Tinelli

# Tinelli - SMT-based Model Checking Cesare Tinelli The...

This preview shows pages 1–10. Sign up to view the full content.

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: SMT-based Model Checking Cesare Tinelli The University of Iowa. Formal Techniques Summer School Atherton, CA, May 2011 – p.1/44 Modeling Computational Systems Software or hardware systems can be often represented as a state transition system M = ( S , I , T , L ) where • S is a set of states • I ⊆ S is a set of initial states • T ⊆ S × S is a (right-total) transition relation • L : S → 2 Pr is a labeling function where Pr is a set of base predicates in some logic Typically, the base predicates denote variable-value pairs x = v Atherton, CA, May 2011 – p.2/44 Model Checking Software or hardware systems can be often represented as a state transition system , or model , M = ( S , I , T , L ) M is a model both in 1. an engineering sense: a mock-up of the real system and 2. a mathematical logic sense: a Kripke structure in some modal logic Atherton, CA, May 2011 – p.3/44 Model Checking Software or hardware systems can be often represented as a state transition system , or model , M = ( S , I , T , L ) M is a model both in 1. an engineering sense: we can analyze and check M instead of the real system and 2. a mathematical logic sense: we can make the analysis formal and rely on (semi)automated tools Atherton, CA, May 2011 – p.3/44 Model Checking The functional properties of a computational system can be expressed as temporal properties • for a suitable model M = ( S , I , T , L ) of the system • in a suitable temporal logic Atherton, CA, May 2011 – p.4/44 Model Checking The functional properties of a computational system can be expressed as temporal properties • for a suitable model M = ( S , I , T , L ) of the system • in a suitable temporal logic Two main classes of properties: • Safety properties : nothing bad ever happens • Liveness properties : something good eventually happens Atherton, CA, May 2011 – p.4/44 Model Checking The functional properties of a computational system can be expressed as temporal properties • for a suitable model M = ( S , I , T , L ) of the system • in a suitable temporal logic Two main classes of properties: • Safety properties : nothing bad ever happens • Liveness properties : something good eventually happens We will focus on checking safety in this talk Atherton, CA, May 2011 – p.4/44 Talk Roadmap • Checking safety properties • Logic-based model checking • Satisfiability Modulo Theories • theories • solvers • SMT-based model checking • main approaches • k-Induction • basic method • enhancements Atherton, CA, May 2011 – p.5/44 Safety Properties Let M = ( S , I , T , L ) be a transition system The set R of reachable states (of M ) is the smallest subset of S satisfying the following constraints 1. I ⊆ R (initial states are reachable) 2. R ⊲⊳ T ⊆ R ( T-successors of reachable states are reachable) M is safe wrt a state property P ⊆ S iff P ∩ R = ∅ A state property P is invariant (for M ) iff R ⊆ P Note: M is safe wrt P iff P = S \ P is invariant Atherton, CA, May 2011 – p.6/44 Example: Resettable Counter...
View Full Document

{[ snackBarMessage ]}

### Page1 / 90

Tinelli - SMT-based Model Checking Cesare Tinelli The...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online