# Today s Agenda. Automata and Logic. Quiz 4 Temporal Logic. Introduction Buchi Automata Linear Time Logic Summary

Save this PDF as:

Size: px
Start display at page:

Download "Today s Agenda. Automata and Logic. Quiz 4 Temporal Logic. Introduction Buchi Automata Linear Time Logic Summary"

## Transcription

1 Today s Agenda Quiz 4 Temporal Logic Formal Methods in Software Engineering 1 Automata and Logic Introduction Buchi Automata Linear Time Logic Summary Formal Methods in Software Engineering 2 1

2 Buchi Automata The SPIN model checker is based on the theory of Buchi automata (or ω-automata). Buchi automata does not only accept finite executions but also infinite executions. SPIN does not only formalize correctness properties as Buchi automata, but also uses it to describe the system behavior. Formal Methods in Software Engineering 3 Temporal Logic Temporal logic allows time-related properties to be formally specified without introducing the explicit notion of time. SPIN uses Linear Temporal Logic (LTL), which allows to specify properties that must be satisfied by all program executions. Question: Why don t we use Buchi automata to specify correctness properties? Formal Methods in Software Engineering 4 2

3 The Magic The verification of a PROMELA model in SPIN consists of the following steps: Build an automaton to represent the system behavior For each correctness property, build an automaton to represent its negation Compute the intersection of the system automaton and each property automaton Formal Methods in Software Engineering 5 Automata and Logic Introduction Buchi Automata Linear Time Logic Summary Formal Methods in Software Engineering 6 3

4 FSA A finite state automaton is a tuple (S, s 0, L, T, F), where S is a finite set of states s 0 is a distinguished initial state, s 0 S L is a finite set of labels T is a set of transitions, T (S L S) F is a set of final states, T Formal Methods in Software Engineering 7 Determinism An FSA is deterministic, if the successor state of each transition is uniquely defined by the source state and the transition label. Many automata we will encounter are nondeterministic, which however can be easily determinized. Formal Methods in Software Engineering 8 4

5 Run A run of an FSA (S, s 0, L, T, F) is an ordered, possibly infinite, set of transitions { (s 0, l 0, s 1 ), (s 1, l 1, s 2 ), (s 2, l 2, s 3 ),... } such that i, i 0 (s i, l i, s i+1 ) T Note that frequently, we will only refer to the sequence of states or transitions of a run. Formal Methods in Software Engineering 9 Accepting Run A run is accepted by an FSA if and only if it terminates at a final state. Formally, an accepting run of an FSA (S, s 0, L, T, F) is a finite run in which the final transition has the property that s n F. Formal Methods in Software Engineering 10 5

6 Example idle start ready suspended run execute stop end unblock block waiting { start, run, block, unblock, stop } Formal Methods in Software Engineering 11 Infinite Runs Many systems have infinite runs, i.e., they do not necessarily terminate, such as a thread scheduler, a web server, or a telephone switch. An infinite run is often called an ω-run. A classic FSA only accepts finite runs, not ω-runs. Formal Methods in Software Engineering 12 6

7 Buchi Acceptance Intuitively, an infinite run is accepted if and only if the run visits some final state infinitely often. Formally, an ω-run σ of FSA (S, s 0, L, T, F) is accepting if s f, s f F s f σ ω, where σ ω is the set of states that appear infinitely often in σ. Formal Methods in Software Engineering 13 Example idle start ready suspended run execute stop end unblock block waiting { start, run, { suspended, run }* } Formal Methods in Software Engineering 14 7

8 Stutter Extension The stutter extension of finite run σ with final state s n is the ω-run σ, (s n, ε, s n ) ω, i.e., the final state persists forever by repeating the null action ε. This extension allows Buchi acceptance to be applied to finite runs, i.e., a finite run is accepted by a Buchi automaton if and only if its final state is in the set of accepting states. Formal Methods in Software Engineering 15 Decidability Issues Two properties of Büchi automata in particular are of interest and are both decidable: language emptiness: are there any accepting runs? language intersection: are there any runs that are accepted by 2 or more automata? Spin s model checking algorithm is based on these two checks Spin determines if the intersection of the languages of a property automaton and a system automaton is empty Formal Methods in Software Engineering 16 8

