SlideShare a Scribd company logo

Temporal logic-model-checking

Dr. Jayaraj Poroor
Dr. Jayaraj Poroor

An older presentation I gave on temporal logic and model checking. Note that the diamond operator (signifying eventuality) does not appear properly in the uploaded slide.

Software
1 of 36
Download to read offline
Temporal Logic & Model Checking Dr. Jayaraj Poroor
Formal methods: Why? REAL DEVELOPMENT IDEAL DEVELOPMENT Specification ¯ Design ¯ Coding ¯ Testing ¯ Product …. + DErrors ¯ + DErrors ¯¯ + DBugs ¯¯¯ Limited Coverage ¯ with safety issues
Formal methods: Where? Life Critical Mission Critical Medical Devices Therac-25 Space Vehicles Ariane-5 Industrial Control Slammer Worm at Davis-Besse Plant • An Investigation of Therac-25 Accidents [Leveson, Turner, 93] • Ariane 5 Flight 501 Failure, Report by Inquiry Board [Lions, 96] • Slammer worm crashed Ohio nuke plant network, News Report [http://www.securityfocus.com/news/6767, 03]
Sentences (Syntax) and Models (Semantics) “Every PhD student must have an advisor who is a member of faculty” F = "x× phd-student(x) Þ $y × advisor-of(y, x) Ù faculty(y) What does F mean? ◦ Classical Interpretation - A mathematical structure with: ◦ advisor-of mapped to a binary relation on the structure ◦ phd-student, faculty mapped to unary relations ◦ Logical symbols (Ù, Þ) have fixed interpretation ◦ Quantifiers (",$) range over elements of the underlying set Model of F = a satisfying interpretation for F
Fundamental reasoning tasks M satisfies F ? Model checking problem ? satisfies F Satisfiability problem * satisfies F Validity problem { a : M |= F(a)} Formula (query) evaluation Note: |= denotes satisfies relation
Modal Logic Modalities: Necessity, knowledge, belief, obligation, tense ◦ Symbolic Logic [Lewis,32] Possible World Semantics ◦ Kripke Structure Temporal Logic ◦ Time and Modality [Prior,57] ◦ Temporal modalities: always (), eventually ()
Possible Worlds & Kripke Structure for a washing machine idle spinning outlet-open Kripke Structure = (States, ®, washing Accessibility Relation: { } inlet-open outlet-open  alarm Ø(spinning Ù washing)  Ø(inlet-open Ù outlet-open) L) L : States ® 2AP alarm
Verification: Sequential Programs ◦ Assigning Meanings to Programs [Floyd,67] ◦ An Axiomatic basis for Computer Programming [Hoare, CACM69] (Hoare Logic) ◦ Guarded commands, non-determinism and formal derivation of programs [Dijstra,75] (GCL)
Hoare Logic (Assignment Axiom) (Conditional Rule) (Sequencing Rule) ; Proof Tableaux (Pre-strengthening, Post-weakening)
Hoare Logic Example P = if (x > y) then z := x else z := y Prove that: {true} P {z = max(x,y)} {true} if (x > y) then {x > y} {x = max(x,y)} {z = max(x,y)} z := x else z := y {true} {Ø(x > y)} {z = max(x,y)} {z = max(x,y)} {y = max(x,y)} x > y Þ x = max(x,y) x £ y Þ y = max(x,y)
Concurrency Simple pre-condition/post-condition assertions insufficient ◦ Deadlocks, Data races, Starvation! ◦ Need a language for expressing concurrency properties Cannot ignore intermediate steps! ◦ P ; Q : Intermediate states of P & Q do not interleave/interact ◦ P || Q : Intermediate states interleave/interact (in exponential number of ways)
Specifying properties of concurrent systems Language: Temporal Logic The Temporal Logic of Programs [Pnueli,77] (Linear Temporal Logic) Safety ◦ something bad will never happen: ◦  Ø(spinning Ù washing) Liveness ◦ Something good will eventually happen: ◦  alarm Fairness ◦ Always something good will eventually happen ◦   idle
Why Temporal Logics? Computational System Modal and Temporal Logics Operational Semantics models of Labelled Transition System (Kripke Structure) [Stirling03] http://www.fing.edu.uy/inco/eventos/wssa/
Producer-Consumer with 1-buffer Producer wtp: while (!isempty); csp: buf = produce(); flp : isempty = false; Consumer wtc: while (isempty); csc: consume(buf); flc : isempty = true;
State space for 1-buffer system States = control state ´ data state = {wtp,csp,flp} ´ {wtc,csc,flc} ´ {da} ´ {em} wt : wait cs : critical section fl : flag update da : buf has data available em : isempty is true e.g., (wtp, csc, ,em) Î States
