formal verifjcation lecture 6 how ltl model checling works
play

Formal Verifjcation Lecture 6: How LTL Model Checling Works (Potted - PowerPoint PPT Presentation

Dec 09, 2022 •576 likes •793 views

Formal Verifjcation Lecture 6: How LTL Model Checling Works (Potted Version) Jacques Fleuriot jdf@inf.ac.uk Recap Previously: Model Checking CTL formulas Tiis time: Model Checking LTL Language-theoretic viewpoint From

  1. Formal Verifjcation Lecture 6: How LTL Model Checling Works (Potted Version) Jacques Fleuriot jdf@inf.ac.uk

  2. Recap ▶ Previously: ▶ Model Checking CTL formulas ▶ Tiis time: ▶ Model Checking LTL ▶ Language-theoretic viewpoint ▶ From LTL formulas to automata (examples)

  3. LTL Semantics recap S a fjnite set of states a set of initial states transition relation a labelling function Defjnition (Path) Defjnition (Transition System, with S 0 explicit) A transition system M = ⟨ S , S 0 , → , L ⟩ consists of: S 0 ⊆ S → ⊆ S × S L : S → P ( Atom ) such that ∀ s 1 ∈ S . ∃ s 2 ∈ S . s 1 → s 2 A path π in a transition system M = ⟨ S , S 0 , → , L ⟩ is an infjnite sequence of states s 0 , s 1 , ... such that s 0 ∈ S 0 and ∀ i ≥ 0 . s i → s i +1 . Paths are writuen as: π = s 0 → s 1 → s 2 → ...

  4. Tie LTL Model Checling Problem or, equivalently: and each path is infjnitely long hold? LTL model checking seeks to answer the question (with starting Does … so use a language-theoretic approach. hold? Does state s omited): M | = φ = 0 φ ∀ π ∈ Paths ( M ) . π | = i φ means “path at position i satisfjes formula φ ”. where (recall) π | ▶ Tie universal quantifjcation is over the infjnite set of paths ▶ How can we check infjnitely many paths? ▶ CTL: use a fjxed point characterisation of the sets of states ▶ LTL: sets of paths ; a path is a sequences of symbols …

  5. Tie language accepted by a transition system Example: a b c abcccc ababcccccc abababcccccc ababababcccccc ababababababab Fix a transition system M = ⟨ S , S 0 , → , L ⟩ Let us consider the set of states S as an alphabet Σ . Each infjnite path π is then a word in the set Σ ω . Tie set of all paths of M is the language L ( M ) accepted by M .

  6. Tie language accepted by a transition system Example: � b � Fix a transition system M = ⟨ S , S 0 , → , L ⟩ Let us consider the set of states S as an alphabet Σ . Each infjnite path π is then a word in the set Σ ω . Tie set of all paths of M is the language L ( M ) accepted by M . M L ( M ) { abcccc ..., � a ababcccccc ..., abababcccccc ..., � c � ababababcccccc ..., ..., ababababababab .... }

  7. Alternate defjnitions of the language of a transition system and of a Language of an LTL formula formula use Atom as the alphabet instead of the set of states S (see H&R). If the state has a boolean component for each element of Atom , then the defjnitions are equivalent. Let φ be an LTL formula, and S be the set of states of a model with the same set of atomic propositions as φ . Defjne the language L ( φ ) of φ as: L ( φ ) = { π ∈ S ω | π | = 0 φ }

  8. Alternate defjnitions of the language of a transition system and of a Language of an LTL formula H&R). If the state has a boolean component for each element of Atom , then the defjnitions are equivalent. Let φ be an LTL formula, and S be the set of states of a model with the same set of atomic propositions as φ . Defjne the language L ( φ ) of φ as: L ( φ ) = { π ∈ S ω | π | = 0 φ } formula use P ( Atom ) as the alphabet instead of the set of states S (see

  9. Language-theoretic presentation of validity or, equivalently: Does hold? or, equivalently: Does Recall: LTL model checking seeks to answer the question: hold? Using the presentation of transitions systems and formulas as languages , this can now be phrased as: M | = φ = 0 φ ∀ π ∈ Paths ( M ) . π | L ( M ) ⊆ L ( φ ) L ( M ) ∩ L ( φ ) = ∅ where X means S ω − X .