9 Automata and Logic Introduction Buchi Automata Linear Time Logic Summary Formal Methods in Software Engineering 17 Temporal Logic Temporal logic allows one to reason about temporal properties of system executions, without introducing the notion of time explicitly. The dominant logic used in software verification is LTL, whose formulas are evaluated over a single execution. Formal Methods in Software Engineering 18 9

10 LTL A well-formed LTL formula is built from state formula and temporal operators: All state formulas are well-formed LTL formulas. If p and q are well-formed LTL formulas, then p U q, p U q, apple p, p, and X p are also well-formed LTL formulas. Formal Methods in Software Engineering 19 Notations σ = f : LTL formula f holds for ω-run σ σ i : the i-th element of σ σ[i] : the suffix of σ that starts at the i-th element Formal Methods in Software Engineering 20 10

11 LTL Operators (1) Weak Until - U σ[i] = (p U q) σ i = q (σ i = p σ[i+1] = (p U q)) Strong Until - U σ[i] = (p U q) σ[i] = (p U q) j, j i, σ j = q σ[i] p U q s0 si p si+1 p sj q Formal Methods in Software Engineering 21 LTL Operators (2) always (apple) : σ = apple p σ = (p U false) eventuality ( ) : σ = q σ = (true U q) next (X) : σ = X p σ i+1 = p σ apple p s0 s1 s2 s3 s4 p p p p p σ q s0 s1 s2 sk q σ X p s0 s1 s2 s3 s4 p Formal Methods in Software Engineering 22 11

12 LTL Example (1) Consider how to express the informal requirement that p implies q. In other words, p causes q. [] ((p -> X (<> q)) <> p) Formal Methods in Software Engineering 23 LTL Example (2) Consider a traffic light. The lights keep changing in the following order: green -> yellow -> red -> green Use a LTL formula to specify that from a state where the light is green the green color continues until it changes to yellow? Formal Methods in Software Engineering 24 12

13 Frequently Used Formulas invariance : apple p guarantee : p response : p q precedence : p q U r recurrence (progress) : apple p stability (non-progress) : apple p correlation : p q Formal Methods in Software Engineering 25 Valuation Sequence Let P be the set of all state formulas in a given LTL formula. Let V be the set of valuations, i.e., all possible truth assignments, of these formulas. Then, we can associate each run σ with a sequence of valuations V(σ), denoting the truth assignments of all the state formulas at each state. σ p U q s0 s1 s2 s3 s4 p: true true true false false q: false false false false true Formal Methods in Software Engineering 26 13

14 LTL and ω-automata (1) For every LTL formula, there exists an equivalent Buchi automaton, i.e., one that accepts precisely those runs that satisfy the formula. SPIN provides a separate parser that translates an LTL formula to a never claim. Formal Methods in Software Engineering 27 LTL and ω-automata (2) \$ spin f <> [] p never { /* <>[]p */ T0_init: if :: ((p)) -> goto accept_s4 :: (1) -> goto T0_init fi; accept_s4: if :: ((p)) -> goto accept_s4 fi; } true p p s 0 s 1 Formal Methods in Software Engineering 28 14

15 LTL and ω-automata (3) \$ spin f! <> [] p never { /*!<>[]p */ T0_init: if :: (! ((p))) -> goto accept_s9 :: (1) -> goto T0_init fi; accept_s9: if :: (1) -> goto T0_init fi; } true!p s 0 s 1 true Formal Methods in Software Engineering 29 Example (1) int x = 100; active proctype A () { do :: x % 2 -> x = 3 *x + 1 od } active proctype B () { do ::! (x % 2) -> x = x / 2 od } Formal Methods in Software Engineering 30 15

16 Example (2) Prove that x can never become negative, and also never exceed its initial value. Prove that the value of x always eventually returns to 1. Formal Methods in Software Engineering 31 Automata and Logic Introduction Buchi Automata Linear Time Logic Summary Formal Methods in Software Engineering 32 16

17 Summary Unlike classic FSA, which only accepts finite runs, ω-automata accepts both finite and infinite runs. LTL can be used to specify properties that must be satisfied by all the system executions. An LTL formula can be translated to an equivalent ω-automata. Formal Methods in Software Engineering 33 17

### Formal Verification by Model Checking

Formal Verification by Model Checking Natasha Sharygina Carnegie Mellon University Guest Lectures at the Analysis of Software Artifacts Class, Spring 2005 1 Outline Lecture 1: Overview of Model Checking

### Algorithmic Software Verification

Algorithmic Software Verification (LTL Model Checking) Azadeh Farzan What is Verification Anyway? Proving (in a formal way) that program satisfies a specification written in a logical language. Formal

### tutorial: hardware and software model checking

tutorial: hardware and software model checking gerard holzmann and anuj puri { gerard anuj } @research.bell-labs.com Bell Labs, USA outline introduction (15 mins) theory and algorithms system modeling

### logic language, static/dynamic models SAT solvers Verified Software Systems 1 How can we model check of a program or system?

