Presentation is loading. Please wait.

Presentation is loading. Please wait.

Verifica e Validazione Automatica di Sistemi Complessi Enrico Tronci Dipartimento di Informatica, Università di Roma “La Sapienza”, Via Salaraia 113, 00198.

Published byHester Bell Modified over 9 years ago

Similar presentations

Presentation on theme: "Verifica e Validazione Automatica di Sistemi Complessi Enrico Tronci Dipartimento di Informatica, Università di Roma “La Sapienza”, Via Salaraia 113, 00198."— Presentation transcript:

1 Verifica e Validazione Automatica di Sistemi Complessi Enrico Tronci Dipartimento di Informatica, Università di Roma “La Sapienza”, Via Salaraia 113, 00198 Roma, Italy, tronci@di.uniroma1.it, http://www.dsi.uniroma1.it/~troncitronci@di.uniroma1.ithttp://www.dsi.uniroma1.it/~tronci Workshop on Research and Innovations NEXT 20 Mat 2005

2 2 Automatic Verification: A Money Saver Testing without automation tends to discover errors towards the end of the design flow. Error fixing is very expensive at that point and may delay product release. Methods to discover errors as soon as possible are needed. Early developmentImplementation Number of times more expensive to fix Errors caught (percent) Source: Mercury Interactive, Siebel Siemens

3 3 Model Checking Game Model Checker (Equivalent to Exhaustive testing) Sys (VHDL, Verilog, C, C++ Java, MathLab, Simulink, …) BAD (CTL, CTL*, LTL, …) PASS FAIL What went wrong … I.e. no sequence of events (states) can possibly lead to an undesired state. Counterexample I.e. sequence of events (states) leading to an undesired state.

4 4 Mutual Exclusion (Mutex) n1t1 c1 S2=t2 & T=1 S2 = n2 S1 n2t2 c2 S1=t1 & T=2 S1 = n1 S2 12T S1=n1 & S2=t2 S2=n2 & S1=t1 n1, n2, 1t1, n2, 1c1, n2, 1n1, t2, 1t1, t2, 1c1, t2, 1 n1, c2, 1t1, c2, 1c1, c2, 1n1, n2, 2t1, n2, 2c1, n2, 2 n1, t2, 2t1, t2, 2c1, t2, 2n1, c2, 2t1, c2, 2c1, c2, 2 SPEC Mutual exclusion: AG (S1 != c1 | S2 != c2) … true No starvation S1: AG (S1 = t1 --> AF (S1 = c1)) … true

5 5 Mutex (~ arbitrary initial state) Mutual exclusion: AG (S1 != c1 | S2 != c2) … No starvation S1: AG (S1 = t1 --> AF (S1 = c1)) … n1t1 c1 S2=t2 & T=1 S2 = n2 S1 n2t2 c2 S1=t1 & T=2 S1 = n1 S2 12T S1=n1 & S2=t2 S2=n2 & S1=t1

6 6 SMV output (mutex) -- specification AG (S1 != c1 | S2 != c2) is true -- specification AG (S1 = t1 -> AF S1 = c1) is true resources used: user time: 0.02 s, system time: 0.04 s BDD nodes allocated: 635 Bytes allocated: 1245184 BDD nodes representing transition relation: 31 + 6

7 7 Hybrid Systems Hybrid Systems are systems with discrete as well as continuous state variables. Typically requirements analysis for embedded software/hardware leads to study verification of hybrid systems. Examples of hybrid systems: Industrial Plants Automotive systems (cost of software in new cars compares with that of the mechanics) Avionics Biological models …

8 8 Gas Turbine System Controller Gas Turbine (Turbogas) Disturbances: electric users, param. var, etc Vrot: Turbine Rotation speed Texh: Exhaust smokes Temperature Pel: Generated Electric Power Pmc: Compressor Pressure Settings Fuel Valve Opening FG102 Vrot, Texh, Pel, Pmc

9 9 PLAN Build discrete time model of ICARO Turbogas Control System. Code system model with Murphi verifier. This is very similar to simulation code, only more abstract because of model checking limitations (state explosion). Run verification experiments.

10 10 Experimental Results MAX_D_U (KW/sec) Reachable States Rules Fired DiameterCPU (sec)Result 10002,246,3286,738,9841290416988.18PASS 17507,492,38922,477,167742354012.18PASS 25001,739,7195,186,047153312548.25FAIL 500036,801109,015804271.77FAIL Results on a INTEL Pentium 4, 2GHz Linux PC with 512 MB RAM. Murphi options: -b, -c, --cache, -m350

11 11 Fail trace: MAX_D_U = 2500 KW/sec 10 ms time step (100 Hz sampling frequency) Electric user demand (KW) Rotation speed (percentage of max = 22500 rpm) Allowed range for rotation speed: 40-120

12 12 Fail trace: MAX_D_U = 5000 Kw/sec 10 ms time step (100 Hz sampling frequency) Electric user demand (KW) Rotation speed (percentage of max = 22500 rpm) Allowed range for rotation speed: 40-120

