Design Verification Model/Property Checking: Computation Tree Logic - - PowerPoint PPT Presentation

design verification
SMART_READER_LITE
LIVE PREVIEW

Design Verification Model/Property Checking: Computation Tree Logic - - PowerPoint PPT Presentation

May 14, 2023 37 likes •320 views

Design Verification Model/Property Checking: Computation Tree Logic Virendra Singh Associate Professor C omputer A rchitecture and D ependable S ystems L ab Department of Electrical Engineering Indian Institute of Technology Bombay

slide-1
SLIDE 1



Design Verification

Model/Property Checking: Computation Tree Logic

Virendra Singh

Associate Professor Computer Architecture and Dependable Systems Lab Department of Electrical Engineering Indian Institute of Technology Bombay

http://www.ee.iitb.ac.in/~viren/ E-mail: viren@ee.iitb.ac.in

EE-709: Testing & Verification of VLSI Circuits

Lecture 32 (07 April 2013)

slide-2
SLIDE 2



07 Apr 2013 EE-709@IITB 2

Linear-Time Temporal Logic

  • LTL formulas are evaluated on paths
  • State of a system satisfies an LTL formula if all the

paths from the given state satisfy it

  • LTL implicitly quantify universally over paths
  • Properties which asserts the existence of a path

cannot be expressed in LTL

  • Negation can partly solve the problem
  • Check whether all paths satisfy the negation of formula
slide-3
SLIDE 3



3

Computation Tree

P,q

r q,r p,q r r r q,r r r

P,q

r q,r

07 Apr 2013 EE-709@IITB

s0 s1 s2

slide-4
SLIDE 4



07 Apr 2013 EE-709@IITB 4

Syntax of CTL

Backus Naur Form

slide-5
SLIDE 5



07 Apr 2013 EE-709@IITB 5

Semantics of CTL

Let M = (S, →, L) be a model for CTL, and s in S, φ a CTL formula. The relation M,s ╞ φ is defined by structural induction on φ.

1 1 2 1 2 1 2 1 2 1 2 2 1

1. , | 2. , | 3. , | , , ( ) 4. , | , , , | 5. , | , , , | , , | 6. , | , , , | , , | 7. , | , , , | , , | M s T M s I M s p iff p L s M s iff M s M s iff M s and M s M s iff M s

  • r M s

M s iff M s whenever M s φ φ φ φ φ φ φ φ φ φ φ φ φ φ = ≠ = ∈ = ¬ ≠ = ∧ = = = ∨ = = = → = =

slide-6
SLIDE 6



07 Apr 2013 EE-709@IITB 6

Semantics of CTL

1 1 1 1 1 1 1 2 3 1 2 3 1 2 3

8. , | , , , . ., ; , | 9. , | , , , . ., ; , | 10. , | , , , ..., , , | 11. , | , , , ..., ; , | 12. , | , , , ...,

i i i i

M s AX iff s s t s s M s M s EX iff s s t s s M s M s AG iff paths s s s s M s M s EG iff path s s s s M s M s AF iff paths s s s s φ φ φ φ φ φ φ φ φ = ∀ → = = ∃ → = = ∀ → → ∀ = = ∃ → → ∀ = = ∀ → → ∃

1 2 3 1 2 3 2 1 1 2 3 2 1

; , | 13. , | , , , ..., ; , | 14. , | [ ], , , ..., , , | , ; , | 15. , | [ ], , , ..., , , | , ; , |

i i i i i i j i i j

M s M s EF iff path s s s s M s M s A U iff paths s s s s M s j i M s M s E U iff path s s s s M s j i M s φ φ φ φ ϕ φ φ φ ϕ φ φ = = ∃ → → ∃ = = ∀ → → → ∀ = ∀ < = = ∃ → → → ∀ = ∀ < =

slide-7
SLIDE 7



07 Apr 2013 EE-709@IITB 7

CTL Formula

AX(f) For all Paths, f holds at the next state. EX(f) There is a path such that f holds at the next state

1 1 1

, | , , , . ., ; , | M s AXf iff s s t s s M s f = ∀ → =

1 1 1

, | , , , . ., ; , | M s EXf iff s s t s s M s f = ∃ → =

slide-8
SLIDE 8



07 Apr 2013 EE-709@IITB 8

CTL Formula

AG(f) : For all paths, f holds at

every node of the path.

EG(f) :There is a path along

which f holds at every state.

AF(f) :For all paths, f

holds eventually.

