02291: System Integration Symbolic Model Checking Hubert Baumeister - PowerPoint PPT Presentation

02291: System Integration Symbolic Model Checking Hubert Baumeister huba@dtu.dk DTU Compute Technical University of Denmark Spring 2020

Model Checking M | = φ ◮ Models M are Kripke structures ◮ Formulas φ are Computational Tree Logic (CTL) formulas ◮ Proving: Model checking ◮ How to decide | = ? ◮ Compute [ | φ | ] = { s | M , s | = φ } ◮ Then M | = φ if and only if I ⊆ [ | φ | ]

How to compute [ | φ | ] ? Minimal set of operators CTL formulae can be basically reduced to a. p , ¬ φ , φ ∨ ψ b. EX φ c. EG φ For example ◮ AG φ can be expressed as ¬ EF ¬ φ

How to compute [ | φ | ] ? a [ | p | ] = { s | p ∈ λ ( s ) } for basic propositions p ∈ V b [ |¬ φ | ] = S \ [ | φ | ] c [ | EX φ | ] = R − 1 ([ | φ | ]) = { s | ∃ t : ( s , t ) ∈ R and t ∈ [ | φ | ] } d [ | EG φ | ] = [ | φ | ] ∩ R − 1 ([ | EG φ | ]) ◮ EG φ ⇔ φ ∧ EX EG φ ◮ We are looking for the greatest fixpoint of this equation ◮ Kleene’s fixpoint theorem allows to compute the greatest fixpoint by 1 π 0 = S 2 π 1 = [ | φ | ] ∩ R − 1 ( π 0 ) . . . n π n = [ | φ | ] ∩ R − 1 ( π n − 1 ) → π m is the greatest fixpoint if π m = π m − 1

Greatest fixpoint ∃ S ⊆ N : S = S ∩ { 3 }

Example: EG y π 0 = S

Example: EG y : 1. Iteration π 1 = [ | y | ] ∩ R − 1 ( π 0 )

Example: EG y : 1. Iteration π 1 = [ | y | ] ∩ R − 1 ( π 0 )

Example: EG y : 1. Iteration π 1 = [ | y | ] ∩ R − 1 ( π 0 )

Example: EG y : 1. Iteration π 1 = [ | y | ] ∩ R − 1 ( π 0 )

Example: EG y : 2. Iteration π 2 = [ | y | ] ∩ R − 1 ( π 1 )

Example: EG y : 2. Iteration π 2 = [ | y | ] ∩ R − 1 ( π 1 )

Example: EG y : 2. Iteration π 2 = [ | y | ] ∩ R − 1 ( π 1 )

Example: EG y : 2. Iteration π 2 = [ | y | ] ∩ R − 1 ( π 1 )

Example: EG y : 3. Iteration π 3 = [ | y | ] ∩ R − 1 ( π 2 )

Example: EG y : 3. Iteration π 3 = [ | y | ] ∩ R − 1 ( π 2 )

Example: EG y : 3. Iteration π 3 = [ | y | ] ∩ R − 1 ( π 2 )

Example: EG y : 3. Iteration π 3 = [ | y | ] ∩ R − 1 ( π 2 )

Example: EG y : Conclusion ◮ π 3 = π 2 is the greatest fixpoint ◮ [ | EG y | ] = { s 0 , s 2 , s 4 } , i.e., EG y holds for states s 0 , s 2 , and s 4 ◮ M �| = EG y because I = { s 0 , s 1 } �⊆ [ | EG y | ]

Model checking ◮ Press button technology ◮ Spin, Upaal, . . . ◮ Problems ◮ Finite state space ◮ State explosion ◮ UML and Model checking ◮ State machines � = Kripke structures

Advanced reading ◮ Kenneth L. McMillan’s thesis on ”Symbolic Model Checking” http://www.kenmcmil.com/thesis.html 1999 ◮ E. Clarke, O. Grumberg, D. Peled ”Model Checking” MIT Press1999 ◮ EM Clarke, BH Schlingloff ”Model Checking” Chapter 21 in Handbook of Automated Reasoning - Elsevier Science Publishers BV, Amsterdam, The Netherlands, 2000 http://www2.informatik.hu-berlin.de/˜hs/ Publikationen/2000_Handbook-of-Automated-Reasoning_ Clarke-Schlingloff_Model-Checking.ps ◮ St. Merz ”Model Checking: A Tutorial Overview” http://www.loria.fr/˜merz/papers/mc-tutorial.pdf 2001

Model checker ◮ For model checking UML state machines and UML collaborations ◮ Hugo/RT http: //www.pst.ifi.lmu.de/Forschung/projekte/hugo/index.html ◮ UMC http://fmt.isti.cnr.it/umc ◮ General model checker ◮ nuSMV http://nusmv.fbk.eu/ ◮ Spin http://netlib.bell-labs.com/netlib/spin/whatispin.html ◮ Uppaal http://www.uppaal.com/ ◮ Links to other model checkers http://en.wikipedia.org/wiki/Model_checking