Model Checking Lecture 3 .


28 views
Uploaded on:
Description
Model Checking Lecture 3. Specification Automata. Syntax, given a set A of atomic observations:. S finite set of states S 0  S set of initial states  S  S transition relation : S  PL(A) where the formulas of PL are  ::= a |    |   for a  A.
Transcripts
Slide 1

Model Checking Lecture 3

Slide 2

Specification Automata Syntax, given a set An of nuclear perceptions: S finite set of states S 0  S set of beginning states  S  S transition connection : S  PL(A) where the equations of PL are  ::= a |    |   for a  A

Slide 3

Specification Omega Automata Syntax with respect to limited automata, what\'s more the accompanying acknowledgment condition: Buchi: BA  S

Slide 4

Language L(M) of particular omega-machine M = (S, S 0 , , , BA ) : unending follow t 0 , t 1 , ...  L(M) iff there exists an endless run s 0  s 1  ... of M with the end goal that 1. s 0  s 1  ... fulfills BA 2. for all i  0, t i |= (s i )

Slide 5

Let Inf(s) = { p | p = s i for unendingly numerous i }. The unending run s fulfills the acknowledgment condition BA iff Inf(s)  BA  

Slide 6

Linear semantics of detail omega automata: omega-dialect regulation (K, q) |= L M iff L(K,q)  L(M) limitless follows

Slide 7

Response determination robot :  (a  b) expecting (a  b) = false s 1 a b s 2 s 0 b a s 3 Buchi condition { s 0 , s 3 }

Slide 8

Response screen machine :  (a  b) accepting (a  b) = false genuine a b s 0 s 1 s 2 Buchi condition { s 2 }

Slide 9

Outline 1 Specifications: rationale versus automata, straight versus spreading, security versus liveness 2 Graph calculations for model checking Symbolic calculations for model checking Pushdown frameworks

Slide 10

Model-Checking Algorithms = Graph Algorithms

Slide 11

Safety: -unravel: limited screens (  void) -calculation: reachability (straight) Liveness: -explain: Buchi screens ( vacancy) -calculation: emphatically associated parts (direct) We will discuss STL and CTL model checking later.

Slide 12

From determination automata to screen automata: determinization (exponential) + complementation (simple) From LTL to screen automata: complementation (simple) + scene development (exponential)

Slide 13

Algorithms Reachability Strongly associated parts Tableau development

Slide 14

Finite Emptiness Given: limited robot (S, S 0 , , , FA) Find: is there a way from a state in S 0 to a state in FA ?

Slide 15

Fix a set An of nuclear perceptions

Slide 16

State-move chart K Q set of states  Q  Q transition connection [ ]: Q  2 A observation capacity

Slide 17

Monitor machine M S finite set of states S 0  S set of beginning states  S  S transition connection E  S set of definite states : S  PL(A) where the recipes of PL are  ::= a |    |   for a  A

Slide 18

dialects over limited follows (K, q) |= C M iff L(K,q)  L(M) =  We build another screen robot M\' to such an extent that L(M\') = L(K,q)  L(M) S\' = {(q,s)  Q  S | [q] |= (s)} finite set of states ({q}  S 0 )  S\' set of starting states (q,s)  (q\',s\') transition connection iff q  q\' and s  s\' (Q  E)  S\' set of conclusive states  \': S\'  PL(A) labeling capacity  \'(q,s) = conjunction of nuclear perceptions in [q] and refuted nuclear perceptions not in [q]

Slide 19

Finite Emptiness Given: screen robot (S, S 0 , , , E) Find: is there a way from a state in S 0 to a state in E ? Arrangement: profundity first or expansiveness first hunt

Slide 20

dfs(s) { if (s  E ) then report mistake add s to dfsTable for every successor t of s if (t  dfsTable) then dfs(t) }

Slide 21

Buchi Emptiness Given: Buchi machine (S, S 0 , , , BA) Find: is there an unbounded way from a state in S 0 that visits some state in BA boundlessly regularly ?

