lecture 5 symbolic model checking nusmv and spin model
play

Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. - PowerPoint PPT Presentation

Oct 06, 2022 •208 likes •833 views

Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking ELEC-E8110 Automation Systems Synthesis and Analysis Igor Buzhinsky igor.buzhinskii@aalto.fi 2018 Igor Buzhinsky Lecture 5 2018 1 / 28 Symbolic

  1. Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking ELEC-E8110 Automation Systems Synthesis and Analysis Igor Buzhinsky igor.buzhinskii@aalto.fi 2018 Igor Buzhinsky Lecture 5 2018 1 / 28

  2. Symbolic model checking Igor Buzhinsky Lecture 5 2018 2 / 28

  3. Motivation State spaces can be very large Igor Buzhinsky Lecture 5 2018 3 / 28

  4. Motivation State spaces can be very large If there are ten 32-bit integer variables, how many states can the system have potentially? Igor Buzhinsky Lecture 5 2018 3 / 28

  5. Motivation State spaces can be very large If there are ten 32-bit integer variables, how many states can the system have potentially? 2 320 ≈ 2 . 1 · 10 96 The so-called “state explosion” problem Igor Buzhinsky Lecture 5 2018 3 / 28

  6. Motivation State spaces can be very large If there are ten 32-bit integer variables, how many states can the system have potentially? 2 320 ≈ 2 . 1 · 10 96 The so-called “state explosion” problem PC can probably handle (store in memory and process) only about 10 9 states... Igor Buzhinsky Lecture 5 2018 3 / 28

  7. Motivation State spaces can be very large If there are ten 32-bit integer variables, how many states can the system have potentially? 2 320 ≈ 2 . 1 · 10 96 The so-called “state explosion” problem PC can probably handle (store in memory and process) only about 10 9 states... Can we avoid explicit construction of the state graph? Igor Buzhinsky Lecture 5 2018 3 / 28

  8. State subsets as Boolean constraints (1) Can you specify the set of reachable states as a Boolean formula? Igor Buzhinsky Lecture 5 2018 4 / 28

  9. State subsets as Boolean constraints (1) Can you specify the set of reachable states as a Boolean formula? p ∨ q Igor Buzhinsky Lecture 5 2018 4 / 28

  10. State subsets as Boolean constraints (1) Can you specify the set of reachable states as a Boolean formula? p ∨ q What about only initial states? Igor Buzhinsky Lecture 5 2018 4 / 28

  11. State subsets as Boolean constraints (1) Can you specify the set of reachable states as a Boolean formula? p ∨ q What about only initial states? p ⊕ q = p ∧ ¬ q ∨ ¬ p ∧ q Igor Buzhinsky Lecture 5 2018 4 / 28

  12. State subsets as Boolean constraints (2) What about the transition relation? p , q : values on this step p ′ , q ′ : values on the next step Igor Buzhinsky Lecture 5 2018 5 / 28

  13. State subsets as Boolean constraints (2) What about the transition relation? p , q : values on this step p ′ , q ′ : values on the next step Quiz: specify the transition relation for the Kripke structure on the left as a Boolean formula Igor Buzhinsky Lecture 5 2018 5 / 28

  14. State subsets as Boolean constraints (2) What about the transition relation? p , q : values on this step p ′ , q ′ : values on the next step Quiz: specify the transition relation for the Kripke structure on the left as a Boolean formula ( p ∧ ¬ q → q ′ ∧ ¬ p ′ ) ∧ Igor Buzhinsky Lecture 5 2018 5 / 28

  15. State subsets as Boolean constraints (2) What about the transition relation? p , q : values on this step p ′ , q ′ : values on the next step Quiz: specify the transition relation for the Kripke structure on the left as a Boolean formula ( p ∧ ¬ q → q ′ ∧ ¬ p ′ ) ∧ ( q ∧ ¬ p → p ′ ∧ q ′ ) ∧ Igor Buzhinsky Lecture 5 2018 5 / 28

