Verification Case Studies with ObjectCheck Fei Xie (Joint work with James C. Browne, Robert P. Kurshan, and Vladimir Levin) Presentation at Microsoft Research,

Slides:

Advertisements

Similar presentations

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Advertisements

.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.

Verified Systems by Composition from Verified Components Fei Xie and James C. Browne.

Integrated State Space Reduction for Model Checking Executable Object-oriented Software System Designs Fei Xie and James C. Browne Dept. of Computer Sciences.

Model Checking for an Executable Subset of UML Fei Xie 1, Vladimir Levin 2, and James C. Browne 1 1 Dept. of Computer Sciences, UT at Austin 2 Bell Laboratories,

Delta Debugging and Model Checkers for fault localization

Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.

ECOE 560 Design Methodologies and Tools for Software/Hardware Systems Spring 2004 Serdar Taşıran.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

1 Software Testing and Quality Assurance Lecture 13 - Planning for Testing (Chapter 3, A Practical Guide to Testing Object- Oriented Software)

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

Background information Formal verification methods based on theorem proving techniques and modelchecking –to prove the absence of errors (in the formal.

ObjectCheck: A Model Checking Tool for Executable Object-oriented Software System Designs Fei Xie and James C. Browne Dept. of Computer Sciences Univ.

Integration of Model Checking into Software Development Processes Fei Xie.

Model-Based Programming: Executable UML with Sequence Diagrams By Ruben Campos Cal State L.A. Computer Science Thesis Work Spring 2007.

Variability Oriented Programming – A programming abstraction for adaptive service orientation Prof. Umesh Bellur Dept. of Computer Science & Engg, IIT.

Hardware/Software System Design and Validation Dr. Xiaoyu Song Networked Sensors Architecture Platform based on Component-based.

The Rhapsody in C++ Tool Training "Essential" © I-Logix v2.3 25/9/2000 EI-1 “Essential” Rhapsody in C++ Introduction.

Automated Analysis and Code Generation for Domain-Specific Models George Edwards Center for Systems and Software Engineering University of Southern California.

Software Testing and Quality Assurance

L4-1-S1 UML Overview © M.E. Fayad SJSU -- CmpE Software Architectures Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I.

Model Checking Large-Scale Software Natasha Sharygina Carnegie Mellon University Software Engineering Institute.

Mike Azocar Sr. Developer Technical Specialist Microsoft Corporation

Copyright © 2006 Software Quality Research Laboratory DANSE Software Quality Assurance Tom Swain Software Quality Research Laboratory University of Tennessee.

Component-Based Abstraction and Refinement Juncao Li 1, Xiuli Sun 2, Fei Xie 1, and Xiaoyu Song 2 1 Dept. of Computer Science 2 Dept. of ECE Portland State.

Component-Based Abstraction Juncao Li Dept. of Computer Science Portland State University.

Java Programming, 3e Concepts and Techniques Chapter 1 An Introduction to Java and Program Design.

Automatically Extracting and Verifying Design Patterns in Java Code James Norris Ruchika Agrawal Computer Science Department Stanford University {jcn,

1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.

Introduction to Software Testing

Presenter: Chi-Hung Lu 1. Problems Distributed applications are hard to validate Distribution of application state across many distinct execution environments.

Your Interactive Guide to the Digital World Discovering Computers 2012.

Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.

Java Programming, 2E Introductory Concepts and Techniques Chapter 1 An Introduction to Java and Program Design.

1 IBM Software Group ® Mastering Object-Oriented Analysis and Design with UML 2.0 Module 1: Best Practices of Software Engineering.

Introduction to UML 1 Quick Tour Why do we model? What is the UML? Foundation elements Unifying concepts Language architecture Relation to other OMG technologies.

RUP Implementation and Testing

Magnetic Field Measurement System as Part of a Software Family Jerzy M. Nogiec Joe DiMarco Fermilab.

Architecting Web Services Unit – II – PART - III.

Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.

A performance evaluation approach openModeller: A Framework for species distribution Modelling.

High Performance Embedded Computing © 2007 Elsevier Lecture 3: Design Methodologies Embedded Computing Systems Mikko Lipasti, adapted from M. Schulte Based.

High Performance Embedded Computing © 2007 Elsevier Chapter 1, part 2: Embedded Computing High Performance Embedded Computing Wayne Wolf.