LTS for 1-buffer system wtp, wtc, ,em csp, wtc,da,em flp, wtc,da, wtp, wtc,da, flp, csc, , flp, flc, ,em wtp, csc, , wtp, flc, ,em flp, wtc, ,em csp, flc,da,em flp, flc,da, wtp, flc,da,
Temporal Properties for 1-buffer system Safety:  Ø(csp Ù csc) ◦ Producer and Consumer will never be in the CS at the same time Liveness:  (da Ù Ø em) ◦ Eventually data will become available and empty flag reset Fairness:  csp ◦ Producer is always given a fair chance to produce
Model Checking Model checking: M |= F? Design & Synthesis of synchronization skeletons using branching temporal logic [Clarke &Emerson, 81] Specification & Verification of Concurrent Systems in Cesar [Queille & Sifakis, 82] Automatic Verification of Finite-State Concurrent Systems using Temporal Logic Specifications [Clarke, Emerson, Sistla, TOPLAS86]
Computations of LTS Unfold LTS ® Infinite tree of computations ◦ Interleaved Semantics ◦ Concurrency as non-determinism View of computations: Linear vs Branching ◦ Linear Temporal Logic ◦ Computational Tree Logic
Computational Tree Logic Path quantifier ◦ A: All paths (inevitably) ◦ E: there Exists a path (possibly) Temporal operator ◦ X: neXt state ◦ F: some Future state (eventually) ◦ G: Globally; all future states ◦ U: Until e.g., AF: for all paths eventually, EG: for some path globally
CTL semantics s0 s0 M,s0 |= AF p [Clarke, Emerson, Sistla, TOPLAS86] M s0 M,s0 |= AG p M,s0 |= EF p
CTL examples Logic in Computer Science [Huth, Ryan, 04]
Computational Tree Logic f ::= T | F | p | Øf | fÙf | fÚf | f®f | AX f | EX f | AF f | EF f | AG f | EG f | A [f U f] | E [f U f] A: inevitably (along all paths) E : possibly (there exists a path) G: globally (always), F: in future (eventually) X: neXt state, U: until
Model Checking M |= F? SAT(M, f) : 2S ◦ INPUT: CTL model M = (S, ®, L) CTL formula f ◦ OUTPUT: Set of states (Í S)that satisfy f ◦ Complexity: O(f . |S| . (|S| + |®|)) Logic in Computer Science [Huth, Ryan, 04]
SAT: Conjunction & Inevitability y1, y2,, y1, y2 y1 Ù y2 AFy AFy AFy AFy AFy AFy AFy y y, AFy
SAT: Possibly Until y1 E[y1Uy2 ] y1, E[y1Uy2 ] E[y1Uy2 ] y2, E[y1Uy2 ] y2
SAT(f) : 2S begin case(f) T : return S ^ : return Æ Øy : return S – SAT(y) f1Ùf2 : return SAT(f1) Ç SAT(f2) f1Úf2 : return SAT(f1) È SAT(f2) f1Þf2 : return SAT(Øf1Úf2) …
SAT (case(f) cont.d) AFy : SATAF(y) E[f1Uf2] : SATEU(f1,f2) end case end
SATAF(f) function f(f,Y) begin if Y = Æ then return SAT(f) else return Y È pre"(Y) end begin Y := Æ; repeat X := Y; Y := f(f,Y); until X = Y end
Fixpoint characterization Consider, F: 2S ® 2S Formula are identified with their characteristic set ◦ e.g. f denotes set of all states where f is true Subsets of S (Î2S) form complete lattice ◦ Partial order: Í, Join: È, Meet: Ç Knaster-Tarski theorem ◦ “Monotone functions on a complete lattice possess least and greatest fixpoints”: A lattice-theoretical fixpoint theorem and its applications [Tarski,55]
Fixpoint characterization: Eventually, Until EFf = mZ. f Ú EX Z AFf = mZ. f Ú AX Z E[y1Uy2] = mZ. y2 Ú (y1 Ù EX Z) A[y1Uy2] = mZ. y2 Ú (y1 Ù AX Z)
Fixpoint characterization: globally AGf = nZ.fÙAX Z EGf = nZ.fÙEX Z
LTL Model checking The complexity of propositional linear temporal logics [Sistla, Clarke, 85] Checking that finite state concurrent programs satisfy their linear specification, [Lichtenstein, Pnueli, POPL85] An automata-theoretic approach to automatic program verification [Vardi, Wolper, 86] ◦ LTL to Buchi Automata
State explosion The state explosion problem [Clarke, Grumberg, 87] ◦ Number of concurrent processes ◦ Number of variables Partial-order reduction ◦ An Introduction to Trace Theory [Mazurkiewicz,95] Symbolic Model Checking: 1020 states and beyond [Burch, Clarke, McMillan, Dill, Hwang, 92] ◦ OBDD: Ordered Binary Decision Diagrams [Bryant,86] ◦ m-Calculus: Finiteness is m-ineffable [Park,74] Abstraction Combining theorem-proving & model checking On-the-fly model checking
Some Tools SPIN/Promela ◦ http://spinroot.com Java Pathfinder ◦ http://javapathfinder.sourceforge.net/ NuSMV ◦ http://nusmv.irst.itc.it/
Thank You Have a great day!