  16. State subsets as Boolean constraints (2) What about the transition relation? p , q : values on this step p ′ , q ′ : values on the next step Quiz: specify the transition relation for the Kripke structure on the left as a Boolean formula ( p ∧ ¬ q → q ′ ∧ ¬ p ′ ) ∧ ( q ∧ ¬ p → p ′ ∧ q ′ ) ∧ ( p ∧ q → p ′ ) Igor Buzhinsky Lecture 5 2018 5 / 28

  17. State subsets as Boolean constraints (2) What about the transition relation? p , q : values on this step p ′ , q ′ : values on the next step Quiz: specify the transition relation for the Kripke structure on the left as a Boolean formula ( p ∧ ¬ q → q ′ ∧ ¬ p ′ ) ∧ ( q ∧ ¬ p → p ′ ∧ q ′ ) ∧ ( p ∧ q → p ′ ) Alternative way: ( p ∧ ¬ q ∧ q ′ ∧ ¬ p ′ ) Igor Buzhinsky Lecture 5 2018 5 / 28

  18. State subsets as Boolean constraints (2) What about the transition relation? p , q : values on this step p ′ , q ′ : values on the next step Quiz: specify the transition relation for the Kripke structure on the left as a Boolean formula ( p ∧ ¬ q → q ′ ∧ ¬ p ′ ) ∧ ( q ∧ ¬ p → p ′ ∧ q ′ ) ∧ ( p ∧ q → p ′ ) Alternative way: ( p ∧ ¬ q ∧ q ′ ∧ ¬ p ′ ) ∨ Igor Buzhinsky Lecture 5 2018 5 / 28

  19. State subsets as Boolean constraints (2) What about the transition relation? p , q : values on this step p ′ , q ′ : values on the next step Quiz: specify the transition relation for the Kripke structure on the left as a Boolean formula ( p ∧ ¬ q → q ′ ∧ ¬ p ′ ) ∧ ( q ∧ ¬ p → p ′ ∧ q ′ ) ∧ ( p ∧ q → p ′ ) Alternative way: ( p ∧ ¬ q ∧ q ′ ∧ ¬ p ′ ) ∨ ( q ∧ ¬ p ∧ p ′ ∧ q ′ ) ∨ ( p ∧ q ∧ p ′ ) Igor Buzhinsky Lecture 5 2018 5 / 28

  20. Model checking with Boolean constraints? Assume that our Kripke structure has atomic propositions p 1 , ..., p n Boolean constraints f init [ p 1 , ..., p n ] and f trans [ p 1 , ..., p n , p ′ 1 , ..., p ′ n ] How to model-check g = AG h , where h is a Boolean formula? Igor Buzhinsky Lecture 5 2018 6 / 28

  21. Model checking with Boolean constraints? Assume that our Kripke structure has atomic propositions p 1 , ..., p n Boolean constraints f init [ p 1 , ..., p n ] and f trans [ p 1 , ..., p n , p ′ 1 , ..., p ′ n ] How to model-check g = AG h , where h is a Boolean formula? Compute a sequence of formulae f i : the set of states reachable in i steps Igor Buzhinsky Lecture 5 2018 6 / 28

  22. Model checking with Boolean constraints? Assume that our Kripke structure has atomic propositions p 1 , ..., p n Boolean constraints f init [ p 1 , ..., p n ] and f trans [ p 1 , ..., p n , p ′ 1 , ..., p ′ n ] How to model-check g = AG h , where h is a Boolean formula? Compute a sequence of formulae f i : the set of states reachable in i steps f 0 := f init ; Igor Buzhinsky Lecture 5 2018 6 / 28

  23. Model checking with Boolean constraints? Assume that our Kripke structure has atomic propositions p 1 , ..., p n Boolean constraints f init [ p 1 , ..., p n ] and f trans [ p 1 , ..., p n , p ′ 1 , ..., p ′ n ] How to model-check g = AG h , where h is a Boolean formula? Compute a sequence of formulae f i : the set of states reachable in i steps f 0 := f init ; f i := f i − 1 ∨ remove primes( ∃ p 1 , ..., p n : f i − 1 ∧ f trans ) Igor Buzhinsky Lecture 5 2018 6 / 28

