[1] Boier, Katoen: Principles of model checking. MIT Press (chapters 1-3,5, and 6)
[2] Clarke, Grunberg, Poled: Midel checking. MIT Press this motes were based on

We'll upload the material at https://clegra.github.io/mc.html

## INTRODUCTION

Sw is nowaday ubiquitous => Sw correctness is valueble

elways relative

correct systems for information processing

are more valuable than gold. (H. Barendregt, 'The quest for correctness', in Images of SMC Research 1996

therac-25 > 6 deaths between 1985-1987 -Sw bys = loss of lives Therec. 25 > 6 deaths between 1985-1987

-Sw bys = loss of lives Examples Arisame -5 exploded 365 after launch

Beggsge bandling system @ Denver zirport (\$ 1.1.10 x day x 9 months) Pertium bug \$ 445 -106

https://emwww.github.io/home/swbadness.html

It concrete actefacts are checked + "simple" - peztial (when should we stop?) · Simulation / testing

Deductive reasoning | + Infinte state systems | - hard' to time consuming | - interactive

Borrowed from [1]

Establishes if the system under construction / sushysis Design Process propertiesthe system either Aver something mot expected - 7 it has not do something expected product or Verification no bugs found

Exercise. Consider the 3 python functions implenting Exemple 1.1 in [1]:

det inc (): while loop : if ac & bound: det dec (): while loop: if n70: old reset ():
while lost:
if x == bound:

Take the property

4 = "counter never stops"

Does y hold if initially x == 0, loop == True, bound == 200 & inc. dec, and reset above execute concurrently?

leop = 2>0

We'll focus on Moder CHECKING, but let's dissect bugs first Empirical evidence shows that across do not distribute evenly. in space (bugs Tend to concentrate in few modules)

· in time (bugs are introduced unevenly in different phases of sw devel.)

The sooner buys are found, the better.

model-based verification ref. P. Liggesmeyer a

P. Liggesmeyer and M. Rothfelder and M. Rettelbach and T. Ackermann. Qualitätssicherung Software-basierter technischer Systeme. Informatik Spektrum, 21(5):249–258, 1998.



## Quoting [1] ,

"In software and hardware design of complex systems, more time and effort are spent on verification than on construction. Techniques are sought to reduce and ease the verification efforts while increasing their coverage.

Formal methods offer a large potential to obtain an early integration of verification in the design process, to provide more effective verification techniques, and to reduce the verification time."



## Glancing at temporal logics

Note Temp-rol logics stem from phylosophy: model logics to zerson about Time in natural language!

- · Designed to predicate on concurrent events
  · events on ordered in time

. but time is not explicit

= thread a writes 2

modelity II o

eg [(7(e x 6)) = it will never happen that events @ end @ occur "at

the same time". = throlb

Schemstically Cf Fig 1.4 [1]



Exercise. Consider the following python implementation of trample 1.1 in [1]:

det inc ():

while loop:

if x < bound:

x -= 1

old reset (): while loop:

How does the (temporal) property

Alweys 0 < x < 200

relate To p in the Exercise on page 1

What we're going to see

· Modelling (concurrent) systems · Temporal properties · Fairness conditions

. Temporal logics: LTL, CTL, CTL+

· Partiel M.C. Ry recent

What we've not looking at

. Partial order reductions

· y-calculus

. Abstraction techniques

. Quentitetive/performance analysis

. Timed models

research