This preview shows page 1-2-3-4-27-28-29-30-56-57-58-59 out of 59 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 59 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 59 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 59 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 59 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 59 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 59 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 59 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 59 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 59 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 59 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 59 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 59 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 59 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Slide 1Intel Pentium FDIV BugTemporal Logic Model CheckingAdvantages of Model CheckingMain DisadvantageSlide 6Slide 7LTL - Linear Time Logic (Pn 77)Slide 9Slide 10Slide 11Slide 12Branching Time (EC 80, BMP 81)CTL: Computation Tree LogicSlide 15Slide 16Slide 17Slide 18Model Checking ProblemTrivial ExampleTemporal Logic and Model CheckingModel CheckingCounterexamplesSlide 24Slide 25Hardware Example: IEEE Futurebus+Four Big Breakthroughs on State Space Explosion Problem!Slide 28Four Big Breakthroughs on State Space Explosion Problem (Cont.)Existential AbstractionPreservation TheoremSpurious BehaviorAutomatic AbstractionCEGAR CounterExample-Guided Abstraction RefinementFuture Challenge Is it possible to model check software?What Makes Software Model Checking Different ?What Makes Software Model Checking Different ?What Does It Mean to Model Check Software?Slide 39Slide 40Slide 41Software Example: Device Driver CodeFuture Challenge Can We Debug This Circuit?P53, DNA Repair, and ApoptosisNew NSF Expedition Grant Next-Generation Model Checking and Abstract Interpretation with a Focus on Systems Biology and Embedded SystemsCMACS Strategic PlanSlide 47Slide 48Slide 49Slide 51Slide 52Slide 54Wait a minute!Slide 56Slide 57Slide 58Slide 59Slide 60The EndEdmund M. ClarkeSchool of Computer ScienceCarnegie Mellon UniversityLecture 2:Model CheckingMy 30 Year Quest to Conquer the State Explosion ProblemIntel Pentium FDIV BugTry 4195835 – 4195835 / 3145727 * 3145727. In 94’ Pentium, it doesn’t return 0, but 256.Intel uses the SRT algorithm for floating point division. Five entries in the lookup table are missing. Cost: $400 - $500 million Xudong Zhao’s Thesis on Word Level Model CheckingTemporal Logic Model CheckingModel checking is an automatic verification techniqueautomatic verification technique for finite state concurrent systems.Developed independently by Clarke and EmersonClarke and Emerson and by Queille and SifakisQueille and Sifakis in early 1980’s.SpecificationsSpecifications are written in propositional temporal logicpropositional temporal logic. (Pnueli 77)Verification procedure is an intelligent exhaustive search of intelligent exhaustive search of the state spacethe state space of the design.Advantages of Model CheckingNo proofs!!! (Algorithmic rather than Deductive)Fast (compared to other rigorous methods such as theorem proving)Diagnostic counterexamplesNo problem with partial specificationsLogics can easily express many concurrency propertiesMain DisadvantageState Explosion ProblemState Explosion Problem::2-bit counter2-bit counter0,00,11,11,0n-bit counter has 2n-bit counter has 2nn states states123abc|| n states,m processes1,a2,a1,b2,b3,a1,c3,b2,c3,cnm statesMain Disadvantage (Cont.)State Explosion ProblemState Explosion Problem::Unavoidable in worst case, but steady progress over the past 28years using clever algorithms, data structures, and engineeringMain Disadvantage (Cont.)Determines Patterns on Infinite Traces Atomic PropositionsBoolean OperationsTemporal operatorsaa “a is true now”“a is true now”X aX a “a is true in the neXt state”FaFa “a will be true in the FFuture”GaGa “a will be GGlobally true in the future”a U ba U b “a will hold true UUntil b becomes true”LTL - Linear Time Logic (Pn 77)aDetermines Patterns on Infinite Traces Atomic PropositionsBoolean OperationsTemporal operatorsaa “a is true now”X aX a “a is true in the neXt state”“a is true in the neXt state”FaFa “a will be true in the FFuture”GaGa “a will be GGlobally true in the future”a U ba U b “a will hold true UUntil b becomes true”LTL - Linear Time Logic (Pn 77)aDetermines Patterns on Infinite Traces Atomic PropositionsBoolean OperationsTemporal operatorsaa “a is true now”X aX a “a is true in the neXXt state”FaFa “a will be true in the Future”“a will be true in the Future”GaGa “a will be GGlobally true in the future”a U ba U b “a will hold true UUntil b becomes true”LTL - Linear Time Logic (Pn 77)aDetermines Patterns on Infinite Traces Atomic PropositionsBoolean OperationsTemporal operatorsaa “a is true now”X aX a “a is true in the neXXt state”FaFa “a will be true in the FFuture”GaGa “a will be Globally true in the future”“a will be Globally true in the future”a U ba U b “a will hold true UUntil b becomes true”LTL - Linear Time Logic (Pn 77)a a a a aDetermines Patterns on Infinite Traces Atomic PropositionsBoolean OperationsTemporal operatorsaa “a is true now”X aX a “a is true in the neXXt state”FaFa “a will be true in the FFuture”GaGa “a will be GGlobally true in the future”a U ba U b “a will hold true Until b becomes true”“a will hold true Until b becomes true”LTL - Linear Time Logic (Pn 77)a a a a bBranching Time (EC 80, BMP 81)CTL: Computation Tree LogicEF g “g will possibly become true”CTL: Computation Tree LogicAF g “g will necessarily become true”CTL: Computation Tree LogicAG g “g is an invariant”CTL: Computation Tree LogicEG g “g is a potential invariant”CTL: Computation Tree LogicCTL (CES83-86) uses the temporal operatorsAX, AG, AF, AUAX, AG, AF, AUEX, EG, EF, EUEX, EG, EF, EUCTL*CTL* allows complex nestings such as AXX, AGX, EXF, ...AXX, AGX, EXF, ...Model Checking ProblemLet MM be a state-transition graphstate-transition graph.Let ƒƒ be the specificationspecification in temporal logic.Find all states ss of MM such that M, s |= ƒM, s |= ƒ.• CTL Model Checking: CE 81; CES 83/86; QS 81/82.CTL Model Checking: CE 81; CES 83/86; QS 81/82.• LTL Model Checking: LP 85.LTL Model Checking: LP 85.• Automata Theoretic LTL Model Checking: VW 86.Automata Theoretic LTL Model Checking: VW 86.• CTL* Model Checking: EL 85.CTL* Model Checking: EL 85.• CTL Model Checking: CE 81; CES 83/86; QS 81/82.CTL Model Checking: CE 81; CES 83/86; QS 81/82.• LTL Model Checking: LP 85.LTL Model Checking: LP 85.• Automata Theoretic LTL Model Checking: VW 86.Automata Theoretic LTL Model Checking: VW 86.• CTL* Model Checking: EL 85.CTL* Model Checking: EL 85.State-transition graphdescribes system evolvingover time. Trivial Example~ Start~ Close~ Heat~ ErrorStart~ Close~ HeatError~ StartClose~ Heat~ Error~ StartCloseHeat~ ErrorStartCloseHeat~ ErrorStartClose~ Heat~ ErrorStartClose~ HeatErrorMicrowave OvenTemporal Logic and Model CheckingThe oven doesn’t heat


View Full Document
Download lecture
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view lecture and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view lecture 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?