Presentation is loading. Please wait.

Presentation is loading. Please wait.

SPIN Verification System The Model Checker SPIN By Gerard J. Holzmann Comp 587 – 12/2/09 Eduardo Borjas – Omer Azmon ☐ ☐

Published byRandall Henderson Modified over 9 years ago

Similar presentations

Presentation on theme: "SPIN Verification System The Model Checker SPIN By Gerard J. Holzmann Comp 587 – 12/2/09 Eduardo Borjas – Omer Azmon ☐ ☐"— Presentation transcript:

1 SPIN Verification System The Model Checker SPIN By Gerard J. Holzmann Comp 587 – 12/2/09 Eduardo Borjas – Omer Azmon ☐ ☐

2 Overview ProblemSolutionApplicationsStructureExample Live Demo Conclusion Q & A ☐ ☐

3 Problem ☐ ☐

4 Problem: Today’s Problem With Design “Whether we like it or not, we often design software either by trial and error or by duplicating and modifying a piece of code that does something similar to what we want. This works fine for small applications, but fails miserably for large design projects or for critical code.” -Gerard J. Holzmann ☐ ☐

5 Problem: Circular Blocking ☐ ☐

6 Problem: Deadly Embrace Get B Get A Rel A Rel B Rel A Get A Get B *Rel = Release ☐ ☐

7 Problem: Design Flaws DeadlockLivelockStarvationOverspecification Unused code Underspecification Not all states are expected Assumptions about Speed Logic vs. real world 

8 Problem: Distributed Process Software Testing ComplexityScaleImpractical Equipment availability Regression testing Time Timing in asynchronous processes Testing all instances Criticality ☐ ☐

9 Solution ☐ ☐

10 Solution: SPIN “SPIN is an efficient verification system for models of distributed software systems” SPIN Focuses on Process Interactions Focus on Proving Correctness The act of proving the correctness of an algorithm using formal methods of mathematics ☐ ☐

11 Solution: SPIN SPIN Aims To Provide the Following: 1)An intuitive, program-like notation for specifying design choices unambiguously, without implementation detail. 2)A powerful, concise notation for expressing general correctness requirements. 3)A methodology for establishing the logical consistency of the design choices from 1) and the matching correctness requirements from 2). ☐ ☐

12 Solution: SPIN Other Facts SPIN Was Awarded the System Software Award by the ACM (2002) Other award winners include UNIX, TeX, Smalltalk, TCP/IP, and Tcl/Tk Tools Can Transfer Java or C Programs Into SPIN Models Used By NASA, Bell Labs, and Lucent Currently Taught at Caltech (CS 118, 119a-b, and 116) ☐ ☐

13 Applications ☐ ☐

14 Applications Traditional Theoretical Studies Empirical Studies (Search and Storage) Practical Flood Control (Computer Management Group) Mission Critical Software (NASA) Telephone Exchange (Bell Labs & Lucent) Packet Switching Railway Safety (Ansaldo and IRST) Client Server Applications ☐ ☐

15 Applications Practical Process Scheduling Leader Election Flow Control Multithreaded Programs ☐ ☐

16 Structure ☐ ☐

17 Structure: SPIN SPIN is Broken Into Two Parts: Design Specification (PROMELA) Correctness Claims (Linear Temporal Logic) SPIN = Simple Promela INterpreter Counter-Examples ☐ ☐

18 Structure: PROMELA Specification Language (Design) PROtocol MEta Language One or More User-Defined Process Templates proctype definition Each template defines the behavior of a process A running process can instantiate another process ☐ ☐

19 Structure: PROMELA active proctype main() { printf("hello world\n") } active proctype main() { printf("hello world\n") } ☐ ☐

20 Structure: Linear Temporal Logic LTL Is An Extension of Propositional and Predicate Logic to Temporal Claims SPIN Verification Relies on LTL to Make Claims About Models Just like Symbolic Logic, LTL Can Be Isomophically Converted Into Finite State Diagrams Using Büchi Formulae 

21 Structure: LTL Formulae (Frequently Used) FormulaPronouncedType/Template ☐p☐p always pinvariance ♢p♢p eventually pguarantee p  ♢ q p implies eventually qresponse p  q U rp implies q until rprecedence ☐♢p☐♢p always eventually precurrence (progress) ♢☐p♢☐p eventually always pstability (non-progress) ♢ p  ♢ q eventually p implies eventually qcorrelation 

