Post on 03-Jan-2016
CTL Model Checking
张文辉http://lcs.ios.ac.cn/~zwh
CTL Model Checking
迁移系统迁移系统 Kripke 结构Kripke 结构
CTLCTL CTLCTL
M |= M |= M |= M |= 标号算法标号算法
CTL
Only consider CTL formulas with
propositions,negation, disjunction, EX, EG, EU
== p | | |EX | EG | E( U )
Model Checking by Labeling
Model Checking by Labeling
Given M=<S,R,I,L> and Extend L(s) to contain all sub-formulas of that holds on s.
Model Checking by Labeling
(1)For a propositional sub-formula, nothing needs to be done.
(2) For , add to L(s), if L(s)
Model Checking by Labeling
(3)For ,add to L(s), if L(s) or L(s)
(4)For EX,add EX to L(s), if L(s’) for some (s,s’)R
Model Checking by Labeling
(5)For E(U),a) add E(U) to L(s), if L(s)b) add E(U) to L(s), if L(s) and E(U) L(s’) for some (s,s’)R(c) repeat b until L does not change
Model Checking by Labeling
(6)For EG ,a) compute S’={s | L(s)}b) compute nontrivial SCCs of the sub-graph induced by S’; for every s in such an SCC, add EG to L(s).c) add EG to L(s), if s S’ and EG L(s’) for some (s,s’)R(d) repeat c until L does not change
Model Checking by Labeling
M,s |= iff L(s)
M |= iff L(s) for every s I.
CTL Symbolic Model Checking
迁移系统迁移系统 Kripke 结构Kripke 结构
CTLCTL CTLCTL 状态集合状态集合
M |= M |= M |= M |= I [[]]I [[]]
Fixpoint
Model Checking by Fixpoint
(1)For a propositional sub-formula p, [[p]] = { s | p L(s) }
(2) For , [[]] = S \ [[]]
Model Checking by Fixpoint
(3)For ,[[]] =[[] [[]]
(4)For EX,[[EX]] = ex([[]])
Model Checking by Fixpoint
(5)For E(U),[[E(U)]] = Z.([[]]([[]] ex(Z)))
(6)For EG ,[[EG ]] = Z.([[]] ex(Z))
Model Checking by Fixpoint
M,s |= iff s [[]]
M |= iff I [[]]
Symbolic Model Checking
CTL Symbolic Model Checking
Kripke 结构Kripke 结构
OBDD([[]])OBDD([[]])
逻辑公式逻辑公式 OBDDOBDD
OBDD 运算OBDD 运算
M |= M |= OBDD(I) OBDD([[]])OBDD(I) OBDD([[]])
Binary Decision Diagram (BDD)
BDD = <N,E,n0,L>
Labeling function: L: N -> L
Root
Edges: E: N -> N2
Nodes
L ={a,…,c}
a
bc
10
Terminal Nodes: {0, 1} N
10
Intuitive Meaning
[[w]] = (a [[x]]) (a [[y]])
a
yx
w
[[.]]: the meaning function
Terminal node: [[0]] = 0Terminal node: [[1]] = 1
Models
Subset of L-L
A model represents a state in a discrete system.
M is a model of a BDD, if the BDD can be simplified to 1,according to given simplification rules.
Examples of Models
[a, b, c], [a, b, c], [a, b, c], [a, b, c][a, b, c], [a, b, c], [a, b, c], [a, b, c]
a
bc
10 01
Example 1 of Simplification
[a, b, c], [a, b, c], [a, b, c], [a, b, c][a, b, c], [a, b, c], [a, b, c], [a, b, c]
a
bc
10 01
a
b0
01
a
10
0
c
b
a
Example 2 of Simplification
[a, b, c], [a, b, c], [a, b, c], [a, b, c][a, b, c], [a, b, c], [a, b, c], [a, b, c]
a
bc
10 01
a
b1
01
a
11
1
c
b
a
Ordered Binary Decision Diagram (OBDD)
Given an order of variables (x1<x2<…)
A BDD is ordered if every path of the BDD is labeled in accordance with the variable order
Reduced Ordered Binary Decision Diagram (ROBDD)
Shared substructures
No nodes have its left and right sub-trees point to the same substructures
Operations of ROBDD
AABABABx.A
Propositional Formulas and OBDD
Propositional Formula F OBDD(F) ROBDD(F)
Kripke Structure and OBDD
Given M=<S,R,I,L> and AP = { p1,p2,…,pk }
S propositional formulaR propositional formulaI propositional formula[[p1]] propositional formula…, [[pk]] propositional formula
Symbolic Model Checking
Set operations are performed by corresponding ROBDD operations
ex(..) .. \ .... .... ..
[[]] : Manipulation of OBDD
CTL Symbolic Model Checking
Kripke 结构Kripke 结构
OBDD([[]])OBDD([[]])
逻辑公式逻辑公式 OBDDOBDD
OBDD 运算OBDD 运算
M |= M |= OBDD(I) OBDD([[]])OBDD(I) OBDD([[]])
Variable Ordering
Questions?