automated reasoning ltl model checking
play

Automated Reasoning LTL Model Checking Alan Bundy Automated - PowerPoint PPT Presentation

Jan 28, 2024 •366 likes •639 views

Automated Reasoning LTL Model Checking Alan Bundy Automated Reasoning LTL Model Checking Lecture 9, page 1 Introduction So far we have looked at theorem proving Powerful, especially where good sets of rewrite rules or decision procedures

  1. Automated Reasoning LTL Model Checking Alan Bundy Automated Reasoning LTL Model Checking Lecture 9, page 1

  2. Introduction So far we have looked at theorem proving Powerful, especially where good sets of rewrite rules or decision procedures have been defined But often requires interactive guidance or specialised domain knowledge to automate Another approach to formal reasoning is model checking Used to decide whether certain properties hold of some formally specified model of a domain Automatic technique which searches through the states of the model for a solution Automated Reasoning LTL Model Checking Lecture 9, page 2

  3. Motivation Model checking can be applied to verify formally the correctness of systems used in critical situations Successfully used in hardware and protocol verification Now being applied to verify software systems software commonly tested through trial and error at unit level and systems level (simulation) major errors can and do and do slip through classic testing modes were never meant to be applied to multi- threaded systems Automated Reasoning LTL Model Checking Lecture 9, page 3

  4. Systems Design requirements Ideally we should build systems engineering models to analyse Finding errors potential violations of a systems design earlier means systems requirements high level architecture cost savings later and not progress until and more our models are provably reliable product. detailed design correct. code structure coding We should only be testing minor issues here. testing operation Automated Reasoning LTL Model Checking Lecture 9, page 4

  5. Formal Verification To ensure correct behaviour of a system, the basic engineering approach could be: requirements → logic prototype → logic model analysis → formal verification Theorem Proving or Model Checking Automated Reasoning LTL Model Checking Lecture 9, page 5

  6. Model Checking We build a formal model A A f or a given problem or system (e.g. a bank ATM machine) Let ℒ (A) denote the possible behaviours Let ℒ (P) denote the set of valid or desired behaviours (i.e. those where some property P P is satisfied) To show that the model A always satisfies P , it is sufficient to show that: ℒ (A) ⊆ ℒ (P) Or, equivalently: ℒ (A) ∩ ℒ ( ¬ P) = ∅ Model checkers will try to prove this. If the intersection is non-empty, they will find some behaviour which corresponds to a counterexample. Automated Reasoning LTL Model Checking Lecture 9, page 6

  7. Temporal Model Checking In most systems the truth of certain formulae is dynamic So model checking is based on temporal logic Various temporal logics exist: computation tree logic (CTL): time represented as a tree, rooted at the present moment and branching out into the future linear-time temporal logic (LTL): time is a set of paths, where a path is a sequence of time instances we will be looking at a model checker called Spin Spin which is based on LTL LTL is closely linked with the theory of finite state automata, which we can use to model systems Automated Reasoning LTL Model Checking Lecture 9, page 7

  8. Finite State Automata A finite state automaton is a tuple ( S , s 0 , L , T , F ) where: S is a finite set of states s 0 is a distinguished initial state, s 0 ∈ S L is a finite set of labels (sometimes called the alphabet) T is a set of transitions, T ⊆ ( S x L x S ) F is a set of final states, F ⊆ S In dot notation, given an automaton A A.S is the set of states of A A. s 0 is the initial state of A etc Automated Reasoning LTL Model Checking Lecture 9, page 8

  9. Example of FSA  0  4 A = ( S, s 0 , L, F, T ) S 0 S 1 S 4 A.S = { s 0 , s 1 , s 2 , s 3 , s 4 , s 5 }  2  6  1  3 A.L = {  0 ,  1 ,  2 ,  3 ,  4 ,  5 ,  6 }  5 A.F = { s 4 , s 5 } S 3 S 2 S 5 A.T = { (s 0 ,  0 , s 1 ), (s 1 ,  1 , s 2 ), ... } card cancel - inserted Enter card out Thanks, Welcome PIN Goodbye An interpretation of the above automaton could be a sufficient funds - wrong simplified example of a bank correct cash and card out ack ATM machine: problem - Try card out Amount? Sorry again Automated Reasoning LTL Model Checking Lecture 9, page 9

