Software Modeling and Verification

Size: px
Start display at page:

Download "Software Modeling and Verification"

Transcription

1 Software Modeling and Verification Alessandro Aldini DiSBeF - Sezione STI University of Urbino Carlo Bo Italy 3-4 February 2015

2 Algorithmic verification Correctness problem Is the software/hardware system correct with respect to the expected requirements? Hard to determine whenever the system is reactive

3 Hardness: what does it mean? Sequentiality vs. Concurrency A sequential program is like a black box taking some inputs and providing appropriate outputs, deterministically (e.g., sort algorithm) A reactive system: interacts with the environment, nondeterministically does not necessarily terminate may be composed of concurrent, interacting components Interactions cause an exponential explosion of the possible behaviors, concurrency and communication introduce new issues (e.g., deadlock and starvation) Example: operating systems

4 A formal approach to verification: why? Formal methods With respect to simulation and testing they provide rigorous answers They are supported by automated tools Foundational ingredients: formal (automata or state-transition based) models and (algebraic) languages for describing reactive systems logics for expressing properties of reactive systems behavioral relations for arguing about correctness

5 State-transition systems State... describes a configuration of the system in a given instant of time... may be labeled with additional information, like a formal statement specifying the conditions that hold in the state Transition... describes a state change due to the execution of a given event... may be labeled with additional information, like the name of the action representing the executed event

6 Kripke structure Definition Let AP be a set of atomic propositions A Kripke structure is a tuple where S is a finite set of states K = (S, S 0, R, L) S 0 S is the set of initial states R S S is a total transition relation L : S 2 AP is a labeling function that associates each state with the subset of atomic propositions that are true in that state

7 Modeling reactive systems through Kripke structures First-order logic representation What does AP represent? Let V = {v 1,..., v n } be the set of system variables Let D 1,..., D n be the corresponding (finite) domains An atomic proposition has the form v i = d i, with d i D i, 1 i n A valuation maps each v i to a value in D i, 1 i n Hence, a state s represents a valuation (it can be expressed as a conjunction of atomic propositions) The transition relation R is a mapping from valuations to valuations (it can be expressed as a disjunctive normal form)

8 Graphical representation Example s 0 s 2 x=0 x=1 s=idle x=0 s=wait s 3 s=ask x=2 s=busy Example of Kripke structure (S, S 0, R, L) s 1 V = {x, s} S 0 = {x = 0 s = i} R is such that: (x = 0 s = i x = 1 s = a) R (x = 1 s = a x = 0 s = w) R (x = 1 s = a x = 2 s = b) R (x = 0 s = w x = 2 s = b) R (x = 2 s = b x = 1 s = b) R (x = 2 s = b x = 2 s = a) R L is such that: L(s 0) = {x = 0 s = i} L(s 1) = {x = 1 s = a} L(s 2) = {x = 0 s = w} L(s 3) = {x = 2 s = b}

9 Kripke structures and logics Definition For any Kripke structure M = (S, S 0, R, L) and formula ψ of any logic: Sat(ψ) = {s S s = ψ} M = ψ iff S 0 Sat(ψ) Example Note: it could be that M = ψ and M = ψ

10 Kripke structures and logics Temporal logics Modal operators are added to classical logics for reasoning about time Well-formed formulas specify properties of computations The process of checking the model against the property is called model checking Example Along a computation... a predicate is always true the system will eventually satisfy a predicate the system exhibits a certain behavior until a predicate holds Which properties? Safety (bad things will not happen), Liveness (good things will eventually happen), Security (cheats will not happen), Reliability (faults may happen, but without negative effects)

11 Computation tree Definition For any Kripke structure M = (S, S 0, R, L) and s S, the computation tree for M starting at s is a tree such that: the root of the tree is s the nodes of the tree are states in S there exists an arc from node s to node s in the tree if and only if (s, s ) R

12 Graphical representation Example Kripke structure Finite prefix of the computation tree rooted at s 0 s 0 s 0 x=0 x=1 s=idle s=ask s 1 s 1 s 2 x=0 s=wait s 3 x=2 s=busy s 2 s 3 s 3 s 1 s

