quantitative verification arindam chakrabarti * krishnendu chatterjee * thomas a. henzinger * orna...

Quantitative Verification

Arindam Chakrabarti*

Krishnendu Chatterjee*

Thomas A. Henzinger*

Orna Kupferman**

Rupak Majumdar***

*UC Berkeley **Hebrew University ***UC Los Angeles

14 May 2004 4th OSQ Retreat, Santa Cruz, CA

2

Outline

• What is the proposal ?• What benefits do we get out of it ?• Nailing down some details…• Some interesting results.• Summary


3

Formal Verification: Traditional approach

• Model: Labelled transition structure.

• Property: Classification of finite and/or infinite sequences of states into good and bad sets.

• Model-checking: Verification that all sequences of states generated by model are in good set.


4

Traditional approach: Models

{a}

{c}{b,c}

{a,b}

{a}


5


{a}

{c}{b,c}

{a,b}

{a}

Each proposition maps each state to TRUE or FALSE.


6


{a}

{c}{b,c}

{a,b}

{a}

Each proposition maps each state to TRUE or FALSE.

Proposition: a


7


{a}

{c}{b,c}

{a,b}

{a}

Each proposition maps each state to a boolean.

Proposition: b


8

Extension 1: Quantitative Propositions, Models

1,3,4

0,2,5

34,23,1

8,4,9

3,2,4

Propositions: <a,b,c>

Each proposition maps each state to an integer.


9

Traditional approach: Properties

A(a U c)

{a}

{c}{b,c}

{a,b}

{a}


10

Traditional approach: Properties

A(a U c)

{a}

{c}{b,c}

{a,b}

{a}

A property maps each path to TRUE or FALSE.


11

Extension 2: Quantitative Properties

1,3,4

0,2,5

34,23,1

8,4,9

3,2,4

max(sum(a)) while (sum(b) < 100)


12



1,3,4

0,2,5

34,23,1

8,4,9

3,2,4

112


13



1,3,4

0,2,5

34,23,1

8,4,9

3,2,4

115


14



1,3,4

0,2,5

34,23,1

8,4,9

3,2,4

188

A property maps each path to an integer.


15

Traditional approach: Model-checking problem

{a}

{c}{b,c}

{a,b}

{a}A(a U c)

Check if any path in model violates the property (is mapped to FALSE).


16

Extension 3: Quantitative Model-checking problem

1,3,4

0,2,5

34,23,1

8,4,9

3,2,4

188


Find the maximum (or minimum) value of the property on any path in the model.


17

Outline



18

Motor driver in a robot

0

stop slow fast

1 2

fast?

slow?stop?

slow?

fast?

stop?

stop? slow?

fast?


19

Sensornet node with buffer of size 3

0

receive send

1

send?

receive?

2

send?

receive?

3

send?

receive?


20

Outline



21

Specifying properties using quantitative automata

• Property: maps each sequence of states to an integer.

• Quantitative automaton: States, input symbols, counters, guarded instructions on transitions, nondeterminism.

• Value of a run is given by limsup of values of a designated counter R0.


22

A Quantitative AutomatonR1 := R1 + aR2 := R2 - bif R1 = R2 then R0 := c

R1 := R1 + aR2 := R2 + bif R1 = R2 then R0 := c

Maps each infinite sequence = hai,bi,cii… to limsup ci such that ai = (-1)i ¢ bi


23

Outline



24

Some interesting results

• Infinite det- and nondet- hierarchies.• Power of non-determinism.• Undecidability of model-checking.• Absence of finite-memory determinacy.• Parametric-bounds, decidability,

complexity.• Parameter-finding cannot be automated.• Quantitative -calculus, correlations.


25

Some interesting results

• Infinite det- and nondet- hierarchies.• Power of non-determinism.• Undecidability of model-checking.• Absence of finite-memory determinacy.• Parametric-bounds, decidability,

complexity.• Parameter-finding cannot be automated.• Quantitative -calculus, correlations.


26

Examples

• Response time• Fair maximum• Resoure lifetime


27

Summary

• Quantitative extension to boolean verification framework.

• Motivation for doing so.• Extended definitions for

propositions, properties, and the model-checking problem.

• Some results (+ problems, solutions), examples.


28

Thanks for listening !

Questions, Comments, Suggestions ?

quantitative verification arindam chakrabarti * krishnendu chatterjee * thomas a. henzinger * orna...

Documents

osq retreat

santa cruz

b slide

summary slide

traditional approach

properties aa u c

quantitative model

aa u c check