Recommended

Introduction to Compiler design
Introduction to Compiler design Introduction to Compiler design
Introduction to Compiler design Dr. C.V. Suresh Babu
 
Divide and conquer
Divide and conquerDivide and conquer
Divide and conquerDr Shashikant Athawale
 
ProLog (Artificial Intelligence) Introduction
ProLog (Artificial Intelligence) IntroductionProLog (Artificial Intelligence) Introduction
ProLog (Artificial Intelligence) Introductionwahab khan
 
CS8461 - Design and Analysis of Algorithms
CS8461 - Design and Analysis of AlgorithmsCS8461 - Design and Analysis of Algorithms
CS8461 - Design and Analysis of AlgorithmsKrishnan MuthuManickam
 
Planning
Planning Planning
Planning Amar Jukuntla
 
Performance analysis(Time & Space Complexity)
Performance analysis(Time & Space Complexity)Performance analysis(Time & Space Complexity)
Performance analysis(Time & Space Complexity)swapnac12
 
COMPILER DESIGN- Syntax Directed Translation
COMPILER DESIGN- Syntax Directed TranslationCOMPILER DESIGN- Syntax Directed Translation
COMPILER DESIGN- Syntax Directed TranslationJyothishmathi Institute of Technology and Science Karimnagar
 
Predicate logic
Predicate logic Predicate logic
Predicate logicHarini Balamurugan
 

Recommended

Introduction to Compiler design
Introduction to Compiler design Introduction to Compiler design
Introduction to Compiler design Dr. C.V. Suresh Babu
 
Divide and conquer
Divide and conquerDivide and conquer
Divide and conquerDr Shashikant Athawale
 
ProLog (Artificial Intelligence) Introduction
ProLog (Artificial Intelligence) IntroductionProLog (Artificial Intelligence) Introduction
ProLog (Artificial Intelligence) Introductionwahab khan
 
CS8461 - Design and Analysis of Algorithms
CS8461 - Design and Analysis of AlgorithmsCS8461 - Design and Analysis of Algorithms
CS8461 - Design and Analysis of AlgorithmsKrishnan MuthuManickam
 
Planning
Planning Planning
Planning Amar Jukuntla
 
Performance analysis(Time & Space Complexity)
Performance analysis(Time & Space Complexity)Performance analysis(Time & Space Complexity)
Performance analysis(Time & Space Complexity)swapnac12
 
COMPILER DESIGN- Syntax Directed Translation
COMPILER DESIGN- Syntax Directed TranslationCOMPILER DESIGN- Syntax Directed Translation
COMPILER DESIGN- Syntax Directed TranslationJyothishmathi Institute of Technology and Science Karimnagar
 
Predicate logic
Predicate logic Predicate logic
Predicate logicHarini Balamurugan
 
Np cooks theorem
Np cooks theoremNp cooks theorem
Np cooks theoremNarayana Galla
 
Petri Nets: Properties, Analysis and Applications
Petri Nets: Properties, Analysis and ApplicationsPetri Nets: Properties, Analysis and Applications
Petri Nets: Properties, Analysis and ApplicationsDr. Mohamed Torky
 
Prolog basics
Prolog basicsProlog basics
Prolog basicsshivani saluja
 
Design and analysis of algorithms
Design and analysis of algorithmsDesign and analysis of algorithms
Design and analysis of algorithmsDr Geetha Mohan
 
Artificial Intelligence Notes Unit 2
Artificial Intelligence Notes Unit 2Artificial Intelligence Notes Unit 2
Artificial Intelligence Notes Unit 2DigiGurukul
 
Mathematical Analysis of Recursive Algorithm.
Mathematical Analysis of Recursive Algorithm.Mathematical Analysis of Recursive Algorithm.
Mathematical Analysis of Recursive Algorithm.mohanrathod18
 
Chapter 5 Syntax Directed Translation
Chapter 5 Syntax Directed TranslationChapter 5 Syntax Directed Translation
Chapter 5 Syntax Directed TranslationRadhakrishnan Chinnusamy
 
Chapt 02 ia-32 processer architecture
Chapt 02 ia-32 processer architectureChapt 02 ia-32 processer architecture
Chapt 02 ia-32 processer architecturebushrakainat214
 
DESIGN AND ANALYSIS OF ALGORITHMS
DESIGN AND ANALYSIS OF ALGORITHMSDESIGN AND ANALYSIS OF ALGORITHMS
DESIGN AND ANALYSIS OF ALGORITHMSGayathri Gaayu
 
Control Strategies in AI
Control Strategies in AIControl Strategies in AI
Control Strategies in AIAmey Kerkar
 
Phases of Compiler
Phases of CompilerPhases of Compiler
Phases of CompilerTanzeela_Hussain
 
Computer Organization and Assembly Language
Computer Organization and Assembly LanguageComputer Organization and Assembly Language
Computer Organization and Assembly Languagefasihuddin90
 
Basic blocks and flow graph in Compiler Construction
Basic blocks and flow graph in Compiler ConstructionBasic blocks and flow graph in Compiler Construction
Basic blocks and flow graph in Compiler ConstructionMuhammad Haroon
 
Parsing in Compiler Design
Parsing in Compiler DesignParsing in Compiler Design
Parsing in Compiler DesignAkhil Kaushik
 
