model checking infinite state systems in sal
play

Model Checking Infinite-state Systems in SAL Bruno Dutertre, SRI - PowerPoint PPT Presentation

Nov 03, 2022 •361 likes •470 views

Computer Science Laboratory, SRI International Model Checking Infinite-state Systems in SAL Bruno Dutertre, SRI International Automated Formal Methods FLoC Workshop Seattle, August 21st 2006. Computer Science Laboratory, SRI International

  1. Computer Science Laboratory, SRI International Model Checking Infinite-state Systems in SAL Bruno Dutertre, SRI International Automated Formal Methods FLoC Workshop Seattle, August 21st 2006.

  2. Computer Science Laboratory, SRI International Outline The DRT Example Counter-based Model ◦ SAL model ◦ Property specification ◦ Verification Timeout Automata Model ◦ Definition ◦ Application to DRT References 1

  3. Computer Science Laboratory, SRI International DRT Simplified Delayed Trip Reactor (inspired by Lawford and Zhang, Equivalence Verification of Timed Transition Systems , ACSD 2004) Power = low Wait 2 s Power = high Power = high a c e Pressure = high open Relay Wait 3 s close Relay if Power = low Safety Property: if power and pressure at high at time t , and power is still high at t + 30 then the relay must be open for at least 20 time units, starting at some time in [ t + 30 , t + 31] . (time unit is 0 . 1 s) 2

  4. Computer Science Laboratory, SRI International Counter-Based Model Need: model real-time delays Approach: ◦ Discrete time and synchronouus composition ◦ One transition = one discrete time step = one time unit ◦ Integer-valued counters to model delays ◦ Finite model if all delays are bounded. 3

  5. Computer Science Laboratory, SRI International Application to DRT Controller Model Safety Property ◦ Specifying the property ◦ Analysis: smc, bmc, inf-bmc A Weaker Property Variant ◦ Reactor model and verification 4

  6. Computer Science Laboratory, SRI International k -induction To show that a transition system M = ( X, I, T ) satisfies ✷ P Usual induction ◦ Base case: I ( x ) ⇒ P ( x ) ◦ Induction step: P ( x ) ∧ T ( x, x ′ ) ⇒ P ( x ′ ) k -induction ◦ Base case: I ( x 0 ) ∧ T ( x 0 , x 1 ) ∧ . . . ∧ T ( x k − 2 , x k − 1 ) ⇒ P ( x 0 ) ∧ . . . ∧ P ( x k − 1 ) ◦ Induction step: P ( x 0 ) ∧ T ( x 0 , x 1 ) ∧ . . . ∧ T ( x k − 2 , x k − 1 ) ∧ P ( x k − 1 ) ∧ T ( x k − 1 , x k ) ⇒ P ( x k ) Usual induction is k -induction with k = 1 Proving ✷ P by k -induction is the same as proving ✷ ( P ∧ ◦ P ∧ . . . ∧ ◦ k − 1 P ) by induction 5

  7. Computer Science Laboratory, SRI International Limits of Counter Models Expressiveness ◦ Not applicable to dense time Verification Issues ◦ Lots of intermediate states where nothing happens (just counters get increased or decreased) ◦ BMC or induction depth depends on constants in the model (large depth for simple system may make SMC or BMC blow up) 6

  8. Computer Science Laboratory, SRI International Timeout-Based Model State variables ◦ global time t and timeouts τ 1 , . . . , τ n (real-valued) ◦ discrete variables τ i stores a time in the future, where a discrete transition is scheduled to happen t � τ i is an invariant Discrete Transitions ◦ Enabled when t = τ i for some i ◦ Do not change t and must update τ i to a value larger than t Time-progress transitions ◦ Enabled when t < min( τ 1 , . . . , τ n ) ◦ Increase t to min( τ 1 , . . . , τ n ) 7

  9. Computer Science Laboratory, SRI International Application to DRT SAL Model ◦ Controller ◦ Reactor ◦ Clock Verification ◦ BMC: search for counterexamples ◦ k -induction: proof ◦ discovering auxiliary lemmas 8

  10. Computer Science Laboratory, SRI International To Get More Information SAL and Yices ◦ http://sal.csl.sri.com & http://sal-wiki.csl.sri.com ◦ http://yices.csl.sri.com & http://yices-wiki.csl.sri.com Infinite & Timed Systems in SAL ◦ B. Dutertre and M. Sorea, Modeling and Verification of a Fault-Tolerant Real-time Startup Protocol using Calendar Automata , FORMATS/FTRTFT 2004 ( http://www.csl.sri.com/ ∼ bruno/publis/startup.pdf ) ◦ B. Dutertre and M. Sorea, Timed Systems in SAL , Technical Report, SRI-SDL-04-03, July 2004. ( http://www.csl.sri.com/ ∼ bruno/publis/sri-sdl-04-03.pdf ) ◦ L. Pike and S. Johnson, The Formal Verificaiton of a Reintegration Protocol , EMSOFT’05, ( http://www.cs.indiana.edu/ ∼ lepike/pub pages/emsoft.html ) ◦ G. Brown and L. Pike. Easy parameterized verification of biphase and 8N1 protocols , TACAS’06, ( http://www.cs.indiana.edu/ ∼ lepike/pub pages/bmp.html ) ◦ G. Brown and L. Pike. “Easy” parameterized verification of cross clock domain protocol , DCC’06, ( http://www.cs.indiana.edu/ ∼ lepike/pub pages/dcc.html ) 9

