efficient model checking of safety properties
play

Efficient Model Checking of Safety Properties Timo Latvala - PowerPoint PPT Presentation

Jul 15, 2023 •211 likes •669 views

Efficient Model Checking of Safety Properties Timo Latvala timo.latvala@hut.fi Laboratory for Theoretical Computer Science Helsinki University of Technology Finland Spin 2003 p.1/16 Introduction Safety properties properties

  1. Efficient Model Checking of Safety Properties Timo Latvala timo.latvala@hut.fi Laboratory for Theoretical Computer Science Helsinki University of Technology Finland Spin 2003 – p.1/16

  2. Introduction • Safety properties ≈ “properties with finite counterexamples”. • Uses: • Testing • Program monitoring • Model Checking • Focus: LTL using the automata theoretic approach. • Main problem: translating LTL formulas to finite automata. Spin 2003 – p.2/16

  3. Why safety properties? Treating safety properties as a special case has certain benefits. • Safety properties an “important” subset. Spin 2003 – p.3/16

  4. Why safety properties? Treating safety properties as a special case has certain benefits. • Safety properties an “important” subset. • Explicit state model checking algorithms are somewhat simpler. Spin 2003 – p.3/16

  5. Why safety properties? Treating safety properties as a special case has certain benefits. • Safety properties an “important” subset. • Explicit state model checking algorithms are somewhat simpler. • BDD-based algorithms are faster (linear vs quadratic). Spin 2003 – p.3/16

  6. Why safety properties? Treating safety properties as a special case has certain benefits. • Safety properties an “important” subset. • Explicit state model checking algorithms are somewhat simpler. • BDD-based algorithms are faster (linear vs quadratic). • For methods such as Petri net unfoldings, safety is much simpler. Spin 2003 – p.3/16

  7. Challenges Treating safety as a special case poses some challenges: • Deciding if an LTL formula is a safety formula is PSPACE-complete. Spin 2003 – p.4/16

  8. Challenges Treating safety as a special case poses some challenges: • Deciding if an LTL formula is a safety formula is PSPACE-complete. • Translating a safety LTL formula to finite automaton doubly exponential. Spin 2003 – p.4/16

  9. Challenges Treating safety as a special case poses some challenges: • Deciding if an LTL formula is a safety formula is PSPACE-complete. • Translating a safety LTL formula to finite automaton doubly exponential. • Non-pathological formulas have a singly exponential translation to finite automata. Spin 2003 – p.4/16

  10. Challenges Treating safety as a special case poses some challenges: • Deciding if an LTL formula is a safety formula is PSPACE-complete. • Translating a safety LTL formula to finite automaton doubly exponential. • Non-pathological formulas have a singly exponential translation to finite automata. • Deciding if a formula is pathological is PSPACE-complete. Spin 2003 – p.4/16

  11. Contributions • A new translation algorithm based on an algorithm by Kupferman and Vardi. Spin 2003 – p.5/16

  12. Contributions • A new translation algorithm based on an algorithm by Kupferman and Vardi. • Extensive experimental testing of the implementation. Spin 2003 – p.5/16

  13. Contributions • A new translation algorithm based on an algorithm by Kupferman and Vardi. • Extensive experimental testing of the implementation. • First(?) implementation of a algorithm checking if a formula is pathologic. Spin 2003 – p.5/16

  14. Contributions • A new translation algorithm based on an algorithm by Kupferman and Vardi. • Extensive experimental testing of the implementation. • First(?) implementation of a algorithm checking if a formula is pathologic. • The tool, scheck , can be used with Spin. Spin 2003 – p.5/16

  15. Related Work • Kupferman and Vardi: Algorithms and complexity results. Spin 2003 – p.6/16

  16. Related Work • Kupferman and Vardi: Algorithms and complexity results. • Geilen: Forward version of KV-algorithm. Spin 2003 – p.6/16

  17. Related Work • Kupferman and Vardi: Algorithms and complexity results. • Geilen: Forward version of KV-algorithm. • Berard et al: history variables methods for past TL Spin 2003 – p.6/16

  18. Related Work • Kupferman and Vardi: Algorithms and complexity results. • Geilen: Forward version of KV-algorithm. • Berard et al: history variables methods for past TL • Havelund and Rosu: model checking past TL for finite executions. Spin 2003 – p.6/16

  19. Translation Algorithm • The algorithm creates the finite automaton backwards. Spin 2003 – p.7/16

  20. Translation Algorithm • The algorithm creates the finite automaton backwards. • We start from an empty set of requirements and analyse the satisfaction of subformulas. Spin 2003 – p.7/16

  21. Translation Algorithm • The algorithm creates the finite automaton backwards. • We start from an empty set of requirements and analyse the satisfaction of subformulas. • We only add states for temporal operators (exception: X ). Spin 2003 – p.7/16