Knowledge Representation & Reasoning
Knowledge Representation & ReasoningKnowledge Representation & Reasoning
Knowledge Representation & ReasoningSajid Marwat
 
L03 ai - knowledge representation using logic
L03 ai - knowledge representation using logicL03 ai - knowledge representation using logic
L03 ai - knowledge representation using logicManjula V
 
Lamport’s algorithm for mutual exclusion
Lamport’s algorithm for mutual exclusionLamport’s algorithm for mutual exclusion
Lamport’s algorithm for mutual exclusionNeelamani Samal
 
Top down and botttom up Parsing
Top down and botttom up ParsingTop down and botttom up Parsing
Top down and botttom up ParsingGerwin Ocsena
 
Cs6660 compiler design may june 2016 Answer Key
Cs6660 compiler design may june 2016 Answer KeyCs6660 compiler design may june 2016 Answer Key
Cs6660 compiler design may june 2016 Answer Keyappasami
 
Run time storage
Run time storageRun time storage
Run time storageRasineni Madhan Mohan Naidu
 
TLA+ and PlusCal / An engineer's perspective
TLA+ and PlusCal / An engineer's perspectiveTLA+ and PlusCal / An engineer's perspective
TLA+ and PlusCal / An engineer's perspectiveTorao Takami
 
queuing-theory.2858801.powerpoint.pptx
queuing-theory.2858801.powerpoint.pptxqueuing-theory.2858801.powerpoint.pptx
queuing-theory.2858801.powerpoint.pptxsaipawanism
 

More Related Content

What's hot

Petri Nets: Properties, Analysis and Applications
Petri Nets: Properties, Analysis and ApplicationsPetri Nets: Properties, Analysis and Applications
Petri Nets: Properties, Analysis and ApplicationsDr. Mohamed Torky
 
Design and analysis of algorithms
Design and analysis of algorithmsDesign and analysis of algorithms
Design and analysis of algorithmsDr Geetha Mohan
 
Artificial Intelligence Notes Unit 2
Artificial Intelligence Notes Unit 2Artificial Intelligence Notes Unit 2
Artificial Intelligence Notes Unit 2DigiGurukul
 
Mathematical Analysis of Recursive Algorithm.
Mathematical Analysis of Recursive Algorithm.Mathematical Analysis of Recursive Algorithm.
Mathematical Analysis of Recursive Algorithm.mohanrathod18
 
Chapt 02 ia-32 processer architecture
Chapt 02 ia-32 processer architectureChapt 02 ia-32 processer architecture
Chapt 02 ia-32 processer architecturebushrakainat214
 
DESIGN AND ANALYSIS OF ALGORITHMS
DESIGN AND ANALYSIS OF ALGORITHMSDESIGN AND ANALYSIS OF ALGORITHMS
DESIGN AND ANALYSIS OF ALGORITHMSGayathri Gaayu
 
Control Strategies in AI
Control Strategies in AIControl Strategies in AI
Control Strategies in AIAmey Kerkar
 
Computer Organization and Assembly Language
Computer Organization and Assembly LanguageComputer Organization and Assembly Language
Computer Organization and Assembly Languagefasihuddin90
 
Basic blocks and flow graph in Compiler Construction
Basic blocks and flow graph in Compiler ConstructionBasic blocks and flow graph in Compiler Construction
Basic blocks and flow graph in Compiler ConstructionMuhammad Haroon
 
Parsing in Compiler Design
Parsing in Compiler DesignParsing in Compiler Design
Parsing in Compiler DesignAkhil Kaushik
 
Knowledge Representation & Reasoning
Knowledge Representation & ReasoningKnowledge Representation & Reasoning
Knowledge Representation & ReasoningSajid Marwat
 
L03 ai - knowledge representation using logic
L03 ai - knowledge representation using logicL03 ai - knowledge representation using logic
L03 ai - knowledge representation using logicManjula V
 
Lamport’s algorithm for mutual exclusion
Lamport’s algorithm for mutual exclusionLamport’s algorithm for mutual exclusion
Lamport’s algorithm for mutual exclusionNeelamani Samal
 
Top down and botttom up Parsing
Top down and botttom up ParsingTop down and botttom up Parsing
Top down and botttom up ParsingGerwin Ocsena
 
Cs6660 compiler design may june 2016 Answer Key
Cs6660 compiler design may june 2016 Answer KeyCs6660 compiler design may june 2016 Answer Key
Cs6660 compiler design may june 2016 Answer Keyappasami
 

What's hot (20)

Np cooks theorem
Np cooks theoremNp cooks theorem
Np cooks theorem
 
Petri Nets: Properties, Analysis and Applications
Petri Nets: Properties, Analysis and ApplicationsPetri Nets: Properties, Analysis and Applications
Petri Nets: Properties, Analysis and Applications
 
Prolog basics
Prolog basicsProlog basics
Prolog basics
 
Design and analysis of algorithms
Design and analysis of algorithmsDesign and analysis of algorithms
Design and analysis of algorithms
 
Artificial Intelligence Notes Unit 2
Artificial Intelligence Notes Unit 2Artificial Intelligence Notes Unit 2
Artificial Intelligence Notes Unit 2
 
Mathematical Analysis of Recursive Algorithm.
Mathematical Analysis of Recursive Algorithm.Mathematical Analysis of Recursive Algorithm.
Mathematical Analysis of Recursive Algorithm.
 
