SlideShare una empresa de Scribd logo
1 de 19
Classic Model Checking Algorithms
           in Reactive Software Systems




                                          US Naval Postgraduate School

                                                     Donna A. Dulo
                                                             US Dept of Army
                                                                Fall 2007


SW 4920 Formal Verification & Validation of Reactive Software Systems
Classic Model Checking

                     Classic Model Checking refers to the Set of Non-Execution
                     Based Algorithmic Approaches for Checking a Property
                     expressed as:


                                      A Linear Time Logic (LTL) Formula
                                      A Computational Tree Logic (CTL) Formula
                                      A CTL* Formula
                                      A Finite State Automaton


                     Against a model, which can be expressed as:
                                      A Finite State Machine
                                      A Kripke Structure

SW 4920 Formal Verification & Validation of Reactive Software Systems
The Algorithms of Classical Model
                                   Checking




SW 4920 Formal Verification & Validation of Reactive Software Systems
Classic Model Checkers


           Most popular developed in academia Classic
           Model Checkers available in the public domain:



                                                      SPIN  LTL
                                                     SMV  CTL




SW 4920 Formal Verification & Validation of Reactive Software Systems
CTL Model Checking

                 • CTL Model Checking aims to establish

                                                      M |= φ ?

                 Does the model M satisfy the specification φ?

                 • M is given as a Kripke structure

                 and φ is given as a formula in temporal logic CTL



SW 4920 Formal Verification & Validation of Reactive Software Systems
CTL Model Checking
                 • Given
                                 - a finite-state Kripke structure M = (Q,T,L)

                                - where AP are atomic propositions

                 • L: Q → 2AP is a labeling of states with propositions

                                and a CTL formula φ

                 • Find all states in M that satisfy φ :

                                 {q ∈ Q | M,q ╞ φ }

                 and check that this set includes all initial states



SW 4920 Formal Verification & Validation of Reactive Software Systems
CTL Model Checking

          • CTL syntax:

          φ ::= p | ¬φ | φ1 ^ φ2 | AX φ | EX φ | A(φ1 U φ2) |
          E(φ1 U φ2) | AF φ | EF φ | AG φ | EG φ


          – Every operator F, G, X, U is preceded by A or E


          Every formula can be translated to Existential Normal Form (ENF):

          φ ::= p | ¬φ | φ1 ^ φ2 | EX φ | E(φ1 U φ2) | EG φ




SW 4920 Formal Verification & Validation of Reactive Software Systems
CTL Model Checking Algorithm
               • Convert formula to ENF

               • Build parse tree of the formula

               • Proceed recursively, bottom-up (from leaves
               upwards) labeling states for each sub-formula

               – if sub-formula is true in q ∈ Q, add it to the set of
               labels for q, lbl(q)

               – continue processing upwards on the formula parse tree

               – stop when root of the parse tree is checked

               • When the algorithm terminates
                    – M╞ φ iff the initial state is labeled with φ


SW 4920 Formal Verification & Validation of Reactive Software Systems
CTL Model Checking Algorithm

                 • Example formula:

                 ¬E [ true U EG (PC1=15 ^ PC2=23)]

                 • Build parse tree


                                                                    ¬
                                                                    EU


                                                                              EG
                                                      True


                                                                              ^
                                                                         15        23



SW 4920 Formal Verification & Validation of Reactive Software Systems
CTL Model Checking Algorithm


                 • Aim         to calculate lbl(q) for state q

                 • Initialize lbl(q) to {true}

                 • Must consider 6 cases:

                 φ ::= p | ¬φ | φ1 ^ φ2 | EX φ | E(φ1 U φ2) | EG φ




SW 4920 Formal Verification & Validation of Reactive Software Systems
CTL Model Checking
                               φ ::= p | ¬φ | φ1 ^ φ2 | EX φ | E(φ1 U φ2) | EG φ


                 • Case 1: φ is atomic proposition
                 Add φ to lbl(q) if φ ∈ L(q)

