Description

Model Checking Lecture 3. Specification Automata. Syntax, given a set A of atomic observations:. S finite set of states S 0 S set of initial states S S transition relation : S PL(A) where the formulas of PL are ::= a | | for a A.

Transcripts

Model Checking Lecture 3

Specification Automata Syntax, given a set An of nuclear perceptions: S finite set of states S 0 S set of beginning states S S transition connection : S PL(A) where the equations of PL are ::= a | | for a A

Specification Omega Automata Syntax with respect to limited automata, what\'s more the accompanying acknowledgment condition: Buchi: BA S

Language L(M) of particular omega-machine M = (S, S 0 , , , BA ) : unending follow t 0 , t 1 , ... L(M) iff there exists an endless run s 0 s 1 ... of M with the end goal that 1. s 0 s 1 ... fulfills BA 2. for all i 0, t i |= (s i )

Let Inf(s) = { p | p = s i for unendingly numerous i }. The unending run s fulfills the acknowledgment condition BA iff Inf(s) BA

Linear semantics of detail omega automata: omega-dialect regulation (K, q) |= L M iff L(K,q) L(M) limitless follows

Response determination robot : (a b) expecting (a b) = false s 1 a b s 2 s 0 b a s 3 Buchi condition { s 0 , s 3 }

Response screen machine : (a b) accepting (a b) = false genuine a b s 0 s 1 s 2 Buchi condition { s 2 }

Outline 1 Specifications: rationale versus automata, straight versus spreading, security versus liveness 2 Graph calculations for model checking Symbolic calculations for model checking Pushdown frameworks

Model-Checking Algorithms = Graph Algorithms

Safety: -unravel: limited screens ( void) -calculation: reachability (straight) Liveness: -explain: Buchi screens ( vacancy) -calculation: emphatically associated parts (direct) We will discuss STL and CTL model checking later.

From determination automata to screen automata: determinization (exponential) + complementation (simple) From LTL to screen automata: complementation (simple) + scene development (exponential)

Algorithms Reachability Strongly associated parts Tableau development

Finite Emptiness Given: limited robot (S, S 0 , , , FA) Find: is there a way from a state in S 0 to a state in FA ?

Fix a set An of nuclear perceptions

State-move chart K Q set of states Q Q transition connection [ ]: Q 2 A observation capacity

Monitor machine M S finite set of states S 0 S set of beginning states S S transition connection E S set of definite states : S PL(A) where the recipes of PL are ::= a | | for a A

dialects over limited follows (K, q) |= C M iff L(K,q) L(M) = We build another screen robot M\' to such an extent that L(M\') = L(K,q) L(M) S\' = {(q,s) Q S | [q] |= (s)} finite set of states ({q} S 0 ) S\' set of starting states (q,s) (q\',s\') transition connection iff q q\' and s s\' (Q E) S\' set of conclusive states \': S\' PL(A) labeling capacity \'(q,s) = conjunction of nuclear perceptions in [q] and refuted nuclear perceptions not in [q]

Finite Emptiness Given: screen robot (S, S 0 , , , E) Find: is there a way from a state in S 0 to a state in E ? Arrangement: profundity first or expansiveness first hunt

dfs(s) { if (s E ) then report mistake add s to dfsTable for every successor t of s if (t dfsTable) then dfs(t) }

Buchi Emptiness Given: Buchi machine (S, S 0 , , , BA) Find: is there an unbounded way from a state in S 0 that visits some state in BA boundlessly regularly ?

Monitor Buchi machine M S finite set of states S 0 S set of introductory states S S transition connection BA S acceptance condition : S PL(A) where the recipes of PL are ::= a | | for a A

dialects over interminable follows (K, q) |= C M iff L(K,q) L(M) = We develop another screen Buchi robot M\' with the end goal that L(M\') = L(K,q) L(M) S\' = {(q,s) Q S | [q] |= (s)} finite set of states ({q} S 0 ) S\' set of starting states (q,s) (q\',s\') transition connection iff q q\' and s s\' (Q BA) S\' acceptance condition \': S\' PL(A) labeling capacity \'(q,s) = conjunction of nuclear perceptions in [q] and invalidated nuclear perceptions not in [q]

Buchi Emptiness Given: Buchi robot (S, S 0 , , , BA) Find: is there a limitless way from a state in S 0 that visits some state in BA endlessly regularly ? Arrangement: 1. Figure SCC diagram by profundity first hunt 2. Mark SCC C as reasonable iff C BA 3. Check in the event that some reasonable SCC is reachable from S 0

Complexity n number of states m number of transitions Reachability: O(n+m) SCC: O(n+m)

Buchi void Two calculations for SCC calculation forward and in reverse DFS forward HI-LO calculation Storing SCCs requires parcel of memory Nested DFS checks Buchi vacancy without expressly processing SCCs

dfs(s) { add s to dfsTable for every successor t of s if (t dfsTable) then dfs(t) if (s BA) then { seed := s; ndfs(s) } ndfs(s) { add s to ndfsTable for every successor t of s if (t ndfsTable) then ndfs(t) else if (t = seed) then report mistake }

Multi-Buchi Emptiness Given: Multi-Buchi machine (S, S 0 , , , BA 1 , … , BA n ) Find: is there an endless way from a state in S 0 that limitlessly frequently visits some state in BA i for all i such that 1 i n ? Arrangement: 1. Figure SCC chart by profundity first hunt 2. Mark SCC C as reasonable iff C BA i for all i with the end goal that 1 i n. 3. Check on the off chance that some reasonable SCC is reachable from S 0

Tableau Construction Given: LTL equation Find: Multi-Buchi machine M with the end goal that L(M ) = L() screens subformulas of [Fischer & Ladner 1975; Manna & Wolper 1982]

Negation typical structure ( ) = ( ) = ( ) = ( ) ( U ) = ( W ) ( W ) = ( U ) , ::= a | a | | | | U | W

Fischer-Ladner Closure of a Formula Sub (a) = { a, a } Sub ( a) = { a, a } Sub ( ) = { } Sub () Sub () Sub ( ) = { } Sub () Sub () Sub ( ) = { } Sub () Sub (U) = { U, ( U) } Sub () Sub () Sub (W) = { W, ( W) } Sub () Sub () | Sub ( ) | = O(||)

s Sub () is reliable iff - for every nuclear recommendation a (a) s iff a s - if ( ) Sub () then () s iff s and s - if ( ) Sub () then () s iff either s or s - if ( U) Sub () then (U) s iff either s or s and ( U) s - if ( W) Sub () then (W) s iff either s or s and ( W) s

Fischer-Ladner Closure of a Formula … Sub ( ) = { , } Sub () Sub ( ) = { , } Sub ()

s Sub () is predictable iff … - if ( ) Sub () then ( ) s iff either s or s - if ( ) Sub () then ( ) s iff s and s

Tableau M = (S, S 0 , , , BA 1 ,… ,BA n ) S ... set of steady subsets of Sub ( ) s S 0 iff s t iff for all ( ) Sub (), if ( ) s then t (s) ... conjunction of nuclear perceptions in s and nullified nuclear perceptions not in s There is an acknowledgment condition - for each (U) Sub () given by { s | s or (U) s } - for each ( ) Sub () given by { s | s or ( ) s }

Size of M is O(2 | | ). LTL model checking: PSPACE-complete