11 CORE Architecture Mauro Bruno, Monica Scannapieco, Carlo Vaccari, Giulia Vaste Antonino Virgillito, Diego Zardetto (Istat)

Joseph Cordina 1/11 The Use of Model-Checking for the Verification of Concurrent Algorithms Joseph Cordina Department of C.S.&A.I.

Quality Driven SystemC Design By Nasir Mahmood. Hybrid Approach The idea here is to combine the strengths of simulation – namely the ability to handle.

Unified Modeling Language* Keng Siau University of Nebraska-Lincoln *Adapted from “Software Architecture and the UML” by Grady Booch.

Modeling Component-based Software Systems with UML 2.0 George T. Edwards Jaiganesh Balasubramanian Arvind S. Krishna Vanderbilt University Nashville, TN.

L6-S1 UML Overview 2003 SJSU -- CmpE Advanced Object-Oriented Analysis & Design Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I College.

1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.

BY OKAY ASLAN CMPE 516 FAULT TOLERANT COMPUTING A Formal Object-Oriented Analysis for Software Reliability: Design for Verification.

High Integrity Ada in a UML and C world Peter Amey, Neil White Presented by Liping Cai.

Computing and SE II Chapter 9: Design Methods and Design Models Er-Yu Ding Software Institute, NJU.

Xiong Junjie Node-level debugging based on finite state machine in wireless sensor networks.

Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.

1 These courseware materials are to be used in conjunction with Software Engineering: A Practitioner’s Approach, 5/e and are provided with permission by.

CrossCheckSimulation Results Conclusions References Model Instrumentation Modeling with CUTS Property Specification SPRUCE Challenge Problem Checking Model.

MNP1163/MANP1163 (Software Construction).  Minimizing complexity  Anticipating change  Constructing for verification  Reuse  Standards in software.

Formal Verification. Background Information Formal verification methods based on theorem proving techniques and modelchecking –To prove the absence of.

FUNCTIONAL PROGRAMING AT WORK - HASKELL AND DOMAIN SPECIFIC LANGUAGES Dr. John Peterson Western State Colorado University.

Visual Basic.NET Comprehensive Concepts and Techniques Chapter 1 An Introduction to Visual Basic.NET and Program Design.

Your Interactive Guide to the Digital World Discovering Computers 2012 Chapter 13 Computer Programs and Programming Languages.

Complexity Relief Techniques for Model Checking METU, Aug SOFTWARE VERIFICATION WORKSHOP Hüsnü Yenigün Sabanci University Informatics Institute,

Architecting Web Services

Self Healing and Dynamic Construction Framework:

Architecting Web Services

CodePeer Update Arnaud Charlet CodePeer Update Arnaud Charlet

Model Checking for an Executable Subset of UML

CodePeer Update Arnaud Charlet CodePeer Update Arnaud Charlet

Presentation transcript:

Verification Case Studies with ObjectCheck Fei Xie (Joint work with James C. Browne, Robert P. Kurshan, and Vladimir Levin) Presentation at Microsoft Research, April 10, 2003

2 Presentation Outline Overview and Architecture of ObjectCheck Modeling and Verification of a TinyOS Run-time Image with ObjectCheckModeling and Verification of a TinyOS Run-time Image with ObjectCheck More Case StudiesMore Case Studies Summary and Future WorkSummary and Future Work Work Built on ObjectCheck

3 ObjectCheck Overview An integrated development, validation, and mode- checking environment for software system designs; –System designs are specified in xUML; –xUML is an executable subset of UML; Developed in conjunction with –FormalCheck (Robert P. Kurshan, et. al.); –SDLCheck (Vladimir Levin and Husnu Yenigun); –Goal: Software/hardware co-design and co-verification; Sub-goal: Model checking of software system designs in xUML.

4 Executable UML (xUML) Has well-defined Execution Semantics; Utilizes UML Action Semantics recently adopted by OMG; Can be compiled to procedural codes; Tools provided by: –Project Technologies; –Kennedy Carter; –Hyperformix (SES); –…

5 Architecture and Workflow of ObjectCheck Property Specification InterfacexUML IDEError Visualizer xUML-to-S/R TranslatorError Report Generator COSPAN Model Checker S/R ModelS/R Query Error ReportError TrackDesigner xUML Model Property

6 Presentation Outline Overview and Architecture of ObjectCheck Modeling and Verification of a TinyOS Run-time Image with ObjectCheckModeling and Verification of a TinyOS Run-time Image with ObjectCheck More Case StudiesMore Case Studies Summary and Future WorkSummary and Future Work Work Built on ObjectCheck

7 Case Study on TinyOS A run-time image of TinyOS, a component-based operating system for networked sensors; xUML models for TinyOS components have been constructed from their C source codes to enable: –Model-driven development on design level; –Software/hardware co-design and co-verification; Two properties are to be checked: –Repeated transmission on physical network; –No consecutive 0’s in any sequence-number sequence.