                 • Case 2: φ is negation
                 Add φ to lbl(q) if ¬φ ∈ lbl(q)

                 • Case 3: φ is conjunction
                 Add φ to lbl(q) if φ1, φ2 ∈ lbl(q)

                 • Case 4: φ is EX ψ

                 • Case 5: φ is E(φ1 U φ2)

                 • Case 6: φ is EG ψ

SW 4920 Formal Verification & Validation of Reactive Software Systems
CTL Model Checking Algorithm

         Case 1: φ is atomic proposition
         Add φ to lbl(q) if φ ∈ L(q)




                                                                        State Space

SW 4920 Formal Verification & Validation of Reactive Software Systems
CTL Model Checking Algorithm


                 • After moving through all of the cases

                 ¬E [ true U EG (PC1=15 ^ PC2=23)]


                 • Find no states satisfy the property


                 • Conclusion: The model M does not satisfy the property




SW 4920 Formal Verification & Validation of Reactive Software Systems
LTL Model Checking

     Finite State Model

                                                                                  System OK



                                                                        Model
                                                                        Checker
                                                                                   ERROR
                                                                                   Trace

Temporal Logic Formula
                                                                                  Error 1…

               Φ
               ( −> ◊ Ω)                                                          Error 2…
                                                                                  Error 3…
                                                                                  …
                                                                                  Error n




SW 4920 Formal Verification & Validation of Reactive Software Systems
LTL Model Checking

     Finite State Model                                       Decision Problem:

                                                                                      System OK



                                                                        Model
                                                                        Checker
                                                                                       ERROR
                                                                                       Trace

Temporal Logic Formula
                                                                                      Error 1…

               Φ
               ( −> ◊ Ω)                                                              Error 2…
                                           Given finite transition system TS and      Error 3…

                                           LTL-formula ϕ: exhibit “yes” if TS |= ϕ,   …
                                                                                      Error n
                                           and “no” (plus a counterexample) if TS |
                                           =ϕ

SW 4920 Formal Verification & Validation of Reactive Software Systems
LTL Model Checking Algorithm

                                                                                                                   System OK
                                                                 Model Checker


                                      Transition System TS
                                                                           Product
                                                                          Transition
                                                                           System

                                                                         TS Ø A ¬φ     TS Ø A ¬φ |= Ppers (A ¬φ)

                                      Generalized
                                        Buchi                  Buchi
                                      Automaton              Automaton

                                         G ¬φ                  A ¬φ




                                                                                                                    ERROR
   LTL Formula                                                                                                      Trace
         ¬φ



SW 4920 Formal Verification & Validation of Reactive Software Systems
Complexity
                   • CTL Model Checking:

                          – Partition the state space into strongly
                   connected components, O(|Q|+|T|)

                                   – Traverse the transition graph, O(|Q|+|T|)

                                   - The overall complexity is O(|φ|*(|Q|+|T|))

                   • LTL Model Checking:

                            – is O(2|φ| *(|Q|+|T|)), the exponential in size
                   of the formula

                                   – Linear in relation to size of model, as is CTL



SW 4920 Formal Verification & Validation of Reactive Software Systems
Questions?




SW 4920 Formal Verification & Validation of Reactive Software Systems
References
       Clark, E.M., Grumberg, O., & Peled, D.A. (1999). Model Checking. MIT Press: Cambridge.


       Corbett, J.C. & Pasareneau, C. (2007). Translating Ada programs for Model Checking. University of Hawaii.


       Drusinski, D., Michael, J.B., & Shing, M. (2007). “Three Dimensions of Formal Validation and Verification
                       of Reactive System Behaviors. US Naval Postgraduate School, NPS-CS-07-008.


       Dwyer, M., Hatcliff, J. & Avrunin, G. (2004). Software Model Checking for Embedded Systems. Kansas State
       University.


       Intel Corporation. (2007). “Classic Model Checking Introduction”. www.intel.com.


       Katoen, J.P. (2006). “LTL Model Checking using Automata”. www-i2.informatik.rwth-aachen.de.