  10. Determinism A finite state automaton A = ( S, s 0 , L, F, T) is deterministic iff ∀ s , I, s',s'' . ( s , I , s' ) ∈ A.T ∧ ( s, I,s'' ) ∈ A.T  s' ≡ s'' the destination state is uniquely determined by the source state and the transition label an automaton is called non-deterministic if it does not have this property so the bank machine example is deterministic Automated Reasoning LTL Model Checking Lecture 9, page 10

  11. Automaton Runs A run σ of a finite state automaton ( S,s 0 ,T,L,F ) is an ordered set (possibly infinite) of transitions from T starting at s 0 ( σ 0 =s 0 ): σ = {( σ 0 ,l 0 , σ 1 ), ( σ 1 ,l 1 , σ 2 ), ( σ 2 ,l 2 , σ 3 ), ...} σ uniquely specifies a sequence of states σ i in S and a sequence of labels l i in L (called words or strings). We will write σ i ∈ σ if σ i is contained in any transition in σ (and likewise for l i ). card cancel - inserted Enter card out Thanks, Welcome (infinite) state sequence from a run: PIN Goodbye { Welcome , { Enter PIN , Try again }* } sufficient funds - wrong correct cash and card out ack corresponding word in L is: problem - { card inserted , { wrong , ack }* } Try card out Amount? Sorry again Note : { X }* represents zero or more repetitions of X Automated Reasoning LTL Model Checking Lecture 9, page 11

  12. Acceptance An accepting run of a finite state automaton A is a finite run σ for which the final transition ( σ n-1 ,I n-1 , σ n ) satisfies ∈ A.F (i.e. the run ends in a final state) σ n card cancel - state sequence of an accepting run: inserted Enter card out Thanks, Welcome PIN Goodbye { Welcome, Enter PIN, Amount?, Sorry } sufficient funds - wrong correct cash and card out ack corresponding word in L is: problem - Try card out Amount? Sorry again { card inserted , correct, problem-card out } Automated Reasoning LTL Model Checking Lecture 9, page 12

  13. Accepted Language The language of an automaton A , ℒ (A) , is formally defined as the set of words in A.L that correspond to the set of accepting runs of automaton A. The complete language for this automaton can be card cancel - characterised as follows: inserted Enter card out Thanks, Welcome PIN Goodbye {card inserted, {wrong, ack}*, sufficient funds - wrong correct cash and card out ack {cancel... + {correct, problem - Try card out {sufficient funds... + Amount? Sorry again problem... }}}} + represents a choice * represents zero or more repetitions Automated Reasoning LTL Model Checking Lecture 9, page 13

  14. Infinite Runs Some FSAs permit infinite runs (e.g. bank machine example) This type of FSA is called an ω -automata. We will be considering a special type called B ü chi automata, each of whose infinite runs, σ , can be split into two parts: a set σ + of transitions that are taken finitely many times; a set σ  of transitions that repeat infinitely many times. σ σ  σ + Automated Reasoning LTL Model Checking Lecture 9, page 14

  15. B ü chi Acceptance “Final” states do not make sense for infinite runs. So how can we define acceptance for an ω -automata A? Let A.F denote a set of accepting states We say an infinite run σ is ω -accepting if it passes through an accepting state infinitely often: ∃ i ≥ 0. ( σ i ,l i , σ i+1 ) ∈ σ ∧ σ i ∧ σ i ∈ σ ω ∈ A.F This is known as B ü chi acceptance Automated Reasoning LTL Model Checking Lecture 9, page 15

