model-checking | 易学教程

how to make a non-initialised variable in Spin?

阅读更多关于 how to make a non-initialised variable in Spin?

问题 It seems that Promela initialises each variable (by default, to 0, or to the value that is given in the declaration). How can I declare a variable that is initialised by an unknown value? The documentation suggests if :: p = 0 :: p = 1 fi but I don't think that it works: Spin still verifies this claim bit p init { if :: p = 0 :: p = 1 fi } ltl { ! p } (and falsifies p ) So what exactly is the semantics of init ? There still is some "pre-initial" state? How can I work around this - and not

Using (U)ntil operator in SPIN ltl formula

阅读更多关于 Using (U)ntil operator in SPIN ltl formula

问题 I am trying to understand how to correctly use the Until operator in an ltl formula. I found this definition (below) to be clear: U ntil A U B: true if there exists i such that: B is true in [s i , s i+1 , s i+2 , … ] for all j such that 0 ≤ j < i, formula A is true in [s j , s j+1 , s j+2 , … ] meaning: B is true at time i for times between 0 and i-1, formula A is true still using the formalization of "true at time i" Sample code with example ltl formula: mtype = {Regular, Reverse, Quit}

Can Coq be used (easily) as a model checker?

阅读更多关于 Can Coq be used (easily) as a model checker?

问题 As the title says, can Coq be used as a model checker? Can I mix model checking with Coq proving? Is this usual? Google talks about a "µ-calculus", does anyone have experience with this or something similar? Is it advised to use Coq in this way, or should I look for another tool? 回答1: A proof assistant like Coq will verify that your proof is sound and that any theorems you propose can (or cannot) be derived using axioms and previously proven results. It will also provide you with support in

Can Coq be used (easily) as a model checker?

阅读更多关于 Can Coq be used (easily) as a model checker?

As the title says, can Coq be used as a model checker? Can I mix model checking with Coq proving? Is this usual? Google talks about a "µ-calculus", does anyone have experience with this or something similar? Is it advised to use Coq in this way, or should I look for another tool? A proof assistant like Coq will verify that your proof is sound and that any theorems you propose can (or cannot) be derived using axioms and previously proven results. It will also provide you with support in proposing proof steps to reduce the effort you have to make to discharging the proofs. A model checker, in

How to compare two LTLs?

阅读更多关于 How to compare two LTLs?

问题 How can I compare two LTLs to see if one can contradict each other? I ask this because I have a hierarchical state machine and LTLs describing the behavior in each state. I need to know if a local LTL can contradict a global LTL. I saw in the Article 'Feature Specification and Automated Conflict Detection' that two LTLs properties f and g are inconsistent iff L(f) intersection L(g) is empty. And this is exactly the model checking question with f as the program and ¬g as the property. Can

Running NuSMV on OSX

阅读更多关于 Running NuSMV on OSX

问题 I have installed NuSMV using the readme provided, however when I try to use the NuSMV command, I get the following message: -bash: NuSMV: command not found There isn't much information on the internet about this, so I'd appreciate any help 回答1: Going to my home directory, and creating a new bash profile and appending the bin directory with the NuSMV executable made it work just fine. 来源： https://stackoverflow.com/questions/36662953/running-nusmv-on-osx

How to transform LTL into Automato in Promela - SPIN?

阅读更多关于 How to transform LTL into Automato in Promela - SPIN?

How can I transform LTL into Automata in PROMELA? I know that with the command SPIN -f "ltl x" it is possible transform the LTL into a never claim, but I want the automata of the LTL and not the negation one. It is correct If I negate the LTL before to generate the never claim. Can anyone help me? Patrick Trentin Spin generates the Promela code equivalent to the Buchi Automaton which matches the LTL formula , and envelops it into a never block. From the docs : NAME never - declaration of a temporal claim. SYNTAX never { sequence } DESCRIPTION A never claim can be used to define system behavior

implement symbolic execution without model-checking

阅读更多关于 implement symbolic execution without model-checking

How can I implement symbolic execution for particular language without using model checking and Finite State Machine (FSM) for example not such as Java Path Finder ? I need a detail about it. for example by what language I can implement this symbolic execution and what other things I need to know? You need: A parser for the language to be symbolically executed that can build ASTs Name resolution (and associated symbol tables), so when your execution engine encounters an identifier it can determine the associated type and value Control flow analysis, so that the symbolic execution engine can