Beyond Regular Model Checking
Post on 22-Feb-2016
53 Views
Preview:
DESCRIPTION
Transcript
{
Beyond RegularModel Checking
By Prof. Dana Fisman and Prof. Amir Pnueli
Presented by Yanir Damti
State explosion problem Parameterized systems Variables over infinite range
Symbolic model checking solves this problem by representing the model implicitly
For example with BDDs
Background2
Use {formal languages} for model representation
One established method is using Regular languages
Verification and formal languages3
{“x is even”:
This is a counter system. Sets of states are over alphabet , and the transition relation is over alphabet
Regular model checking - Example4
– Alphabet – A language over the alphabet We denote a word in :
Projection:
L - A language over Lifting:
Few Basic Definitions5
𝑤=𝑎1𝑎2⋯𝑎𝑛
𝑢=𝑏1𝑏2⋯𝑏𝑛
Regular languages can be applied to several types of parameterized problems.
Many interesting parameterized systems cannot be represented by regular languages.
The Peterson mutual exclusion algorithm that we’ll see later.
We’ll see three methods using non-regular classes of languages.
Non-Regular model checking6
{ {On one hand:
More expressive than the regular languages
On the other hand:
Adequate for symbolic model checking
Aim: Find a class of languages7
{Size of an adequate class of languages is bounded by a set of requirements.
8
Adequacy for Symbolic Model Checking
The following languages describe a model: - property to be verified - set of initial states - transition relation
Next, we see an algorithm using them.General method for symbolic model checking9
For repeat
until return
Procedure Backward MC
Complementation
Intersection
Projection
Lifting
Equivalence
Emptiness
10
For repeat
until return
– property to be verified, – set of initial states, – transition relation - classes of languages
We say are adequate for symbolic model checking if the requirements to follow hold.
More accurately…11
Requirements for Backward MC:1. are adequate for representing
respectively.2. is closed under complementation.3. is closed under lifting.4. is closed under intersection with .5. is closed under projection.6. is closed under intersection with , and
emptiness is decidable for .7. Equivalence is decidable for two
languages in .
More accurately…12
For repeat
until return
3 Methods13
1Initial states – non-regular,
the rest – regulars
2
Define a new non-regularclass of
languages
3
Private case of 2
: natural initially Number of processes
: array of initially Array of priorities
: array of Array of signatures
The Peterson Algorithm for Mutual Exclusion14
: integer : loop forever do
: Non-Critical : for to do
: : await
: Critical : The Peterson
Algorithm for Mutual Exclusion15
: Number of processes : Priority array : Signature array
Process :
Initial states – non-regular, the rest – regulars16
1
{ {Set of initial states
Context-freelanguage
Property to be verified, transition relation
Regularlanguage
Main Principle17
1
We take to be the context-free languages class
We take and to be the regular languages class
The extra help from the context-free class will make Peterson’s algorithm verification possible.
Main Principle18
1
For repeat
until return
⊕⋯⊕⏟0
∨⊕⋯⊕⏟1
∨⋯∨⊕⋯⊕⏟𝑁−1
∨⊕⋯⊕⏟𝑁−1
Representing Peterson’s System19
1
Σ={⊕ , |}
Priority(waiting processes)
Critical(priority still )
Transition relation:
Property’s negation:
Representing Peterson’s System20
Θ= {⊕𝑖 |𝑖 : 𝑖>1}
1
We defined initial states as a context-free language.
We defined the transition relation and property with regular languages.
We can model check with the Backward-MC algorithm
Goal: Show Mutual Exclusion21
1
For repeat
until return
Define a new non regular class of languages22
2
A DPDA is a tuple – Input alphabet – Set of states - Initial state – Stack alphabet – Stack bottom symbol – Transition relation: – Set of accepting states
Reminder: Pushdown Automata23
2
The class of languages accepted by pushdown automata is denoted:
We also denote the regulars as:
Pushdown Automata Language Class24
2
We define an operation:
We take a specific 1DPDA: We look at the set of all DPDA that is a
result of the above operation on with some FA, :
Main Principle25
2
DPDA with one state
Let be a 1DPDA:
can be considered:
Let be a DFA:
Cascade Product26
2
Δ :Σ× Γ⟶ Γ∗𝑆× 𝑆×
𝐷𝑃𝐷𝐴≜ ⟨ Σ ,𝑆 ,𝑠0 , Γ ,⊥ , 𝜌 ,𝐹 ⟩
The cascade product is a DPDA:
The transition relation:
Cascade Product27
2
Let be over alphabet , for some . Let be a mapping from to . The cascade product with respect to , :
Let’s complicate…28
2
Let be as before. Let be a DPDA: If for some and some , then we say is . We define the class of languages
accepted by any DPDA:
Define a Class of Languages29
2
2
We will show effective closure under: Complementation Lifting Intersection with a regular language
And we will also show: Equivalence is effectively decidable Emptiness is effectively decidable
The hard part: showing closure under projection. is Adequate for Symbolic Model Checking30
For repeat
until return
Let For simplification assume:
Input alphabet of A is
We compute the automaton of the projection of on the first coordinate:
Computing Projection31
2
Special Case of Cascade Product32
3
We consider the cascade product where:
does not look at the stack To accepted a word, stack have to be
emptied
Simple Product33
3
Separate the DFA part of the representation so that projection can be computed only using the DFA.
If we can write where is regular and has certain properties, than we can use the following algorithm for model checking.
Main Principle34
3
For repeat
until return
Modified Backward MC35
Original algorithm:For repeat
until return
3
The computation of in both versions is identical. That is:
The Main Claim36
For repeat
until return
Originalalgorithm
𝑀 𝑖
Induction
3
Definition: A language is left preserved by a bi-language if:
If and is left preserved by , than we can use the modified Forward MC
Preserved Language37
3
is left preserved by
We can use the modified Forward MC
Peterson example38
3
Claim: Proof:
Problem in the Claim39
3
Definition:
Fixing the Problem40
top related