SW 4920 Formal Verification & Validation of Reactive Software Systems

Más contenido relacionado

La actualidad más candente

Code obfuscation
Code obfuscationCode obfuscation
Code obfuscationbijondesai
 
Moore and Mealy machines
Moore and Mealy machinesMoore and Mealy machines
Moore and Mealy machinesIrfan Anjum
 
software project management Artifact set(spm)
software project management Artifact set(spm)software project management Artifact set(spm)
software project management Artifact set(spm)REHMAT ULLAH
 
The Problem Tracking System
The Problem Tracking SystemThe Problem Tracking System
The Problem Tracking SystemSonali Chawla
 
basics of compiler design
basics of compiler designbasics of compiler design
basics of compiler designPreeti Katiyar
 

La actualidad más candente (7)

Code obfuscation
Code obfuscationCode obfuscation
Code obfuscation
 
Moore and Mealy machines
Moore and Mealy machinesMoore and Mealy machines
Moore and Mealy machines
 
software project management Artifact set(spm)
software project management Artifact set(spm)software project management Artifact set(spm)
software project management Artifact set(spm)
 
The Problem Tracking System
The Problem Tracking SystemThe Problem Tracking System
The Problem Tracking System
 
RC4&RC5
RC4&RC5RC4&RC5
RC4&RC5
 
Software Engineering
Software EngineeringSoftware Engineering
Software Engineering
 
basics of compiler design
basics of compiler designbasics of compiler design
basics of compiler design
 

Destacado

Linear Temporal Logic LTL
Linear Temporal Logic LTLLinear Temporal Logic LTL
Linear Temporal Logic LTLAnit Thapaliya
 
Temporal logic and functional reactive programming
Temporal logic and functional reactive programmingTemporal logic and functional reactive programming
Temporal logic and functional reactive programmingSergei Winitzki
 
Rapport Ventes Marketing Communication Service-Client
Rapport Ventes Marketing Communication Service-ClientRapport Ventes Marketing Communication Service-Client
Rapport Ventes Marketing Communication Service-ClientSaaS Guru
 
11 j. techniques de vente ADIE 08.14
11 j. techniques de vente ADIE 08.1411 j. techniques de vente ADIE 08.14
11 j. techniques de vente ADIE 08.14Delphine Cottin
 
Vente et négociation
Vente et négociationVente et négociation
Vente et négociationlevent-oksuz
 
Model Checking Tutorial
Model Checking TutorialModel Checking Tutorial
Model Checking TutorialAnit Thapaliya
 
Cours de techniques de vente
Cours de techniques de venteCours de techniques de vente
Cours de techniques de venteAIESEC Medina
 
Formation skillcamp1fr
Formation skillcamp1frFormation skillcamp1fr
Formation skillcamp1frjolistartup
 
3 phases pour faire croître les ventes de son e-commerce de 30%
3 phases pour faire croître les ventes de son e-commerce de 30% 3 phases pour faire croître les ventes de son e-commerce de 30%
3 phases pour faire croître les ventes de son e-commerce de 30% ludovic barthélémy
 
les fondamentaux de la vente : comment apprendre à vendre
les fondamentaux de la vente : comment apprendre à vendreles fondamentaux de la vente : comment apprendre à vendre
les fondamentaux de la vente : comment apprendre à vendreJustin Derbyshire
 

Destacado (16)

Temporal logic-model-checking
Temporal logic-model-checkingTemporal logic-model-checking
Temporal logic-model-checking
 
Linear Temporal Logic LTL
Linear Temporal Logic LTLLinear Temporal Logic LTL
Linear Temporal Logic LTL
 
Temporal logic and functional reactive programming
Temporal logic and functional reactive programmingTemporal logic and functional reactive programming
Temporal logic and functional reactive programming
 
Rapport Ventes Marketing Communication Service-Client
Rapport Ventes Marketing Communication Service-ClientRapport Ventes Marketing Communication Service-Client
Rapport Ventes Marketing Communication Service-Client
 