5. LTL, CTL Last part: Alloy logic language, static/dynamic models SAT solvers Today: Temporal Logic (LTL, CTL) Verified Software Systems 1 Overview How can we model check of a program or system? Modeling

### Software Model Checking: Theory and Practice

Software Model Checking: Theory and Practice Lecture: Specification Checking - LTL Model Checking Copyright 2004, Matt Dwyer, John Hatcliff, and Robby. The syllabus and all lectures for this course are

### Fundamentals of Software Engineering

Fundamentals of Software Engineering Model Checking with Temporal Logic Ina Schaefer Institute for Software Systems Engineering TU Braunschweig, Germany Slides by Wolfgang Ahrendt, Richard Bubel, Reiner

### Software Engineering using Formal Methods

Software Engineering using Formal Methods Model Checking with Temporal Logic Wolfgang Ahrendt 24th September 2013 SEFM: Model Checking with Temporal Logic /GU 130924 1 / 33 Model Checking with Spin model

### The Model Checker SPIN

The Model Checker SPIN Author: Gerard J. Holzmann Presented By: Maulik Patel Outline Introduction Structure Foundation Algorithms Memory management Example/Demo SPIN-Introduction Introduction SPIN (Simple(

### Testing LTL Formula Translation into Büchi Automata

Testing LTL Formula Translation into Büchi Automata Heikki Tauriainen and Keijo Heljanko Helsinki University of Technology, Laboratory for Theoretical Computer Science, P. O. Box 5400, FIN-02015 HUT, Finland

### Access Control Based on Dynamic Monitoring for Detecting Software Malicious Behaviours

Access Control Based on Dynamic Monitoring for Detecting Software Malicious Behaviours K. Adi, L. Sullivan & A. El Kabbal Computer Security Research Laboratory http://w3.uqo.ca/lrsi NCAC'05 1 Motivation

### Lecture 9 verifying temporal logic

Basics of advanced software systems Lecture 9 verifying temporal logic formulae with SPIN 21/01/2013 1 Outline for today 1. Introduction: motivations for formal methods, use in industry 2. Developing models

### Introduction to SPIN. Acknowledgments. Parts of the slides are based on an earlier lecture by Radu Iosif, Verimag. Ralf Huuck. Features PROMELA/SPIN

Acknowledgments Introduction to SPIN Parts of the slides are based on an earlier lecture by Radu Iosif, Verimag. Ralf Huuck Ralf Huuck COMP 4152 1 Ralf Huuck COMP 4152 2 PROMELA/SPIN PROMELA (PROcess MEta

### Context-Bounded Model Checking of LTL Properties for ANSI-C Software. Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole Model Checking C Model checking: normally applied to formal state transition

### Formal Verification of Software

Formal Verification of Software Sabine Broda Department of Computer Science/FCUP 12 de Novembro de 2014 Sabine Broda (DCC-FCUP) Formal Verification of Software 12 de Novembro de 2014 1 / 26 Formal Verification

### T-79.186 Reactive Systems: Introduction and Finite State Automata

T-79.186 Reactive Systems: Introduction and Finite State Automata Timo Latvala 14.1.2004 Reactive Systems: Introduction and Finite State Automata 1-1 Reactive Systems Reactive systems are a class of software

### Development of dynamically evolving and self-adaptive software. 1. Background

Development of dynamically evolving and self-adaptive software 1. Background LASER 2013 Isola d Elba, September 2013 Carlo Ghezzi Politecnico di Milano Deep-SE Group @ DEIB 1 Requirements Functional requirements

### Feature Specification and Automated Conflict Detection

Feature Specification and Automated Conflict Detection AMY P. FELTY University of Ottawa and KEDAR S. NAMJOSHI Bell Laboratories Large software systems, especially in the telecommunications field, are

