model checking lecture 5. outline 1 specifications: logic vs. automata, linear vs. branching, safety...

Model Checking

Lecture 5

Outline

1 Specifications logic vs automata linear vs branching safety vs liveness

2 Graph algorithms for model checking

3 Symbolic algorithms for model checking

4 Pushdown systems

From Finite to Inifinite-State Systems

bull So far algorithms for systems with finite state spaces

bull Sources of infinite-statendash Control recursionndash Data unbounded numeric variables

lists ndash Time Systems with real-time clocksndash Parameters arbitrary number of

participating processes

Decidability vs Expressiveness

bull Unbounded state Undecidablebull Is the unbounded system able to

encode a Turing machinendash Single-counter machines NOndash Two-counter machines YESndash Single-stack machines NOndash Two-stack machines YES

State representation

bull Explicit representation infeasiblebull Symbolic representation is the key

ndash For the transition systemndash For the reachable states

Pushdown systems

(G L g0 l0 )

g h G finite set of control states

l m L finite set of stack symbols g0 initial control state l0 initial stack symbol set of transitions

Three kinds of transitions(g l) (h m) (step)(g l) (h m n) (call)(g l) (h ) (return)

Configuration g l

g l h m g l

Modeling sequential programs

bull An element in G is a valuation to global variables

bull An element in L is a valuation to local variables andndash current instruction address for the frame

at the top of the stackndash return instruction address for the other

frames

Example

bool a = F

void main( ) L1 a = TL2 flip(a)L3

void flip(bool x) L4 a = xL5

(F _ L3)

(F _ L3 T L5)

(T _ L3 T L4)

(T _ L2)

(F _ L1)

(a x pc)

Reachability problem

Given pushdown system (G L g0 l0 ) and control state g does there exist a stack ls L such that (g0 l0) (g ls)

Naiumlve algorithm

Add (g0 l0) to R

(g ls) R (g ls) (grsquo lsrsquo)

Add (grsquo lsrsquo) to R

bull R is unbounded so algorithm wonrsquot terminate

bull Two solutionsndash Summary-based (aka interprocedural

dataflow analysis)ndash Automata-based

Problem with the naiumlve algorithm

E(g l h m) (step edges)

E+(g l h nm) (call edges)

E-(g l h) (pop edges)

Initially

Algorithm I

E(g0 l0 g0 l0)

E+ is empty

E- is empty

Step rule

E(g l h m) (h m) (hrsquo mrsquo)

E(g l hrsquo mrsquo)

Call rule

E(g l h m) (h m) (hrsquo nrsquomrsquo)

E+(g l hrsquo nrsquomrsquo) E(hrsquo nrsquo hrsquo nrsquo)

Return rule

E(g l h m) (h m) (hrsquo )

E-(g l hrsquo)

Summary rule

E+(g l h nm) E-(h n hrsquo)

E(g l hrsquo m)

int g = 0

main() L0 incr()L1 g = 0L2 incr()L3

incr() L4 g = g+1L5

E(0 L0 0 L0)

E+(0 L0 0 L4L1)

E(0 L4 0 L4)

E(0 L4 1 L5)

E-(0 L4 1)

E(0 L0 1 L1)

E(0 L0 0 L2)

E+(0 L0 0 L4L3)E(0 L0 1 L3)

E-(0 L0 1)

int g = 0

main() L0 if () L1 foo(0) else L2 foo(1)L3 assert(g gt 0)L4

foo(r) L5 if (r = 0) L6 foo(r) else L7 g = g + 1L8

E(0 L0 0 L0)

E+(0 L0 0 L50L3)E(0 L50 0 L50)

E(0 L50 0 L60)

E(0 L0 0 L1)

E(0 L0 0 L2)

E+(0 L0 0 L51L3)E(0 L51 0 L51)

E(0 L51 0 L71)

E(0 L51 1 L81)

E-(0 L51 1)E(0 L0 1 L3)

E(0 L0 1 L4)

E-(0 L0 1)

E+(0 L50 0 L50L80)

Given pushdown system (G L g0 l0 ) and control state g does there exist a stack ls such that (g0 l0) (g ls)

Algorithm I Summary-based

Yes if E(grsquo lrsquo g l) for some grsquo lrsquo and lNo otherwise

Algorithm II

Add (g0 l0) to R

Key ideaUse a finite automaton to symbolically represent R

Symbolic representation

Pushdown system (G L g0 l0 )