13 Modal operators of temporal logics Temporal operators X (next)... F (eventually)... G (always)... U (until)...

14 Temporal logics: two flavors Expressiveness Shall the logic abstract from the branching structure of the computation tree? If yes, each computation is considered in isolation at each instant of time, only one future is possible (linear time) If not, a branching notion of time is considered... at each instant of time, there may be several different possible futures

15 Linear Temporal Logic: syntax Definition (LTL grammar) ϕ true p ϕ ϕ ϕ Xϕ Fϕ Gϕ ϕuϕ Note: p is any atomic proposition

16 Linear Temporal Logic: semantics Definition The satisfaction relation = for computations π = s 0, s 1,..., s i,... of a Kripke structure M = (S, S 0, R, L) is defined by: a 1 π = true always holds 2 π = p iff p L(π[0]) 3 π = ϕ iff π = ϕ 4 π = ϕ 1 ϕ 2 iff π = ϕ 1 or π = ϕ 2 5 π = X ϕ iff π 1 = ϕ 6 π = F ϕ iff k 0. M, π k = ϕ 7 π = G ϕ iff k 0. M, π k = ϕ 8 π = ϕ 1 U ϕ 2 iff there exists k 0 such that π k = ϕ 2 and for all 0 j < k it holds that π j = ϕ 1 Finally, s = ϕ iff π = ϕ for all π such that π[0] = s a Note: π[i] = s i and π i = s i,...

17 Computation Tree Logic: syntax Definition (CTL grammar) Note: p is any atomic proposition ϕ true p ϕ ϕ ϕ E φ A φ φ Xϕ Fϕ Gϕ ϕuϕ

18 Computation Tree Logic: semantics Definition 1 s = p iff p L(s) 2 s = φ iff s = φ 3 s = φ 1 φ 2 iff s = φ 1 or s = φ 2 4 s = E φ iff there is a path π starting from s such that π = φ 5 s = A φ iff for every path π starting from s it holds that π = φ 6 π = X φ iff π[1] = φ 7 π = φ 1 U φ 2 iff there exists k 0 such that π[k] = φ 2 and for all 0 j < k it holds that π[j] = φ 1

19 Temporal Logics: properties of operators Expressiveness Duality F ψ true U ψ G ψ F ψ A ψ E ψ X ψ X ψ F ψ G ψ G ψ F ψ

20 Temporal Logics: equivalence Definition A CTL formula ϕ is equivalent to a LTL formula ϕ (ϕ ϕ ) if for all Kripke structures M: Results about equivalence M = ϕ iff M = ϕ Given a CTL formula ϕ and the LTL formula ϕ obtained by eliminating any path quantifier from ϕ, we have: 1 either ϕ ϕ 2 or there does not exist any LTL formula equivalent to ϕ CTL and LTL are incomparable: 1 the CTL formula A G (E F p) cannot be expressed in LTL 2 the LTL formula F G p cannot be expressed in CTL

21 Why LTL cannot express A G (E F p) Proof. Assume, by contradiction, ϕ A G (E F p) such that ϕ is a LTL formula M M p M = A G (E F p), hence M = ϕ Hence, since the computations of M are a subset of those of M, it must hold M = ϕ, which is absurd!

22 Why CTL cannot express F G p Example M p p M = F G p, but M = A F A G p... why?

23 Why CTL cannot express F G p Example M p p M = F G p, but M = A F A G p... why? states satisfying p

24 Why CTL cannot express F G p Example M p p M = F G p, but M = A F A G p... why? states satisfying A G p

25 Why CTL cannot express F G p Example M p p M = F G p, but M = A F A G p... why? states satisfying A F A G p

26 Property specification Some formula schema LTL CTL Reachability M = G p M = E F p Unreachability G p A G p (Safety) Conditional reachability q U p A (q U p) Extended reachability No A G E F p Composite reachability F(q X p) No Liveness G(q F p) A G(q A F p) Unconditional fairness G F p A G A F p Strong fairness G F p G F q No Weak fairness F G p G F q No

27 Model checking Problem Given a Kripke structure M = (S, S 0, R, L) and a temporal logic formula f, compute the set: {s S M, s = f } M satisfies f if S 0 is included in the set above