### INF5140: Specification and Verification of Parallel Systems

INF5140: Specification and Verification of Parallel Systems Lecture 7 LTL into Automata and Introduction to Promela Gerardo Schneider Department of Informatics University of Oslo INF5140, Spring 2007 Gerardo

### Formal Verification and Linear-time Model Checking

Formal Verification and Linear-time Model Checking Paul Jackson University of Edinburgh Automated Reasoning 21st and 24th October 2013 Why Automated Reasoning? Intellectually stimulating and challenging

### Quick Start Guide. June 3, 2012

The ERIGONE Model Checker Quick Start Guide Mordechai (Moti) Ben-Ari Department of Science Teaching Weizmann Institute of Science Rehovot 76100 Israel http://stwww.weizmann.ac.il/g-cs/benari/ June 3, 2012

### Model checking test models. Author: Kevin de Berk Supervisors: Prof. dr. Wan Fokkink, dr. ir. Machiel van der Bijl

Model checking test models Author: Kevin de Berk Supervisors: Prof. dr. Wan Fokkink, dr. ir. Machiel van der Bijl February 14, 2014 Abstract This thesis is about model checking testing models. These testing

### Model Checking LTL Properties over C Programs with Bounded Traces

Noname manuscript No. (will be inserted by the editor) Model Checking LTL Properties over C Programs with Bounded Traces Jeremy Morse 1, Lucas Cordeiro 2, Denis Nicole 1, Bernd Fischer 1,3 1 Electronics

### CISC422/853: Formal Methods

Outline CISC422/853: Formal Methods in Software Engineering: Computer-Aided Verification Topic 7: Specifying, or How to Describe How the System Should (or Should Not) Behave Juergen Dingel Feb, 2009 Readings:

### A Classification of Model Checking-based Verification Approaches for Software Models

A Classification of Model Checking-based Verification Approaches for Software Models Petra Brosch, Sebastian Gabmeyer, Martina Seidl Sebastian Gabmeyer Business Informatics Group Institute of Software

### Software Modeling and Verification

Software Modeling and Verification Alessandro Aldini DiSBeF - Sezione STI University of Urbino Carlo Bo Italy 3-4 February 2015 Algorithmic verification Correctness problem Is the software/hardware system

### Introduction to Promela and SPIN. LACL, Université Paris 12

Introduction to Promela and SPIN LACL, Université Paris 12 Promela = Process Meta Language A specification language! No programming language! Used for system description : Specify an abstraction of the

### Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification

Introduction Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification Advanced Topics in Software Engineering 1 Concurrent Programs Characterized by

### Automata-Based Verification of Temporal Properties on Running Programs Dimitra Giannakopoulou Klaus Havelund

Automata-Based Verification of Temporal Properties on Running Programs Dimitra Giannakopoulou Klaus Havelund RIACS Technical Report 01.21 August 2001 Presented at the 16 th IEEE International Conference

### Mechanizing the Powerset Construction for Restricted Classes of ω-automata

Mechanizing the Powerset Construction for Restricted Classes of ω-automata Christian Dax 1, Jochen Eisinger 2, Felix Klaedtke 1 1 ETH Zurich 2 Albert-Ludwigs-University of Freiburg ATVA 2007 Motivation

### Temporal Logics. Computation Tree Logic

Temporal Logics CTL: definition, relationship between operators, adequate sets, specifying properties, safety/liveness/fairness Modeling: sequential, concurrent systems; maximum parallelism/interleaving

### http://aejm.ca Journal of Mathematics http://rema.ca Volume 1, Number 1, Summer 2006 pp. 69 86

Atlantic Electronic http://aejm.ca Journal of Mathematics http://rema.ca Volume 1, Number 1, Summer 2006 pp. 69 86 AUTOMATED RECOGNITION OF STUTTER INVARIANCE OF LTL FORMULAS Jeffrey Dallien 1 and Wendy

### Validated Templates for Specification of Complex LTL Formulas

Validated Templates for Specification of Complex LTL Formulas Salamah Salamah Department of Electrical, computer, Software, and Systems Engineering Embry Riddle Aeronautical University 600 S. Clyde Morris

### Combining Software and Hardware Verification Techniques

Formal Methods in System Design, 21, 251 280, 2002 c 2002 Kluwer Academic Publishers. Manufactured in The Netherlands. Combining Software and Hardware Verification Techniques ROBERT P. KURSHAN VLADIMIR