  16. Decidability Issues Model checking is most interested in the following two properties of B ü chi automata: language emptiness (are there any accepting runs?) language intersection (are there any runs that are accepted by 2 or more automata?) Both properties are formally decidable Spin's model checking is based on these two checks Spin determines if the intersection of the language of a property automaton and a system automaton is empty Properties that can be stated in linear temporal logic (LTL) can be converted into B ü chi automata Automated Reasoning LTL Model Checking Lecture 9, page 16

  17. Linear Temporal Logic We need a clear, concise and unambiguous notation for stating desired properties of systems Propositional linear temporal logic (LTL) gives us this It provides a direct link with the theory of ω -automata Assumes time is discrete discrete LTL is propositional logic + temporal operators We will work with the operators (temporal connectives): NB: there are two  X Next conventions for notation.  F Eventually “LTL” notation is in blue  G Always (used in lecture and Spin). U U “CTL” notation is in red Strong Until (used in Huth & Ryan). W W Weak Until Automated Reasoning LTL Model Checking Lecture 9, page 17

  18. Syntax Well formed formulae (wff) in temporal logic are defined as: true and false are wffs if p is a propositional symbol representing a property which is true or false for any state in our model, then p is a wff if p and q are wff, so are: ¬ p , p ∧ q , p ∨ q , p  q ,  p ,  p ,  p , p U q , p W q if p is a wff, then ( p ) is a wff nothing else is a wff Automated Reasoning LTL Model Checking Lecture 9, page 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Automated Reasoning Model Checking with Spin (III) Alan Bundy Automated Reasoning Model

Automated Reasoning Model Checking with Spin (III) Alan Bundy Automated Reasoning Model

Automated Reasoning Model Checking with Spin (III) Alan Bundy Automated Reasoning Model Checking with Spin (III) Lecture 12, page 1 Outline of Verification Process Objective: form one big automata, which Spin can use for verification.

1.01k views • 25 slides
Automated Reasoning Model Checking with SPIN (II) Alan Bundy Automated Reasoning SPIN (II)

Automated Reasoning Model Checking with SPIN (II) Alan Bundy Automated Reasoning SPIN (II)

Automated Reasoning Model Checking with SPIN (II) Alan Bundy Automated Reasoning SPIN (II) page 1 Verifying Global Properties Assertions can be used to verify a property locally locally For example, place assert(MemReturned) at the

441 views • 25 slides
Automated Reasoning Model Checking with SPIN Alan Bundy Automated Reasoning SPIN Lecture 10,

Automated Reasoning Model Checking with SPIN Alan Bundy Automated Reasoning SPIN Lecture 10,

Automated Reasoning Model Checking with SPIN Alan Bundy Automated Reasoning SPIN Lecture 10, page 1 Model Checking in Practice System behaviour: what is possible in our model? We will use the language Promela to specify behaviour

341 views • 18 slides
Automated Reasoning 6 AI Slides (6e) c Lin Zuoquan@PKU 1998-2020 1 6 6 Automated Reasoning

Automated Reasoning 6 AI Slides (6e) c Lin Zuoquan@PKU 1998-2020 1 6 6 Automated Reasoning

Automated Reasoning 6 AI Slides (6e) c Lin Zuoquan@PKU 1998-2020 1 6 6 Automated Reasoning 6.1 Automated theorem proving 6.2 Forward and backward chaining 6.3 Resolution 6.4 Model checking AI Slides (6e) c Lin Zuoquan@PKU

1.02k views • 97 slides
Automated Reasoning Lecture 3: Tie NuSMV Model Checler Jacques Fleuriot jdf@inf.ed.ac.uk Recap

Automated Reasoning Lecture 3: Tie NuSMV Model Checler Jacques Fleuriot jdf@inf.ed.ac.uk Recap

Automated Reasoning Lecture 3: Tie NuSMV Model Checler Jacques Fleuriot jdf@inf.ed.ac.uk Recap Previously: Model Checking Introduction Linear Temporal Logic Tiis time: An implementation of LTL Model Checking NuSMV NuSMV

442 views • 23 slides
Automated Reasoning: Some Successes and New Challenges Predrag Jani ci c