28 CTL based model checking Definition (Model checking algorithm) Define labels(s) to be the set of subformulas of f which are true in s Initialization labels(s) = L(s) i = 1 Repeat 1 take each subformula of f with i 1 nested CTL operators 2 add each of these subformulas to labels(s) for each s in which the subformula holds 3 increment i Until all the subformulas of f, including f itself, are processed Then, M, s = f iff f labels(s)

29 Processing subformulas of f Labeling rules By induction on the structure of the subformulas: 1 atomic proposition p: do not add any label! 2 g 1 : label any state that is not labeled with g 1 3 g 1 g 2 : label any state that is labeled either with g 1 or with g 2 4 E X g 1 : label any state that has some successor labeled with g 1 5 E(g 1 U g 2 ): find all states labeled with g 2 from each of these states, follow backwards the paths along states labeled with g 1 each state that can be reached by such paths is labeled 6 g = E G g 1 (by exercise)

30 Tool support Some model checker SPIN NuSMV PRISM Some examples toy concurrent systems (dining philosophers, sleeping barber,... ) concurrent programs (semantic mapping from programming languages to Kripke structures) real-world complex systems (real-time automotive software, communication protocols, trust and security systems,... )

31 References Christel Baier and Joost-Peter Katoen: Principles of Model Checking, The MIT Press, 2008 Michael Huth and Mark Ryan: Logic in Computer Science - Modelling and Reasoning about Systems, Cambridge University Press, 2004

32 Increasing the abstraction level: process algebra What is an algebra?... is any mathematical structure formed by a set of elements together with a collection of operations on these elements and such that the axioms given for the operators are satisfied Example Three operations: +, ;, Seven axioms (equational laws) expressing basic commutativity, associativity, idempotency, and distributivity: P Q = Q P where {+, } P (Q R) = (P Q) R where {+, ;, } P + P = P (P + Q); R = P; R + Q; R Any mathematical structure with these operations satisfying these laws is an algebra

33 Increasing the abstraction level: process algebra From algebra to process algebra Define an algebra over a set of elements describing processes A process refers to the behavior of a system... is the ordered set of events characterizing the behavior

34 Calculi for describing processes Actions represent system activities at a certain level of abstraction can be visible and invisible from the viewpoint of the external environment Operators Map operators ( +, ;, ) to primitives for process specification (alternative external/internal choice among actions, sequential composition of actions, parallel composition of processes possibly communicating synchronously/asynchronously)

35 Semantics: labeled transition systems Interpretation of operators Example Define a formal semantics for operators: P a P P+Q a P a Q Q P+Q a Q If process P can evolve into process P when executing an action a we write: a P P The action relation describes the process as a labeled transition system (LTS) where the states represent processes and the transitions represent the execution of events

36 Example: a producer-consumer system Example ProdCons 0/2 ProdCons 1/2 ProdCons 2/2 def = deposit. ProdCons 1/2 def = deposit. ProdCons 2/2 + withdraw. ProdCons 0/2 def = withdraw. ProdCons 1/2 ProdCons 0/2 deposit withdraw ProdCons 1/2 deposit withdraw ProdCons 2/2

37 Formal verification How to verify system specifications LTSs representing the semantics of processes can be model checked Process terms can be compared through behavioral equivalences... why? comparison between specifications at different abstraction levels (top-down modeling)... substitutivity

38 Usability Even more user-friendly Define on top of process algebra an architectural description language (ADL) that is easy-to-use and without (almost any) mathematics Map ADL to process algebra (PA) Three abstraction levels: ADL PA LTS What can be mechanized: mappings and verification

39 References Alessandro Aldini, Marco Bernardo, Flavio Corradini: A Process Algebraic Approach to Software Architecture Design, Springer, 2010.

Development of dynamically evolving and self-adaptive software. 1. Background

Development of dynamically evolving and self-adaptive software. 1. Background Development of dynamically evolving and self-adaptive software 1. Background LASER 2013 Isola d Elba, September 2013 Carlo Ghezzi Politecnico di Milano Deep-SE Group @ DEIB 1 Requirements Functional requirements

More information

Formal Verification and Linear-time Model Checking

Formal Verification and Linear-time Model Checking Formal Verification and Linear-time Model Checking Paul Jackson University of Edinburgh Automated Reasoning 21st and 24th October 2013 Why Automated Reasoning? Intellectually stimulating and challenging

