verifying parameterized networks clarke, grumberg, jha
DESCRIPTION
Verifying parameterized Networks Clarke, Grumberg, Jha. Presented by Adi Sosnovich , April 2012. Outline. Introduction Verification of parameterized systems Definitions Labeled transition system Network grammars Specification language Abstract LTS Verification Method - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/1.jpg)
Verifying parameterized Networks Clarke, Grumberg, Jha
Presented by Adi Sosnovich , April 2012
![Page 2: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/2.jpg)
Outline Introduction
Verification of parameterized systems Definitions
Labeled transition system Network grammars
Specification language Abstract LTS Verification Method Synchronous model of computation Conclusion
![Page 3: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/3.jpg)
Verification of parameterized systems Given a temporal property and an infinite family
of distributed systems composed of similar processes, check for all the finite models from .
In general the problem is undecidable. [Apt, Kozen 86]
For specific families, the problem may be solvable. Various cases may depend on:
Communication topology of the family F Parallelism: synchronous, asynchronous Synchronization primitives Temporal properties: local , global
![Page 4: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/4.jpg)
Verification of parameterized systems Previous work:
Establishing a bisimulation relation between a 2-process token ring and an n-process token ring for any . Drawback: constructing manually the bisimulation
relation.
Finding network invariants: Constructing an invariant s.t : for all . Using traditional model-checking on the invariant
process. Drawbacks:
the invariant is explicitly provided by the user. Can handle only networks with one repetitive
component.
![Page 5: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/5.jpg)
Verification of parameterized systems Current work:
Works on context-free network grammars
The network is an infinite family of distributed systems composed of similar processes.
Trying to generate the invariant automatically based on the -grammar’s structure
The invariant simulates all processes in the language of the grammar. (all the finite models from the family).
![Page 6: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/6.jpg)
Outline Introduction
Verification of parameterized systems Definitions
Labeled transition system Network grammars
Specification language Abstract LTS Verification Method Synchronous model of computation Conclusion
![Page 7: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/7.jpg)
Labeled Transition System (LTS)
An LTS is a structure where:
- set of states
- set of initial states
– set of actions
– total transition relation
![Page 8: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/8.jpg)
Labeled Transition System (LTS) Example :
We define the process P by the following LTS:
nc
𝜏
cs
𝜏
send-token
get-token
![Page 9: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/9.jpg)
Labeled Transition System (LTS) Another example :
We define the process Q by the following LTS:
nc
𝜏
cs
𝜏
send-token
get-token
![Page 10: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/10.jpg)
Labeled Transition System (LTS)
Composition function:
Given 2 LTSs: and
has the form: R’ depends on the exact semantic of the composition
function
![Page 11: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/11.jpg)
Network grammars Network:
the set of all LTSs derived by a context-free network grammar
Network grammar: Defined over S (set of states) and ACT (set of
actions).
– set of terminals, each is an LTS, defined over S and ACT.
Also referred as basic processes. – set of nonterminals, each defines a network. – set of production rules of the form: – start symbol, represents the network generated by
G.
![Page 12: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/12.jpg)
Network grammars - example , , where
The grammar produces rings with one process Q and at least 2 processes P.
The network consists of LTSs that perform a simple mutual exclusion using a token ring algorithm.
![Page 13: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/13.jpg)
Network grammars - example
𝑆⟹𝑄∥ 𝐴⟹𝑄∥𝑃 ∥𝑃cs,nc,nc
𝜏
nc,cs,nc
𝜏
𝜏
𝜏
nc,nc,cs
𝜏
𝜏
Reachable states in LTS
has the form:
![Page 14: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/14.jpg)
Outline Introduction
Verification of parameterized systems Definitions
Labeled transition system Network grammars
Specification language Abstract LTS Verification Method Synchronous model of computation Conclusion
![Page 15: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/15.jpg)
Specification Language Goal: specify a network of LTSs composed of
any number of components (basic processes).
How to specify property of a global state of a system consisting of many components? Such a state is an n-tuple, for some n. Typical properties:
Some component is in state At least (at most) k components are in state (Some component in state ) (some component in state )
Such properties are conveniently expressed in terms of regular languages.
![Page 16: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/16.jpg)
Specification Language Global state:
The word instead of n-tuple . Property:
A regular language the property Having the property:
The state has the property iff .
Example Property: Specifies states in which exactly one process is in
its critical section.
![Page 17: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/17.jpg)
Specification Language Defining atomic state properties:
The regular language is specified by a deterministic automaton over :
is the set of words accepted by . A state of an LTS is a tuple from , for some .
