ p true G (F p) p The size of the property automaton can be exponential in the size of the LTL formula (recall the complexity of LTL model checking) ¬ p ¬ p p

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Büchi Automata: Language Emptiness Check Given a Buchi automaton, one interesting question is: Is the language accepted by the automaton empty? i.e., does it accept any string? A Büchi automaton accepts a string when the corresponding run visits an accepting state infinitely often To check emptiness : Look for a cycle which contains an accepting state and is reachable from the initial state Find a strongly connected component that contains an accepting state, and is reachable from the initial state If no such cycle can be found the language accepted by the automaton is empty
LTL Model Checking Generate the property automaton from the negated LTL property Generate the product of the property automaton and the transition system Show that there is no accepting cycle in the product automaton (check language emptiness) i.e., show that the intersection of the paths generated by the transition system and the paths accepted by the (negated) property automaton is empty If there is a cycle, it corresponds to a counterexample behavior that demonstrates the bug

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
LTL Model Checking Example G q Each state is labeled with the propositions that hold in that state Example transition system Property to be verified Negation of the property ¬ G q F ¬ q Property automaton for the negated property q ¬ q true 2 1 3 p,q q p {q},{p,q} , {p} ,{p},{q}, {p,q} 1 2 Equivalently
Transition System to Buchi Automaton Translation 2 1 3 Each state is labeled with the propositions that hold in that state Example transition system Corresponding Buchi automaton {p,q} {p} {q} {p,q} {q} i 1 2 3 p,q q p

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
{p,q} {p} {q} {p,q} {q} {q},{p,q} , {p} ,{p},{q}, {p,q} 1 2 3 4 1 2 Product automaton {p,q} {p} {q} {p,q} 1,1 2,1 3,1 4,2 {q} 3,2 {p} Buchi automaton for
This is the end of the preview. Sign up to access the rest of the document.
• Fall '09
• bultan
• Automata theory, computational models, model checking, Linear temporal logic, Buchi automaton, Buchi Automaton Translation

{[ snackBarMessage ]}

### Page1 / 27

l9 - CS 267 Automated Verification Lecture 9 Automata...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online