  22. Translation Algorithm • The algorithm creates the finite automaton backwards. • We start from an empty set of requirements and analyse the satisfaction of subformulas. • We only add states for temporal operators (exception: X ). • Resulting automaton accepts all informative prefixes. Spin 2003 – p.7/16

  23. Checking Pathologic Safety • Construct A ¬ ψ . Spin 2003 – p.8/16

  24. Checking Pathologic Safety • Construct A ¬ ψ . • Construct deterministic finite automaton B ¬ ψ . Spin 2003 – p.8/16

  25. Checking Pathologic Safety • Construct A ¬ ψ . • Construct deterministic finite automaton B ¬ ψ . • Interpret B ¬ ψ as a Büchi automaton and complement it. Spin 2003 – p.8/16

  26. Checking Pathologic Safety • Construct A ¬ ψ . • Construct deterministic finite automaton B ¬ ψ . • Interpret B ¬ ψ as a Büchi automaton and complement it. • If L ( A ¬ ψ × ¯ B ¬ ψ ) � = ∅ then ψ is pathologic. Spin 2003 – p.8/16

  27. Implementation • The implementation uses BDDs to manage sets. Spin 2003 – p.9/16

  28. Implementation • The implementation uses BDDs to manage sets. • Produces deterministic or non-deterministic automata. Spin 2003 – p.9/16

  29. Implementation • The implementation uses BDDs to manage sets. • Produces deterministic or non-deterministic automata. • Can be connected to Spin. Spin 2003 – p.9/16

  30. Implementation • The implementation uses BDDs to manage sets. • Produces deterministic or non-deterministic automata. • Can be connected to Spin. • Freely available licensed under the GNU GPL. Spin 2003 – p.9/16

  31. Experiments • Randomly generated syntactically safe formulas Spin 2003 – p.10/16

  32. Experiments • Randomly generated syntactically safe formulas • Randomly generated formulas. Spin 2003 – p.10/16

  33. Experiments • Randomly generated syntactically safe formulas • Randomly generated formulas. • Safety formulas from the specification pattern system. Spin 2003 – p.10/16

  34. Experiments • Randomly generated syntactically safe formulas • Randomly generated formulas. • Safety formulas from the specification pattern system. • Model checking tests with Spin. Spin 2003 – p.10/16

  35. Syntactically Safe Formulas 1.4 1.4 7 lbt lbt lbt 1.2 1.2 6 spin spin spin ltl2ba ltl2ba 1 1 5 Transition ratio State ratio Time ratio 0.8 0.8 4 0.6 0.6 3 0.4 0.4 2 0.2 0.2 1 0 0 0 0 10 20 30 0 10 20 30 5 10 15 Formula length Formula length Formula length 250 1.4 1 lbt lbt 1.2 ltl2ba spin spin Producttransition ratio 200 0.8 ltl2ba ltl2ba Productstate ratio 1 Time ratio 150 0.6 0.8 0.6 100 0.4 0.4 50 0.2 0.2 0 0 0 0 10 20 30 0 10 20 30 0 10 20 30 Formula length Formula length Formula length Spin 2003 – p.11/16

  36. General Formulas 1.6 1.4 1.2 Average generation time [s] 1 0.8 0.6 0.4 0.2 4 6 8 10 12 14 16 18 20 22 Formula length Spin 2003 – p.12/16

  37. Specification Pattern Formulas 14 45 scheck states scheck arcs ltl2ba states ltl2ba arcs 40 12 35 10 30 States or arcs States or arcs 25 8 20 6 15 10 4 5 2 0 0 10 20 30 40 0 10 20 30 40 states arcs time [s] product states product arcs ltl2ba 160 348 0.5 3037 15406 lbt 1915 31821 1.2 25134 763203 scheck 144 316 2.1 2481 9806 Spin 2003 – p.13/16

  38. Practical Models model scheck spin states arcs t [s] states arcs t [s] peterson(3) 17476 32343 0.06 21792 45870 0.09 peterson(4) 3254110 709846 20.8 4216030 10315000 37.3 sliding(1,1) 130799 407238 0.9 258456 890026 2.2 sliding(1,2) 518050 1670120 3.9 1027130 3604660 9.8 sliding(2,1) 5447700 18271400 534.7 10794100 39649800 1097.4 erathostenes(50,1) 522 522 0.03 522 522 0.03 erathostenes(60,2) 324 324 0.02 357958 647081 4.0 erathostenes(70,3) 522 522 0.04 2047030 4407400 48.5 erathostenes(80,4) 789 789 0.04 - - - erathostenes(80,5) 847 847 0.04 - - - iprot 7095180 20595400 377.0 16011900 46288600 1006.2 giop 146646 215640 1.8 255105 524493 4.8 Spin 2003 – p.14/16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole Model Checking C Model checking: normally applied to formal state transition systems checks safety and

