lecture 4 checking properties in nusmv
play

Lecture 4: Checking properties in NuSMV B. Srivathsan Chennai - PowerPoint PPT Presentation

Aug 20, 2023 •194 likes •1.11k views

Lecture 4: Checking properties in NuSMV B. Srivathsan Chennai Mathematical Institute Model Checking and Systems Verification January - April 2016 1 / 43 Outline Module 1: Synchronous Vs Asynchronous composition Module 2: More examples

  1. Lecture 4: Checking properties in NuSMV B. Srivathsan Chennai Mathematical Institute Model Checking and Systems Verification January - April 2016 1 / 43

  2. Outline ◮ Module 1: Synchronous Vs Asynchronous composition ◮ Module 2: More examples of NuSMV models and properties ◮ Module 3: A problem in concurrency ◮ Module 4: What is a property? 2 / 43

  3. Module 1: Synchronous Vs Asynchronous composition 3 / 43

  4. Acknowledgements: Content in this part of module taken from lecture slides of Prof. Supratik Chakraborty, IIT Bombay 4 / 43

  5. L 1 L 1 L 2 .red L 2 L 2 L 1 .red 5 / 43

  6. L 1 L 1 L 2 .red L 2 L 2 L 1 .red If a light is red , it can stay red for an arbitrary period If it goes yellow , it should become green within one cycle If it is green , it can stay green for an arbitrary period 5 / 43

  7. MODULE light(other) VAR state: {r,y,g}; ASSIGN init(state) := r; next(state) := case state=r & other=r : {r, y}; state=y : g; state=g : {g, r}; TRUE : state; esac; MODULE main VAR tl1: light(tl2.state); tl2: light(tl1.state); 6 / 43

  8. Synchronous composition MODULE light(other) VAR state: {r,y,g}; ASSIGN init(state) := r; next(state) := case state=r & other=r : {r, y}; state=y : g; state=g : {g, r}; TRUE : state; esac; MODULE main VAR tl1: light(tl2.state); tl2: light(tl1.state); 6 / 43

  9. Synchronous composition 7 / 43

  10. Synchronous composition Both lights can simultaneously become green ! 7 / 43

  11. Asynchronous composition MODULE light(other) VAR state: {r,y,g}; ASSIGN init(state) := r; next(state) := case state=r & other=r : {r, y}; state=y : g; state=g : {g, r}; TRUE : state; esac; MODULE main VAR tl1: process light(tl2.state); tl2: process light(tl1.state); 8 / 43

  12. Asynchronous composition ... 9 / 43

  13. Asynchronous composition ... Only one light can become green at a time 9 / 43

  14. ◮ Synchronous: ◮ all assignments to all modules made simultaneously ◮ suitable when all modules are synchronized to a global clock ◮ Asynchronous: ◮ execution of modules is interleaved ◮ at a time, only one module executes ◮ choice of next module to be executed is non-deterministic ◮ suitable when no assumptions can be made about communication delay between modules 10 / 43

  15. Synchronous vs. Asynchronous systems 11 / 43

  16. Module 2: More examples 12 / 43

  17. ... P 1 P 2 P n S HARED R ESOURCE (variable, printer, ... ) Mutual Exclusion: No two processes can access the resource simultaneously 13 / 43

  18. P 1 P 2 loop forever loop forever . . . . *non-critical actions* *non-critical actions* . . request request critical section critical section release release . . . . *non-critical actions* *non-critical actions* . . end loop end loop 14 / 43

  19. P 1 P 2 loop forever loop forever . . . . *non-critical actions* *non-critical actions* . . request request critical section critical section release release . . . . *non-critical actions* *non-critical actions* . . end loop end loop PG 1 PG 2 noncrit 1 noncrit 2 wait 1 wait 2 crit 1 crit 2 14 / 43

  20. P 1 P 2 loop forever loop forever . . . . *non-critical actions* *non-critical actions* . . 〈 if y>0 : y:=y-1 〉 〈 if y>0 : y:=y-1 〉 *request* *request* critical section critical section y:=y+1 y:=y+1 *release* *release* . . . . *non-critical actions* *non-critical actions* . . end loop end loop PG 1 PG 2 noncrit 1 noncrit 2 y:= y+1 wait 1 y:= y+1 wait 2 y>0:y:=y-1 y>0:y:=y-1 crit 1 crit 2 14 / 43

