Вы находитесь на странице: 1из 30

. .

-
-
2010

681.3.06
32.973.26-018.2
26
26

. .

MODEL HECKING.
. .: -, 2010. 560 .:
. + CD-ROM
ISBN 978-5-9775-0404-1

model checking
. ,
, model checking CTL LTL,
, , , , , model checking .
- :
Spin,
.
,

681.3.06
32.973.26-018.2

:

.
.

02429 24.07.00. 01.10.09.


701001/16. . . . . 45,15.
1000 .
"-", 190005, -, ., 29.
-
77.99.60.953..005770.05.09 26.05.2009 .
.

" ""
199034, -, 9 , 12

ISBN 978-5-9775-0404-1

. ., 2009
, "-", 2009

........................................................................................................... 5
................................................................................................................... 8
- ...................................................................................... 10
.................................................................................................................... 10

1. ..................................................................... 13
1.1. .................................................................. 13
1.2. ................................................................................ 18
1.3. . (model checking) ........................... 24
1.4. ..................................................................................... 30
1.5. ................................................................. 33
1.6. ........................................................................................ 35
1.7. .................................................................................................................. 36
1.8. .................................................................................................................... 37
1.9. 1 ........................................................................................................... 38

2. ....................................................................... 41
2.1. , .......................................... 41
2.2. . Tense Logic .......................................................... 45
2.3. (LTL) ..................................................... 51
2.4. (reactive systems) .................................................................. 58
2.5. LTL ................................................................................... 62
2.6. LTL ...................................................................... 64
2.7. LTL .................................................................... 66
2.8. ....................................................................................................... 68
2.9. CTL* ............................ 73
2.10. LTL CTL .................................................................................... 80
2.11. ............................................................................. 82
2.12. Model checking ........................................................................................................... 82

IV

2.13. ................................................................................................................ 83
2.14. .................................................................................................................. 84
2.15. 2 ......................................................................................................... 85

3. model checking CTL .................................................. 91


3.1. CTL .................................................... 91
3.2. TL ................................................................. 92
3.3. CTL....................................................................................... 96
3.4. CTL ......................................... 98
3.5. CTL .................................................................................................................. 99
3.6. model checking CTL .......................................................................... 103
3.7. model checking ..................................................... 111
3.8. ................................................................................................................ 113
3.9. .................................................................................................................. 113
3.10. 3 ....................................................................................................... 114

4. model checking LTL................................................. 117


4.1. LTL- ........................................ 118
.............................................................................................. 119
............................................................................................... 120
4.2. ............................................... 123
............................................................... 123
.................................. 125
4.3. - LTL- .............. 128
4.4. - ................................................. 130
- ............................................................ 131
................. 134
4.5. .............................................................................. 135
4.6. LTL- ............................................................................. 141
4.7. ...................................................................... 144
4.8. LTL .......................................................................... 146
4.9. LTL ......................................................... 147
LTL ................................................. 148
LTL .......................................................... 150
..................................... 155
............................................... 157
LTL......................................................... 157
4.10. .............................................................................................................. 164
4.11. ................................................................................................................ 166
4.12. 4 ....................................................................................................... 167

5. .............. 171
5.1. . ......... 171
5.2. , .............. 175

5.3. ,
.................................................................. 177
5.4.
.................................................................................................... 186
5.5. ............................... 189
5.6. . Spin .................. 197
5.7. .......................... 204
5.8. ................................................................................................................ 206
5.9. .................................................................................................................. 207
5.10. 5 ....................................................................................................... 209

6.
....................................................................................... 215
6.1. .......................................... 216
- .................................................................. 216
LTL ................................... 218
LTL .............. 219
LTL ................ 219
CTL ................................... 219
6.2. (reachability) ..................................................................... 221
6.3. (safety) ................................................................................ 222
6.4. (liveness) ..................................................................................... 227
6.5. (fairness) ......................................................................... 229
6.6. CTL ........................................................ 233
6.7. CTL (fair CTL)................................................................................... 237
6.8. ................................................................................................................ 244
6.9. .................................................................................................................. 244
6.10. 6 ....................................................................................................... 245

7. .................................................................... 247
7.1. W.C.Lynch .................................................................. 247
7.2. PAR ........................................................................................................... 250
7.3. .............................................................................. 253
7.4. ................................................................................................................ 255
7.5. .................................................................................................................. 256
7.6. 7 ......................................................................................................... 257

