This preview shows pages 1–9. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: CS 267: Automated Verification Lecture 14: Infinite State Model Checking, Arithmetic Constraints, Action Language Verifier Instructor: Tevfik Bultan Model Checking View Every reactive system is represented as a transition system: S : The set of states I S : The set of initial states R S S : The transition relation Model Checking View Properties of reactive systems are expressed in temporal logics Invariant( p ) : is true in a state if property p is true in every state reachable from that state Also known as AG Eventually( p ) : is true in a state if property p is true at some state on every execution path from that state Also known as AF Model Checking Given a program and a temporal property p : Either show that all the initial states satisfy the temporal property p set of initial states truth set of p Or find an initial state which does not satisfy the property p a state set of initial states truth set of p Invariant( Invariant( p ) p Initial Initial states states initial states that initial states that violate Invariant( violate Invariant( p ) Backward Backward fixpoint fixpoint Forward Forward fixpoint fixpoint Initial Initial states states states that can reach states that can reach p i.e., states that violate Invariant( i.e., states that violate Invariant( p ) reachable states reachable states of the system of the system p backwardImage backwardImage of of p reachable states reachable states that violate that violate p forward image forward image of initial states of initial states Temporal Properties Fixpoints Symbolic Model Checking Represent sets of states and the transition relation as Boolean logic formulas Forward and backward fixpoints can be computed by iteratively manipulating these formulas Forward, backward image: Existential variable elimination Conjunction (intersection), disjunction (union) and negation (set difference), and equivalence check Use an efficient data structure for manipulation of Boolean logic formulas BDDs Symbolic Model Checking What do you need to compute fixpoints? Symbolic Conjunction(Symbolic,Symbolic) Symbolic Disjunction(Symbolic,Symbolic) Symbolic Negation(Symbolic) Boolean EquivalenceCheck(Symbolic,Symbolic) Symbolic Precondition(Symbolic) Precondition (i.e., EX) computation is handled by: variable renaming, followed by conjunction, followed by existential variable elimination BDDs support all these operations! Infinite State Model Checking Use a symbolic representation that is capable of representing infinite sets and supports the following functionality: Symbolic Conjunction(Symbolic,Symbolic) Symbolic Disjunction(Symbolic,Symbolic) Symbolic Negation(Symbolic) Boolean EquivalenceCheck(Symbolic,Symbolic) Symbolic Precondition(Symbolic) Compute fixpoints using the infinite state symbolic representation Warning: Fixpoints are not guaranteed to converge! ConstraintBased Verification...
View
Full
Document
This note was uploaded on 12/27/2011 for the course CMPSC 267 taught by Professor Bultan during the Fall '09 term at UCSB.
 Fall '09
 bultan

Click to edit the document details