This preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: SMTbased Model Checking Cesare Tinelli The University of Iowa. Formal Techniques Summer School Atherton, CA, May 2011 – p.1/44 Modeling Computational Systems Software or hardware systems can be often represented as a state transition system M = ( S , I , T , L ) where • S is a set of states • I ⊆ S is a set of initial states • T ⊆ S × S is a (righttotal) transition relation • L : S → 2 Pr is a labeling function where Pr is a set of base predicates in some logic Typically, the base predicates denote variablevalue pairs x = v Atherton, CA, May 2011 – p.2/44 Model Checking Software or hardware systems can be often represented as a state transition system , or model , M = ( S , I , T , L ) M is a model both in 1. an engineering sense: a mockup of the real system and 2. a mathematical logic sense: a Kripke structure in some modal logic Atherton, CA, May 2011 – p.3/44 Model Checking Software or hardware systems can be often represented as a state transition system , or model , M = ( S , I , T , L ) M is a model both in 1. an engineering sense: we can analyze and check M instead of the real system and 2. a mathematical logic sense: we can make the analysis formal and rely on (semi)automated tools Atherton, CA, May 2011 – p.3/44 Model Checking The functional properties of a computational system can be expressed as temporal properties • for a suitable model M = ( S , I , T , L ) of the system • in a suitable temporal logic Atherton, CA, May 2011 – p.4/44 Model Checking The functional properties of a computational system can be expressed as temporal properties • for a suitable model M = ( S , I , T , L ) of the system • in a suitable temporal logic Two main classes of properties: • Safety properties : nothing bad ever happens • Liveness properties : something good eventually happens Atherton, CA, May 2011 – p.4/44 Model Checking The functional properties of a computational system can be expressed as temporal properties • for a suitable model M = ( S , I , T , L ) of the system • in a suitable temporal logic Two main classes of properties: • Safety properties : nothing bad ever happens • Liveness properties : something good eventually happens We will focus on checking safety in this talk Atherton, CA, May 2011 – p.4/44 Talk Roadmap • Checking safety properties • Logicbased model checking • Satisfiability Modulo Theories • theories • solvers • SMTbased model checking • main approaches • kInduction • basic method • enhancements Atherton, CA, May 2011 – p.5/44 Safety Properties Let M = ( S , I , T , L ) be a transition system The set R of reachable states (of M ) is the smallest subset of S satisfying the following constraints 1. I ⊆ R (initial states are reachable) 2. R ⊲⊳ T ⊆ R ( Tsuccessors of reachable states are reachable) M is safe wrt a state property P ⊆ S iff P ∩ R = ∅ A state property P is invariant (for M ) iff R ⊆ P Note: M is safe wrt P iff P = S \ P is invariant Atherton, CA, May 2011 – p.6/44 Example: Resettable Counter...
View
Full Document
 Spring '11
 MartinRinard
 Logic, Inductive Reasoning, formal methods, Boolean satisfiability problem, model checking, Atherton

Click to edit the document details