model checker nusmv
play

Model Checker NuSMV Hao Zheng Department of Computer Science and - PowerPoint PPT Presentation

Oct 27, 2022 •145 likes •618 views

Model Checker NuSMV Hao Zheng Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu Phone: (813)974-4757 Fax: (813)974-5456 Hao Zheng (CSE, USF) Comp Sys Verification 1 / 35

  1. Model Checker NuSMV Hao Zheng Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu Phone: (813)974-4757 Fax: (813)974-5456 Hao Zheng (CSE, USF) Comp Sys Verification 1 / 35

  2. Overview Input Language 1 Simulation 2 Model Checking 3 Modeling Examples 4 Hao Zheng (CSE, USF) Comp Sys Verification 2 / 35

  3. NuSMV • NuSMV is a symbolic model checker ( a reimplementation of the original CMU SMV ). • The NuSMV input language allows to specify synchronous or asynchronous systems at gate or behavioral level. • It provides constructs for hierarchical descriptions. • synchronous modules, or asynchronous processes. • Systems are modeled as finite state machines. • Only finite date types are supported: Boolean, enumeration, array, etc. • Source: http://nusmv.irst.itc.it/ for the software and documents. • User manuals, tutorials, etc. Hao Zheng (CSE, USF) Comp Sys Verification 3 / 35

  4. Contents Input Language 1 Simulation 2 Model Checking 3 Modeling Examples 4 Hao Zheng (CSE, USF) Comp Sys Verification 4 / 35

  5. Single Process Example MODULE main VAR request : boolean; state : {ready, busy}; ASSIGN init(state) := ready; next(state) := case state = ready & request = 1 : busy; 1 : {ready, busy}; esac; SPEC AG (request -> AF (state = busy)) • Comments start with “- -”. Hao Zheng (CSE, USF) Comp Sys Verification 5 / 35

  6. Single Process Example MODULE main VAR request : boolean; state : {ready, busy}; ASSIGN init(state) := ready; next(state) := case state = ready & request = 1 : busy; 1 : {ready, busy}; esac; SPEC AG (request -> AF (state = busy)) • Top level model is “main”. Hao Zheng (CSE, USF) Comp Sys Verification 5 / 35

  7. Single Process Example MODULE main VAR request : boolean; state : {ready, busy}; ASSIGN init(state) := ready; next(state) := case state = ready & request = 1 : busy; 1 : {ready, busy}; esac; SPEC AG (request -> AF (state = busy)) • Each module is divided into section starting with VAR , ASSIGN , SPEC , etc Hao Zheng (CSE, USF) Comp Sys Verification 5 / 35

  8. Single Process Example MODULE main VAR request : boolean; state : {ready, busy}; ASSIGN init(state) := ready; next(state) := case state = ready & request = 1 : busy; 1 : {ready, busy}; esac; SPEC AG (request -> AF (state = busy)) • State space of a module is defined by the variables and their types. Hao Zheng (CSE, USF) Comp Sys Verification 5 / 35

  9. Single Process Example MODULE main VAR request : boolean; state : {ready, busy}; ASSIGN init(state) := ready; next(state) := case state = ready & request = 1 : busy; 1 : {ready, busy}; esac; SPEC AG (request -> AF (state = busy)) • Section ASSIGN defines the initialization and transition relations of variables. • init ( v ) initializes a variable. An uninitialized variable can take any value of its type. • next ( v ) defines the next state of v based on current states. Hao Zheng (CSE, USF) Comp Sys Verification 5 / 35

  10. Single Process Example MODULE main VAR request : boolean; state : {ready, busy}; ASSIGN init(state) := ready; next(state) := case state = ready & request = 1 : busy; 1 : {ready, busy}; esac; SPEC AG (request -> AF (state = busy)) • case expression includes several branches, each of which returns a value if the branch condition is true. • If multiple brach conditions are true, one is selected non-deterministically. Hao Zheng (CSE, USF) Comp Sys Verification 5 / 35

  11. Single Process Example MODULE main VAR request : boolean; state : {ready, busy}; ASSIGN init(state) := ready; next(state) := case state = ready & request = 1 : busy; 1 : {ready, busy}; esac; SPEC AG (request -> AF (state = busy)) • If a variable is not assigned by next ( v ) , its next state is selected non-deterministically from its type. • See request . Hao Zheng (CSE, USF) Comp Sys Verification 5 / 35

