Download presentation

Presentation is loading. Please wait.

Published byCason Harston Modified over 2 years ago

1
Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999

2
Formal verification o Formal verification means using methods of mathematical argument to determine correctness of systems. o Can be applied to hardware, software and other kinds of systems. o Bugs are expensive when discovered in a finished product. Idea: use FV to discover bugs during the design phase.

3
Model checkers o Model checkers are among the most widely used FV tools. o Human inspection is not effective: uCurrently designed systems are too large uConcurrency, race conditions uBig verifications done by paper and pencil are hard to re-construct and re-check o Model checkers are good at doing massive (but often simple) case analyses.

4
The BIG picture Model checker model description property NO + counterexample YES

5
Spin o Developed in Bell Labs, starting in 1980. o Designed for verification of distributed systems. o Model descriptions need to be given in PROMELA (PROcess MEta LAnguage). o Properties are described in LTL (Linear Temporal Logic).

6
PROMELA overview o A PROMELA program describes a set of concurrent processes. o Execution is asynchronous (each time only one process does a step), except in special cases (rendezvous message passing). o Processes can die or be created dynamically. o Processes can communicate through global variables and channels (message passing).

7
PROMELA example proctype Pr1 (){ do :: x==0 ->y=1; :: x==1 ->y=0; od; } proctype Pr2 (){ do :: y==0 ->x=1; :: y==1 ->x=0; od; } init { x=0; y=0; run Pr1(); run Pr2(); } X=1 y=0 X=0 y=0 X=0 y=1 Each Promela program generates a unique state transition system. Promela “instructions” correspond to state transitions. :: y==0 ->x=1;

8
PROMELA special features o Nondeterministic choice:if :: g1 -> s1;:: (x>3) -> x--; :: g2 -> s2;:: true -> y=1;...:: y -> x=x+y; fifi; At each step, execute one of the statements whose guard evaluates to true.

9
PROMELA special features o Nondeterministic loop:do :: g1 -> s1;:: (x>3) -> x--; :: g2 -> s2;:: true -> y=1;...:: y -> x=x+y; odod; Repeat, choosing nondeterministically at each step.

10
PROMELA special features o Channel communication: chanc = [2] of {bit}; chandin = [0] of {byte}; chandout = [1] of {byte}; Send a message m on channel c: c!m Receive a message from channel c: c?x din?v -> dout!(v+v); c?1 -> x++; dout!v -> skip;

11
Other PROMELA features Labels and goto statement Types: bit, bool, byte, short, int o User-defined types o... More about PROMELA on the course webpage.

12
LTL overview o Expresses properties dependent on time (temporal) o LTL formulas are evaluated on sequences of states (linear) o Standard predicate logic + temporal operators: [] = always <> = eventually

13
LTL in practice x is always strictly greater than y: [](x>y) Eventually x becomes equal to 1: <>(x==1) o Eventually x becomes equal to 1 and never changes afterwards: <>[](x==1) o If at any moment x becomes negative, y will become negative at some later moment: []((x <>(y<0))

14
LTL, formal definitions F ::= p (a state predicate, like (x>0) or (x!=y)) | F1 && F2 | F1 || F2 | !F | []F | <>F Given a sequence of states s = s(0), s(1), s(2),... s(i) satisfies []F if for every j>=i, s(j) satisfies F. s(i) satisfies <>F if for some j>=i, s(j) satisfies F. s(i) satisfies []F if for every j>=i, s(j) satisfies F. s(i) satisfies <>F if for some j>=i, s(j) satisfies F. The whole sequence s satisfies F if s(0) satisfies F.

15
LTL examples p!pp p... <>(!p) []p []<>p <>[]p + - + - p,!q!p,qp,!q!p,qp,!q!p,q... [](p||q) []<>q <>(p&&q) (<>p)&&(<>q) + + - +

16
LTL verification in Spin o Given a PROMELA program and an LTL formula, Spin checks whether all possible computation paths satisfy the formula. int a,b,d;init { bit ready=0;a=100; proctype Euclid (int x,y){b=1;do ::(x>y) -> x=x-y:: (b b++ ::(y>x) -> y=y-x:: true -> goto enough :: (x==y)-> goto doneod; od;enough: run Euclid(a,b)} done: ready=1; d=x } LTL: <>(ready && (a%d==0))

Similar presentations

OK

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Best ppt on earth day for kids Maths ppt on circles class 10 Ppt on nutrition in human beings Ppt on tata trucks price Ppt on pi in maths what is the product Ppt on wind energy pdf Mp ppt online counselling 2012 Ppt on life in prehistoric times Ppt on if clauses in english grammar Ppt on modes of transport in india