1 / 32

Hierarchical and Recursive State Machines with Context-Dependent Properties

Hierarchical and Recursive State Machines with Context-Dependent Properties. Salvatore La Torre, Margherita Napoli, Mimmo Parente and Gennaro Parlato Dipartimento di Informatica ed Applicazioni Università degli Studi di Salerno. System Verification (Model Checking).

abia
Télécharger la présentation

Hierarchical and Recursive State Machines with Context-Dependent Properties

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Hierarchical and Recursive State Machines with Context-Dependent Properties Salvatore La Torre, Margherita Napoli, Mimmo Parente and Gennaro Parlato Dipartimento di Informatica ed Applicazioni Università degli Studi di Salerno

  2. System Verification (Model Checking) O ( ·2||) • Given: • A system model M (Kripke structure) • A high-level specification  (logic formula) Is M a model of  ? • Complexity of model checking |M| State-Space Explosion O (|M|·2||)

  3. Our Target • Propose a “new model” to represent models succintly • And solve model cheching problems efficiently on it • Reachability • Cycle detection • LTL-ModelChecking

  4. Recursive State Machine A RSM M =(M1,…, Mk) is composed by • kmachines modelling kprocedures • machines can call each other recursively • Machines are represented through graphs

  5. Vertices Machines has two kind of vertices: • Nodes (internal state) • Boxes (procedure-call)

  6. Entry and Exit Nodes Entry nodes e3 ex4 ex3 e2 ex2 Exit nodes e1 ex1 parameters return values

  7. Node-to-Node Box-to-Box Node-to-Box Box-to-Node Edges

  8. Labelling • Given a set of Atomic Proposition • We associates to both nodes and boxes set of AP t,r,p p,q,r

  9. hour23 hour0 M3 M2 M1 start3 out3 h0 h23 start1 out1 sec0 sec59 start2 out2 min0 min59 minute59 minute0 second0 second59 Example: Digital Clock modelled by Hierarchical State Machine Hours Minutes Seconds

  10. M1F sec0 sec0 sec60 sec60 sec0 sec0 sec60 sec60 Flat Model minute0 minute59 • The flat model has • 24·60·60=86,400 states • Our model has • 24+60+60+6=150 vertices. min0 min59 start2 out2 M2F M1F

  11. HSMs in [AY98] • Only nodes are labeled with atomic propositions: a model and its flat have the same number of different labels • To check properties with a precise time (i.e., check for time 10:20:45) the model must have at least a node for each possible hh.mm.ss. • Our model can be exponentially more succinct

  12. Related Work • Model checking of hierarchical state machines. [Alur, Yannakakis 1998] • Analysis of recursive state machines. [Alur, Etessami, Yannakakis 2001] • Model checking of unrestricted hierarchical state machines. [Benedikt, Godefroid, Reps 2001] • Visibly pushdown languages [Alur, Madhusudan 2004] • A temporal logic of nested calls and returns[Alur,Etessami,Madhusudan 2004]

  13. Outline • Overview • Reachability problem • LTL-Model Checking • Conclusion

  14. MF [ink] Reachability Problem Given a HSM Mand a propositional boolean formula , the Reachability Problem is: Is there a reachable state (in the flat ofM) on which  holds ? (label(X))=TRUE X

  15. Computational Complexity • The reachability problem is NP-complete • NP-hardness 3-CNF-SAT  Reachability (with AND of literals) • NP-membership • guess a state X of M F • check if X is reachable in M F • verify  on X • We can solve Reachability in O(|M|·||·2|AP|) time

  16. A Solution in O (λ·|M|·||) Reach(i,P)=TRUE  • a reachable state of MiFsatisfying (assume propositions P hold TRUE on all states of MiF) P MiF (L(q)UP)=TRUE Starti q Reach(k,Ø)

  17. b How to compute Reach(i,P) P P (L(q)UP)=TRUE L(b) L(b) Starti q Mi Reach(expand(b), )=TRUE U

  18. Our Algorithm Reach(i,P) = = V(P U label (u)) V u is a reachable node of Mi VReach(expand (b),PU label (b)) b is reachable box of Mi • Reach(i,P) takes O(|Mi|·|φ|) time + time for calls Reach(expand (b),PU label (b)) • Total time is O(λ·|M|·||) (λ is the max # of different sets P for machine)

  19. Good cases Reach(k,Ø) takes O(λ·|M|·||) with λ≤2|AP| • If λ is bounded by a costant, then Reach(k,Ø) takes O(|M|·||) • In particular, if Mis a Alur and Yannakakis machine, every Mi inherits only the empty set (λ =1)

  20. u Restricted HSM p p

  21. Efficient Solution on Restricted HSM • Reachability on Restricted HSMand formulas in DNF is decidable in O(|M|·||) time • Reachability is NP-hard if either: • M is a nonrestricted HSM or •  is a (general) boolean formula • Reachability is decidable in O(|M|·2||) time on Restricted HSM

  22. Outline • Overview • Reachability problem • LTL-Model Checking • Conclusion

  23. LTL Model Checking • We use the automata-theoretic approach Given a HSM Mand an LTL-formula, the problem is: Does every trace of the flat model of M satisfy  ?

  24. Automata-Theoretic Approach 1. Given an LTL-formulaj, we build a Büchi automaton A¬. O (2||) [Vardi and Wolper] Main Result LTL Model-Checking can be solved in O (|M|·16|j|) time 2. We build a new HSM M ‘ as a product ofM and A¬. O (|M|·16||) 3. j is satisfied on ML(M‘)=Ø. O (M‘) [Alur at al.]

  25. Structures of M’ • M‘ consists of graphs M(i,j,P) • M(i,j,P) is contained in the Cartesian product of Miand A¬: • starti is coupled with j (A¬ state) • the set of atomic propositions P is inherited from its ancestors

  26. State of A¬j Node of Mi Pq Pu q u Node of M(i,j,P) Pu [u,q,j,P] Nodes of M(i,j,P) PUPu=Pq

  27. State of A¬j Box of Mi Pb Pq q Pstarth b starth Pb Box of M(i,j,P) [b,q,j,P] Boxes of M(i,j,P) PUPb U Pstarth=Pq M(h,q,PUPb)

  28. Edge from node of Mi Edge of A¬j u v q’ q’’ Node of M(i,j,P) [u,q’,j,P] [v,q’’,j,P] Edges from node of M(i,j,P)

  29. A edge from box of Mi A edge of A¬j q’ q’’ b v o A edge from box of M(i,j,P) [b,q,j,P] [o,q’,h,P’] [v,q’’,j,P] Edges from box of M(i,j,P)

  30. Outline • Overview • Reachability problem • LTL-Model Checking • Conclusion

  31. Conclusion • Decision problems: • Reachability • Cycle detection • LTL model-checking • Restricted HSMs • Recursive Finite State Machines (Expansions model recursive calls)

  32. Main results

More Related