  12. Single Process Example MODULE main VAR request : boolean; state : {ready, busy}; ASSIGN init(state) := ready; next(state) := case state = ready & request = 1 : busy; 1 : {ready, busy}; esac; SPEC AG (request -> AF (state = busy)) • Section SPEC includes CTL formulas. • Section LTLSPEC includes LTL formulas. Hao Zheng (CSE, USF) Comp Sys Verification 5 / 35

  13. A Binary Counter MODULE counter_cell(carry_in) VAR value : boolean; ASSIGN init(value) := 0; next(value) := (value + carry_in) mod 2; DEFINE carry_out := value & carry_in; MODULE main VAR bit0 : counter_cell(1); bit1 : counter_cell(bit0.carry_out); bit2 : counter_cell(bit1.carry_out); • The counter is a connection of three counter cell instances done as variable declarations. • A module instance can take parameters. • Notation a.b is used to access the variables inside a component. Hao Zheng (CSE, USF) Comp Sys Verification 6 / 35

  14. A Binary Counter MODULE counter_cell(carry_in) VAR value : boolean; ASSIGN init(value) := 0; next(value) := (value + carry_in) mod 2; DEFINE carry_out := value & carry_in; MODULE main VAR bit0 : counter_cell(1); bit1 : counter_cell(bit0.carry_out); bit2 : counter_cell(bit1.carry_out); • Keyword DEFINE creates an alias for an expression. • Can also be done using ASSIGN . Hao Zheng (CSE, USF) Comp Sys Verification 6 / 35

  15. Asynchronous Systems MODULE inverter(input) VAR output : boolean; ASSIGN init(output) := 0; next(output) := !input; FAIRNESS running MODULE main VAR gate0 : process inverter(gate3.output); gate1 : process inverter(gate1.output); gate2 : process inverter(gate2.output); • Instances with keyword process are composed asynchronously. • A process is chosen non-deterministically in a state. • Variables in a process not chosen remain unchanged. Hao Zheng (CSE, USF) Comp Sys Verification 7 / 35

  16. Asynchronous Systems MODULE inverter(input) VAR output : boolean; ASSIGN init(output) := 0; next(output) := !input; FAIRNESS running MODULE main VAR gate0 : process inverter(gate3.output); gate1 : process inverter(gate1.output); gate2 : process inverter(gate2.output); • A process may never be chosen. • Each process needs fairness constraint ” FAIRNESS running” to make sure it is chosen infinitely often. Hao Zheng (CSE, USF) Comp Sys Verification 7 / 35

  17. Asynchronous Systems (cont’d) • Keyword process may be going away. MODULE inverter(input) VAR output : boolean; ASSIGN init(output) := 0; next(output) := (!input) union output; MODULE main VAR gate1 : inverter(gate3. output); gate2 : inverter(gate1. output); gate3 : inverter(gate2. output); • Use keyword union to allow each variable to nondeterministically change or keep the current value. • Cannot enforce fairness. Hao Zheng (CSE, USF) Comp Sys Verification 8 / 35

  18. Direct Specification MODULE main VAR gate1 : inverter(gate3. output); gate2 : inverter(gate1. output); gate3 : inverter(gate2. output); MODULE inverter(input) VAR output : boolean; INIT output = FALSE; TRANS next(output) = !input | next(output) = output; • The set of initial states is specified as a formula in the current state variables ( INIT ) Hao Zheng (CSE, USF) Comp Sys Verification 9 / 35

  19. Direct Specification MODULE main VAR gate1 : inverter(gate3. output); gate2 : inverter(gate1. output); gate3 : inverter(gate2. output); MODULE inverter(input) VAR output : boolean; INIT output = FALSE; TRANS next(output) = !input | next(output) = output; • The transition relation is specified as a propositional formula in terms of the current and next state variables ( TRANS ). • In the example, each gate can choose non-deterministically Hao Zheng (CSE, USF) Comp Sys Verification 9 / 35

  20. Contents Input Language 1 Simulation 2 Model Checking 3 Modeling Examples 4 Hao Zheng (CSE, USF) Comp Sys Verification 10 / 35