### A Logic Approach for LTL System Modification

A Logic Approach for LTL System Modification Yulin Ding and Yan Zhang School of Computing & Information Technology University of Western Sydney Kingswood, N.S.W. 1797, Australia email: {yding,yan}@cit.uws.edu.au

### Automata-Based Verification of Temporal Properties on Running Programs

Automata-Based Verification of Temporal Properties on Running Programs Dimitra Giannakopoulou (RIACS) and Klaus Havelund (Kestrel Technologies) Automated Software Engineering Group NASA Ames Research Center,

### Model Checking: An Introduction

Announcements Model Checking: An Introduction Meeting 2 Office hours M 1:30pm-2:30pm W 5:30pm-6:30pm (after class) and by appointment ECOT 621 Moodle problems? Fundamentals of Programming Languages CSCI

### ω-automata Automata that accept (or reject) words of infinite length. Languages of infinite words appear:

ω-automata ω-automata Automata that accept (or reject) words of infinite length. Languages of infinite words appear: in verification, as encodings of non-terminating executions of a program. in arithmetic,

Test Case Generation for Ultimately Periodic Paths Joint work with Saddek Bensalem Hongyang Qu Stavros Tripakis Lenore Zuck Accepted to HVC 2007 How to find the condition to execute a path? (weakest precondition

### MODEL CHECKING OF SERVICES WORKFLOW RECONFIGURATION: A PERSPECTIVE ON DEPENDABILITY

MODEL CHECKING OF SERVICES WORKFLOW RECONFIGURATION: A PERSPECTIVE ON DEPENDABILITY 1 Juan Carlos Polanco Aguilar 1 Koji Hasebe 1 Manuel Mazzara 2 Kazuhiko Kato 1 1 University of Tsukuba Department of

### Model Checking II Temporal Logic Model Checking

1/32 Model Checking II Temporal Logic Model Checking Edmund M Clarke, Jr School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 2/32 Temporal Logic Model Checking Specification Language:

### Theory of Computation

Theory of Computation For Computer Science & Information Technology By www.thegateacademy.com Syllabus Syllabus for Theory of Computation Regular Expressions and Finite Automata, Context-Free Grammar s

### Reading 13 : Finite State Automata and Regular Expressions

CS/Math 24: Introduction to Discrete Mathematics Fall 25 Reading 3 : Finite State Automata and Regular Expressions Instructors: Beck Hasti, Gautam Prakriya In this reading we study a mathematical model

### Turing Machines: An Introduction

CIT 596 Theory of Computation 1 We have seen several abstract models of computing devices: Deterministic Finite Automata, Nondeterministic Finite Automata, Nondeterministic Finite Automata with ɛ-transitions,

### Model-Checking Verification for Reliable Web Service

Model-Checking Verification for Reliable Web Service Shin NAKAJIMA Hosei University and PRESTO, JST nkjm@i.hosei.ac.jp Abstract Model-checking is a promising technique for the verification and validation

### Automata-based Verification - I

CS3172: Advanced Algorithms Automata-based Verification - I Howard Barringer Room KB2.20: email: howard.barringer@manchester.ac.uk March 2006 Supporting and Background Material Copies of key slides (already

### Service Specification and Validation for the Intelligent Network 1

Service Specification and Validation for the Intelligent Network 1 Pierre-Alain Etique Jean-Pierre Hubaux etique@vptt.ch hubaux@tcom.epfl.ch Swiss Telecom PTT Swiss Federal Institute of Technology Research

### Using Patterns and Composite Propositions to Automate the Generation of Complex LTL

University of Texas at El Paso DigitalCommons@UTEP Departmental Technical Reports (CS) Department of Computer Science 8-1-2007 Using Patterns and Composite Propositions to Automate the Generation of Complex

### SETS, RELATIONS, AND FUNCTIONS

September 27, 2009 and notations Common Universal Subset and Power Set Cardinality Operations A set is a collection or group of objects or elements or members (Cantor 1895). the collection of the four

### LTL Model Checking with Logic Based Petri Nets

LTL Model Checking with Logic Based Petri Nets Tristan M. Behrens and Jürgen Dix IfI Technical Report Series IfI-07-04 Impressum Publisher: Institut für Informatik, Technische Universität Clausthal Julius-Albert

### Development of global specification for dynamically adaptive software

Development of global specification for dynamically adaptive software Yongwang Zhao School of Computer Science & Engineering Beihang University zhaoyw@act.buaa.edu.cn 22/02/2013 1 2 About me Assistant