More information

Algorithmic Software Verification

Algorithmic Software Verification Algorithmic Software Verification (LTL Model Checking) Azadeh Farzan What is Verification Anyway? Proving (in a formal way) that program satisfies a specification written in a logical language. Formal

More information

A Logic Approach for LTL System Modification

A Logic Approach for LTL System Modification A Logic Approach for LTL System Modification Yulin Ding and Yan Zhang School of Computing & Information Technology University of Western Sydney Kingswood, N.S.W. 1797, Australia email: {yding,yan}@cit.uws.edu.au

More information

Model Checking II Temporal Logic Model Checking

Model Checking II Temporal Logic Model Checking 1/32 Model Checking II Temporal Logic Model Checking Edmund M Clarke, Jr School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 2/32 Temporal Logic Model Checking Specification Language:

More information

logic language, static/dynamic models SAT solvers Verified Software Systems 1 How can we model check of a program or system?

logic language, static/dynamic models SAT solvers Verified Software Systems 1 How can we model check of a program or system? 5. LTL, CTL Last part: Alloy logic language, static/dynamic models SAT solvers Today: Temporal Logic (LTL, CTL) Verified Software Systems 1 Overview How can we model check of a program or system? Modeling

More information

Model Checking: An Introduction

Model Checking: An Introduction Announcements Model Checking: An Introduction Meeting 2 Office hours M 1:30pm-2:30pm W 5:30pm-6:30pm (after class) and by appointment ECOT 621 Moodle problems? Fundamentals of Programming Languages CSCI

More information

A Propositional Dynamic Logic for CCS Programs

A Propositional Dynamic Logic for CCS Programs A Propositional Dynamic Logic for CCS Programs Mario R. F. Benevides and L. Menasché Schechter {mario,luis}@cos.ufrj.br Abstract This work presents a Propositional Dynamic Logic in which the programs are

More information

Formal Verification by Model Checking

Formal Verification by Model Checking Formal Verification by Model Checking Natasha Sharygina Carnegie Mellon University Guest Lectures at the Analysis of Software Artifacts Class, Spring 2005 1 Outline Lecture 1: Overview of Model Checking

More information

Temporal Logics. Computation Tree Logic

Temporal Logics. Computation Tree Logic Temporal Logics CTL: definition, relationship between operators, adequate sets, specifying properties, safety/liveness/fairness Modeling: sequential, concurrent systems; maximum parallelism/interleaving

More information

Software Verification and Testing. Lecture Notes: Temporal Logics

Software Verification and Testing. Lecture Notes: Temporal Logics Software Verification and Testing Lecture Notes: Temporal Logics Motivation traditional programs (whether terminating or non-terminating) can be modelled as relations are analysed wrt their input/output

More information

T-79.186 Reactive Systems: Introduction and Finite State Automata

T-79.186 Reactive Systems: Introduction and Finite State Automata T-79.186 Reactive Systems: Introduction and Finite State Automata Timo Latvala 14.1.2004 Reactive Systems: Introduction and Finite State Automata 1-1 Reactive Systems Reactive systems are a class of software

More information

Introduction to Software Verification

Introduction to Software Verification Introduction to Software Verification Orna Grumberg Lectures Material winter 2013-14 Lecture 4 5.11.13 Model Checking Automated formal verification: A different approach to formal verification Model Checking

More information

Testing LTL Formula Translation into Büchi Automata

Testing LTL Formula Translation into Büchi Automata Testing LTL Formula Translation into Büchi Automata Heikki Tauriainen and Keijo Heljanko Helsinki University of Technology, Laboratory for Theoretical Computer Science, P. O. Box 5400, FIN-02015 HUT, Finland

More information

Fixed-Point Logics and Computation

Fixed-Point Logics and Computation 1 Fixed-Point Logics and Computation Symposium on the Unusual Effectiveness of Logic in Computer Science University of Cambridge 2 Mathematical Logic Mathematical logic seeks to formalise the process of

More information

Today s Agenda. Automata and Logic. Quiz 4 Temporal Logic. Introduction Buchi Automata Linear Time Logic Summary

Today s Agenda. Automata and Logic. Quiz 4 Temporal Logic. Introduction Buchi Automata Linear Time Logic Summary Today s Agenda Quiz 4 Temporal Logic Formal Methods in Software Engineering 1 Automata and Logic Introduction Buchi Automata Linear Time Logic Summary Formal Methods in Software Engineering 2 1 Buchi Automata