13 13 Probabilistic Model Checking (1) Sometimes we can associate a probability with each transition. In such cases reachability analysis becomes the task of computing the stationary distribution of a Markov Chain. This can be done using a Probabilistic Model Checker (state space too big for matrices). 0 1 2 0.4 0.6 0.3 0.7 0.8 0.2

14 14 Finite Horizon Markov Chain Analysis … of our turbogas MAX_D_U (KW/sec) Visited States Rules Fired HorizonCPU time (s)Probability of violating spec 25003,018,9708,971,8391600685627.373292e-05 35002,226,0366,602,7631400502631.076644e-04 45001,834,6845,439,3271300414039.957147e-05 500083,189246,28590022123.984375e-03

15 15 Obstructions State Explosion: That is the HUGE number of reachable states that large systems have. Integration in the design flow: People devoted to verification, validation, specification and testing needed … among other things

16 16 Open Source Model Checkers SMV, NuSMV (Carnegie Mellon University, IRST) [smv,VHDL / CTL] SPIN (Bell Labs) [PROMELA (C like)/ LTL] Murphi (Stanford, “La Sapienza”, L’Aquila) [Pascal like/assert() style] VIS (Berkeley, Stanford, Colorado University) [BLIF, Verilog/CTL, LTL] PVS (Stanford)[PVS/PVS] TVLA (Tel-Aviv)[TVLA/TVLA] Java PathFinder (NASA)[Java Bytecode/LTL] BLAST (Berkeley)[C/assert()] Here are a few examples of open source model checkers.

17 17 Java Verification (BANDERA) SAnToS Group at Kansas State University SAnToS GroupKansas State University

18 18 Some Commercial Model Checkers Cadence (Verilog, VHDL) Synopsis (Verilog, VHDL) Innologic (Verilog) Telelogic (inside SDL suite) Esterel Coverity (C, C++) Here are a few examples of commercial model checkers.

19 19 In House Model Checkers FORTE (INTEL)[Verilog, VHDL/Temporal Logic] SLAM (Microsoft) [C/assert()] BEBOP (Microsoft)[C/assert()] Rule Based (IBM)[Verilog, VHDL/CTL, LTL] CANVAS (IBM) [Java/constraints-guarantees] Verisoft (Bell Labs)[C/C] Here are a few examples of in house model checkers.

20 20 Summing Up Automatic Verification (reachability analysis) is a very useful tool for design and analysis of complex systems such as: digital hardware, embedded software and hybrid systems. Decrease the probability of leaving undetected bugs in our design, thus increasing design quality. Speed up the testing/simulation process, thus decreasing costs and time-to-market. Early error detection, thus decreasing design costs. Support exploration of more complex, hopefully more efficient, solutions by supporting their debugging. Automatic Verification allows us to:

21 21 Adoption Paths Integrating Automatic Verification in Design Flow (to reach state of the art) Custom Model Checker (for competitive advantage, to go beyond state of the art)

Download ppt "Verifica e Validazione Automatica di Sistemi Complessi Enrico Tronci Dipartimento di Informatica, Università di Roma “La Sapienza”, Via Salaraia 113, 00198."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Conclusion Summary Research trends Resources.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Conclusion Summary Research trends Resources.
Formal Methods and Testing Goal: software reliability Use software engineering methodologies to develop the code. Use formal methods during code development.

Formal Methods and Testing Goal: software reliability Use software engineering methodologies to develop the code. Use formal methods during code development.
PRESENTER: PCLee 2011.12.14. System-on-chip (SoC) designs use bus protocols for high performance data transfer among the Intellectual Property (IP) cores.

PRESENTER: PCLee System-on-chip (SoC) designs use bus protocols for high performance data transfer among the Intellectual Property (IP) cores.
Reliable Scripting Using Push Logic Push Logic David Greaves, Daniel Gordon University of Cambridge Computer Laboratory Reliable Scripting.

Reliable Scripting Using Push Logic Push Logic David Greaves, Daniel Gordon University of Cambridge Computer Laboratory Reliable Scripting.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.

Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.
SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)

SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
What are Formal Verification Methods Mathematically based languages, techniques and tools for specifying and verifying systems Language – Clear unambiguous.

What are Formal Verification Methods Mathematically based languages, techniques and tools for specifying and verifying systems Language – Clear unambiguous.
Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.

Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.
© 2011 Carnegie Mellon University SPIN: Part 1 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.

© 2011 Carnegie Mellon University SPIN: Part /614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.
Hydra (A General Framework for Formalizing UML with Formal Languages for Embedded Systems*) *from the Ph.D. thesis of William E. McUmber Software Engineering.

Hydra (A General Framework for Formalizing UML with Formal Languages for Embedded Systems*) *from the Ph.D. thesis of William E. McUmber Software Engineering.
ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.

ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.
CS 267: Automated Verification Lecture 7: SMV Symbolic Model Checker, Partitioned Transition Systems, Counter-example Generation in Symbolic Model Checking.

CS 267: Automated Verification Lecture 7: SMV Symbolic Model Checker, Partitioned Transition Systems, Counter-example Generation in Symbolic Model Checking.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Ymer: A Statistical Model Checker Håkan L. S. Younes Carnegie Mellon University.

Ymer: A Statistical Model Checker Håkan L. S. Younes Carnegie Mellon University.

Similar presentations

Ads by Google