Introduction to Model Checking and Temporal Logic¹

Introduction to Model Checking and Temporal Logic¹

Formal Verification Lecture 1: Introduction to Model Checking and Temporal Logic¹ Jacques Fleuriot [email protected] ¹Acknowledgement: Adapted from original material by Paul Jackson, including some additions by Bob Atkey. I Describe formally a specification that we desire the model to satisfy I Check the model satisfies the specification I theorem proving (usually interactive but not necessarily) I Model checking Formal Verification (in a nutshell) I Create a formal model of some system of interest I Hardware I Communication protocol I Software, esp. concurrent software I Check the model satisfies the specification I theorem proving (usually interactive but not necessarily) I Model checking Formal Verification (in a nutshell) I Create a formal model of some system of interest I Hardware I Communication protocol I Software, esp. concurrent software I Describe formally a specification that we desire the model to satisfy Formal Verification (in a nutshell) I Create a formal model of some system of interest I Hardware I Communication protocol I Software, esp. concurrent software I Describe formally a specification that we desire the model to satisfy I Check the model satisfies the specification I theorem proving (usually interactive but not necessarily) I Model checking Introduction to Model Checking I Specifications as Formulas, Programs as Models I Programs are abstracted as Finite State Machines I Formulas are in Temporal Logic 1. For a fixed ϕ, is M j= ϕ true for all M? I Validity of ϕ I This can be done via proof in a theorem prover e.g. Isabelle. 2. For a fixed ϕ, is M j= ϕ true for some M? I Satisfiability 3. For a fixed (class of) M, what ϕs make M j= ϕ true? I “Theory discovery”/“Learning from Data”/“Generalisation” I Not in this course 4. For a fixed M and P, is it the case that M j= ϕ? I Model Checking Interpretation j= Formula The relationship between interpretations M and formulas ϕ: M j= ϕ We say M models ϕ. Questions we can ask: 2. For a fixed ϕ, is M j= ϕ true for some M? I Satisfiability 3. For a fixed (class of) M, what ϕs make M j= ϕ true? I “Theory discovery”/“Learning from Data”/“Generalisation” I Not in this course 4. For a fixed M and P, is it the case that M j= ϕ? I Model Checking Interpretation j= Formula The relationship between interpretations M and formulas ϕ: M j= ϕ We say M models ϕ. Questions we can ask: 1. For a fixed ϕ, is M j= ϕ true for all M? I Validity of ϕ I This can be done via proof in a theorem prover e.g. Isabelle. 3. For a fixed (class of) M, what ϕs make M j= ϕ true? I “Theory discovery”/“Learning from Data”/“Generalisation” I Not in this course 4. For a fixed M and P, is it the case that M j= ϕ? I Model Checking Interpretation j= Formula The relationship between interpretations M and formulas ϕ: M j= ϕ We say M models ϕ. Questions we can ask: 1. For a fixed ϕ, is M j= ϕ true for all M? I Validity of ϕ I This can be done via proof in a theorem prover e.g. Isabelle. 2. For a fixed ϕ, is M j= ϕ true for some M? I Satisfiability 4. For a fixed M and P, is it the case that M j= ϕ? I Model Checking Interpretation j= Formula The relationship between interpretations M and formulas ϕ: M j= ϕ We say M models ϕ. Questions we can ask: 1. For a fixed ϕ, is M j= ϕ true for all M? I Validity of ϕ I This can be done via proof in a theorem prover e.g. Isabelle. 2. For a fixed ϕ, is M j= ϕ true for some M? I Satisfiability 3. For a fixed (class of) M, what ϕs make M j= ϕ true? I “Theory discovery”/“Learning from Data”/“Generalisation” I Not in this course Interpretation j= Formula The relationship between interpretations M and formulas ϕ: M j= ϕ We say M models ϕ. Questions we can ask: 1. For a fixed ϕ, is M j= ϕ true for all M? I Validity of ϕ I This can be done via proof in a theorem prover e.g. Isabelle. 