11 j. techniques de vente ADIE 08.14
11 j. techniques de vente ADIE 08.1411 j. techniques de vente ADIE 08.14
11 j. techniques de vente ADIE 08.14
 
FPGA workshop
FPGA workshopFPGA workshop
FPGA workshop
 
Vente et négociation
Vente et négociationVente et négociation
Vente et négociation
 
Cours techniques de vente - complet
Cours techniques de vente - completCours techniques de vente - complet
Cours techniques de vente - complet
 
Model Checking Tutorial
Model Checking TutorialModel Checking Tutorial
Model Checking Tutorial
 
Technique d'argumentation 3
Technique d'argumentation 3Technique d'argumentation 3
Technique d'argumentation 3
 
Cours Techniques Vente
Cours Techniques VenteCours Techniques Vente
Cours Techniques Vente
 
Cours de techniques de vente
Cours de techniques de venteCours de techniques de vente
Cours de techniques de vente
 
Formation skillcamp1fr
Formation skillcamp1frFormation skillcamp1fr
Formation skillcamp1fr
 
3 phases pour faire croître les ventes de son e-commerce de 30%
3 phases pour faire croître les ventes de son e-commerce de 30% 3 phases pour faire croître les ventes de son e-commerce de 30%
3 phases pour faire croître les ventes de son e-commerce de 30%
 
les fondamentaux de la vente : comment apprendre à vendre
les fondamentaux de la vente : comment apprendre à vendreles fondamentaux de la vente : comment apprendre à vendre
les fondamentaux de la vente : comment apprendre à vendre
 
Les étapes de la vente
Les étapes de la venteLes étapes de la vente
Les étapes de la vente
 

Similar a Classic Model Checking Algorithms

Classic Formal Methods Model Checking
Classic Formal Methods Model CheckingClassic Formal Methods Model Checking
Classic Formal Methods Model Checkingtyramisu
 
Verification of confliction and unreachability in rule based expert systems w...
Verification of confliction and unreachability in rule based expert systems w...Verification of confliction and unreachability in rule based expert systems w...
Verification of confliction and unreachability in rule based expert systems w...ijaia
 
Temporal logics for multi-agent systems
Temporal logics for multi-agent systemsTemporal logics for multi-agent systems
Temporal logics for multi-agent systemsFoCAS Initiative
 
A New Model Checking Tool
A New Model Checking ToolA New Model Checking Tool
A New Model Checking Toolinfopapers
 
Laser 1-background
Laser 1-backgroundLaser 1-background
Laser 1-backgroundCarlo Ghezzi
 
ClockSystem: Embedding Time in Smalltalk
ClockSystem: Embedding Time in SmalltalkClockSystem: Embedding Time in Smalltalk
ClockSystem: Embedding Time in SmalltalkESUG
 
Introduction to formal methods lecture notes
Introduction to formal methods lecture notesIntroduction to formal methods lecture notes
Introduction to formal methods lecture notesJikAlvin
 
20100522 software verification_sharygina_lecture02
20100522 software verification_sharygina_lecture0220100522 software verification_sharygina_lecture02
20100522 software verification_sharygina_lecture02Computer Science Club
 
Testing of Cyber-Physical Systems: Diversity-driven Strategies
Testing of Cyber-Physical Systems: Diversity-driven StrategiesTesting of Cyber-Physical Systems: Diversity-driven Strategies
Testing of Cyber-Physical Systems: Diversity-driven StrategiesLionel Briand
 
Integrating Adaptation Mechanisms Using Control Theory Centric Architecture M...
Integrating Adaptation Mechanisms Using Control Theory Centric Architecture M...Integrating Adaptation Mechanisms Using Control Theory Centric Architecture M...
Integrating Adaptation Mechanisms Using Control Theory Centric Architecture M...Filip Krikava
 
20100522 software verification_sharygina_lecture01
20100522 software verification_sharygina_lecture0120100522 software verification_sharygina_lecture01
20100522 software verification_sharygina_lecture01Computer Science Club
 
