Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik
Mar 21, 2016
Software Verification 2Automated Verification
Prof. Dr. Holger SchlingloffInstitut für Informatik der Humboldt Universität
andFraunhofer Institut für Rechnerarchitektur und Softwaretechnik
Slide 2H. Schlingloff, SS2012: SWV 2
CTL model checking• For each LTS/model there is exactly one computation
tree CTL model checking works directly on the model (no need to
extract computation sequences)• For all subformulas of a formula and all states of a
given model, mark whether the state satisfies the subformula iteration on formulas according to their inductive definition if p is an atomic proposition, then pM= I(p) M={} (φψ)M = (M-φM +ψ M) (EXφ)M = {w | w‘ (wRw‘ w‘φM )} (AXφ)M = {w | Aw‘ (wRw‘ w‘φM )}
5.7.2012
Slide 3H. Schlingloff, SS2012: SWV 2
Symbolic Representation
•Modelchecking algorithm deals with sets of states and with relations (sets of pairs of states)
•Need an efficient representation•BDD of the set {x | x >12 or even}
x1&x2 | !x4
5.7.2012
Slide 4H. Schlingloff, SS2012: SWV 2
Calculation of BDDs
5.7.2012
Slide 5H. Schlingloff, SS2012: SWV 2
The Influence of Variable Ordering
• Heuristics: keep dependent variables close together!5.7.2012
Slide 6H. Schlingloff, SS2012: SWV 2
Operations on BDDs• Negation: easy (exchange T and F)• Falsum: trivial• and, or: Shannon expansion
(φ OP ψ) = x (φ{x:=T} OP ψ{x:=T}) ¬ x (φ{x:=} OP ψ{x:=})
(φψ) = (x (φ{x:=T} ψ{x:=T})) (¬ x (φ{x:=} ψ{x:=}))
• BDD realization?
12.4.2012
Slide 7H. Schlingloff, SS2012: SWV 2
BDD-implies
12.4.2012
Slide 8H. Schlingloff, SS2012: SWV 2
Transitive Closure• Each finite (transition) relation can be
represented as a boolean formula / BDD • The transitive closure of a relation R is defined
recursively by
• Thus, transitive closure be calculated by an iteration on BDDs
• Logical operations (, , ) can be directly performed on BDDs
5.7.2012
Slide 9H. Schlingloff, SS2012: SWV 2
Reachability
•State s is reachable iff s0R*s, where s0S0 is an initial state and R is the transition relation
•Reachability is one of the most important properties in verification most safety properties can be reduced to it in a search algorithm, is the goal reachable?
•Can be arbitrarily hard for infinite state systems undecidable
•Can be efficiently calculated with BDDs
5.7.2012
Slide 10H. Schlingloff, SS2012: SWV 2
• Intuitively, xR*y iff there is a sequence w0 w1 ... wn of nodes connecting x with y
In a finite model, this sequence must be smaller than the number of states.
In practice, usually a few dozen steps are sufficient5.7.2012
Slide 11H. Schlingloff, SS2012: SWV 2
Reflection
•What has been achievedVorläufige Vorlesungsplanung- Einführung - Modellierung von Systemen - Temporale Logik - Modellprüfung - Symbolische Repräsentation - Abstraktion - Realzeit
•Where this is relevant HW design (IEEE‐1850 PSL) Safety-critical SW design Embedded systems design
5.7.2012
Slide 12H. Schlingloff, SS2012: SWV 2
Feedback
5.7.2012