1 VeriSoft A Tool for the Automatic Analysis of Concurrent Reactive Software Represents By Miller Ofer.

Slides:



Advertisements
Similar presentations
Detecting Bugs Using Assertions Ben Scribner. Defining the Problem  Bugs exist  Unexpected errors happen Hardware failures Loss of data Data may exist.
Advertisements

1 Chapter 5 Concurrency: Mutual Exclusion and Synchronization Principals of Concurrency Mutual Exclusion: Hardware Support Semaphores Readers/Writers Problem.
Concurrency: Mutual Exclusion and Synchronization Chapter 5.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
Background Concurrent access to shared data can lead to inconsistencies Maintaining data consistency among cooperating processes is critical What is wrong.
Chapter 7: User-Defined Functions II Instructor: Mohammad Mojaddam.
Reachability analysis A reachability analysis shows the product space of the two processes and the signal queues of their input ports. Say we have an SDL.
Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.
Concurrency.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
Software Engineering, COMP201 Slide 1 Protocol Engineering Protocol Specification using CFSM model Lecture 30.
1 CSC 1401 S1 Computer Programming I Hamid Harroud School of Science and Engineering, Akhawayn University
1 CPN Tools Future work. 2 Overview Language extensions Manual simulation Analysis techniques Editing Other.
Distribution of Marks Internal Sessional Evaluation Assignments – 10 Quizzes – 10 Class Participation Attendence – 5 Mid – Term Test – 25 External Evaluation.
11 Chapter 4 LOOPS AND FILES. 22 THE INCREMENT AND DECREMENT OPERATORS To increment a variable means to increase its value by one. To decrement a variable.
[ §6 : 1 ] 6. Basic Methods II Overview 6.1 Models 6.2 Taxonomy 6.3 Finite State Model 6.4 State Transition Model 6.5 Dataflow Model 6.6 User Manual.
Advances in Language Design
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Testing. What is Testing? Definition: exercising a program under controlled conditions and verifying the results Purpose is to detect program defects.
DART: Directed Automated Random Testing Koushik Sen University of Illinois Urbana-Champaign Joint work with Patrice Godefroid and Nils Klarlund.
UPPAAL Ghaith Haddad. Introduction UPPAAL is a tool for modeling, validation and verification of real-time systems. Appropriate for systems that can be.
Copyright © 2012 Pearson Education, Inc. Publishing as Pearson Addison-Wesley C H A P T E R 2 Input, Processing, and Output.
Correctness requirements. Basic Types of Claims Basic assertions End-state labels Progress-state labels Accept-state labels Never claims Trace assertions.
Concurrency: Mutual Exclusion and Synchronization Chapter 5.
C++ Programming: From Problem Analysis to Program Design, Fifth Edition, Fifth Edition Chapter 7: User-Defined Functions II.
Object-Oriented Modeling Using UML CS 3331 Section 2.3 of Jia 2003.
Addison Wesley is an imprint of © 2010 Pearson Addison-Wesley. All rights reserved. Chapter 7 The Game Loop and Animation Starting Out with Games & Graphics.
CY2003 Computer Systems Lecture 7 Petri net. © LJMU, 2004CY2003- Week 72 Overview Petri net –concepts –Petri net representation –Firing a transition –Marks.
Lecture51 Timed Automata II CS 5270 Lecture 5.
Parameter Passing Mechanisms Reference Parameters Read § §
Parameter Passing Mechanisms Reference Parameters § §
CIS 842: Specification and Verification of Reactive Systems Lecture INTRO-Bogor-Simulation: Executing (Simulating) Concurrent Systems in Bogor Copyright.
CONTENTS Processing structures and commands Control structures – Sequence Sequence – Selection Selection – Iteration Iteration Naming conventions – File.
Concurrency: Mutual Exclusion and Synchronization Chapter 5.
More motivation for model checking ISSTA 1998 (March), Model Checking Without a Model:An Analysis of the Heart- Beat Monitor of a Telephone Switch using.
Petri Nets Lecturer: Roohollah Abdipour. Agenda Introduction Petri Net Modelling with Petri Net Analysis of Petri net 2.
1 Program Planning and Design Important stages before actual program is written.
1 Computer Systems II Introduction to Processes. 2 First Two Major Computer System Evolution Steps Led to the idea of multiprogramming (multiple concurrent.
Starting Out with C++ Early Objects ~~ 7 th Edition by Tony Gaddis, Judy Walters, Godfrey Muganda Modified for CMPS 1044 Midwestern State University 6-1.
CIS 842: Specification and Verification of Reactive Systems Lecture INTRO-Examples: Simple BIR-Lite Examples Copyright 2004, Matt Dwyer, John Hatcliff,
Overview of AIMS Hans Sherburne UPC Group HCS Research Laboratory University of Florida Color encoding key: Blue: Information Red: Negative note Green:
 In computer programming, a loop is a sequence of instruction s that is continually repeated until a certain condition is reached.  PHP Loops :  In.
CSCI1600: Embedded and Real Time Software Lecture 11: Modeling IV: Concurrency Steven Reiss, Fall 2015.
 Control Flow statements ◦ Selection statements ◦ Iteration statements ◦ Jump statements.
Objective You will be able to define the basic concepts of object-oriented programming with emphasis on objects and classes by taking notes, seeing examples,
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
Winter 2007SEG2101 Chapter 121 Chapter 12 Verification and Validation.
Defensive Programming. Good programming practices that protect you from your own programming mistakes, as well as those of others – Assertions – Parameter.
Semaphores Chapter 6. Semaphores are a simple, but successful and widely used, construct.
Testing Concurrent Programs Sri Teja Basava Arpit Sud CSCI 5535: Fundamentals of Programming Languages University of Colorado at Boulder Spring 2010.
C Programming Day 2. 2 Copyright © 2005, Infosys Technologies Ltd ER/CORP/CRS/LA07/003 Version No. 1.0 Union –mechanism to create user defined data types.
4 - Conditional Control Structures CHAPTER 4. Introduction A Program is usually not limited to a linear sequence of instructions. In real life, a programme.
Copyright 1999 G.v. Bochmann ELG 7186C ch.1 1 Course Notes ELG 7186C Formal Methods for the Development of Real-Time System Applications Gregor v. Bochmann.
 Very often when you write code, you want to perform different actions for different decisions. You can use conditional statements in your code to do.
Distributed Systems Lecture 6 Global states and snapshots 1.
Chapter 7: User-Defined Functions II
YAHMD - Yet Another Heap Memory Debugger
Handouts Software Testing and Quality Assurance Theory and Practice Chapter 4 Control Flow Testing
G.Anuradha Reference: William Stallings
Timed Automata II CS 5270 Lecture Lecture5.
Automatic Verification
Model-based Software Testing and Analysis with C#
Structural testing, Path Testing
Sending Bits on the Internet
Programming Fundamentals (750113) Ch1. Problem Solving
Programming Fundamentals (750113) Ch1. Problem Solving
Presentation transcript:

1 VeriSoft A Tool for the Automatic Analysis of Concurrent Reactive Software Represents By Miller Ofer

2 Content III.Demo of simple reactive system. I. Motivation for using automatic tools. II. The main idea of the VeriSoft application. ***

3 Motivation What is it concurrent system ? :  Concurrent system composes of elements that can be operate concurrently and communicate with each other.  Each component can be view as ‘reactive system’, i.e., a system that continuously interacts with its environment. Example :  Communication protocols.

4 Motivation Reactive systems are notably hard to test :  Traditional test are of limited help since test coverage is bound to be only minute of the possible behaviors of the system.  Their components may interact in many unexpected way.  Scenarios leading to errors are often extremely difficult to reproduce.

5 The VeriSoft tool Purposes : –Systematically exploring the state space of systems composed of several concurrent processes executing arbitrary code. *

6 The VeriSoft tool Purposes : (continuance) –Automatically detect coordinate problems between concurrent processes. –Interactive graphical simulator /debugger is available for following the execution of all the processes.

7 The VeriSoft tool How does its work ? Each process execute a sequence of operation that can be written by any of c /c++ program Process communicate with each other by performing operations on communication objects. (i.e. shared variables, semaphores, FIFO buffers) P i =1 P i =2 s.v *

8 The VeriSoft tool Basic definitions : Definition : operations on communication objects are called Visible operations, while other operations are by default called invisible operations. Definition : execution of an operation is said to be blocking if it can not be completed.

9 The VeriSoft tool Basic definitions (continuance ) : Definition : global state defined when the next operation to be executed by every process in the system is a visible operation. Definition : transition is a visible operation followed by a finite sequence of invisible operation performed by a single process. Definition : transition whose visible operation is blocking in a global state s is said to be disable in s. Otherwise, the transition is said to be enable in s.

