12 views

Uploaded by Luki Bangun Subekti

Automata Theoretic LTL Model Cheking, Graph Algorithm for Software Model Cheking, by Arie Gunfinkel

- LW-1125-cs341notes
- Data Structures Viva Questions
- CompleteJava&J2EE
- Graphs
- Perl Tutorial
- Using Table Lookup Techniques Efficiently
- java coding.txt
- CDS_08_32
- Characterization of - s Padmanabhan
- ch676 chess
- 10 Examples of HashMap in Java - Programming Tutorial _ Java67
- Week 12 Hashing
- ruby-gdbm
- C Interview Questions
- Ab Und Aufzug
- lec9-02
- Trial8 Ora 5078 Inform View Comments.trc
- Tuning by Cardinality Feedback.ppt
- 48 Slide
- DBMS Indexing Extra Slides

You are on page 1of 25

(based on Arie Gurnkels csc2108 project)

An automation is non-empty iff there exists a path to an accepting state, such that there exists a cycle containing it

An automation is non-empty iff there exists a path to an accepting state, such that there exists a cycle containing it Is this automaton empty?

b a f e

d

Automata-Theoretic LTL Model Checking p.2

An automation is non-empty iff there exists a path to an accepting state, such that there exists a cycle containing it Is this automaton empty? No it accepts

b a f e

d

Automata-Theoretic LTL Model Checking p.2

An automation is non-empty iff there exists a path to an accepting state, such that there exists a cycle containing it Is this automaton empty? No it accepts

b a f e

d

Automata-Theoretic LTL Model Checking p.2

An automation is non-empty iff there exists a path to an accepting state, such that there exists a cycle containing it Is this automaton empty? No it accepts

b a f e

d

Automata-Theoretic LTL Model Checking p.2

An automation is non-empty iff there exists a path to an accepting state, such that there exists a cycle containing it Is this automaton empty? No it accepts

b a f e

d

Automata-Theoretic LTL Model Checking p.2

An automation is non-empty iff there exists a path to an accepting state, such that there exists a cycle containing it Is this automaton empty? No it accepts

b a f e

d

Automata-Theoretic LTL Model Checking p.2

LTL Model-Checking

LTL Model-Checking = Emptiness of Bchi automata a tiny bit of automata theory + trivial graph-theoretic problem typical solution use depth-rst search (DFS) Problem: state-explosion the graph is HUGE The result LTL model-checking is just a very elaborate DFS

2 1

2 1 3

2 1 3 4

2 1 3 4 5

2 1 3 4 6 5

2 1 7 3 4 6 5

2 1 7 depth-rst tree 7 1 2 3 4 5 6 3 4 6 5

1: proc 2: add to 3: 4: 5: for all 6: if 7: 8: end if 9: end for 10: 11: 12: end proc

do then

implicit STACK stores the current path through the graph Visited table stores visited nodes used to avoid cycles for each node discovery time array nishing time array

What we want

Running time at most linear anything else is not feasible Memory requirements sequentially accessed like STACK disk storage is good enough assume unlimited supply so can ignore randomly accessed like hash tables must use RAM limited resource minimize why cannot use virtual memory?

Counterexamples an automaton is non-empty iff exists an accepting run this is the counterexample we want it Approximate solutions partial result is better than nothing!

DFS Complexity

Running time each node is visited once linear in the size of the graph Memory the STACK accessed sequentially can store on disk ignore Visited table randomly accessed important Visited number of nodes in the graph number of bits needed to represent each node

Idea: nd all maximal SCCs: SCC , SCC , etc. an automaton is non-empty iff exists SCC containing an accepting state

Idea: nd all maximal SCCs: SCC , SCC , etc. an automaton is non-empty iff exists SCC containing an accepting state

Idea: nd all maximal SCCs: SCC , SCC , etc. an automaton is non-empty iff exists SCC containing an accepting state

1 2 3

4 5 6

For each node , compute

is the minimum of discovery time of discovery time of , where belongs to the same SCC as the length of a path from to is at least 1

Fact:

1: proc _ 2: add to 3: 4: 5: 6: push on 7: for all 8: if 9: _ 10: 11: else if 12:

#

"

"

do then

&

'

(

and

$ % &

is on

'

then

13: end if 14: end for 15: if then 16: repeat 17: pop from top of 18: if then 19: terminate with Yes 20: end if 21: until 22: end if 23: end proc

) ) * )

1: proc _ 2: add to 3: 4: 5: 6: push on 7: for all 8: if 9: _ 10: 11: else if 12:

#

"

"

do then

&

'

(

and

$ % &

is on

'

then

13: end if 14: end for 15: if then 16: repeat 17: pop from top of 18: if then 19: terminate with Yes 20: end if 21: until 22: end if 23: end proc

) ) * )

2 1 7 3 4

6

Automata-Theoretic LTL Model Checking p.12

Running time linear in the size of the graph Memory STACK sequential, ignore (wasted space?) is not known a priori assume is at least

Counterexamples can be extracted from the STACK even more get multiple counterexamples If we sacrice some of generality, can we do better?

