#### Formal Verification of Real-time Systems

#### Tomohiro Yoneda

#### National Institute of Informatics Tokyo Institute of Technology

### Personal History

#### Ph.D thesis

- 1985, Tokyo Institute of Technology
- Adviser: Prof. Tohma
- 3 Papers in FTCS
  - FTCS-15, 16, 19
- Current interests
  - Formal verification of real-time systems
  - Synthesis tools for Asynchronous circuits
  - Main Conferences: ASYNC, CAV

#### What are verified and how?

#### What?

- Time dependent systems
  - Circuits composed of gates with bounded delays
  - Protocols for real-time control
- How?
  - Conformance Checking
    - I mpl. and Spec. are expressed by the same model
    - State space exploration checking correspondence
  - Contribution

• Extension to real-time models, improvement in performance, development of a tool

# Approach

- Formal model used
  - Time Petri nets
- Improvement in performance
  - Partial order reduction technique
  - Hierarchical verification technique































# Verification method (3)

#### Advantages

- More intuitive than temporal logics
  - It is not easy to express complicated properties or expected behavior using temporal logics
- Several methods for performance improvement
  - Partial order reduction
  - Hierarchical verification
- Drawbacks
  - Spec. must be deterministic
  - A little less expressive





# Partial Order Reduction (1)

Full state space exploration



State space exploration based on Partial Order Reduction

2006/2/15-19

IFIP WG 10.4



### Partial Order Reduction (3)

Basic idea

 Only one interleaving is considered, if possible





2006/2/15-19

*t*2

tl



2006/2/15-19







#### Experimental results (1)

#### Total order vs Partial order

| flat verification |                 |         |            |         |  |  |  |
|-------------------|-----------------|---------|------------|---------|--|--|--|
| no. of            | CPU time (sec.) |         | Memory(MB) |         |  |  |  |
| stage             | total           | partial | total      | partial |  |  |  |
| 7                 | 1057.93         | 0.20    | 144.98     | 0.91    |  |  |  |
| 8                 | 2014.90         | 0.29    | 323.43     | 1.04    |  |  |  |
| 9                 | 3650.61         | 0.35    | 604.72     | 1.27    |  |  |  |
| 10                | 4860.52         | 0.43    | 863.09     | 1.56    |  |  |  |
| 11                | -               | 1.14    | -          | 3.19    |  |  |  |

#### Flat vs Hierarchical

|        | partial order method |              |            |              |  |  |  |  |
|--------|----------------------|--------------|------------|--------------|--|--|--|--|
| no. of | CPU time (sec.)      |              | Memory(MB) |              |  |  |  |  |
| stage  | flat                 | hierarchical | flat       | hierarchical |  |  |  |  |
| 12     | 9.13                 | 1.68         | 24.38      | 7.18         |  |  |  |  |
| 13     | 12.10                | 2.04         | 31.26      | 8.97         |  |  |  |  |
| 14     | 25.36                | 3.28         | 58.19      | 15.65        |  |  |  |  |
| 15     | 60.59                | 4.98         | 125.33     | 22.41        |  |  |  |  |
| 16     | -                    | 62.04        | -          | 300.94       |  |  |  |  |

### Experimental results (2)





2006/2/15-19

Spec. of ICACHE

IFIP WG 10.4

# Experimental results (2)







# Experimental results (2)

| Verification of ICACHE |                |              |              |              |  |  |  |  |
|------------------------|----------------|--------------|--------------|--------------|--|--|--|--|
| Mathad                 | CPU tim        | e (sec.)     | Memory(MB)   |              |  |  |  |  |
| wethod                 | non-op.        | op.          | non-op.      | op.          |  |  |  |  |
| flat<br>Hierarchical   | 12.50<br>10.81 | 5.98<br>5.30 | 8.15<br>4.69 | 3.98<br>2.99 |  |  |  |  |

2006/2/15-19

### Experimental results (3)

Distributed algorithm to initiate an air-conditioner network





No. of places: 354 No. of transitions: 569 No. of generated states: 361530 Verification time: 18 min.

## Conclusion

- Formal verification of time dependent systems
- Approach
  - Timed extension of Conformance Checking
- Formal model
  - Time Petri nets
- Improvement
  - Partial Order Reduction
  - Hierarchical verification