Modelling systems, and model extraction from software
|
|
- Adam Randall
- 7 years ago
- Views:
Transcription
1 Modelling systems, and model extraction from software [Automated Reasoning, 2013/2014 1b Lecture 2] Doina Bucur Nov 2013
2 Summary In this lecture... Modelling computing systems Reactive systems Kripke structures. Definition and intuition Modeling hardware, software, and protocols Digital circuits: synchronous and asynchronous Extracting models from software (sequential or concurrent) Communication protocols Modelling with Promela Historical and bibliographical notes Assignment You learn to model various systems (software and hardware) in an automaton-like formalism of states and transitions called transition system, and to extract a model from software. The checking of the model against a state property is then immediate: you simply browse through all the states of the model and check your property. We apply this manual model checking to mutual exclusion algorithms. The assignments then move you towards using Spin to automatize this. Doina Bucur (d.bucur@rug.nl) Modelling systems, and model extraction from software Nov / 25
3 Modelling computing systems Reactive systems Systems may be categorized: In what regards form of system implementation: software, hardware (logic circuits, ASICs, etc.). In what regards system behaviour and its complexity: deterministic or nondeterministic terminating or not terminating synchronous or asynchronous lazy or real-time sequential or concurrent transformational or reactive. Doina Bucur Modelling systems, and model extraction from software Nov / 25
4 Modelling computing systems Reactive systems Reactive systems A transformational computation is not interruptible (below left, represented as an input/output black box). A reactive system interacts with the environment; input events may arrive at all times (right, as a black cactus ). Reactive includes transformational. S S A reactive system may be any combination of (non)terminating, (not) concurrent, (a)synchronous, etc. Examples: concurrent software, device drivers, networked machines, social humans, etc.; i.e., most complex systems. The modelling formalism you see here suits reactive systems. Doina Bucur (d.bucur@rug.nl) Modelling systems, and model extraction from software Nov / 25
5 Modelling computing systems Reactive systems Modelling a reactive system...is by writing: Its internal state at any given time; this state describes the current values stored in all memory (stack, heap, registers), plus the program counter. What this state will transition into, given an incoming event. For this, it is standard to use a variation of finite-state automata called Kripke structures. Doina Bucur (d.bucur@rug.nl) Modelling systems, and model extraction from software Nov / 25
6 Modelling computing systems Kripke structures. Definition and intuition Kripke structures Definition (Kripke structure) A Kripke structure M over a set of atomic propositions AP is a tuple M = (S, S 0, T, L) where S is a finite set of states, or state space; S 0 S is the subset of initial states; T S S is a transition relation. T should be total: s S, s S so that T (s, s ); L : S P(AP) is a function labelling each state with a subset of atomic propositions which are true in that state. Doina Bucur (d.bucur@rug.nl) Modelling systems, and model extraction from software Nov / 25
7 Modelling computing systems Kripke structures. Definition and intuition A simple example: from code to Kripke structure l0 int x = y = 0; l1 while (true) l2 x = (x+1) mod 3, y = x+1; State s S is a valuation of V = {x, y}; note that I left out the program counter to keep the example simple. Call the domain of both variables D. Then, S D D. In s 0, x = 0, y = 0. AP expresses variable valuations. A transition α T encodes an atomic assignment. l2 is atomic here. Match the transitions to statements in the original program! α α 0 1 s 0 s 1 s 2 {x=0,y=0} {x=1,y=2} α 3 α 2 s 3 {x=2,y=3} {x=0,y=1} Doina Bucur (d.bucur@rug.nl) Modelling systems, and model extraction from software Nov / 25
8 Modelling computing systems Kripke structures. Definition and intuition Some intuition behind this formalism S must be finite. This is not an artificial limitation of the model: in all information systems, D may be large (think 64-bit data types, in which case the size of D is 2 64 ), but is finite. (Digital systems never allow variables to have the full set of values from N, Z, R.) For a correct model, transitions must represent atomic system statements. Deciding on atomicity takes knowledge of the language, compiler, scheduler: Basic assignments in high-level languages may be atomic. However, machine-language translations may have finer grain. atomic {code} constructs, if available, make code atomic. Disabling interrupts in sequential low-level code makes the code atomic. T having to be total is an artificial (but harmless) feature of the model. Doina Bucur (d.bucur@rug.nl) Modelling systems, and model extraction from software Nov / 25