### Deterministic Finite Automata

1 Deterministic Finite Automata Definition: A deterministic finite automaton (DFA) consists of 1. a finite set of states (often denoted Q) 2. a finite set Σ of symbols (alphabet) 3. a transition function

### On Recognizable Timed Languages FOSSACS 2004

On Recognizable Timed Languages Oded Maler VERIMAG Grenoble France Amir Pnueli NYU and Weizmann New York and Rehovot USA FOSSACS 2004 Nutrition Facts Classical (Untimed) Recognizability Timed Languages

### On the Modeling and Verification of Security-Aware and Process-Aware Information Systems

On the Modeling and Verification of Security-Aware and Process-Aware Information Systems 29 August 2011 What are workflows to us? Plans or schedules that map users or resources to tasks Such mappings may

### Software Verification and Testing. Lecture Notes: Temporal Logics

Software Verification and Testing Lecture Notes: Temporal Logics Motivation traditional programs (whether terminating or non-terminating) can be modelled as relations are analysed wrt their input/output

### Research Article Towards Support for Software Model Checking: Improving the Efficiency of Formal Specifications

Advances in Software Engineering Volume 2011, Article ID 869182, 13 pages doi:10.1155/2011/869182 Research Article Towards Support for Software Model Checking: Improving the Efficiency of Formal Specifications

### Model Checking based Software Verification

Model Checking based Software Verification 18.5-2006 Keijo Heljanko Keijo.Heljanko@tkk.fi Department of Computer Science and Engineering Helsinki University of Technology http://www.tcs.tkk.fi/~kepa/ 1/24

### Formal Languages and Automata Theory - Regular Expressions and Finite Automata -

Formal Languages and Automata Theory - Regular Expressions and Finite Automata - Samarjit Chakraborty Computer Engineering and Networks Laboratory Swiss Federal Institute of Technology (ETH) Zürich March

### Automata on Infinite Words and Trees

Automata on Infinite Words and Trees Course notes for the course Automata on Infinite Words and Trees given by Dr. Meghyn Bienvenu at Universität Bremen in the 2009-2010 winter semester Last modified:

### Software Quality Exercise 1

Software Quality Exercise Model Checking Information. Dates Release: 7.0.0.5pm Deadline: 07.0.0.5pm Discussion:.0.0. Formalities While this exercise can be solved and handed in in groups of three, every

### Runtime Verification - Monitor-oriented Programming - Monitor-based Runtime Reflection

Runtime Verification - Monitor-oriented Programming - Monitor-based Runtime Reflection Martin Leucker Technische Universität München (joint work with Andreas Bauer, Christian Schallhart et. al) FLACOS

### Constructing Automata from Temporal Logic Formulas : A Tutorial

Constructing Automata from Temporal Logic Formulas : A Tutorial Pierre Wolper Université de Liège, Institut Montefiore, B28, 4000 Liège, Belgium pw@montefiore.ulg.ac.be, http://www.montefiore.ulg.ac.be/~pw/

### An LTL Specification and Verification of a Mobile Teleconferencing System

An LTL Specification and Verification of a Mobile Teleconferencing System Yassine ELGHAYAM*, Mohammed OUZZIF** and Mohammed ERRADI* *Laboratoire Alkhawarizmi de Génie Informatique, Université Med-V Souissi

### The Model Checker SPIN

IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. 23, NO. 5, MAY 1997 1 The Model Checker SPIN Gerard J. Holzmann Abstract SPIN is an efficient verification system for models of distributed software systems.

### Formal verification of contracts for synchronous software components using NuSMV

Formal verification of contracts for synchronous software components using NuSMV Tobias Polzer Lehrstuhl für Informatik 8 Bachelorarbeit 13.05.2014 1 / 19 Problem description and goals Problem description

### Regular Expressions and Automata using Haskell

Regular Expressions and Automata using Haskell Simon Thompson Computing Laboratory University of Kent at Canterbury January 2000 Contents 1 Introduction 2 2 Regular Expressions 2 3 Matching regular expressions

### System modeling. Budapest University of Technology and Economics Department of Measurement and Information Systems

System modeling Business process modeling how to do it right Partially based on Process Anti-Patterns: How to Avoid the Common Traps of Business Process Modeling, J Koehler, J Vanhatalo, IBM Zürich, 2007.

