Presentation is loading. Please wait.

Presentation is loading. Please wait.

Model checking dynamic states in GROOVE Arend Rensink Formal Methods and Tools University of Twente.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Model checking dynamic states in GROOVE Arend Rensink Formal Methods and Tools University of Twente."— Presentation transcript:

1 Model checking dynamic states in GROOVE Arend Rensink Formal Methods and Tools University of Twente

2 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove2 Outline Context: Graph transformation – GROOVE tool for software model checking Integrated methods – On-the-fly model checking – Partial order reduction Method integration – Stochastic analysis – Aspect-oriented program analysis Interoperability – Syntactic: Model transformation – Semantic: Graph transformation approaches

3 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove3 States as graphs Objects & method frames as nodes Relations & variables as (labelled) edges BufferCell next last first Object val heap stack

4 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove4 Graph formalism Graphs in this presentation: – flat (i.e., not hierarchical), untyped – directed, edge-labelled, no parallel edges – self-edges depicted as node labels Formally: G = (L,N,E) with – L set of labels – N finite set of nodes – E  N  L  N finite set of labelled edges Partial morphisms – structure-preserving node mappings

5 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove5 Graphs as states BufferCell next first, last Object val BufferCell next last first Object val Object val BufferCell next last first Object val Object val Object val BufferCell next first last BufferCell next last first Object val

6 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove6 forbidden Graph Productions Production rule source graph matching Graph transition src(t)tgt(t) morph(t) target graph pushout NAC NACs (SPO = Single Pushout Approach) LHSRHS rule morphism (partial)

7 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove7 Example production rule Alternative single-graph representation: Buffer Cell Object next val last Object blue = eraser: LHS, not RHS; to be matched and deleted green = creator: RHS, not LHS; to be added black = reader: LHS and RHS; to be matched and preserved red = embargo: NAC, not LHS; forbidden

8 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove8 Aim: software model checking Construct graph procuction system from – UML diagrams / other specifications – Programs to be checked Generate state space – States=graphs, transitions=transformations Formulate properties – invariants/reachability (safety) – liveness – full temporal logic Check properties on the model

9 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove9 Envisaged tool chain Program (source) Program (graph) Compilation Semantics (rules) Generation State space (GTS) Properties Verification Conclusion Testing Tracing abstraction refinement Rule system per language Combine (on-the- fly checking)

10 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove10 Problem: Complexity of GT Traditional approach – Concurrent communicating automata – Model paradigm much closer to machine – Fast evaluation – 20 years research in Symbolic storage Symmetry & partial order reduction Abstractions & heuristics Graph Transformation – Graph matching & manipulation – Dynamic models: No a priori bounds – Many existing results do not apply Sometimes reflects a feature of the modelled system

11 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove11 Challenge: How to counter Transfer existing results to GT approach (integrated methods) – Model checking algorithms – Partial order reduction Make use of graph structure – Store states as graph deltas – Isomorphism for symmetry reduction – Graph-based abstractions – Nested rules

12 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove12 Outline Context: Graph transformation – GROOVE tool for software model checking Integrated methods – On-the-fly model checking – Partial order reduction Method integration – Stochastic analysis – Aspect-oriented program analysis Interoperability – Syntactic: Model transformation – Semantic: Graph transformation approaches

13 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove13 Integrated Methods On-the fly model checking – Principle: check while expanding state space; in particular, check for cycles – Problem: state space here infinite; hence cycle check easily fails to terminate – Solution: combination with bounded MC Partial order reduction – Principle: avoid concurrent interleavings – Problem: actions here a priori unknown – Solution: new POR algorithm

14 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove14 Example: On-the-fly model checking Existing algorithm [Schwoon, Ersparza 2005] Exhaustive DFS detect cycles in accepting states The exhaustive DFS will not terminat for infinite state spaces

15 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove15 Combination with bounded checking Approximate ! by sequence of ! i

16 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove16 Outline Context: Graph transformation – GROOVE tool for software model checking Integrated methods – On-the-fly model checking – Partial order reduction Method integration – Stochastic analysis – Aspect-oriented program analysis Interoperability – Syntactic: Model transformation – Semantic: Graph transformation approaches

17 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove17 Method Integration: Example 1 Stochastic graph transformation systems [Heckel, Lajios, Menge, 2006] – Application area: performance/reliability analysis of dynamic systems – Basic idea: Associate rates with graph transformation rules – Generate state space – Derive and solve continuous-time Markov chains – Tool chain: GROOVE -> PRISM/EMC 2 GROOVE [offers] state space generation [and] import/export functionality.