Representation automaton (Q L T G F)- Q ( G) is the set of states- L is the alphabet- T is the transition relation- G is the set of initial states- F is the set of final states

g s1 s2l l

Represents the set of configurations (h m) (g l m l)

A set C of configurations is regular if it is representable by an automaton

Theorem (Buchi) The set of configurations reachable from a regular set is also regular

Pushdown system

(G L g0 l0 )- G = g0 g1 g2- L = l0 l1 l2- (g0 l0) (g1 l1l0) (g1 l1) (g2 l2l0) (g2 l2) (g0 l1) (g0 l1) (g0 )

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Outline

1 Specifications logic vs automata linear vs branching safety vs liveness

2 Graph algorithms for model checking

3 Symbolic algorithms for model checking

4 Pushdown systems

Pushdown systems

(G L g0 l0 )

Configuration g l

g l h m g l

frames

Example

bool a = F

(F _ L3)

(F _ L3 T L5)

(T _ L3 T L4)

(T _ L2)

(F _ L1)

(a x pc)

Naiumlve algorithm

Add (g0 l0) to R

Initially

Algorithm I

E(g0 l0 g0 l0)

E+ is empty

E- is empty

Step rule

Call rule

Return rule

E-(g l hrsquo)

Summary rule

E(g l hrsquo m)

int g = 0

incr() L4 g = g+1L5

E(0 L0 0 L0)

E+(0 L0 0 L4L1)

E(0 L4 0 L4)

E(0 L4 1 L5)

E-(0 L4 1)

E(0 L0 1 L1)

E(0 L0 0 L2)

E+(0 L0 0 L4L3)E(0 L0 1 L3)

E-(0 L0 1)

int g = 0

E(0 L0 0 L0)

E+(0 L0 0 L50L3)E(0 L50 0 L50)

E(0 L50 0 L60)

E(0 L0 0 L1)

E(0 L0 0 L2)

E+(0 L0 0 L51L3)E(0 L51 0 L51)

E(0 L51 0 L71)

E(0 L51 1 L81)

E-(0 L51 1)E(0 L0 1 L3)

E(0 L0 1 L4)

E-(0 L0 1)

E+(0 L50 0 L50L80)

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Pushdown systems

(G L g0 l0 )

Configuration g l

g l h m g l

frames

Example

bool a = F

(F _ L3)

(F _ L3 T L5)

(T _ L3 T L4)

(T _ L2)

(F _ L1)

(a x pc)

Naiumlve algorithm

Add (g0 l0) to R

Initially

Algorithm I

E(g0 l0 g0 l0)

E+ is empty

E- is empty

Step rule

Call rule

Return rule

E-(g l hrsquo)

Summary rule

E(g l hrsquo m)

int g = 0

incr() L4 g = g+1L5

E(0 L0 0 L0)

E+(0 L0 0 L4L1)

E(0 L4 0 L4)

E(0 L4 1 L5)

E-(0 L4 1)

E(0 L0 1 L1)

E(0 L0 0 L2)

E+(0 L0 0 L4L3)E(0 L0 1 L3)

E-(0 L0 1)

int g = 0

E(0 L0 0 L0)

E+(0 L0 0 L50L3)E(0 L50 0 L50)

E(0 L50 0 L60)

E(0 L0 0 L1)

E(0 L0 0 L2)

E+(0 L0 0 L51L3)E(0 L51 0 L51)

E(0 L51 0 L71)

E(0 L51 1 L81)

E-(0 L51 1)E(0 L0 1 L3)

E(0 L0 1 L4)

E-(0 L0 1)

E+(0 L50 0 L50L80)

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Pushdown systems

(G L g0 l0 )

Configuration g l

g l h m g l

frames

Example

bool a = F

(F _ L3)

(F _ L3 T L5)

(T _ L3 T L4)

(T _ L2)

(F _ L1)

(a x pc)

Naiumlve algorithm

Add (g0 l0) to R

Initially

Algorithm I

E(g0 l0 g0 l0)

E+ is empty

E- is empty

Step rule

Call rule

Return rule

E-(g l hrsquo)

Summary rule

E(g l hrsquo m)

int g = 0

incr() L4 g = g+1L5

E(0 L0 0 L0)