KNL3353_Control_System_Engineering_Lectu.ppt
KNL3353_Control_System_Engineering_Lectu.pptKNL3353_Control_System_Engineering_Lectu.ppt
KNL3353_Control_System_Engineering_Lectu.pptSherAli984263
 
Analysis and Design of PID controller with control parameters in MATLAB and S...
Analysis and Design of PID controller with control parameters in MATLAB and S...Analysis and Design of PID controller with control parameters in MATLAB and S...
Analysis and Design of PID controller with control parameters in MATLAB and S...MIbrar4
 
Algebraic Approach to Implementing an ATL Model Checker
Algebraic Approach to Implementing an ATL Model CheckerAlgebraic Approach to Implementing an ATL Model Checker
Algebraic Approach to Implementing an ATL Model Checkerinfopapers
 
MPC Bilinear com restrições - MCA 2008
MPC Bilinear com restrições - MCA 2008MPC Bilinear com restrições - MCA 2008
MPC Bilinear com restrições - MCA 2008Márcio Garcia
 
Optimal and Power Aware BIST for Delay Testing of System-On-Chip
Optimal and Power Aware BIST for Delay Testing of System-On-ChipOptimal and Power Aware BIST for Delay Testing of System-On-Chip
Optimal and Power Aware BIST for Delay Testing of System-On-ChipIDES Editor
 

Similar a Classic Model Checking Algorithms (20)

Classic Formal Methods Model Checking
Classic Formal Methods Model CheckingClassic Formal Methods Model Checking
Classic Formal Methods Model Checking
 
Quantified NTL
Quantified NTLQuantified NTL
Quantified NTL
 
Model checker for NTCC
Model checker for NTCCModel checker for NTCC
Model checker for NTCC
 
MSc_thesis
MSc_thesisMSc_thesis
MSc_thesis
 
Verification of confliction and unreachability in rule based expert systems w...
Verification of confliction and unreachability in rule based expert systems w...Verification of confliction and unreachability in rule based expert systems w...
Verification of confliction and unreachability in rule based expert systems w...
 
Temporal logics for multi-agent systems
Temporal logics for multi-agent systemsTemporal logics for multi-agent systems
Temporal logics for multi-agent systems
 
A New Model Checking Tool
A New Model Checking ToolA New Model Checking Tool
A New Model Checking Tool
 
Laser 1-background
Laser 1-backgroundLaser 1-background
Laser 1-background
 
ClockSystem: Embedding Time in Smalltalk
ClockSystem: Embedding Time in SmalltalkClockSystem: Embedding Time in Smalltalk
ClockSystem: Embedding Time in Smalltalk
 
Introduction to formal methods lecture notes
Introduction to formal methods lecture notesIntroduction to formal methods lecture notes
Introduction to formal methods lecture notes
 
20100522 software verification_sharygina_lecture02
20100522 software verification_sharygina_lecture0220100522 software verification_sharygina_lecture02
20100522 software verification_sharygina_lecture02
 
Testing of Cyber-Physical Systems: Diversity-driven Strategies
Testing of Cyber-Physical Systems: Diversity-driven StrategiesTesting of Cyber-Physical Systems: Diversity-driven Strategies
Testing of Cyber-Physical Systems: Diversity-driven Strategies
 
Integrating Adaptation Mechanisms Using Control Theory Centric Architecture M...
Integrating Adaptation Mechanisms Using Control Theory Centric Architecture M...Integrating Adaptation Mechanisms Using Control Theory Centric Architecture M...
Integrating Adaptation Mechanisms Using Control Theory Centric Architecture M...
 
20100522 software verification_sharygina_lecture01
20100522 software verification_sharygina_lecture0120100522 software verification_sharygina_lecture01
20100522 software verification_sharygina_lecture01
 
KNL3353_Control_System_Engineering_Lectu.ppt
KNL3353_Control_System_Engineering_Lectu.pptKNL3353_Control_System_Engineering_Lectu.ppt
KNL3353_Control_System_Engineering_Lectu.ppt
 
Presentation1
Presentation1Presentation1
Presentation1
 
Analysis and Design of PID controller with control parameters in MATLAB and S...
Analysis and Design of PID controller with control parameters in MATLAB and S...Analysis and Design of PID controller with control parameters in MATLAB and S...
Analysis and Design of PID controller with control parameters in MATLAB and S...
 