Automated Reasoning: Some Successes and New Challenges Predrag Jani ci c

What is this talk about? What is automated reasoning? Automated reasoning in propositional logic Automated reasoning in first-order logic Automated reasoning in higher-order logic Automated reasoning in geometry Conclusions Automated

806 views • 52 slides
Automated Reasoning Course Presentation Summary Automated Reasoning Motivations Course Plan

Automated Reasoning Course Presentation Summary Automated Reasoning Motivations Course Plan

Automated Reasoning Automated Reasoning Course Presentation Summary Automated Reasoning Motivations Course Plan Resources Exam Methods Motivations Automated Reasoning Automated reasoning mechanising the reasoning process. reasoning :

159 views • 14 slides
Verifying Automated Reasoning Results Marijn J.H. Heule http://www.cs.cmu.edu/~mheule/15816-f19/

Verifying Automated Reasoning Results Marijn J.H. Heule http://www.cs.cmu.edu/~mheule/15816-f19/

Verifying Automated Reasoning Results Marijn J.H. Heule http://www.cs.cmu.edu/~mheule/15816-f19/ https://github.com/marijnheule/proof-demo Automated Reasoning and Satisfiability, October 10, 2019 1 / 53 Outline Introduction Proof Checking

825 views • 80 slides
Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is

Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is

Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is Model Checking? Model checking is an automated technique that, given a finite-state model of a system and a logical property , systematically

484 views • 36 slides
Automated Reasoning for System Security and Privacy Laura Kovcs Chalmers Automated Reasoning

Automated Reasoning for System Security and Privacy Laura Kovcs Chalmers Automated Reasoning

Chalmers Automated Reasoning for System Security and Privacy Laura Kovcs Chalmers Automated Reasoning for Rigorous Systems Engineering In a vague sense, automated reasoning involves: 1. Representing a problem as a mathematical/logical

696 views • 53 slides
Automated Reasoning Introduction Jacques Fleuriot Automated Reasoning Introduction Lecture 1,

Automated Reasoning Introduction Jacques Fleuriot Automated Reasoning Introduction Lecture 1,

Automated Reasoning Introduction Jacques Fleuriot Automated Reasoning Introduction Lecture 1, page 1 What is it to Reason? Informally, reasoning is: to seek or attain knowledge or truth or the process of drawing conclusions with

876 views • 18 slides
Automated Reasoning 1 Automated Reasoning John Harrison Univ ersit y of Cam bridge

Automated Reasoning 1 Automated Reasoning John Harrison Univ ersit y of Cam bridge

Automated Reasoning 1 Automated Reasoning John Harrison Univ ersit y of Cam bridge What is automated reasoning? Automatic vs. in teractiv e. Successes of the AI and logic approac hes Dev elopmen t of

523 views • 23 slides
Automated Reasoning (what this course is about) AUTOMATED REASONING machine does 'thinking'

Automated Reasoning (what this course is about) AUTOMATED REASONING machine does 'thinking'

0ai Automated Reasoning (what this course is about) AUTOMATED REASONING machine does 'thinking' machine does book-keeping, Krysia Broda user does nothing user does 'thinking'. Room 378 Concerned with GENERAL DEDUCTION - applicable in many

390 views • 5 slides
Introduction to Automated Reasoning and Satisfiability Marijn J.H. Heule

Introduction to Automated Reasoning and Satisfiability Marijn J.H. Heule

Introduction to Automated Reasoning and Satisfiability Marijn J.H. Heule http://www.cs.cmu.edu/~mheule/15816-f19/ Automated Reasoning and Satisfiability, September 3, 2019 1/40 Automated Reasoning Has Many Applications security planning and

1.04k views • 56 slides
13 Automated Reasoning 13.0 Introduction to Weak 13.3 PROLOG and Methods in Theorem

13 Automated Reasoning 13.0 Introduction to Weak 13.3 PROLOG and Methods in Theorem

13 Automated Reasoning 13.0 Introduction to Weak 13.3 PROLOG and Methods in Theorem Automated Reasoning Proving 13.4 Further Issues in 13.1 The General Problem Automated Reasoning Solver and Difference 13.5 Epilogue and Tables

