Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Carnegie Mellon UniversitySPINFlavio Lerda 15-398 SPIN An explicit state model checker.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Carnegie Mellon UniversitySPINFlavio Lerda 15-398 SPIN An explicit state model checker."— Presentation transcript:

1 1 Carnegie Mellon UniversitySPINFlavio Lerda 15-398 SPIN An explicit state model checker

2 2 Carnegie Mellon UniversitySPINFlavio Lerda 15-398 How does Spin work? We already saw: –The Algorithm –The Promela Language We need to see how we does the tool work.

3 3 Carnegie Mellon UniversitySPINFlavio Lerda 15-398 High Level Organization LTL Translator Buchi Translator Pan VerifierC Compiler C Generator Automata Generator Promela Parser LTL formulaPromela Model Buchi Automaton Abstract Syntax Tree Automata C Code Verification Result The Buchi automaton is turned into a Promela process and composed with the rest of the system. The generated verifier is specific to the model and property we started with.

4 4 Carnegie Mellon UniversitySPINFlavio Lerda 15-398 Command Line Tools Spin –Generates the Promela code for the LTL formula ~$ spin –f “[]<>p” The proposition in the formula must correspond to #defines –Generates the C source code ~$ spin –a source.pro The property must be included in the source Pan –Performs the verification Has many compile time options to enable different features Optimized for performance

5 5 Carnegie Mellon UniversitySPINFlavio Lerda 15-398 Xspin GUI for Spin

6 6 Carnegie Mellon UniversitySPINFlavio Lerda 15-398 Simulator Spin can also be used as a simulator –Simulated the Promela program It is used as a simulator when a counterexample is generated –Steps through the trace –The trace itself is not “readable” Can be used for random and manually guided simulation as well

7 7 Carnegie Mellon UniversitySPINFlavio Lerda 15-398 Comments DFS does not necessarily find the shortest counterexample There might be a very short counterexample but the verification might go out of memory If we don’t finish we might still have some sort of a result (coverage metrics)

Download ppt "1 Carnegie Mellon UniversitySPINFlavio Lerda 15-398 SPIN An explicit state model checker."

Similar presentations

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
A Survey of Runtime Verification Jonathan Amir 2004.

A Survey of Runtime Verification Jonathan Amir 2004.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
1 Generalized Buchi automaton. 2 Reminder: Buchi automata A=  Alphabet (finite). S: States (finite).  : S x  x S ) S is the transition relation. I.

1 Generalized Buchi automaton. 2 Reminder: Buchi automata A=  Alphabet (finite). S: States (finite).  : S x  x S ) S is the transition relation. I.
Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.

Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.
CS 290C: Formal Models for Web Software Lecture 4: Implementing and Verifying Statecharts Specifications Using the Spin Model Checker Instructor: Tevfik.

CS 290C: Formal Models for Web Software Lecture 4: Implementing and Verifying Statecharts Specifications Using the Spin Model Checker Instructor: Tevfik.
© 2011 Carnegie Mellon University SPIN: Part 2 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.

© 2011 Carnegie Mellon University SPIN: Part /614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.
Promela/SPIN Acknowledgements: These notes used some of the material presented by Flavio Lerda as part of Ed Clarke’s model-checking course.

Promela/SPIN Acknowledgements: These notes used some of the material presented by Flavio Lerda as part of Ed Clarke’s model-checking course.
Carnegie Mellon University Java PathFinder and Model Checking of Programs Guillaume Brat, Dimitra Giannakopoulou, Klaus Havelund, Mike Lowry, Phil Oh,

Carnegie Mellon University Java PathFinder and Model Checking of Programs Guillaume Brat, Dimitra Giannakopoulou, Klaus Havelund, Mike Lowry, Phil Oh,
© 2011 Carnegie Mellon University SPIN: Part 1 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.

© 2011 Carnegie Mellon University SPIN: Part /614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.
CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.

CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.
PSWLAB S PIN Search Algorithm from “THE SPIN MODEL CHECKER” by G Holzmann Presented by Hong,Shin 9 th Nov 2007 2015-05-071SPIN Search Algorithm.

PSWLAB S PIN Search Algorithm from “THE SPIN MODEL CHECKER” by G Holzmann Presented by Hong,Shin 9 th Nov SPIN Search Algorithm.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
S. Ramesh Model-Checking Distributed Software S. Ramesh IIT Bombay.

S. Ramesh Model-Checking Distributed Software S. Ramesh IIT Bombay.

Similar presentations

Ads by Google