Algebraic Approach to Implementing an ATL Model Checker
Algebraic Approach to Implementing an ATL Model CheckerAlgebraic Approach to Implementing an ATL Model Checker
Algebraic Approach to Implementing an ATL Model Checker
 
MPC Bilinear com restrições - MCA 2008
MPC Bilinear com restrições - MCA 2008MPC Bilinear com restrições - MCA 2008
MPC Bilinear com restrições - MCA 2008
 
Optimal and Power Aware BIST for Delay Testing of System-On-Chip
Optimal and Power Aware BIST for Delay Testing of System-On-ChipOptimal and Power Aware BIST for Delay Testing of System-On-Chip
Optimal and Power Aware BIST for Delay Testing of System-On-Chip
 

Classic Model Checking Algorithms

  • 1. Classic Model Checking Algorithms in Reactive Software Systems US Naval Postgraduate School Donna A. Dulo US Dept of Army Fall 2007 SW 4920 Formal Verification & Validation of Reactive Software Systems
  • 2. Classic Model Checking Classic Model Checking refers to the Set of Non-Execution Based Algorithmic Approaches for Checking a Property expressed as:  A Linear Time Logic (LTL) Formula  A Computational Tree Logic (CTL) Formula  A CTL* Formula  A Finite State Automaton Against a model, which can be expressed as:  A Finite State Machine  A Kripke Structure SW 4920 Formal Verification & Validation of Reactive Software Systems
  • 3. The Algorithms of Classical Model Checking SW 4920 Formal Verification & Validation of Reactive Software Systems
  • 4. Classic Model Checkers Most popular developed in academia Classic Model Checkers available in the public domain: SPIN  LTL SMV  CTL SW 4920 Formal Verification & Validation of Reactive Software Systems
  • 5. CTL Model Checking • CTL Model Checking aims to establish M |= φ ? Does the model M satisfy the specification φ? • M is given as a Kripke structure and φ is given as a formula in temporal logic CTL SW 4920 Formal Verification & Validation of Reactive Software Systems
  • 6. CTL Model Checking • Given - a finite-state Kripke structure M = (Q,T,L) - where AP are atomic propositions • L: Q → 2AP is a labeling of states with propositions and a CTL formula φ • Find all states in M that satisfy φ : {q ∈ Q | M,q ╞ φ } and check that this set includes all initial states SW 4920 Formal Verification & Validation of Reactive Software Systems
  • 7. CTL Model Checking • CTL syntax: φ ::= p | ¬φ | φ1 ^ φ2 | AX φ | EX φ | A(φ1 U φ2) | E(φ1 U φ2) | AF φ | EF φ | AG φ | EG φ – Every operator F, G, X, U is preceded by A or E Every formula can be translated to Existential Normal Form (ENF): φ ::= p | ¬φ | φ1 ^ φ2 | EX φ | E(φ1 U φ2) | EG φ SW 4920 Formal Verification & Validation of Reactive Software Systems
  • 8. CTL Model Checking Algorithm • Convert formula to ENF • Build parse tree of the formula • Proceed recursively, bottom-up (from leaves upwards) labeling states for each sub-formula – if sub-formula is true in q ∈ Q, add it to the set of labels for q, lbl(q) – continue processing upwards on the formula parse tree – stop when root of the parse tree is checked • When the algorithm terminates – M╞ φ iff the initial state is labeled with φ SW 4920 Formal Verification & Validation of Reactive Software Systems
  • 9. CTL Model Checking Algorithm • Example formula: ¬E [ true U EG (PC1=15 ^ PC2=23)] • Build parse tree ¬ EU EG True ^ 15 23 SW 4920 Formal Verification & Validation of Reactive Software Systems