  10. Languages via automata S of the automaton on which some accepting state is visited infjnitely An infjnite word is accepted by a Büchi automaton ifg there is a run set of accepting states S A set of initial states S S transition relation S an alphabet a fjnite set of states S A consists of: S A (non-deterministic) Büchi automaton S Can be represented by a related concept called a Büchi Automaton . cannot be represented by a transition system. No. In general, LTL formulas be described in the same way? ofuen . L ( M ) is defjned in terms of a fjnite state transition system. Can

  11. Languages via automata S of the automaton on which some accepting state is visited infjnitely An infjnite word is accepted by a Büchi automaton ifg there is a run set of accepting states S A set of initial states S S transition relation S an alphabet a fjnite set of states S A consists of: S A (non-deterministic) Büchi automaton S Can be represented by a related concept called a Büchi Automaton . LTL formulas be described in the same way? ofuen . L ( M ) is defjned in terms of a fjnite state transition system. Can No. In general, L ( φ ) cannot be represented by a transition system.

  12. Languages via automata transition relation of the automaton on which some accepting state is visited infjnitely An infjnite word is accepted by a Büchi automaton ifg there is a run set of accepting states set of initial states an alphabet a fjnite set of states S Can be represented by a related concept called a Büchi Automaton . LTL formulas be described in the same way? ofuen . L ( M ) is defjned in terms of a fjnite state transition system. Can No. In general, L ( φ ) cannot be represented by a transition system. A (non-deterministic) Büchi automaton ⟨ S , Σ , → , S 0 , A ⟩ consists of: Σ → ⊆ S × Σ × S S 0 ⊆ S A ⊆ S

  13. Example Bücii automata � � a � � (Can also do them without the error paths.) a U b : � a G a : � � � F a : a b Here, ¬ a means “any symbol that isn’t a ”. States marked with ���� ���� ���� are accepting. ���� ���� � ���� � ���� ���� ���� ���� ¬ a � ���� � ���� ���� ���� ���� ���� � ���� � ���� � ���� ���� ���� ���� ❑ ❑ ❑ ❑ ❑ ¬ a ❑ ���� ���� � For the general construction for any formula φ , see H&R, Section 3.6.3.

  14. LTL Model Checling Idea We reformulated the LTL model checking problem to: Now: 5. Use Fair CTL model checking to check this last property. See H&R. L ( M ) ∩ L ( φ ) = ∅ 1. Observe that L ( φ ) = L ( ¬ φ ) 2. Let A φ be a Büchi automaton such that L ( φ ) = L ( A φ ) . 3. For a suitable notion of composition M ⊗ A of a transition system M and a Büchi automaton A , we have that L ( M ⊗ A ) = L ( M ) ∩ L ( A ) 4. So, to check M | = φ , instead check L ( M ⊗ A ¬ φ ) = ∅

  15. Example: Model Checling LTL formula G p composition is empty. 3. If the language is empty, then we know that G p is satisfjed by Tie next few slides examine this within the context of NuSMV. 1. Construct an automaton A ¬ G p = A F ¬ p for F ¬ p , which takes as input infjnite paths of states of a model M and accepts just those paths that satisfy F ¬ p . 2. Compose A F ¬ p and M and ask whether the language of the M . If not and we exhibit an accepting path, then that path is a counter-example to G p : it both is a path in M and it satisfjes A F ¬ p = A ¬ G p .

  16. Emulating Bücii automata in NuSMV : 0; -- Specification is true just when there are no accepting paths -- LTL expression of acceptance condition: -- Accepting states: {1} as st = 1 occurs infinitely often esac; : 1; st = 1 -- then loop forever more in state 1 st = 0 & !sys.p : 1; -- If ever p is false, transition to state 1 st = 0 & sys.p Here is a transition system and LTL formula emulating a Büchi -- loop in state 0 if p is always true next(st) := case init(st) := 0; ASSIGN st : { 0, 1 }; VAR MODULE formula(sys) -- A 2 state automaton for F ! p. LTLSPEC ! G F st = 1; automaton A F ¬ p for checking F ¬ p :

  17. Composing Bücii automaton and transition system st = 1 : 1; m : model; VAR MODULE main -- p := TRUE p := st = 0 | st = 1; DEFINE esac; st = 2 : 2; st = 0 : {1,2}; Tiis composition checks LTL property G p of the model: next(st) := case init(st) := 0; ASSIGN st : 0..2; VAR MODULE model A model M with 2 alternative definitions of a state property p -- f : formula(m);

  18. Model Checling Results 1 m.st = 2 Tie acceptance condition for a run in this composition is just the -> State: 1.5 <- -> State: 1.4 <- -- Loop starts here f.st = 1 -> State: 1.3 <- -- Loop starts here m.p = FALSE -> State: 1.2 <- With this defjnition in the model: m.p = TRUE f.st = 0 m.st = 0 -> State: 1.1 <- Trace Type: Counterexample -- as demonstrated by the following execution sequence -- specification !( G ( F st = 1)) IN f is false we get: p := st = 0 | st = 1; acceptance condition for a run of the formula automaton.

