Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2011 Carnegie Mellon University SPIN: Part 1 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.

Published bySonia Sears Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2011 Carnegie Mellon University SPIN: Part 1 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014."— Presentation transcript:

1 © 2011 Carnegie Mellon University SPIN: Part 1 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014

2 2 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University What is This All About? Spin On-the-fly verifier developed at Bell-labs by Gerard Holzmann and others http://spinroot.com Promela Modeling language for SPIN Targeted at asynchronous systems – Switching protocols http://spinroot.com/spin/Man/Quick.html

3 3 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University History Work leading to Spin started in 1980 First bug found on Nov 21, 1980 by Pan One-pass verifier for safety properties Succeeded by Pandora (82), Trace (83), SuperTrace (84), SdlValid (88), Spin (89) Spin covered omega-regular properties

4 4 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Spin Capabilities Interactive simulation For a particular path For a random path Exhaustive verification Generate C code for verifier Compile the verifier and execute Returns counter-example Lots of options for fine-tuning

5 5 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Spin Overall Structure GUI Front-end GUI Front-end Promela Parser Promela Parser LTL Parser and Translator LTL Parser and Translator Syntax Error Reports Syntax Error Reports Interactive Simulation Interactive Simulation Verifier Generator Verifier Generator Optimized Model Checker (ANSI C) Optimized Model Checker (ANSI C) Executable O-T-F Verifier Executable O-T-F Verifier Counter Example

6 6 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Promela Stands for Process Meta Language Language for asynchronous programs Dynamic process creation Processes execute asynchronously Communicate via shared variables and message channels – Races must be explicitly avoided – Channels can be queued or rendezvous C like syntax

7 7 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Executability

8 8 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Delimitors

9 9 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Data Types

10 10 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Process Definition Only definitions. Need a “main” function to run

11 11 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Process Instantiation run can be used anywhere. Dynamic Process Creation. Sample 1

12 12 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Process Parameterization Data arrays or processes cannot be passed Sample 2

13 13 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Race Condition Sample 3

14 14 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Deadlock Sample 4

15 15 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Atomic sequences Sample 5

16 16 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Message passing

17 17 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Message passing More parameters sent Extra parameters dropped More parameters received Extra parameters undefined Fewer parameters sent Extra parameters undefined Fewer parameters received Extra parameters dropped

18 18 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Message passing Sample 6

19 19 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Message passing

20 20 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Executability

21 21 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Composite conditions

22 22 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Time for example 1

23 23 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Rendezvous Channel of size 0 defines a rendezvous port Can be used by two processed for a synchronous handshake No queueing The first process blocks Handshake occurs after the second process arrives

24 24 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Example Sample 7

25 25 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Control flow We have already seen some Concatenation of statements, parallel execution, atomic sequences There are a few more Case selection, repetition, unconditional jumps

26 26 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Case selection

27 27 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Time for example 2

28 28 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Repetition

29 29 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Repetition

30 30 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Unconditional jumps

31 31 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Procedures and Recursion Procedures can be modeled as processes Even recursive ones Return values can be passed back to the calling process via a global variable or a message

32 32 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Time for example 3

33 33 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Timeouts

34 34 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Assertions

35 35 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Time for example 4

36 36 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University References http://cm.bell-labs.com/cm/cs/what/spin/ http://cm.bell- labs.com/cm/cs/what/spin/Man/Manual.html http://cm.bell- labs.com/cm/cs/what/spin/Man/Quick.html

37 37 SPIN – Part 1 Sagar Chaki, April 21, 2014 © 2011 Carnegie Mellon University Questions? Sagar Chaki Senior Member of Technical Staff RTSS Program Telephone: +1 412-268-1436 Email: chaki@sei.cmu.educhaki@sei.cmu.edu U.S. Mail Software Engineering Institute Customer Relations 4500 Fifth Avenue Pittsburgh, PA 15213-2612 USA Web www.sei.cmu.edu/staff/chaki Customer Relations Email: info@sei.cmu.edu Telephone: +1 412-268-5800 SEI Phone: +1 412-268-5800 SEI Fax: +1 412-268-6257

Download ppt "© 2011 Carnegie Mellon University SPIN: Part 1 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014."

