The Model Checker SPIN Written by Gerard J. Holzmann Presented by Chris Jensen.

Slides:

Advertisements

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

Advertisements

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

Partial Order Reduction: Main Idea

Knowledge Based Synthesis of Control for Distributed Systems Doron Peled.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.

UPPAAL Introduction Chien-Liang Chen.

CS 290C: Formal Models for Web Software Lecture 4: Implementing and Verifying Statecharts Specifications Using the Spin Model Checker Instructor: Tevfik.

/ PSWLAB P ROMELA Semantics from “THE SPIN MODEL CHECKER” by G. J. Holzmann Presented by Hong,Shin 5 th Oct :021PROMELA Semantics.

CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.

PSWLAB S PIN Search Algorithm from “THE SPIN MODEL CHECKER” by G Holzmann Presented by Hong,Shin 9 th Nov SPIN Search Algorithm.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

SPIN Verification System The Model Checker SPIN By Gerard J. Holzmann Comp 587 – 12/2/09 Eduardo Borjas – Omer Azmon ☐ ☐

S. Ramesh Model-Checking Distributed Software S. Ramesh IIT Bombay.

1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.

Shin Hong, KAIST17 th April,2007 1/33 Provable Software Laboratory, CS KAIST.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.

1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.

CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.

Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti Part 4: Specifications.

Discrete Abstractions of Hybrid Systems Rajeev Alur, Thomas A. Henzinger, Gerardo Lafferriere and George J. Pappas.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.

Witness and Counterexample Li Tan Oct. 15, 2002.

Review of the automata-theoretic approach to model-checking.

Witness and Counterexample Li Tan Oct. 15, 2002.

Automata and Formal Lanugages Büchi Automata and Model Checking Ralf Möller based on slides by Chang-Beom Choi Provable Software Lab, KAIST.

1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.

Real-Time System Requirements & Design Specs Shaw - Chapters 3 & 4 Homework #2: 3.3.1, 3.4.1, Add Error states to Fig 4.1 Lecture 4/17.

LTL – model checking Jonas Kongslund Peter Mechlenborg Christian Plesner Kristian Støvring Sørensen.

1 Temporal Logic-Overview FM Temporal Logic u Classical logic: Good for describing static conditions u Temporal logic: Adds temporal operators Describe.

1 Carnegie Mellon UniversitySPINFlavio Lerda Bug Catching SPIN An explicit state model checker.

Jun. Sun Singapore University of Technology and Design Songzheng Song and Yang Liu National University of Singapore.

Verification technique on SA applications using Incremental Model Checking 컴퓨터학과 신영주.

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

Regular Model Checking Ahmed Bouajjani,Benget Jonsson, Marcus Nillson and Tayssir Touili Moran Ben Tulila

Model Checking Lecture 3 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.

Scientific Computing By: Fatima Hallak To: Dr. Guy Tel-Zur.

PAT: Getting started.

Verifying Autonomous Planning Systems Even the best laid plans need to be verified Prepared for the 2005 Software Assurance Symposium (SAS) DS1 MSL EO1.

MODEL CHECKING WITH SPIN MODELING AND VERIFICATION WITH SPIN ANDREA ORLANDINI – ISTC (CNR) TexPoint fonts used in EMF. Read the TexPoint manual before.

CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4.

Fault-Tolerant Parallel and Distributed Computing for Software Engineering Undergraduates Ali Ebnenasir and Jean Mayo {aebnenas, Department.

1 CSEP590 – Model Checking and Automated Verification Lecture outline for August 6, 2003.

Verification & Validation By: Amir Masoud Gharehbaghi

Constraints Assisted Modeling and Validation Presented in CS294-5 (Spring 2007) Thomas Huining Feng Based on: [1]Constraints Assisted Modeling and Validation.

/ PSWLAB S PIN Search Optimization from “THE SPIN MODEL CHECKER” by G. Holzmann Presented by Hong,Shin 23 th Nov SPIN Search.

Lecture 4 Introduction to Promela. Promela and Spin Promela - process meta language G. Holzmann, Bell Labs (Lucent) C-like language + concurrency dyamic.

Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.

Today’s Agenda  Quiz 4  Temporal Logic Formal Methods in Software Engineering1.

Model Checking Lecture 2. Model-Checking Problem I |= S System modelSystem property.

CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4.

Model Checking Lecture 2 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.

Complexity of Compositional Model Checking of Computation Tree Logic on Simple Structures Krishnendu Chatterjee Pallab Dasgupta P.P. Chakrabarti IWDC 2004,

Formal verification in SPIN

Automatic Verification

An explicit state model checker

Program Synthesis is a Game

An explicit state model checker

Presentation transcript:

The Model Checker SPIN Written by Gerard J. Holzmann Presented by Chris Jensen

Introduction Description Verification system for models of distributive, concurrent systems Goals Intuitive code-like notation for specifying design choices unambiguously without implementation detail Notation for expressing correctness requirements Methodology for establishing consistency between design choices and correctness requirements

How It Works Iterative refinement of model behavior refinement through simulation, verifier generation Correctness properties are expressed in linear temporal logic (LTL) Converts this to a Buchi automaton, produces a synchronous product of the claim and the BA representing the the state space If the language accepted by the resulting BA is empty, the claim is NOT satisfiable, otherwise, it IS satisfiable Correctness is verified by demonstrating a lack of undesirable behavior Worst case global reachability graph has size of Cartesian product of all component systems

How It Works (2) Design specifications are expressed in Process Meta Language (PROMELA) Devised to permit only finite range of component state spaces State space is traversed with a DFS using state space compression and bit-state hashing to manage otherwise exponential memory requirements

Interesting Points Distinction between behavior and requirements on behavior Requirements and behaviors are checked for internal and mutual consistency Iterative refinement of correctness properties