2. For a fixed ϕ, is M j= ϕ true for some M? I Satisfiability 3. For a fixed (class of) M, what ϕs make M j= ϕ true? I “Theory discovery”/“Learning from Data”/“Generalisation” I Not in this course 4. For a fixed M and P, is it the case that M j= ϕ? I Model Checking Model Checking At a high level, many tasks can be rephrased as model checking. “Interpretations” M j= “Formulas” ϕ Task sequences of tokens j= grammars parsing database tables j= SQL queries query execution email texts j= spam rules spam detection sequences of letters j= dictionary spellchecking audio data j= acoustic/lang. model speech recognition finite state machines j= temporal logic specification checking Details differ widely, but question of “is this data consistent withthis statement? (and to what degree?)” is extremely common. Historically, “Model Checking” usually refers to the last one. This is the one we will cover over the next few lectures. Uses of Model Checking Model Checking has been used to: I Check Microsoft Windows device drivers for bugs I The “Static Driver Verifier” tool I The SPIN tool (http://spinroot.com): I http://spinroot.com/spin/success.html I Flood control barrier control software I Call processing software at Lucent I Parts of Mars Science Laboratory, Deep Space 1, Cassini, the Mars Exploration Rovers, Deep Impact I … I PEPA (Performance Evaluation Process Algebra) http://www.dcs.ed.ac.uk/pepa/ I Multiprocessor systems I Biological systems I … Model Checking – Models A model of some system has: I A finite set of states I A subset of states considered as the initial states I A transition relation which, given a state, describes all states that can be reached “in one time step”. Good for I Software, sequential and concurrent I Digital hardware I Communication protocols Refinements of this setup can handle: Infinite state spaces, Continuous state spaces, Continuous time, Probabilistic Transitions. Good for hybrid (i.e., discrete and continuous) and control systems. I We must choose what to model and what not to model I There will limitations forced by the formalism I e.g., here we are limited to finite state models I There will be things we do not understand sufficiently tomodel I e.g., people In the words of the The Cure’s Pictures of You: I’ve been looking so long at these pictures of you That I almost believe that they’re real I’ve been living so long with my pictures of you That I almost believe that the pictures are All I can feel Do not do this: the pictures are not real. Model Checking – Models Models are always abstractions of reality. I There will limitations forced by the formalism I e.g., here we are limited to finite state models I There will be things we do not understand sufficiently tomodel I e.g., people In the words of the The Cure’s Pictures of You: I’ve been looking so long at these pictures of you That I almost believe that they’re real I’ve been living so long with my pictures of you That I almost believe that the pictures are All I can feel Do not do this: the pictures are not real. Model Checking – Models Models are always abstractions of reality. I We must choose what to model and what not to model I There will be things we do not understand sufficiently tomodel I e.g., people In the words of the The Cure’s Pictures of You: I’ve been looking so long at these pictures of you That I almost believe that they’re real I’ve been living so long with my pictures of you That I almost believe that the pictures are All I can feel Do not do this: the pictures are not real. Model Checking – Models Models are always abstractions of reality. I We must choose what to model and what not to model I There will limitations forced by the formalism I e.g., here we are limited to finite state models In the words of the The Cure’s Pictures of You: I’ve been looking so long at these pictures of you That I almost believe that they’re real I’ve been living so long with my pictures of you That I almost believe that the pictures are All I can feel Do not do this: the pictures are not real. Model Checking – Models Models are always abstractions of reality. I We must choose what to model and what not to model I There will limitations forced by the formalism I e.g., here we are limited to finite state models I There will be things we do not understand sufficiently tomodel I e.g., people Do not do this: the pictures are not real. Model Checking – Models Models are always abstractions of reality. I We must choose what to model and what not to model I There will limitations forced by the formalism I e.g., here we are limited to finite state models I There will be things we do not understand sufficiently tomodel I e.g., people In the words of the The Cure’s Pictures of You: I’ve been looking so long at these pictures of you That I almost believe that they’re real I’ve been living so long with my pictures of you That I almost believe that the pictures are All I can feel Model Checking – Models Models are always abstractions of reality.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    35 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us