E+(0 L0 0 L4L1)

E(0 L4 0 L4)

E(0 L4 1 L5)

E-(0 L4 1)

E(0 L0 1 L1)

E(0 L0 0 L2)

E+(0 L0 0 L4L3)E(0 L0 1 L3)

E-(0 L0 1)

int g = 0

E(0 L0 0 L0)

E+(0 L0 0 L50L3)E(0 L50 0 L50)

E(0 L50 0 L60)

E(0 L0 0 L1)

E(0 L0 0 L2)

E+(0 L0 0 L51L3)E(0 L51 0 L51)

E(0 L51 0 L71)

E(0 L51 1 L81)

E-(0 L51 1)E(0 L0 1 L3)

E(0 L0 1 L4)

E-(0 L0 1)

E+(0 L50 0 L50L80)

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Pushdown systems

(G L g0 l0 )

Configuration g l

g l h m g l

frames

Example

bool a = F

(F _ L3)

(F _ L3 T L5)

(T _ L3 T L4)

(T _ L2)

(F _ L1)

(a x pc)

Naiumlve algorithm

Add (g0 l0) to R

Initially

Algorithm I

E(g0 l0 g0 l0)

E+ is empty

E- is empty

Step rule

Call rule

Return rule

E-(g l hrsquo)

Summary rule

E(g l hrsquo m)

int g = 0

incr() L4 g = g+1L5

E(0 L0 0 L0)

E+(0 L0 0 L4L1)

E(0 L4 0 L4)

E(0 L4 1 L5)

E-(0 L4 1)

E(0 L0 1 L1)

E(0 L0 0 L2)

E+(0 L0 0 L4L3)E(0 L0 1 L3)

E-(0 L0 1)

int g = 0

E(0 L0 0 L0)

E+(0 L0 0 L50L3)E(0 L50 0 L50)

E(0 L50 0 L60)

E(0 L0 0 L1)

E(0 L0 0 L2)

E+(0 L0 0 L51L3)E(0 L51 0 L51)

E(0 L51 0 L71)

E(0 L51 1 L81)

E-(0 L51 1)E(0 L0 1 L3)

E(0 L0 1 L4)

E-(0 L0 1)

E+(0 L50 0 L50L80)

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Pushdown systems

(G L g0 l0 )

Configuration g l

g l h m g l

frames

Example

bool a = F

(F _ L3)

(F _ L3 T L5)

(T _ L3 T L4)

(T _ L2)

(F _ L1)

(a x pc)

Naiumlve algorithm

Add (g0 l0) to R

Initially

Algorithm I

E(g0 l0 g0 l0)

E+ is empty

E- is empty

Step rule

Call rule

Return rule

E-(g l hrsquo)

Summary rule

E(g l hrsquo m)

int g = 0

incr() L4 g = g+1L5

E(0 L0 0 L0)

E+(0 L0 0 L4L1)

E(0 L4 0 L4)

E(0 L4 1 L5)

E-(0 L4 1)

E(0 L0 1 L1)

E(0 L0 0 L2)

E+(0 L0 0 L4L3)E(0 L0 1 L3)

E-(0 L0 1)

int g = 0

E(0 L0 0 L0)

E+(0 L0 0 L50L3)E(0 L50 0 L50)

E(0 L50 0 L60)

E(0 L0 0 L1)

E(0 L0 0 L2)

E+(0 L0 0 L51L3)E(0 L51 0 L51)

E(0 L51 0 L71)

E(0 L51 1 L81)

E-(0 L51 1)E(0 L0 1 L3)

E(0 L0 1 L4)

E-(0 L0 1)

E+(0 L50 0 L50L80)

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Pushdown systems

(G L g0 l0 )

Configuration g l

g l h m g l

frames

Example

bool a = F

(F _ L3)

(F _ L3 T L5)

(T _ L3 T L4)

(T _ L2)

(F _ L1)

(a x pc)

Naiumlve algorithm

Add (g0 l0) to R

Initially

Algorithm I

E(g0 l0 g0 l0)

E+ is empty

E- is empty

Step rule

Call rule

Return rule

E-(g l hrsquo)

Summary rule

E(g l hrsquo m)

int g = 0

incr() L4 g = g+1L5

E(0 L0 0 L0)

E+(0 L0 0 L4L1)

E(0 L4 0 L4)