  21. Running NuSMV: Simulation • Simulation provides some intuition of systems to be checked. • It allows users to selectively execute certain paths • Three modes: deterministic , random , or interactive . • Strategies used to decide how the next state is chosen. • Deterministic mode: the first state of a set is chosen. • Random mode: a state is chosen randomly. • Traces are generated in both modes. • Traces are the same in different runs with deterministic mode, but may be different with random mode. Hao Zheng (CSE, USF) Comp Sys Verification 11 / 35

  22. Interactive Simulation • Users have full control on trace generation. • Users guide the tool to choose the next state in each step. • Especially useful when one wants to inspect a particular path. • Users are allowed to specify constraints to narrow down the next state selection. • Refer to section on Simulation Commands in the User Manual. Hao Zheng (CSE, USF) Comp Sys Verification 12 / 35

  23. Contents Input Language 1 Simulation 2 Model Checking 3 Modeling Examples 4 Hao Zheng (CSE, USF) Comp Sys Verification 13 / 35

  24. Model Checking • Decides the truth of CTL/LTL formulas on a model. • SPEC is used for CTL formulas, while LTLSPEC is used for LTL formulas. • A counter-example (CE) may be generated if a formula is false. • CE cannot be generated for formula with E quantifier. Hao Zheng (CSE, USF) Comp Sys Verification 14 / 35

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lecture 3: Model-checker NuSMV B. Srivathsan Chennai Mathematical Institute NPTEL-course July -

Lecture 3: Model-checker NuSMV B. Srivathsan Chennai Mathematical Institute NPTEL-course July -

Lecture 3: Model-checker NuSMV B. Srivathsan Chennai Mathematical Institute NPTEL-course July - November 2015 1 / 31 Model-checker Specify the model of the system Specify the requirements Model-checker will automatically check if system

1.72k views • 112 slides
Hoare Logic and Model Checking Model Checking See NuSMV homepage to download: http://nusmv.fbk.eu/

Hoare Logic and Model Checking Model Checking See NuSMV homepage to download: http://nusmv.fbk.eu/

Hoare Logic and Model Checking Model Checking See NuSMV homepage to download: http://nusmv.fbk.eu/ Was popular in semiconductor industry via Cadence SMV Could handle large models A re-implementation of the SMV model checker: Good

110 views • 10 slides
Automated Reasoning Lecture 3: Tie NuSMV Model Checler Jacques Fleuriot jdf@inf.ed.ac.uk Recap

Automated Reasoning Lecture 3: Tie NuSMV Model Checler Jacques Fleuriot jdf@inf.ed.ac.uk Recap

Automated Reasoning Lecture 3: Tie NuSMV Model Checler Jacques Fleuriot jdf@inf.ed.ac.uk Recap Previously: Model Checking Introduction Linear Temporal Logic Tiis time: An implementation of LTL Model Checking NuSMV NuSMV

442 views • 23 slides
Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL Other interesting books: Model Checking by Clarke, Grumberg, and Peled Principles of Model Checking by Baier and Katoen 3 Course

636 views • 11 slides
The UPPAAL Model Checker The UPPAAL Model Checker Julin Proenza Systems, Robotics and Vision

The UPPAAL Model Checker The UPPAAL Model Checker Julin Proenza Systems, Robotics and Vision

The UPPAAL Model Checker The UPPAAL Model Checker Julin Proenza Systems, Robotics and Vision Group. UIB. SPAIN Julin Proenza. UIB. Oct 2008 The aim of this presentation Introduce the basic concepts of model checking from a practical

804 views • 68 slides
NuSMV and Symbolic Model Checking A. Cimatti, M. Pistore, and M. Roveri NuSMV Project Sep 1,

NuSMV and Symbolic Model Checking A. Cimatti, M. Pistore, and M. Roveri NuSMV Project Sep 1,

NuSMV and Symbolic Model Checking A. Cimatti, M. Pistore, and M. Roveri NuSMV and Symbolic Model Checking A. Cimatti, M. Pistore, and M. Roveri NuSMV Project Sep 1, 2002 Trento (Italy) NuSMV Project, Sep 1, 2002, Trento (Italy) 1

1.24k views • 105 slides
Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking

Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking

Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking ELEC-E8110 Automation Systems Synthesis and Analysis Igor Buzhinsky igor.buzhinskii@aalto.fi 2018 Igor Buzhinsky Lecture 5 2018 1 / 28 Symbolic