439 views • 17 slides
Efficient Probabilistic Model Checking of Systems with Ranged Probabilities Khalil Ghorbal 1 , 2

Efficient Probabilistic Model Checking of Systems with Ranged Probabilities Khalil Ghorbal 1 , 2

Introduction Bounded Properties Unbounded Properties Experiments Efficient Probabilistic Model Checking of Systems with Ranged Probabilities Khalil Ghorbal 1 , 2 Parasara Sridhar Duggirala 1 , 3 c 1 Vineet Kahlon 1 Aarti Gupta 1 Franjo Ivan

400 views • 28 slides
Model Checking Lots of Systems Efficient Verification of Temporal Properties in Software Product

Model Checking Lots of Systems Efficient Verification of Temporal Properties in Software Product

Model Checking Lots of Systems Efficient Verification of Temporal Properties in Software Product Lines Andreas Classen, Patrick Heymans, Pierre-Yves Schobbens, Axel Legay, Jean-Franois Raskin (2010) Presented by Laura Walsh 1 Overview 1.

401 views • 28 slides
Towards efficient model checking for variants of ATL under different semantics Wojciech Penczek

Towards efficient model checking for variants of ATL under different semantics Wojciech Penczek

Specification of Strategic Abilities in ATL* Model checking Multi-Valued ATL* Partial order reductions for sATL* Simpler strategies for Timed ATL Conclusions Towards efficient model checking for variants of ATL under different semantics

1.1k views • 88 slides
Liveness Checking as Safety Checking to Find Shortest Counterexamples to Linear Time Properties

Liveness Checking as Safety Checking to Find Shortest Counterexamples to Linear Time Properties

Liveness Checking as Safety Checking to Find Shortest Counterexamples to Linear Time Properties Viktor Schuppan Computer Systems Institute, ETH Z urich http://www.inf.ethz.ch/schuppan/ Defense Thesis ETH 16268 September 28, 2005, Z

382 views • 19 slides
Chapter 4: Regular Properties Principles of Model Checking Christel Baier and Joost-Pieter Katoen

Chapter 4: Regular Properties Principles of Model Checking Christel Baier and Joost-Pieter Katoen

Chapter 4: Regular Properties Principles of Model Checking Christel Baier and Joost-Pieter Katoen 1 Overview Automata on finite words Regular safety propertys bad prefixes constitute a regular language that can be recognized as a

900 views • 38 slides
Scalable Verification of Design with Multiple Properties Rohit Dureja Iowa State University

Scalable Verification of Design with Multiple Properties Rohit Dureja Iowa State University

Scalable Verification of Design with Multiple Properties Rohit Dureja Iowa State University October 23, 2019 Model Checking 2 Model Checking Usually multiple properties to be verified 3 Model Checking Report 4 Model Checking Report

446 views • 9 slides
Verifying Timed Reachability Properties Lecture #17 of Advanced Model Checking Joost-Pieter

Verifying Timed Reachability Properties Lecture #17 of Advanced Model Checking Joost-Pieter

Verifying Timed Reachability Properties Lecture #17 of Advanced Model Checking Joost-Pieter Katoen Lehrstuhl 2: Software Modeling & Verification E-mail: katoen@cs.rwth-aachen.de June 30, 2014 c JPK Advanced model checking Timelock,

720 views • 31 slides
Lecture 4: Checking properties in NuSMV B. Srivathsan Chennai Mathematical Institute Model

Lecture 4: Checking properties in NuSMV B. Srivathsan Chennai Mathematical Institute Model

Lecture 4: Checking properties in NuSMV B. Srivathsan Chennai Mathematical Institute Model Checking and Systems Verification January - April 2016 1 / 43 Outline Module 1: Synchronous Vs Asynchronous composition Module 2: More examples

1.11k views • 90 slides
Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking Checking Checking for Timed Automata Timed Automata Coll C l C ll b llabora orators: t ors: Peter Bulychev, Alexandre David Axel Legay, Marius

725 views • 59 slides
Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree Logic Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge

402 views • 25 slides
On the Decidability of Model-Checking Information Flow Properties Raghavendra K. R. Joint Work:

On the Decidability of Model-Checking Information Flow Properties Raghavendra K. R. Joint Work:

Introduction Noninteference BSPs Results Conclusion On the Decidability of Model-Checking Information Flow Properties Raghavendra K. R. Joint Work: Deepak DSouza, Janardhan Kulkarni, Barbara Sprick, Raveendra Holla Indian Institute of