10 The VeriSoft tool Basic assumptions : Assumption : only executions of visible operations may be blocking. Assumption : every process in the system always eventually attempts to execute a visible operation.

11 The VeriSoft tool Once the execution of t from s is complete, the system reaches a global state s`, called the successor of s by t. The state space of the concurrent system is compose of a global states that are reachable from the initial global state s 0, and of the transitions that are possible between these.

12 The VeriSoft tool The “VS__toss”  In case of single “open” reactive system the environment has to be represented,in practice such environment may not be available.  VS_toss is a simplified representation for the environment to simulate its observable behavior.  VS_toss takes takes as argument a positive integer n, and returns an integer in [0,n].  This operation consider as a visible and nondeterministic and operation.

13 The VeriSoft tool What kind of bugs does the application find : Deadlocks  States where the execution of the next operation of every process in the system is blocking. deadlock **

14 The VeriSoft tool What kind of bugs does the application find : Assertion violations  Can be specified by the user with the special operation “VS_assert”. This operation consider as a visible operation.  If the expression evaluate to false, the assertion is said to be violation.

15 The VeriSoft tool What kind of bugs does the application find : Divergence  Occurs when a process does not attempt to execute any visible operation for more than a give (user-specified) amount of time. Livelocks  Occurs when a process has no enable transition during a sequence of more than a given (user-specified) number of successive global states.

16 Example Content  A program of an air conditioning controller.  An environment.  The manual simulation mode.  The automatic simulation mode.  The guided simulation mode.

17 Example void AC_controller() { char *message; int is_room_hot=0; /* initially, room is not hot */ int is_door_closed=1; /* and door is closed */ int ac=0; /* so, ac is off */ while (1) { message=(char *)rcv_from_queue(to_me,QSZ); if (strcmp(message,"room_is_hot") == 0) { is_room_hot=1; }; if (strcmp(message,"room_is_cool") == 0) { is_room_hot=0; }; if (strcmp(message,"open_door") == 0) { is_door_closed=0; ac=0; }; First stage Visible Operation on a communication object *

18 if ((strcmp(message,"close_door") == 0)){ is_door_closed=1; if (is_room_hot) ac=1; }; /* test */ if (is_room_hot && is_door_closed) VS_assert(ac); }; * First stage Visible operation of ‘VeriSoft’

19 void Environment() { char *message; message=(char *)malloc(100); while (1) { switch(VS_toss(3)) { case 0: sprintf(message,"room_is_cool"); break; case 1: sprintf(message,"room_is_hot"); break; case 2: sprintf(message,"open_door"); break; case 3: sprintf(message,"close_door"); break; }; send_to_queue(from_me, QSZ, message); }; } * Second stage Visible operation of ‘VeriSoft’

20 Third stage Trace View : this part display the operations that are visible according to the verisoft terminology: “VS_toss”, “VS_assert” and communication objects like : “send_to_queue”, “rcv_from queue”. *** Each “process view” shows the current state of the corresponding process. A process whose next instruction is colored in red is currently blocked. 20

21 Third stage The red horizontal bar indicates the current position in this scenario. Process 1 will be colored in blue when the process will be the next process to be scheduled according to the scenario being played. Process 2 will be colored in yellow when another process (e.g. process 1) is about to execute a non-visible operation. ***

22 Forth stage The automatic simulate mode.  In this mode the application explores all possible executions of the system that represented by graph called the “state space” of the system.  By default the application performs a sort of breadth- first search (bfs) in the space state.  In our case the ‘VeriSoft’ application immediately found a scenario leading to an assertion violation. This error trace will be save in a special file named “error1.path”.

23 Fifth stage The guided simulation mode of the file “ error1.path”.

24 void AC_controller() { while (1) { message=(char *)rcv_from_queue(to_me,QSZ); if (strcmp(message,"room_is_hot") == 0) { is_room_hot=1; }; if (strcmp(message,"room_is_cool") == 0) { is_room_hot=0; }; if (strcmp(message,"open_door") == 0) { is_door_closed=0; ac=0; }; if ((strcmp(message,"close_door") == 0)){ is_door_closed=1; if (is_room_hot) ac=1; }; if (is_room_hot && is_door_closed) VS_assert(ac); }; Inintialization int is_room_hot=0; int is_door_closed=1; int ac=0; *

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.