8 More on TinyOS An OS for networked sensors that have –Limited computation ability and energy supply; –High concurrency requirements; –Diversities in designs and usages; –High reliability requirement; Is component-based –Run-time images are specialized for different sensors; –Only necessary components are selected and composed. More information --

9 Step-by-Step Demonstration Designer Property Specification Interface xUML IDEError Visualizer Error ReportxUML ModelProperty xUML-to-S/R TranslatorError Report Generator Error TrackS/R ModelS/R Query COSPAN Model Checker

10

11

12

13

14

15

16

17

18 Step-by-Step Demonstration Designer Property Specification Interface xUML IDEError Visualizer Error ReportxUML ModelProperty xUML-to-S/R TranslatorError Report Generator Error TrackS/R ModelS/R Query COSPAN Model Checker

19

20 Step-by-Step Demonstration Designer Property Specification Interface xUML IDEError Visualizer Error ReportxUML ModelProperty xUML-to-S/R TranslatorError Report Generator Error TrackS/R ModelS/R Query COSPAN Model Checker

21

22

23

24 Step-by-Step Demonstration Designer Property Specification Interface xUML IDEError Visualizer Error ReportxUML ModelProperty xUML-to-S/R TranslatorError Report Generator Error TrackS/R ModelS/R Query COSPAN Model Checker

25

26

27

28

29

30

31

32 Step-by-Step Demonstration Designer Property Specification Interface xUML IDEError Visualizer Error ReportxUML ModelProperty xUML-to-S/R TranslatorError Report Generator Error TrackS/R ModelS/R Query COSPAN Model Checker

33

34

35 Step-by-Step Demonstration Designer Property Specification Interface xUML IDEError Visualizer Error ReportxUML ModelProperty xUML-to-S/R TranslatorError Report Generator Error TrackS/R ModelS/R Query COSPAN Model Checker

36

37

38

39

40

41

42

43 Statistics from Model Checking “Repeated Output” Property Four model checking runs with different combinations of reduction algorithms –Start at the same time on the same host; –The host is a SUN with 8 CPUs and 2GB memory. SPORSMCMemory UsageTime Usage Off 596M19370S OffOn80M1384S OnOff596M17438S On 102M1379S Conclusion: SMC helps and SPOR doesn’t.

44 Presentation Outline Overview and Architecture of ObjectCheck Modeling and Verification of a TinyOS Run-time Image with ObjectCheckModeling and Verification of a TinyOS Run-time Image with ObjectCheck More Case StudiesMore Case Studies Summary and Future WorkSummary and Future Work Work Built on ObjectCheck

45 Model Checking of NASA robot Controller A typical control-intensive embedded system; Conducted by Natasha Shyrigina using ObjectCheck; –37 properties were checked. –22 properties were successfully checked. –6 bugs were found.

NASA Robot Controller

Properties to be Model checked

48 Model Checking of Online Ticket Sale System A typical commercial transaction system; Presented at FASE 2002; Focus: Integrated state space reduction.

49 An Online Ticket Sale System (Class Diagram)

50 An Online Ticket Sale System (A State Model)

51 Some Verification Statistics of Online Ticket Sale System Verification of a liveness property –After an agent is assigned to a customer, eventually the agent will be released. Statistics related to state space reductions SPORSMCMemory UsageTime Usage Off Out of Memory- OffOn113.73M44736.S OnOff17.3M6668.3S On 74.0M1450.3S

52 Presentation Outline Overview and Architecture of ObjectCheck Modeling and Verification of a TinyOS Run-time Image with ObjectCheckModeling and Verification of a TinyOS Run-time Image with ObjectCheck More Case StudiesMore Case Studies Summary and Future WorkSummary and Future Work Work Built on ObjectCheck

53 Summary and Future Work ObjectCheck –Integrates industrial software development environments and model checkers with research tools; –Provides comprehensive automation for development, validation, and model checking of xUML models; –Has enabled verification of non-trivial software system designs modeled in xUML. Future work is focused on –State space reduction capability of ObjectCheck; –Hardware/software co-design and co-verification.

