l16 - CS 267 Automated Verification Lecture 16 Bounded...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 267: Automated Verification Lecture 16: Bounded Model Checking Instructor: Tevfik Bultan
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Remember Symbolic Model Checking Represent sets of states and the transition relation as Boolean logic formulas Fixpoint computation becomes formula manipulation pre-condition (EX) computation: Existential variable elimination conjunction (intersection), disjunction (union) and negation (set difference), and equivalence check Use an efficient data structure for boolean logic formulas Binary Decision Diagrams (BDDs)
Background image of page 2
An Extremely Simple Example Variables: x, y: boolean Set of states: S = {(F,F), (F,T), (T,F), (T,T)} S True Initial condition: I ¬ x ¬ y Transition relation (negates one variable at a time): R x’= ¬ x y’=y x’=x y’= ¬ y (= means ) F,T F,F T,T T,F
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
An Extremely Simple Example Assume that we want to check if this transition system satisfies the property AG( ¬ x ¬ y) Instead of checking AG( ¬ x ¬ y) we can check EF(x y) Since AG( ¬ x ¬ y) ¬ EF(x y) I AG( ¬ x ¬ y) if and only if I EF(x y) = If we find an initial state which satisfies EF(x y) (i.e., there exists a path from an initial state where eventually x and y both become true at the same time) Then we conclude that the property AG( ¬ x ¬ y) does not hold for this transition system If there is no such initial state, then property AG( ¬ x ¬ y) holds for this transition system
Background image of page 4
An Extremely Simple Example Given p x y, compute EX(p) EX(p) 5 V’ R p[V’ / V] 5 V’ R x’ y’ 5 V’ (x’= ¬ x y’=y x’=x y’= ¬ y ) x’ y’ 5 V’ (x’= ¬ x y’=y) x’ y’ (x’=x y’= ¬ y) x’ y’ 5 V’ ¬ x y x’ y’ x ¬ y x’ y’ ¬ x y x ¬ y EX(x y) ¬ x y x ¬ y In other words EX({(T,T)}) {(F,T), (T,F)} F,T F,F T,T T,F
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
An Extremely Simple Example Let’s compute compute EF(x y) The fixpoint sequence is False, x y , x y EX(x y) , x y EX (x y EX(x y)) , . .. If we do the EX computations, we get: False, x y , x y ¬ x y x ¬ y, True EF(x y) True {(F,F),(F,T), (T,F),(T,T)} This transition system violates the property AG( ¬ x ¬ y) since it has an initial state that satisfies the property EF(x y) F,T F,F T,T T,F 0 1 2 3 1 2 3
Background image of page 6
Bounded Model Checking Represent sets of states and the transition relation as Boolean logic formulas Instead of computing the fixpoints, unroll the transition relation up to certain fixed bound and search for violations of the property within that bound Transform this search to a Boolean satisfiability problem and solve it using a SAT solver
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Same Extremely Simple Example Variables: x, y: boolean Set of states: S = {(F,F), (F,T), (T,F), (T,T)} S True Initial condition:
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 33

l16 - CS 267 Automated Verification Lecture 16 Bounded...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online