E(0 L4 1 L5)

E-(0 L4 1)

E(0 L0 1 L1)

E(0 L0 0 L2)

E+(0 L0 0 L4L3)E(0 L0 1 L3)

E-(0 L0 1)

int g = 0

E(0 L0 0 L0)

E+(0 L0 0 L50L3)E(0 L50 0 L50)

E(0 L50 0 L60)

E(0 L0 0 L1)

E(0 L0 0 L2)

E+(0 L0 0 L51L3)E(0 L51 0 L51)

E(0 L51 0 L71)

E(0 L51 1 L81)

E-(0 L51 1)E(0 L0 1 L3)

E(0 L0 1 L4)

E-(0 L0 1)

E+(0 L50 0 L50L80)

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Pushdown systems

(G L g0 l0 )

Configuration g l

g l h m g l

frames

Example

bool a = F

(F _ L3)

(F _ L3 T L5)

(T _ L3 T L4)

(T _ L2)

(F _ L1)

(a x pc)

Naiumlve algorithm

Add (g0 l0) to R

Initially

Algorithm I

E(g0 l0 g0 l0)

E+ is empty

E- is empty

Step rule

Call rule

Return rule

E-(g l hrsquo)

Summary rule

E(g l hrsquo m)

int g = 0

incr() L4 g = g+1L5

E(0 L0 0 L0)

E+(0 L0 0 L4L1)

E(0 L4 0 L4)

E(0 L4 1 L5)

E-(0 L4 1)

E(0 L0 1 L1)

E(0 L0 0 L2)

E+(0 L0 0 L4L3)E(0 L0 1 L3)

E-(0 L0 1)

int g = 0

E(0 L0 0 L0)

E+(0 L0 0 L50L3)E(0 L50 0 L50)

E(0 L50 0 L60)

E(0 L0 0 L1)

E(0 L0 0 L2)

E+(0 L0 0 L51L3)E(0 L51 0 L51)

E(0 L51 0 L71)

E(0 L51 1 L81)

E-(0 L51 1)E(0 L0 1 L3)

E(0 L0 1 L4)

E-(0 L0 1)

E+(0 L50 0 L50L80)

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Configuration g l

g l h m g l

frames

Example

bool a = F

(F _ L3)

(F _ L3 T L5)

(T _ L3 T L4)

(T _ L2)

(F _ L1)

(a x pc)

Naiumlve algorithm

Add (g0 l0) to R

Initially

Algorithm I

E(g0 l0 g0 l0)

E+ is empty

E- is empty

Step rule

Call rule

Return rule

E-(g l hrsquo)

Summary rule

E(g l hrsquo m)

int g = 0

incr() L4 g = g+1L5

E(0 L0 0 L0)

E+(0 L0 0 L4L1)

E(0 L4 0 L4)

E(0 L4 1 L5)

E-(0 L4 1)

E(0 L0 1 L1)

E(0 L0 0 L2)

E+(0 L0 0 L4L3)E(0 L0 1 L3)

E-(0 L0 1)

int g = 0

E(0 L0 0 L0)

E+(0 L0 0 L50L3)E(0 L50 0 L50)

E(0 L50 0 L60)

E(0 L0 0 L1)

E(0 L0 0 L2)

E+(0 L0 0 L51L3)E(0 L51 0 L51)

E(0 L51 0 L71)

E(0 L51 1 L81)

E-(0 L51 1)E(0 L0 1 L3)

E(0 L0 1 L4)

E-(0 L0 1)

E+(0 L50 0 L50L80)

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

frames

Example

bool a = F

(F _ L3)

(F _ L3 T L5)

(T _ L3 T L4)

(T _ L2)

(F _ L1)

(a x pc)

Naiumlve algorithm

Add (g0 l0) to R

Initially

Algorithm I

E(g0 l0 g0 l0)

E+ is empty

E- is empty

Step rule

Call rule

Return rule

E-(g l hrsquo)

Summary rule

E(g l hrsquo m)

int g = 0

incr() L4 g = g+1L5

E(0 L0 0 L0)

E+(0 L0 0 L4L1)

E(0 L4 0 L4)

E(0 L4 1 L5)

E-(0 L4 1)

E(0 L0 1 L1)

E(0 L0 0 L2)

E+(0 L0 0 L4L3)E(0 L0 1 L3)