9 Modelling computing systems Kripke structures. Definition and intuition...and some intuition behind model checking s 0 {x=0,y=0} In this simple example: suppose you want to know whether α α 0 1 s 1 {x=1,y=2} α 3 s 3 {x=0,y=1} y eventually becomes equal to 3 x and y can ever be equal to 1 at the same time y is always greater than or equal to x the program terminates s 2 α 2 {x=2,y=3} the program can hit a deadlock the program has an overflow You can answer all these by searching through the model. This is what an automated model checker also does. Doina Bucur (d.bucur@rug.nl) Modelling systems, and model extraction from software Nov / 25
10 Modelling computing systems Kripke structures. Definition and intuition An equivalent logic representation for Kripke structures As per definition, the information is in state labels: α α 0 1 s 0 s 1 s 2 {x=0,y=0} {x=1,y=2} α 3 α 2 s 3 {x=2,y=3} {x=0,y=1} In this equivalent predicate-logic form, the same information is on transitions instead: A state is a conjunctive formula: s 0 (x = 0) (y = 0). Transitions, also: α i (x = (x + 1) mod 3) (y = (x + 1)), i = Primed variables represent next-state variables. Close to the program execution. A next state s 1 is the conjunction of the previous state s 0 and the transition α 0 : s 1 = s 0 α 0. Doina Bucur (d.bucur@rug.nl) Modelling systems, and model extraction from software Nov / 25
11 Modelling computing systems Kripke structures. Definition and intuition Paths in Kripke structures A path π from state s in a Kripke structure is an infinite sequence of states π = s 0 s 1 s 2... so that s 0 = s and (s i, s i+1 ) T, i 0. π i is the suffix of π starting at s i. Clearly, infinite paths exist in finite-state machines. Later, we see temporal properties, e.g., only after x becomes 1, y can become greater than x. For these, we will examine paths. You can now imagine that the complexity of model checking increases with: the number of states in the model how expressive the property is Doina Bucur (d.bucur@rug.nl) Modelling systems, and model extraction from software Nov / 25
12 Modeling hardware, software, and protocols Digital circuits: synchronous and asynchronous A synchronous circuit These are called sequential circuits: the output depends on current and past inputs. They include memory (flip-flops): Q becomes equal to D only after a clock pulse. This is a fragment of CPU design. Three boolean variables, D = {0, 1}, S = D D D; say all start equal to 0. At each transition, the bits change, e.g., b 0 b 0, synchronously; The single transition is the conjunction of these changes: ( b 0 b 0 ) ( b 1 b 0 b 1 ) ( b 2 (b 0 b 1 ) b 2 ) b2 D Q clk b1 D Q clk b0 D Q clk Modulo-8 counter. Doina Bucur (d.bucur@rug.nl) Modelling systems, and model extraction from software Nov / 25
13 Modeling hardware, software, and protocols Digital circuits: synchronous and asynchronous An asynchronous circuit These are called combinatorial circuits: the output depends solely on the current input (no memory, no notion of time, no means of synchronization). They are constructed with logic gates. Three boolean inputs, V = {b 0, b 1, b 2, }, D = {0, 1}, S D D D; At each transition, the bits change independently by b 0 b 0, etc; these changes may interleave; The transition is a disjunction of these changes: ( b 0 b 0 ) ( b 1 b 0 b 1 ) ( b 2 (b 0 b 1 ) b 2 ) b2 b1 b0 b2 b1 b0 Incrementing circuit. Doina Bucur (d.bucur@rug.nl) Modelling systems, and model extraction from software Nov / 25
14 Modeling hardware, software, and protocols Extracting models from software (sequential or concurrent) Sequential software You can automatically translate a program into a transition system. x = y = 0; z = *; /* z is not initialized */ while (true) x = (x+1) mod 3, y = x+1; One method: Generate the control-flow graph (CFG) from program source. Then, start with the initial state, and add a transition (and a new state) for each program statement. 0,0,* 1,2,* (CFG) 2,3,* 0,1,* (Kripke structure) Doina Bucur (d.bucur@rug.nl) Modelling systems, and model extraction from software Nov / 25
15 Modeling hardware, software, and protocols Extracting models from software (sequential or concurrent) Sequential software A formal method: Start by giving the entry point to each basic program statement a label l; the program counter will get these values: l1 l2 l3 /* start with x = y = 0, z uninitialized */ while (true) x = (x+1) mod 3, y = x+1; Then, we define a top-down translation Tr(l 1 P l 3 ) for the program P in predicate-logic form: while loop: Tr(l 1 while(true) {l 2 P 2 } l 3 ) is the disjunction (pc = l 1 ) (pc = l 2 ) same(x, y, z) Tr(l 2 P 2 l 1 ) assignment: Tr(l 2 x = (x+1) mod 3, y = x+1; l 1 ) is the conjunction (pc = l 2 ) (x = (x + 1)mod 3) (y = x + 1) same(z) (pc = l 1 ) Doina Bucur (d.bucur@rug.nl) Modelling systems, and model extraction from software Nov / 25
16 Modeling hardware, software, and protocols Extracting models from software (sequential or concurrent) Generalizing Tr(S) Tr(l x=y; l ) (pc = l) (x = y) (pc = l ) same(v \ {x}) Tr(l if(b) {l 1 P 1 } else {l 2 P 2 } l ) (pc = l) (b) (pc = l 1 ) same(v) (pc = l) ( b) (pc = l 2 ) same(v) Tr(l 1 P 1 l ) Tr(l 2 P 2 l ) Tr(l while(b) {l 1 P 1 } l ) (pc = l) (b) (pc = l 1 ) same(v) (pc = l) ( b) (pc = l ) same(v) Tr(l 1 P 1 l) Tr(l 1 P 1 l 2 P 2 l ) Tr(l 1 P 1 l 2 ) Tr(l 2 P 2 l ) This is what a software model checker will do to acquire a formal model. Doina Bucur (d.bucur@rug.nl) Modelling systems, and model extraction from software Nov / 25
