Stack Overflow
Stack Overflow

Questions tagged [model-checking]

Model checking refers to the following problem: Given a model of a system, test automatically whether this model meets a given specification.

Model checking refers to the following problem: Given a model of a system, test automatically whether this model meets a given specification.

Typically, the systems one has in mind are hardware or software systems, and the specification contains safety requirements such as the absence of deadlocks and similar critical states that can cause the system to crash. Model checking is a technique for automatically verifying correctness properties of finite-state systems.

An important class of model checking methods have been developed for checking models of hardware and software designs where the specification is given by a temporal logic formula.

240 questions
3
votes
1 answer

Kripke structure

What is a (pseudocode) algorithm for checking invariant over Kripke structures, such that in case the invariant is violated, the counterexample returned by the algorithm is of minimal length?
Rinad Rama
  • 61
  • 1
  • 9
3
votes
1 answer

Modeling random failures in a connected graph in Alloy

Is it possible to model random failures in Alloy? For instance, I currently have a connected graph that is passing data at various time steps to its neighbors. What I am trying to do is figure out some method for allowing the model to randomly kill…
erik
  • 3,810
  • 6
  • 32
  • 63
3
votes
1 answer

Modeling a completely connected graph in Alloy

I'm trying to get my feet wet with Alloy (also relatively new-ish to formal logic as well), and I'm trying to start with a completely connected graph of nodes. sig Node { adj : set Node } fact { adj = ~adj -- symmetrical no iden & adj …
erik
  • 3,810
  • 6
  • 32
  • 63
2
votes
1 answer

How to get the current value of a clock in UPPAAL and store it in an integer variable?

Could anyone tell me how to get the current value of the clock variable and store in an integer variable. I've tried k=t(where k is the integer and t is the clock), but it throws an "incompatible type error". I also tried k=(int)t, but it throws an…
hektor
  • 1,017
  • 3
  • 14
  • 28
2
votes
2 answers

How to sum more than two numbers in Alloy Analyzer?

I am trying to sum all the numbers in a set in Alloy. For instance, in the signature abc, I want the value to be the sum of a.value + b.value + c.value, which is 4+1+3=8. However, if I use "+", it gives me the union set and not the sum. PS. I know…
Griselle Z
  • 127
  • 1
  • 9
2
votes
1 answer

Autodesk Forge tutorials for Model Check App

Hi everyone I've started to learn about Autodesk Forge and I'm a beginner in coding. I've been able to put together the Model 3D Viewer following this tutorial: https://www.youtube.com/watch?v=8FMwgJcRHz8 My current tusk is: to build a WebApp on…
Anton
  • 21
  • 2
2
votes
1 answer

Model Checking: why does LTL logic "<>" not produce correct counter-example in Spin

Update There are two problems in my previous attempt. By fixing them I successfully get the expected answer. The LTL specified using the -f option from command line will be negated. Instead, I use the inline LTL by adding ltl { <> p} into the…
Licheng Guo
  • 31
  • 4
2
votes
1 answer

Model Checking : Bad Prefixes using NFA

We use NFA to model BadPrefixes for the safety property.I want to understand for a given Safety property , how to model the NFA. The following images are for reference. For instance, for safety property P2 ,Can someone explain how to know how…
Gopala Krishna
  • 117
  • 1
  • 12
2
votes
1 answer

Logical evaluation of "When A and B ... "

Given a statement "When the CM is idle and receives update request from the WCP, it will set ....". Some context: there can only be one type of msg in the channel i.e. it will only contain update requests from wcp. I can think of 2 possible…
Rajdeep
  • 2,246
  • 6
  • 24
  • 51
2
votes
1 answer

Why an infinite loop doesn't result in an error in model checking with Promela and Spin?

If I write the following code in Promela and run it in Spin in verifier mode it ends with 0 errors. It does report that toogle and init had unreached states, but those seem to be only warnings. byte x = 0; byte y = 0; active proctype toggle() { …
tgonzalez89
  • 621
  • 1
  • 6
  • 26
2
votes
1 answer

Can Kripke structures have guards?

I have a simple kripke structure, where I have 3 states, with the following transitions: s1 --> s2 s2 --> s1 s1 --> s3 s3 --> s3 s1 is the only initial state. I do not want the loop s1 to s2 be repeated more than a certain amount (say twice). In…
User 19826
  • 509
  • 2
  • 5
  • 13
2
votes
1 answer

Smt2-lib: why do I get a difference in behavior between `declare-const + assert` and `define-fun`?

I have a z3 model written in the smt2-lib format. I noticed that when I use: (declare-const flat1 (Seq Dummy)) (assert (= flat1 (unroll dummyFormula1))) The model is sat, while when I use: (define-fun flat1 () (Seq Dummy) (unroll…
meditans
  • 586
  • 3
  • 11
2
votes
0 answers

How to identify deadlock conditions in the model containing infinite domain variable?

"check_fsm" command is used in nuxmv shell for checking deadlock conditions in model containing finite domain variables. But in case of models containing infinite domain variables like integers with no range or real variable the model can't be built…
vishudh
  • 21
  • 1
2
votes
1 answer

How to interpret the differnce in results of check_property & msat_check_ltlspec_bmc counterexamples

I created a generic SMV program and checked a pair of LTL properties using both check_property and msat_check_ltlspec_bmc. One property is found to be true with both commands. The other property, instead, gives a counter-example of 14 states with…
Ranjana N
  • 59
  • 5
2
votes
1 answer

PROMELA: What are interleavings?

Lets say we have this piece of code: int x = 3; int y = 5; int z = 0; active proctype P(){ if :: x > y -> z = x :: else -> z = y fi } active proctype Q(){ x++ } active proctype R(){ y = y - x } I don't understand what…
jdoe
  • 65
  • 4
1 2
3
15 16