CS 267: Automated Verification
Lecture 17: Predicate Abstraction, CounterExample Guided Abstraction Refinement,
Abstract Interpretation
Instructor: Tevfik Bultan
Model Checking Programs Using Abstraction
Program model checking tools generally rely on aut

CS 267: Automated Verification
Lecture 16: Bounded Model Checking
Instructor: Tevfik Bultan
Remember Symbolic Model Checking
Represent sets of states and the transition relation as
Boolean logic formulas
Fixpoint computation becomes formula manipulation

CS 267: Automated Verification
Lecture 15: Modularity, Interfaces and
Verification
Instructor: Tevfik Bultan
Model Checking Software
Model checking
An automated software verification technique
Exhaustive exploration of the state space of a program
to f

CS 267: Automated Verification
Lecture 14: Infinite State Model Checking,
Arithmetic Constraints, Action Language Verifier
Instructor: Tevfik Bultan
Model Checking View
Every reactive system is represented as a transition
system:
S : The set of states

CS 267: Automated Verification
Lecture 13: Software Verification Using Explicit
State Model Checking, Java Path Finder, CMC
Instructor: Tevfik Bultan
Softwares Chronic Crisis
Large software systems often:
Do not provide the desired functionality
Take to

CS 267: Automated Verification
Lecture 10: LTL Buchi Automata Translation,
Nested Depth First Search
Instructor: Tevfik Bultan
LTL
We are going to discuss LTL to Buchi automata translation
First lets recall LTL semantics
I will also add a new operator

CS 267: Automated Verification
Lecture 9: Automata Theoretic Model Checking
Instructor: Tevfik Bultan
LTL Properties Bchi automata
[Vardi and Wolper LICS 86]
Bchi automata: Finite state automata that accept infinite
strings
The better known variant of f

CS 267: Automated Verification
Lectures 5 and 6: -calculus, symbolic model
checking
Instructor: Tevfik Bultan
-Calculus
-Calculus is a temporal logic which consist of the following:
Atomic properties AP
Boolean connectives: ,
,
Precondition operator:

CS 267: Automated Verification
Lecture 4: Fixpoints and Temporal Properties
Instructor: Tevfik Bultan
What is a Fixpoint (aka, Fixed Point)
Given a function
F : D D
x D is a fixpoint of F
if and only if
F(x) = x
Temporal Properties Fixpoints
[Emerson and

CS 267: Automated Verification
Lecture 3: CTL model checking algorithm,
counter-example generation
Instructor: Tevfik Bultan
Automated Verification of Finite State Systems
[Clarke and Emerson 81], [Queille and Sifakis 82]
CTL Model checking problem: Given

CS 267: Automated Verification
Lecture 3: CTL model checking algorithm,
counter-example generation
Instructor: Tevfik Bultan
Automated Verification of Finite State Systems
[Clarke and Emerson 81], [Queille and Sifakis 82]
CTL Model checking problem: Given

CS 267: Automated Verification
Lectures 1 and 2: Brief Introduction. Transition
Systems. Temporal Logics: LTL, CTL, CTL*
Instructor: Tevfik Bultan
Who are these people and what do they have in
common?
2007 Clarke, Edmund M
2007 Emerson, E Allen
2007 Sifak

CS 267 Spring 2011 Homework Assignment 4
Due Friday, June 3rd
Do not discuss the problems with anyone other than the instructor.
1. Consider a transition system with two states encoded using a single boolean variable x, where
the initial state is x and th

CS 267 Spring 2011 Homework Assignment 3
Due Friday, May 20th
Do not discuss the problems with anyone other than the instructor.
1. Give a Bchi automaton that corresponds to the LTL property GF p.
u
Given the transition system T = (S, I, R) where I = cfw_

CS 267 Spring 2011 Homework Assignment 3
Due Friday, May 20th
Do not discuss the problems with anyone other than the instructor.
1. Give a Bchi automaton that corresponds to the LTL property GF p.
u
Given the transition system T = (S, I, R) where I = cfw_

CS 267 Spring 2011 Homework Assignment 2
Due Friday, April 29th
Do not discuss the problems with anyone other than the instructor.
1. Write the following CTL formulas using xpoints: AFAGp, pEU(AGq ), EGFp, EFGp.
2. Consider the following transition system

CS 267 Spring 2011 Homework Assignment 1
Due Thursday, April 14th
Do not discuss the problems with anyone other than the instructor.
1. Consider the following two transition systems:
M1 = (AP1 , S1 , R1 , I1 , L1 ) with the set of states S1 = cfw_0, 1, 2,