17 Modeling hardware, software, and protocols Extracting models from software (sequential or concurrent) Concurrent software Concurrency simply means interleaving the transitions of the sequential programs (as for asynchronous circuits). Processes share variables. Take the concurrent program P l (P 1 P 2... P n ) l, where: The program counters pc i form a set PC. The sets of variables each process can access are V 1, V 2,... V n ; their union is V. Add start/end labels l i and l i for each process P i. Essentially, Tr(l P l ) is: n i=1 ( Tr(li P i l i ) same(v \ V i ) same(pc \ pc i ) ) (excluding a first and last formula starting and ending all processes) Doina Bucur (d.bucur@rug.nl) Modelling systems, and model extraction from software Nov / 25
18 Modeling hardware, software, and protocols Extracting models from software (sequential or concurrent) A mutual exclusion example Have P 0 P 1 symmetric processes, where P 0 : l0 while (true) nc0 wait_until(turn=0); /* busy waiting */ cr0 turn = 1; l0 and symmetric for P 1 (any 0 becomes 1 and vice versa). Consider both initial states. P 0 is represented as predicate logic (below), then as Kripke structure (right). Tr(l 0 P 0 l 0 ) (pc 0 = l 0 ) (pc 0 = nc 0) same(turn) (pc 0 = nc 0 ) (turn = 0) (pc = cr 0 ) same(turn) (pc 0 = nc 0 ) (turn = 0) (pc = nc 0 ) same(turn) (pc 0 = cr 0 ) (turn = 1) (pc 0 = l 0) pc 0 =l 0 turn=0 pc 0 =nc 0 turn=0 pc 0 =cr 0 turn=0 pc 0 =l 0 turn=1 pc 0 =nc 0 turn=1 Doina Bucur (d.bucur@rug.nl) Modelling systems, and model extraction from software Nov / 25
19 Modeling hardware, software, and protocols Extracting models from software (sequential or concurrent)...then, P 0 P 1 is: pc 0 =l0 pc 1 =l 1 turn=0 pc 0 =l 0 pc 1 =l 1 turn=1 pc 0 =l 0 pc 1 =nc 1 turn=0 pc 0 =nc0 pc 1 =l 1 turn=0 pc 0 =l 0 pc 1 =nc 1 turn=1 pc 0 =nc 0 pc 1 =l 1 turn=1 pc 0 =nc 0 pc 1 =nc 1 pc 0 =cr 0 pc 1 =l 1 turn=0 turn=0 pc 0 =l 0 pc 1 =cr 1 turn=1 pc 0 =nc 0 pc 1 =nc 1 turn=1 pc 0 =cr 0 pc 1 =nc 1 turn=0 pc 0 =nc 0 pc 1 =cr 1 turn=1 Here you see why modelling program counters is useful. Check visually: Does this program ensure mutual exclusion? Can a process be denied forever entrance to its critical region? Why? If you find hard to answer the Why?, try labelling all your graph s transitions, so that you can match transitions to the original code. Doina Bucur (d.bucur@rug.nl) Modelling systems, and model extraction from software Nov / 25
20 Modeling hardware, software, and protocols Communication protocols Communication with channels A communication protocol is nothing but a concurrent program. The model includes: Channels c to send on and receive from; these are modelled like shared variables; Sending constant m on c is c!m; this is like an assignment c = m; Receiving variable x on c is c?x; this is also like an assignment x = c; This send/receive can be synchronous or asynchronous (i.e. buffered). Doina Bucur (d.bucur@rug.nl) Modelling systems, and model extraction from software Nov / 25
21 Modeling hardware, software, and protocols Modelling with Promela Modelling with Promela High-level language; features from the Communicating Sequential Processes (CSP, C. A. R. Hoare) logic, and C. You have: processes and typed data variables, including inter-process communication channels with sophisticated operations; control-flow similar to that of C; a form of macro called inline (no functions); channels may model either asynchronous or synchronous communication, and may include a buffer; a great way to model busy-waiting on a condition: (a == b) is a statement blocking the process until a equals b;...and many quirky features. Doina Bucur (d.bucur@rug.nl) Modelling systems, and model extraction from software Nov / 25
22 Historical and bibliographical notes Historical notes The term reactive systems has been coined in On the Development of Reactive Systems, David Harel and Amir Pnueli, in NATO Advanced Study Institute (ASI) Series, Vol. F13, Logics and Models of Concurrent Systems, Springer-Verlag The term black cactus, also. Unfolding programs into transition systems has been used for verification of programs since the 70s, e.g. Formal verification of Parallel Programs, R. M. Keller, in Comm. ACM, 19(7), Doina Bucur Modelling systems, and model extraction from software Nov / 25
23 Historical and bibliographical notes Bibliographical notes The content in this lecture covers Ch. 2, Modeling Systems, from Model Checking, E. M. Clarke, O. Grumberg, D. A. Peled. For getting a grip with Spin, go for Ch. 2 Building Verification Models, Ch. 3 An Overview of Promela, Ch. 18 Overview of Spin Options, Ch. 19 Overview of Pan Options, from The Spin Model Checker, G. J. Holzmann. Alternatives: the Spin manual spinroot.com/spin/man/manual.html,../index.html,../roadmap.html. You may also read on the topic from Ch. 2, Modelling Concurrent Systems, from Principles of Model Checking, C. Baier, J.-P. Katoen. Doina Bucur (d.bucur@rug.nl) Modelling systems, and model extraction from software Nov / 25
