CDA 5416 : CAV Symbolic CTL Model Checking Hao Zheng Department of - PowerPoint PPT Presentation

CDA 5416 : CAV Symbolic CTL Model Checking Hao Zheng Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu Phone: (813)974-4757 Fax: (813)974-5456 Hao Zheng ( Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu CDA 5416 : CAV 1 / 23

Switching Functions 1 Symbolic Encoding 2 Symbolic Model Checking Algorithms 3 Hao Zheng ( Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu CDA 5416 : CAV 2 / 23

Explicit Algorithms • Transition systems are stored as graphs using hash tables. • States are labeled with appropriate AP/subformlas. • Complexity of model checking algorithms is linear in the structure sizes. • Structure size can be exponential! • Problems • Demand of large amount of memory. • Low performance. Hao Zheng ( Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu CDA 5416 : CAV 3 / 23

Symbolic CTL Model Checking • Idea: reformulate model-checking in a symbolic way. • Concept: represent sets of states and transitions symbolically. • Approach: binary encoding of states + switching functions for sets. • Compact representation of switching functions is possible using binary decision diagrams (BDDs). • Alternative representation is the conjunctive normal form which is the basis for SAT-based model checking. Hao Zheng ( Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu CDA 5416 : CAV 4 / 23

Contents Switching Functions 1 Symbolic Encoding 2 Symbolic Model Checking Algorithms 3 Hao Zheng ( Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu CDA 5416 : CAV 5 / 23

Switching Functions • Let Var = { z 1 , . . . , z m } be a finite set of Boolean variables, m ≥ 0. • An evaluation is a function η : Var → { 0 , 1 } . • Let Eval ( z 1 , . . . , z m ) denote the set of evaluations for z 1 , . . . , z m . • Shorthand [ z 1 = b 1 , . . . , z m = b m ] for η ( z 1 ) = b 1 , . . . , η ( z m ) = b m . • f : Eval ( Var ) → { 0 , 1 } is a switching function for Var = { z 1 , . . . , z m } . • Can be defined by Boolean expressions, i.e. ( z 1 ∨ ¬ z 2 ) ∧ z 3 Hao Zheng ( Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu CDA 5416 : CAV 6 / 23

Switching Functions: Definitions • f 1 ∧ f 2 = min { f 1 , f 2 } • f 1 ∨ f 2 = max { f 1 , f 2 } • f | z i = b i ( z 1 , . . . , z i , . . . , z m ) = f ( z 1 , . . . , b i , . . . , z m ) ( cofactor ). e.g. (( a ∧ b ) ∨ c ) | b =1 = a ∨ c • f | z i = b i ,..., z k = b k = (( f | z i = b i ) . . . ) | z k = b k ( iterated cofactor ). • If f | z i =0 � = f | z i =1 then z i is an essential variable . Hao Zheng ( Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu CDA 5416 : CAV 7 / 23

Switching Functions: Definitions (1) • f = ( ¬ z ∧ f | z =0 ) ∨ ( z ∧ f | z =1 ) ( Shannon expansion ). • ∃ z . f = f | z =0 ∨ f | z =1 ( existential quantification ). e.g. ∃ b . (( a ∧ b ) ∨ c ) = ( c ) ∨ ( a ∨ c ) = a ∨ c • ∀ z . f = f | z =0 ∧ f | z =1 ( universal quantification ). e.g. ∀ b . (( a ∧ b ) ∨ c ) = ( c ) ∧ ( a ∨ c ) = c • f { z ← y } ( s ) = f ( s { y ← z } ) ( rename operator ). Hao Zheng ( Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu CDA 5416 : CAV 8 / 23

Switching Functions − Shannon Expansion f = ( ¬ z 1 ∧ f | z 1 =0 ) ∨ ( z 1 ∧ f | z 1 =1 ) z 1 z 2 z 2 z 3 z 3 z 3 z 3 1 0 1 1 0 0 0 0 Hao Zheng ( Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu CDA 5416 : CAV 9 / 23

Contents Switching Functions 1 Symbolic Encoding 2 Symbolic Model Checking Algorithms 3 Hao Zheng ( Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu CDA 5416 : CAV 10 / 23

Symbolic Representation of TS • Let TS = ( S , → , I , AP , L ) be a “large” finite transition system. Note: the set of actions is irrelevant and has been omitted, i.e., →⊆ S × S . • For n ≥ ⌈ log | S |⌉ , let injective function enc : S → { 0 , 1 } n be the encoding of the states by bit vectors of length n . • Identify: • Each states s ∈ S has an unique enc ( s ) ∈ { 0 , 1 } n . • B ⊆ S by its characteristic function χ B : { 0 , 1 } n → { 0 , 1 } , that is χ B ( enc ( s )) = 1 if and only if s ∈ B . • → ⊆ S × S by the Boolean function ∆ : { 0 , 1 } 2 n → { 0 , 1 } , such that ∆ ( enc ( s ) , enc ( s ′ )) = 1 if and only if s → s ′ . Hao Zheng ( Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu CDA 5416 : CAV 11 / 23