  24. Model checking with Boolean constraints? Assume that our Kripke structure has atomic propositions p 1 , ..., p n Boolean constraints f init [ p 1 , ..., p n ] and f trans [ p 1 , ..., p n , p ′ 1 , ..., p ′ n ] How to model-check g = AG h , where h is a Boolean formula? Compute a sequence of formulae f i : the set of states reachable in i steps f 0 := f init ; f i := f i − 1 ∨ remove primes( ∃ p 1 , ..., p n : f i − 1 ∧ f trans ) If f i ∧ ¬ h is satisfiable , then g is false Igor Buzhinsky Lecture 5 2018 6 / 28

  25. Model checking with Boolean constraints? Assume that our Kripke structure has atomic propositions p 1 , ..., p n Boolean constraints f init [ p 1 , ..., p n ] and f trans [ p 1 , ..., p n , p ′ 1 , ..., p ′ n ] How to model-check g = AG h , where h is a Boolean formula? Compute a sequence of formulae f i : the set of states reachable in i steps f 0 := f init ; f i := f i − 1 ∨ remove primes( ∃ p 1 , ..., p n : f i − 1 ∧ f trans ) If f i ∧ ¬ h is satisfiable , then g is false If at some point f i and f i − 1 become equivalent , we can stop the procedure and conclude that g is true Igor Buzhinsky Lecture 5 2018 6 / 28

  26. Model checking with Boolean constraints? Assume that our Kripke structure has atomic propositions p 1 , ..., p n Boolean constraints f init [ p 1 , ..., p n ] and f trans [ p 1 , ..., p n , p ′ 1 , ..., p ′ n ] How to model-check g = AG h , where h is a Boolean formula? Compute a sequence of formulae f i : the set of states reachable in i steps f 0 := f init ; f i := f i − 1 ∨ remove primes( ∃ p 1 , ..., p n : f i − 1 ∧ f trans ) If f i ∧ ¬ h is satisfiable , then g is false If at some point f i and f i − 1 become equivalent , we can stop the procedure and conclude that g is true How to perform all these symbolic operations efficiently? There are binary decision diagrams (BDDs), a reduced form of decision trees Igor Buzhinsky Lecture 5 2018 6 / 28

  27. Example of a BDD Solid arrows: variable is true Dashed arrows: variable is false If in the end we come to 1, then the formula is true for our assignment If we come to 0, it is false Igor Buzhinsky Lecture 5 2018 7 / 28

  28. Example of a BDD Solid arrows: variable is true Dashed arrows: variable is false If in the end we come to 1, then the formula is true for our assignment If we come to 0, it is false Which function is encoded in this BDD? Igor Buzhinsky Lecture 5 2018 7 / 28

  29. NuSMV model checker Igor Buzhinsky Lecture 5 2018 8 / 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hoare Logic and Model Checking Model Checking See NuSMV homepage to download: http://nusmv.fbk.eu/

Hoare Logic and Model Checking Model Checking See NuSMV homepage to download: http://nusmv.fbk.eu/

Hoare Logic and Model Checking Model Checking See NuSMV homepage to download: http://nusmv.fbk.eu/ Was popular in semiconductor industry via Cadence SMV Could handle large models A re-implementation of the SMV model checker: Good

110 views • 10 slides
Automated Reasoning Lecture 3: Tie NuSMV Model Checler Jacques Fleuriot jdf@inf.ed.ac.uk Recap

Automated Reasoning Lecture 3: Tie NuSMV Model Checler Jacques Fleuriot jdf@inf.ed.ac.uk Recap

Automated Reasoning Lecture 3: Tie NuSMV Model Checler Jacques Fleuriot jdf@inf.ed.ac.uk Recap Previously: Model Checking Introduction Linear Temporal Logic Tiis time: An implementation of LTL Model Checking NuSMV NuSMV

442 views • 23 slides
Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL Other interesting books: Model Checking by Clarke, Grumberg, and Peled Principles of Model Checking by Baier and Katoen 3 Course

636 views • 11 slides
NuSMV and Symbolic Model Checking A. Cimatti, M. Pistore, and M. Roveri NuSMV Project Sep 1,

