CIS 842: Specification and Verification of Reactive Systems Lecture 1: Course Overview Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The.

Slides:



Advertisements
Similar presentations
1 Verification by Model Checking. 2 Part 1 : Motivation.
Advertisements

Formal Methods and Testing Goal: software reliability Use software engineering methodologies to develop the code. Use formal methods during code development.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Carnegie Mellon University Java PathFinder and Model Checking of Programs Guillaume Brat, Dimitra Giannakopoulou, Klaus Havelund, Mike Lowry, Phil Oh,
ESP: A Language for Programmable Devices Sanjeev Kumar, Yitzhak Mandelbaum, Xiang Yu, Kai Li Princeton University.
1 Concurrency Specification. 2 Outline 4 Issues in concurrent systems 4 Programming language support for concurrency 4 Concurrency analysis - A specification.
Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.
Software Model Checking for Embedded Systems PIs: Matthew Dwyer 1, John Hatcliff 1, and George Avrunin 2 Post-docs: Steven Seigel 2, Radu Iosif 1 Students:
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
AndroidCompiler. Layout Motivation Literature Review AndroidCompiler Future Works.
CSEP590 – Model Checking and Software Verification University of Washington Department of Computer Science and Engineering Summer 2003.
Software Design & Development Year 12. Structure of the Course Development and Impact of Software Solutions Development and Impact of Software Solutions.
Course Summary. © Katz, 2003 Formal Specifications of Complex Systems-- Real-time 2 Topics (1) Families of specification methods, evaluation criteria.
Chapter 1: An Overview of Computers and Programming Languages J ava P rogramming: From Problem Analysis to Program Design, From Problem Analysis to Program.
SE curriculum in CC2001 made by IEEE and ACM: Overview and Ideas for Our Work Katerina Zdravkova Institute of Informatics
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
What Went Wrong? Alex Groce Carnegie Mellon University Willem Visser NASA Ames Research Center.
Toward Dependable Software: Cyberinfrastructure Support for Controlled Experimentation with Testing and Analysis Techniques Gregg Rothermel and Matt Dwyer.
Finite State Verification for Software Systems Lori A. Clarke University of Massachusetts Laboratory for Advanced Software Engineering Research
Semantics with Applications Mooly Sagiv Schrirber html:// Textbooks:Winskel The.
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.
Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Chair of Software Engineering Static program checking and verification Slides: Based.
CIS 842: Specification and Verification of Reactive Systems Lecture OVERVIEW: Course Overview Copyright , Matt Dwyer, John Hatcliff, and Robby.
Scientific Computing By: Fatima Hallak To: Dr. Guy Tel-Zur.
Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.
CIS 842: Specification and Verification of Reactive Systems Lecture Specifications: Sequencing Properties Copyright , Matt Dwyer, John Hatcliff,
The Beauty and Joy of Computing Lecture #3 : Creativity & Abstraction UC Berkeley EECS Lecturer Gerald Friedland.
Institute e-Austria in Timisoara 1 Author: prep. eng. Calin Jebelean Verification of Communication Protocols using SDL ( )
Jump to first page (c) 1999, A. Lakhotia 1 Software engineering? Arun Lakhotia University of Louisiana at Lafayette Po Box Lafayette, LA 70504, USA.
B. Fernández, D. Darvas, E. Blanco Formal methods appliedto PLC code verification Automation seminar CERN – IFAC (CEA) 02/06/2014.
Software Engineering Research paper presentation Ali Ahmad Formal Approaches to Software Testing Hierarchal GUI Test Case Generation Using Automated Planning.
Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The syllabus and all lectures for this course are copyrighted materials and may not be used.
Survey on Trace Analyzer (2) Hong, Shin /34Survey on Trace Analyzer (2) KAIST.
CIS 842: Specification and Verification of Reactive Systems Lecture Specifications: LTL Model Checking Copyright , Matt Dwyer, John Hatcliff,
Bandera: Extracting Finite-state Models from Java Source Code James Corbett Matthew Dwyer John Hatcliff Shawn Laubach Corina Pasareanu Robby Hongjun Zheng.
Copyright , Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.
Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The syllabus and all lectures for this course are copyrighted materials and may not be used.
CIS 842: Specification and Verification of Reactive Systems Lecture INTRO-Bogor-Simulation: Executing (Simulating) Concurrent Systems in Bogor Copyright.
An extensible and highly-modular model checking framework SAnToS Laboratory, Kansas State University, USA Matt Dwyer.
Fault-Tolerant Parallel and Distributed Computing for Software Engineering Undergraduates Ali Ebnenasir and Jean Mayo {aebnenas, Department.
Model Checking Java Programs using Structural Heuristics
CIS 842: Specification and Verification of Reactive Systems Lecture SPIN-Soldiers: Soldiers Case Study Copyright , Matt Dwyer, John Hatcliff,
CIS 842: Specification and Verification of Reactive Systems Lecture ADM: Course Administration Copyright , Matt Dwyer, John Hatcliff, Robby. The.
CIS 842: Specification and Verification of Reactive Systems Lecture INTRO-Examples: Simple BIR-Lite Examples Copyright 2004, Matt Dwyer, John Hatcliff,
Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.
Modelling Reactive Systems 4 Professor Muffy Calder Dept. of Computing Science University of Glasgow
Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The syllabus and all lectures for this course are copyrighted materials and may not be used.
Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The syllabus and all lectures for this course are copyrighted materials and may not be used.
Formal Methods in Software Engineering1 Today’s Agenda  Mailing list  Syllabus  Introduction.
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
September 1999Compaq Computer CorporationSlide 1 of 16 Verification of cache-coherence protocols with TLA+ Homayoon Akhiani, Damien Doligez, Paul Harter,
CIS 842: Specification and Verification of Reactive Systems Lecture INTRO-Depth-Bounded: Depth-Bounded Depth-first Search Copyright 2004, Matt Dwyer, John.
Agenda  Quick Review  Finish Introduction  Java Threads.
Copyright 1999 G.v. Bochmann ELG 7186C ch.1 1 Course Notes ELG 7186C Formal Methods for the Development of Real-Time System Applications Gregor v. Bochmann.
Cs498dm Software Testing Darko Marinov January 24, 2012.
Sung-Dong Kim, Dept. of Computer Engineering, Hansung University Java - Introduction.
Formal methods: Lecture
Types for Programs and Proofs
Bandera: Extracting Finite-state Models from Java Code
CIS 842: Specification and Verification of Reactive Systems
Formal verification in SPIN
runtime verification Brief Overview Grigore Rosu
Automatic Derivation, Integration and Verification
Presentation transcript:

CIS 842: Specification and Verification of Reactive Systems Lecture 1: Course Overview Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The syllabus and all lectures for this course are copyrighted materials and may not be used in other course settings outside of Kansas State University in their current form or modified form without the express written permission of one of the copyright holders. During this course, students are prohibited from selling notes to or being paid for taking notes by any person or commercial firm without the express written permission of one of the copyright holders.

Software is... …one of the most complex man made artifacts “It’s different [from other engineering disciplines] in that we take on novel tasks every time. The number of times [civil engineers] make mistakes is very small. And at first you think, what’s wrong with us? It’s because it’s like we’re building the first skyscraper every time.” -- Bill Gates (Microsoft, 1992) “I believe the [spreadsheet product] I’m working on now is far more complex than a 747 (jumbo jet airliner)” -- Chris Peters (Microsoft, 1992)

Goal: Increase Software Reliability Trends: Size, complexity, concurrency, distributed Cost of software engineer………………………. Cost of CPU cycle……………………………….. Future: Automated Fault Detection

Reasoning About Concurrent Systems is Hard class Job extends Thread { Container objref; Object x; public Job incr () { synchronized (objref) { objref.counter = objref.counter + 1; } return this; } public void setref(Container o) { objref = o; } public void run() { for (i=0;i++;i<3) { incr(); } class Container { public int counter; } class Apprentice { public static void main(String[] args) { Container c1 = new Container(); Container c2 = new Container(); Job j1 = new Job(); Job j2 = new Job(); j1.setref(c2); j2.setref(c1); j1.start(); j2.start(); j1.setref(c1); } Does the value of counter ever decrease? Source: J.S. Moore, George Porter “Proving Properties of Java Threads”.

