Presentation is loading. Please wait.

Presentation is loading. Please wait.

An explicit state model checker

Published byRandall Dawson Modified over 5 years ago

Similar presentations

Presentation on theme: "An explicit state model checker"— Presentation transcript:

1 An explicit state model checker
SPIN An explicit state model checker

2 How does Spin work? We already saw:
The Algorithm The Promela Language We need to see how we does the tool work.

3 High Level Organization
LTL formula Promela Model LTL Translator Buchi Automaton Buchi Translator Promela Parser The Buchi automaton is turned into a Promela process and composed with the rest of the system. Abstract Syntax Tree Automata Generator Automata The generated verifier is specific to the model and property we started with. C Generator C Code C Compiler Pan Verifier Verification Result

4 Command Line Tools Spin Pan
Generates the Promela code for the LTL formula ~$ spin –f “[]<>p” The proposition in the formula must correspond to #defines Generates the C source code ~$ spin –a source.pro The property must be included in the source Pan Performs the verification Has many compile time options to enable different features Optimized for performance

5 Xspin GUI for Spin

6 Simulator Spin can also be used as a simulator
Simulated the Promela program It is used as a simulator when a counterexample is generated Steps through the trace The trace itself is not “readable” Can be used for random and manually guided simulation as well

7 Comments DFS does not necessarily find the shortest counterexample
There might be a very short counterexample but the verification might go out of memory If we don’t finish we might still have some sort of a result (coverage metrics)

Download ppt "An explicit state model checker"

Similar presentations

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
A Survey of Runtime Verification Jonathan Amir 2004.

A Survey of Runtime Verification Jonathan Amir 2004.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
1 Generalized Buchi automaton. 2 Reminder: Buchi automata A=  Alphabet (finite). S: States (finite).  : S x  x S ) S is the transition relation. I.

1 Generalized Buchi automaton. 2 Reminder: Buchi automata A=  Alphabet (finite). S: States (finite).  : S x  x S ) S is the transition relation. I.
Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.

Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
© 2011 Carnegie Mellon University SPIN: Part 1 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.

© 2011 Carnegie Mellon University SPIN: Part /614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.
PSWLAB S PIN Search Algorithm from “THE SPIN MODEL CHECKER” by G Holzmann Presented by Hong,Shin 9 th Nov 2007 2015-05-071SPIN Search Algorithm.

PSWLAB S PIN Search Algorithm from “THE SPIN MODEL CHECKER” by G Holzmann Presented by Hong,Shin 9 th Nov SPIN Search Algorithm.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
1 Mechanical Verification of Timed Automata Myla Archer and Constance Heitmeyer Presented by Rasa Bonyadlou 24 October 2002.

1 Mechanical Verification of Timed Automata Myla Archer and Constance Heitmeyer Presented by Rasa Bonyadlou 24 October 2002.
S. Ramesh Model-Checking Distributed Software S. Ramesh IIT Bombay.

S. Ramesh Model-Checking Distributed Software S. Ramesh IIT Bombay.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking.

Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking.
Bandera: Extracting Finite-state Models from Java Source Code James C. Corbett (Hawai’i) Matthew B. Dwyer, John Hatcliff, Shawn Laubach, Corina S. Păsăreanu,

Bandera: Extracting Finite-state Models from Java Source Code James C. Corbett (Hawai’i) Matthew B. Dwyer, John Hatcliff, Shawn Laubach, Corina S. Păsăreanu,
© 2011 Carnegie Mellon University SPIN: Part 1 15-414 Bug Catching: Automated Program Verification and Testing Sagar Chaki October 31, 2011.

© 2011 Carnegie Mellon University SPIN: Part Bug Catching: Automated Program Verification and Testing Sagar Chaki October 31, 2011.

Similar presentations

Ads by Google