24 Assignment Assignment (40%) Do the exercises at from [1.a] to [1.f]. Dig through the manual pages for info. (10%) Go back to the mutual exclusion on slides Answer the Why? question on slide 19. (50%) (a) Model Peterson s mutual exclusion algorithm (with two processes) as a Kripke structure; you find the algorithm on Wikipedia. Compact the algorithm as much as possible before you start, and make the threads loop infinitely. Then, visually check on the model the Wikipedia statements under Mutual exclusion (P0 and P1 can never be in the critical section at the same time) and Bounded waiting. (b) Finally, fire up SPIN, find an implementation of this (peterson.pml in SPIN s sources already contains an assertion for mutual exclusion), and check that with an exhaustive search. Decode the output and compare the size of this state space with the one above. Then, prove whether mutual exclusion is still insured without the second wait condition (on turn), and simulate the error trace to see why it fails. See for some graphical entertainment. Yes, you can model Peterson with two processes in 30 states (even fewer!). Doina Bucur (d.bucur@rug.nl) Modelling systems, and model extraction from software Nov / 25
25 Assignment Assignment administration Handing in: in the lab session or electronically by ; either way, before the end of Wed next week (Nov 27). Grading: this is worth 15% of your Practical grade (and 9% of the final grade). Doina Bucur Modelling systems, and model extraction from software Nov / 25
Formal Verification by Model Checking
Formal Verification by Model Checking Natasha Sharygina Carnegie Mellon University Guest Lectures at the Analysis of Software Artifacts Class, Spring 2005 1 Outline Lecture 1: Overview of Model Checking
More informationAutomata-based Verification - I
CS3172: Advanced Algorithms Automata-based Verification - I Howard Barringer Room KB2.20: email: howard.barringer@manchester.ac.uk March 2006 Supporting and Background Material Copies of key slides (already
More informationModel Checking: An Introduction
Announcements Model Checking: An Introduction Meeting 2 Office hours M 1:30pm-2:30pm W 5:30pm-6:30pm (after class) and by appointment ECOT 621 Moodle problems? Fundamentals of Programming Languages CSCI
More informationT-79.186 Reactive Systems: Introduction and Finite State Automata
T-79.186 Reactive Systems: Introduction and Finite State Automata Timo Latvala 14.1.2004 Reactive Systems: Introduction and Finite State Automata 1-1 Reactive Systems Reactive systems are a class of software
More informationTemporal Logics. Computation Tree Logic
Temporal Logics CTL: definition, relationship between operators, adequate sets, specifying properties, safety/liveness/fairness Modeling: sequential, concurrent systems; maximum parallelism/interleaving
More informationSoftware Modeling and Verification
Software Modeling and Verification Alessandro Aldini DiSBeF - Sezione STI University of Urbino Carlo Bo Italy 3-4 February 2015 Algorithmic verification Correctness problem Is the software/hardware system
More informationToday s Agenda. Automata and Logic. Quiz 4 Temporal Logic. Introduction Buchi Automata Linear Time Logic Summary
Today s Agenda Quiz 4 Temporal Logic Formal Methods in Software Engineering 1 Automata and Logic Introduction Buchi Automata Linear Time Logic Summary Formal Methods in Software Engineering 2 1 Buchi Automata
More informationThe Model Checker SPIN
The Model Checker SPIN Author: Gerard J. Holzmann Presented By: Maulik Patel Outline Introduction Structure Foundation Algorithms Memory management Example/Demo SPIN-Introduction Introduction SPIN (Simple(
More informationModel Checking based Software Verification
Model Checking based Software Verification 18.5-2006 Keijo Heljanko Keijo.Heljanko@tkk.fi Department of Computer Science and Engineering Helsinki University of Technology http://www.tcs.tkk.fi/~kepa/ 1/24
More informationINF5140: Specification and Verification of Parallel Systems
INF5140: Specification and Verification of Parallel Systems Lecture 7 LTL into Automata and Introduction to Promela Gerardo Schneider Department of Informatics University of Oslo INF5140, Spring 2007 Gerardo
More informationTesting LTL Formula Translation into Büchi Automata
Testing LTL Formula Translation into Büchi Automata Heikki Tauriainen and Keijo Heljanko Helsinki University of Technology, Laboratory for Theoretical Computer Science, P. O. Box 5400, FIN-02015 HUT, Finland
More informationFundamentals of Software Engineering
Fundamentals of Software Engineering Model Checking with Temporal Logic Ina Schaefer Institute for Software Systems Engineering TU Braunschweig, Germany Slides by Wolfgang Ahrendt, Richard Bubel, Reiner
More informationOverview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification
Introduction Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification Advanced Topics in Software Engineering 1 Concurrent Programs Characterized by
More informationSoftware Engineering using Formal Methods
Software Engineering using Formal Methods Model Checking with Temporal Logic Wolfgang Ahrendt 24th September 2013 SEFM: Model Checking with Temporal Logic /GU 130924 1 / 33 Model Checking with Spin model
More informationA Logic Approach for LTL System Modification
A Logic Approach for LTL System Modification Yulin Ding and Yan Zhang School of Computing & Information Technology University of Western Sydney Kingswood, N.S.W. 1797, Australia email: {yding,yan}@cit.uws.edu.au
More informationlogic language, static/dynamic models SAT solvers Verified Software Systems 1 How can we model check of a program or system?