Chapter 5 Syntax Directed Translation
Chapter 5 Syntax Directed TranslationChapter 5 Syntax Directed Translation
Chapter 5 Syntax Directed Translation
 
Chapt 02 ia-32 processer architecture
Chapt 02 ia-32 processer architectureChapt 02 ia-32 processer architecture
Chapt 02 ia-32 processer architecture
 
DESIGN AND ANALYSIS OF ALGORITHMS
DESIGN AND ANALYSIS OF ALGORITHMSDESIGN AND ANALYSIS OF ALGORITHMS
DESIGN AND ANALYSIS OF ALGORITHMS
 
Control Strategies in AI
Control Strategies in AIControl Strategies in AI
Control Strategies in AI
 
Phases of Compiler
Phases of CompilerPhases of Compiler
Phases of Compiler
 
Computer Organization and Assembly Language
Computer Organization and Assembly LanguageComputer Organization and Assembly Language
Computer Organization and Assembly Language
 
Basic blocks and flow graph in Compiler Construction
Basic blocks and flow graph in Compiler ConstructionBasic blocks and flow graph in Compiler Construction
Basic blocks and flow graph in Compiler Construction
 
Parsing in Compiler Design
Parsing in Compiler DesignParsing in Compiler Design
Parsing in Compiler Design
 
Knowledge Representation & Reasoning
Knowledge Representation & ReasoningKnowledge Representation & Reasoning
Knowledge Representation & Reasoning
 
L03 ai - knowledge representation using logic
L03 ai - knowledge representation using logicL03 ai - knowledge representation using logic
L03 ai - knowledge representation using logic
 
Lamport’s algorithm for mutual exclusion
Lamport’s algorithm for mutual exclusionLamport’s algorithm for mutual exclusion
Lamport’s algorithm for mutual exclusion
 
Top down and botttom up Parsing
Top down and botttom up ParsingTop down and botttom up Parsing
Top down and botttom up Parsing
 
Cs6660 compiler design may june 2016 Answer Key
Cs6660 compiler design may june 2016 Answer KeyCs6660 compiler design may june 2016 Answer Key
Cs6660 compiler design may june 2016 Answer Key
 
Run time storage
Run time storageRun time storage
Run time storage
 

Similar to Temporal logic-model-checking

TLA+ and PlusCal / An engineer's perspective
TLA+ and PlusCal / An engineer's perspectiveTLA+ and PlusCal / An engineer's perspective
TLA+ and PlusCal / An engineer's perspectiveTorao Takami
 
queuing-theory.2858801.powerpoint.pptx
queuing-theory.2858801.powerpoint.pptxqueuing-theory.2858801.powerpoint.pptx
queuing-theory.2858801.powerpoint.pptxsaipawanism
 
Queuing theory is a branch of mathematics that studies the behavior of waitin...
Queuing theory is a branch of mathematics that studies the behavior of waitin...Queuing theory is a branch of mathematics that studies the behavior of waitin...
Queuing theory is a branch of mathematics that studies the behavior of waitin...Sonam704174
 
Sampled-Data Piecewise Affine Slab Systems: A Time-Delay Approach
Sampled-Data Piecewise Affine Slab Systems: A Time-Delay ApproachSampled-Data Piecewise Affine Slab Systems: A Time-Delay Approach
Sampled-Data Piecewise Affine Slab Systems: A Time-Delay ApproachBehzad Samadi
 
Modeling and Reasoning in Event Calculus using Goal-Directed Constraint Answe...
Modeling and Reasoning in Event Calculus using Goal-Directed Constraint Answe...Modeling and Reasoning in Event Calculus using Goal-Directed Constraint Answe...
Modeling and Reasoning in Event Calculus using Goal-Directed Constraint Answe...Universidad Rey Juan Carlos
 
Introduction to Julia
Introduction to JuliaIntroduction to Julia
Introduction to Julia岳華 杜
 
Otter 2014-12-01-01-slideshare-2
Otter 2014-12-01-01-slideshare-2Otter 2014-12-01-01-slideshare-2
Otter 2014-12-01-01-slideshare-2Ruo Ando
 
Supervisory control of discrete event systems for linear temporal logic speci...
Supervisory control of discrete event systems for linear temporal logic speci...Supervisory control of discrete event systems for linear temporal logic speci...
Supervisory control of discrete event systems for linear temporal logic speci...AmiSakakibara
 
Actuator Constrained Optimal Control of Formations Near the Libration Points
Actuator Constrained Optimal Control of Formations Near the Libration PointsActuator Constrained Optimal Control of Formations Near the Libration Points
Actuator Constrained Optimal Control of Formations Near the Libration PointsBelinda Marchand
 
論文紹介 Hyperkernel: Push-Button Verification of an OS Kernel (SOSP’17)
論文紹介 Hyperkernel: Push-Button Verification of an OS Kernel (SOSP’17)論文紹介 Hyperkernel: Push-Button Verification of an OS Kernel (SOSP’17)
論文紹介 Hyperkernel: Push-Button Verification of an OS Kernel (SOSP’17)mmisono
 