  19. Model Checling Results 2 With this defjnition in the model: p := TRUE; we get: -- specification !( G ( F st = 1)) IN f is true

  20. [BDDs are] one of the only really fundamental data Summary structures that came out in the last twenty-fjve years. — Donald Knuth “Fun with Binary Decision Diagrams” ▶ LTL Model Checking (H&R 3.6.2, 3.6.3) ▶ Transition systems and formulas as languages ▶ Formulas as Büchi automata ▶ Simulating Büchi automata in NuSMV ▶ Next time: Binary Decision Diagrams

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal Verifjcation Lecture 1: Introduction to Model Checling and Temporal Logic Jacques

Formal Verifjcation Lecture 1: Introduction to Model Checling and Temporal Logic Jacques

Formal Verifjcation Lecture 1: Introduction to Model Checling and Temporal Logic Jacques Fleuriot jdf@inf.ed.ac.uk Acknowledgement: Adapted from original material by Paul Jackson, including some additions by Bob Atkey. Formal Verifjcation

381 views • 35 slides
Formal Verifjcation Lecture 2: Linear Temporal Logic Jacques Fleuriot jdf@inf.ed.ac.uk Recap

Formal Verifjcation Lecture 2: Linear Temporal Logic Jacques Fleuriot jdf@inf.ed.ac.uk Recap

Formal Verifjcation Lecture 2: Linear Temporal Logic Jacques Fleuriot jdf@inf.ed.ac.uk Recap Previously: Model Checking, and an informal introduction to LTL Tiis time: Linear Temporal Logic Syntax Semantics Equivalences

228 views • 21 slides
Formal Verifjcation Lecture 7: Introduction to Binary Decision Diagrams (BDDs) Jacques Fleuriot

Formal Verifjcation Lecture 7: Introduction to Binary Decision Diagrams (BDDs) Jacques Fleuriot

Formal Verifjcation Lecture 7: Introduction to Binary Decision Diagrams (BDDs) Jacques Fleuriot jdf@inf.ac.uk Diagrams from Huth &amp; Ryan, 2nd Ed. Recap Previously: CTL and LTL Model Checking algorithms Tiis time: Binary

232 views • 21 slides
Formal Verifjcation Lecture 5: Computation Tree Logic (CTL) Jacques Fleuriot 1 jdf@inf.ac.uk

Formal Verifjcation Lecture 5: Computation Tree Logic (CTL) Jacques Fleuriot 1 jdf@inf.ac.uk

Formal Verifjcation Lecture 5: Computation Tree Logic (CTL) Jacques Fleuriot 1 jdf@inf.ac.uk 1With thanks to Bob Atkey for some of the diagrams. Recap Previously: Linear-time Temporal Logic Tiis time: A branching-time logic:

723 views • 35 slides
Formal Verifjcation Lecture 8: Operations on Binary Decision Diagrams (BDDs) Jacques Fleuriot

Formal Verifjcation Lecture 8: Operations on Binary Decision Diagrams (BDDs) Jacques Fleuriot

Formal Verifjcation Lecture 8: Operations on Binary Decision Diagrams (BDDs) Jacques Fleuriot jdf@inf..ac.uk Diagrams from Huth &amp; Ryan, LiCS, 2nd Ed. Recap reduce , apply , restrict , exists Previously: (Reduced, Ordered) Binary

567 views • 33 slides
Interactive Formal Verifjcation Welcome Dr. Dominic P. Mulligan Programming, Logic, and

Interactive Formal Verifjcation Welcome Dr. Dominic P. Mulligan Programming, Logic, and

Interactive Formal Verifjcation Welcome Dr. Dominic P. Mulligan Programming, Logic, and Semantics Group, University of Cambridge Academic year 20172018 1 Administrivia Course usually lectured by Prof. Lawrence Paulson Sabattical leave

335 views • 32 slides
Program Verifjcation While Loops Alice Gao Lecture 20 Based on work by J. Buss, L. Kari, A.

