Qualitätssicherung von Software (SWQS)

Transcription

1 Qualitätssicherung von Software (SWQS) Prof. Dr. Holger Schlingloff Humboldt-Universität zu Berlin und Fraunhofer FOKUS : Modellprüfung II - BDDs

2 Folie 2 Existenzgründer gesucht!

3 Folie 3 Fragen zur Wiederholung Unterschied Verifikation Validierung? Wie kann man Sudoku aussagenlogisch beschreiben? Wie ist die Komplexität des Erfüllbarkeitsproblems? Was versteht man unter Modellprüfung? Unterschied Sudoku Schiebepuzzle?

4 Binary Encoding of Domains Any variable on a finite domain D can be replaced by log(d) binary variables similar to encoding of data types by compilers e.g. var v: {0..15} can be replaced by var v1,v2,v3,v4: boolean (0=0000, 1= 0001, 2=0010, 3=0011,..., 15=1111) State space still in the order of original domain! e.g. three int8-variables can have 2 24 =10 8 states e.g. buffer of length 10 with 10-bit values states Representation of large sets of states? H. Schlingloff, Software-Qualitätssicherung Folie 4

5 Folie 5 Representation of Sets

6 Folie 6 Truth table and tree form formula Reduction: Replace Ite (v,ψ,ψ) by ψ

7 Folie 7 Abbreviations Introduce abbreviations maximally abbreviated for any given order of variables the maximal abbreviated form is uniquely determined!

8 Folie 8 Binary Decision Trees (BDTs) Binary decision tree Elimination of isomorphic subtrees (abbreviations)

9 Folie 9 Binary Decision Diagrams (BDDs) Elimination of redundant nodes (redundant subformulas) Ite (v,ψ,ψ) by ψ formula: ((V1 V2) V4)

10 Folie 10 Calculation of BDDs

11 Folie 11 Boolean operations on BDDs

12 Satisfiability This procedure can be applied for arbitrary boolean connectives (or, and, not) BDD( ) is the constant node p = (p ), (p q) = ( p q) etc. direct algorithms for, possible this amounts to set union, intersection, and complement with respect to the base set Formula φ is satisfiable iff BDD(φ) any path through the BDD to T defines a model H. Schlingloff, Software-Qualitätssicherung Folie 12

13 Binary Encoding of Relations A relation is a subset of the product of two sets Thus, a relation is nothing but a set Example: var v: {0..3}, w:{0..7}; var v0, v1, w0, w1, w2: boolean; divides -Relation: v divides w iff v=1, or v=2 and w even, or v=3 and w in {0,3,6} boolean formula: H. Schlingloff, Software-Qualitätssicherung Folie 13

14 Folie 14 The Influence of Variable Ordering

15 Boolean Quantification Substitution by constants is trivial Boolean quantification:! This works for arbitrary finite domains! H. Schlingloff, Software-Qualitätssicherung Folie 15

16 Bounded Model Checking State s is reachable from s 0 iff it is reachable in 0 steps: s=s 0, or it is reachable in 1 step: R(s 0,s), or it is reachable in 2 steps: s 1 (R(s 0,s 1 ) R(s 1,s)), or it is reachable in 3 steps: s 1 s 2 (R(s 0,s 1 ) R(s 1,s 2 ) R(s 2,s)), or..., or it is reachable in n steps, where n is the diameter of the model Idea: Check each of these formulas sequentially H. Schlingloff, Software-Qualitätssicherung Folie 16

17 Transitive Closure Each finite (transition) relation can be represented as a BDD The transitive closure of a relation R is defined recursively by Thus, transitive closure be calculated by an iteration on BDDs H. Schlingloff, Software-Qualitätssicherung Folie 17

18 Reachability State s is reachable iff s 0 R*s, where s 0 S 0 is an initial state and R is the transition relation Reachability is one of the most important properties in verification most safety properties can be reduced to it in a search algorithm, is the goal reachable? Can be arbitrarily hard for infinite state systems undecidable Can be efficiently calculated with BDDs H. Schlingloff, Software-Qualitätssicherung Folie 18