E-(0 L0 1)

int g = 0

E(0 L0 0 L0)

E+(0 L0 0 L50L3)E(0 L50 0 L50)

E(0 L50 0 L60)

E(0 L0 0 L1)

E(0 L0 0 L2)

E+(0 L0 0 L51L3)E(0 L51 0 L51)

E(0 L51 0 L71)

E(0 L51 1 L81)

E-(0 L51 1)E(0 L0 1 L3)

E(0 L0 1 L4)

E-(0 L0 1)

E+(0 L50 0 L50L80)

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Example

bool a = F

(F _ L3)

(F _ L3 T L5)

(T _ L3 T L4)

(T _ L2)

(F _ L1)

(a x pc)

Naiumlve algorithm

Add (g0 l0) to R

Initially

Algorithm I

E(g0 l0 g0 l0)

E+ is empty

E- is empty

Step rule

Call rule

Return rule

E-(g l hrsquo)

Summary rule

E(g l hrsquo m)

int g = 0

incr() L4 g = g+1L5

E(0 L0 0 L0)

E+(0 L0 0 L4L1)

E(0 L4 0 L4)

E(0 L4 1 L5)

E-(0 L4 1)

E(0 L0 1 L1)

E(0 L0 0 L2)

E+(0 L0 0 L4L3)E(0 L0 1 L3)

E-(0 L0 1)

int g = 0

E(0 L0 0 L0)

E+(0 L0 0 L50L3)E(0 L50 0 L50)

E(0 L50 0 L60)

E(0 L0 0 L1)

E(0 L0 0 L2)

E+(0 L0 0 L51L3)E(0 L51 0 L51)

E(0 L51 0 L71)

E(0 L51 1 L81)

E-(0 L51 1)E(0 L0 1 L3)

E(0 L0 1 L4)

E-(0 L0 1)

E+(0 L50 0 L50L80)

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Naiumlve algorithm

Add (g0 l0) to R

Initially

Algorithm I

E(g0 l0 g0 l0)

E+ is empty

E- is empty

Step rule

Call rule

Return rule

E-(g l hrsquo)

Summary rule

E(g l hrsquo m)

int g = 0

incr() L4 g = g+1L5

E(0 L0 0 L0)

E+(0 L0 0 L4L1)

E(0 L4 0 L4)

E(0 L4 1 L5)

E-(0 L4 1)

E(0 L0 1 L1)

E(0 L0 0 L2)

E+(0 L0 0 L4L3)E(0 L0 1 L3)

E-(0 L0 1)

int g = 0

E(0 L0 0 L0)

E+(0 L0 0 L50L3)E(0 L50 0 L50)

E(0 L50 0 L60)

E(0 L0 0 L1)

E(0 L0 0 L2)

E+(0 L0 0 L51L3)E(0 L51 0 L51)

E(0 L51 0 L71)

E(0 L51 1 L81)

E-(0 L51 1)E(0 L0 1 L3)

E(0 L0 1 L4)

E-(0 L0 1)

E+(0 L50 0 L50L80)

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Naiumlve algorithm

Add (g0 l0) to R

Initially

Algorithm I

E(g0 l0 g0 l0)

E+ is empty

E- is empty

Step rule

Call rule

Return rule

E-(g l hrsquo)

Summary rule

E(g l hrsquo m)

int g = 0

incr() L4 g = g+1L5

E(0 L0 0 L0)

E+(0 L0 0 L4L1)

E(0 L4 0 L4)

E(0 L4 1 L5)

E-(0 L4 1)

E(0 L0 1 L1)

E(0 L0 0 L2)

E+(0 L0 0 L4L3)E(0 L0 1 L3)

E-(0 L0 1)

int g = 0

E(0 L0 0 L0)

E+(0 L0 0 L50L3)E(0 L50 0 L50)

E(0 L50 0 L60)

E(0 L0 0 L1)

E(0 L0 0 L2)

E+(0 L0 0 L51L3)E(0 L51 0 L51)

E(0 L51 0 L71)

E(0 L51 1 L81)

E-(0 L51 1)E(0 L0 1 L3)

E(0 L0 1 L4)

E-(0 L0 1)

E+(0 L50 0 L50L80)

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Initially

Algorithm I

E(g0 l0 g0 l0)

E+ is empty

E- is empty

Step rule

Call rule

Return rule

E-(g l hrsquo)

