1 / 22

Symbolic Algorithms for Infinite-state Systems

Symbolic Algorithms for Infinite-state Systems. Rupak Majumdar (UC Berkeley) Joint work with Luca de Alfaro ( UC Santa Cruz) Thomas A. Henzinger (UC Berkeley). Closed Reactive Systems. Transition systems: S Set of states (possibly infinite)  Set of actions

maina
Télécharger la présentation

Symbolic Algorithms for Infinite-state Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Symbolic Algorithms forInfinite-state Systems Rupak Majumdar (UC Berkeley) Joint work with Luca de Alfaro (UC Santa Cruz) Thomas A. Henzinger (UC Berkeley)

  2. Closed Reactive Systems • Transition systems: • S Set of states (possibly infinite) •  Set of actions • post: S X   S Successor function

  3. Lifted Transition Systems • S Set of states •  Set of actions • Post: 2S X   2SSuccessor function • Post(R) = {t|  s R  a . t = (s,a)} • Pre: 2S X   2SPredecessor function • Pre(R) = {s| a . (s,a)  R}

  4. Observables • Group interesting sets of states as observables • Example: • “Processor 1 is in critical section” • “Thermostat temperature is between 32 and 40” • Observable transition system = • Transition system + • Set of observables  = {O1,O2,…}, OiS

  5. Symbolic Transition Systems • S,, Pre, Post,  • Set of regions R={R1,R2,…}, RiS •  R • Pre, Post : R X R • ,,\ : RXRR •  : RXR  {T,F} Computable Symbolic semi-algorithm: Start with regions in  and compute new regions using the operations above

  6. Example: Rectangular Hybrid Automata • General class: polyhedral hybrid systems [Alur et al] • Other classes: Petri nets, FIFO automata, ...

  7. Verification Questions • Q1 : Reachability • Is an unsafe state reachable? EF unsafe • Q2 : Linear Temporal Logic (regular properties) • Is progress being made? E(GF fair  F goal) • Q3 : ½ Branching temporal logic(ECTL,ACTL) • Nested reachability EF (unsafe  EF err1  EF err2) • Q4 : Branching temporal logic (CTL) • Is progress possible? AG(tick -> EXEF tick)

  8. Q1 : Reachability EF • Is there a trajectory to an unsafe state? R = final loop if R  init then “yes” if Pre(R)  R then “no” R := R  Pre(R) end . . . init final final Pre(final) Similar algorithm by iterating Post’s Operations used: Pre, 

  9. Q2 : LTL Model Checking • Example: Repeated Reachability EGF • Can a set of states be reached infinitely often? • EGF final init final R . . . . Operations: Pre,,  with observables R2 = EXEF R1 R1 = EXEF final

  10. Q3 : ECTL model cecking • ECTL: nested reachability • EF(goal1 /\ EF(goal2) /\ EF(goal3)) • Operations : Pre, ,  EF (goal1 /\ EF goal2 /\ EF goal3) EF goal3 EF goal2 goal1 /\ EF goal2 /\ EF goal3

  11. Q4 : CTL model checking • CTL: can all trajectories from init to goal1 be extended to goal2? • AG(goal1 -> EF goal2) = ~ EF (goal1 /\ ~EF goal2) • Operations : Pre, , , \ EF (goal1 /\ ~EF goal2) EF goal2

  12. Three Specification Logics • L1 : CTL (or, mu calculus) • L2 : ECTL or ACTL • L3 : LTL

  13. Three Symbolic Semi-Algorithms • A1 : Close  under pre, , , \ • A2 : Close  under pre, ,  • A3 : Close  under pre, , obs • (intersection with observables) P0 =  for i = 1,2,3, … Pi = Pi-1 {pre(R) | R  Pi-1 }  {R1  R2 | R1,R2  Pi-1}  {R1  R2 | R1,R2  Pi-1}  {R1 \ R2 | R1,R2  Pi-1} until Pi = Pi-1

  14. Three State Equivalences • E1 : Bisimilarity • E2 : Similarity (mutual simulation) • E3 : Trace Equivalence

  15. Similarity • Similarity: moves can be matched • Bisimilarity = Symmetric similarity • Trace equivalence = same languages  

  16. Triad Symbolic algorithms State equivalences Logics L1: CTL L2: ECTL L3: LTL A1: Pre+Boolean A2: Pre +Positive Boolean A3: Pre +Positive Boolean with  only with observables E1: Bisimilarity E2: Similarity E3: Trace equivalence

  17. Ai Symbolic semi-algorithm Li State Logic Model-checks i = 1,2,3 computes induces Ei State Equivalence All regions definable by Li are generated by Ai If Ai terminates, then symbolic model checking of Li terminates

  18. Ai Symbolic semi-algorithm Li State Logic Model-checks i = 1,2,3 computes induces Ei State Equivalence States s and t are Ei equivalent iff for all regions R generated by Ai, sR iff tR Ai terminates iff Ei has finite index

  19. Ai Symbolic semi-algorithm Li State Logic Model-checks i = 1,2,3 computes induces Ei State Equivalence States s and t are Ei equivalent iff for all formulas  of Li, s satisfies  iff t satisfies  If Ei has finite index, then Li can be model checked on a finite quotient

  20. Classification of systems [STACS00] • STS1 : • A1 terminates, finite bisimilarity, can model check CTL • Ex: Timed automata, O-minimal systems • STS2 : • A2 terminates, finite similarity, can model check CTL • Ex: 2D rectangular automata • STS3 : • A3 terminates, finite trace equivalence, can model check LTL • Ex: initialized rectangular automata

  21. Summary • The triad (algorithm, equivalence, logic) provides a useful tool to prove decidability and provide symbolic algorithms for infinite-state systems • The characterization provides a symbolic model checking algorithm, given some structural property of the system

  22. Summary • The symbolic approach shows how to engineer a model checker: • Export a Region interface implementing the symbolic operations • The model checking algorithm is independent of the front end syntax and region representation • E.g., BLAST toolkit for software

More Related