The Dream Program Requirement Checker OK Error trace or void add(Object o) { buffer[head] = o; head = (head+1)%size; } Object take() { … tail=(tail+1)%size; return buffer[tail]; } Property 1: … Property 2: … …

Model Checking OK Error trace or Finite-state model Temporal logic formula Model Checker  Line 5: … Line 12: … Line 15:… Line 21:… Line 25:… Line 27:… … Line 41:… Line 47:…

Spin Example proctype A(chan in, out) { byte mt; /* message data */ bit vr; L1: mt = (mt+1%MAX); out!mt,1; goto L2; L2: in?vr; if :: (vr == 1) goto L1 :: (vr == 0) goto L3 :: printf(“Error”); goto L5 fi; L3: out!mt,1; goto L2; L4: in?vr; if :: goto L1; :: printf(“Error”); goto L5 fi; L5: out!mt,0; goto L4 } L1 L4 L2 L3 L5 ?b1 ?err ?b0 ?b1!a1 ?a1 ?b0 ?err !a0 Fragment of Alternating Bit Protocol

Explicit State Model-checking L1L4 L2 L3 L5 ?b1 ?err ?b0 ?b1!a1 ?a1 ?b0 ?err !a0 Fragment of Alternating Bit Protocol [L1, (mt1, vr1), ….] PendingSeen Before Implementation Explored State-Space (computation tree) Conceptual View

Explicit State Model-checking L1L4 L2 L3 L5 ?b1 ?err ?b0 ?b1!a1 ?a1 ?b0 ?err !a0 Fragment of Alternating Bit Protocol [L2, (mt2, vr2), ….] Explored State-Space (computation tree) PendingSeen Before Implementation Conceptual View [L1, (mt1, vr1), ….]

Explicit State Model-checking L1L4 L2 L3 L5 ?b1 ?err ?b0 ?b1!a1 ?a1 ?b0 ?err !a0 Fragment of Alternating Bit Protocol [L3, (mt3, vr3), ….] Explored State-Space (computation tree) PendingSeen Before Implementation Conceptual View [L1, (mt1, vr1), ….] [L2, (mt2, vr2), ….] [L5, (mt5, vr5), ….] [L1, (mt1’, vr1’),..]

Explicit State Model-checking [L3, (mt3, vr3), ….] Explored State-Space (computation tree) PendingSeen Before Implementation Conceptual View [L1, (mt1, vr1), ….] [L2, (mt2, vr2), ….] [L5, (mt5, vr5), ….] [L3, (mt3, vr3), ….] L1L4 L2 L3 L5 ?b1 ?err ?b0 ?b1!a1 ?a1 ?b0 ?err !a0 Fragment of Alternating Bit Protocol [L1, (mt1’, vr1’),..]

Explicit State Model-checking [L3, (mt3, vr3), ….] Explored State-Space (computation tree) PendingSeen Before Implementation Conceptual View [L1, (mt1, vr1), ….] [L2, (mt2, vr2), ….] [L3, (mt3, vr3), ….] [L5, (mt5, vr5), ….] L1L4 L2 L3 L5 ?b1 ?err ?b0 ?b1!a1 ?a1 ?b0 ?err !a0 Fragment of Alternating Bit Protocol [L1, (mt1’, vr1’),..]

Why Try to Use Model Checking for Software? In contrast to testing, gives complete coverage by exhaustively exploring all paths in system, It’s been used for years with good success in hardware and protocol design Automatically check, e.g., – –invariants, simple safety & liveness properties – –absence of dead-lock and live-lock, – –complex event sequencing properties, “Between the window open and the window close, button X can be pushed at most twice.” This suggests that model-checking can complement existing software quality assurance techniques.

In this course... You will study various tools and techniques for debugging and verifying properties of concurrent systems (software, in particular). –Spin: system designed for verifying protocols based on communicating FSA –Bandera: tool set for checking concurrent Java software that compiles Java to Spin, dSpin, etc. –JPF: model-checker that works directly on Java bytecodes

In this course... You will learn the basic algorithms and data structures used in a model-checker –You will program several versions of a model- checker for a simple programming language –Small programming assignments using OCAML – a dialect of ML (you will learn OCAML by yourself during the course). –You will study the formal semantics of various abstraction and slicing techniques used for software model-checking

In this course... In a project component, you will apply Bandera and other model-checking engines (e.g., Spin, dSpin, JPF) to check properties of medium-size Java systems. –Formalize system requirements in Bandera’s specification language –Identity appropriate code units and test harnesses for to be used in checking –Perform abstractions and other model-reduction techniques required for obtaining a tractable model –Write multiple documents describing each phase of the project

Summary Software is becoming pervasive and very complex Model-checking is a promising technique for modeling, debugging, and verifying properties of concurrent systems We will learn the basic principles of explicit state model-checking and methods for applying it effectively to real-world concurrent software Explore current research topics that may impact the future of software model-checking

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.