Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.

Slides:



Advertisements
Similar presentations
Model Checking Lecture 1.
Advertisements

1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.
Concurrency: Mutual Exclusion and Synchronization Chapter 5.
CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.
1 MODULE name (parameters) “Ontology” “Program” “Properties” The NuSMV language A module can contain modules Top level: parameters less module Lower level.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
CS6133 Software Specification and Verification
UPPAAL Introduction Chien-Liang Chen.
© 2011 Carnegie Mellon University SPIN: Part /614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.
Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.
© 2011 Carnegie Mellon University SPIN: Part /614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
SPIN Verification System The Model Checker SPIN By Gerard J. Holzmann Comp 587 – 12/2/09 Eduardo Borjas – Omer Azmon ☐ ☐
Sept COMP60611 Fundamentals of Parallel and Distributed Systems Lecture 12 The Critical Section problem John Gurd, Graham Riley Centre for Novel.
The Spin Model Checker Promela Introduction Nguyen Tuan Duc Shogo Sawai.
1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.
Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.
© 2011 Carnegie Mellon University SPIN: Part Bug Catching: Automated Program Verification and Testing Sagar Chaki November 2, 2011.
© 2011 Carnegie Mellon University SPIN: Part Bug Catching: Automated Program Verification and Testing Sagar Chaki October 31, 2011.
CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.
Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti Part 4: Specifications.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.
Specification Formalisms Book: Chapter 5. Properties of formalisms Formal. Unique interpretation. Intuitive. Simple to understand (visual). Succinct.
ESE601: Hybrid Systems Introduction to verification Spring 2006.
Automata and Formal Lanugages Büchi Automata and Model Checking Ralf Möller based on slides by Chang-Beom Choi Provable Software Lab, KAIST.
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
The Model Checker SPIN Written by Gerard J. Holzmann Presented by Chris Jensen.
1 Temporal Logic-Overview FM Temporal Logic u Classical logic: Good for describing static conditions u Temporal logic: Adds temporal operators Describe.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Timed UML State Machines Ognyana Hristova Tutor: Priv.-Doz. Dr. Thomas Noll June, 2007.
Correctness requirements. Basic Types of Claims Basic assertions End-state labels Progress-state labels Accept-state labels Never claims Trace assertions.
Scientific Computing By: Fatima Hallak To: Dr. Guy Tel-Zur.
Korea Advanced Institute of Science and Technology The Spin Model Checker - Advanced Features Moonzoo Kim CS Dept. KAIST.
- 1 - Embedded Systems - SDL Some general properties of languages 1. Synchronous vs. asynchronous languages Description of several processes in many languages.
CS6133 Software Specification and Verification
Sept COMP60611 Fundamentals of Parallel and Distributed Systems Lecture 15 More Advanced Program Properties: Temporal logic and jSpin John Gurd,
MODEL CHECKING WITH SPIN MODELING AND VERIFICATION WITH SPIN ANDREA ORLANDINI – ISTC (CNR) TexPoint fonts used in EMF. Read the TexPoint manual before.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Radu Iosif Introduction to SPIN Radu Iosif
1 CSEP590 – Model Checking and Automated Verification Lecture outline for August 6, 2003.
Temporal Logic Model-checking with SPIN
2015 Concurrency: logical properties 1 ©Magee/Kramer 2 nd Edition Chapter 14 Logical Properties Satisfied? Not satisfied?
CIS 842: Specification and Verification of Reactive Systems Lecture INTRO-Examples: Simple BIR-Lite Examples Copyright 2004, Matt Dwyer, John Hatcliff,
Hwajung Lee. The State-transition model The set of global states = s 0 x s 1 x … x s m {s k is the set of local states of process k} S0  S1  S2  Each.
Lecture 4 Introduction to Promela. Promela and Spin Promela - process meta language G. Holzmann, Bell Labs (Lucent) C-like language + concurrency dyamic.
Program Correctness. The designer of a distributed system has the responsibility of certifying the correctness of the system before users start using.
Presented by: Belgi Amir Seminar in Distributed Algorithms Designing correct concurrent algorithms Spring 2013.
Today’s Agenda  Quiz 4  Temporal Logic Formal Methods in Software Engineering1.
Model Checking Lecture 1: Specification Tom Henzinger.
CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4.
CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.
Formal methods: Lecture
Background on the need for Synchronization
Formal verification in SPIN
CSE 503 – Software Engineering
Specification and Validation of Real-Time Programs ©A. Mok 2009
An explicit state model checker
A Refinement Calculus for Promela
Translating Linear Temporal Logic into Büchi Automata
CSE 555 Protocol Engineering
HW6: Due Dec 14 23:59 To specify a corresponding Promela specification
COMP60621 Designing for Parallelism
HW6: Due Nov 26 23:59 To specify a corresponding Promela specification
CSE 503 – Software Engineering
HW6: Due Dec 20 23:59 To specify a corresponding Promela specification
Presentation transcript:

Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5

Software Systems Verification and Validation Promela Promela (= Protocol/Process Meta Language) allows for the dynamic creation of concurrent processes. communication via message channels can be defined to be synchronous (i.e. rendezvous), asynchronous (i.e. buffered). Model checking Spin Developed at Bell Labs. In 2002, recognized by the ACM with Software System Award. SPIN (= Simple Promela Interpreter) is a tool for analyzing the logical consistency of concurrent systems Concurrent systems are described in the modelling language called Promela (= Protocol/Process Meta Language)

Software Systems Verification and Validation Promela Model Promela model consist of: – type declarations – channel declarations – variable declarations – process declarations – [init process] A process type (proctype) consist of – a name – a list of formal parameters – local variable declarations – Body A process – is defined by a proctype definition – executes concurrently with all other processes, independent of speed of behaviour – communicate with other processes using global (shared) variables using channels There may be several processes of the same type. Each process has its own local state: – process counter (location within the proctype) – contents of the local variables

The body of a process consists of a sequence of statements. A statement is either executable: the statement can be executed immediately. blocked: the statement cannot be executed. An assignment is always executable. An expression is also a statement; it is executable if it evaluates to non- zero The skip statement is always executable. “does nothing”, only changes process’ process counter A printf statement is always executable (but is not evaluated during verification, of course). assert( ); The assert-statement is always executable. If evaluates to zero, SPIN will exit with an error, as the “has been violated”. The assert-statement is often used within Promela models, to check whether certain properties are valid in a state. Software Systems Verification and Validation Statements

Software Systems Verification and Validation ReversingDigits.pml – Check – Random DiscriminantOfQuadraticEquation.pml – Check – Random NumberDaysInMonth.pml – Check – Random

Software Systems Verification and Validation MaximumNondeterminism.pml – Check – Random – “Branch 1” and “Branch 2” Maximum –second example-MaximumIfElse.pml – Check – Random GCD.pml – Check – Random IntegerDivison01.pml – Check – Random

Promela processes execute concurrently. Non-deterministic scheduling of the processes. Processes are interleaved (statements of different processes do not occur at the same time). exception: rendez-vous communication. All statements are atomic; each statement is executed without interleaving with other processes. Each process may have several different possible actions enabled at each point of execution - only one choice is made, non-deterministically. InterleavingStatements.pml Check Random 6 possibilities of the execution n1,p,n2,q; n1,n2,p,q; n1,n2,q,p; n2,q,n1,p; n2,n1,q,p; n2,n1,p,q. Interactive simulation – Interactive button InterferenceBetweenProcesses.pml InterferenceBetweenProcessesDeterministic.pml Software Systems Verification and Validation Concurrency and Interleaving Semantics

Software Systems Verification and Validation CriticalSection_Incorrect.pml – both processes – in the critical section CriticalSection_MutualExclusion.pml – not satisfied – Mutual exclusion – at most one process is executing its critical section at any time. CriticalSection_With_Deadlock.pml – Blocking on an expression – user Interactive simulation – Absence of deadlock – it is impossible to reach a state in which come processes are trying to enter their critical sections, but no process is successful. CriticalSection_SolutionAtomic.pml – The atomic sequence may be blocked from executing, but once it starts executing, both statements are executed without interference from the other process.

Linear Temporal Logic Temporal logic formulae can specify both safety and liveness properties LTL ≡ propositional logic + temporal operators []P always P <>P eventually P P U Q P is true until Q becomes true Software Systems Verification and Validation

CriticalSection_MutualExclusionLTL.pml – LTL formula: []mutex – Translate – Verify CriticalSection_MutualExclusionLTL02.pml – LTL formula: []mutex – Translate – Verify CriticalSection_With_Starvation.pml – LTL formula: <>csp – Translate – Acceptance – Verify

Software Systems Verification and Validation Installation Jspin – InstallJSpin.zip

Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5 See file AssignmentLab04.pdf

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.