54 Related Work Most closely related work –UML Model Checking toolset from University of Michigan; –vUML tool from Åbo Akademi University; There is also related work on model checking of statecharts with different semantics.

55 Additional Information http: // Selected publications: –Fei Xie and James C. Browne. Verified Systems by Composition from Verified Components. Submitted for review. –Fei Xie, James C. Browne, and Robert P. Kurshan. Translation-based Compositional Reasoning for Software Systems. Submitted for review. –Fei Xie and James C. Browne. Integrated State Space Reduction for Model Checking Executable Object-oriented Software System Designs. In Proc. of FASE –Fei Xie, Vladimir Levin, and James C. Browne. ObjectCheck: A Model Checking Tool for Executable Object-oriented Software System Designs. In Proc. of FASE –Fei Xie, Vladimir Levin, and James C. Browne. Model Checking for an Executable Subset of UML. In Proc. of ASE, 2001.

56 Presentation Outline Overview and Architecture of ObjectCheck Modeling and Verification of a TinyOS Run-time Image with ObjectCheckModeling and Verification of a TinyOS Run-time Image with ObjectCheck More Case StudiesMore Case Studies Summary and Future WorkSummary and Future Work Work Built on ObjectCheck

57 Work Built on ObjectCheck An integrated state space reduction framework; Integration of model checking into component- based development of software.

58 Integrated State Space Reduction Framework xUML-to-S/R Translation S/R ModelS/R Level Query Model Checking with COSPAN Success Report / Error Track xUML Model xUML Level Query Reduced xUML Model Reduced xUML Level Query User-Driven State Space Reduction Verification TaskVerification Subtasks Basic Model Checking Process Decomposition Abstraction Symmetry Reduction Symbolic Verification Localization Reduction Partial Order Reduction

59 Reduction Steps for Checking P 0 Customers, Dispatcher Agents, Ticket Sever Step 1: Symmetry Reduction Step 2: Decomposition Step 3: Symmetry ReductionStep 4: DecompositionStep 5: Case Splitting Step 6: Symmetry Reduction P0P0 Customers, Dispatcher Agents, Ticket Sever P1P1 CustomersDispatcherAgents, Ticket Server P 21, P 22 P 31, P 32 P 33, P 23 Agents, Ticket Server P 41, P 42 P 43, P 44 Ticket Server Agents P 41, P 42 P 43, P 44 P5P5 Ticket ServerP6P6 Agent P 41, P 42 P 43, P 44

60 Evaluation of User-driven State Space Reduction Directly model checking P 0 on OTSS –Two customer instances and two agent instances; –SPOR and SMC are both applied. –Memory usage: M –Time usage: S Memory and time usages for discharging subtasks at the leaf nodes of the reduction tree. P 21 P 22 P 41 P 42 P 43 P 44 P6P6 Memory0.30M0.95M0.28M0.29M0.28M0.29M0.35M Time0.02S1.81S0.01S0.04S0.01S0.04S0.63S

61 Integration of Model Checking into Component-based Development Temporal properties of a component are –Established with assumptions on the environment of the component; –Verified under these assumptions and then packaged with the component. Selecting a component for reuse considers not only its functionality but also its temporal properties. Properties of a composed component are verified by reusing verified properties of its sub-components and applying compositional reasoning.

62 Sensor Component

63 Properties of Sensor Component Properties: Repeatedly (Output); After (Output) Never (Output) UntilAfter (OP_Ack); After (Done) Eventually (Done_Ack); Never (Done_Ack) UntilAfter (Done); After (Done_Ack) Never (Done_Ack) UntilAfter(Done); Assumptions: After (Output) Eventually (OP_Ack); Never (OP_Ack) UntilAfter (Output); After (OP_Ack) Never (OP_Ack) UntilAfter (Output); After (Done) Never (Done) UntilAfter (Done_Ack); Repeatedly (C_Intr); After (C_Intr) Never (C_Intr + A_Intr + S_Schd) UntilAfter (C_Ret); After (ADC.Pending) Eventually (A_Intr); After (A_Intr) Never (C_Intr + A_Intr + S_Schd) UntilAfter (A_Ret); After (STQ.Empty = FALSE) Eventually (S_Schd); After (S_Schd) Never (C_Intr + A_Intr + S_Schd) UntilAfter (S_Ret);