This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: 4/12/2011 1 CSE503: SOFTWARE ENGINEERING MODEL CHECKING David Notkin Spring 2011 Two Approaches to Model Checking 2 Explicit represent all states Use conventional statespace search Reduce state space by folding equivalent states together Symbolic represent sets of states using boolean formulae Reduce huge state spaces by considering large sets of states simultaneously to the first order, this is the meeting of BDDs (binary decision diagrams) and model checking (more later) Convert state machines, logic formulae, etc. to boolean representations Perform state space exploration using boolean operators to perform set operations SAT solvers are often at the base of symbolic model checking 503 11sp UW CSE D. Notkin Example temporal logic properties 503 11sp UW CSE D. Notkin 3 Error states not reached (invariant) AG Err Eventually ack for each request (liveness) AG (Req AF Ack) Always possible to restart machine (possibility) AG EF Restart Representing sets Symbolic model checking needs to represent large sets of states concisely for example, all even numbers between 0 and 127 Explicit representation 0, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126 Implicit (symbolic) representation x (x : least significant bit) The size of the explicit representation grows with the bound, but not so for the implicit representation (in many cases) Need efficient boolean representation 4 503 11sp UW CSE D. Notkin 4/12/2011 2 Binary Decision Diagrams (BDDs) The original and most common representation is binary decision diagrams (BDDs) [Bryant 86] These are directed acyclic graphs evaluated as binary decision trees For the trivial example, these are trivial BDDs: x and x 0 On the right is an example of a BDD for odd ( even ) parity of 4bit numbers 5 x 0 x 1 x 2 x 3 0 1 503 11sp UW CSE D. Notkin What would odd parity look like if 6 the bits in the BDD were ordered in reverse? x 3 x 2 x 1 x Bit order x x 1 x 2 x 3 compute BDD for x 1 x 0 + x 3 x 2 Bit order x x 1 x 2 x 3 compute BDD for x 2 x 0 + x 3 x 1 Bit order x x 1 x 2 x 3 compute BDD for x 1 x 0 * x 3 x 2 Bit order x x 1 x 2 x 3 compute BDD for x 2 x 0 * x 3 x 1 Take 510 minutes with 12 others to work these out 503 11sp UW CSE D. Notkin Efficiency 7 BDD size is often small in practice Some large hardware circuits can be handled Some wellknown limitations: e.g., exponential size for a > bc Few theoretical results known Performance unpredictable When BDDs are manageable in size, model checking is generally efficient 503 11sp UW CSE D. Notkin Symbolic Model Checking Define boolean state variables...
View Full
Document
 Spring '11
 DavidNotikin
 Software engineering

Click to edit the document details