5. LTL, CTL Last part: Alloy logic language, static/dynamic models SAT solvers Today: Temporal Logic (LTL, CTL) Verified Software Systems 1 Overview How can we model check of a program or system? Modeling
More informationIntroduction to SPIN. Acknowledgments. Parts of the slides are based on an earlier lecture by Radu Iosif, Verimag. Ralf Huuck. Features PROMELA/SPIN
Acknowledgments Introduction to SPIN Parts of the slides are based on an earlier lecture by Radu Iosif, Verimag. Ralf Huuck Ralf Huuck COMP 4152 1 Ralf Huuck COMP 4152 2 PROMELA/SPIN PROMELA (PROcess MEta
More informationLecture 9 verifying temporal logic
Basics of advanced software systems Lecture 9 verifying temporal logic formulae with SPIN 21/01/2013 1 Outline for today 1. Introduction: motivations for formal methods, use in industry 2. Developing models
More informationAlgorithmic Software Verification
Algorithmic Software Verification (LTL Model Checking) Azadeh Farzan What is Verification Anyway? Proving (in a formal way) that program satisfies a specification written in a logical language. Formal
More information(Refer Slide Time: 00:01:16 min)
Digital Computer Organization Prof. P. K. Biswas Department of Electronic & Electrical Communication Engineering Indian Institute of Technology, Kharagpur Lecture No. # 04 CPU Design: Tirning & Control
More informationLecture 8: Synchronous Digital Systems
Lecture 8: Synchronous Digital Systems The distinguishing feature of a synchronous digital system is that the circuit only changes in response to a system clock. For example, consider the edge triggered
More informationReal Time Programming: Concepts
Real Time Programming: Concepts Radek Pelánek Plan at first we will study basic concepts related to real time programming then we will have a look at specific programming languages and study how they realize
More informationintroduction to program monitoring
introduction to program monitoring CS 119 part II beyond assert and print course website http://www.runtime-verification.org/course09 action standing order: sell when price drops more than 2% within 1
More informationtutorial: hardware and software model checking
tutorial: hardware and software model checking gerard holzmann and anuj puri { gerard anuj } @research.bell-labs.com Bell Labs, USA outline introduction (15 mins) theory and algorithms system modeling
More informationFormal Languages and Automata Theory - Regular Expressions and Finite Automata -
Formal Languages and Automata Theory - Regular Expressions and Finite Automata - Samarjit Chakraborty Computer Engineering and Networks Laboratory Swiss Federal Institute of Technology (ETH) Zürich March
More informationInformatique Fondamentale IMA S8
Informatique Fondamentale IMA S8 Cours 1 - Intro + schedule + finite state machines Laure Gonnord http://laure.gonnord.org/pro/teaching/ Laure.Gonnord@polytech-lille.fr Université Lille 1 - Polytech Lille
More informationFormal Verification of Software
Formal Verification of Software Sabine Broda Department of Computer Science/FCUP 12 de Novembro de 2014 Sabine Broda (DCC-FCUP) Formal Verification of Software 12 de Novembro de 2014 1 / 26 Formal Verification
More informationhttp://aejm.ca Journal of Mathematics http://rema.ca Volume 1, Number 1, Summer 2006 pp. 69 86
Atlantic Electronic http://aejm.ca Journal of Mathematics http://rema.ca Volume 1, Number 1, Summer 2006 pp. 69 86 AUTOMATED RECOGNITION OF STUTTER INVARIANCE OF LTL FORMULAS Jeffrey Dallien 1 and Wendy
More informationA New Paradigm for Synchronous State Machine Design in Verilog
A New Paradigm for Synchronous State Machine Design in Verilog Randy Nuss Copyright 1999 Idea Consulting Introduction Synchronous State Machines are one of the most common building blocks in modern digital
More informationModel Checking II Temporal Logic Model Checking
1/32 Model Checking II Temporal Logic Model Checking Edmund M Clarke, Jr School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 2/32 Temporal Logic Model Checking Specification Language:
More informationFormal verification of contracts for synchronous software components using NuSMV
Formal verification of contracts for synchronous software components using NuSMV Tobias Polzer Lehrstuhl für Informatik 8 Bachelorarbeit 13.05.2014 1 / 19 Problem description and goals Problem description
More informationCAs and Turing Machines. The Basis for Universal Computation
CAs and Turing Machines The Basis for Universal Computation What We Mean By Universal When we claim universal computation we mean that the CA is capable of calculating anything that could possibly be calculated*.
More informationTo design digital counter circuits using JK-Flip-Flop. To implement counter using 74LS193 IC.
8.1 Objectives To design digital counter circuits using JK-Flip-Flop. To implement counter using 74LS193 IC. 8.2 Introduction Circuits for counting events are frequently used in computers and other digital
More informationCombining Software and Hardware Verification Techniques
Formal Methods in System Design, 21, 251 280, 2002 c 2002 Kluwer Academic Publishers. Manufactured in The Netherlands. Combining Software and Hardware Verification Techniques ROBERT P. KURSHAN VLADIMIR
More informationThe ProB Animator and Model Checker for B
The ProB Animator and Model Checker for B A Tool Description Michael Leuschel and Michael Butler Department of Electronics and Computer Science University of Southampton Highfield, Southampton, SO17 1BJ,
More informationModel checking test models. Author: Kevin de Berk Supervisors: Prof. dr. Wan Fokkink, dr. ir. Machiel van der Bijl
Model checking test models Author: Kevin de Berk Supervisors: Prof. dr. Wan Fokkink, dr. ir. Machiel van der Bijl February 14, 2014 Abstract This thesis is about model checking testing models. These testing
More informationThe Course. http://www.cse.unsw.edu.au/~cs3153/
The Course http://www.cse.unsw.edu.au/~cs3153/ Lecturers Dr Peter Höfner NICTA L5 building Prof Rob van Glabbeek NICTA L5 building Dr Ralf Huuck NICTA ATP building 2 Plan/Schedule (1) Where and When Tuesday,
More information6.080/6.089 GITCS Feb 12, 2008. Lecture 3
6.8/6.89 GITCS Feb 2, 28 Lecturer: Scott Aaronson Lecture 3 Scribe: Adam Rogal Administrivia. Scribe notes The purpose of scribe notes is to transcribe our lectures. Although I have formal notes of my
More informationEastern Washington University Department of Computer Science. Questionnaire for Prospective Masters in Computer Science Students