  • 10. CTL Model Checking Algorithm • Aim to calculate lbl(q) for state q • Initialize lbl(q) to {true} • Must consider 6 cases: φ ::= p | ¬φ | φ1 ^ φ2 | EX φ | E(φ1 U φ2) | EG φ SW 4920 Formal Verification & Validation of Reactive Software Systems
  • 11. CTL Model Checking φ ::= p | ¬φ | φ1 ^ φ2 | EX φ | E(φ1 U φ2) | EG φ • Case 1: φ is atomic proposition Add φ to lbl(q) if φ ∈ L(q) • Case 2: φ is negation Add φ to lbl(q) if ¬φ ∈ lbl(q) • Case 3: φ is conjunction Add φ to lbl(q) if φ1, φ2 ∈ lbl(q) • Case 4: φ is EX ψ • Case 5: φ is E(φ1 U φ2) • Case 6: φ is EG ψ SW 4920 Formal Verification & Validation of Reactive Software Systems
  • 12. CTL Model Checking Algorithm Case 1: φ is atomic proposition Add φ to lbl(q) if φ ∈ L(q) State Space SW 4920 Formal Verification & Validation of Reactive Software Systems
  • 13. CTL Model Checking Algorithm • After moving through all of the cases ¬E [ true U EG (PC1=15 ^ PC2=23)] • Find no states satisfy the property • Conclusion: The model M does not satisfy the property SW 4920 Formal Verification & Validation of Reactive Software Systems
  • 14. LTL Model Checking Finite State Model System OK Model Checker ERROR Trace Temporal Logic Formula Error 1… Φ ( −> ◊ Ω) Error 2… Error 3… … Error n SW 4920 Formal Verification & Validation of Reactive Software Systems
  • 15. LTL Model Checking Finite State Model Decision Problem: System OK Model Checker ERROR Trace Temporal Logic Formula Error 1… Φ ( −> ◊ Ω) Error 2… Given finite transition system TS and Error 3… LTL-formula ϕ: exhibit “yes” if TS |= ϕ, … Error n and “no” (plus a counterexample) if TS | =ϕ SW 4920 Formal Verification & Validation of Reactive Software Systems
  • 16. LTL Model Checking Algorithm System OK Model Checker Transition System TS Product Transition System TS Ø A ¬φ TS Ø A ¬φ |= Ppers (A ¬φ) Generalized Buchi Buchi Automaton Automaton G ¬φ A ¬φ ERROR LTL Formula Trace ¬φ SW 4920 Formal Verification & Validation of Reactive Software Systems
  • 17. Complexity • CTL Model Checking: – Partition the state space into strongly connected components, O(|Q|+|T|) – Traverse the transition graph, O(|Q|+|T|) - The overall complexity is O(|φ|*(|Q|+|T|)) • LTL Model Checking: – is O(2|φ| *(|Q|+|T|)), the exponential in size of the formula – Linear in relation to size of model, as is CTL SW 4920 Formal Verification & Validation of Reactive Software Systems
  • 18. Questions? SW 4920 Formal Verification & Validation of Reactive Software Systems
  • 19. References Clark, E.M., Grumberg, O., & Peled, D.A. (1999). Model Checking. MIT Press: Cambridge. Corbett, J.C. & Pasareneau, C. (2007). Translating Ada programs for Model Checking. University of Hawaii. Drusinski, D., Michael, J.B., & Shing, M. (2007). “Three Dimensions of Formal Validation and Verification of Reactive System Behaviors. US Naval Postgraduate School, NPS-CS-07-008. Dwyer, M., Hatcliff, J. & Avrunin, G. (2004). Software Model Checking for Embedded Systems. Kansas State University. Intel Corporation. (2007). “Classic Model Checking Introduction”. www.intel.com. Katoen, J.P. (2006). “LTL Model Checking using Automata”. www-i2.informatik.rwth-aachen.de. SW 4920 Formal Verification & Validation of Reactive Software Systems