lect-5-model-checking

lect-5-model-checking - 4/12/2011 1 CSE503: SOFTWARE...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 4/12/2011 1 CSE503: SOFTWARE ENGINEERING MODEL CHECKING David Notkin Spring 2011 Two Approaches to Model Checking 2 Explicit represent all states Use conventional state-space search Reduce state space by folding equivalent states together Symbolic represent sets of states using boolean formulae Reduce huge state spaces by considering large sets of states simultaneously to the first order, this is the meeting of BDDs (binary decision diagrams) and model checking (more later) Convert state machines, logic formulae, etc. to boolean representations Perform state space exploration using boolean operators to perform set operations SAT solvers are often at the base of symbolic model checking 503 11sp UW CSE D. Notkin Example temporal logic properties 503 11sp UW CSE D. Notkin 3 Error states not reached (invariant) AG Err Eventually ack for each request (liveness) AG (Req AF Ack) Always possible to restart machine (possibility) AG EF Restart Representing sets Symbolic model checking needs to represent large sets of states concisely for example, all even numbers between 0 and 127 Explicit representation 0, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126 Implicit (symbolic) representation x (x : least significant bit) The size of the explicit representation grows with the bound, but not so for the implicit representation (in many cases) Need efficient boolean representation 4 503 11sp UW CSE D. Notkin 4/12/2011 2 Binary Decision Diagrams (BDDs) The original and most common representation is binary decision diagrams (BDDs) [Bryant 86] These are directed acyclic graphs evaluated as binary decision trees For the trivial example, these are trivial BDDs: x and x 0 On the right is an example of a BDD for odd ( even ) parity of 4-bit numbers 5 x 0 x 1 x 2 x 3 0 1 503 11sp UW CSE D. Notkin What would odd parity look like if 6 the bits in the BDD were ordered in reverse? x 3 x 2 x 1 x Bit order x x 1 x 2 x 3 compute BDD for x 1 x 0 + x 3 x 2 Bit order x x 1 x 2 x 3 compute BDD for x 2 x 0 + x 3 x 1 Bit order x x 1 x 2 x 3 compute BDD for x 1 x 0 * x 3 x 2 Bit order x x 1 x 2 x 3 compute BDD for x 2 x 0 * x 3 x 1 Take 5-10 minutes with 1-2 others to work these out 503 11sp UW CSE D. Notkin Efficiency 7 BDD size is often small in practice Some large hardware circuits can be handled Some well-known limitations: e.g., exponential size for a > bc Few theoretical results known Performance unpredictable When BDDs are manageable in size, model checking is generally efficient 503 11sp UW CSE D. Notkin Symbolic Model Checking Define boolean state variables...
View Full Document

Page1 / 12

lect-5-model-checking - 4/12/2011 1 CSE503: SOFTWARE...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online