More information

Model checking test models. Author: Kevin de Berk Supervisors: Prof. dr. Wan Fokkink, dr. ir. Machiel van der Bijl

Model checking test models. Author: Kevin de Berk Supervisors: Prof. dr. Wan Fokkink, dr. ir. Machiel van der Bijl Model checking test models Author: Kevin de Berk Supervisors: Prof. dr. Wan Fokkink, dr. ir. Machiel van der Bijl February 14, 2014 Abstract This thesis is about model checking testing models. These testing

More information

From Workflow Design Patterns to Logical Specifications

From Workflow Design Patterns to Logical Specifications AUTOMATYKA/ AUTOMATICS 2013 Vol. 17 No. 1 http://dx.doi.org/10.7494/automat.2013.17.1.59 Rados³aw Klimek* From Workflow Design Patterns to Logical Specifications 1. Introduction Formal methods in software

More information

Automata-based Verification - I

Automata-based Verification - I CS3172: Advanced Algorithms Automata-based Verification - I Howard Barringer Room KB2.20: email: howard.barringer@manchester.ac.uk March 2006 Supporting and Background Material Copies of key slides (already

More information

A computational model for MapReduce job flow

A computational model for MapReduce job flow A computational model for MapReduce job flow Tommaso Di Noia, Marina Mongiello, Eugenio Di Sciascio Dipartimento di Ingegneria Elettrica e Dell informazione Politecnico di Bari Via E. Orabona, 4 70125

More information

Using Patterns and Composite Propositions to Automate the Generation of Complex LTL

Using Patterns and Composite Propositions to Automate the Generation of Complex LTL University of Texas at El Paso DigitalCommons@UTEP Departmental Technical Reports (CS) Department of Computer Science 8-1-2007 Using Patterns and Composite Propositions to Automate the Generation of Complex

More information

Formal Verification of Software

Formal Verification of Software Formal Verification of Software Sabine Broda Department of Computer Science/FCUP 12 de Novembro de 2014 Sabine Broda (DCC-FCUP) Formal Verification of Software 12 de Novembro de 2014 1 / 26 Formal Verification

More information

Static Program Transformations for Efficient Software Model Checking

Static Program Transformations for Efficient Software Model Checking Static Program Transformations for Efficient Software Model Checking Shobha Vasudevan Jacob Abraham The University of Texas at Austin Dependable Systems Large and complex systems Software faults are major

More information

Schedule. Logic (master program) Literature & Online Material. gic. Time and Place. Literature. Exercises & Exam. Online Material

Schedule. Logic (master program) Literature & Online Material. gic. Time and Place. Literature. Exercises & Exam. Online Material OLC mputational gic Schedule Time and Place Thursday, 8:15 9:45, HS E Logic (master program) Georg Moser Institute of Computer Science @ UIBK week 1 October 2 week 8 November 20 week 2 October 9 week 9

More information

HECTOR a software model checker with cooperating analysis plugins. Nathaniel Charlton and Michael Huth Imperial College London

HECTOR a software model checker with cooperating analysis plugins. Nathaniel Charlton and Michael Huth Imperial College London HECTOR a software model checker with cooperating analysis plugins Nathaniel Charlton and Michael Huth Imperial College London Introduction HECTOR targets imperative heap-manipulating programs uses abstraction

More information

Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification

Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification Introduction Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification Advanced Topics in Software Engineering 1 Concurrent Programs Characterized by

More information

On the Modeling and Verification of Security-Aware and Process-Aware Information Systems

On the Modeling and Verification of Security-Aware and Process-Aware Information Systems On the Modeling and Verification of Security-Aware and Process-Aware Information Systems 29 August 2011 What are workflows to us? Plans or schedules that map users or resources to tasks Such mappings may

More information

http://aejm.ca Journal of Mathematics http://rema.ca Volume 1, Number 1, Summer 2006 pp. 69 86

http://aejm.ca Journal of Mathematics http://rema.ca Volume 1, Number 1, Summer 2006 pp. 69 86 Atlantic Electronic http://aejm.ca Journal of Mathematics http://rema.ca Volume 1, Number 1, Summer 2006 pp. 69 86 AUTOMATED RECOGNITION OF STUTTER INVARIANCE OF LTL FORMULAS Jeffrey Dallien 1 and Wendy

More information

Foundational Proof Certificates

Foundational Proof Certificates An application of proof theory to computer science INRIA-Saclay & LIX, École Polytechnique CUSO Winter School, Proof and Computation 30 January 2013 Can we standardize, communicate, and trust formal proofs?

