model checking - ii
TRANSCRIPT
Model Checking - II
Virendra Singh Associate Professor
Computer Architecture and Dependable Systems Lab. Dept. of Electrical Engineering Indian Institute of Technology
Bombay http://www.ee.iitb.ac.in/~viren
EE 709: Testing & Verification of VLSI Circuits
Lecture – 25 (Mar 01, 2012)
2
The Model Checking Problem
The Model Checking Problem (CE81):
Let M be a Kripke structure (i.e., state-transition graph).
Let f be a formula of temporal logic (i.e., the specification).
Find all states s of M such that M, s |= f
Preprocessor Model Checker
Kripke Structure M
Formula f True or Counterexample
Mar 01, 2012 EE-709@IITB
Temporal logic model checking
Traffic Light Controller
Design
“It is never possible to
have a green light for both
N-S and E-W.”
Model
Checker
True
False + Counterexample
FSM
rep.
Property
in some
TL e.g.
CTL, LTL
Mar 01, 2012 EE-709@IITB 3
a
b
D Q
c
n p
o
S3 S2
S1
0/0
1/1
0/0 1/0
0/0
1/1
Finite State Machine (FSM)
• I: input alphabet
• S: finite, non-empty set of states
• : S I S, next-state function
• S0 S : set of initial (reset) states
• O: output alphabet
• : S I O , output function
S3 S2
S1
0/0
1/1
0/0 1/0
0/0
1/1
S1
S2
S3
x = 0 x = 1
S1,0 S2,1
S1,0
S3,0
S2,0
S1,1
State Transition Table
State Transition Graph Mealy FSM: I, S, , S0, O, )
INPUTS OUTPUTS
LATCHES
Next
States Present
states
CombL
ogic
Mar 01, 2012 EE-709@IITB 4
3 Step Process Formal Specification
Precise statement and property
Environment constraint
Logic: Temporal logic
Automata, Labeled transition system
Models Flexible model generation to specify design
Fairness
Transition system
Formal Verification
Checking that model satisfy the property
Mar 01, 2012 EE-709@IITB 5
Semantic of Finite State System
Semantic associated with behaviour
Branching Time Semantics
The tree of states obtained by unwinding the state machine transition graph
Possible choices are explicitly represented
Linear Time Semantics
The set of all possible runs of the system
The set of infinite paths in SM
Mar 01, 2012 EE-709@IITB 6
7
Computation Tree Logics
P,q
r q,r
p,q r r
r q,r r r
P,q
r q,r
Mar 01, 2012 EE-709@IITB
Mar 01, 2012 EE-709@IITB 8
Formal Specification
Describe unambiguously and precisely the expected behaviour of the design
In general, a list of properties
Includes, environmental constraints
Mar 01, 2012 EE-709@IITB 9
Classification of Properties • Safety Property
(un) desirable things always (never) happen
• A bus arbiter never grants the requests to two masters
• Message received is message sent
• Liveness (Progress) Property
desirable state eventually reached
• Every bus request is eventually granted
• A car at a traffic light is eventually allowed to pass
• Fairness Property
Desirable state repeatedly reached
• A request state and a grant state for each client must be visited infinitely often
10
Example: traffic light controller
• Guarantee no collisions
• Guarantee eventual service
E
S
N
Mar 01, 2012 EE-709@IITB 10
Mar 01, 2012 EE-709@IITB 11
Property Specification
Properties for traffic light controller
• P1 = (s1 w1) + (s2 w2)
• Sequence R, G, Y, R, G, Y, ……
Thank you
Mar 01, 2012 EE-709@IITB 12