Model checking

The Model Checking designates a family of techniques of automatic checking of the dynamic systems (often of origin Informatique where electronic). It is a question of checking algorithmiquement if a given model, the system itself or an abstraction of the system, satisfied a Spécification, often formulated in terms of temporal Logique.

One can distinguish 2 aspects from the model checking :

• It can act to show that certain classes of property, or a certain logic, is décidable, or that its decision belongs to some class of complexity.
• It can act to seek effective algorithms on interesting cases in practice, to implement them, and to apply them to real problems.

Formal operation

Test of vacuity of automat

A way of proceeding consists in expressing the system to be checked and the property to be tested in the form of Automate S.

The first stage of the Model Checking consists in expressing the model considered by means of a graph directed, formed of nodes and transitions. Each node represents a state of the system, each transition represents a possible evolution of the system of a state given towards another state. In parallel, the system is described by a whole of atomic logical proposals (e.g. i=2 , processor 3 is on standby ,…). Each state of the directed graph is label by the whole of the true atomic proposals at this point of execution. Such a graph is called Structure of Kripke.

The second phase of the Model Checking consists in expressing the negation of the formula of temporal logic which we wish to test. The negation of this formula itself is thus transcribed in the form of a structure of Kripke, able to recognize exactly the whole of the executions satisfying the negation of the formula given. For example, one will be able to transcribe a formula LTL in a Automate of Büchi not-determinist (or, sometimes, in a Automate of Rabin).

The third and last stage consist in carrying out the synchronous Cartesian product of the two structures of Kripke obtained previously. If the language recognized by the product is empty (for a property of accessibility, but more generally for a property of acceptance bringing into play the promptness and the equity), then the system satisfies the formula of logic. If not, any sequence belonging to the language of the product constitutes a counterexample with the specification.

To explicitly enumerate all the states of the automat can be expensive, this is why one generally proceeds by methods symbolic systems, introduced by Ken McMillan and ED Clarke.

Methods symbolic systems

An approach, widespread for the checking of properties expressed in temporal Logical arborescent CTL, is founded on the representations of the states and the transitions from the system by units. Many methods of representation of units of states were born. Most known the diagrams of binary decision uses (BDD).

The operation of a model-checker symbolic system consists of obtaining fixed points to determine the accessible states as those which satisfy one or more properties. These fixed points are calculated using two transformers of predicates associated with crossing with the transitions: The first (Post) determines, for a whole of states given, the whole of the states successors while the second (Pre) is the reciprocal operation of the first. These techniques are often more effective for the systems presenting a strong degree of competition but utilize too heavy mechanisms for sequential systems.

Resolution SAT, SMT

Lastly, instead of considering the whole of the traces of execution of the system, one can limit oneself to finished traces, limited length. The existence of a trace checking a certain property is equivalent to the satisfiability of a certain logical formula. For example, if $I$ identifies the initial states of the system, $F$ the states of which one wants to test accessibility, and $T$ is a relation of transition, then one will consider $\backslash \; exists\; x\_1,\; \backslash \; dowries,\; x\_n~\; I\; (x\_1)\; \backslash \; wedge\; T\; (x\_1,\; x\_2)\; \backslash \; wedge\; \backslash \; dowries\; \backslash \; wedge\; T\; (x\_\; \{n-1\},\; x\_n)\; \backslash \; wedge\; F\; (x\_n)$.

If the states of the system are given by N - uplets the Boolean ones, then one is reduced to the problem of satisfiability of a propositional formula (Problème SAT). There exist various software, named SAT solvers , which can effectively decide “in practice” problem SAT. Moreover, this software provides usually an example of valuation satisfying the formula in the event of success. Some can produce elements of a proof of nonsatisfiability in the event of failure.

A recent evolution is the addition, in addition to Boolean variables, integer or real variables. The atomic formulas are not then only any more the Boolean variables, but of the atomic predicates on these integer or real variables, or more generally of the predicates taken in a theory. One then speaks about satisfiability modulo a theory . (For example, one will be able to regard as atomic predicates the linear equalities and inequalities.) An approach consists in replacing the atomic predicates by additional Boolean variables, and solving the system via SAT. If there is no valuation checking the Boolean formula, the original formula was not either satisfiable. If there exists a valuation, it should be checked that this one is coherent compared to the theory. For example, if one replaced by Boolean a $b\_1$ and $x\; >\; 6$ by Boolean a $b\_2$, the valuation $b\_1=b\_2=vrai$ is soft compared to the theory of the linear inequalities. In practice, it will thus be necessary to know to decide indeed the satisfiability of a conjunction of atomic predicates.

Model checkers

• Alloy
• CWB
• Csml, Mcb
• Smv http://www-2.cs.cmu.edu/~modelcheck/smv.html
• LoTREC
• Spot http://spot.lip6.fr
• APMC http://apmc.berbiqui.org

References

• '' competitor Automatic checking off finite state systems using temporal logic '', E.M. Clarke, E.A. Emerson, and A.P. Sistla, ACM Trans. one Programming Languages and Systems, 8 (2), pp. 244– 263, 1986.
• Symbolic Model Checking , Kenneth L. McMillan, Kluwer, ISBN 0792393805, also online
• Model Checking , Edmund Mr. Clarke, Jr., Decorated Grumberg and Doron A. Peled, MIT Close, 1999, ISBN 0262032708
• Logic in Computer Science: Modelling and Reasoning Butt Systems , Michael Huth and Ryan Mark, Cambridge University Close, 2004. DOI

Random links:

Paul Jamot | Ann Putnam | Manisa | Championship of Morocco of football 1961-62 | Rađevo Selo | Coefficient

© 2007-2008 speedlook.com; article text available under the terms of GFDL, from fr.wikipedia.org