Model Checking - II

Virendra Singh Associate Professor

Computer Architecture and Dependable Systems Lab. Dept. of Electrical Engineering Indian Institute of Technology

Bombay http://www.ee.iitb.ac.in/~viren

viren@ee.iitb.ac.in

EE 709: Testing & Verification of VLSI Circuits

Lecture – 25 (Mar 01, 2012)

2

The Model Checking Problem

The Model Checking Problem (CE81):

Let M be a Kripke structure (i.e., state-transition graph).

Let f be a formula of temporal logic (i.e., the specification).

Find all states s of M such that M, s |= f

Preprocessor Model Checker

Kripke Structure M

Formula f True or Counterexample

Mar 01, 2012 EE-709@IITB

Temporal logic model checking

Traffic Light Controller

Design

“It is never possible to

have a green light for both

N-S and E-W.”

Model

Checker

True

False + Counterexample

FSM

rep.

Property

in some

TL e.g.

CTL, LTL

Mar 01, 2012 EE-709@IITB 3

a

b

D Q

c

n p

o

S3 S2

S1

0/0

1/1

0/0 1/0

0/0

1/1

Finite State Machine (FSM)

• I: input alphabet

• S: finite, non-empty set of states

• : S I S, next-state function

• S0 S : set of initial (reset) states

• O: output alphabet

• : S I O , output function

S3 S2

S1

0/0

1/1

0/0 1/0

0/0

1/1

S1

S2

S3

x = 0 x = 1

S1,0 S2,1

S1,0

S3,0

S2,0

S1,1

State Transition Table

State Transition Graph Mealy FSM: I, S, , S0, O, )

INPUTS OUTPUTS

LATCHES

Next

States Present

states

CombL

ogic

Mar 01, 2012 EE-709@IITB 4

3 Step Process Formal Specification

Precise statement and property

Environment constraint

Logic: Temporal logic

Automata, Labeled transition system

Models Flexible model generation to specify design

Fairness

Transition system

Formal Verification

Checking that model satisfy the property

Mar 01, 2012 EE-709@IITB 5

Semantic of Finite State System

Semantic associated with behaviour

Branching Time Semantics

The tree of states obtained by unwinding the state machine transition graph

Possible choices are explicitly represented

Linear Time Semantics

The set of all possible runs of the system

The set of infinite paths in SM

Mar 01, 2012 EE-709@IITB 6

7

Computation Tree Logics

P,q

r q,r

p,q r r

r q,r r r

P,q

r q,r

Mar 01, 2012 EE-709@IITB

Mar 01, 2012 EE-709@IITB 8

Formal Specification

Describe unambiguously and precisely the expected behaviour of the design

In general, a list of properties

Includes, environmental constraints

Mar 01, 2012 EE-709@IITB 9

Classification of Properties • Safety Property

(un) desirable things always (never) happen

• A bus arbiter never grants the requests to two masters

• Message received is message sent

• Liveness (Progress) Property

desirable state eventually reached

• Every bus request is eventually granted

• A car at a traffic light is eventually allowed to pass

• Fairness Property

Desirable state repeatedly reached

• A request state and a grant state for each client must be visited infinitely often

10

Example: traffic light controller

• Guarantee no collisions

• Guarantee eventual service

E

S

N

Mar 01, 2012 EE-709@IITB 10

Mar 01, 2012 EE-709@IITB 11

Property Specification

Properties for traffic light controller

• P1 = (s1 w1) + (s2 w2)

• Sequence R, G, Y, R, G, Y, ……

Thank you

Mar 01, 2012 EE-709@IITB 12