On the Formal Specification of Automata- based Programs via Specification Patterns Spring/Summer Young Researchers' Colloquium on Software Engineering.

Slides:



Advertisements
Similar presentations
Creation of Automaton Classes from Graphical Models and Automatic Solution for Inverse Problem Yuri A. Gubin student of SPb SU ITMO supervised by Anatoly.
Advertisements

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
CS6133 Software Specification and Verification
Towards a DecSerFlow mapping to SCIFF Federico Chesani, Paola Mello, Marco Montali, Sergio Storari.
IT Requirements Capture Process. Motivation for this seminar Discovering system requirements is hard. Formally testing use case conformance is hard. We.
LASER From Natural Language Requirements to Rigorous Property Specifications Lori A. Clarke Work done in collaboration with Rachel L. Smith, George S.
SPIN Verification System The Model Checker SPIN By Gerard J. Holzmann Comp 587 – 12/2/09 Eduardo Borjas – Omer Azmon ☐ ☐
Visual Tools for Temporal Reasoning G. Kutty, L.K. Dillon, L.E. Moser, P.M. Melliar-Smith, and Y.S. Ramakrishna.
Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking.
1 Temporal Logic u Classical logic:  Good for describing static conditions u Temporal logic:  Adds temporal operators  Describe how static conditions.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.
Temporal Specification Chris Patel Vinay Viswanathan.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
Specification Formalisms Book: Chapter 5. Properties of formalisms Formal. Unique interpretation. Intuitive. Simple to understand (visual). Succinct.
Review of the automata-theoretic approach to model-checking.
ESE601: Hybrid Systems Introduction to verification Spring 2006.
Describing Syntax and Semantics
Automata and Formal Lanugages Büchi Automata and Model Checking Ralf Möller based on slides by Chang-Beom Choi Provable Software Lab, KAIST.
School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification
System Design Research Laboratory Specification-based Testing with Linear Temporal Logic Li Tan Oleg Sokolsky Insup Lee University of Pennsylvania.
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
1 Temporal Logic-Overview FM Temporal Logic u Classical logic: Good for describing static conditions u Temporal logic: Adds temporal operators Describe.
Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.
Specification Patterns Early taxonomy for property specifications –safety properties: nothing bad will ever happen –liveness properties: something good.
 Dipl.-Ing. Lars Grunske, 1 Hasso-Plattner-Institute for Software System Engineering at the University of Potsdam Department of Software Engineering and.
CIS 842: Specification and Verification of Reactive Systems Lecture Specifications: Sequencing Properties Copyright , Matt Dwyer, John Hatcliff,
1 Section 5.5 Solving Recurrences Any recursively defined function ƒ with domain N that computes numbers is called a recurrence or recurrence relation.
B. Fernández, D. Darvas, E. Blanco Formal methods appliedto PLC code verification Automation seminar CERN – IFAC (CEA) 02/06/2014.
Bandera Temporal Specification Patterns Matt Dwyer John Hatcliff Principal Investigators Support US National Science Foundation.
Model Based Testing Group 7  Nishanth Chandradas ( )  George Stavrinides ( )  Jeyhan Hizli ( )  Talvinder Judge ( )  Saajan.
On Reducing the Global State Graph for Verification of Distributed Computations Vijay K. Garg, Arindam Chakraborty Parallel and Distributed Systems Laboratory.
Copyright , Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.
Natallia Kokash (Accepted for PACO’2011) ACG, 31/05/ Input-output conformance testing for channel-based connectors 1.
Extended Finite-State Machine Inference with Parallel Ant Colony Based Algorithms PPSN’14 September 13, 2014 Daniil Chivilikhin PhD student ITMO.
Recognizing safety and liveness Presented by Qian Huang.
1 / 48 Formal a Language Theory and Describing Semantics Principles of Programming Languages 4.
Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The syllabus and all lectures for this course are copyrighted materials and may not be used.
Properties as Processes : FORTE slide Properties as Processes: their Specification and Verification Joel Kelso and George Milne School of Computer.
1 CSEP590 – Model Checking and Automated Verification Lecture outline for July 9, 2003.
1 Temporal logic. 2 Prop. logic: model and reason about static situations. Example: Are there truth values that can be assigned to x,y simultaneously.
Quality Assurance in the Presence of Variability Kim Lauenroth, Andreas Metzger, Klaus Pohl Institute for Computer Science and Business Information Systems.
1 Specification A broad term that means definition Used at different stages of software development for different purposes Generally, a statement of agreement.
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
From Natural Language to LTL: Difficulties Capturing Natural Language Specification in Formal Languages for Automatic Analysis Elsa L Gunter NJIT.
CSC3315 (Spring 2009)1 CSC 3315 Languages & Compilers Hamid Harroud School of Science and Engineering, Akhawayn University
Today’s Agenda  Quiz 4  Temporal Logic Formal Methods in Software Engineering1.
FLOW CHARTS IN PROCESS DESCRIPTION FRANK CHINGARANDE.
Fundamentals of Fault-Tolerant Distributed Computing In Asynchronous Environments Paper by Felix C. Gartner Graeme Coakley COEN 317 November 23, 2003.
Model Checking Early Requirements Specifications in Tropos Presented by Chin-Yi Tsai.
CIS 842: Specification and Verification of Reactive Systems
Program Synthesis is a Game
Software Design Methodology
B (The language of B-Method )
High-Level Abstraction of Concurrent Finite Automata
CSCI1600: Embedded and Real Time Software
Why this Paper isn’t useful ?
Department of Computer Science Abdul Wali Khan University Mardan
Translating Linear Temporal Logic into Büchi Automata
Introduction to verification
Midterm COM3220 Open book/open notes Tuesday, April 28, 6pm pm
Midterm COM3220 Open book/open notes Tuesday, April 28, 6pm pm
CSE 503 – Software Engineering
Presentation transcript:

On the Formal Specification of Automata- based Programs via Specification Patterns Spring/Summer Young Researchers' Colloquium on Software Engineering 2010, Nizhny Novgorod Andrey Klebanov, SPb SU ITMO supervised by Oleg Stepanov, PhD, SPb SU ITMO and JetBrains

2 On the Formal Specification of Automata-based Programs via Specification Patterns Agenda Automata-based programming (AP) Obstacles in formal specification Spec patterns (SP) SP applicability analysis for AP Specification process Conclusion

3 On the Formal Specification of Automata-based Programs via Specification Patterns Automata-based programming (AP) AP is not about using FSMs for specific problems AP is a software development paradigm used to design and implement entities with complex behaviour

4 On the Formal Specification of Automata-based Programs via Specification Patterns Automated controlled entity

5 On the Formal Specification of Automata-based Programs via Specification Patterns Automata-based programming book

6 On the Formal Specification of Automata-based Programs via Specification Patterns Agenda Automata-based programming Obstacles in formal specification Spec patterns SP applicability analysis for AP Specification process Conclusion

7 On the Formal Specification of Automata-based Programs via Specification Patterns Problem overview Model checking could be successfully applied to automata-based programs But defining formal specification as a temporal logic formula is an error-prone and time-consuming task Hard to understand Hard to specify correctly

8 On the Formal Specification of Automata-based Programs via Specification Patterns Example of the problem Between the time an elevator is called at a floor and the time it opens its doors at that floor, the elevator can arrive at that floor at most twice []((call & <>open) -> ((!atfloor & !open) U (open | ((atfloor & !open) U (open | ((!atfloor & !open) U (open | ((atfloor & !open) U (open | (!atfloor U open)))))))))) M.B. Dwyer, G.S. Avrunin, J.C. Corbett, “Patterns in Property Specifications for Finite-state Verification,” Proc. 21st Int’l. Conf. Software Engineering. 1999

9 On the Formal Specification of Automata-based Programs via Specification Patterns Existing solutions (non AP) Different graphical notations: Helps to understand, but still useless for specification assistance!