Eastern Washington University Department of Computer Science Questionnaire for Prospective Masters in Computer Science Students I. Personal Information Name: Last First M.I. Mailing Address: Permanent
More informationStatic Analysis. Find the Bug! 15-654: Analysis of Software Artifacts. Jonathan Aldrich. disable interrupts. ERROR: returning with interrupts disabled
Static Analysis 15-654: Analysis of Software Artifacts Jonathan Aldrich 1 Find the Bug! Source: Engler et al., Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions, OSDI
More informationFormal Verification and Linear-time Model Checking
Formal Verification and Linear-time Model Checking Paul Jackson University of Edinburgh Automated Reasoning 21st and 24th October 2013 Why Automated Reasoning? Intellectually stimulating and challenging
More informationCounters and Decoders
Physics 3330 Experiment #10 Fall 1999 Purpose Counters and Decoders In this experiment, you will design and construct a 4-bit ripple-through decade counter with a decimal read-out display. Such a counter
More informationDigital Logic Design. Basics Combinational Circuits Sequential Circuits. Pu-Jen Cheng
Digital Logic Design Basics Combinational Circuits Sequential Circuits Pu-Jen Cheng Adapted from the slides prepared by S. Dandamudi for the book, Fundamentals of Computer Organization and Design. Introduction
More informationTest Case Generation for Ultimately Periodic Paths Joint work with Saddek Bensalem Hongyang Qu Stavros Tripakis Lenore Zuck Accepted to HVC 2007 How to find the condition to execute a path? (weakest precondition
More informationUsing Patterns and Composite Propositions to Automate the Generation of Complex LTL
University of Texas at El Paso DigitalCommons@UTEP Departmental Technical Reports (CS) Department of Computer Science 8-1-2007 Using Patterns and Composite Propositions to Automate the Generation of Complex
More informationETEC 2301 Programmable Logic Devices. Chapter 10 Counters. Shawnee State University Department of Industrial and Engineering Technologies
ETEC 2301 Programmable Logic Devices Chapter 10 Counters Shawnee State University Department of Industrial and Engineering Technologies Copyright 2007 by Janna B. Gallaher Asynchronous Counter Operation
More informationAsynchronous Counters. Asynchronous Counters
Counters and State Machine Design November 25 Asynchronous Counters ENGI 25 ELEC 24 Asynchronous Counters The term Asynchronous refers to events that do not occur at the same time With respect to counter
More informationCPU Organisation and Operation
CPU Organisation and Operation The Fetch-Execute Cycle The operation of the CPU 1 is usually described in terms of the Fetch-Execute cycle. 2 Fetch-Execute Cycle Fetch the Instruction Increment the Program
More informationQuick Start Guide. June 3, 2012
The ERIGONE Model Checker Quick Start Guide Mordechai (Moti) Ben-Ari Department of Science Teaching Weizmann Institute of Science Rehovot 76100 Israel http://stwww.weizmann.ac.il/g-cs/benari/ June 3, 2012
More information150127-Microprocessor & Assembly Language
Chapter 3 Z80 Microprocessor Architecture The Z 80 is one of the most talented 8 bit microprocessors, and many microprocessor-based systems are designed around the Z80. The Z80 microprocessor needs an
More informationCS311 Lecture: Sequential Circuits
CS311 Lecture: Sequential Circuits Last revised 8/15/2007 Objectives: 1. To introduce asynchronous and synchronous flip-flops (latches and pulsetriggered, plus asynchronous preset/clear) 2. To introduce
More informationCHAPTER 11: Flip Flops
CHAPTER 11: Flip Flops In this chapter, you will be building the part of the circuit that controls the command sequencing. The required circuit must operate the counter and the memory chip. When the teach
More informationLTL Model Checking with Logic Based Petri Nets
LTL Model Checking with Logic Based Petri Nets Tristan M. Behrens and Jürgen Dix IfI Technical Report Series IfI-07-04 Impressum Publisher: Institut für Informatik, Technische Universität Clausthal Julius-Albert
More informationA Framework for the Semantics of Behavioral Contracts
A Framework for the Semantics of Behavioral Contracts Ashley McNeile Metamaxim Ltd, 48 Brunswick Gardens, London W8 4AN, UK ashley.mcneile@metamaxim.com Abstract. Contracts have proved a powerful concept
More informationStatic Program Transformations for Efficient Software Model Checking
Static Program Transformations for Efficient Software Model Checking Shobha Vasudevan Jacob Abraham The University of Texas at Austin Dependable Systems Large and complex systems Software faults are major
More informationSources: On the Web: Slides will be available on:
C programming Introduction The basics of algorithms Structure of a C code, compilation step Constant, variable type, variable scope Expression and operators: assignment, arithmetic operators, comparison,
More informationLet s put together a Manual Processor
Lecture 14 Let s put together a Manual Processor Hardware Lecture 14 Slide 1 The processor Inside every computer there is at least one processor which can take an instruction, some operands and produce
More informationIntroduction to Promela and SPIN. LACL, Université Paris 12
Introduction to Promela and SPIN LACL, Université Paris 12 Promela = Process Meta Language A specification language! No programming language! Used for system description : Specify an abstraction of the
More informationTake-Home Exercise. z y x. Erik Jonsson School of Engineering and Computer Science. The University of Texas at Dallas
Take-Home Exercise Assume you want the counter below to count mod-6 backward. That is, it would count 0-5-4-3-2-1-0, etc. Assume it is reset on startup, and design the wiring to make the counter count
More informationIntroduction to Software Verification
Introduction to Software Verification Orna Grumberg Lectures Material winter 2013-14 Lecture 4 5.11.13 Model Checking Automated formal verification: A different approach to formal verification Model Checking
More informationCOMP 250 Fall 2012 lecture 2 binary representations Sept. 11, 2012
Binary numbers The reason humans represent numbers using decimal (the ten digits from 0,1,... 9) is that we have ten fingers. There is no other reason than that. There is nothing special otherwise about
More information6.080 / 6.089 Great Ideas in Theoretical Computer Science Spring 2008
MIT OpenCourseWare http://ocw.mit.edu 6.080 / 6.089 Great Ideas in Theoretical Computer Science Spring 2008 For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms.