Slide 22

Monitor Buchi machine M S finite set of states S 0  S set of introductory states  S  S transition connection BA  S acceptance condition : S  PL(A) where the recipes of PL are  ::= a |    |   for a  A

Slide 23

dialects over interminable follows (K, q) |= C M iff L(K,q)  L(M) =  We develop another screen Buchi robot M\' with the end goal that L(M\') = L(K,q)  L(M) S\' = {(q,s)  Q  S | [q] |= (s)} finite set of states ({q}  S 0 )  S\' set of starting states (q,s)  (q\',s\') transition connection iff q  q\' and s  s\' (Q  BA)  S\' acceptance condition  \': S\'  PL(A) labeling capacity  \'(q,s) = conjunction of nuclear perceptions in [q] and invalidated nuclear perceptions not in [q]

Slide 24

Buchi Emptiness Given: Buchi robot (S, S 0 , , , BA) Find: is there a limitless way from a state in S 0 that visits some state in BA endlessly regularly ? Arrangement: 1. Figure SCC diagram by profundity first hunt 2. Mark SCC C as reasonable iff C  BA   3. Check in the event that some reasonable SCC is reachable from S 0

Slide 25

Complexity n number of states m number of transitions Reachability: O(n+m) SCC: O(n+m)

Slide 26

Buchi void Two calculations for SCC calculation forward and in reverse DFS forward HI-LO calculation Storing SCCs requires parcel of memory Nested DFS checks Buchi vacancy without expressly processing SCCs

Slide 27

dfs(s) { add s to dfsTable for every successor t of s if (t  dfsTable) then dfs(t) if (s  BA) then { seed := s; ndfs(s) } ndfs(s) { add s to ndfsTable for every successor t of s if (t  ndfsTable) then ndfs(t) else if (t = seed) then report mistake }

Slide 28

Multi-Buchi Emptiness Given: Multi-Buchi machine (S, S 0 , , , BA 1 , … , BA n ) Find: is there an endless way from a state in S 0 that limitlessly frequently visits some state in BA i for all i such that 1  i  n ? Arrangement: 1. Figure SCC chart by profundity first hunt 2. Mark SCC C as reasonable iff C  BA i   for all i with the end goal that 1  i  n. 3. Check on the off chance that some reasonable SCC is reachable from S 0

Slide 29

Tableau Construction Given: LTL equation  Find: Multi-Buchi machine M  with the end goal that L(M  ) = L() screens subformulas of  [Fischer & Ladner 1975; Manna & Wolper 1982]

Slide 30

Negation typical structure (  ) =    (  ) =    (  ) = ( ) ( U ) = ( W   ) ( W ) = ( U   ) ,  ::= a | a |    |    |   |  U  |  W 

Slide 31

Fischer-Ladner Closure of a Formula Sub (a) = { a, a } Sub (  a) = { a, a } Sub ( ) = {  }  Sub ()  Sub () Sub ( ) = {  }  Sub ()  Sub () Sub (  ) = {   }  Sub () Sub (U) = { U, ( U) }  Sub ()  Sub () Sub (W) = { W, ( W) }  Sub ()  Sub () | Sub ( ) | = O(||)

Slide 32

s  Sub () is reliable iff - for every nuclear recommendation a (a)  s iff a  s - if ( )  Sub () then ()  s iff   s and   s - if ( )  Sub () then ()  s iff either   s or   s - if ( U)  Sub () then (U)  s iff either   s or   s and ( U)  s - if ( W)  Sub () then (W)  s iff either   s or   s and ( W)  s

Slide 33

Fischer-Ladner Closure of a Formula … Sub (  ) = {  ,   }  Sub () Sub (  ) = {  ,   }  Sub ()

Slide 34

s  Sub () is predictable iff … - if (  )  Sub () then (  )  s iff either   s or    s - if (  )  Sub () then (  )  s iff   s and    s

Slide 35

Tableau M  = (S, S 0 , , , BA 1 ,… ,BA n ) S ... set of steady subsets of Sub ( ) s  S 0 iff   s  t iff for all (  )  Sub (), if (  )  s then   t (s) ... conjunction of nuclear perceptions in s and nullified nuclear perceptions not in s There is an acknowledgment condition - for each (U)  Sub () given by { s |   s or (U)  s } - for each (  )  Sub () given by { s |   s or (  )  s }

Slide 36

Size of M  is O(2 | | ). LTL model checking: PSPACE-complete

Recommended
View more...