l9 - CS 267: Automated Verification Lecture 9: Automata...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 267: Automated Verification Lecture 9: Automata Theoretic Model Checking Instructor: Tevfik Bultan
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
LTL Properties Büchi automata [Vardi and Wolper LICS 86] Büchi automata: Finite state automata that accept infinite strings The better known variant of finite state automata accept finite strings (used in lexical analysis for example) A Büchi automaton accepts a string when the corresponding run visits an accepting state infinitely often Note that an infinite run never ends, so we cannot say that an accepting run ends at an accepting state LTL properties can be translated to Büchi automata The automaton accepts a path if and only if the path satisfies the corresponding LTL property
Background image of page 2
LTL Properties Büchi automata G p p ¬ p true F p p ¬ p true G (F p) p The size of the property automaton can be exponential in the size of the LTL formula (recall the complexity of LTL model checking) ¬ p ¬ p p
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Büchi Automata: Language Emptiness Check Given a Buchi automaton, one interesting question is: Is the language accepted by the automaton empty? i.e., does it accept any string? A Büchi automaton accepts a string when the corresponding run visits an accepting state infinitely often To check emptiness : Look for a cycle which contains an accepting state and is reachable from the initial state Find a strongly connected component that contains an accepting state, and is reachable from the initial state If no such cycle can be found the language accepted by the automaton is empty
Background image of page 4
LTL Model Checking Generate the property automaton from the negated LTL property Generate the product of the property automaton and the transition system Show that there is no accepting cycle in the product automaton (check language emptiness) i.e., show that the intersection of the paths generated by the transition system and the paths accepted by the (negated) property automaton is empty If there is a cycle, it corresponds to a counterexample behavior that demonstrates the bug
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
LTL Model Checking Example G q Each state is labeled with the propositions that hold in that state Example transition system Property to be verified Negation of the property ¬ G q F ¬ q Property automaton for the negated property q ¬ q true 2 1 3 p,q q p {q},{p,q} , {p} ,{p},{q}, {p,q} 1 2 Equivalently
Background image of page 6
Transition System to Buchi Automaton Translation 2 1 3 Each state is labeled with the propositions that hold in that state Example transition system Corresponding Buchi automaton {p,q} {p} {q} {p,q} {q} i 1 2 3 p,q q p
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
{p} {q} {p,q} {q} {q},{p,q} , {p} ,{p},{q}, {p,q} 1 2 3 4 1 2 Product automaton {p,q} {p} {q} {p,q} 1,1 2,1 3,1 4,2 {q} 3,2 {p} Buchi automaton for the transition system (every state is accepting) Property Automaton
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/27/2011 for the course CMPSC 267 taught by Professor Bultan during the Fall '09 term at UCSB.

Page1 / 27

l9 - CS 267: Automated Verification Lecture 9: Automata...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online