8. model checking ........................................ 259


8.1. - ......................................................................................... 259
8.2. model checking .......................................................... 262
8.3. model checking............................................................. 267
8.4. ....................................................... 279
8.5. ................................................................................................................ 290
8.6. .................................................................................................................. 291
8.7. 8 ......................................................................................................... 292

VI

9. ................................................. 295
9.1. ..................................................... 296
9.2. ............................................................................ 301
9.3. .............................................................. 308
9.4. BDD ................................................................................................... 312
9.5. (SAT) .... 328
9.6. BDD ..................... 330
9.7. BDD .................................. 340
9.8. BDD ....................................................................... 345
c
...................................................................................................... 347
.................................................................................... 349
9.9. ......................................... 355
: ....................... 356
9.10. ...................................... 358
9.11. .............................................................................................................. 363
9.12. ................................................................................................................ 364
9.13. 9 ....................................................................................................... 366

10. ............................................................ 367


10.1. ......................................... 368
10.2. ................................... 370
10.3.
......... 372
10.4. ........... 375
10.5. model checking CTL................................................... 380
10.6. ............................................... 385
10.7. .............................................................. 390
................................................................................................................... 392
10.8. EF ..................................... 395
10.9. CTL
................................................................................................................ 403
10.10. ............................................................................................................ 410
10.11. .............................................................................................................. 411
10.12. 10 ................................................................................................... 411

11. ................................................... 415


11.1. model checking ................................................................... 416
11.2. (Probabilistic CTL, PCTL)
................................................................ 427
11.3. ,
....................................................................................................................... 432
11.4. , PCTL ............................................................... 437
11.5. .............................................................................................................. 440
11.6. ................................................................................................................ 441
11.7. 11 ..................................................................................................... 442

VII

12. ........................................................ 445


12.1. . ........ 446
12.2. : ...................................... 453
12.3.
................................................................................................... 457
12.4. ............................................... 462
12.5. ............................. 465
12.6. : ......................................................................... 468
12.7. .................................................................... 472
12.8. ....................................... 476
12.9. : CTL .......................................................... 482
12.10. (Timed CTL).............. 489
TCTL.............................................................................. 491
TCTL .............................................................................. 494
12.11. : TCTL-
CTL- ....................................................................................... 496
12.12. model checking TCTL ................................. 506
12.13. ..................................... 507
................................................................................................ 507
.......................................................................................................... 508
....................................................................................................... 510
12.14. .................................................................................................... 511
............................................................. 511
........................................................................................... 515
............................ 515
...................................................................................... 515
............................................................................. 516
..................................... 521
(Difference Bound Matrix, DBM) ...................... 522
(Difference Decision Diagram, DDD) .... 524
12.15. .................................... 525
Uppaal .................................................................................................................... 525
Kronos .................................................................................................................... 526
12.16. ............................................................................................................ 527
12.17. .............................................................................................................. 529
12.18. 12 ................................................................................................... 530

......................................................................................................... 533
.......................................................................................... 535
...................................................................................................... 535
......................................................................................... 544
................................................................................................. 545

.................................................................................... 547

VIII

,
. , .
, " ". , , , .
Model checking ,

.
, ,
, ,
.
"" .
. . , . , ,
, ,
.
. .
, ,

,
""

. :
 :

, model checking
.
 : -


.
, , , E. M. Clarke, O. Grumberg, D. Peled. Model
checking // MIT Press, 1999. P : . . , . ,
. . : Model Checking // ., 2002.
 , , model

checking .
. .

, - ,
,


21 2008 () -, , 2007 . "
Model checking (- " ") , ".
Model checking ,
. ,
.
,
. , , ,
, , .

. 1966 . . 2007 ., , ,
,
, " ". ACM
: " , ,
, ".
. ,

, - , ,
. model checking
,
, .
. ,
model checking, . , "" - .
, .
. ,
, ,
. model checking .
, ,
,
, , "" , . , "
" (push button)
, , ,
.
.
" ": ,
, .
.
-, , "".
, model
checking, .

, ,
40 .
, . , ,
. "
,
", NASA. , , .
.
-, . , , "" , ,
.
,
. ,
.
, , - . "
,

;
,
,
", NASA.
, model checking, . , ,
.
, , ,
,
"push button".
:

, .
,
, .
.
,
, .
- - . .
,
. , , .
, - . . , ""
,
, , . 2007 ., . ,

.
, .
, ,
.
, .


- .

.
1 .
. , ,
. model checking .
, .
: ,
. .
2 LTL, CTL CTL*
.
3 4 ,
CTL
LTL.
5 .
6 : , .
7 .
8
, , .