Program Verifjcation While Loops Alice Gao Lecture 20 Based on work by J. Buss, L. Kari, A.

1/33 Program Verifjcation While Loops Alice Gao Lecture 20 Based on work by J. Buss, L. Kari, A. Lubiw, B. Bonakdarpour, D. Maftuleac, C. Roberts, R. Trefmer, and P. Van Beek 2/33 Outline Program Verifjcation: While Loops Learning Goals

351 views • 33 slides
Lecture A Motivation The model, informally The formal model Other thoughts February

Lecture A Motivation The model, informally The formal model Other thoughts February

Lecture A Motivation The model, informally The formal model Other thoughts February 6, 2009 ECS 235B Winter Quarter 2009 Slide #A-1 Matt Bishop, UC Davis Overview What is recordation? Why do it electronically? Models

946 views • 47 slides
Railway Infrastructure Verifjcation and RDFox Bjrnar Luteberget / Christian Johansen July 4,

Railway Infrastructure Verifjcation and RDFox Bjrnar Luteberget / Christian Johansen July 4,

Railway Infrastructure Verifjcation and RDFox Bjrnar Luteberget / Christian Johansen July 4, 2016 1 / 19 Railway verifjcation and formal methods Railway systems: large-scale, safety-critical infrastructure High safety requirements:

336 views • 19 slides
Program Verifjcation Array Assignments Alice Gao Lecture 21 Based on work by J. Buss, L. Kari,

Program Verifjcation Array Assignments Alice Gao Lecture 21 Based on work by J. Buss, L. Kari,

1/14 Program Verifjcation Array Assignments Alice Gao Lecture 21 Based on work by J. Buss, L. Kari, A. Lubiw, B. Bonakdarpour, D. Maftuleac, C. Roberts, R. Trefmer, and P. Van Beek 2/14 Outline Program Verifjcation: Array Assignments

176 views • 14 slides
Spatial forecast verifjcation Manfred Dorninger University of Vienna Vienna, Austria

Spatial forecast verifjcation Manfred Dorninger University of Vienna Vienna, Austria

Spatial forecast verifjcation Manfred Dorninger University of Vienna Vienna, Austria manfred.dorninger@univie.ac.at Thanks to: B. Ebert, B. Casati, C. Keil 7 th Verifjcation T utorial Course, Berlin, 3-6 May, 2017 Motivation: Model

825 views • 81 slides
Lecture 3: Model-Free Policy Evaluation: Policy Evaluation Without Knowing How the World Works 1

Lecture 3: Model-Free Policy Evaluation: Policy Evaluation Without Knowing How the World Works 1

Lecture 3: Model-Free Policy Evaluation: Policy Evaluation Without Knowing How the World Works 1 Emma Brunskill CS234 Reinforcement Learning Winter 2019 1 Material builds on structure from David SIlvers Lecture 4: Model-Free Prediction. Other

659 views • 62 slides
Lecture 3: Model-Free Policy Evaluation: Policy Evaluation Without Knowing How the World Works 1

Lecture 3: Model-Free Policy Evaluation: Policy Evaluation Without Knowing How the World Works 1

Lecture 3: Model-Free Policy Evaluation: Policy Evaluation Without Knowing How the World Works 1 Emma Brunskill CS234 Reinforcement Learning Winter 2020 1 Material builds on structure from David SIlvers Lecture 4: Model-Free Prediction. Other

672 views • 56 slides
Lecture 3: Policy Evaluation Without Knowing How the World Works / Model Free Policy Evaluation

Lecture 3: Policy Evaluation Without Knowing How the World Works / Model Free Policy Evaluation

Lecture 3: Policy Evaluation Without Knowing How the World Works / Model Free Policy Evaluation CS234: RL Emma Brunskill Winter 2018 Material builds on structure from David SIlvers Lecture 4: Model-Free Prediction:

796 views • 60 slides
Decision Procedures and Verifjcation NAIL094 Petr Kuera Charles University 2019/20 (5th

Decision Procedures and Verifjcation NAIL094 Petr Kuera Charles University 2019/20 (5th

