## IA169: Model Checking

Seminar 2

**Exercise 1** A two-bit counter is a system with two atomic propositions  $(b_1, b_0)$  that represent two bits of a single binary number. The initial state of the system is  $\neg b_1$ ,  $\neg b_0$  and its computation proceeds like this

- 1.  $\neg b_0, \neg b_1$  (*i.e.* 00)
- 2.  $\neg b_0, b_1 (i.e. 01)$
- 3.  $b_0, \neg b_1$  (*i.e.* 10)
- 4. *b*<sub>0</sub>, *b*<sub>1</sub> (*i.e.* 11)
- 5.  $\neg b_0, \neg b_1$  (*i.e.* 00)
- 6. ...

Model the system in the SMV language and use NUXMV to simulate it. Then come up with some true and some false properties of the system and

use NUXMV to check them.

**Exercise 2** Recall the aquarium with Alice and Bob from the previous seminar. Model the system in the SMV language and use NUXMV to check the given LTL properties.

**Exercise 3** *Recall the mutual exclusion protocol from the lecture:* 

cobegin  $P_0 \parallel P_1$  coend

 $P_1:: l_1: while true do$   $NC_1: wait (turn = 1);$   $CR_1: turn := 0$ end while

and its state space diagram



Model the system in the SMV language and use NUXMV to check the LTL properties:

- $G\neg(CR_0 \wedge CR_1)$
- $GF(turn = 0) \land GF(turn = 1)$

**Exercise 4** Add reasonable fairness constraints to the previous system and check the LTL properties again.