  21. P 1 P 2 loop forever loop forever . . . . *non-critical actions* *non-critical actions* . . 〈 if y>0 : y:=y-1 〉 〈 if y>0 : y:=y-1 〉 *request* *request* critical section critical section y:=y+1 y:=y+1 *release* *release* . . . . *non-critical actions* *non-critical actions* . . end loop end loop PG 1 PG 2 noncrit 1 noncrit 2 atomic y:= y+1 wait 1 y:= y+1 wait 2 y>0:y:=y-1 y>0:y:=y-1 crit 1 crit 2 14 / 43

  22. P 1 P 2 loop forever loop forever . . . . *non-critical actions* *non-critical actions* . . 〈 if y>0 : y:=y-1 〉 〈 if y>0 : y:=y-1 〉 *request* *request* critical section critical section y:=y+1 y:=y+1 *release* *release* . . . . *non-critical actions* *non-critical actions* . . end loop end loop PG 1 PG 2 noncrit 1 noncrit 2 atomic y:= y+1 wait 1 y:= y+1 wait 2 y>0:y:=y-1 y>0:y:=y-1 crit 1 crit 2 NuSMV demo: mutex-demo.smv 14 / 43

  23. Coming next: A slight modification of previous mutual exclusion protocol 15 / 43

  24. non-crit wait PG 1 y:=y+1 y>0:y:=y-1 exiting crit non-crit wait PG 2 y:=y+1 y>0:y:=y-1 exiting crit 16 / 43

  25. non-crit wait PG 1 y:=y+1 y>0:y:=y-1 exiting crit non-crit wait PG 2 y:=y+1 y>0:y:=y-1 exiting crit NuSMV demo: mutex-demo1.smv 16 / 43

  26. Synchronous vs. Mutual Exclusion Asynchronous systems 17 / 43

  27. while x < 200 while x>0 while x=200 x := x+1 x := x-1 x := 0 m 1 n 1 l 1 x := x+1 x < 200 x:=x-1 x > 0 x:=0 x = 200 m 2 n 2 l 2 18 / 43

  28. while x < 200 while x>0 while x=200 x := x+1 x := x-1 x := 0 m 1 n 1 l 1 x := x+1 x < 200 x:=x-1 x > 0 x:=0 x = 200 m 2 n 2 l 2 NuSMV demo : three-program-demo.smv 18 / 43

  29. Synchronous vs. Mutual Exclusion Asynchronous systems Concurrent programs example 19 / 43

  30. Module 3: A problem in concurrency 20 / 43

  31. processes P 0 ... P 3 : P 0 S 3 S 0 S 0 ... S 3 : resources P 3 P 1 S 2 S 1 P 2 21 / 43

  32. processes P 0 ... P 3 : P 0 S 3 S 0 S 0 ... S 3 : resources P 3 P 1 Process P i can execute only if it has access to resources S 2 S 1 S ( i − 1 ) and S i P 2 21 / 43

  33. processes P 0 ... P 3 : P 0 S 3 S 0 S 0 ... S 3 : resources P 3 P 1 Process P i can execute only if it has access to resources S 2 S 1 S ( i − 1 ) mod 4 and S i mod 4 P 2 21 / 43

  34. processes P 0 ... P 3 : P 0 S 3 S 0 S 0 ... S 3 : resources P 3 P 1 Process P i can execute only if it has access to resources S 2 S 1 S ( i − 1 ) mod 4 and S i mod 4 P 2 How should the processes be scheduled so that every process can execute infinitely often ? 21 / 43

  35. Dining philosophers problem (Dijkstra) P 0 ... P 3 : philosophers P 0 S 3 S 0 S 0 ... S 3 : chop-sticks P 3 P 1 Philosopher P i can eat only if he has access to chop-sticks S 2 S 1 S ( i − 1 ) mod 4 and S i mod 4 P 2 22 / 43

  36. Dining philosophers problem (Dijkstra) P 0 ... P 3 : philosophers P 0 S 3 S 0 S 0 ... S 3 : chop-sticks P 3 P 1 Philosopher P i can eat only if he has access to chop-sticks S 2 S 1 S ( i − 1 ) mod 4 and S i mod 4 P 2 What should the protocol be so that every philosopher can eat infinitely often ? 22 / 43