Decision Procedures and Verifjcation NAIL094 Petr Kuera Charles University 2019/20 (5th lecture) Petr Kuera (Charles University) Decision Procedures and Verifjcation 2019/20 (5th lecture) 1 / 47 Solvers based on stochastic (local)

1.25k views • 97 slides
Verifjcation of Categorical Forecasts The Contingency T able Laurence Wilson

Verifjcation of Categorical Forecasts The Contingency T able Laurence Wilson

Verifjcation of Categorical Forecasts The Contingency T able Laurence Wilson laurence.Wilson@sympatico.ca Co-chair, WMO Joint Working Group on Forecast Verifjcation Research (JWGFVR) Outline What defjnes an event Hits,

270 views • 24 slides
Complexity of Validity of Backround Propositional Dependence Logics Propositional logics Team

Complexity of Validity of Backround Propositional Dependence Logics Propositional logics Team

Complexity of Validity of Propositional Dependence Logics Jonni Virtema Complexity of Validity of Backround Propositional Dependence Logics Propositional logics Team semantics Modal dependence Jonni Virtema logic Complexity Japan

801 views • 30 slides
Self-Learned Formula Synthesis in Set Theory Chad E. Brown Thibault Gauthier Czech Technical

Self-Learned Formula Synthesis in Set Theory Chad E. Brown Thibault Gauthier Czech Technical

Self-Learned Formula Synthesis in Set Theory Chad E. Brown Thibault Gauthier Czech Technical University in Prague. This work has been supported by the European Research Council (ERC) grant AI4REASON no. 649043 under the EU-H2020 programme.

782 views • 21 slides
CS256/Winter 2009 Lecture #12 Zohar Manna Chapter 5 Algorithmic Verification (of General

CS256/Winter 2009 Lecture #12 Zohar Manna Chapter 5 Algorithmic Verification (of General

CS256/Winter 2009 Lecture #12 Zohar Manna Chapter 5 Algorithmic Verification (of General Formulas) 12-1 Algorithmic Verification of Finite-state Systems Given finite-state program P , i.e., each x V assumes only finitely many values in

740 views • 39 slides
Foundations of AI 9. Predicate Logic Syntax and Semantics, Normal Forms, Herbrand Expansion

Foundations of AI 9. Predicate Logic Syntax and Semantics, Normal Forms, Herbrand Expansion

Foundations of AI 9. Predicate Logic Syntax and Semantics, Normal Forms, Herbrand Expansion Wolfram Burgard &amp; Bernhard Nebel Contents Motivation Syntax and Semantics Normal Forms Reduction to Propositional Logic:

577 views • 29 slides
Part I Structured Data Data Representation: I.1 The entity-relationship (ER) data model I.2

Part I Structured Data Data Representation: I.1 The entity-relationship (ER) data model I.2

Inf1-DA 20102011 I: 75 / 118 Part I Structured Data Data Representation: I.1 The entity-relationship (ER) data model I.2 The relational model Data Manipulation: I.3 Relational algebra I.4 Tuple-relational calculus I.5 The SQL query

319 views • 17 slides
INF5140 Specification and Verification of Parallel Systems Logics, lecture 2 Spring 2015

INF5140 Specification and Verification of Parallel Systems Logics, lecture 2 Spring 2015

INF5140 Specification and Verification of Parallel Systems Logics, lecture 2 Spring 2015 February 20, 2015 1 / 37 Introduction Today: we start with the specification language Logic is the specification language for us. There are many

1.04k views • 37 slides
Foundations of Artificial Intelligence 29. Propositional Logic: Basics Malte Helmert and Thomas

Foundations of Artificial Intelligence 29. Propositional Logic: Basics Malte Helmert and Thomas

Foundations of Artificial Intelligence 29. Propositional Logic: Basics Malte Helmert and Thomas Keller University of Basel April 20, 2020 Motivation Syntax Semantics Normal Forms Summary Classification classification: Propositional Logic

546 views • 26 slides
Lecture 9: More on predicate logic Prof. Julia Hockenmaier juliahmr@illinois.edu

Lecture 9: More on predicate logic Prof. Julia Hockenmaier juliahmr@illinois.edu

CS440/ECE448: Intro to Artificial Intelligence Quick upgrade on quizzes Lecture 9: More on predicate logic Prof. Julia Hockenmaier juliahmr@illinois.edu http://cs.illinois.edu/fa11/cs440 The building

481 views • 15 slides

More recommend