Table of Contents
CSE584: Software Engineering�Lecture 7 (May 13, 1997)
Lecture 7, Outline [approximate minutes]
Today’s two questions
Short answers
Verification vs. falsification
Model checking
The plan
State Transition Graph
Example
A computation tree
Temporal formulae
Mutual exclusion example
Model checking
How does it work? (in brief)
Example
Example
Examples in hardware
ABP state graph
ABP formulae
Limitations
Symbolic model checking
Binary decision diagrams (BDDs)
BDD-based model checking
BDD-based successes in HW
Software model checking
Why might model checking fail?
Our approach at UW—try it!
TCAS
TCAS specification
TCAS—high-level structure
Using SMV
Iterative process
Use of non-determinism
Translating RSML to SMV
State encoding
Synchrony hypothesis
Transitions
Non-deterministic transitions
Checking properties
Property checking
Disclaimer
Deterministic transitions
PPT Slide
Tradeoffs
Function consistency
PPT Slide
Display_Model_Goal
Output agreement
Output agreement check
Limitations
Where may formulae come from?
Where may formulae come from?
More criteria
What about infinite state specs?
A middle ground
Nitpick
Paragraph style mechanisms
Adding formats
Explicit vs. symbolic
Iteration
|
Acrobat
Author: CSE
Email: notkin@cs.washington.edu
Home Page: http://www.cs.washington.edu/homes/notkin
|