print · source · login   

Model Checking

Course ID
NWI-IMC046
Credits
6 ec

Instructors

Nils Jansen, Marielle Stoelinga, and Frits Vaandrager

When and where

Monday 13.45-15.30 in HG00.308 (assignments/exercises) and Thursday 15.45-17.30 in HG00.065 (lectures)

Pre-requisites

Some knowledge of automata theory; logic; probability theory; complexity theory.

Objectives

After successful completion of the course, participants are able to:

  • recognize situations and areas in which the application of model checking techniques for specification and analysis may be useful,
  • explain the basic theory and algorithms of model checking for finite state, real-time, and probabilistic automata,
  • model (critical parts of) realistic computer-based systems as networks of automata,
  • formalize desired properties of these systems in terms of automata or temporal logic,
  • understand problems and possibilities of application of model checking in areas such as machine learning and transportation, and
  • use state-of-the-art tools for their analysis.

Introduction

Our daily lives depend increasingly on computer systems, with examples ranging from personal computers to embedded systems in areas such as medicine, defense, or transportation. Therefore, the reliability of such systems becomes a crucial concern. However, with growing complexity, reliability can no longer be sufficiently controlled by traditional approaches such as testing and simulation. It becomes essential to build mathematical models of these systems, that are amenable to (algorithmic) verification methods that provide a rigorous analysis. In model checking, specifications about the system are expressed as (temporal) logic formulas, and efficient symbolic algorithms are used to traverse the model defined by the system and check if the specification holds or not. As model checking is fully automatic, requiring no complex knowledge of proof strategies or biases of simulation tools, it is the method of choice for industry-scale verification. In fact, most major hardware companies employ model checking and other verification methods, and companies like Facebook include software model checking in their development process.

Subjects

This course introduces several variants of model checking, in particular:

  • Explicit-state and symbolic algorithms for model checking linear-time (LTL) and branching-time (CTL) temporal logics for finite machines
  • Symbolic model checking using BDDs
  • Bisimulation abstraction techniques
  • Markov chains and Markov decision processes
  • Abstraction techniques for probabilistic model checking
  • Counterexamples for probabilistic model checking
  • Model checking in machine-learning applications
  • Model checking tools (NuSMV and PRISM)
  • Applications of model checking for analysis of distributed algorithms and for fault-tree analysis

Time investment

Participants are expected to invest 168h (=6ec) in this course. Altogether there will be 14 lectures and 14 problem sessions. Each week you will need 2 hours to attend a lecture, 2 hours two attend the problem sessions, and an additional 2 hours to study the lecture material and work on the weekly problems. For each of the two practical assignments you will need approximately (a bit less than) 4 days. This leaves you with 3 days to prepare and make the exam: 168 = 14*(2+2+2) + 2*30 + 24.

Examination

Grades will be awarded on the basis of an exam and two larger homework assignments. In computing the final score, the exam counts for 1/2 and each of the two assignments for 1/4. The grade for the exam must be at least 5. There is no 2nd chance for the homework assignments, but for the exam there will be a resit.

Literature

The course material consists of hand-outs, sheets, and recent papers from the literature. These will be made available electronically via the course webpage or distributed during the course. Most of the theory discussed in the course is presented in the textbook Principles of model checking / Christel Baier; Joost-Pieter Katoen. – Cambridge, Mass: MIT Press, 2008. This book is mandatory for the course. Please also be aware of the errata.

The following articles may be of interest:

  • The Coming Software Apocalypse, The Atlantic, 26 September 2017
  • A nice paper that places model checking in the larger perspective of software correctness is Mars Code by Gerard Holzmann, which describes how NASA developed reliable software for the Mars Curiosity Rover.
  • The risks forum of Peter Neumann publishes monthly overviews of interesting software bugs.
  • The paper Moving Fast with Software Verification discusses the utilization of verification techniques at Facebook.

Extra information

Depending on the interest of the students, requirements imposed by homework assignments, and recent scientific developments, the specific topics covered in this course may vary from year to year.