Example:
q0
nc
q1 q2
nc nc,cs
cs cs
Automaton D with
![Page 18: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/18.jpg)
Specification Language Assume we have a network defined by a
grammar on the tuple . The specification language is , with finite
automata over as the atomic formula.
![Page 19: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/19.jpg)
Specification Language
![Page 20: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/20.jpg)
Specification Language Example:
nc
𝜏
cs
𝜏
send-token
get-token
cs,nc,nc
𝜏
nc,cs,nc
𝜏
𝜏
𝜏
nc,nc,cs
𝜏
𝜏
𝐿 (𝐷 )= {𝑛𝑐 }∗𝑐𝑠 {𝑛𝑐 }∗
𝑃
𝑄∥𝑃 ∥𝑃
![Page 21: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/21.jpg)
Specification Language Another Example:
expresses non-starvation for process Q.
Non-starvation is guaranteed only if some kind of fairness is assumed.
cs,nc,nc
𝜏
nc,cs,nc
𝜏
𝜏
𝜏
nc,nc,cs
𝜏
𝜏
𝐿 (𝐷 ′ )=𝑐𝑠 {𝑛𝑐 }∗
𝑄∥𝑃 ∥𝑃
![Page 22: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/22.jpg)
Outline Introduction
Verification of parameterized systems Definitions
Labeled transition system Network grammars
Specification language Abstract LTS Verification Method Synchronous model of computation Conclusion
![Page 23: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/23.jpg)
Abstract LTS Using abstraction in order to reduce the state
space required for the verification of networks.
Requirements:
There must be a simulation preorder an LTS is smaller by than the abstract LTS.
Composing 2 abstract states will result in an abstraction of their composition.
![Page 24: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/24.jpg)
State Equivalence Goal:
Given an , define equivalence relation over , s.t equivalence classes are the states of the abstract LTS .
Requirements:1.
equivalent states both satisfy/falsify atomic formula.
2.
preserving equivalence under composition.
![Page 25: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/25.jpg)
State Equivalence First try:
Satisfies 1st requirement Doesn’t satisfy 2nd requirement
Example for a composition in which equivalence is not preserved: The LTS:
![Page 26: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/26.jpg)
Explaining the example
because and
because and
because
We need a refined equivalence relation that will be preserved under composition.
![Page 27: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/27.jpg)
State Equivalence Refining the equivalence relation
Definition:
Given an automaton and a word , the function induced by on , is:
![Page 28: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/28.jpg)
Example
D=
To find , we need to find for each .
q0
nc
q1 q2
nc nc,cs
cs cs
![Page 29: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/29.jpg)
Example
Finding :
q0
nc
q1 q2
nc nc,cs
cs cs
![Page 30: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/30.jpg)
Example
Finding :
q0
nc
q1 q2
nc nc,cs
cs cs
![Page 31: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/31.jpg)
Example
Finding :
=
q0
nc
q1 q2
nc nc,cs
cs cs
![Page 32: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/32.jpg)
Example
Finding :
q0
nc
q1 q2
nc nc,cs
cs cs
![Page 33: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/33.jpg)
Example
Finding :
q0
nc
q1 q2
nc nc,cs
cs cs
![Page 34: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/34.jpg)
Example
Finding :
=
q0
nc
q1 q2
nc nc,cs
cs cs
![Page 35: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/35.jpg)
Example
Finding :
q0
nc
q1 q2
nc nc,cs
cs cs
![Page 36: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/36.jpg)
Example
Finding :
q0
nc
q1 q2
nc nc,cs
cs cs
![Page 37: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/37.jpg)
Example
Finding :
=
q0
nc
q1 q2
nc nc,cs
cs cs
![Page 38: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/38.jpg)
Example
D=
Conclusion:
q0
nc
q1 q2
nc nc,cs
cs cs
![Page 39: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/39.jpg)
State Equivalence Refining the equivalence relation
Defining equivalence
is the abstraction of s , and is denoted by .
![Page 40: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/40.jpg)
State Equivalence The new equivalence relation satisfies both
requirements. Proof:
1.
2.
Comment: We extend to abstract states s.t ,
in order to interpret specifications on abstract LTSs.
![Page 41: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/41.jpg)
State Equivalence Example:
Considering the automaton over , induces functions for every :
There are only 3 different functions, each identifying an equivalence class over .
q0
nc
q1 q2
nc nc,cs
cs cs
![Page 42: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/42.jpg)
Abstract States - set of functions corresponding to the
deterministic automaton . – the set of states of . In the worst case: In practice, the size is much smaller.