Summary rule

E(g l hrsquo m)

int g = 0

incr() L4 g = g+1L5

E(0 L0 0 L0)

E+(0 L0 0 L4L1)

E(0 L4 0 L4)

E(0 L4 1 L5)

E-(0 L4 1)

E(0 L0 1 L1)

E(0 L0 0 L2)

E+(0 L0 0 L4L3)E(0 L0 1 L3)

E-(0 L0 1)

int g = 0

E(0 L0 0 L0)

E+(0 L0 0 L50L3)E(0 L50 0 L50)

E(0 L50 0 L60)

E(0 L0 0 L1)

E(0 L0 0 L2)

E+(0 L0 0 L51L3)E(0 L51 0 L51)

E(0 L51 0 L71)

E(0 L51 1 L81)

E-(0 L51 1)E(0 L0 1 L3)

E(0 L0 1 L4)

E-(0 L0 1)

E+(0 L50 0 L50L80)

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Initially

Algorithm I

E(g0 l0 g0 l0)

E+ is empty

E- is empty

Step rule

Call rule

Return rule

E-(g l hrsquo)

Summary rule

E(g l hrsquo m)

int g = 0

incr() L4 g = g+1L5

E(0 L0 0 L0)

E+(0 L0 0 L4L1)

E(0 L4 0 L4)

E(0 L4 1 L5)

E-(0 L4 1)

E(0 L0 1 L1)

E(0 L0 0 L2)

E+(0 L0 0 L4L3)E(0 L0 1 L3)

E-(0 L0 1)

int g = 0

E(0 L0 0 L0)

E+(0 L0 0 L50L3)E(0 L50 0 L50)

E(0 L50 0 L60)

E(0 L0 0 L1)

E(0 L0 0 L2)

E+(0 L0 0 L51L3)E(0 L51 0 L51)

E(0 L51 0 L71)

E(0 L51 1 L81)

E-(0 L51 1)E(0 L0 1 L3)

E(0 L0 1 L4)

E-(0 L0 1)

E+(0 L50 0 L50L80)

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Step rule

Call rule

Return rule

E-(g l hrsquo)

Summary rule

E(g l hrsquo m)

int g = 0

incr() L4 g = g+1L5

E(0 L0 0 L0)

E+(0 L0 0 L4L1)

E(0 L4 0 L4)

E(0 L4 1 L5)

E-(0 L4 1)

E(0 L0 1 L1)

E(0 L0 0 L2)

E+(0 L0 0 L4L3)E(0 L0 1 L3)

E-(0 L0 1)

int g = 0

E(0 L0 0 L0)

E+(0 L0 0 L50L3)E(0 L50 0 L50)

E(0 L50 0 L60)

E(0 L0 0 L1)

E(0 L0 0 L2)

E+(0 L0 0 L51L3)E(0 L51 0 L51)

E(0 L51 0 L71)

E(0 L51 1 L81)

E-(0 L51 1)E(0 L0 1 L3)

E(0 L0 1 L4)

E-(0 L0 1)

E+(0 L50 0 L50L80)

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Call rule

Return rule

E-(g l hrsquo)

Summary rule

E(g l hrsquo m)

int g = 0

incr() L4 g = g+1L5

E(0 L0 0 L0)

E+(0 L0 0 L4L1)

E(0 L4 0 L4)

E(0 L4 1 L5)

E-(0 L4 1)

E(0 L0 1 L1)

E(0 L0 0 L2)

E+(0 L0 0 L4L3)E(0 L0 1 L3)

E-(0 L0 1)

int g = 0

E(0 L0 0 L0)

E+(0 L0 0 L50L3)E(0 L50 0 L50)

E(0 L50 0 L60)

E(0 L0 0 L1)

E(0 L0 0 L2)

E+(0 L0 0 L51L3)E(0 L51 0 L51)

E(0 L51 0 L71)

E(0 L51 1 L81)

E-(0 L51 1)E(0 L0 1 L3)

E(0 L0 1 L4)

E-(0 L0 1)

E+(0 L50 0 L50L80)

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Return rule

E-(g l hrsquo)

Summary rule

E(g l hrsquo m)

int g = 0

incr() L4 g = g+1L5

E(0 L0 0 L0)

E+(0 L0 0 L4L1)

E(0 L4 0 L4)