Similar presentations

Generating test cases specifications for BPEL compositions of web services using SPIN José García-Fanjul, Javier Tuya, and Claudio de la Riva Pointner.

Generating test cases specifications for BPEL compositions of web services using SPIN José García-Fanjul, Javier Tuya, and Claudio de la Riva Pointner.
Model Checking for an Executable Subset of UML Fei Xie 1, Vladimir Levin 2, and James C. Browne 1 1 Dept. of Computer Sciences, UT at Austin 2 Bell Laboratories,

Model Checking for an Executable Subset of UML Fei Xie 1, Vladimir Levin 2, and James C. Browne 1 1 Dept. of Computer Sciences, UT at Austin 2 Bell Laboratories,
Masahiro Fujita Yoshihisa Kojima University of Tokyo May 2, 2008

Masahiro Fujita Yoshihisa Kojima University of Tokyo May 2, 2008
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
© 2006 Carnegie Mellon University Combining Predicate and Numeric Abstraction for Software Model Checking Software Engineering Institute Carnegie Mellon.

© 2006 Carnegie Mellon University Combining Predicate and Numeric Abstraction for Software Model Checking Software Engineering Institute Carnegie Mellon.
Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.

Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.
CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.
Verification of Evolving Software Natasha Sharygina Joint work with Sagar Chaki and Nishant Sinha Carnegie Mellon University.

Verification of Evolving Software Natasha Sharygina Joint work with Sagar Chaki and Nishant Sinha Carnegie Mellon University.
The cardiac pacemaker – SystemJ versus Safety Critical Java Heejong Park, Avinash Malik, Muhammad Nadeem, and Zoran Salcic. University of Auckland, NZ.

The cardiac pacemaker – SystemJ versus Safety Critical Java Heejong Park, Avinash Malik, Muhammad Nadeem, and Zoran Salcic. University of Auckland, NZ.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Concurrency Important and difficult (Ada slides copied from Ed Schonberg)

Concurrency Important and difficult (Ada slides copied from Ed Schonberg)
CS 290C: Formal Models for Web Software Lecture 4: Implementing and Verifying Statecharts Specifications Using the Spin Model Checker Instructor: Tevfik.

CS 290C: Formal Models for Web Software Lecture 4: Implementing and Verifying Statecharts Specifications Using the Spin Model Checker Instructor: Tevfik.
© 2011 Carnegie Mellon University SPIN: Part 2 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.

© 2011 Carnegie Mellon University SPIN: Part /614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.
Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.

Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.
/ PSWLAB P ROMELA Semantics from “THE SPIN MODEL CHECKER” by G. J. Holzmann Presented by Hong,Shin 5 th Oct 2007 08:021PROMELA Semantics.

/ PSWLAB P ROMELA Semantics from “THE SPIN MODEL CHECKER” by G. J. Holzmann Presented by Hong,Shin 5 th Oct :021PROMELA Semantics.
An Overview of PROMELA. A protocol Validation Language –A notation for the specification and verification of procedure rules. –A partial description of.

An Overview of PROMELA. A protocol Validation Language –A notation for the specification and verification of procedure rules. –A partial description of.
The model checker SPIN1 The Model Checker SPIN. The model checker SPIN2 SPIN & Promela SPIN(=Simple Promela Interpreter) –tool for analyzing the logical.

The model checker SPIN1 The Model Checker SPIN. The model checker SPIN2 SPIN & Promela SPIN(=Simple Promela Interpreter) –tool for analyzing the logical.
ESP: A Language for Programmable Devices Sanjeev Kumar, Yitzhak Mandelbaum, Xiang Yu, Kai Li Princeton University.

ESP: A Language for Programmable Devices Sanjeev Kumar, Yitzhak Mandelbaum, Xiang Yu, Kai Li Princeton University.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
The Spin Model Checker Promela Introduction 50374 Nguyen Tuan Duc 50378 Shogo Sawai.

The Spin Model Checker Promela Introduction Nguyen Tuan Duc Shogo Sawai.

Similar presentations

Ads by Google