833 views • 61 slides
Lecture 4: Checking properties in NuSMV B. Srivathsan Chennai Mathematical Institute Model

Lecture 4: Checking properties in NuSMV B. Srivathsan Chennai Mathematical Institute Model

Lecture 4: Checking properties in NuSMV B. Srivathsan Chennai Mathematical Institute Model Checking and Systems Verification January - April 2016 1 / 43 Outline Module 1: Synchronous Vs Asynchronous composition Module 2: More examples

1.11k views • 90 slides
Implementation of a Coalgebraic Model Checker Aaron Strahlberger 16.07.2019 Parity Game based

Implementation of a Coalgebraic Model Checker Aaron Strahlberger 16.07.2019 Parity Game based

Implementation of a Coalgebraic Model Checker Aaron Strahlberger 16.07.2019 Parity Game based Model Checker Game-Based Local Model Checking for the Coalgebraic -Calculus by Daniel Hausmann and Lutz Schrder [1] (CONCUR 2019)

474 views • 31 slides
Verification of a Dynamic Channel Model using the SPIN Model Checker Rune M. Friborg and Brian

Verification of a Dynamic Channel Model using the SPIN Model Checker Rune M. Friborg and Brian

Verification of a Dynamic Channel Model using the SPIN Model Checker Rune M. Friborg and Brian Vinter eScience center, University of Copenhagen Dias 1 Introduction to PyCSP 2007 - PyCSP is presented. The synchronization model for channel

574 views • 20 slides
A Model Checker Collection for the Model Checking Contest @ Petri Nets Didier Buchs Stefan

A Model Checker Collection for the Model Checking Contest @ Petri Nets Didier Buchs Stefan

A Model Checker Collection for the Model Checking Contest @ Petri Nets Didier Buchs Stefan Klikovits Alban Linard Romain Mencattini Dimitri Racordon 28 June 2018 1/11 1/11 Examination Result GreatSPN ITSTools LoLA LTSMin Marcie

613 views • 20 slides
Schedulability Analysis of Timed CSP Models Using the PAT Model Checker O uzcan O UZ Jan

Schedulability Analysis of Timed CSP Models Using the PAT Model Checker O uzcan O UZ Jan

Schedulability Analysis of Timed CSP Models Using the PAT Model Checker O uzcan O UZ Jan F. BROENINK Angelika MADER Robotics and Mechatronics, University of Twente, The Netherlands Contents Problem Statement & Approach

516 views • 24 slides
The Low-Level Bounded Model Checker LLBMC A Precise Memory Model for LLBMC Florian Merz | October

The Low-Level Bounded Model Checker LLBMC A Precise Memory Model for LLBMC Florian Merz | October

The Low-Level Bounded Model Checker LLBMC A Precise Memory Model for LLBMC Florian Merz | October 7, 2010 Carsten Sinz Stephan Falke V ERIFICATION MEETS A LGORITHM E NGINEERING www.kit.edu KIT University of the State of Baden-Wuerttemberg

415 views • 19 slides
Can a Model Checker Generate Tests for Non-Deterministic Systems? Sergiy Boroday, Alexandre

Can a Model Checker Generate Tests for Non-Deterministic Systems? Sergiy Boroday, Alexandre

Can a Model Checker Generate Tests for Non-Deterministic Systems? Sergiy Boroday, Alexandre Petrenko CRIM, Montreal, Canada Roland Groz INPG, France MBT 2007 Outline Motivation Weak and Strong Tests Test Generation Model

802 views • 22 slides
The Software Model Checker BLAST: Applications to Software Engineering Dirk Beyer, Thomas A.

The Software Model Checker BLAST: Applications to Software Engineering Dirk Beyer, Thomas A.