In the previous example:
In practice:
![Page 43: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/43.jpg)
Extension to any set of atomic formulas
Where
The abstraction of :
iff for all :
States that are mapped to the same abstract states agree on all atomic properties.
![Page 44: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/44.jpg)
Abstract LTS
Example:
cs,nc,nc
𝜏
nc,cs,nc
𝜏
𝜏
𝜏
nc,nc,cs
𝜏
𝜏 𝒇 𝟐
𝜏
h
𝑄∥𝑃 ∥𝑃 h (𝑄∥𝑃∥𝑃 )
![Page 45: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/45.jpg)
Simulation Definition: iff there is a simulation preorder that
satisfies:
1. there is s.t : .
Notation: If , we say that .
![Page 46: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/46.jpg)
Abstract LTS Lemma:
1. The simulation relation is:
2. Let be the simulation relation between .Define the relation as the following:
![Page 47: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/47.jpg)
Abstract LTS Theorem:
And there are some more cases to prove…
![Page 48: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/48.jpg)
Abstract LTS Conclusion:
Proof: there is s.t : : (theorem)
![Page 49: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/49.jpg)
Abstract LTS and Simulation Example:
cs,nc,nc
𝜏
nc,cs,nc
𝜏
𝜏
𝜏
nc,nc,cs
𝜏
𝜏 𝒇 𝟐
𝜏
h
𝑄∥𝑃 ∥𝑃 h (𝑄∥𝑃∥𝑃 )
![Page 50: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/50.jpg)
Abstract LTS and Simulation Another Example:
h
𝑃 h (𝑃)
nc
𝜏
cs
𝜏
send-token
get-token 𝒇 𝟏
𝜏
𝒇 𝟐
𝜏
send-token
get-token
![Page 51: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/51.jpg)
Outline Introduction
Verification of parameterized systems Definitions
Labeled transition system Network grammars
Specification language Abstract LTS Verification Method Synchronous model of computation Conclusion
![Page 52: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/52.jpg)
Verification Method is a monotonic grammar is an formula with atomic formulas To check that every LTS derived by satisfies
we perform:1. For every symbol A in G, choose and construct
the abstract LTS with respect to the atomic formulas .
2. Check that the set of representatives satisfy the monotonicity property.
3. Perform MC on with as the specification.
![Page 53: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/53.jpg)
Monotonic Grammar Monotonic composition:
The composition is monotonic iff given LTSs , :
Monotonic grammar: A network grammar G is monotonic iff all rules in
the grammar use only monotonic composition operators.
![Page 54: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/54.jpg)
Representative Processes For a network grammar , we find for each
symbol A of the grammar a representative process .
Monotonicity property: Given a grammar and a set of representatives:
![Page 55: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/55.jpg)
Theorem Let be a monotonic grammar Suppose we can find representatives that
satisfy the monotonicity property. Let A be a symbol of Let be an LTS derived from A using the rules
of . Then:
![Page 56: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/56.jpg)
Proof We will prove that .
Since , we will get that . [transitivity of simulation relation].
Let . We will prove by induction on k.
(k=0) : is a terminal the result follows from the monotonicity property.
![Page 57: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/57.jpg)
Proof (k>0) : Let be the first rule in the derivation of a
from A .Assume: , , , By I.H : , .
We have the following equations:
Lemma 3.2.3
![Page 58: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/58.jpg)
Back to the verification method… is a monotonic grammar is an formula with atomic formulas To check that every LTS derived by satisfies
we perform:1. For every symbol A in G, choose and construct
the abstract LTS with respect to the atomic formulas .
2. Check that the set of representatives satisfy the monotonicity property.
3. Perform MC on with as the specification.
![Page 59: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/59.jpg)
Back to the verification method… Now we have proved that in step #3 , for
every derived by the grammar , . Thus, if is an formula and , we can conclude
that for all LTSs derived by : .
The next question: How to find representatives that satisfy the
monotonicity property?
![Page 60: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/60.jpg)
The Unfolding Heuristic Might be helpful in automatically finding
monotonic representatives. Basic ideas:
Initial representative of a symbol A will be the LTS derived by A using the minimum number of rules.
Often certain behaviors only occur when a process is composed with other processes (that provide the environment).
By unfolding the current set of representatives we will find a larger set of potential representatives, that might satisfy the monotonicity property.
![Page 61: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/61.jpg)
The Unfolding Heuristic Some notations: Association function for a grammar :
Assigns a set of processes to each symbol of This set will contain the potential representatives
of the symbol.
Given 2 sets of LTSs and we define as:
![Page 62: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/62.jpg)
The Unfolding Heuristic Finding the initial association
For a terminal A , .