E(0 L4 1 L5)

E-(0 L4 1)

E(0 L0 1 L1)

E(0 L0 0 L2)

E+(0 L0 0 L4L3)E(0 L0 1 L3)

E-(0 L0 1)

int g = 0

E(0 L0 0 L0)

E+(0 L0 0 L50L3)E(0 L50 0 L50)

E(0 L50 0 L60)

E(0 L0 0 L1)

E(0 L0 0 L2)

E+(0 L0 0 L51L3)E(0 L51 0 L51)

E(0 L51 0 L71)

E(0 L51 1 L81)

E-(0 L51 1)E(0 L0 1 L3)

E(0 L0 1 L4)

E-(0 L0 1)

E+(0 L50 0 L50L80)

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Summary rule

E(g l hrsquo m)

int g = 0

incr() L4 g = g+1L5

E(0 L0 0 L0)

E+(0 L0 0 L4L1)

E(0 L4 0 L4)

E(0 L4 1 L5)

E-(0 L4 1)

E(0 L0 1 L1)

E(0 L0 0 L2)

E+(0 L0 0 L4L3)E(0 L0 1 L3)

E-(0 L0 1)

int g = 0

E(0 L0 0 L0)

E+(0 L0 0 L50L3)E(0 L50 0 L50)

E(0 L50 0 L60)

E(0 L0 0 L1)

E(0 L0 0 L2)

E+(0 L0 0 L51L3)E(0 L51 0 L51)

E(0 L51 0 L71)

E(0 L51 1 L81)

E-(0 L51 1)E(0 L0 1 L3)

E(0 L0 1 L4)

E-(0 L0 1)

E+(0 L50 0 L50L80)

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

int g = 0

incr() L4 g = g+1L5

E(0 L0 0 L0)

E+(0 L0 0 L4L1)

E(0 L4 0 L4)

E(0 L4 1 L5)

E-(0 L4 1)

E(0 L0 1 L1)

E(0 L0 0 L2)

E+(0 L0 0 L4L3)E(0 L0 1 L3)

E-(0 L0 1)

int g = 0

E(0 L0 0 L0)

E+(0 L0 0 L50L3)E(0 L50 0 L50)

E(0 L50 0 L60)

E(0 L0 0 L1)

E(0 L0 0 L2)

E+(0 L0 0 L51L3)E(0 L51 0 L51)

E(0 L51 0 L71)

E(0 L51 1 L81)

E-(0 L51 1)E(0 L0 1 L3)

E(0 L0 1 L4)

E-(0 L0 1)

E+(0 L50 0 L50L80)

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

int g = 0

E(0 L0 0 L0)

E+(0 L0 0 L50L3)E(0 L50 0 L50)

E(0 L50 0 L60)

E(0 L0 0 L1)

E(0 L0 0 L2)

E+(0 L0 0 L51L3)E(0 L51 0 L51)

E(0 L51 0 L71)

E(0 L51 1 L81)

E-(0 L51 1)E(0 L0 1 L3)

E(0 L0 1 L4)

E-(0 L0 1)

E+(0 L50 0 L50L80)

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Add (g0 l0) to R

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

g s1 s2l l

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

Pushdown system

(g0 l0 l0l0+ l1l0l0+) (g1 l1l0+) (g2 l2l0l0+)

Pushdown systems

Example

Naiumlve algorithm

Algorithm I

Step rule

Call rule

Return rule

Summary rule

Algorithm II

model checking lecture 5. outline 1 specifications: logic vs. automata, linear vs. branching, safety...

h slide

step g

control state g

nm e g

edges e g

pushdown systems g

nm e h

ls r g

Documents

liveness in programming

liveness based pointer analysis

project liveness report 01

ssl validation checking vs. go(ing) to fail ·...

random checking of ecrins vs. terrain accuracy in flat areas

7. liveness and asynchrony

safety & liveness properties - uio

liveness detection in biometrics · table of contents 01...

liveness and multimedia performance

recognizing safety and liveness

face liveness detection

specification and validation of real-time systems using...

executing liveness

liveness analysis and register allocation · 2020. 5....

checking qualitative liveness properties of replicated...

proving liveness properties of concurrent programs€¦ ·...

model checking vs. theorem proving: a - cornell university

checking properties of software static safety verification...

algorithms for software model checking: predicate...

liveness, hybridity and noise