22 Example 

23 Example: Peterson’s Mutual Exclusion (Critical Section) Algorithm SoSo S5S5 S1S1 flag me = 1 S2S2 turn= me flag other == 0 || turn == other S3S3 flag other != 0 && turn == me flag me = 0 S4S4 Critical Section 

24 Example: Peterson’s Mutual Exclusion (Critical Section) Algorithm bool turn, flag[2]; active [2] proctype user() { again: flag[_pid] = 1; turn = _pid; (flag[1 - _pid] == 0 || turn == 1 -_pid); /* Critical Section */ flag[_pid] = 0; goto again; } bool turn, flag[2]; active [2] proctype user() { again: flag[_pid] = 1; turn = _pid; (flag[1 - _pid] == 0 || turn == 1 -_pid); /* Critical Section */ flag[_pid] = 0; goto again; } SoSo S5S5 S1S1 flag me = 1 S2S2 turn= me flag other == 0 || turn == other S3S3 flag other != 0 && turn == me flag me = 0 S4S4 Critical Section 

25 Live Demo 

26 Example: Peterson’s Mutual Exclusion (Critical Section) Algorithm bool turn, flag[2]; byte ncrit; active [2] proctype user() { assert(_pid == 0 || __pid == 1); again: flag[_pid] = 1; turn = _pid; (flag[1 - _pid] == 0 || turn == 1 - _pid); ncrit++; assert(ncrit == 1); /* critical section */ ncrit--; flag[_pid] = 0; goto again; } bool turn, flag[2]; byte ncrit; active [2] proctype user() { assert(_pid == 0 || __pid == 1); again: flag[_pid] = 1; turn = _pid; (flag[1 - _pid] == 0 || turn == 1 - _pid); ncrit++; assert(ncrit == 1); /* critical section */ ncrit--; flag[_pid] = 0; goto again; } 

27 Conclusion 

28 Conclusion Problem For complex problems, did the design actually cover all of our bases? How can I test distributed software process models efficiently and cost-effectively?Solution SPIN formally proves temporal models mathematically Easy to use 

29 Information Holzmann, G. J. (2009). Retrieved from Spin - Formal Verification: http://www.spinroot.com Holzmann, G. J. (1997). The Model Checker SPIN. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 23 (5). Holzmann, G. J. (2006). The Spin Model Checker. Troy, NY: Addison Wesley. Cimatti, A., Giunchiglia, F., et al. Model Checking Safety Critical Software with SPIN: an Application to a Railway Interlocking System. ☐ ☐

30 Questions & Answers Comp 587 – 12/2/09 Eduardo Borjas – Omer Azmon Thank You! ☐ ☐

Download ppt "SPIN Verification System The Model Checker SPIN By Gerard J. Holzmann Comp 587 – 12/2/09 Eduardo Borjas – Omer Azmon ☐ ☐"

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
1 Carnegie Mellon UniversitySPIN ExamplesFlavio Lerda Bug Catching15-398 SPIN Examples.

1 Carnegie Mellon UniversitySPIN ExamplesFlavio Lerda Bug Catching SPIN Examples.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.

Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
© 2011 Carnegie Mellon University SPIN: Part 2 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.

© 2011 Carnegie Mellon University SPIN: Part /614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.
CS487 Software Engineering Omar Aldawud

CS487 Software Engineering Omar Aldawud
Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.

Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.
/ PSWLAB P ROMELA Semantics from “THE SPIN MODEL CHECKER” by G. J. Holzmann Presented by Hong,Shin 5 th Oct 2007 08:021PROMELA Semantics.

/ PSWLAB P ROMELA Semantics from “THE SPIN MODEL CHECKER” by G. J. Holzmann Presented by Hong,Shin 5 th Oct :021PROMELA Semantics.
Chapter 2: Problem Solving

Chapter 2: Problem Solving
The Spin Model Checker Promela Introduction 50374 Nguyen Tuan Duc 50378 Shogo Sawai.

The Spin Model Checker Promela Introduction Nguyen Tuan Duc Shogo Sawai.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.

1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.
Shin Hong, KAIST17 th April,2007 1/33 Provable Software Laboratory, CS KAIST.

Shin Hong, KAIST17 th April,2007 1/33 Provable Software Laboratory, CS KAIST.

Similar presentations

Ads by Google