Presentation is loading. Please wait.

Presentation is loading. Please wait.

Temporal Logic Model-checking with SPIN

Published byGary Baker Modified over 8 years ago

Similar presentations

Presentation on theme: "Temporal Logic Model-checking with SPIN"— Presentation transcript:

1 Temporal Logic Model-checking with SPIN
Part 2: The PROMELA Language COMP6004 Stéphane Lo Presti

2 Last Lecture Xspin LTL parser and translator PROMELA parser
Simulation Verifier (analyzer) generator C Pre-processor/Compilation Counter-example Execution

3 Introduction PROMELA is the input language of SPIN
Inspired by: C, Guarded Command/CSP Describes the model and part of the specification (other part: correctness claim as LTL formula)

4 What is a model? FOLDOC (Free Online Directory of Computing, wombat.doc.ic.ac.uk/foldoc): A description of observed behaviour, simplified by ignoring certain details. Models allow complex systems to be understood and their behaviour predicted within the scope of the model, but may give incorrect descriptions and predictions for situations outside the realm of their intended use.

5 PROMELA Basic Elements
Process Types and instances Local scope Variables Data types Arrays Statements/Conditions Channels FIFO queue (array)

6 Macro definitions #define name value ex: #define red 2 x = x+red

7 Processes (1) Process type Process instantiation
proctype myprocess(parameters) { ... } Process instantiation run myprocess(param_values)

8 Processes (2) Data arrays or process types are the only types that cannot be passed as parameters Process state defined by the values of its variables Special process: init

9 Data types Name Range Typically bit / bool 0 .. 1 false .. true byte
0 .. CHAR_BIT short SHRT_MIN .. SHRT_MAX int INT_MIN .. INT_MAX

10 Symbolic values Message types Special 0 is false mtype = {value_names}
ex: mtype = {red, green, blue} Special 0 is false Any non-0 value is true

11 Records C struct Typedef name { fieldtype1 fieldname1;
Ex: Typedef picture{ int numcolors; int vert_resolution; int horz_resolution:}

12 Variables Declaration datatype variable_name Assignment Test
ex: int counter Assignment variable_name = value ex: counter = 1 Test variable_name == value ex: counter == 0

13 Arrays Declaration Element value elem_type array_name[size]
ex: int vector[10] Element value array_name[index] ex: vector[0]

14 Statements (1) Statements and conditions are not differentiated: both are either executable or blocked Conditions are executable when true blocked when false Statements are executable when eligible for execution blocked when waiting for synchronization

15 Statements (2) Always executable Always blocked
Variable declarations, Assignments, printf Assertions true / non-0 values skip, goto, break Always blocked false and 0 (a.k.a. block, hang) values

16 Statements (3) Special case
run is executable if a process of the specified type can be instantiated (memory limit, too many processes) Statement separators (where interleaving may occur) ; or ->

17 Atomic sequences Indivisible unit (no interleaving)
atomic { statements }

18 First example byte state = 1; proctype A() {byte tmp;
(state==1) -> tmp=state; tmp=tmp+1; state=tmp} proctype B() (state==1)->tmp=state; tmp=tmp-1; state=tmp} init { run A(); run B() }

19 Process communication (1)
Via (buffered) channels Declaration chan channame = [size] of {msgtype} ex: chan com1 = [16] of {byte,int} Global or local

20 Process communication (2)
Sending a value on a channel channame!value Receiving a value on a channel channame?varname

21 Process communication (3)
More than one value channame?value1,value2,... Convention: first value is message type (mtype) channame!mtype(value2,...) Test a receive statement channame?[values]

22 Process communication (4)
Size of the channel buffer len(channame) Rendez-vous communication (synchronous): channel of buffer size 0

23 Second example proctype A(chan q1) { chan q2; q1?q2; q2!123 }
proctype B(chan qforb) { int x; qforb?x; printf(“x= %d\n”,x) } init { chan qname = [1] of {chan}; chan qforb = [1] of {int}; run A(qname); run B(qforb); qname!qforb}

24 Control flow (1) Case selection ex: if if :: statement1 :: statement2
:: (a==b) -> option1 :: (a!=b) -> option2

25 Control flow (2) Repetition Terminating the repetition: break do
:: statement1 :: statement2 od Terminating the repetition: break

26 Control flow (3) Unconditional jump Three special kinds of labels
Declare a label mylabel: ... Jump to that label goto mylabel Three special kinds of labels end, progress, accept

27 Control flow (4) Unless {statement1} unless {statement2;statement3}

28 Pseudo-statements Timeout Else do :: statement1
:: timeout -> statement2 Od Else if :: else -> statement2 fi

29 Assertions assert(condition)
Combined with labels to express the specification

30 Semantics of PROMELA http://www.spinroot.com/spin/Man/Intro.html
Operational model based on: Processes (Labelled transition Systems) Variables Channels Semantics engine

Download ppt "Temporal Logic Model-checking with SPIN"

Similar presentations

1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.

1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.

Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.
CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
© 2011 Carnegie Mellon University SPIN: Part 2 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.

© 2011 Carnegie Mellon University SPIN: Part /614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.
Promela/SPIN Acknowledgements: These notes used some of the material presented by Flavio Lerda as part of Ed Clarke’s model-checking course.

Promela/SPIN Acknowledgements: These notes used some of the material presented by Flavio Lerda as part of Ed Clarke’s model-checking course.
Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.

Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.
/ PSWLAB P ROMELA Semantics from “THE SPIN MODEL CHECKER” by G. J. Holzmann Presented by Hong,Shin 5 th Oct 2007 08:021PROMELA Semantics.

/ PSWLAB P ROMELA Semantics from “THE SPIN MODEL CHECKER” by G. J. Holzmann Presented by Hong,Shin 5 th Oct :021PROMELA Semantics.
An Overview of PROMELA. A protocol Validation Language –A notation for the specification and verification of procedure rules. –A partial description of.

An Overview of PROMELA. A protocol Validation Language –A notation for the specification and verification of procedure rules. –A partial description of.
The model checker SPIN1 The Model Checker SPIN. The model checker SPIN2 SPIN & Promela SPIN(=Simple Promela Interpreter) –tool for analyzing the logical.

The model checker SPIN1 The Model Checker SPIN. The model checker SPIN2 SPIN & Promela SPIN(=Simple Promela Interpreter) –tool for analyzing the logical.
Frederico Araujo CS6362 – Fall 2010 The SPIN Model Checker.

Frederico Araujo CS6362 – Fall 2010 The SPIN Model Checker.
Wishnu Prasetya Model Checking with SPIN Modeling and Verification with SPIN.

Wishnu Prasetya Model Checking with SPIN Modeling and Verification with SPIN.
CIS 725 Guarded Command Notation. Programming language style notation Guarded actions en(a)  a en(a): guard of the action boolean condition or boolean.

CIS 725 Guarded Command Notation. Programming language style notation Guarded actions en(a)  a en(a): guard of the action boolean condition or boolean.
© 2011 Carnegie Mellon University SPIN: Part 1 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.

© 2011 Carnegie Mellon University SPIN: Part /614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
The Spin Model Checker Promela Introduction 50374 Nguyen Tuan Duc 50378 Shogo Sawai.

The Spin Model Checker Promela Introduction Nguyen Tuan Duc Shogo Sawai.

Similar presentations

Ads by Google