### Stylianos Basagiannis

Interlocking control by Distributed Signal Boxes Technical Report (TR) 4 Stylianos Basagiannis Supervisors: Dr Andrew Pombortsis, Dr Panagiotis Katsaros Aristotle University of Thessaloniki Department

### Iterated Dynamic Belief Revision. Sonja Smets, University of Groningen. website: http://www.vub.ac.be/clwf/ss

LSE-Groningen Workshop I 1 Iterated Dynamic Belief Revision Sonja Smets, University of Groningen website: http://www.vub.ac.be/clwf/ss Joint work with Alexandru Baltag, COMLAB, Oxford University LSE-Groningen

### introduction to program monitoring

introduction to program monitoring CS 119 part II beyond assert and print course website http://www.runtime-verification.org/course09 action standing order: sell when price drops more than 2% within 1

### From Workflow Design Patterns to Logical Specifications

AUTOMATYKA/ AUTOMATICS 2013 Vol. 17 No. 1 http://dx.doi.org/10.7494/automat.2013.17.1.59 Rados³aw Klimek* From Workflow Design Patterns to Logical Specifications 1. Introduction Formal methods in software

### Formal Verification Toolkit for Requirements and Early Design Stages

Formal Verification Toolkit for Requirements and Early Design Stages Julia M. Badger 1 and Sheena Judson Miller 2 1 NASA Johnson Space Center, Houston, TX 77058, USA 2 Barrios Technology, Houston, TX 77058,

### An Automated Verification Method for Distributed Systems Software Based on Model Extraction

IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. 28, NO. 4, APRIL 2002 1 An Automated Verification Method for Distributed Systems Software Based on Model Extraction Gerard J. Holzmann and Margaret H. Smith

### Automata and Formal Languages

Automata and Formal Languages Winter 2009-2010 Yacov Hel-Or 1 What this course is all about This course is about mathematical models of computation We ll study different machine models (finite automata,

### Software safety - DEF-STAN 00-55

Software safety - DEF-STAN 00-55 Where safety is dependent on the safety related software (SRS) fully meeting its requirements, demonstrating safety is equivalent to demonstrating correctness with respect

### Traditional Software Development. Model Requirements and JAVA Programs. Formal Verification & Validation. What is a state?

Mel Requirements and JAVA Programs MVP The Waterfall Mel Problem Area Traditional Software Develoment Analysis REVIEWS Design Costly wrt time and money. Errors are found too late (or maybe never). SPIN/PROMELA

### Finite Automata. Reading: Chapter 2

Finite Automata Reading: Chapter 2 1 Finite Automata Informally, a state machine that comprehensively captures all possible states and transitions that a machine can take while responding to a stream (or

### Finite Automata. Reading: Chapter 2

Finite Automata Reading: Chapter 2 1 Finite Automaton (FA) Informally, a state diagram that comprehensively captures all possible states and transitions that a machine can take while responding to a stream

### Generalising Feature Interactions in Email

Generalising Feature Interactions in Email Muffy Calder and Alice Miller Department of Computing Science University of Glasgow Glasgow, Scotland. muffy,alice@dcs.gla.ac.uk Abstract. We report on a property-based

### Specification and Analysis of Contracts Lecture 1 Introduction

Specification and Analysis of Contracts Lecture 1 Introduction Gerardo Schneider gerardo@ifi.uio.no http://folk.uio.no/gerardo/ Department of Informatics, University of Oslo SEFM School, Oct. 27 - Nov.

### Program Synthesis is a Game

Program Synthesis is a Game Barbara Jobstmann CNRS/Verimag, Grenoble, France Outline Synthesis using automata- based game theory. MoBvaBon, comparison with MC and LTL. Basics Terminology Reachability/Safety

### An Approach to Dependable Embedded Software Development

University of West Bohemia in Pilsen Department of Computer Science and Engineering Univerzitni 8 30614 Pilsen Czech Republic An Approach to Dependable Embedded Software Development State of The Art and

### Lecture 4 -- Sets, Relations, Functions 1

Lecture 4 Sets, Relations, Functions Pat Place Carnegie Mellon University Models of Software Systems 17-651 Fall 1999 Lecture 4 -- Sets, Relations, Functions 1 The Story So Far Formal Systems > Syntax»