1 2 3

, | , , , ..., , , |

i i

M s AG iff paths s s s s M s φ φ = ∀ → → ∀ =

1 2 3

, | , , , ..., ; , |

i i

M s EG iff path s s s s M s φ φ = ∃ → → ∀ =

1 2 3

, | , , , ..., ; , |

i i

M s AF iff paths s s s s M s φ φ = ∀ → → ∃ =

slide-9
SLIDE 9



07 Apr 2013 EE-709@IITB 9

CTL Formula

EF(f)

There is a path along which f holds eventually.

A(fUg)

For all paths, f holds until g holds.

E(fUg)

There is a path along which f holds until g holds.

slide-10
SLIDE 10



07 Apr 2013 EE-709@IITB 10

Examples

1. For any state, if a request occurs, then it will eventually be acknowledged

  • AG(requested  AF acknowledged)

2. A process is enabled infinitely often on every computation path

  • AG (AF enabled)
  • 3. Whatever happens, a certain process will eventually

be permanently deadlocked

  • AF (AG deadlock)
  • 4. From every state it is possible to get to a restart state
  • AG (EF restart)
slide-11
SLIDE 11



07 Apr 2013 EE-709@IITB 11

Examples

  • An upward travelling elevator at the second floor

does not change its direction when it has passengers wishing to go to fifth floor

  • AG (floor2 ∧ directionup ∧ ButtonPressed5 

A[directionup U floor5])

  • The elevator can remain idle on the third floor with

its door closed

  • AG (floor3 ∧ idle ∧ doorclosed  EG[floor3 ∧ idle

∧ doorclosed)

slide-12
SLIDE 12



07 Apr 2013 EE-709@IITB 12

Mutual Exclusion: Implementation 2

n1n2 t1n2 t1t2 c1n2 c1t2

s0 s1 s2 s4 s3 s5

n1t2 n1c2 t1c2

s7 s6

t1t2

s9

slide-13
SLIDE 13



07 Apr 2013 EE-709@IITB 13

Mutual Exclusion: Properties

1. Safety – Only one process in the critical section

  • AG ¬(c1 ∧ c2)

2. Liveness – Whenever any process request to enter its critical section, it will eventually be permitted

  • AG (t1  AFc1)
  • 3. Non Blocking

– For every state satisfying n1, there is a successor satisfying t1

  • AG (n1  EX t1)
  • 4. No strict sequencing
  • EF(c1 ∧ E[c1 U (¬ c1 ∧ E [¬ c2 U c1])])

 Pass  Pass  Pass  Pass

slide-14
SLIDE 14



07 Apr 2013 EE-709@IITB 14

Computation Tree Logic - Equivalence

  • ¬ (φ ∧ ψ) Ξ (¬ φ ∨ ¬ ψ)
  • ¬ (φ ∨ ψ) Ξ (¬ φ ∧ ¬ ψ)
  • ¬ E F φ Ξ A G ¬ φ
  • ¬ A F φ Ξ E G ¬ φ
  • ¬ A X φ Ξ E X ¬ φ
  • A F φ Ξ A [ T U φ]
  • E F φ Ξ E [ T U φ]
slide-15
SLIDE 15



07 Apr 2013 EE-709@IITB 15

Computation Tree Logic - Equivalence

[ ] [ ] [ ] [ ] EX A TU E TU E TU A TU AX AF EF AG EF EG AF φ φ φ φ φ φ φ φ φ φ φ φ ≡ ≡ ≡ ≡ ¬ ¬ ¬ ¬ ¬ ¬ ≡ ¬ ¬ ≡ ¬ ≡ ¬

Essential Set: AU, EU, and EX

slide-16
SLIDE 16



07 Apr 2013 EE-709@IITB 16

Adequate Set of CTL Operators

Theorem: A set of temporal connectives in CTL is adequate if, and only if, it contains at least one of {AX, EX}, at least one of {EG, AF, AU} and EU.

slide-17
SLIDE 17



07 Apr 2013 EE-709@IITB 17

Computation Tree Logic - Equivalence

[ ] ( [ ( )] ) A U E U EG φ ϕ ϕ φ ϕ ϕ ≡ ¬ ¬ ¬ ∧ ¬ ∨ ¬

[ ] [ ( ( )) ] [ ( ( )) ] [( ( )) ] ( [ ( ) ) Pr ] A U A U F E U F E U E

  • of

G E U G φ ϕ ϕ φ ϕ ϕ ϕ φ ϕ ϕ ϕ φ ϕ ϕ ϕ φ ϕ ϕ ≡ ¬ ¬ ¬ ∧ ¬ ∧ ≡ ¬ ¬ ¬ ¬ ∧ ¬ ∧ ≡ ¬ ¬ ¬ ∧ ¬ ∨ ¬ ≡ ¬ ¬ ¬ ∧ ¬ ∨ ¬

slide-18
SLIDE 18



07 Apr 2013 EE-709@IITB 18

Other CTL Equivalence

  • 1. [

] [ ]