Queueing Theory.pptx
Queueing Theory.pptxQueueing Theory.pptx
Queueing Theory.pptxVidhyaSenthil
 
Pwl rewal-slideshare
Pwl rewal-slidesharePwl rewal-slideshare
Pwl rewal-slidesharepalvaro
 
Lec09- AI
Lec09- AILec09- AI
Lec09- AIdrmbalu
 
OCLR: A More Expressive, Pattern-Based Temporal Extension of OCL
OCLR: A More Expressive, Pattern-Based Temporal Extension of OCLOCLR: A More Expressive, Pattern-Based Temporal Extension of OCL
OCLR: A More Expressive, Pattern-Based Temporal Extension of OCLLionel Briand
 
Classical and Modern Control Theory
Classical and Modern Control TheoryClassical and Modern Control Theory
Classical and Modern Control TheoryQazi Ejaz
 

Similar to Temporal logic-model-checking (20)

TLA+ and PlusCal / An engineer's perspective
TLA+ and PlusCal / An engineer's perspectiveTLA+ and PlusCal / An engineer's perspective
TLA+ and PlusCal / An engineer's perspective
 
queuing-theory.2858801.powerpoint.pptx
queuing-theory.2858801.powerpoint.pptxqueuing-theory.2858801.powerpoint.pptx
queuing-theory.2858801.powerpoint.pptx
 
Queuing theory is a branch of mathematics that studies the behavior of waitin...
Queuing theory is a branch of mathematics that studies the behavior of waitin...Queuing theory is a branch of mathematics that studies the behavior of waitin...
Queuing theory is a branch of mathematics that studies the behavior of waitin...
 
bluespec talk
bluespec talkbluespec talk
bluespec talk
 
Static Analysis and Verification of C Programs
Static Analysis and Verification of C ProgramsStatic Analysis and Verification of C Programs
Static Analysis and Verification of C Programs
 
Sampled-Data Piecewise Affine Slab Systems: A Time-Delay Approach
Sampled-Data Piecewise Affine Slab Systems: A Time-Delay ApproachSampled-Data Piecewise Affine Slab Systems: A Time-Delay Approach
Sampled-Data Piecewise Affine Slab Systems: A Time-Delay Approach
 
Modeling and Reasoning in Event Calculus using Goal-Directed Constraint Answe...
Modeling and Reasoning in Event Calculus using Goal-Directed Constraint Answe...Modeling and Reasoning in Event Calculus using Goal-Directed Constraint Answe...
Modeling and Reasoning in Event Calculus using Goal-Directed Constraint Answe...
 
Introduction to Julia
Introduction to JuliaIntroduction to Julia
Introduction to Julia
 
Otter 2014-12-01-01-slideshare-2
Otter 2014-12-01-01-slideshare-2Otter 2014-12-01-01-slideshare-2
Otter 2014-12-01-01-slideshare-2
 
Supervisory control of discrete event systems for linear temporal logic speci...
Supervisory control of discrete event systems for linear temporal logic speci...Supervisory control of discrete event systems for linear temporal logic speci...
Supervisory control of discrete event systems for linear temporal logic speci...
 
Actuator Constrained Optimal Control of Formations Near the Libration Points
Actuator Constrained Optimal Control of Formations Near the Libration PointsActuator Constrained Optimal Control of Formations Near the Libration Points
Actuator Constrained Optimal Control of Formations Near the Libration Points
 
論文紹介 Hyperkernel: Push-Button Verification of an OS Kernel (SOSP’17)
論文紹介 Hyperkernel: Push-Button Verification of an OS Kernel (SOSP’17)論文紹介 Hyperkernel: Push-Button Verification of an OS Kernel (SOSP’17)
論文紹介 Hyperkernel: Push-Button Verification of an OS Kernel (SOSP’17)
 
Phd Defense 2007
Phd Defense 2007Phd Defense 2007
Phd Defense 2007
 
Queueing Theory.pptx
Queueing Theory.pptxQueueing Theory.pptx
Queueing Theory.pptx
 
Week08.pdf
Week08.pdfWeek08.pdf
Week08.pdf
 
Mutation @ Spotify
Mutation @ Spotify Mutation @ Spotify
Mutation @ Spotify
 
Pwl rewal-slideshare
Pwl rewal-slidesharePwl rewal-slideshare
Pwl rewal-slideshare
 
Lec09- AI
Lec09- AILec09- AI
Lec09- AI
 
OCLR: A More Expressive, Pattern-Based Temporal Extension of OCL
OCLR: A More Expressive, Pattern-Based Temporal Extension of OCLOCLR: A More Expressive, Pattern-Based Temporal Extension of OCL
OCLR: A More Expressive, Pattern-Based Temporal Extension of OCL
 
Classical and Modern Control Theory
Classical and Modern Control TheoryClassical and Modern Control Theory
Classical and Modern Control Theory
 

Recently uploaded

How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Best Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfBest Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfIdiosysTechnologies1
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....kzayra69
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 