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Model Checking Finite State Finite State Model Checking Finite State Systems

Model Checking Finite State Finite State Model Checking Finite State Systems

Model Checking Finite State Finite State Model Checking Finite State Systems Informationsteknologi System Description A No! Debugging Information TOOL TOOL Yes, Requirement F Prototypes C T L Executable Code Test sequences Tools:

637 views • 34 slides
Liveness Checking as Safety Checking for Infinite State Spaces Viktor Schuppan 1 , Armin Biere 2 1

Liveness Checking as Safety Checking for Infinite State Spaces Viktor Schuppan 1 , Armin Biere 2 1

Liveness Checking as Safety Checking for Infinite State Spaces Viktor Schuppan 1 , Armin Biere 2 1 Computer Systems Institute, ETH Z urich 2 Institute for Formal Models and Verification, JKU Linz http://www.inf.ethz.ch/schuppan/

1.23k views • 18 slides
Infinite State Model-Checking of Propositional Dynamic Logics Stefan G oller and Markus Lohrey

Infinite State Model-Checking of Propositional Dynamic Logics Stefan G oller and Markus Lohrey

Infinite State Model-Checking of Propositional Dynamic Logics Stefan G oller and Markus Lohrey Universit at Stuttgart August 25, 2006 Stefan G oller and Markus Lohrey Universit at Stuttgart Infinite State Model-Checking of

1.35k views • 71 slides
Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is

Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is

Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is Model Checking? Model checking is an automated technique that, given a finite-state model of a system and a logical property , systematically

484 views • 36 slides
The Analysis of Infinite-State Systems Bernard Boigelot Universit e de Li` ege

The Analysis of Infinite-State Systems Bernard Boigelot Universit e de Li` ege

The Analysis of Infinite-State Systems Bernard Boigelot Universit e de Li` ege http://www.montefiore.ulg.ac.be/ boigelot/ 1 1. Introduction 2 Infinite-State Systems A model can have an infinite number of configurations because of

926 views • 70 slides
Bounded Model Checking for Finite-State Systems Copenhagen, 2 March 2010 Quantitative Model

Bounded Model Checking for Finite-State Systems Copenhagen, 2 March 2010 Quantitative Model

Bounded Model Checking for Finite-State Systems Copenhagen, 2 March 2010 Quantitative Model Checking PhD School Keijo Heljanko Aalto University Keijo.Heljanko@tkk.fi Bounded Model Checking Tutorial, Part I, Keijo Heljanko 1/54 Co-Author

717 views • 54 slides
Bounded Model Checking for Finite-State Systems Copenhagen, 2 March 2010 Quantitative Model

Bounded Model Checking for Finite-State Systems Copenhagen, 2 March 2010 Quantitative Model

Bounded Model Checking for Finite-State Systems Copenhagen, 2 March 2010 Quantitative Model Checking PhD School Keijo Heljanko Aalto University Keijo.Heljanko@tkk.fi Bounded Model Checking Tutorial, Part II, Keijo Heljanko 1/49 Co-Author

588 views • 55 slides
Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL Other interesting books: Model Checking by Clarke, Grumberg, and Peled Principles of Model Checking by Baier and Katoen 3 Course

636 views • 11 slides
Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole Model Checking C Model checking: normally applied to formal state transition systems checks safety and

439 views • 17 slides
Verification of Infinite-State Systems Ahmed Bouajjani LIAFA - University of Paris 7 Genova -

Verification of Infinite-State Systems Ahmed Bouajjani LIAFA - University of Paris 7 Genova -

Verification of Infinite-State Systems Ahmed Bouajjani LIAFA - University of Paris 7 Genova - November 2002 1 Why Consider Infinite-State Systems ? Real-time Constraints Embedded systems, telecommunication protocols, etc. Infinite Data

850 views • 73 slides
Model Checking in Systems Biology s Brim and Milan ska and David Lubo Ce Safr

Model Checking in Systems Biology s Brim and Milan ska and David Lubo Ce Safr

Model Checking in Systems Biology s Brim and Milan ska and David Lubo Ce Safr anek Masaryk University Czech Republic SFM 2013 1/150 Outline Introduction 1 LTL Model Checking 2 Parallel LTL Model Checking 3 Discrete

2.18k views • 199 slides
Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking Checking Checking for Timed Automata Timed Automata Coll C l C ll b llabora orators: t ors: Peter Bulychev, Alexandre David Axel Legay, Marius