  37. Coming next: A protocol for the dining philosophers 23 / 43

  38. Philosopher i think req_left req_right sticks[i]=free sticks[i-1]=free sticks[i]:=i sticks[i-1]:=i have_left have_right sticks[i-1]=free sticks[i]=free sticks[i-1]:=i sticks[i]:=i eat return sticks[i]=free sticks[i-1]=free 24 / 43

  39. Philosopher i think req_left req_right sticks[i]=free sticks[i-1]=free sticks[i]:=i sticks[i-1]:=i have_left have_right sticks[i-1]=free sticks[i]=free sticks[i-1]:=i sticks[i]:=i eat return sticks[i]=free sticks[i-1]=free NuSMV demo 24 / 43

  40. A deadlock Sticks 〈 think, think, think, think 〉 0 1 2 3 〈 have_left, have_left, have_left, have_left 〉 25 / 43

  41. Question: What properties should be checked to detect deadlocks ? 26 / 43

  42. Question: What properties should be checked to detect deadlocks ? ◮ Next module: Attach a mathematical meaning to properties 26 / 43

  43. Question: What properties should be checked to detect deadlocks ? ◮ Next module: Attach a mathematical meaning to properties ◮ Next lecture: Classification of properties into various types 26 / 43

  44. Question: What properties should be checked to detect deadlocks ? ◮ Next module: Attach a mathematical meaning to properties ◮ Next lecture: Classification of properties into various types ◮ Next lecture: Answer to the above question 26 / 43

  45. Module 4: What is a “property”? 27 / 43

  46. Goal: Attach a mathematical meaning to “property” 28 / 43

  47. MODULE main request=1 request=1 VAR ready busy request: boolean; status: {ready, busy} ASSIGN init(status) := ready; next(status) := case request=0 request=0 request : busy; ready busy TRUE : {ready,busy}; esac; 29 / 43

  48. MODULE main request=1 request=1 VAR ready busy request: boolean; status: {ready, busy} ASSIGN init(status) := ready; next(status) := case request=0 request=0 request : busy; ready busy TRUE : {ready,busy}; esac; p 1 : (request=1) p 2 : (status=busy) 29 / 43

  49. MODULE main request=1 request=1 VAR ready busy request: boolean; status: {ready, busy} ASSIGN init(status) := ready; next(status) := case request=0 request=0 request : busy; ready busy TRUE : {ready,busy}; esac; Atomic propositions p 1 : (request=1) p 2 : (status=busy) 29 / 43

  50. { p 1 } MODULE main request=1 request=1 VAR ready busy request: boolean; status: {ready, busy} ASSIGN init(status) := ready; next(status) := case request=0 request=0 request : busy; ready busy TRUE : {ready,busy}; esac; Atomic propositions p 1 : (request=1) p 2 : (status=busy) 29 / 43

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Automated Reasoning Lecture 3: Tie NuSMV Model Checler Jacques Fleuriot jdf@inf.ed.ac.uk Recap

Automated Reasoning Lecture 3: Tie NuSMV Model Checler Jacques Fleuriot jdf@inf.ed.ac.uk Recap

Automated Reasoning Lecture 3: Tie NuSMV Model Checler Jacques Fleuriot jdf@inf.ed.ac.uk Recap Previously: Model Checking Introduction Linear Temporal Logic Tiis time: An implementation of LTL Model Checking NuSMV NuSMV

442 views • 23 slides
Hoare Logic and Model Checking Model Checking See NuSMV homepage to download: http://nusmv.fbk.eu/

Hoare Logic and Model Checking Model Checking See NuSMV homepage to download: http://nusmv.fbk.eu/

Hoare Logic and Model Checking Model Checking See NuSMV homepage to download: http://nusmv.fbk.eu/ Was popular in semiconductor industry via Cadence SMV Could handle large models A re-implementation of the SMV model checker: Good

110 views • 10 slides
Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking

Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking

Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking ELEC-E8110 Automation Systems Synthesis and Analysis Igor Buzhinsky igor.buzhinskii@aalto.fi 2018 Igor Buzhinsky Lecture 5 2018 1 / 28 Symbolic

833 views • 61 slides
Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL Other interesting books: Model Checking by Clarke, Grumberg, and Peled Principles of Model Checking by Baier and Katoen 3 Course

636 views • 11 slides
NuSMV and Symbolic Model Checking A. Cimatti, M. Pistore, and M. Roveri NuSMV Project Sep 1,