Recently uploaded (20)

How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Best Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfBest Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdf
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 

Temporal logic-model-checking

  • 1. Temporal Logic & Model Checking Dr. Jayaraj Poroor
  • 2. Formal methods: Why? REAL DEVELOPMENT IDEAL DEVELOPMENT Specification ¯ Design ¯ Coding ¯ Testing ¯ Product …. + DErrors ¯ + DErrors ¯¯ + DBugs ¯¯¯ Limited Coverage ¯ with safety issues
  • 3. Formal methods: Where? Life Critical Mission Critical Medical Devices Therac-25 Space Vehicles Ariane-5 Industrial Control Slammer Worm at Davis-Besse Plant • An Investigation of Therac-25 Accidents [Leveson, Turner, 93] • Ariane 5 Flight 501 Failure, Report by Inquiry Board [Lions, 96] • Slammer worm crashed Ohio nuke plant network, News Report [http://www.securityfocus.com/news/6767, 03]
  • 4. Sentences (Syntax) and Models (Semantics) “Every PhD student must have an advisor who is a member of faculty” F = "x× phd-student(x) Þ $y × advisor-of(y, x) Ù faculty(y) What does F mean? ◦ Classical Interpretation - A mathematical structure with: ◦ advisor-of mapped to a binary relation on the structure ◦ phd-student, faculty mapped to unary relations ◦ Logical symbols (Ù, Þ) have fixed interpretation ◦ Quantifiers (",$) range over elements of the underlying set Model of F = a satisfying interpretation for F
  • 5. Fundamental reasoning tasks M satisfies F ? Model checking problem ? satisfies F Satisfiability problem * satisfies F Validity problem { a : M |= F(a)} Formula (query) evaluation Note: |= denotes satisfies relation
  • 6. Modal Logic Modalities: Necessity, knowledge, belief, obligation, tense ◦ Symbolic Logic [Lewis,32] Possible World Semantics ◦ Kripke Structure Temporal Logic ◦ Time and Modality [Prior,57] ◦ Temporal modalities: always (), eventually ()
  • 7. Possible Worlds & Kripke Structure for a washing machine idle spinning outlet-open Kripke Structure = (States, ®, washing Accessibility Relation: { } inlet-open outlet-open  alarm Ø(spinning Ù washing)  Ø(inlet-open Ù outlet-open) L) L : States ® 2AP alarm
  • 8. Verification: Sequential Programs ◦ Assigning Meanings to Programs [Floyd,67] ◦ An Axiomatic basis for Computer Programming [Hoare, CACM69] (Hoare Logic) ◦ Guarded commands, non-determinism and formal derivation of programs [Dijstra,75] (GCL)
  • 9. Hoare Logic (Assignment Axiom) (Conditional Rule) (Sequencing Rule) ; Proof Tableaux (Pre-strengthening, Post-weakening)
  • 10. Hoare Logic Example P = if (x > y) then z := x else z := y Prove that: {true} P {z = max(x,y)} {true} if (x > y) then {x > y} {x = max(x,y)} {z = max(x,y)} z := x else z := y {true} {Ø(x > y)} {z = max(x,y)} {z = max(x,y)} {y = max(x,y)} x > y Þ x = max(x,y) x £ y Þ y = max(x,y)
  • 11. Concurrency Simple pre-condition/post-condition assertions insufficient ◦ Deadlocks, Data races, Starvation! ◦ Need a language for expressing concurrency properties Cannot ignore intermediate steps! ◦ P ; Q : Intermediate states of P & Q do not interleave/interact ◦ P || Q : Intermediate states interleave/interact (in exponential number of ways)
  • 12. Specifying properties of concurrent systems Language: Temporal Logic The Temporal Logic of Programs [Pnueli,77] (Linear Temporal Logic) Safety ◦ something bad will never happen: ◦  Ø(spinning Ù washing) Liveness ◦ Something good will eventually happen: ◦  alarm Fairness ◦ Always something good will eventually happen ◦   idle
  • 13. Why Temporal Logics? Computational System Modal and Temporal Logics Operational Semantics models of Labelled Transition System (Kripke Structure) [Stirling03] http://www.fing.edu.uy/inco/eventos/wssa/
  • 14. Producer-Consumer with 1-buffer Producer wtp: while (!isempty); csp: buf = produce(); flp : isempty = false; Consumer wtc: while (isempty); csc: consume(buf); flc : isempty = true;
  • 15. State space for 1-buffer system States = control state ´ data state = {wtp,csp,flp} ´ {wtc,csc,flc} ´ {da} ´ {em} wt : wait cs : critical section fl : flag update da : buf has data available em : isempty is true e.g., (wtp, csc, ,em) Î States