717 views • 26 slides
Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Concurrency in Go Behavioural type inference Model checking behavioural types Termination checking Summary Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker Types Transform Check safety and

681 views • 67 slides
Temporal Logic and Model Checking Model mathematical structure extracted from hardware or

Temporal Logic and Model Checking Model mathematical structure extracted from hardware or

Temporal Logic and Model Checking Model mathematical structure extracted from hardware or software Temporal logic provides a language for specifying functional properties Model checking checks whether a given property holds

1.56k views • 131 slides
Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model checking historically not the first symbolic model checking approach scales better than original BDD based techniques mostly incomplete in

521 views • 28 slides
CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms

CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms

CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms for ( U ) Counter Examples and witnesses Symbolic Model Checking (Thursday) Binary Decision Trees

740 views • 40 slides
Planning and Optimization E1. Symbolic Search: BDDs Malte Helmert and Gabriele R oger

Planning and Optimization E1. Symbolic Search: BDDs Malte Helmert and Gabriele R oger

Planning and Optimization E1. Symbolic Search: BDDs Malte Helmert and Gabriele R oger Universit at Basel December 15, 2016 Motivation Binary Decision Diagrams BDD Implementation Summary Motivation Motivation Binary Decision Diagrams

930 views • 45 slides
EM over Binary Decision Diagrams for Probabilistic Logic Programs Elena Bellodi Fabrizio Riguzzi

EM over Binary Decision Diagrams for Probabilistic Logic Programs Elena Bellodi Fabrizio Riguzzi

EM over Binary Decision Diagrams for Probabilistic Logic Programs Elena Bellodi Fabrizio Riguzzi ENDIF University of Ferrara, Italy elena.bellodi@unife.it, fabrizio.riguzzi@unife.it Bellodi, Riguzzi (University of Ferrara) EMBLEM 1 / 20

487 views • 20 slides
Various things... Yves-Laurent Kom Samo Ibrahim Almosallam Stephen Roberts University of Oxford

Various things... Yves-Laurent Kom Samo Ibrahim Almosallam Stephen Roberts University of Oxford

Various things... Yves-Laurent Kom Samo Ibrahim Almosallam Stephen Roberts University of Oxford String & membrane GPs Easy to consider a GP over a function and its derivative String GPs easy to construct each GP is conditionally

220 views • 21 slides
Behaviour-Driven Development Writing software that matters Aslak Hellesy - Chief Scientist -

Behaviour-Driven Development Writing software that matters Aslak Hellesy - Chief Scientist -

Behaviour-Driven Development Writing software that matters Aslak Hellesy - Chief Scientist - BEKK Stakeholders Programmers Dual audience 2 Origin and inspiration JBehave Test Driven FIT Dan North Development Ward Chris Matts Kent

492 views • 27 slides
Representing integer multiplication using BDDs Hvard Raddum and Srimathi Varadharajan

Representing integer multiplication using BDDs Hvard Raddum and Srimathi Varadharajan

Representing integer multiplication using BDDs Hvard Raddum and Srimathi Varadharajan Simula@UiB What is a BDD? Can be defined and understood in different ways Only one description given here BDD explained A BDD is a directed acyclic

613 views • 32 slides
Hold The Door! Fingerprinting Your Car Key to Prevent Keyless Entry Car Theft Kyungho Joo*

Hold The Door! Fingerprinting Your Car Key to Prevent Keyless Entry Car Theft Kyungho Joo*

Hold The Door! Fingerprinting Your Car Key to Prevent Keyless Entry Car Theft Kyungho Joo* Wonsuk Choi* Dong Hoon Lee Korea University * Co-first Authors Outline Introduction Attack Model Our Method Evaluation Discussion

627 views • 34 slides
Factor orized E Exact I Inference f for or D Discrete Pr Probabilistic Pr Programs Steven

Factor orized E Exact I Inference f for or D Discrete Pr Probabilistic Pr Programs Steven

Factor orized E Exact I Inference f for or D Discrete Pr Probabilistic Pr Programs Steven Holtzen , Joe Qian, Todd Millstein, Guy Van den Broeck UCLA sholtzen@cs.ucla.edu, qzy@g.ucla.edu, todd@cs.ucla.edu, guyvdb@cs.ucla.edu LAFI 2019 1

564 views • 41 slides
Compiling Bayesian Networks by Symbolic Probability Calculation Based on Zero-suppressed BDDs

Compiling Bayesian Networks by Symbolic Probability Calculation Based on Zero-suppressed BDDs

Compiling Bayesian Networks by Symbolic Probability Calculation Based on Zero-suppressed BDDs Shin-ichi Minato Ken Satoh Taisuke Sato Div. of Computer Science National Institute of Informatics Dept. of Computer Science Hokkaido University

461 views • 6 slides

More recommend