  • 2. E[

] [ ]

  • 3. [

] [ ( )] [ ( )] [ ( )]

  • 4. E[

] [ ( )] [ ( )] A R E U R A U A W A R E U E U W E R A U A φ ϕ φ ϕ φ ϕ φ ϕ φ ϕ ϕ φ ϕ ϕ φ ϕ ϕ φ ϕ φ ϕ ϕ φ ϕ ϕ φ ϕ ≡ ¬ ¬ ¬ ≡ ¬ ¬ ¬ ≡ ∨ ≡ ¬ ¬ ¬ ∨ ≡ ¬ ¬ ¬ ∧ ¬ ≡ ∨ ≡ ¬ ¬ ¬ ∨ ≡ ¬ [ ( )] U ϕ φ ϕ ¬ ¬ ∧ ¬

slide-19
SLIDE 19



07 Apr 2013 EE-709@IITB 19

Checking CTL Formula

1. find all nodes at which the formula holds 2. determines whether all initial states are contained in the set of nodes Kripke structure  Labeled variables are true, and the missing variables are false  extend this labeling rule to include formulae or subformulae that evaluate true at the node

slide-20
SLIDE 20



07 Apr 2013 EE-709@IITB 20

Checking CTL Formula

  • consider AND and NOT operators
  • if both operand formulas are true at the node, the

resulting AND formula is true at the node and it is labeled at the node

  • If the operand formula is not true (in other words,

it is missing at a node), then the resulting NOT formula is true and it is labeled at the node 

  • nly need to consider EXf, E(fUg), and EG(f)

temporal operators

slide-21
SLIDE 21



07 Apr 2013 EE-709@IITB 21

Checking CTL Formula

  • Algorithm for Checking AF(Φ)

input: a Kripke structure K and a CTL formula EX(Φ).

  • utput: labeling of the states where AF(Φ) holds

Verify_AF(Φ): // check CTL formula AF(Φ) for each state s of K, add label AF(Φ) if Φ is labeled at a all successor of s

slide-22
SLIDE 22



07 Apr 2013 EE-709@IITB 22

Checking CTL Formula: AFΦ

Φ Φ Φ AFΦ AFΦ AFΦ AFΦ AFΦ AFΦ AFΦ

slide-23
SLIDE 23



07 Apr 2013 EE-709@IITB 23

Checking CTL Formula

  • Algorithm for Checking EX(Φ)

input: a Kripke structure K and a CTL formula EX(Φ).

  • utput: labeling of the states where EX(Φ) holds

Verify_EX(Φ): // check CTL formula EX(Φ) for each state s of K, add label EX(Φ) if Φ is labeled at a successor of s

slide-24
SLIDE 24



07 Apr 2013 EE-709@IITB 24

Checking CTL Formula: EXΦ

Φ EXΦ Φ

slide-25
SLIDE 25



07 Apr 2013 EE-709@IITB 25

Checking CTL Formula

Algorithm for Checking E(Φ U Ψ)

  • assume formulas Φ and Ψ have been verified
  • E(Φ U Ψ) is true at a node if there is a path from

the node to a Ψ -labeled node, and at every node along that partial path Φ is labeled but Ψ is not

  • A node satisfies E(Φ U Ψ) if Ψ is labeled at the

node or Φ but not Ψ is labeled at the node and its successor is either labeled Ψ or E(Φ U Ψ)

slide-26
SLIDE 26



07 Apr 2013 EE-709@IITB 26

Checking CTL Formula: E[ΦUΨ]

Φ Ψ Φ E[ΦUΨ] Φ E[ΦUΨ] E[ΦUΨ]

slide-27
SLIDE 27



07 Apr 2013 EE-709@IITB 27

Checking CTL Formula

  • Algorithm for Checking E(Φ U Ψ)

input: a Kripke structure K and a CTL formula E(fUΨ).

  • utput: labeling of the states where E(ΦU Ψ) holds.

Verify_EU(Φ, Ψ): // check CTL formula E(ΦUΨ) 1. M = empty. 2. Add label E(Φ U Ψ) to all states that have label Ψ. Call this set of states L. 3. For every state in L, if there is a predecessor, p, that is not in L and has a label Φ, add label E(Φ U Ψ) to p. Add p to set M. Set M consists of newly added nodes. 4. Set L = M and M = empty. 5. Repeat steps 3 and 4 until L is empty.

slide-28
SLIDE 28



Thank You

07 Apr 2013 EE-709@IITB 28