  • 16. LTS for 1-buffer system wtp, wtc, ,em csp, wtc,da,em flp, wtc,da, wtp, wtc,da, flp, csc, , flp, flc, ,em wtp, csc, , wtp, flc, ,em flp, wtc, ,em csp, flc,da,em flp, flc,da, wtp, flc,da,
  • 17. Temporal Properties for 1-buffer system Safety:  Ø(csp Ù csc) ◦ Producer and Consumer will never be in the CS at the same time Liveness:  (da Ù Ø em) ◦ Eventually data will become available and empty flag reset Fairness:  csp ◦ Producer is always given a fair chance to produce
  • 18. Model Checking Model checking: M |= F? Design & Synthesis of synchronization skeletons using branching temporal logic [Clarke &Emerson, 81] Specification & Verification of Concurrent Systems in Cesar [Queille & Sifakis, 82] Automatic Verification of Finite-State Concurrent Systems using Temporal Logic Specifications [Clarke, Emerson, Sistla, TOPLAS86]
  • 19. Computations of LTS Unfold LTS ® Infinite tree of computations ◦ Interleaved Semantics ◦ Concurrency as non-determinism View of computations: Linear vs Branching ◦ Linear Temporal Logic ◦ Computational Tree Logic
  • 20. Computational Tree Logic Path quantifier ◦ A: All paths (inevitably) ◦ E: there Exists a path (possibly) Temporal operator ◦ X: neXt state ◦ F: some Future state (eventually) ◦ G: Globally; all future states ◦ U: Until e.g., AF: for all paths eventually, EG: for some path globally
  • 21. CTL semantics s0 s0 M,s0 |= AF p [Clarke, Emerson, Sistla, TOPLAS86] M s0 M,s0 |= AG p M,s0 |= EF p
  • 22. CTL examples Logic in Computer Science [Huth, Ryan, 04]
  • 23. Computational Tree Logic f ::= T | F | p | Øf | fÙf | fÚf | f®f | AX f | EX f | AF f | EF f | AG f | EG f | A [f U f] | E [f U f] A: inevitably (along all paths) E : possibly (there exists a path) G: globally (always), F: in future (eventually) X: neXt state, U: until
  • 24. Model Checking M |= F? SAT(M, f) : 2S ◦ INPUT: CTL model M = (S, ®, L) CTL formula f ◦ OUTPUT: Set of states (Í S)that satisfy f ◦ Complexity: O(f . |S| . (|S| + |®|)) Logic in Computer Science [Huth, Ryan, 04]
  • 25. SAT: Conjunction & Inevitability y1, y2,, y1, y2 y1 Ù y2 AFy AFy AFy AFy AFy AFy AFy y y, AFy
  • 26. SAT: Possibly Until y1 E[y1Uy2 ] y1, E[y1Uy2 ] E[y1Uy2 ] y2, E[y1Uy2 ] y2
  • 27. SAT(f) : 2S begin case(f) T : return S ^ : return Æ Øy : return S – SAT(y) f1Ùf2 : return SAT(f1) Ç SAT(f2) f1Úf2 : return SAT(f1) È SAT(f2) f1Þf2 : return SAT(Øf1Úf2) …
  • 28. SAT (case(f) cont.d) AFy : SATAF(y) E[f1Uf2] : SATEU(f1,f2) end case end
  • 29. SATAF(f) function f(f,Y) begin if Y = Æ then return SAT(f) else return Y È pre"(Y) end begin Y := Æ; repeat X := Y; Y := f(f,Y); until X = Y end
  • 30. Fixpoint characterization Consider, F: 2S ® 2S Formula are identified with their characteristic set ◦ e.g. f denotes set of all states where f is true Subsets of S (Î2S) form complete lattice ◦ Partial order: Í, Join: È, Meet: Ç Knaster-Tarski theorem ◦ “Monotone functions on a complete lattice possess least and greatest fixpoints”: A lattice-theoretical fixpoint theorem and its applications [Tarski,55]
  • 31. Fixpoint characterization: Eventually, Until EFf = mZ. f Ú EX Z AFf = mZ. f Ú AX Z E[y1Uy2] = mZ. y2 Ú (y1 Ù EX Z) A[y1Uy2] = mZ. y2 Ú (y1 Ù AX Z)
  • 32. Fixpoint characterization: globally AGf = nZ.fÙAX Z EGf = nZ.fÙEX Z
  • 33. LTL Model checking The complexity of propositional linear temporal logics [Sistla, Clarke, 85] Checking that finite state concurrent programs satisfy their linear specification, [Lichtenstein, Pnueli, POPL85] An automata-theoretic approach to automatic program verification [Vardi, Wolper, 86] ◦ LTL to Buchi Automata
  • 34. State explosion The state explosion problem [Clarke, Grumberg, 87] ◦ Number of concurrent processes ◦ Number of variables Partial-order reduction ◦ An Introduction to Trace Theory [Mazurkiewicz,95] Symbolic Model Checking: 1020 states and beyond [Burch, Clarke, McMillan, Dill, Hwang, 92] ◦ OBDD: Ordered Binary Decision Diagrams [Bryant,86] ◦ m-Calculus: Finiteness is m-ineffable [Park,74] Abstraction Combining theorem-proving & model checking On-the-fly model checking
  • 35. Some Tools SPIN/Promela ◦ http://spinroot.com Java Pathfinder ◦ http://javapathfinder.sourceforge.net/ NuSMV ◦ http://nusmv.irst.itc.it/
  • 36. Thank You Have a great day!