Automata-Theoretic LTL Model Checking p.13

Dont look for maximal SCCs Find a reachable accepting state that is on a cycle Idea: use two sweeps sweep one: nd all accepting states sweep two: look for cycles from accepting states

Dont look for maximal SCCs Find a reachable accepting state that is on a cycle Idea: use two sweeps sweep one: nd all accepting states sweep two: look for cycles from accepting states Problem? no longer a linear algorithm (revisit the states multiple times)

Dont look for maximal SCCs Find a reachable accepting state that is on a cycle Idea: use two sweeps sweep one: nd all accepting states sweep two: look for cycles from accepting states Problem? no longer a linear algorithm (revisit the states multiple times) 1 2 3 4 5

Fact: let

and

contains nodes

Fact: let

and

contains nodes

Fact: let

and

contains nodes

1: proc 2: add to 3: for all 4: if 5: 6: end if 7: end for 8: if then 9: add to 10: end if 11: end proc

*

# *

*

*

' ! " "

do then

# ! ! * '

1: proc 2: add to 3: for all do then 4: if 5: terminate with Yes 6: else if then 7: 8: end if 9: end for 10: end proc

! " "

# * '

*

Running time linear! (single table for different nal states, so no state is processed twice)

Memory requirements

Idea when an accepting state is nished stop rst sweep start second sweep if cycle is found, we are done otherwise, restart the rst sweep As good as double DFS, but does not need to always explore the full graph counterexample is readily available a path to an accepting state is on the stack of the rst sweep a cycle is on the stack of the second

No need for two Visited hashtables empty hashtable wastes space merge into one by adding one more bit to each node iff was seen by the rst sweep iff was seen by the second sweep

Early termination condition nested DFS can be terminated as soon as it nds a node that is on the stack of the rst DFS

On-the-y Model-Checking

Typical problem consists of description of several process property in LTL

On-the-y Model-Checking

Typical problem consists of description of several process property in LTL

But, all constructions can be done in DFS order combine everything with the search result: on-the-y algorithm, only the necessary part of the graph is built

Automata-Theoretic LTL Model Checking p.20

the size of the graph to explore is huge on real programs DFS dies after examining just 1% of the state space What can be done? abstraction false negatives partial order reduction. (to be covered) exact but not applicable to full LTL partial exploration explore as much as possible false positives In practice combine all 3

Explore as much of the graph as possible The requirements must be compatible with on-the-y model-checking nested depth-rst search size of the graph not known a priori must perform as good as full exploration when enough memory is available must degrade gracefully We will look at two techniques bitstate hashing hashcompact a type of state compression

Automata-Theoretic LTL Model Checking p.22

Bitstate Hashing

a hashtable is an array of entries a hash function States a collision resolution protocol

to lookup if is empty, is not in the table else if , is in the table otherwise, apply collision resolution

Bitstate Hashing

if there are no collisions, dont need to store instead, just store one bit empty or not

at all!

coverage

collisions increase gradually when not enough memory coverage decreases at the rate collisions increase

If nested DFS stops when a successor to in is on the stack of , how is soundness guaranteed, i.e., why is the counterexample returned by model-checker real?

Answer: States are stored on the stack without hashing, since stack space does not need to be saved.

Hashcompact

Assume a large virtual hashtable, say

entries

For each node , instead of using , use , its hash value in the large table

LTL Model-Checking = Finding a reachable cycle Represent the graph symbolically and use symbolic techniques to search There exists an innite path from , iff true the graph is nite innite cyclic! exists a cycle containing an accepting state iff occurs innitely often use fairness to capture accepting states

LTL Model-Checking =

true

under fairness!