![Page 63: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/63.jpg)
The Unfolding Heuristic Example : Finding the initial association - , where
0
1
2𝐴𝑆0 ( 𝐴 )=𝐴𝑆 (𝑃 )∥ 𝐴𝑆(𝑃 )𝐴𝑆0 (𝑆 )=𝐴𝑆 (𝑄 ) ∥ 𝐴𝑆( 𝐴)
![Page 64: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/64.jpg)
The Unfolding Heuristic Example : Finding the initial association - , where
![Page 65: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/65.jpg)
The Unfolding Heuristic The algorithm to find representatives:
The unfolding operator:
![Page 66: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/66.jpg)
The Unfolding Heuristic Example : Unfolding the current association-
![Page 67: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/67.jpg)
The Unfolding Heuristic Example:
The corresponding representatives didn’t satisfy the monotonicity property.
The process might have more abstract states than . We need to find a representative that “has more behaviors than ”.
![Page 68: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/68.jpg)
The Unfolding Heuristic After unfolding:
If we choose representatives as:
The process have more abstract states than
![Page 69: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/69.jpg)
The Unfolding Heuristic Observations:
Each iteration increases the set of processes associated with a nonterminal.
Unfolding results in processes that are a combination of a larger number of basic processes.
The procedure might not terminate. The user will have to put a limit on the number of iterations.
![Page 70: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/70.jpg)
The Unfolding Heuristic If we find representatives with the
monotonicity property s.t : , then we cannot conclude anything about the correctness of the network derived by G.
Counter example might aid the user in finding more refined representatives or we may want to apply the unfolding technique again.
![Page 71: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/71.jpg)
Outline Introduction
Verification of parameterized systems Definitions
Labeled transition system Network grammars
Specification language Abstract LTS Verification Method Synchronous model of computation Conclusion
![Page 72: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/72.jpg)
Synchronous model of computation Presenting a synchronous framework, that has
the properties required by the verification method.
LTSs represent Moore machines:
Transition: with , occurs only if the environment supplies inputs , and the machine produces the outputs .
![Page 73: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/73.jpg)
Synchronous model of computation Synchronous composition , :
and and and
![Page 74: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/74.jpg)
Synchronous model of computation Lemma:
The composition is monotonic w.r.t .
We should prove that:
![Page 75: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/75.jpg)
Synchronous model of computation Lemma:
The composition is monotonic w.r.t .
Proof – continued: We say that
We show that has the required properties.
1.
![Page 76: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/76.jpg)
Synchronous model of computation Lemma:
The composition is monotonic w.r.t .
Proof – continued:2.
3.
![Page 77: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/77.jpg)
Network Grammars for Synchronous Models
Each is associated with and .
In G we allow different composition operators for different production rules.
![Page 78: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/78.jpg)
Network Grammars for Synchronous Models Definitions: Renaming function :
When applied to A, it maps inputs to inputs and outputs to outputs s.t: .
Applying to an LTS results in an LTS with:, , , , and
Hiding function : For ,is a renaming function that maps each
element in act to .
![Page 79: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/79.jpg)
Network Grammars for Synchronous Models Definitions: Renaming function :
When applied to A, it maps inputs to inputs and outputs to outputs s.t: .
Applying to an LTS results in an LTS with:, , , , and
Hiding function : For ,is a renaming function that maps each
element in act to .
![Page 80: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/80.jpg)
Network Grammars for Synchronous Models Typical composition operator:
![Page 81: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/81.jpg)
Network Grammars for Synchronous Models Example
Describing more precisely the processes and the network grammar that constructs rings with any number of processes.
P and Q identical, except that now: , .
Derivation rules:
![Page 82: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/82.jpg)
Network Grammars for Synchronous Models
Applying this rule results in a network with one terminal Q and one nonterminal A, connected as a ring.
![Page 83: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/83.jpg)
Network Grammars for Synchronous Models is defined as:
![Page 84: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/84.jpg)
Outline Introduction
Verification of parameterized systems Definitions
Labeled transition system Network grammars
Specification language Abstract LTS Verification Method Synchronous model of computation Conclusion
![Page 85: Verifying parameterized Networks Clarke, Grumberg, Jha](https://reader036.vdocuments.site/reader036/viewer/2022062423/56814c58550346895db976e3/html5/thumbnails/85.jpg)
Conclusion Described the verification problem of
parameterized systems. Defined network grammars, LTSs , and
abstraction of LTSs. Specifying state properties using regular
languages. The method requires a monotonic grammar. To apply the method we must find
representatives that satisfy the monotonicity property Might be done automatically using the unfolding
heuristics. Presented synchronous model of computation
that has the required properties by the verification method.