CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.

Slides:



Advertisements
Similar presentations
Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Advertisements

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.
Model Checking and Testing combined
Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Partial Order Reduction: Main Idea
Part 3: Safety and liveness
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
CS6133 Software Specification and Verification
UPPAAL Introduction Chien-Liang Chen.
1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking.
1 Temporal Logic u Classical logic:  Good for describing static conditions u Temporal logic:  Adds temporal operators  Describe how static conditions.
Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.
© 2011 Carnegie Mellon University SPIN: Part Bug Catching: Automated Program Verification and Testing Sagar Chaki November 2, 2011.
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.
Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti Part 4: Specifications.
Specification Formalisms Book: Chapter 5. Properties of formalisms Formal. Unique interpretation. Intuitive. Simple to understand (visual). Succinct.
On-the-fly Model Checking from Interval Logic Specifications Manuel I. Capel & Miguel J. Hornos Dept. Lenguajes y Sistemas Informáticos Universidad de.
Witness and Counterexample Li Tan Oct. 15, 2002.
Specification Formalisms Book: Chapter 5. Properties of formalisms Formal. Unique interpretation. Intuitive. Simple to understand (visual). Succinct.
Review of the automata-theoretic approach to model-checking.
A logic for reasoning about digital rights Riccardo Pucella, Vicky Weissman Cornell University.
ESE601: Hybrid Systems Introduction to verification Spring 2006.
Witness and Counterexample Li Tan Oct. 15, 2002.
Automata and Formal Lanugages Büchi Automata and Model Checking Ralf Möller based on slides by Chang-Beom Choi Provable Software Lab, KAIST.
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)
The Model Checker SPIN Written by Gerard J. Holzmann Presented by Chris Jensen.
LTL – model checking Jonas Kongslund Peter Mechlenborg Christian Plesner Kristian Støvring Sørensen.
Flavio Lerda 1 LTL Model Checking Flavio Lerda. 2 LTL Model Checking LTL –Subset of CTL* of the form: A f where f is a path formula LTL model checking.
1 Temporal Logic-Overview FM Temporal Logic u Classical logic: Good for describing static conditions u Temporal logic: Adds temporal operators Describe.
1 Carnegie Mellon UniversitySPINFlavio Lerda Bug Catching SPIN An explicit state model checker.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
15-820A 1 LTL to Büchi Automata Flavio Lerda A 2 LTL to Büchi Automata LTL Formulas Subset of CTL* –Distinct from CTL AFG p  LTL  f  CTL. f.
Model Checking Lecture 3 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
Scientific Computing By: Fatima Hallak To: Dr. Guy Tel-Zur.
CIS 842: Specification and Verification of Reactive Systems Lecture Specifications: LTL Model Checking Copyright , Matt Dwyer, John Hatcliff,
Sept COMP60611 Fundamentals of Parallel and Distributed Systems Lecture 15 More Advanced Program Properties: Temporal logic and jSpin John Gurd,
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Copyright , Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.
1 CSEP590 – Model Checking and Automated Verification Lecture outline for August 6, 2003.
Recognizing safety and liveness Presented by Qian Huang.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
1 Temporal logic. 2 Prop. logic: model and reason about static situations. Example: Are there truth values that can be assigned to x,y simultaneously.
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
Variants of LTL Query Checking Hana ChocklerArie Gurfinkel Ofer Strichman IBM Research SEI Technion Technion - Israel Institute of Technology.
Today’s Agenda  Quiz 4  Temporal Logic Formal Methods in Software Engineering1.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Model Checking Lecture 2. Model-Checking Problem I |= S System modelSystem property.
Model Checking Lecture 2 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.
Automatic Verification
Program Synthesis is a Game
Formal Methods in software development
Translating Linear Temporal Logic into Büchi Automata
Introduction to verification
Formal Methods in software development
Program correctness Linear Time Temporal Logic
COMP60621 Designing for Parallelism
CSE 503 – Software Engineering
Presentation transcript:

CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed (KFUPM) Spring 2004 (Term 032)

Correctness Requirements (Cont.)