The Software Model Checker BLAST: Applications to Software Engineering Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar Int. Journal on Software Tools for Technology Transfer, 2007 Stefan Buchholz March 17, 2009 1 Model

456 views • 12 slides
Towards a model-checker for counter systems S. Demri 1 A. Finkel 1 V. Goranko 2 G. van Drimmelen 2

Towards a model-checker for counter systems S. Demri 1 A. Finkel 1 V. Goranko 2 G. van Drimmelen 2

Towards a model-checker for counter systems S. Demri 1 A. Finkel 1 V. Goranko 2 G. van Drimmelen 2 1 LSV, CNRS & ENS Cachan & INRIA Futurs 2 University of Witwatersrand, Johannesburg ATVA, October 2006, Beijing Motivations Presburger

679 views • 37 slides
Intersecting surface defects and 2d Conformal Field Theory Yiwen Pan Uppsala University

Intersecting surface defects and 2d Conformal Field Theory Yiwen Pan Uppsala University

Introduction Intersecting surface defects Summary Open problems Intersecting surface defects and 2d Conformal Field Theory Yiwen Pan Uppsala University [1610.03501] Gomis, Le Floch, YP, Peelaers [1612.xxxxx] YP, Peelaers Nov 17 2016

555 views • 53 slides
Exo%c and conven%onal mesons from la1ce QCD Sasa Prelovsek

Exo%c and conven%onal mesons from la1ce QCD Sasa Prelovsek

Exo%c and conven%onal mesons from la1ce QCD Sasa Prelovsek University of Ljubljana & Jozef Stefan Ins%tute, Ljubljana, Slovenia sasa.prelovsek@ij.si

417 views • 40 slides
The Structure of the Vacuum and Conformal Properties in High Temperature QCD Y. Iwasaki

The Structure of the Vacuum and Conformal Properties in High Temperature QCD Y. Iwasaki

2015/09/05 CCS The Structure of the Vacuum and Conformal Properties in High Temperature QCD Y. Iwasaki U.Tsukuba and KEK In Collaboration with K.-I. Ishikawa(U. Hiroshima) Yu Nakayama(Caltech & IPMU) T. Yoshie(U. Tsukuba) Phys.Rev.

364 views • 34 slides
Matrix model, supersymmetirc gauge theory, and discrete Painlev equation Takeshi Oota (NITEP

Matrix model, supersymmetirc gauge theory, and discrete Painlev equation Takeshi Oota (NITEP

Matrix model, supersymmetirc gauge theory, and discrete Painlev equation Takeshi Oota (NITEP and OCAMI) December 13, 2018 International Symposium in Honor of Professor Nambu for the 10th Anniversary of his Nobel Prize in Physics, Media

259 views • 23 slides
Baryon in the sextet gauge model Zoltan Fodor, Kieran Holland, Julius Kuti, Santanu Mondal,

Baryon in the sextet gauge model Zoltan Fodor, Kieran Holland, Julius Kuti, Santanu Mondal,

Baryon in the sextet gauge model Zoltan Fodor, Kieran Holland, Julius Kuti, Santanu Mondal, Daniel Nogradi, Chik Him Wong Lattice Higgs Collaboration ( L at HC ) Composite Higgs Model Strongly coupled gauge theory. Electroweak symmetry

247 views • 22 slides
On the spectrum of light mesons in an SU(2) gauge theory with dynamical fermions Reinhard Alkofer

On the spectrum of light mesons in an SU(2) gauge theory with dynamical fermions Reinhard Alkofer

On the spectrum of light mesons in an SU(2) gauge theory with dynamical fermions Reinhard Alkofer 1 and Milan Vujinovic 2 1 Institute of Physics, University of Graz 2 Sao Carlos Institute of Physics, University of Sao Paulo 8th International

421 views • 21 slides
Semi milept leptonic ic B decays La Thuile, Mar 10 th -17 th , 2012 Giulia Ricciardi

Semi milept leptonic ic B decays La Thuile, Mar 10 th -17 th , 2012 Giulia Ricciardi

Semi milept leptonic ic B decays La Thuile, Mar 10 th -17 th , 2012 Giulia Ricciardi Universit di Napoli Federico II Italy Effective Field teories for Collider physics, flavor phenomena and electroweak symmetry breaking, 10/13

339 views • 22 slides
Model visualisation (with ggplot2) Hadley Wickham Rice University Monday, 13 July 2009 1.

Model visualisation (with ggplot2) Hadley Wickham Rice University Monday, 13 July 2009 1.

Model visualisation (with ggplot2) Hadley Wickham Rice University Monday, 13 July 2009 1. Introducing plot.lm 2. The current state of play. Why this is suboptimal. 3. A better strategy: separate data from representation. 4. Why a canned

360 views • 25 slides

More recommend