NuSMV and Symbolic Model Checking A. Cimatti, M. Pistore, and M. Roveri NuSMV Project Sep 1,

NuSMV and Symbolic Model Checking A. Cimatti, M. Pistore, and M. Roveri NuSMV and Symbolic Model Checking A. Cimatti, M. Pistore, and M. Roveri NuSMV Project Sep 1, 2002 Trento (Italy) NuSMV Project, Sep 1, 2002, Trento (Italy) 1

1.24k views • 105 slides
Lecture 4: Checking properties in NuSMV B. Srivathsan Chennai Mathematical Institute Model

Lecture 4: Checking properties in NuSMV B. Srivathsan Chennai Mathematical Institute Model

Lecture 4: Checking properties in NuSMV B. Srivathsan Chennai Mathematical Institute Model Checking and Systems Verification January - April 2016 1 / 43 Outline Module 1: Synchronous Vs Asynchronous composition Module 2: More examples

1.11k views • 90 slides
Automated Reasoning Model Checking with SPIN Alan Bundy Automated Reasoning SPIN Lecture 10,

Automated Reasoning Model Checking with SPIN Alan Bundy Automated Reasoning SPIN Lecture 10,

Automated Reasoning Model Checking with SPIN Alan Bundy Automated Reasoning SPIN Lecture 10, page 1 Model Checking in Practice System behaviour: what is possible in our model? We will use the language Promela to specify behaviour

341 views • 18 slides
Automated Reasoning Model Checking with Spin (III) Alan Bundy Automated Reasoning Model

Automated Reasoning Model Checking with Spin (III) Alan Bundy Automated Reasoning Model

Automated Reasoning Model Checking with Spin (III) Alan Bundy Automated Reasoning Model Checking with Spin (III) Lecture 12, page 1 Outline of Verification Process Objective: form one big automata, which Spin can use for verification.

1.01k views • 25 slides
Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree Logic Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge

402 views • 25 slides
Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model checking historically not the first symbolic model checking approach scales better than original BDD based techniques mostly incomplete in

521 views • 28 slides
Symbolic Model Checking 10 20 States and Beyond Burch Clarke McMillan Dill Hwang Seminal

Symbolic Model Checking 10 20 States and Beyond Burch Clarke McMillan Dill Hwang Seminal

The Mu-Calculus Model Checking Example Results Symbolic Model Checking 10 20 States and Beyond Burch Clarke McMillan Dill Hwang Seminal Papers in Verification March 23, 2012 Andrena Francisco Symbolic Model Checking The Mu-Calculus

196 views • 15 slides
CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms

CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms

CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms for ( U ) Counter Examples and witnesses Symbolic Model Checking (Thursday) Binary Decision Trees

740 views • 40 slides
02291: System Integration Symbolic Model Checking Hubert Baumeister huba@dtu.dk DTU Compute

02291: System Integration Symbolic Model Checking Hubert Baumeister huba@dtu.dk DTU Compute

02291: System Integration Symbolic Model Checking Hubert Baumeister huba@dtu.dk DTU Compute Technical University of Denmark Spring 2020 Model Checking M | = Models M are Kripke structures Formulas are Computational Tree Logic

509 views • 22 slides
Hoare Logic and Model Checking Model Checking Lecture 7: Introduction and background Dominic

Hoare Logic and Model Checking Model Checking Lecture 7: Introduction and background Dominic

Hoare Logic and Model Checking Model Checking Lecture 7: Introduction and background Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group, University of Cambridge Academic year

972 views • 41 slides
Lecture 3: Model-checker NuSMV B. Srivathsan Chennai Mathematical Institute NPTEL-course July -

Lecture 3: Model-checker NuSMV B. Srivathsan Chennai Mathematical Institute NPTEL-course July -

Lecture 3: Model-checker NuSMV B. Srivathsan Chennai Mathematical Institute NPTEL-course July - November 2015 1 / 31 Model-checker Specify the model of the system Specify the requirements Model-checker will automatically check if system

1.72k views • 112 slides
Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking Checking Checking for Timed Automata Timed Automata Coll C l C ll b llabora orators: t ors: Peter Bulychev, Alexandre David Axel Legay, Marius