10 On the Formal Specification of Automata-based Programs via Specification Patterns Existing solution (AP) Contracts: Pros: Simple Cons: Limited expressive power Labour-intensive for state groups A. Borisenko, P. Fedotov, O. Stepanov, A. Shalyto, “Reliable Software with Complex Behavior Development,” Proc. 5th Central and Eastern European Software Engineering Conf. in Russia. 2009

11 On the Formal Specification of Automata-based Programs via Specification Patterns Suggested solution Express verifiable requirements in a controlled natural language

12 On the Formal Specification of Automata-based Programs via Specification Patterns Solution details The language is defined by a formal grammar No need in NLP Customizable for different domains The grammar is based on the set of specification patterns (SP) For each requirement equivalent verifiable formal mapping exists

13 On the Formal Specification of Automata-based Programs via Specification Patterns Significance of SP in AP … it is important to consider temporal properties patterns (structures) which are most suitable and appropriate for automata- based programs verification. Existence of such patterns would allow focusing on classes of temporal properties of automata models which definitely would facilitate flow chart development for automata-based programs verification K.A. Vasileva, E.V. Kuzmin, “LTL Verification of Automaton Programs,” Modeling and Analysis of Information Systems, vol. 14, no. 1, pp. 3–14, (in Russian)

14 On the Formal Specification of Automata-based Programs via Specification Patterns Agenda Automata-based programming Obstacles in formal specification Spec patterns SP applicability analysis for AP Specification process Conclusion

15 On the Formal Specification of Automata-based Programs via Specification Patterns Spec patterns SP is a generalized description (both formal and in natural language) of a commonly occurring requirement on a permissible state sequences in a finite-state model of a system Formally describes some aspect of a system’s behaviour M.B. Dwyer, G.S. Avrunin, J.C. Corbett, “Patterns in Property Specifications for Finite-state Verification,” Proc. 21st Int’l. Conf. Software Engineering

16 On the Formal Specification of Automata-based Programs via Specification Patterns Spec patterns Property = SP + Scope

17 On the Formal Specification of Automata-based Programs via Specification Patterns Spec patterns Scope – an extent of the system execution over which the property should hold

18 On the Formal Specification of Automata-based Programs via Specification Patterns Spec patterns Globally Before Q After Q Between Q and R After Q until R State sequence Q R Q R Q Scope

19 On the Formal Specification of Automata-based Programs via Specification Patterns Spec patterns Property patterns Occurrence Order Absence Bounded existence Universality Existence Precedence Response Chain precedence Chain response

20 On the Formal Specification of Automata-based Programs via Specification Patterns “Absence” pattern IntentTo describe a portion of a system's execution that is free of certain events or states. Also known as “Never”. MappingLTLScopeMapping Globally [](!P) Before R <>R -> (!P U R) After Q [](Q -> [](!P)) Between Q and R []((Q & !R & <>R) -> (!P U R)) After Q until R [](Q & !R -> (!P W R)) CTLScopeMapping Globally AG(!P) …… After Q until R AG(Q & !R -> A[!P W R]) Example and known uses This pattern could be used to specify either entire model properties or state group properties. To specify a safety property the pattern should be used with a “Global” scope. For example when it’s required to specify a property: “Automaton A never gets into the state s.” Relationships with other patterns …

21 On the Formal Specification of Automata-based Programs via Specification Patterns Agenda Automata-based programming Obstacles in formal specification Spec patterns SP applicability analysis for AP Specification process Conclusion

22 On the Formal Specification of Automata-based Programs via Specification Patterns Applicability analysis SP were extracted from some spec (500+) for traditionally (non-AP) developed programs Is it worth using SP for AP formal specification? I.e. is it possible to express requirements for AP via SP?