NuSMV and Symbolic Model Checking A. Cimatti, M. Pistore, and M. Roveri NuSMV Project Sep 1,

NuSMV and Symbolic Model Checking A. Cimatti, M. Pistore, and M. Roveri NuSMV and Symbolic Model Checking A. Cimatti, M. Pistore, and M. Roveri NuSMV Project Sep 1, 2002 Trento (Italy) NuSMV Project, Sep 1, 2002, Trento (Italy) 1

1.24k views • 105 slides
Verifying Timed Reachability Properties Lecture #17 of Advanced Model Checking Joost-Pieter

Verifying Timed Reachability Properties Lecture #17 of Advanced Model Checking Joost-Pieter

Verifying Timed Reachability Properties Lecture #17 of Advanced Model Checking Joost-Pieter Katoen Lehrstuhl 2: Software Modeling &amp; Verification E-mail: katoen@cs.rwth-aachen.de June 30, 2014 c JPK Advanced model checking Timelock,

720 views • 31 slides
Checking Graph Properties with GP Chris Poskitt (cmp501@cs.york.ac.uk) The University of York

Checking Graph Properties with GP Chris Poskitt (cmp501@cs.york.ac.uk) The University of York

Checking Graph Properties with GP Checking Graph Properties with GP Chris Poskitt (cmp501@cs.york.ac.uk) The University of York PLASMA Seminar: 5th March 2009 Checking Graph Properties with GP Motivation Todays Talk 1. Motivation 2. GP

874 views • 52 slides
Liveness Checking as Safety Checking to Find Shortest Counterexamples to Linear Time Properties

Liveness Checking as Safety Checking to Find Shortest Counterexamples to Linear Time Properties

Liveness Checking as Safety Checking to Find Shortest Counterexamples to Linear Time Properties Viktor Schuppan Computer Systems Institute, ETH Z urich http://www.inf.ethz.ch/schuppan/ Defense Thesis ETH 16268 September 28, 2005, Z

382 views • 19 slides
Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree Logic Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge

402 views • 25 slides
Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole Model Checking C Model checking: normally applied to formal state transition systems checks safety and

439 views • 17 slides
Unit-11: Binary Decision Diagrams (BDDs) B. Srivathsan Chennai Mathematical Institute

Unit-11: Binary Decision Diagrams (BDDs) B. Srivathsan Chennai Mathematical Institute

Unit-11: Binary Decision Diagrams (BDDs) B. Srivathsan Chennai Mathematical Institute NPTEL-course July - November 2015 1 / 24 Module 1: Introduction to BDDs 2 / 24 Model-checking Transition Systems + Properties + NuSMV State-space Bchi

835 views • 81 slides
Efficient Model Checking of Safety Properties Timo Latvala timo.latvala@hut.fi Laboratory for

Efficient Model Checking of Safety Properties Timo Latvala timo.latvala@hut.fi Laboratory for

Efficient Model Checking of Safety Properties Timo Latvala timo.latvala@hut.fi Laboratory for Theoretical Computer Science Helsinki University of Technology Finland Spin 2003 p.1/16 Introduction Safety properties properties

669 views • 44 slides
Type Checking General properties of type systems Types in programming languages

Type Checking General properties of type systems Types in programming languages

Outline Type Checking General properties of type systems Types in programming languages Notation for type rules Logical rules of inference Common type rules 2 Static Checking Static Checking (Cont.) Refers to

896 views • 10 slides
Lecture 3: Model-checker NuSMV B. Srivathsan Chennai Mathematical Institute NPTEL-course July -

Lecture 3: Model-checker NuSMV B. Srivathsan Chennai Mathematical Institute NPTEL-course July -

Lecture 3: Model-checker NuSMV B. Srivathsan Chennai Mathematical Institute NPTEL-course July - November 2015 1 / 31 Model-checker Specify the model of the system Specify the requirements Model-checker will automatically check if system

1.72k views • 112 slides
Checking Extended CTL Properties Using Guarded Quotient Structure Xiaodong Wang advised by:

Checking Extended CTL Properties Using Guarded Quotient Structure Xiaodong Wang advised by:

Checking Extended CTL Properties Using Guarded Quotient Structure Xiaodong Wang advised by: Professor Sistla Outline Part I: Symmetry based method Part II: CCTL logic Part III: Input language Part IV: Model checking algorithm

630 views • 60 slides
Scalable Verification of Design with Multiple Properties Rohit Dureja Iowa State University

