{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

# l16 - CS 267 Automated Verification Lecture 16 Bounded...

This preview shows pages 1–9. Sign up to view the full content.

CS 267: Automated Verification Lecture 16: Bounded Model Checking Instructor: Tevfik Bultan

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Remember Symbolic Model Checking Represent sets of states and the transition relation as Boolean logic formulas Fixpoint computation becomes formula manipulation pre-condition (EX) computation: Existential variable elimination conjunction (intersection), disjunction (union) and negation (set difference), and equivalence check Use an efficient data structure for boolean logic formulas Binary Decision Diagrams (BDDs)
An Extremely Simple Example Variables: x, y: boolean Set of states: S = {(F,F), (F,T), (T,F), (T,T)} S True Initial condition: I ¬ x ¬ y Transition relation (negates one variable at a time): R x’= ¬ x y’=y x’=x y’= ¬ y (= means ) F,T F,F T,T T,F

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
An Extremely Simple Example Assume that we want to check if this transition system satisfies the property AG( ¬ x ¬ y) Instead of checking AG( ¬ x ¬ y) we can check EF(x y) Since AG( ¬ x ¬ y) ¬ EF(x y) I AG( ¬ x ¬ y) if and only if I EF(x y) = If we find an initial state which satisfies EF(x y) (i.e., there exists a path from an initial state where eventually x and y both become true at the same time) Then we conclude that the property AG( ¬ x ¬ y) does not hold for this transition system If there is no such initial state, then property AG( ¬ x ¬ y) holds for this transition system
An Extremely Simple Example Given p x y, compute EX(p) EX(p) 5 V’ R p[V’ / V] 5 V’ R x’ y’ 5 V’ (x’= ¬ x y’=y x’=x y’= ¬ y ) x’ y’ 5 V’ (x’= ¬ x y’=y) x’ y’ (x’=x y’= ¬ y) x’ y’ 5 V’ ¬ x y x’ y’ x ¬ y x’ y’ ¬ x y x ¬ y EX(x y) ¬ x y x ¬ y In other words EX({(T,T)}) {(F,T), (T,F)} F,T F,F T,T T,F

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
An Extremely Simple Example Let’s compute compute EF(x y) The fixpoint sequence is False, x y , x y EX(x y) , x y EX (x y EX(x y)) , . .. If we do the EX computations, we get: False, x y , x y ¬ x y x ¬ y, True EF(x y) True {(F,F),(F,T), (T,F),(T,T)} This transition system violates the property AG( ¬ x ¬ y) since it has an initial state that satisfies the property EF(x y) F,T F,F T,T T,F 0 1 2 3 1 2 3
Bounded Model Checking Represent sets of states and the transition relation as Boolean logic formulas Instead of computing the fixpoints, unroll the transition relation up to certain fixed bound and search for violations of the property within that bound Transform this search to a Boolean satisfiability problem and solve it using a SAT solver

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Same Extremely Simple Example Variables: x, y: boolean Set of states: S = {(F,F), (F,T), (T,F), (T,T)} S True Initial condition:
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

### Page1 / 33

l16 - CS 267 Automated Verification Lecture 16 Bounded...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online