Symbolic Representation of TS: Example a 0 / s 0 s 1 s 3 s 2 b { a , b } • Four states: two Boolean variables needed for encoding, i.e. x 1 , x 2 . Hao Zheng ( Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu CDA 5416 : CAV 12 / 23

Symbolic Representation of TS: Example a 0 / s 0 s 1 s 3 s 2 b { a , b } • State encoding on variables x 1 , x 2 : f S = 1 Hao Zheng ( Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu CDA 5416 : CAV 12 / 23

Symbolic Representation of TS: Example a 0 / s 0 s 1 s 3 s 2 b { a , b } , x ′ 1 , x ′ ) = 1 if and only if s → s ′ • Switching function: ∆( x 1 , x 2 2 � �� � � �� � s s ′ ∆( x 1 , x 2 , x ′ 1 , x ′ ( ¬ x 1 ∧ ¬ x 2 ∧ ¬ x ′ 1 ∧ x ′ 2 ) = 2 ) ( ¬ x 1 ∧ ¬ x 2 ∧ x ′ 1 ∧ x ′ ∨ 2 ) ( ¬ x 1 ∧ x 2 ∧ x ′ 1 ∧ ¬ x ′ ∨ 2 ) ∨ . . . ( x 1 ∧ x 2 ∧ x ′ 1 ∧ x ′ ∨ 2 ) Hao Zheng ( Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu CDA 5416 : CAV 12 / 23

Another Encoding Example request = 1 ready busy * request = 0 * • Boolean variables, x 1 , x 2 . • x 1 ↔ ( request = 1), ¬ x 1 ↔ ( request = 0), x 2 ↔ ( state = ready ), ¬ x 2 ↔ ( state = busy ) Hao Zheng ( Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu CDA 5416 : CAV 13 / 23

Another Encoding Example request = 1 ready busy * request = 0 * • Initial state: state = ready − → x 2 Hao Zheng ( Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu CDA 5416 : CAV 13 / 23

Another Encoding Example request = 1 ready busy * request = 0 * • Transition relation: ( state = ready ∧ request = 1 ∧ state ′ = busy ) ∨ x ′ ) ∆( � x , � = � ¬ ( state = ready ∧ request = 1) ∧ (( state ′ = ready ) ∨ ( state ′ = busy ) � Hao Zheng ( Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu CDA 5416 : CAV 13 / 23

Another Encoding Example request = 1 ready busy * request = 0 * • Transition relation: x ′ ) ( x 2 ∧ x 1 ∧ ¬ x ′ 2 ) ∨ ( ¬ ( x 2 ∧ x 1 ) ∧ ( x ′ 2 ∨ ¬ x ′ ∆( � x , � = 2 )) ( x 2 ∧ x 1 ∧ ¬ x ′ = 2 ) ∨ ( ¬ ( x 2 ∧ x 1 )) ¬ x ′ 2 ∨ ¬ ( x 2 ∧ x 1 ) = Hao Zheng ( Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu CDA 5416 : CAV 13 / 23

Contents Switching Functions 1 Symbolic Encoding 2 Symbolic Model Checking Algorithms 3 Hao Zheng ( Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu CDA 5416 : CAV 14 / 23

Computation of Sat - Review switch (Φ): return { s ∈ S | Post ( s ) ∩ Sat (Ψ) � = ∅ } ; EX Ψ : ∃ (Φ 1 U Φ 2 ) : T := Sat (Φ 2 ); compute the smallest fixed point while { s ∈ Sat (Φ 1 ) \ T | Post ( s ) ∩ T � = ∅ } � = ∅ do let s ∈ { s ∈ Sat (Φ 1 ) \ T | Post ( s ) ∩ T � = ∅ } ; T := T ∪ { s } ; od ; return T ; EG Φ : T := Sat (Φ); compute the greatest fixed point while { s ∈ T | Post ( s ) ∩ T = ∅ } � = ∅ do let s ∈ { s ∈ T | Post ( s ) ∩ T = ∅ } ; T := T \ { s } ; od ; return T ; end switch Hao Zheng ( Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu CDA 5416 : CAV 15 / 23

Symbolic Model Checking • Preimage of state set B : Pre ( B ) = Sat (EX B ). Pre ( B ) = { s ∈ S | Post ( s ) ∩ B � = ∅} • Take a symbolic representation of a transition system (∆ and χ B ). • Pre ( B ) can be symbolically computed as χ EX B ( x ) = ∃ x ′ . ( ∆( x , x ′ ) ∧ χ B ( x ′ ) ) . � �� � � �� � s ′ ∈ Post ( s ) s ′ ∈ B • χ B ( x ′ ) is χ B after renaming the variables x i to their primed copies x ′ i . Hao Zheng ( Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu CDA 5416 : CAV 16 / 23