Presentation is loading. Please wait.

Presentation is loading. Please wait.

Institute e-Austria in Timisoara 1 Author: prep. eng. Calin Jebelean Verification of Communication Protocols using SDL (12.02.2003)

Published byArabella Amice Cameron Modified over 8 years ago

Similar presentations

Presentation on theme: "Institute e-Austria in Timisoara 1 Author: prep. eng. Calin Jebelean Verification of Communication Protocols using SDL (12.02.2003)"— Presentation transcript:

1 Institute e-Austria in Timisoara 1 Author: prep. eng. Calin Jebelean Verification of Communication Protocols using SDL (12.02.2003)

2 Institute e-Austria in Timisoara 2 Introduction Software verification – an issue of undisputable importance Manual solutions, though widely used, don’t scale up to industrial-size projects Current approaches to software verification involve: simulation testing formal verification

3 Institute e-Austria in Timisoara 3 Formal Verification – Model Checking Main idea: “Build a model of a system and perform exhaustive analysis on the model” Strong points: all system behaviors are covered highly automatable Weak points: state-explosion problem

4 Institute e-Austria in Timisoara 4 What Is SDL? Acronym for “Specification and Description Language” Formal language defined by the ITU-T as recommendation Z.100 Meant for specification of complex, event-driven, real- time systems involving concurrent activities that communicate through signals Extremely appropriate for describing communication protocols

5 Institute e-Austria in Timisoara 5 A Short Insight An SDL system consists of: structural level: system, block, process and procedure hierarchy communication level: signals with optional signal parameters and channels behavioral level: processes data level: abstract data types Commercial tools exist (ObjectGEODE), dedicated to: analysis design simulation testing code generation

6 Institute e-Austria in Timisoara 6 The Need For IF SDL itself – not suitable for model-checking: model-checking algorithms are difficult to integrate within commercial tools by third-parties SDL hierarchical structure – an impediment for analysis IF – an “Intermediate Format” for SDL IF – a plain, automaton-based representation of the SDL system IF representation – suitable for exhaustive state-space exploration

7 Institute e-Austria in Timisoara 7 Advantages Of IF Translation from SDL to IF reduces the model size (5 to 6 times, on average), mostly by eliminating certain transient states Analysis algorithms can run directly on the IF translation of the SDL specification Possibility to interconnect SDL with existing verification tools: SMV, Spin, etc., once translators from IF to the input language of these tools are available

8 Institute e-Austria in Timisoara 8 Results Using IF Several analysis techniques already implemented on IF, among which: “live variables” analysis  a variable is live in a control state if there is a path from this state along which its value can be used before it is redefined “irrelevant variables” analysis  a variable is irrelevant with respect to a property of interest if it has no effect on the respective property “compositional generation” technique  based on the “divide-and-conquer” paradigm Model reductions of up to 100-500 times have been reported Model-checking can be applied on the reduced model

9 Institute e-Austria in Timisoara 9 Generation methodNumber of states Number of transitions 1ObjectGEODE30181457119043 2IF5378912298348 3IF + live reduction494319664 4IF + compositional generation11844788 Practical Results

10 Institute e-Austria in Timisoara 10 What We Want To Do Extract interfaces abstracting module-behavior in order to use them in the compositional verification of other modules, for which they constitute the environment Express properties of interest using a formalism such as temporal logic: CTL, LTL Check the model against such properties of interest Extend the capabilities of IF for dealing with external code written in other languages, such as C

11 Institute e-Austria in Timisoara 11 Some Examples Global properties: Absence of deadlock The initiator of the communication will either get connected or get an error within finite time Local properties: Any message received in some state must belong to a certain set of acceptable messages for that state A process must set a timer every time it begins waiting for some signal, to prevent blockage A process must deallocate all resources it is supposed to deallocate, if an “abandon” message is received

12 Institute e-Austria in Timisoara 12 Conclusions The IF formalism has certain advantages over other approaches to verification of SDL code Since SDL is widely used, there are clear possibilities for the application of formal methods and verification techniques on projects of industrial size and interest With SDL being a specification language, one could test an implementation against the specification, or the specification itself could be checked to reveal misconceptions

13 Institute e-Austria in Timisoara 13 Bibliography E. Clarke, J. Wing – “Formal Methods: State of the Art and Future Directions”, ACM Computing Surveys, 1996 E. Clarke, O. Grumberg, D. Long: “Verification Tools for Finite-State Concurrent Systems”, Lecture Notes in Computer Science, Springer Verlag, 1993 M. Bozga, J. Fernandez, L. Ghirvu, S. Graf, J. Krimm, L. Mounier: “IF: An Intermediate Representation and Validation Environment for Timed Asynchronous Systems”, Proceedings of FM’99, Toulouse, France, 1999 M. Bozga, J. Fernandez, L. Ghirvu, S. Graf, J. Krimm, L. Mounier, J. Sifakis: “IF: An Intermediate Representation for SDL and its Applications”, Proceedings of SDL-Forum’99, Montreal, Canada, 1999

14 Institute e-Austria in Timisoara 14 Thank You! Thank you for your attention!

Download ppt "Institute e-Austria in Timisoara 1 Author: prep. eng. Calin Jebelean Verification of Communication Protocols using SDL (12.02.2003)"

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Construction process lasts until coding and testing is completed consists of design and implementation reasons for this phase –analysis model is not sufficiently.

Construction process lasts until coding and testing is completed consists of design and implementation reasons for this phase –analysis model is not sufficiently.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Partial Order Reduction: Main Idea

Partial Order Reduction: Main Idea
Tool support for Distributed Object Technology

Tool support for Distributed Object Technology
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.

Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (www.dcs.warwick.ac.uk/~doron/notes.html)

Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (
1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.

1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.
Software Model Checking for Embedded Systems PIs: Matthew Dwyer 1, John Hatcliff 1, and George Avrunin 2 Post-docs: Steven Seigel 2, Radu Iosif 1 Students:

Software Model Checking for Embedded Systems PIs: Matthew Dwyer 1, John Hatcliff 1, and George Avrunin 2 Post-docs: Steven Seigel 2, Radu Iosif 1 Students:
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.

An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.
State-Event Software Verification for Branching-Time Specifications Sagar Chaki, Ed Clarke, Joel Ouaknine, Orna Grumberg Natasha Sharygina, Tayssir Touili,

State-Event Software Verification for Branching-Time Specifications Sagar Chaki, Ed Clarke, Joel Ouaknine, Orna Grumberg Natasha Sharygina, Tayssir Touili,
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.

Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.
1 Introduction to Software Engineering Lecture 42 – Communication Skills.

1 Introduction to Software Engineering Lecture 42 – Communication Skills.
Systems Engineering Project: System Validation and Verification Using SDL Ron Henry ENSE 623 November 30, 2004.

Systems Engineering Project: System Validation and Verification Using SDL Ron Henry ENSE 623 November 30, 2004.

Similar presentations

Ads by Google