775 views • 51 slides
Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking Checking Checking for Timed Automata Timed Automata Coll C l C ll b llabora orators: t ors: Peter Bulychev, Alexandre David Axel Legay, Marius

725 views • 59 slides
Towards the Promised Land: Globalization Developments in Web Standards Richard Ishida and Addison

Towards the Promised Land: Globalization Developments in Web Standards Richard Ishida and Addison

Towards the Promised Land: Globalization Developments in Web Standards Richard Ishida and Addison Phillips W3C Internationalization Activity Vastly improved or room for improvement? Why the promised land? The promise of a

1.48k views • 68 slides
Practical Techniques for Verification and Validation of Robots Kerstin Eder and with a demo by

Practical Techniques for Verification and Validation of Robots Kerstin Eder and with a demo by

Practical Techniques for Verification and Validation of Robots Kerstin Eder and with a demo by Dejanira Araiza Illan University of Bristol and Bristol Robotics Laboratory Simulation-based testing Why and how? D. Araiza Illan, D. Western, A.

989 views • 52 slides
Symbolic Model Checking 10 20 States and Beyond Burch Clarke McMillan Dill Hwang Seminal

Symbolic Model Checking 10 20 States and Beyond Burch Clarke McMillan Dill Hwang Seminal

The Mu-Calculus Model Checking Example Results Symbolic Model Checking 10 20 States and Beyond Burch Clarke McMillan Dill Hwang Seminal Papers in Verification March 23, 2012 Andrena Francisco Symbolic Model Checking The Mu-Calculus

196 views • 15 slides
Formal Verification, Model Checking Radek Pel anek Introduction Modeling Specification

Formal Verification, Model Checking Radek Pel anek Introduction Modeling Specification

Introduction Modeling Specification Algorithms Conclusions Formal Verification, Model Checking Radek Pel anek Introduction Modeling Specification Algorithms Conclusions Motivation Formal Methods: Motivation examples of what can go

986 views • 74 slides
Evolving HPCToolkit John Mellor-Crummey Department of Computer Science Rice University

Evolving HPCToolkit John Mellor-Crummey Department of Computer Science Rice University

Evolving HPCToolkit John Mellor-Crummey Department of Computer Science Rice University HPCToolkit http://hpctoolkit.org Scalable Tools Workshop 7 August 2017 1 HPCToolkit Workflow profile call path compile & link execution

516 views • 32 slides
Model checking for probabilistic real-time systems Marta Kwiatkowska School of Computer Science

Model checking for probabilistic real-time systems Marta Kwiatkowska School of Computer Science

Model checking for probabilistic real-time systems Marta Kwiatkowska School of Computer Science www.cs.bham.ac.uk/~mzk ETR 2005, Nancy Overview Motivation Probabilistic model checking The models Specification languages

836 views • 58 slides
Welcome! Office Hours will start at 2pm and run until 3pm Please mute your microphone As time

Welcome! Office Hours will start at 2pm and run until 3pm Please mute your microphone As time

I-SHARE ALMA PRIMO VE OFFICE HOURS WILL START SHORTLY Welcome! Office Hours will start at 2pm and run until 3pm Please mute your microphone As time permits, we will respond to questions typed in the chat box, and offline afterwards, as needed

569 views • 19 slides
VIREO@INS-TV13 Search of Small Objects by Topology Matching, Context Modeling, and Pattern Mining

VIREO@INS-TV13 Search of Small Objects by Topology Matching, Context Modeling, and Pattern Mining

VIREO@INS-TV13 Search of Small Objects by Topology Matching, Context Modeling, and Pattern Mining Wei Zhang, Chong-Wah Ngo VIRE O: VIde o RE trie va l g rOup City Unive rsity o f Ho ng K o ng Outlines Introduction Solutions TC:

594 views • 37 slides

More recommend