- LW-1125-cs341notesUploaded byAnandh Sridharan
- Data Structures Viva QuestionsUploaded bySumathi Kanna
- CompleteJava&J2EEUploaded byసుదర్శన్ మోరా
- GraphsUploaded bySubhanshu Mathur
- Perl TutorialUploaded byAjit Teli
- Using Table Lookup Techniques EfficientlyUploaded byatifhassansiddiqui
- java coding.txtUploaded byakbarviveka_16156616
- CDS_08_32Uploaded byJeya Shree Arunjunai Raj
- Characterization of - s PadmanabhanUploaded byglobal-marketin8184
- ch676 chessUploaded byHacralo
- 10 Examples of HashMap in Java - Programming Tutorial _ Java67Uploaded byBellum Letale
- Week 12 HashingUploaded byahmadafaq09
- ruby-gdbmUploaded bynonnax
- C Interview QuestionsUploaded byGenie Potter
- Ab Und AufzugUploaded byelvagojp
- lec9-02Uploaded byPramitha Santhumayor
- Trial8 Ora 5078 Inform View Comments.trcUploaded bymohapatramanoj87
- Tuning by Cardinality Feedback.pptUploaded byanhditimemVNA
- 48 SlideUploaded byHoàng Vũ
- DBMS Indexing Extra SlidesUploaded byashkm
- Tut5_SolUploaded byThu Vu
- 1core.docxUploaded byJustin Gomez
- Term_Project_Guideline.pdfUploaded byAnonymous EWxqjW
- DartUploaded byPoornalalitha gadde
- Chapter 11.pdfUploaded byMd. Ayub Khan
- GraphsUploaded byAnil Kumar
- Banker AlgorithmUploaded byEka Puji Widiyanto
- Session 20_TP 11.pptUploaded bylinhkurt
- Ejercicios Para Practicar PilasUploaded byDiegoYaslin
- ArrayUploaded byMuhammad Immawan Aulia

- IPV6 TRANSITION STRATEGIES FOR SERVICE PROVIDERS by Jhonson LiuUploaded byLuki Bangun Subekti
- Object Oriented Programming in CUploaded byumesh_ladha
- Swarm Intteligence by Thiemo KrinkUploaded byLuki Bangun Subekti
- Jason Brownlee - Clever AlgorithmsUploaded byCosmin Parvulescu
- Scalability in Computer System BIND/DNS ExampleUploaded byLuki Bangun Subekti
- Ipv6 Best Practice by Fredy KünzlerUploaded byLuki Bangun Subekti
- Enterprise IPv6 Deployment by Harold RitterUploaded byLuki Bangun Subekti
- Ipv6 Over MplsUploaded byKafisewon Matthew
- IPv6 Architecture Overview and Deployment ScenariosUploaded byLuki Bangun Subekti
- 10.1.1.96Uploaded byGourav_Jhangik_350
- Ash Basic Probability Theory (Dover)Uploaded byCosmin Burtea
- De1 User ManualUploaded bygauravbhatti2183

- Chap14Uploaded byAnjali Naidu
- 28824_Facility Layout Paper (1)Uploaded byAhmed El Kady
- Handout Numerical AnalysisUploaded byBhavesh Chauhan
- CyclicRedundacyCheck-XILINXUploaded byAnonymous XS9jAhY1pE
- Robotics (20)Uploaded byapi-19801502
- Graph ChandanUploaded byAbhishekMahato
- AnalysisUploaded byjuniorkid
- AutomataUploaded byAbhinav Shrivastava
- Formal Language & Automata TheoryUploaded byRaghavendra Rao
- GraphsUploaded bygdskumar
- Fuzzy if ThenUploaded byhasan_azeem08
- KineticsCUploaded byMisbaqul Munir
- EECS 490 Lecture16Uploaded bydwiutomoo
- quiz1_0Uploaded byMinnu Vakulabharanam
- NotesRGCN Bordas ReduzidasUploaded bycquina
- Cosine SeriesUploaded byBarasat HelpDesk
- Max FlowUploaded bykyle_namgal1679
- Theory of Computation.pdfUploaded byPRINCE DEWANGAN
- PrintUploaded byVinoth Vin
- STQP2034 Tutorial 3Uploaded bySabariah Othman
- Asymptotic Notation _ Asymptotic Notation in Data Structure » FreeFeast.pdfUploaded byAmar Arslaan
- question paper digitalUploaded byvalaravi
- K01134_20180920104632_Chapter1.1 Propositional Logic [Stud]Uploaded byazray
- mo to meUploaded byTanmay Dixit
- solutions_practice_problems_chapter3.pdfUploaded byMarcelo Claudio
- Numerical Methods 1Uploaded byGalaxhew
- PCD Lab ManualUploaded bythalasiva
- EE6461Uploaded byvanessaolivatto
- Lisp ProgramsUploaded byAjit More
- The Complexity of Boolean Functions 1987Uploaded byfuel4hatred