. ,
" ", 9 10. 9
(Binary Decision Diagrams, BDD),

, . ,
, 10 , ,
10100 .

10

11 .
, , :
" , 0.99, 6 ".
, 12 .
. -,
. -, Promela Spin .
.

-
, , :
 Spin -

;
 , -

Promela, Spin ;
 -

.
, , , .

, ,
. , . . [34],
model
checking. , , .

model checking [19] .

11

,
, , . ,
(Marta Kwiatkowska) , ,
, (Joost-Pieter Katoen) , (Kim
Guldstrand Larsen), (Paul Pettersson), (Pierre
Wolper) .
- 10 . ,
, , , .
.
. . , .

12


.
,
, .
, , ,
(model checking).

1.1.

. , .
.
. , Microsoft Windows 3.1, 1992 ., 3 , Microsoft Windows 98
18 , RedHat Linux 6.2 (2000 .) 20 , RedHat
Linux 7.1 (2001) 30 , Microsoft Windows XP (2002) 40
.

.

, , . . ,
Windows 95, Microsoft, -

14

. ,
.
.
, , .
, ,
,
, . , " ,
,
" [94]. , -, , .
, " ", , , .
. "
, ", 25 [121].
, .
.
. ,
, .
,
, . ,
, - .
, , ,

, .
.
 4 1996 . 39- -

" 5". " 5" "",


. " 5" , " 4",

15

.
, . .
(
7 )
, ,
.
2 .
 25 2004 .


"" . 15 2005 . . ,
. 2,5 .
 28 2008 . : "NASA

"". ,
"", - . "" ". 420 .
 1994 . Intel Pentium

:
.
, ,
"" . .
 2007 . AMD Phenom

(Barcelona) Opteron, , 65- ,


- . .
 26 2009 . Bloomberg : " -

UBS -
3 (31 )
Capcom. , 30
(310 000 ), -
".

16


. , 2002 .
59,6 [52]. ,
(time-to-market),
- .
, .
 1982 . Atomic Energy of Canada Ltd.

Therac-25,
.
. " ",
, : ,
, 2 . .
, , .
 20 1995 . "-757" (,

) 159 . ,
. ,
Honeywell Air Transport Systems Jeppesen
Sanderson of Englewood . 300 .
 2008 . : " -

- .
, , , , ,
".
 23 2003 . "Patriot" -

"Tornado"
. . 2 2003 .
"Patriot" F-16, . .
 11 2008 ., : " -

, " ", -

17

, .
".
" "
(friendly fire). 24 % 1- - . : " " XXI , ,
.
PC Week 28.04.2008 ., : " ": "
"Talon", M249 .
"" ,
".
 2 1988 . "-1",
, . .
,
, , "-1" .
"-2". . , "-1" "-2".
,
- ,
.
, , , , ,
.
, ,
.
, ,
. . , , .

18

1.2.
.
, "" 50. , .
[136] "" : " ". ,
.
, , ,
. , .
, ,
. .
1.1
. A
SoftTech , .
X A , 0, 1 SoftTech
3000 .
, . , 15 . 2 15 .
,
:
1:: X := X A + 3000

2::X A := X A + 15

,
3015 , .

19

, 15 ,
, , .
: , . , -,
. X A := X A + C , :
1. .
2. .
3. .
1 ,
, 2 , X A C1 + C2 , . .
. , , ,

. ,

. : , , , .
, , ,
"" , , , . , ,
. .
1.2
[165].
, Small
Large. Small S,
Large L. Small Large ,
1 Small Large c2 Large Small
, S ,
L .

20

. 1.1.

Small S
Large c1, Large L, 2:
Small::
begin
mx:=max(S); 1!mx; S:=S-{max(S)};
2?x; S:=S{x}; mx:=max(S);
*[mx>x
// , mx>x
1!mx; S:=S-{max(S)};
2?x; S:=S{x}; mx:=max(S);
]
end

Large Small S, 2,
L Small c1:
Large::
begin
c1?y; L:=L{y}; mn:=min(L);
c2!mn; L:=L-{mn}; mn:=min(L);
*[mn<y

// , mn<y

c1?y; L:=L{y}; mn:=min(L);


c2!mn; L:=L-{mn}; mn:=min(L)
]
end

1 2 (, ),
, .

21

: , , , S
L. S L : , . :
.
,
.
1.3
W..Lynch [105].
, , " ". (. . )
.
: .
: ack, nack err.
, ack nack .
, , .
,
, err
.
:
"
ack,
, nack,
.

, ,
".
SDL . 1.2, .
: msg
(
). , "nack"
,