<latexit sha1_base64="P4jUJHo6g1yopyZBD74hiv3LdI=">AIZHicjVRb9NIFD6kXEKW6l4QEhoCBalIa4JYJqVcTSF14QRaIFqanQ2D5xRpnYZjxpG6L8Cn7d/oH9EfvEmWPnRgy7juw5/ubMd75zif1Uq8w2m39fqKxcvHT5SvVq7Y9r12/cvLV6+yhLBibAwyDRifnsywy1ivHQKqvxc2pQ9n2Nn/zevtv/dIomU0n80Q5TPOnLKFYdFUhL0JfVyve2j5GKR1b1vqUqsAOD41o7TkI8zqy0WO8orfd8PcAH2826ULGySuoTsfHV2xSjtsVz63fyNeuM9t+/OxiPx38uMxgMmUD6ySkKo6KuFUln76tHVHqnhGqnOdUJRotU/mok7OfqXZLqHbLqSKDGJeJ0ruOqSw/r5xpiJqkMNWMhOW0Skha5STBUMZzeTmKVl0GAaZWxRGX6fzXdQqNPMubgmGEXIgydGeGuqoXqDeH7paiM4bWHNqa8Z5vFikJacWGV9/yGtNWkMq/dJQYZbt9FYgjNMJZO0Yhwvz9+XWerPR5EsG15hrENxHSrlTa0IYQEAhAHxBisGRrkJDR7xg8aEJK2AmMCDNkKd5HGEONzg7IC8lDEtqjZ0RvxwUa07vjzPh0QFE03YZOCnhc+IRkdxjNVxdfzPn+KsaIuZ3GIa1+wdkn1EKX0P86N/H8v+dcTpYUvuRcFOlMGXFZBgsZdWjV9G5Jv3sOyRPJCumUISsgTBOaIy6GoTWvq8u8y3W7Idk/S4Xd6oH3zj+xGeCaVp9ZjIUzeU9YE15rhLqdCal96yI7mrv8op4x50yhJ3Rvu0zBhzqOMyGsLXrH3K9gj1OmVFNdV8gnj+l28Xo8BYJ3cIFdMCKpFm7f5767majRvfyLaT+cVjPjPFz9keJ70IAW2f1p5IwrH5Bnh+5FBX3OVdHq5n6Zz2lxWZ7R0/VYsJ3MacgonoB97lfM/RAcyXkgc7jpzKvfWMoI4ZS7O2SdlnuC8Iw8M54ZzTmNWK/intf5H6JoR9NOxJ0dwgPKuUkdmuXsVM9nmnKlU45mp3WY/OeQJ6oLQtyd6SB7vtaLyvO6WZ7dfM4Rzum5B4/o7dFvlEw8c0SyJUlZyioM+yZFrfMTuSJTeM5mpgbuW+f9/GVbNo62G97zxvMP2+uv3xRfvSrcg4ewQfPyAl7DWziAQwgq/6Ilc2Vp1f+qV6rlXv5K6VC8WZNVi4qvd/AB3w9Tw=</latexit> Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL 3 COMP 1 5 9 3 Algorithmic Verification Temporal Logics Dr. Liam O’Connor CSE, UNSW (for now) Term 1 2020 1
Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL Reachability Define Reach( A , q ) ⊆ Q as the set of states reachable in A from q . Define Reach( A ) ≡ Reach( A , q 0 ). 2
Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL Reachability Define Reach( A , q ) ⊆ Q as the set of states reachable in A from q . Define Reach( A ) ≡ Reach( A , q 0 ). Exercise Describe the algorithm for computing Reach( A ). 3
Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL Reachability Define Reach( A , q ) ⊆ Q as the set of states reachable in A from q . Define Reach( A ) ≡ Reach( A , q 0 ). Exercise Describe the algorithm for computing Reach( A ). Deadlock or a stuck state is a state q ∈ Q which has no outgoing transitions i.e ∀ a . δ ( q , a ) = ∅ . 4
Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL Deadlock Example Assuming unicast synchronisation: lock( L 1 ) ! lock( L 2 ) ! free 1 p 1 lock( L 1 ) ? unlock( L 1 ) ? p 0 p 2 locked 1 p 3 unlock( L 1 ) ! unlock( L 2 ) ! lock( L 2 ) ! lock( L 1 ) ! free 2 q 1 lock( L 2 ) ? unlock( L 2 ) ? q 0 q 2 q 3 locked 2 unlock( L 2 ) ! unlock( L 1 ) ! Exercise : What is an algorithm to detect deadlock?
Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL Deadlock Example Assuming unicast synchronisation: lock( L 1 ) ! lock( L 2 ) ! free 1 p 1 p 1 lock( L 1 ) ? unlock( L 1 ) ? p 0 p 2 locked 1 locked 1 p 3 unlock( L 1 ) ! unlock( L 2 ) ! lock( L 2 ) ! lock( L 1 ) ! free 2 q 1 q 1 lock( L 2 ) ? unlock( L 2 ) ? q 0 q 2 q 3 locked 2 locked 2 unlock( L 2 ) ! unlock( L 1 ) ! 6
Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL Deadlock Example Assuming unicast synchronisation: lock( L 1 ) ! lock( L 2 ) ! free 1 p 1 p 1 lock( L 1 ) ? unlock( L 1 ) ? p 0 p 2 locked 1 locked 1 p 3 unlock( L 1 ) ! unlock( L 2 ) ! lock( L 2 ) ! lock( L 1 ) ! free 2 q 1 q 1 lock( L 2 ) ? unlock( L 2 ) ? q 0 q 2 q 3 locked 2 locked 2 unlock( L 2 ) ! unlock( L 1 ) ! Exercise : What is an algorithm to detect deadlock? 7
Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL Safety Properties A safety property is an assertion that bad things do not happen. In other words, given some set of states Bad ⊆ Q , we want to check that: Bad ∩ Reach( A ) = ∅ 8
Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL Safety Properties A safety property is an assertion that bad things do not happen. In other words, given some set of states Bad ⊆ Q , we want to check that: Bad ∩ Reach( A ) = ∅ Exercise Give an algorithm to check a safety property. 9
Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL Observations Is use after free a safety property? void foo() { int x, a; int *p = malloc(sizeof(int)); for (x = 10; x > 0; x--) { a = *p; if (x <= 1) { free(p); } } }
Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL Observations Is use after free a safety property? ℓ 0 ℓ 1 malloc void foo() { ℓ 7 ℓ 2 int x, a; int *p = malloc(sizeof(int)); for (x = 10; x > 0; x--) { a = *p; ℓ 3 if (x <= 1) { use free(p); } ℓ 4 } ℓ 5 } free ℓ 6
Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL Observations Is use after free a safety property? ℓ 0 ℓ 1 malloc void foo() { ℓ 7 ℓ 2 int x, a; int *p = malloc(sizeof(int)); for (x = 10; x > 0; x--) { a = *p; ℓ 3 if (x <= 1) { use free(p); } ℓ 4 ∗ } ℓ 5 } free use free OK Free Bad ℓ 6 12
Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL Kripke Structures Definition A labelled automaton is a FA ( Q , q 0 , Σ , δ, F , L ) with an additional labelling function L : Q → 2 P , where P is our atomic propositions. A Kripke structure is a type of labelled automaton where | Σ | = 1, F = Q . Equivalently, we don’t have a notion of actions or final states, and δ : Q → 2 Q . We also require that for any q , δ ( q ) � = ∅ . start terminate q 0 q 1 q 3 stop resume suspend q 2
Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL Kripke Structures Definition A labelled automaton is a FA ( Q , q 0 , Σ , δ, F , L ) with an additional labelling function L : Q → 2 P , where P is our atomic propositions. A Kripke structure is a type of labelled automaton where | Σ | = 1, F = Q . Equivalently, we don’t have a notion of actions or final states, and δ : Q → 2 Q . We also require that for any q , δ ( q ) � = ∅ . start start terminate terminate q 0 q 1 q 3 stop stop resume resume suspend suspend q 2
Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL Kripke Structures Definition A labelled automaton is a FA ( Q , q 0 , Σ , δ, F , L ) with an additional labelling function L : Q → 2 P , where P is our atomic propositions. A Kripke structure is a type of labelled automaton where | Σ | = 1, F = Q . Equivalently, we don’t have a notion of actions or final states, and δ : Q → 2 Q . We also require that for any q , δ ( q ) � = ∅ . { started, running } start start terminate terminate q 0 q 1 q 3 stop stop { stopped } { terminated } resume resume suspend suspend q 2 { suspended, started }
Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL Kripke Structures Definition A labelled automaton is a FA ( Q , q 0 , Σ , δ, F , L ) with an additional labelling function L : Q → 2 P , where P is our atomic propositions. A Kripke structure is a type of labelled automaton where | Σ | = 1, F = Q . Equivalently, we don’t have a notion of actions or final states, and δ : Q → 2 Q . We also require that for any q , δ ( q ) � = ∅ . { started, running } start start terminate terminate q 0 q 1 q 3 stop stop { stopped } { terminated } resume resume suspend suspend q 2 { suspended, started } 16
Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL Traces Definition A trace , also called a behaviour , is the sequence of labels corresponding to a run. For Kripke structures it is necessarily infinite in length. Define Traces( A ) to be all possible infinite traces from q 0 in A . Definition A linear time property is a set of traces, i.e. a subset of (2 P ) ω . We say a Kripke structure A satisfies a property P iff: Traces( A ) ⊆ P 17
Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL LTL Linear temporal logic (LTL) is a logic designed to describe linear time properties. Linear temporal logic syntax We have normal propositional operators: p ∈ P is an LTL formula. If ϕ, ψ are LTL formulae, then ϕ ∧ ψ is an LTL formula. If ϕ is an LTL formula, ¬ ϕ is an LTL formula. 18
Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL LTL Linear temporal logic (LTL) is a logic designed to describe linear time properties. Linear temporal logic syntax We have normal propositional operators: p ∈ P is an LTL formula. If ϕ, ψ are LTL formulae, then ϕ ∧ ψ is an LTL formula. If ϕ is an LTL formula, ¬ ϕ is an LTL formula. We also have modal or temporal operators: If ϕ is an LTL formula, then X ϕ is an LTL formula. If ϕ , ψ are LTL formulae, then ϕ UNTIL ψ is an LTL formula. 19
Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL LTL Semantics in Pictures σ { • } { • } { • } { • } { • } ∅ 20
Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL LTL Semantics in Pictures σ { • } { • } { • } { • } { • } ∅ ¬ • , ¬ • ¬ • , • • , ¬ • • , ¬ • • , ¬ • ¬ • , • 21
Reachability and Safety Trace Semantics and LTL Tree Semantics and CTL* CTL LTL Semantics in Pictures σ { • } { • } { • } { • } { • } ∅ ¬ • , ¬ • ¬ • , • • , ¬ • • , ¬ • • , ¬ • ¬ • , • X ¬ • X • X • X • X ¬ • ?? 22
Recommend
More recommend
