29.4.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.

29.4.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik

H. Schlingloff, Logical Specification 29.4.2008 Recap: Propositional Logic Syntax PL ::= Ρ |  | (PL  PL) Semantics  Propositional Model M: (U,I); Interpretation I: Ρ ↦ U  Validation relation M ⊨  - M ⊨ p if I(p)=true - M ⊭  - M ⊨ (  ) if M ⊨  implies M ⊨   Validity ( ⊨  ), Satifiability (SAT(  )) Calculus  axiom schemes: weakening, distribution, excluded middle  rule: modus ponens

H. Schlingloff, Logical Specification 29.4.2008 Q.: exponential blowup? (r  s) = ((r  s)  (s  r)) (q  (r  s)) = ((q  (r  s))  ((r  s)  q)) = ((q  ((r  s)  (s  r)))  (((r  s)  (s  r))  q)) (p  (q  (r  s))) = (p  (q  (r  s)))  ((q  (r  s))  p) = (p  ((q  ((r  s)  (s  r)))  (((r  s)  (s  r))  q)))  (((q  ((r  s)  (s  r)))  (((r  s)  (s  r))  q))  p) p  (q  r)  ( ¬ q  s) q  (t  u) p  ((t  u)  r)  ( ¬ (t  u)  s) logarithmic reduction by introduction of abbreviations?

H. Schlingloff, Logical Specification 29.4.2008 Boolean Quantification QPL ::= Ρ |  | (QPL  QPL) |  Ρ QPL intuitively,  p  (p) means p is „hidden“ M ⊨  p  if there is an M‘= (U,I‘) such that I‘(q)=I(q) for all q  p and M‘ ⊨  ⊨  p   (  (p:=  )   (p:=Τ) ) ∀ p  = ¬  p ¬  ; ⊨∀ p   (  (p:=  )   (p:=Τ) )

H. Schlingloff, Logical Specification 29.4.2008 Conciseness and Complexity Quantified formulae can be logarithmically more concise   = [… ((r  s)  t) … ((r  s)  t) … ((r  s)  t) …]    (  p(p  ((r  s)  t))   [… p … p … p …]) Quantified formulae can be exponentially harder to analyze  SAT(PL) is NP-hard, SAT(QPL) is PSPACE-hard  To check whether  p  holds one has to check both alternatives

H. Schlingloff, Logical Specification 29.4.2008 Boolean Normal Forms DNF (disjunctive normal form)  each formula is equivalent to a disjunction of conjunction of literals e.g. ((p  ¬ q  r)  ( ¬ p  q  ¬ r)  (p  ¬ q  ¬ r))  obtained by truth table CNF (conjunctive normal form)  de Morgan dual of DNF  used in PLAs (programmable logic arrays) NAND-, NOR-normal form  (p|q)=(p  ¬q); ¬p =(p|p); (p  q)= (p| ¬ q)  used for gate arrays Algebraic normal form  XOR of conjunction of (positive) propositions  used in linear feedback shift registers

H. Schlingloff, Logical Specification 29.4.2008 next week: tree normal form  (ordering of variables)

H. Schlingloff, Logical Specification 29.4.2008 Boolean Modelling of Reactive Systems Many modelling formalisms are being used  Transition systems  Parallel and hierarchical transition systems, statecharts  Shared variables programs  UML diagrams  Abstract state machines ...

H. Schlingloff, Logical Specification 29.4.2008 Transition Systems Transition system TS=( ,S, , S 0 ), where   is a nonempty finite alphabet  S is a nonempty finite set of states   S    S is the transition relation, and  S 0  S is the set of initial states similar to a nondeterministic finite automaton, with many initial states but without finite states transition system generates a (finite or infinite) word w 0 w 1 w 2... iff there are states s 0 s 1 s 2 s 3... such that s 0  S 0 and each (s i,w i,s i+1 )  Δ

H. Schlingloff, Logical Specification 29.4.2008 Example  ={up, dn} S={off, tape, memory, play}  ={(off,dn,tape), (tape,up,off), (tape,dn,memory), (memory,up,off), (memory,dn,play), (play,dn,tape), (play,up,off)} S 0 ={off} off memorytapeplay dn up

H. Schlingloff, Logical Specification 29.4.2008 Parallel Transition Systems Parallel transition system T=(T 1,…,T n )  each T i is a transition system  S i  S j =  interleaving semantics  on its private alphabet, each T i can make an independent move  synchronization is via common events example: power switch and camcorder mode

H. Schlingloff, Logical Specification 29.4.2008 Example T=(switch, camera) {pwr_fail, pwr_res} are private to camera synchronization alphabet {up,dn} how big is the state space? but_hi but_lo dn up off on dn, pwr_res up, pwr_fail memorytape play dn on switch camera dn

H. Schlingloff, Logical Specification 29.4.2008 The global transition system T associated with a parallel transition system (T 1,…,T n ) is defined as T=( , S, , S 0 ), where   =   i  S= S 1  …  S n  S 0 = S 1,0  …  S n,0, and  ((s 1,…,s n ),a,(s 1 ‘,…,s n ‘))  iff for all T i - if a  i, then ((s i ),a,(s i ‘))  i, and - if a  i, then s i =s i ‘.

H. Schlingloff, Logical Specification 29.4.2008 Shared Variables A shared variables program is given by a tuple (V,D,T,s 0 ), where  V=(v 1,…,v n ) is a set of program variables  D=(D 1,…,D n ) is a tuple of corresponding finite domains D i ={d i1,…,d im }  T  D  D is a transition relation, and  s 0 = (d 11,…,d n1 ) is the initial state

H. Schlingloff, Logical Specification 29.4.2008 Example (1) A request granting algorithm  V={request,state}  D=({true, false}, {ready, busy})  T=(((true, ready), (true, busy)), ((false, ready), (false, ready)), ((true, busy), (true, busy)), ((true, busy), (true, ready)), …)

H. Schlingloff, Logical Specification 29.4.2008 Example (2) Euclidean algorithm gcd(a, b) if a = 0 return b while b ≠ 0 if a > b then a := a − b else b := b − a return a Shared variables program  V=(a,b)  D=(Nat, Nat) (finite?)  T={((0,0),(0,0)), ((7,4),(3,4)), ((3,4),(3,1)), …}  s 0 =D

H. Schlingloff, Logical Specification 29.4.2008 Transition Systems and Programs For every (parallel) transition system there is an equivalent shared variables program of the same order of size. The translation in the other direction may cause an exponential blowup. Exercise: describe the translations! In which sense are the translations equivalent?

H. Schlingloff, Logical Specification 29.4.2008 Transition Relation as Boolean Formula State=(d 1,…,d n ) (d i  D i ) Transition relation T can be defined by a propositional formula  T  atomic propositions: let V‘={v 1 ‘,…,v n ‘} P={(x=y) | x,y  (V  V‘   D i )}  Any propositional formula  T in this alphabet defines a transition relation via the following convention If s=(d 1,…,d n ) and s‘=(d 1 ‘,…d n ‘), then (s,s‘)  T iff M ⊨  T, where I(v i )=d i and I(v i ‘)=d i ‘.

H. Schlingloff, Logical Specification 29.4.2008 Example request granting algorithm  V={request,state}  D=({true, false}, {ready, busy})  T=((request=true)  (state=ready)  (state‘=busy)) „Propositional logic as a programming language“ Used in model checkers such as nuSMV

29.4.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.

Similar presentations

Presentation on theme: "29.4.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der."— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

29.4.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.

Similar presentations

Presentation on theme: "29.4.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der."— Presentation transcript:

Similar presentations

About project

Feedback