### Simulation-Based Security with Inexhaustible Interactive Turing Machines

Simulation-Based Security with Inexhaustible Interactive Turing Machines Ralf Küsters Institut für Informatik Christian-Albrechts-Universität zu Kiel 24098 Kiel, Germany kuesters@ti.informatik.uni-kiel.de

### Verifying Real-Time Embedded Software by Means of Automated State-based Online Testing and the SPIN Model Checker Application to RTEdge Models

Verifying Real-Time Embedded Software by Means of Automated State-based Online Testing and the SPIN Model Checker Application to RTEdge Models A thesis submitted to the Faculty of Graduate and Postdoctoral

### VeriTech - A Framework for Translating among Model Description Notations

Software Tools for Technology Transfer manuscript No. (will be inserted by the editor) VeriTech - A Framework for Translating among Model Description Notations Orna Grumberg and Shmuel Katz Computer Science

### Pushdown Automata. place the input head on the leftmost input symbol. while symbol read = b and pile contains discs advance head remove disc from pile

Pushdown Automata In the last section we found that restricting the computational power of computing devices produced solvable decision problems for the class of sets accepted by finite automata. But along

### A First Investigation of Sturmian Trees

A First Investigation of Sturmian Trees Jean Berstel 2, Luc Boasson 1 Olivier Carton 1, Isabelle Fagnot 2 1 LIAFA, CNRS Université Paris 7 2 IGM, CNRS Université de Marne-la-Vallée Atelier de Combinatoire,

### Modular Verification of Dynamically Adaptive Systems

Modular Verification of Dynamically Adaptive Systems Ji Zhang, Heather J. Goldsby, and Betty H.C. Cheng Department of Computer Science and Engineering, Michigan State University East Lansing, Michigan,

### A Declarative Approach for Flexible Business Processes Management

A Declarative Approach for Flexible Business Processes Management M. Pesic and W.M.P. van der Aalst Department of Technology Management, Eindhoven University of Technology, P.O.Box 513, NL-5600 MB, Eindhoven,

### Compiler Construction

Compiler Construction Regular expressions Scanning Görel Hedin Reviderad 2013 01 23.a 2013 Compiler Construction 2013 F02-1 Compiler overview source code lexical analysis tokens intermediate code generation

### An Automata-Theoretic Approach to Linear Temporal Logic

An Automata-Theoretic Approach to Linear Temporal Logic Moshe Y. Vardi? Rice University Department of Computer Science P.O. Box 1892 Houston, TX 77251-1892, U.S.A. Email: vardi@cs.rice.edu URL: http://www.cs.rice.edu/

### Software Model Checking: Theory and Practice

Software Model Checking: Theory and Practice Lecture: Secification Checking - Temoral Logic Coyright 2004, Matt Dwyer, John Hatcliff, and Robby. The syllabus and all lectures for this course are coyrighted

### Institut für Parallele und Verteilte Systeme. Abteilung Anwendersoftware. Universität Stuttgart Universitätsstraße 38 D-70569 Stuttgart

Institut für Parallele und Verteilte Systeme Abteilung Anwendersoftware Universität Stuttgart Universitätsstraße 38 D-70569 Stuttgart Diplomarbeit Nr. 3243 Development and Evaluation of a Framework for

### The Course. http://www.cse.unsw.edu.au/~cs3153/

The Course http://www.cse.unsw.edu.au/~cs3153/ Lecturers Dr Peter Höfner NICTA L5 building Prof Rob van Glabbeek NICTA L5 building Dr Ralf Huuck NICTA ATP building 2 Plan/Schedule (1) Where and When Tuesday,

### Logic in Computer Science: Logic Gates

Logic in Computer Science: Logic Gates Lila Kari The University of Western Ontario Logic in Computer Science: Logic Gates CS2209, Applied Logic for Computer Science 1 / 49 Logic and bit operations Computers

### Introduction to Software Verification

Introduction to Software Verification Orna Grumberg Lectures Material winter 2013-14 Lecture 4 5.11.13 Model Checking Automated formal verification: A different approach to formal verification Model Checking

### Chapter II. Controlling Cars on a Bridge

Chapter II. Controlling Cars on a Bridge 1 Introduction The intent of this chapter is to introduce a complete example of a small system development. During this development, you will be made aware of the

### CHAPTER 7 GENERAL PROOF SYSTEMS

CHAPTER 7 GENERAL PROOF SYSTEMS 1 Introduction Proof systems are built to prove statements. They can be thought as an inference machine with special statements, called provable statements, or sometimes