Department of mathematics and computer science 1 of 21 Rob van Glabbeek (Sydney) Marc Voorhoeve (TUE) Liveness, Fairness and Impossible Futures.

Slides:



Advertisements
Similar presentations
1 Verification by Model Checking. 2 Part 1 : Motivation.
Advertisements

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
Modeling issues Book: chapters 4.12, 5.4, 8.4, 10.1.
Vasileios Germanos 1, Stefan Haar 2, Victor Khomenko 1, and Stefan Schwoon 2 1 School of Computing Science, Newcastle University, UK 2 INRIA & LSV (ENS.
Partial Order Reduction: Main Idea
Process Algebra (2IF45) Abstraction in Process Algebra Suzana Andova.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
1 Regression-Verification Benny Godlin Ofer Strichman Technion.
Game-theoretic simulation checking tool Peter Bulychev, Vladimir Zakharov, Igor Konnov Moscow State University.
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.
Distributed Computing 5. Snapshot Shmuel Zaks ©
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Behavioral Equivalence Hossein Hojjat Formal Lab University of Tehran.
Possibilistic and probabilistic abstraction-based model checking Michael Huth Computing Imperial College London, United Kingdom.
Equivalence of open Petri nets Modeling and analysis with Petri net components. Marc Voorhoeve (AIS)
Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.
Introduction to Computability Theory
© Katz, 2007CS Formal SpecificationsLecture - Temporal logic 1 Temporal Logic Formal Specifications CS Shmuel Katz The Technion.
Penn ESE 535 Spring DeHon 1 ESE535: Electronic Design Automation Day 13: March 4, 2009 FSM Equivalence Checking.
Abstractions. Outline Informal intuition Why do we need abstraction? What is an abstraction and what is not an abstraction A framework for abstractions.
1 Ivan Lanese Computer Science Department University of Bologna Roberto Bruni Computer Science Department University of Pisa A mobile calculus with parametric.
Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.
Receipt-freeness and coercion-resistance: formal definitions and fault attacks Stéphanie Delaune / Steve Kremer / Mark D. Ryan.
A 14← department of mathematics and computer science PROSE Checking Properties of Adaptive Workflow Nets K. van Hee, I. Lomazova, O. Oanea,
1 Ivan Lanese Computer Science Department University of Bologna Italy Concurrent and located synchronizations in π-calculus.
CS 711 Fall 2002 Programming Languages Seminar Andrew Myers 2. Noninterference 4 Sept 2002.
ESE601: Hybrid Systems Introduction to verification Spring 2006.
Witness and Counterexample Li Tan Oct. 15, 2002.
1 Ivan Lanese Computer Science Department University of Bologna Italy Towards a Unifying Theory for Web Services Composition Manuel Mazzara Faculty of.
Linear and Branching Time Safety, Liveness, and Fairness
Distributed Computing 5. Snapshot Shmuel Zaks ©
CSCE 668 DISTRIBUTED ALGORITHMS AND SYSTEMS Fall 2011 Prof. Jennifer Welch CSCE 668 Set 11: Asynchronous Consensus 1.
Reactive systems – general
2G1516 Formal Methods2005 Mads Dam IMIT, KTH 1 CCS: Operational Semantics And Process Algebra Mads Dam Reading: Peled 8.3, 8.4, 8.6 – rest of ch. 8.
On Reducing the Global State Graph for Verification of Distributed Computations Vijay K. Garg, Arindam Chakraborty Parallel and Distributed Systems Laboratory.
ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.
Formal Verification Lecture 9. Formal Verification Formal verification relies on Descriptions of the properties or requirements Descriptions of systems.
1 Bisimulations as a Technique for State Space Reductions.
Process Algebra Calculus of Communicating Systems Daniel Choi Provable Software Lab. KAIST.
Rewriting Logic Model of Compositional Abstraction of Aspect-Oriented Software FOAL '10Mar. 15, 2010 Yasuyuki Tahara, Akihiko Ohsuga The University of.
Copyright , Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.
Semantics Preserving Transformation: An Impossible Dream? Arend Rensink, University of Twente BX Position Statement.
Weak Bisimilarity Coalgebraically Andrei Popescu Department of Computer Science University of Illinois.
MPRI – Course on Concurrency Lectures 11 and 12 The pi-calculus expressiveness hierarchy Catuscia Palamidessi INRIA Futurs and LIX
Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.
2G1516 Formal Methods2005 Mads Dam IMIT, KTH 1 CCS: Processes and Equivalences Mads Dam Reading: Peled 8.5.
1 CSEP590 – Model Checking and Automated Verification Lecture outline for July 9, 2003.
1 Fault tolerance in distributed systems n Motivation n robust and stabilizing algorithms n failure models n robust algorithms u decision problems u impossibility.
Program Correctness. The designer of a distributed system has the responsibility of certifying the correctness of the system before users start using.
Process Algebra (2IF45) Basic Process Algebra Dr. Suzana Andova.
6/12/20161 a.a.2015/2016 Prof. Anna Labella Formal Methods in software development.
Model Checking Lecture 2. Model-Checking Problem I |= S System modelSystem property.
Verification vs. Validation Verification: "Are we building the product right?" The software should conform to its specification.The software should conform.
Model Checking Lecture 2 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
Proof And Strategies Chapter 2. Lecturer: Amani Mahajoub Omer Department of Computer Science and Software Engineering Discrete Structures Definition Discrete.
Formal methods: Lecture
Prof. Dr. Holger Schlingloff 1,2 Dr. Esteban Pavese 1
Modeling Mutual Exclusion Algorithms
CS154, Lecture 10: Rice’s Theorem, Oracle Machines
IS 2935: Developing Secure Systems
Internet of Things A Process Calculus Approach
Computer Security: Art and Science, 2nd Edition
ESE535: Electronic Design Automation
Abstraction.
Introduction to verification
Program correctness Model-checking CTL
Presentation transcript:

