模型验证器 verds
DESCRIPTION
模型验证器 VERDS. Wenhui Zhang 31 MAY 2011. 内容. 模型验证器 VERDS 模型 性质 VERDS 验证方法 模型检测 / 隐式状态 /TBD 模型检测 / 限界语义 /CTL 限界语义 /QBF. 模型. Keywords: VVM VAR INIT PROC FAIRNESS SPEC MODULE VAR INIT TRANS FAIRNESS SPEC. System level specification name of the system model (optional), - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/1.jpg)
模型验证器 VERDS
Wenhui Zhang31 MAY 2011
![Page 2: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/2.jpg)
内容
• 模型验证器 VERDS– 模型– 性质
• VERDS 验证方法– 模型检测 / 隐式状态 /TBD– 模型检测 / 限界语义 /CTL 限界语义 /QBF
![Page 3: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/3.jpg)
模型
• System level specification– name of the system model (optional), – global variables, – Initial values of the global variables, – processes ,– fairness constraints (optional), and– properties (optional).
• Module specification– name and the parameters of the module, – local variables,– initial values of the local variables, – transition rules, – Fairness constraints (optional), and – properties (optional).
Keywords:
VVMVARINIT PROCFAIRNESSSPEC
MODULEVARINIT TRANSFAIRNESSSPEC
![Page 4: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/4.jpg)
例子:互斥协议
![Page 5: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/5.jpg)
例子:互斥协议 迁移系统
VVM me005VAR x[0..1]:0..1; t:0..1;INIT x[0]=0; x[1]=0; t=0; PROC p0:p0m(x[],t,0); p1:p0m(x[],t,1);
SPECAG(!(p0.a=s2&p1.a=s2));AG((!p0.a=s1|AF(p0.a=s2|p1.a=s2))&
(!p1.a=s1|AF(p0.a=s2|p1.a=s2)));AG((!p0.a=s1|AF(p0.a=s2))&(!p1.a=s1|AF(p1.a=s2)));AG((!p0.a=s1|EF(p0.a=s2))&(!p1.a=s1|EF(p1.a=s2)));
![Page 6: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/6.jpg)
例子:互斥协议 模块
MODULE p0m(x[],t,i)VAR a: {s0,s1,s2,s3};INIT a=s0;TRANSa= s0: (x[1-i],t,a):=(1,1-i,s1);a=s1&(x[i]=0|t=i): (a):=(s2);a=s1&!(x[i]=0|t=i): (a):=(s1);a=s2: (x[1-i],a):=(0,s3);a=s2: (a):=(s2);a=s3: (x[1-i],t,a):=(1,1-i,s1);FAIRNESS running;
![Page 7: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/7.jpg)
性质描述语言Computation Tree Logic
pppqpqpq
AX pAF
p
AG pA
(p U q)A
(p R q)
EX pEF pEG p
E (p U q) E (p R q)
![Page 8: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/8.jpg)
例子:互斥协议 性质
AG(!(p0.a=s2&p1.a=s2))
AG((!p0.a=s1|AF(p0.a=s2|p1.a=s2))& (!p1.a=s1|AF(p0.a=s2|p1.a=s2)))
AG((!p0.a=s1|AF(p0.a=s2))&(!p1.a=s1|AF(p1.a=s2)))
AG((!p0.a=s1|EF(p0.a=s2))&(!p1.a=s1|EF(p1.a=s2)))
![Page 9: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/9.jpg)
VERDS 验证方法
• 模型检测– 隐式状态 /TBD– 限界语义 /CTL 限界语义 /QBF
![Page 10: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/10.jpg)
隐式状态
• Kripke 结构 M= (S,T,I,L)• 状态 状态集 公式 /BDD/TBD• 时序逻辑公式 状态集 [[]] 公式
F([[]])
• M |= 即 I [[]] 即 F(I)F([[]])
![Page 11: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/11.jpg)
时序逻辑公式 公式
s (v1,v2,…,vn)
p [[p]] F[[p]] p
![Page 12: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/12.jpg)
Fairness
Fair Constraints f1,…,fk
f [[f]] F[[f]] f
![Page 13: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/13.jpg)
公式 /TBD
![Page 14: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/14.jpg)
验证运行情况
![Page 15: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/15.jpg)
Verification Results
Property Conclusion
AG(!(p0.a=2&p1.a=2)) true
AG((!p0.a=1|AF(p0.a=2|p1.a=2))&(!p1.a=1|AF(p0.a=2|p1.a=2))) true
AG((!p0.a=1|AF(p0.a=2))&(!p1.a=1|AF(p1.a=2))) false
AG((!p0.a=1|EF(p0.a=2))&(!p1.a=1|EF(p1.a=2))) true
![Page 16: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/16.jpg)
Verification Results
Property Conclusion
AG(!(p0.a=2&p1.a=2)) true
AG((!p0.a=1|AF(p0.a=2|p1.a=2))&(!p1.a=1|AF(p0.a=2|p1.a=2))) true
AG((!p0.a=1|AF(p0.a=2))&(!p1.a=1|AF(p1.a=2))) with the additional fairness constraint (a!=s2) in the module p0m()
true
AG((!p0.a=1|EF(p0.a=2))&(!p1.a=1|EF(p1.a=2))) true
![Page 17: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/17.jpg)
限界语义
• Kripke 结构 M= (S,T,I,L)• 限界模型 Mk= (S, Phk,I,L)
• Mk,s|=b 则 M,s |=
• Mk,s |=b 则 M,s |= 即 M,s |=
![Page 18: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/18.jpg)
CTL 限界语义
M,s |= 当且仅当 存在 k 使得 Mk,s|=
![Page 19: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/19.jpg)
CTL 限界语义的 QBF 刻画
Mk,s|= 当且仅当 [[,v(s)]]k 成立
![Page 20: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/20.jpg)
CTL 限界语义模型检测
给定 Kripke 结构 M 和 CTL 公式。
0. k=0 ;1. 若 v.(I(v )[[,v]]k) 成立,则 M|= ;
2. 若 v.(I(v )[[,v]]k) 成立,则 M|= ;
3. k=k+1 ,返回到 1 。
![Page 21: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/21.jpg)
ACTL 限界语义的 SAT 刻画
![Page 22: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/22.jpg)
QBF/SAT-Solver
![Page 23: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/23.jpg)
验证运行情况
![Page 24: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/24.jpg)
Verification Results
Property (without Fairness) Conclusion
AG(!(p0.a=2&p1.a=2)) true
AG((!p0.a=1|AF(p0.a=2|p1.a=2))&(!p1.a=1|AF(p0.a=2|p1.a=2))) false
AG((!p0.a=1|AF(p0.a=2))&(!p1.a=1|AF(p1.a=2))) false
AG((!p0.a=1|EF(p0.a=2))&(!p1.a=1|EF(p1.a=2))) true
![Page 25: 模型验证器 VERDS](https://reader035.vdocuments.net/reader035/viewer/2022081415/56813c5d550346895da5dfb1/html5/thumbnails/25.jpg)
工具网页• http://lcs.ios.ac.cn/~zwh/verds/index.html• 工具和网页都尚在发展和完善中