6.5.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt.

Presentation on theme: "6.5.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt."— Presentation transcript:

6.5.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik

Slide 2 H. Schlingloff, Logical Specification 6.5.2008 Boolean Normal Forms DNF, CNF, NAND-, NOR-normal form  (p|q)=(p  ¬q); ¬p =(p|p); (p  q)= (p| ¬ q)  used for gate arrays Algebraic normal form  XOR of conjunction of (positive) propositions later: tree normal forms  (ordering of propositions)

Slide 3 H. Schlingloff, Logical Specification 6.5.2008 Boolean Modelling of Reactive Systems (Parallel) transition systems, shared variables programs  shared variables program (V,D,T,s 0 ) - V=(v 1,…,v n ) is a set (sequence) of program variables - D=(D 1,…,D n ) is a tuple of corresponding finite domains D i ={d i1,…,d im } - T  D  D is a transition relation, and - s 0 = (d 11,…,d n1 ) is the initial state Propositional representation of programs  T=((request=true)  (state=ready)  (state‘=busy)) Representation of non-boolean domains?

Slide 4 H. Schlingloff, Logical Specification 6.5.2008 Binary Encoding of Domains Any variable on a finite domain D can be replaced by log(D) binary variables  similar to encoding of data types by compilers  e.g. var v: {0..15} can be replaced by var v1,v2,v3,v4: boolean (0=0000, 1= 0001, 2=0010, 3=0011,..., 15=1111) State space  still in the order of original domain!  e.g. three int8-variables can have 2 24 =10 8 states  e.g. array of length 10 with 10-bit values  10 30 states Representation of large sets of states?

Slide 5 H. Schlingloff, Logical Specification 6.5.2008 Representation of Sets

Slide 6 H. Schlingloff, Logical Specification 6.5.2008 Ordered Tree Form Normal form for propositional formulas Uses only the connective Ite Linear ordering on the set of propositions  e.g., most significant bit first Shannon expansion

Slide 7 H. Schlingloff, Logical Specification 6.5.2008 Truth table and tree form formula Reduction: Replace Ite (v,ψ,ψ) by ψ

Slide 8 H. Schlingloff, Logical Specification 6.5.2008 Abbreviations Introduce abbreviations maximally abbreviated

Slide 9 H. Schlingloff, Logical Specification 6.5.2008 Binary Decision Trees (BDTs) Binary decision tree Elimination of isomorphic subtrees (abbreviations)

Slide 10 H. Schlingloff, Logical Specification 6.5.2008 Binary Decision Diagrams (BDDs) Elimination of redundant nodes (redundant subformulas) Ite (v,ψ,ψ) by ψ

Slide 11 H. Schlingloff, Logical Specification 6.5.2008 A Toy Example How many states are reachable? How to check whether a given state is reachable?

Slide 12 H. Schlingloff, Logical Specification 6.5.2008 Coding in nuSMV

Slide 13 H. Schlingloff, Logical Specification 6.5.2008 Coding in SMV (cont.) SMV quickly finds a solution (rrddlluurrddlluurrddlluurrdd)

Slide 14 H. Schlingloff, Logical Specification 6.5.2008 Another Toy Example gibts vielleicht noch besser (color)

Slide 15 H. Schlingloff, Logical Specification 6.5.2008 Verification Model of Shift Register

Slide 16 H. Schlingloff, Logical Specification 6.5.2008 Non-toy Examples Software verification: Correctness of aerospace and train computers, automobile controllers, nontrivial search problems,... Hardware verification: ALUs, PLAs, memory controllers, complete chip design,... For safety-critical systems formal validation is mandatory, for widely deployed systems highly recommended

Slide 17 H. Schlingloff, Logical Specification 6.5.2008 Calculation of BDDs

Slide 18 H. Schlingloff, Logical Specification 6.5.2008 The Influence of Variable Ordering Heuristics: keep dependent variables close together!

Slide 19 H. Schlingloff, Logical Specification 6.5.2008 Transitive Closure Each finite (transition) relation can be represented as a boolean formula / BDD The transitive closure of a relation R is defined recursively by Thus, transitive closure be calculated by an iteration on BDDs Logical operations ( , ,  ) can be directly performed on BDDs

Slide 20 H. Schlingloff, Logical Specification 6.5.2008 Reachability State s is reachable iff s 0 R*s, where s 0  S 0 is an initial state and R is the transition relation Reachability is one of the most important properties in verification  most safety properties can be reduced to it  in a search algorithm, is the goal reachable? Can be arbitrarily hard  for infinite state systems undecidable Can be efficiently calculated with BDDs

Slide 21 H. Schlingloff, Logical Specification 6.5.2008 Intuitively, xR*y iff there is a sequence w 0 w 1... w n of nodes connecting x with y  In a finite model, this sequence must be smaller than the number of states.  In practice, usually a few dozen steps are sufficient

Download ppt "6.5.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt."

Similar presentations