725 views • 59 slides
Automated Reasoning Model Checking with SPIN (II) Alan Bundy Automated Reasoning SPIN (II)

Automated Reasoning Model Checking with SPIN (II) Alan Bundy Automated Reasoning SPIN (II)

Automated Reasoning Model Checking with SPIN (II) Alan Bundy Automated Reasoning SPIN (II) page 1 Verifying Global Properties Assertions can be used to verify a property locally locally For example, place assert(MemReturned) at the

441 views • 25 slides
The Semantics of Nominal Logic Programs James Cheney ICLP 2006 August 19, 2006 1 Motivation

The Semantics of Nominal Logic Programs James Cheney ICLP 2006 August 19, 2006 1 Motivation

The Semantics of Nominal Logic Programs James Cheney ICLP 2006 August 19, 2006 1 Motivation Nominal logic [Pitts 2003] is a first-order axiomatization of names, name-binding, and alpha-equivalence Provides a logical foundation for

483 views • 30 slides
Constraints for the Construction of Component-Based Systems Simon Bliudze and Joseph Sifakis

Constraints for the Construction of Component-Based Systems Simon Bliudze and Joseph Sifakis

Synthesizing Glue Operators from Glue Constraints for the Construction of Component-Based Systems Simon Bliudze and Joseph Sifakis urich, June 30 th , 2011 Z Outline Motivation BIP and the Glue Synthesizing glue operators Design flow

488 views • 29 slides
Introduction to Computer Graphics Modeling (3) April 30, 2020 Kenshi Takayama Solid

Introduction to Computer Graphics Modeling (3) April 30, 2020 Kenshi Takayama Solid

Introduction to Computer Graphics Modeling (3) April 30, 2020 Kenshi Takayama Solid modeling 2 Thin shapes represented Unorientable Solid models by single polygons Clear definition of inside & outside at any 3D

931 views • 49 slides
Some examples of time-delay systems I. Fluid flow model for a congested router in TCP/AQM

Some examples of time-delay systems I. Fluid flow model for a congested router in TCP/AQM

Some examples of time-delay systems I. Fluid flow model for a congested router in TCP/AQM controlled network Model of collision-avoidance type: Hollot et al., IEEE TAC 2002 W t W t R t 1 1 ( ) ( ( )) = W t p

491 views • 33 slides
Weekly DUNE SP Detector Integration Engineering Meeting Slides 11/06/18 Kyle Zeug Solid

Weekly DUNE SP Detector Integration Engineering Meeting Slides 11/06/18 Kyle Zeug Solid

Weekly DUNE SP Detector Integration Engineering Meeting Slides 11/06/18 Kyle Zeug Solid model goals, strategy and methods NS Section Four Corner Detail EW Section Four Corner Detail TPC Solid Model: Goals Verify the

425 views • 18 slides
Constraint Programming (2) Marco Chiarandini Department of Mathematics & Computer Science

Constraint Programming (2) Marco Chiarandini Department of Mathematics & Computer Science

DM204 , 2010 SCHEDULING, TIMETABLING AND ROUTING Lecture 8 Constraint Programming (2) Marco Chiarandini Department of Mathematics & Computer Science University of Southern Denmark Constraint Languages Refinements on CP Course Overview

745 views • 39 slides
Outline for today Logic Programming Infix operators/declarations Logic programming with

Outline for today Logic Programming Infix operators/declarations Logic programming with

Outline for today Logic Programming Infix operators/declarations Logic programming with constraints Finite domain constraints Lecture 9: Constraint logic programming Real/rational constraints Course review outline James Cheney

211 views • 8 slides
Title : Constraint Satisfaction Problems AIMA: Chapter 6 Required reading: Recommended

Title : Constraint Satisfaction Problems AIMA: Chapter 6 Required reading: Recommended

B.Y. Choueiry Title : Constraint Satisfaction Problems AIMA: Chapter 6 Required reading: Recommended reading: Introduction to CSPs (Bartaks on-line guide) Algorithms for Constraints Satisfaction problems: A Survey

706 views • 52 slides

More recommend