More informationModel-Checking Verification for Reliable Web Service
Model-Checking Verification for Reliable Web Service Shin NAKAJIMA Hosei University and PRESTO, JST nkjm@i.hosei.ac.jp Abstract Model-checking is a promising technique for the verification and validation
More informationEE 42/100 Lecture 24: Latches and Flip Flops. Rev B 4/21/2010 (2:04 PM) Prof. Ali M. Niknejad
A. M. Niknejad University of California, Berkeley EE 100 / 42 Lecture 24 p. 1/20 EE 42/100 Lecture 24: Latches and Flip Flops ELECTRONICS Rev B 4/21/2010 (2:04 PM) Prof. Ali M. Niknejad University of California,
More informationReading 13 : Finite State Automata and Regular Expressions
CS/Math 24: Introduction to Discrete Mathematics Fall 25 Reading 3 : Finite State Automata and Regular Expressions Instructors: Beck Hasti, Gautam Prakriya In this reading we study a mathematical model
More informationDevelopment of dynamically evolving and self-adaptive software. 1. Background
Development of dynamically evolving and self-adaptive software 1. Background LASER 2013 Isola d Elba, September 2013 Carlo Ghezzi Politecnico di Milano Deep-SE Group @ DEIB 1 Requirements Functional requirements
More informationHECTOR a software model checker with cooperating analysis plugins. Nathaniel Charlton and Michael Huth Imperial College London
HECTOR a software model checker with cooperating analysis plugins Nathaniel Charlton and Michael Huth Imperial College London Introduction HECTOR targets imperative heap-manipulating programs uses abstraction
More informationSoftware Model Checking: Theory and Practice
Software Model Checking: Theory and Practice Lecture: Specification Checking - LTL Model Checking Copyright 2004, Matt Dwyer, John Hatcliff, and Robby. The syllabus and all lectures for this course are
More informationAlgorithm & Flowchart & Pseudo code. Staff Incharge: S.Sasirekha
Algorithm & Flowchart & Pseudo code Staff Incharge: S.Sasirekha Computer Programming and Languages Computers work on a set of instructions called computer program, which clearly specify the ways to carry
More informationSpecification and Analysis of Contracts Lecture 1 Introduction
Specification and Analysis of Contracts Lecture 1 Introduction Gerardo Schneider gerardo@ifi.uio.no http://folk.uio.no/gerardo/ Department of Informatics, University of Oslo SEFM School, Oct. 27 - Nov.
More informationLogic in Computer Science: Logic Gates
Logic in Computer Science: Logic Gates Lila Kari The University of Western Ontario Logic in Computer Science: Logic Gates CS2209, Applied Logic for Computer Science 1 / 49 Logic and bit operations Computers
More informationConcurrent Programming
Concurrent Programming Principles and Practice Gregory R. Andrews The University of Arizona Technische Hochschule Darmstadt FACHBEREICH INFCRMATIK BIBLIOTHEK Inventar-Nr.:..ZP.vAh... Sachgebiete:..?r.:..\).
More informationFabio Patrizi DIS Sapienza - University of Rome
Fabio Patrizi DIS Sapienza - University of Rome Overview Introduction to Services The Composition Problem Two frameworks for composition: Non data-aware services Data-aware services Conclusion & Research
More informationMemory Elements. Combinational logic cannot remember
Memory Elements Combinational logic cannot remember Output logic values are function of inputs only Feedback is needed to be able to remember a logic value Memory elements are needed in most digital logic
More informationUnderstanding Verilog Blocking and Non-blocking Assignments
Understanding Verilog Blocking and Non-blocking Assignments International Cadence User Group Conference September 11, 1996 presented by Stuart HDL Consulting About the Presenter Stuart has over 8 years
More informationRegisters & Counters
Objectives This section deals with some simple and useful sequential circuits. Its objectives are to: Introduce registers as multi-bit storage devices. Introduce counters by adding logic to registers implementing
More informationTDT 4260 lecture 11 spring semester 2013. Interconnection network continued
1 TDT 4260 lecture 11 spring semester 2013 Lasse Natvig, The CARD group Dept. of computer & information science NTNU 2 Lecture overview Interconnection network continued Routing Switch microarchitecture
More informationUsing reverse circuit execution for efficient parallel simulation of logic circuits
Using reverse circuit execution for efficient parallel simulation of logic circuits Kalyan Perumalla *, Richard Fujimoto College of Computing, Georgia Tech, Atlanta, Georgia, USA ABSTRACT A novel technique
More informationCounters & Shift Registers Chapter 8 of R.P Jain
Chapter 3 Counters & Shift Registers Chapter 8 of R.P Jain Counters & Shift Registers Counters, Syllabus Design of Modulo-N ripple counter, Up-Down counter, design of synchronous counters with and without
More informationRegular Expressions and Automata using Haskell
Regular Expressions and Automata using Haskell Simon Thompson Computing Laboratory University of Kent at Canterbury January 2000 Contents 1 Introduction 2 2 Regular Expressions 2 3 Matching regular expressions
More informationCOMPUTER SCIENCE TRIPOS
CST.98.5.1 COMPUTER SCIENCE TRIPOS Part IB Wednesday 3 June 1998 1.30 to 4.30 Paper 5 Answer five questions. No more than two questions from any one section are to be answered. Submit the answers in five
More informationDigital Systems Based on Principles and Applications of Electrical Engineering/Rizzoni (McGraw Hill
Digital Systems Based on Principles and Applications of Electrical Engineering/Rizzoni (McGraw Hill Objectives: Analyze the operation of sequential logic circuits. Understand the operation of digital counters.
