This preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: CS 267: Automated Verification Lecture 14: Infinite State Model Checking, Arithmetic Constraints, Action Language Verifier Instructor: Tevfik Bultan Model Checking View • Every reactive system is represented as a transition system: – S : The set of states – I ⊆ S : The set of initial states – R ⊆ S × S : The transition relation Model Checking View • Properties of reactive systems are expressed in temporal logics • Invariant( p ) : is true in a state if property p is true in every state reachable from that state – Also known as AG • Eventually( p ) : is true in a state if property p is true at some state on every execution path from that state – Also known as AF Model Checking Given a program and a temporal property p : • Either show that all the initial states satisfy the temporal property p – set of initial states ⊆ truth set of p • Or find an initial state which does not satisfy the property p – a state ∈ set of initial states ∩ truth set of ¬ p • • • • • • Invariant( Invariant( p ) ¬ p Initial Initial states states initial states that initial states that violate Invariant( violate Invariant( p ) Backward Backward fixpoint fixpoint Forward Forward fixpoint fixpoint Initial Initial states states • • • • • • states that can reach states that can reach ¬ p i.e., states that violate Invariant( i.e., states that violate Invariant( p ) reachable states reachable states of the system of the system ¬ p backwardImage backwardImage of of ¬ p reachable states reachable states that violate that violate p forward image forward image of initial states of initial states Temporal Properties ≡ Fixpoints Symbolic Model Checking • Represent sets of states and the transition relation as Boolean logic formulas • Forward and backward fixpoints can be computed by iteratively manipulating these formulas – Forward, backward image: Existential variable elimination – Conjunction (intersection), disjunction (union) and negation (set difference), and equivalence check • Use an efficient data structure for manipulation of Boolean logic formulas – BDDs Symbolic Model Checking • What do you need to compute fixpoints? Symbolic Conjunction(Symbolic,Symbolic) Symbolic Disjunction(Symbolic,Symbolic) Symbolic Negation(Symbolic) Boolean EquivalenceCheck(Symbolic,Symbolic) Symbolic Precondition(Symbolic) • Precondition (i.e., EX) computation is handled by: – variable renaming, followed by conjunction, followed by existential variable elimination • BDDs support all these operations! Infinite State Model Checking • Use a symbolic representation that is capable of representing infinite sets and supports the following functionality: Symbolic Conjunction(Symbolic,Symbolic) Symbolic Disjunction(Symbolic,Symbolic) Symbolic Negation(Symbolic) Boolean EquivalenceCheck(Symbolic,Symbolic) Symbolic Precondition(Symbolic) • Compute fixpoints using the infinite state symbolic representation – Warning: Fixpoints are not guaranteed to converge! ConstraintBased Verification...
View
Full Document
 Fall '09
 bultan
 Logic, model checking, action language, Composite Symbolic Library

Click to edit the document details