23 On the Formal Specification of Automata-based Programs via Specification Patterns Intermediate results organization №RequirementOriginal formal mapping Pattern, Scope Source 1717If either heater of one of the valves failure has happened, then coffee machine (automaton A0) will mandatory change its state to the state 5. AG((y 31 = 4 | y 32 = 4 | y 2 = 4) & y 0 = 2 → A(y 0 = 2 U y 0 = 5))) Response (constrained), Globally AG(P → A(S)), P: (y 31 = 4 | y 32 = 4 | y 2 = 4) & y 0 = 2, S: y 0 = 2 U y 0 = 5 2

24 On the Formal Specification of Automata-based Programs via Specification Patterns Applicability analysis 77 requirements for 13 programs from 15 sources 87% could be expressed via 5 (out of 8) patterns NB: data is outdated (110+ requirements)

25 On the Formal Specification of Automata-based Programs via Specification Patterns Inexpressible properties Issues in the model? SP (“Absence” pattern) : [](Q & !R -> (!P W R)) Q: Resource is hold P: Resource is free R: Resource is released If the resource is hold, then it’s not free until it’s released. o1.x1 W o1.z1 & G (o1.z2 -> (o1.x1 W o1.z1) & o1.z1 -> (!o1.x1 W o1.z2))

26 On the Formal Specification of Automata-based Programs via Specification Patterns SP adaptation for AP Examples and Known Uses The most common example is mutual exclusion. In a state-based model, the scope would be global and P would be a state formula that is true if more than one process is in its critical section. Examples and Known Uses This pattern could be used to specify either entire model properties or state group properties. To specify a safety property the pattern should be used with a “Global” scope. For example when it’s required to specify a property: “Automaton A never gets into the state s.” Original example for the “Absence” pattern: Adapted example:

27 On the Formal Specification of Automata-based Programs via Specification Patterns Agenda Automata-based programming Problem overview Spec patterns SP applicability analysis for AP Specification process Conclusion

28 On the Formal Specification of Automata-based Programs via Specification Patterns Grammar (an extract) ::= ::= «For all the states holds that» | «Before the state where Q, holds that» | «After the state where Q, holds that» | «Between the states where Q and R, holds that» | «After the state where Q, before the state where R, holds that» ::= | | | | | | | … ::= «never P.» …… ::= «always if P, then eventually S.» …… is a start nonterminal symbol

29 On the Formal Specification of Automata-based Programs via Specification Patterns Specification process Informal algorithm: 1. Extract property (generally some simple model predicate) 2. Select pattern and scope 3. Perform derivation 4. Based on the step 1 and step 2 data get formal mapping for model checking

30 On the Formal Specification of Automata-based Programs via Specification Patterns Example (Original property) Coffee machine control system never gets into the state where it doesn’t respond to either system timer events, or buttons “OK” or “Cancel” E.V. Kuzmin, V.A. Sokolov, “Modeling, Specification, and Verification of Automaton Programs,” Programming and Computer Software, vol. 34, no. 1, pp. 38–60, 2008

31 On the Formal Specification of Automata-based Programs via Specification Patterns Example (Step 1) Coffee machine control system never gets to the state where it doesn’t respond to either system timer events, or buttons “OK” or “Cancel” act = end

32 On the Formal Specification of Automata-based Programs via Specification Patterns Example (Step 2) Adverb “never” implies using “Absence” pattern with “Global” scope

33 On the Formal Specification of Automata-based Programs via Specification Patterns Example (Step 3) → → For all the states holds → For all the states holds → For all the states holds that never P

34 On the Formal Specification of Automata-based Programs via Specification Patterns Example (Step 4) For all the states holds that never act = end Formal expressions for model checking are: AG(! act = end) and □(!act = end)

35 On the Formal Specification of Automata-based Programs via Specification Patterns Agenda Automata-based programming Obstacles in formal specification Spec patterns SP applicability analysis for AP Specification process Conclusion

36 On the Formal Specification of Automata-based Programs via Specification Patterns Summary Significant obstacle exists in formal specification SP facilitates specifying formal properties SP are applicable for AP, light adaption of the original system is required SP could be a basis of the grammar-driven specification process

37 On the Formal Specification of Automata-based Programs via Specification Patterns Open issues Theoretical side: Inexpressible properties analysis (also absent in the original SP paper) New patterns Practical side: Tool support and integration Wizard for the specification process

38 On the Formal Specification of Automata-based Programs via Specification Patterns Thank you! Andrey Klebanov SPb SU ITMO

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.