18 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove18 Example transformation rules move connect breakdownfail handover

19 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove19 Method Integration: Example 2 Aspect composition conflict detection [Havinga et al., 2007] – Application area: aspect-oriented programming – Analysis of run-time introduction of new methods in existing classes – Translate Java and AspectJ to graphs – Graph trafo rules to model introductions – Conflict detection through forbidden patterns

20 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove20 Example graphs and rules AspectJ program Abstract syntax graph Forbidden pattern Introduction rule

21 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove21 Outline Context: Graph transformation – GROOVE tool for software model checking Integrated methods – On-the-fly model checking – Partial order reduction Method integration – Stochastic analysis – Aspect-oriented program analysis Interoperability – Syntactic: Model transformation – Semantic: Graph transformation approaches

22 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove22 Syntactic Interoperability: Example Graph Transformation Semantics for QVT [Rensink, Nederpel 2006] – Context: model transformation – Approach: use graph transformation

23 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove23 Overall method Artefacts 1-3 given in different languages Steps 4-6 involve syntactic translations – There is no semantics to be preserved – Translation defines semantics

24 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove24 Semantic Interoperability: Example Simulating Multigraph Transformations Using Simple Graphs [Boneva et al. 2007] – Motivation: use GROOVE technology for other tools’ graph production systems – Different graph models (multigraphs have edge identities) – Different transformation approaches (Single Pushout versus Double Pushout) – Encoding: translate multigraph edges into simple graph nodes

25 IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove25 Conclusion GROOVE technology used in different contexts – Built on well-researched formal methods – Usable GUI – XML-based graph I/O – Open Java source code Integrating methods necessary, but – Not seen as “cutting edge” research – Ratio effort/output not highest – We need more funding for this!!

Download ppt "Model checking dynamic states in GROOVE Arend Rensink Formal Methods and Tools University of Twente."

Similar presentations

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Recipes for State Space Reduction Arend Rensink, University of Twente Dutch Model Checking Day, May 2014.

Recipes for State Space Reduction Arend Rensink, University of Twente Dutch Model Checking Day, May 2014.
A Survey of Runtime Verification Jonathan Amir 2004.

A Survey of Runtime Verification Jonathan Amir 2004.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.

Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
Distributed Markov Chains P S Thiagarajan School of Computing, National University of Singapore Joint work with Madhavan Mukund, Sumit K Jha and Ratul.

Distributed Markov Chains P S Thiagarajan School of Computing, National University of Singapore Joint work with Madhavan Mukund, Sumit K Jha and Ratul.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Budapest University of Technology and EconomicsDagstuhl 2004 Department of Measurement and Information Systems 1 Towards Automated Formal Verification.

Budapest University of Technology and EconomicsDagstuhl 2004 Department of Measurement and Information Systems 1 Towards Automated Formal Verification.
Verification of Graph Transformation Systems Arman Sheikholeslami

Verification of Graph Transformation Systems Arman Sheikholeslami
ARTIST2 - MOTIVES Trento - Italy, February 19-23, 2007 Model Transformation and UML Reiko Heckel University of Leicester, UK Foundations of Model Transformation.

ARTIST2 - MOTIVES Trento - Italy, February 19-23, 2007 Model Transformation and UML Reiko Heckel University of Leicester, UK Foundations of Model Transformation.
Timed Automata.

Timed Automata.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
Semantic Translation of Simulink/Stateflow Models to Hybrid Automata using Graph Transformations A. Agarwal, Gy. Simon, G. Karsai ISIS, Vanderbilt University.

Semantic Translation of Simulink/Stateflow Models to Hybrid Automata using Graph Transformations A. Agarwal, Gy. Simon, G. Karsai ISIS, Vanderbilt University.
1 Towards formal manipulations of scenarios represented by High-level Message Sequence Charts Loïc Hélouet Claude Jard Benoît Caillaud IRISA/PAMPA (INRIA/CNRS/Univ.

1 Towards formal manipulations of scenarios represented by High-level Message Sequence Charts Loïc Hélouet Claude Jard Benoît Caillaud IRISA/PAMPA (INRIA/CNRS/Univ.
On-the-fly Synthesis of Multi-Clock SVA Jiang Long Andrew Seawright Paparao Kavalipati IWLS’ 2008.

On-the-fly Synthesis of Multi-Clock SVA Jiang Long Andrew Seawright Paparao Kavalipati IWLS’ 2008.
Yongjian Li The State Key Laboratory of Computer Science Chinese Academy of Sciences William N. N. HungSynopsys Inc. Xiaoyu SongPortland State University.

Yongjian Li The State Key Laboratory of Computer Science Chinese Academy of Sciences William N. N. HungSynopsys Inc. Xiaoyu SongPortland State University.
Course Summary. © Katz, 2003 Formal Specifications of Complex Systems-- Real-time 2 Topics (1) Families of specification methods, evaluation criteria.

Course Summary. © Katz, 2003 Formal Specifications of Complex Systems-- Real-time 2 Topics (1) Families of specification methods, evaluation criteria.

Similar presentations

Ads by Google