CSE555-SqalliTerm How To Check A Model  The model can be represented as a graph  Various graph theoretic algorithms are applicable to search for violations of correctness criteria:  Invariants  Should hold in all states  Deadlocks  A state is reachable where program is blocked  Unreachable states  There are states that are never executed  Search through the state space  Use a search algorithm: depth-first-search, breadth-first search, etc.  Search entire state space or optimize  Report result  Conformance; or  Counter example: at least one state where criteria are not met

CSE555-SqalliTerm Credit: Theo Ruys (University of Twente)

CSE555-SqalliTerm Formal Correctness Condition  We want to find a correctness condition for a model to satisfy a specification:  Language of a model: L(Model)  Language of a specification: L(Spec)  We need: L(Model)  L(Spec)  In order to prove correctness:  Show that L(Model)  L(Spec)  Equivalently: ______ Show that L(Model)  L(Spec) = Ø.  Also: can obtain L(Spec) by translating from LTL! All sequences Sequences satisfying Spec Program executions

CSE555-SqalliTerm Reference: Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

CSE555-SqalliTerm Reference: Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

CSE555-SqalliTerm Credit: Theo Ruys (University of Twente)

CSE555-SqalliTerm Credit: Theo Ruys (University of Twente)

CSE555-SqalliTerm Reference: Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

CSE555-SqalliTerm Reference: Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

CSE555-SqalliTerm Credit: Theo Ruys (University of Twente)

CSE555-SqalliTerm Reference: Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

CSE555-SqalliTerm Reference: Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

CSE555-SqalliTerm Spin Verification  Spin accepts correctness properties using Linear Temporal Logic (LTL)  It uses a depth-first search algorithm  Exhaustive search  State space compression  Space complexity is the biggest problem with verification tools

CSE555-SqalliTerm LTL Syntax  LTL formulae are used to specify liveness properties  LTL = propositional logic + temporal operators  Temporal logic unary (boolean/temporal) operators:  []Always (e.g., []p - always p)  <>Eventually (e.g., <>p - eventually p)  XNext  !Logical negation  Binary operators  UStrong until (e.g., p U q - p is true until q becomes true)  &&Logical and  ||Logical or  ->Logical implication  (p -> q) is shorthand for: (!p || q)  Logical equivalence (iff)  (p q) is shorthand for: (p -> q) && (q -> p)

CSE555-SqalliTerm Reference: Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

CSE555-SqalliTerm LTL Examples  Examples about LTL syntax:  [] p “p is invariantly true”  <>p “p eventually becomes true”  p U q “p is true until q becomes true”  Examples of LTL combinations:  <>[] p “p eventually becomes invariantly true” “p will happen from some point forever”  []<>p “p will happen infinitely often”  []<>!p “p always eventually becomes false at least once more”  [] (p -> !q) “p always implies ¬q”  [] (p -> <> q) “p always implies eventually q”  ([]<>p) --> ([]<>q) “If p happens infinitely often, then q also happens infinitely often”

CSE555-SqalliTerm Semantics   X   U        

CSE555-SqalliTerm Reference: Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

CSE555-SqalliTerm Credit: Theo Ruys (University of Twente)

CSE555-SqalliTerm Reference: Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

CSE555-SqalliTerm Reference: Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

CSE555-SqalliTerm Reference: Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

CSE555-SqalliTerm LTL Formulae to Buchi Automata  Spin converts LTL formulae into Buchi automata  An initial state  An accepting state  Example:  LTL formula:  [] (pUq)  “It is always guaranteed that p remains true at least until q becomes true”  Buchi automata for LTL  PROMELA syntax:

CSE555-SqalliTerm Another Example  LTL formula:  [] (<>p)  “At any point in an execution, it is guaranteed that eventually p will become true at least once more”  Buchi automata:  PROMELA specifications:

CSE555-SqalliTerm Reference: Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

CSE555-SqalliTerm Reference: Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

CSE555-SqalliTerm Reference: Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

CSE555-SqalliTerm Reference: Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.