Scalable Verification of Design with Multiple Properties Rohit Dureja Iowa State University

Scalable Verification of Design with Multiple Properties Rohit Dureja Iowa State University October 23, 2019 Model Checking 2 Model Checking Usually multiple properties to be verified 3 Model Checking Report 4 Model Checking Report

446 views • 9 slides
Consensus with Partial Synchrony Pedro Ferreira do Souto Departamento de Engenharia Informtica

Consensus with Partial Synchrony Pedro Ferreira do Souto Departamento de Engenharia Informtica

Consensus with Partial Synchrony Pedro Ferreira do Souto Departamento de Engenharia Informtica Faculdade de Engenharia Universidade do Porto Pedro F. Souto (FEUP) Consensus with Partial Synchrony 1 / 55 Outline Failure Detection 1

588 views • 57 slides
Linux Kernel Co-Scheduling For Bulk Synchronous Parallel Applications ROSS 2011 Tucson, AZ Ter

Linux Kernel Co-Scheduling For Bulk Synchronous Parallel Applications ROSS 2011 Tucson, AZ Ter

Linux Kernel Co-Scheduling For Bulk Synchronous Parallel Applications ROSS 2011 Tucson, AZ Ter erry J y Jones ones Oak Ridge National Laboratory 1 Managed by UT-Battelle Terry Jones ROSS 2011 for the U.S. Department of Energy Outline

367 views • 19 slides
Synchronous Constructive Cry ryptography Chen-Da Ueli Liu-Zhang Maurer ETH Zurich ETH

Synchronous Constructive Cry ryptography Chen-Da Ueli Liu-Zhang Maurer ETH Zurich ETH

Synchronous Constructive Cry ryptography Chen-Da Ueli Liu-Zhang Maurer ETH Zurich ETH Zurich TCC 2020 R rounds R rounds Nave randomness generation 1 2 6

952 views • 66 slides
Abstraction of Clocks in Synchronous Data-flow Systems A. Cohen 1 L. Mandel 2 F. Plateau 2 M.

Abstraction of Clocks in Synchronous Data-flow Systems A. Cohen 1 L. Mandel 2 F. Plateau 2 M.

Abstraction of Clocks in Synchronous Data-flow Systems A. Cohen 1 L. Mandel 2 F. Plateau 2 M. Pouzet 23 (1) INRIA Saclay - Ile-de-France, Orsay, France (2) LRI, Univ. Paris-Sud 11, Orsay, France and INRIA Saclay (3) Institut Universitaire de

504 views • 21 slides
Synchronous Batching: From Cascades to Free Routes Roger Dingledine The Free Haven Project

Synchronous Batching: From Cascades to Free Routes Roger Dingledine The Free Haven Project

Synchronous Batching: From Cascades to Free Routes Roger Dingledine The Free Haven Project Vitaly Shmatikov Paul Syverson SRI International Naval Research Laboratory Presented at PET 2004, May 27, 2004 Reminder: What does a mix do?

677 views • 28 slides
CONSENSUS Fall 2012 Ken Birman Consensus a classic problem Consensus abstraction underlies

CONSENSUS Fall 2012 Ken Birman Consensus a classic problem Consensus abstraction underlies

IMPOSSIBILITY OF CONSENSUS Fall 2012 Ken Birman Consensus a classic problem Consensus abstraction underlies many distributed systems and protocols N processes They start execution with inputs {0,1} Asynchronous,

511 views • 35 slides
Unit-12: Modeling timing constraints B. Srivathsan Chennai Mathematical Institute NPTEL-course

Unit-12: Modeling timing constraints B. Srivathsan Chennai Mathematical Institute NPTEL-course

Unit-12: Modeling timing constraints B. Srivathsan Chennai Mathematical Institute NPTEL-course July - November 2015 1 / 20 Traffic lights controller Flight control Automatic gear control Pacemaker ATM Controllers need to adhere to strict

1.37k views • 55 slides
Shaahin Hessabi Department of Computer Engineering Sharif University of Technology D Design for

Shaahin Hessabi Department of Computer Engineering Sharif University of Technology D Design for

Shaahin Hessabi Department of Computer Engineering Sharif University of Technology D Design for Reuse i f R Design for reuse is an absolute necessity to: maintain productivity levels, keep the design time within reasonable

589 views • 21 slides

More recommend