More informationModule 3: Floyd, Digital Fundamental
Module 3: Lecturer : Yongsheng Gao Room : Tech - 3.25 Email : yongsheng.gao@griffith.edu.au Structure : 6 lectures 1 Tutorial Assessment: 1 Laboratory (5%) 1 Test (20%) Textbook : Floyd, Digital Fundamental
More informationIntroduction. What is an Operating System?
Introduction What is an Operating System? 1 What is an Operating System? 2 Why is an Operating System Needed? 3 How Did They Develop? Historical Approach Affect of Architecture 4 Efficient Utilization
More informationA Propositional Dynamic Logic for CCS Programs
A Propositional Dynamic Logic for CCS Programs Mario R. F. Benevides and L. Menasché Schechter {mario,luis}@cos.ufrj.br Abstract This work presents a Propositional Dynamic Logic in which the programs are
More informationDigital Design Verification
Digital Design Verification Course Instructor: Debdeep Mukhopadhyay Dept of Computer Sc. and Engg. Indian Institute of Technology Madras, Even Semester Course No: CS 676 1 Verification??? What is meant
More informationA Classification of Model Checking-based Verification Approaches for Software Models
A Classification of Model Checking-based Verification Approaches for Software Models Petra Brosch, Sebastian Gabmeyer, Martina Seidl Sebastian Gabmeyer Business Informatics Group Institute of Software
More informationEnforcing Security Policies. Rahul Gera
Enforcing Security Policies Rahul Gera Brief overview Security policies and Execution Monitoring. Policies that can be enforced using EM. An automata based formalism for specifying those security policies.
More informationChapter 2 Logic Gates and Introduction to Computer Architecture
Chapter 2 Logic Gates and Introduction to Computer Architecture 2.1 Introduction The basic components of an Integrated Circuit (IC) is logic gates which made of transistors, in digital system there are
More informationSoftware safety - DEF-STAN 00-55
Software safety - DEF-STAN 00-55 Where safety is dependent on the safety related software (SRS) fully meeting its requirements, demonstrating safety is equivalent to demonstrating correctness with respect
More informationCS101 Lecture 26: Low Level Programming. John Magee 30 July 2013 Some material copyright Jones and Bartlett. Overview/Questions
CS101 Lecture 26: Low Level Programming John Magee 30 July 2013 Some material copyright Jones and Bartlett 1 Overview/Questions What did we do last time? How can we control the computer s circuits? How
More informationDoina Bucur. Temporal Monitors for
Doina Bucur / Temporal Monitors for 1 Application area: wireless sensor/actuator systems running TinyOS, a best-effort, asynchronous embedded OS In summary: 2 Application area: wireless sensor/actuator
More informationTuring Machines: An Introduction
CIT 596 Theory of Computation 1 We have seen several abstract models of computing devices: Deterministic Finite Automata, Nondeterministic Finite Automata, Nondeterministic Finite Automata with ɛ-transitions,
More informationModel Checking of Software
Model Checking of Software Patrice Godefroid Bell Laboratories, Lucent Technologies SpecNCheck Page 1 August 2001 A Brief History of Model Checking Prehistory: transformational programs and theorem proving
More informationVeriTech - A Framework for Translating among Model Description Notations
Software Tools for Technology Transfer manuscript No. (will be inserted by the editor) VeriTech - A Framework for Translating among Model Description Notations Orna Grumberg and Shmuel Katz Computer Science
More information2 Temporal Logic Model Checking
Bounded Model Checking Using Satisfiability Solving Edmund Clarke 1, Armin Biere 2, Richard Raimi 3, and Yunshan Zhu 4 1 Computer Science Department, CMU, 5000 Forbes Avenue Pittsburgh, PA 15213, USA,
More informationModel Checking LTL Properties over C Programs with Bounded Traces
Noname manuscript No. (will be inserted by the editor) Model Checking LTL Properties over C Programs with Bounded Traces Jeremy Morse 1, Lucas Cordeiro 2, Denis Nicole 1, Bernd Fischer 1,3 1 Electronics
More informationDivision of Mathematical Sciences
Division of Mathematical Sciences Chair: Mohammad Ladan, Ph.D. The Division of Mathematical Sciences at Haigazian University includes Computer Science and Mathematics. The Bachelor of Science (B.S.) degree
More informationIntroduction to Formal Methods. Các Phương Pháp Hình Thức Cho Phát Triển Phần Mềm
Introduction to Formal Methods Các Phương Pháp Hình Thức Cho Phát Triển Phần Mềm Outline Introduction Formal Specification Formal Verification Model Checking Theorem Proving Introduction Good papers to
More informationModel Checking Distributed Software
Model Checking Distributed Software Sagar Chaki September 19, 2014 Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Model Checking and Me 1997 : Ed visits IIT Kharagpur Just
More information