department of mathematics and computer science 1 of 21 Rob van Glabbeek (Sydney) Marc Voorhoeve (TUE) Liveness, Fairness and Impossible Futures

department of mathematics and computer science 2 of 21 1.Motivation 2.IF equivalence 3.Results Contents

department of mathematics and computer science 3 of 21 Context Why yet another equivalence relation? trace fair testing IF contrasim weak bisim strong bisim failureready simulation weak+div

department of mathematics and computer science 4 of 21 Motivation System development: model-based vs. requirement-based. Combination often preferable. Non-bisim equivalence: compositional when congruence increases implementer’s freedom. Equivalence implementation – model: branching/weak bisimilarity? Advantages: compositional, preservation of any requirement. Disadvantage: restrictive.

department of mathematics and computer science 5 of 21 Compositional verification abstraction reduction (contrasim)

department of mathematics and computer science 6 of 21 Too much freedom! vw Processes v,w : failures/ready simulation equivalent! Corrupted state u : action c impossible. u reachable from w not v. u Legend: t: try c: connect f: fail s: stop corrupted states hidden visible 

department of mathematics and computer science 7 of 21 Motivation (conclusion) Non-bisim equivalences: more freedom for implementer. Needed: knowledge about preservation of properties. IF (impossible future) equivalence preserves AGEF properties.

department of mathematics and computer science 8 of 21 1.Motivation 2.IF Equivalence 3.Results Contents Preliminary notions Definition Properties preserved Connection with liveness and fairness

department of mathematics and computer science 9 of 21 Transition systems gsmspecgsmimpl Legend: t: try c: connect f: fail s: stop Process: state in labeled transition system (LTS) vw

department of mathematics and computer science 10 of 21 LTS: pair, S a set (of states) : ternary transition relation v = gsmspec Set A of visible actions: Special hidden action Transition relations trace relation

department of mathematics and computer science 11 of 21 Impossible futures equivalence IF: decorated trace IF equivalence: same IFs Congruence with root condition:

department of mathematics and computer science 12 of 21 Properties preserved by IF Having observed  it is possible to continue with a trace  from B.  calculus : CTL: (AGEF property) Not IF preserved (not AGEF):

department of mathematics and computer science 13 of 21 Some AGEF properties No deadlock/livelock: Soundness: √ Delivery ( d) possible after order ( o) : Order that is not confirmed ( c) can be aborted ( a): An order that can be confirmed, can be aborted (at the same time): Not AGEF:

department of mathematics and computer science 14 of 21 Legend: t: try c: connect f: fail s: stop GSM example vw Corrupted state u : no connection possible. Corrupted state reachable from w not v. (AGEF properties) f  calculus predicates Paths terminating with f, can continue with tc Paths terminating with f, can eventually do c u testable non-testable

department of mathematics and computer science 15 of 21 Liveness Infinite tf- sequence impossible: vw CTL: Verify AGEF instead of liveness! Implies liveness combined with AGEF property (fairness assumption)

department of mathematics and computer science 16 of 21 1.Motivation 2.IF Equivalence 3.Results Contents Preservation Fair testing Proof method

department of mathematics and computer science 17 of 21 Preservation results 1.IF congruence preserves all AGEF properties. 2.Any congruence preserving any non-testable AGEF property is at least as fine as IF. 3.Any congruence at least as coarse as weak bisim, satisfying RSP and preserving any nontrivial AGEF property is at least as fine as IF.

department of mathematics and computer science 18 of 21 Fair testing (FT) FT preserves all testable AGEF properties and (assuming fairness) all AGAF properties but different IF’s FT does not satisfy RSP: two processes satisfy

department of mathematics and computer science 19 of 21 Proof method Suppose ~ is a congruence w.r.t. CCS composition and there exist ,B,p,q with p ~ q such that Let and setwith

department of mathematics and computer science 20 of 21 Context C    i

department of mathematics and computer science 21 of 21 Conclusions 1.Many system safety and liveness properties are of AGEF kind. AGAF liveness: AGEF + fairness. 2.IF and FT: compositional verification of AGEF properties. 3.FT: only testable AGEF properties, RSP cannot be used. Thank you for your attention

department of mathematics and computer science 22 of 21 C1 Composition Systems built from components

department of mathematics and computer science 23 of 21 Verification a b c Possible: prove e.g. Disadvantage: cumbersome, restrictive. Alternative: Non-bisim equivalence that is congruence w.r.t. composition and preserves requirements! Advantage: compositionality. Verify property, e.g.: b may eventually occur after a Simplify components

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.