725 views • 59 slides
Higher-Order Model Checking I: Relating Families of Generators of Infinite Structures Luke Ong

Higher-Order Model Checking I: Relating Families of Generators of Infinite Structures Luke Ong

Higher-Order Model Checking I: Relating Families of Generators of Infinite Structures Luke Ong University of Oxford http://www.cs.ox.ac.uk/people/luke.ong/personal/ http://mjolnir.cs.ox.ac.uk Estonia Winter School in Computer Science, 3-8 Mar

277 views • 27 slides
Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree Logic Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge

402 views • 25 slides
Directed Model Checking (not only) for Timed Automata Sebastian Kupferschmid March, 2010 Model

Directed Model Checking (not only) for Timed Automata Sebastian Kupferschmid March, 2010 Model

Directed Model Checking (not only) for Timed Automata Sebastian Kupferschmid March, 2010 Model Checking Motivation Embedded Systems Omnipresent Safety relevant systems Pentium bug Ariane 5 Errors can be extremely harmful Correct

837 views • 67 slides
Algorithms for CTL B. Srivathsan Chennai Mathematical Institute Model Checking and Systems

Algorithms for CTL B. Srivathsan Chennai Mathematical Institute Model Checking and Systems

Algorithms for CTL B. Srivathsan Chennai Mathematical Institute Model Checking and Systems Verification January - April 2016 1 / 22 Module 1: Adequate CTL formulae 2 / 22 Recap of CTL State formulae := true | p i | 1 2 | 1

1.4k views • 123 slides
Relay : a high level differentiable IR Jared Roesch TVMConf December 12th, 2018 1 This

Relay : a high level differentiable IR Jared Roesch TVMConf December 12th, 2018 1 This

Relay : a high level differentiable IR Jared Roesch TVMConf December 12th, 2018 1 This represents months of joint work with lots of great folks: 2 TVM Stack Optimization High-Level Differentiable IR Relay AutoTVM Tensor Expression

634 views • 36 slides
Status of Krell Tools Built using Dyninst/MRNet Paradyn Week

Status of Krell Tools Built using Dyninst/MRNet Paradyn Week

Status of Krell Tools Built using Dyninst/MRNet Paradyn Week 2013 Madison, Wisconsin April 30, 2013 LLNL-PRES-503431 Paradyn Week 2013 04/30/2013

515 views • 28 slides
Street lighting monitoring at cabinet level using open-source tools: a real scenario Adamo Ferro

Street lighting monitoring at cabinet level using open-source tools: a real scenario Adamo Ferro

IEEE Second International Smart Cities Conference (ISC2 2016) Trento, 14/09/2016 Street lighting monitoring at cabinet level using open-source tools: a real scenario Adamo Ferro adamo_ferro@comune.trento.it Outline Introduction and

344 views • 15 slides
Complex malware &amp; forensic investigation RMLL 2016 Paul Rascagnres &amp; Sebastien

Complex malware &amp; forensic investigation RMLL 2016 Paul Rascagnres &amp; Sebastien

Complex malware &amp; forensic investigation RMLL 2016 Paul Rascagnres &amp; Sebastien Larinier Complex malware &amp; forensics investigation | about us Me: Paul Rascagnres Twitter account: @r00tbsd Senior threat researcher at CERT

501 views • 49 slides
MSRP Relays Rohan Mahy (rohan@cisco.com) Cullen Jennings (fluffy@cisco.com) Status and Changes

MSRP Relays Rohan Mahy (rohan@cisco.com) Cullen Jennings (fluffy@cisco.com) Status and Changes

MSRP Relays Rohan Mahy (rohan@cisco.com) Cullen Jennings (fluffy@cisco.com) Status and Changes Document still contains inconsistencies Edited late at night with too little time The new MSRP draft contains the changes to make the

310 views • 9 slides
Towards Relay: a New IR for Machine Learning Frameworks Jared Roesch , Steven Lyubomirsky, Logan

Towards Relay: a New IR for Machine Learning Frameworks Jared Roesch , Steven Lyubomirsky, Logan

Towards Relay: a New IR for Machine Learning Frameworks Jared Roesch , Steven Lyubomirsky, Logan Weber, Josh Pollock, Marisa Kirisame, Tianqi Chen, Zachary Tatlock 2 Tension between performance and flexibility 3 Tension between

947 views • 67 slides
Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine Universit e catholique de Louvain, Belgium Information Security Group SUMMARY RFID Background Relay Attacks Countermeasures and Evolved Frauds

633 views • 40 slides
Long Distance Relay Attack Luigi Sportiello Joint Research Centre Institute for the Protection

Long Distance Relay Attack Luigi Sportiello Joint Research Centre Institute for the Protection

Long Distance Relay Attack Luigi Sportiello Joint Research Centre Institute for the Protection and the Security of the Citizen European Commission Smart Cards Something you have Secure data storage Qualify the holder for

482 views • 16 slides

More recommend