Stack Overflow
Stack Overflow

Questions tagged [model-checking]

Model checking refers to the following problem: Given a model of a system, test automatically whether this model meets a given specification.

Model checking refers to the following problem: Given a model of a system, test automatically whether this model meets a given specification.

Typically, the systems one has in mind are hardware or software systems, and the specification contains safety requirements such as the absence of deadlocks and similar critical states that can cause the system to crash. Model checking is a technique for automatically verifying correctness properties of finite-state systems.

An important class of model checking methods have been developed for checking models of hardware and software designs where the specification is given by a temporal logic formula.

240 questions
4
votes
1 answer

Dubious use of 'else' combined with i/o, saw ';' near 'if'

Following is the code causing this. if :: ((fromProc[0] == MSG_SLEEP) && nempty(proc2clk[0])) -> proc2clk[0] ? fromProc[0]; // Woke up :: (!(fromProc[0] == MSG_SLEEP) && !(fromProc[0] == MSG_FIN)) -> …
MetallicPriest
  • 29,191
  • 52
  • 200
  • 356
4
votes
1 answer

LTL model checking using Spin and Promela syntax

I'm trying to reproduce ALGOL 60 code written by Dijkstra in the paper titled "Cooperating sequential processes", the code is the first attempt to solve the mutex problem, here is the syntax: begin integer turn; turn:= 1; parbegin …
ymg
  • 1,500
  • 2
  • 22
  • 39
4
votes
1 answer

Disseminating a token in Alloy

I'm following an example in Daniel Jackson's excellent book (Software Abstractions), specifically the example in which he has a token-ring setup in order to elect a leader. I'm attempting to extend this example (Ring election) to ensure that the…
erik
  • 3,810
  • 6
  • 32
  • 63
3
votes
1 answer

All possible Knight moving on a chessboard in promela

Is it possible to bypass a chessboard of size N × N with a knight from the initial position (I, J), having visited each square only once? #define A[] = True; A[I,J] = false; active proctype method(){ bit I=4; bit J=3; bit K=1; bit N=8; do ::I>2 &&…
Bekzhan
  • 175
  • 1
  • 12
3
votes
1 answer

Promela channel "??" removal order

Can anyone explain to me the order of what happens in the following? if :: a_channel??5 -> // do A :: value_1 == value_2 -> // do B fi; So basically how I understand it is that for the statement to be executable, 5 needs to be in the channel. I…
Rajdeep
  • 2,246
  • 6
  • 24
  • 51
3
votes
1 answer

Is there a Python package that can do temporal logic model-checking for finite state machines?

I want to be able to model a system as a finite state machine and test the properties of the model against temporal logic specifications. I am aware of StateFlow's model-checking capabilities, but if possible I would prefer to use Python because it…
KPM
  • 331
  • 1
  • 13
3
votes
0 answers

Restricted boolean formulas for avoiding NP-completeness

I have boolean formulas A and B and want to check if "A -> B" (A implies B) is true in polynomial time. For fully general formulas A and B, this is NP-complete because ""A -> B" is true" is the same as "not (A -> B)" is not satisfiable. My goal is…
Artificial Mind
  • 945
  • 6
  • 19
3
votes
3 answers

What is difference between "assert in C" and "assert in model checking like CBMC"?

In Model checkers like CBMC(bounded model checker for C), the user-defined assert statement takes a Boolean condition, and the model checker checks whether the condition is true or false for all possible execution of the program. In C programming,…
sepideha
  • 1,669
  • 1
  • 11
  • 14
3
votes
1 answer

Can I say that a state space is a formal specification of some system's behaviour?

Given a system, and its complete state space, can I say that that state space is a formal specification of that system's behaviour?
Pétur Ingi Egilsson
  • 4,368
  • 5
  • 44
  • 72
3
votes
1 answer

Can't verify with CBMC in Ubuntu c++ programs - compiler type_traits.h template specialization with wrong number of arguments

I am trying to use the CBMC Bounded Model Checker in Ubuntu for both C and C++ programs. I have downloaded gcc (4.9 v) and g++ (4.9 v) compilers and I installed the CBMC through terminal. I am able to verify C programs and no problems arise using…
Marialena
  • 817
  • 8
  • 31
3
votes
1 answer

Spin: error, the version of spin that generated this pan.c assumed a different wordsize (4 iso 8)

I am using Windows O.S and in Cygwin i type: wish -f ispin.tcl to open the ispin interface. I open a file test.pml which contains: byte state = 2; proctype A() { (state == 1) -> state = 3 } proctype B() { state = state - 1 } init { run A();…
Marialena
  • 817
  • 8
  • 31
3
votes
2 answers

How to check LTL satisfiability using NuSMV?

I'm trying to use NuSMV as a satisfiability checker for LTL formulae, i.e. I want to know if there exist a model for a given formula. I know that NuSMV can be used for this purpose as well, both because it is theoretically possible and because I see…
gigabytes
  • 3,104
  • 19
  • 35
3
votes
1 answer

Better way to express “exactly once” in CBMC

I'm trying really hard to come up with a better solution to state an “exactly once” property in CBMC (C bounded model checker). I mean exactly one element position in a row should have the value 1 (or any positive number that can be checked as the…
user2754673
  • 439
  • 3
  • 13
3
votes
1 answer

What is the size of an LTL formula?

What is generally meant by the size of an LTL formula, |p|, in terms of complexity? Number of atomic propositions, depth or something else? Thanks in advance!!
jackfrost9p
  • 243
  • 3
  • 10
3
votes
2 answers

How to interpret SPIN error output?

I am trying to model check a simple Promela Model for the following LTL property: ltl { M[0] U M[1] } And I'm getting an error, guided simulation on the error trail yields the following output: ltl ltl_0: (M[0]) U (M[1]) spin: couldn't find claim 2…
user1101674
  • 1,341
  • 2
  • 12
  • 15
1
2
3
15 16