lect-5-model-checking

lect-5-model-checking - 1 CSE503 SOFTWARE ENGINEERING MODEL...

This preview shows pages 1–3. Sign up to view the full content.

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 4/12/2011 1 CSE503: SOFTWARE ENGINEERING MODEL CHECKING David Notkin Spring 2011 Two Approaches to Model Checking 2 Explicit – represent all states Use conventional state-space search Reduce state space by folding equivalent states together Symbolic – represent sets of states using boolean formulae Reduce huge state spaces by considering large sets of states simultaneously – to the first order, this is the meeting of BDDs (binary decision diagrams) and model checking (more later) Convert state machines, logic formulae, etc. to boolean representations Perform state space exploration using boolean operators to perform set operations SAT solvers are often at the base of symbolic model checking 503 11sp © UW CSE • D. Notkin Example temporal logic properties 503 11sp © UW CSE • D. Notkin 3 Error states not reached (invariant) AG ¬Err Eventually ack for each request (liveness) AG (Req AF Ack) Always possible to restart machine (possibility) AG EF Restart Representing sets Symbolic model checking needs to represent large sets of states concisely – for example, all even numbers between 0 and 127 Explicit representation 0, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126 Implicit (symbolic) representation ¬x (x : least significant bit) The size of the explicit representation grows with the bound, but not so for the implicit representation (in many cases) Need efficient boolean representation 4 503 11sp © UW CSE • D. Notkin 4/12/2011 2 Binary Decision Diagrams (BDDs) The original and most common representation is binary decision diagrams (BDDs) [Bryant 86] These are directed acyclic graphs evaluated as binary decision trees For the trivial example, these are trivial BDDs: x and ¬x 0 On the right is an example of a BDD for odd ( even ) parity of 4-bit numbers 5 x 0 x 1 x 2 x 3 0 1 503 11sp © UW CSE • D. Notkin What would odd parity look like if… 6 …the bits in the BDD were ordered in reverse? x 3 x 2 x 1 x Bit order x x 1 x 2 x 3 – compute BDD for x 1 x 0 + x 3 x 2 Bit order x x 1 x 2 x 3 – compute BDD for x 2 x 0 + x 3 x 1 Bit order x x 1 x 2 x 3 – compute BDD for x 1 x 0 * x 3 x 2 Bit order x x 1 x 2 x 3 – compute BDD for x 2 x 0 * x 3 x 1 Take 5-10 minutes with 1-2 others to work these out 503 11sp © UW CSE • D. Notkin Efficiency 7 BDD size is often small in practice Some large hardware circuits can be handled Some well-known limitations: e.g., exponential size for a > bc Few theoretical results known Performance unpredictable When BDDs are manageable in size, model checking is generally efficient 503 11sp © UW CSE • D. Notkin Symbolic Model Checking Define boolean state variables...
View Full Document

{[ snackBarMessage ]}

Page1 / 12

lect-5-model-checking - 1 CSE503 SOFTWARE ENGINEERING MODEL...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online