More information

Automated Route Planning for Milk-Run Transport Logistics with the NuSMV Model Checker

Automated Route Planning for Milk-Run Transport Logistics with the NuSMV Model Checker IEICE TRANS. INF. & SYST., VOL.E96 D, NO.12 DECEMBER 2013 2555 PAPER Special Section on Parallel and Distributed Computing and Networking Automated Route Planning for Milk-Run Transport Logistics with

More information

CHAPTER 7 GENERAL PROOF SYSTEMS

CHAPTER 7 GENERAL PROOF SYSTEMS CHAPTER 7 GENERAL PROOF SYSTEMS 1 Introduction Proof systems are built to prove statements. They can be thought as an inference machine with special statements, called provable statements, or sometimes

More information

Validated Templates for Specification of Complex LTL Formulas

Validated Templates for Specification of Complex LTL Formulas Validated Templates for Specification of Complex LTL Formulas Salamah Salamah Department of Electrical, computer, Software, and Systems Engineering Embry Riddle Aeronautical University 600 S. Clyde Morris

More information

Verification of multiagent systems via ordered binary decision diagrams: an algorithm and its implementation

Verification of multiagent systems via ordered binary decision diagrams: an algorithm and its implementation Verification of multiagent systems via ordered binary decision diagrams: an algorithm and its implementation Franco Raimondi Alessio Lomuscio Department of Computer Science King s College London London

More information

A first step towards modeling semistructured data in hybrid multimodal logic

A first step towards modeling semistructured data in hybrid multimodal logic A first step towards modeling semistructured data in hybrid multimodal logic Nicole Bidoit * Serenella Cerrito ** Virginie Thion * * LRI UMR CNRS 8623, Université Paris 11, Centre d Orsay. ** LaMI UMR

More information

Model Checking based Software Verification

Model Checking based Software Verification Model Checking based Software Verification 18.5-2006 Keijo Heljanko Keijo.Heljanko@tkk.fi Department of Computer Science and Engineering Helsinki University of Technology http://www.tcs.tkk.fi/~kepa/ 1/24

More information

Development of global specification for dynamically adaptive software

Development of global specification for dynamically adaptive software Development of global specification for dynamically adaptive software Yongwang Zhao School of Computer Science & Engineering Beihang University zhaoyw@act.buaa.edu.cn 22/02/2013 1 2 About me Assistant

More information

CS510 Software Engineering

CS510 Software Engineering CS510 Software Engineering Propositional Logic Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Scott A. Carr Slides inspired by Xiangyu Zhang http://nebelwelt.net/teaching/15-cs510-se

More information

MODEL CHECKING CONCURRENT AND REAL-TIME SYSTEMS: THE PAT APPROACH. LIU YANG (B.Sc. (Hons.), NUS)

MODEL CHECKING CONCURRENT AND REAL-TIME SYSTEMS: THE PAT APPROACH. LIU YANG (B.Sc. (Hons.), NUS) MODEL CHECKING CONCURRENT AND REAL-TIME SYSTEMS: THE PAT APPROACH LIU YANG (B.Sc. (Hons.), NUS) A THESIS SUBMITTED FOR THE DEGREE OF DOCTOR OF PHILOSOPHY DEPARTMENT OF COMPUTER SCIENCE NATIONAL UNIVERSITY

More information

Which Semantics for Neighbourhood Semantics?

Which Semantics for Neighbourhood Semantics? Which Semantics for Neighbourhood Semantics? Carlos Areces INRIA Nancy, Grand Est, France Diego Figueira INRIA, LSV, ENS Cachan, France Abstract In this article we discuss two alternative proposals for

More information

Test Case Generation for Ultimately Periodic Paths Joint work with Saddek Bensalem Hongyang Qu Stavros Tripakis Lenore Zuck Accepted to HVC 2007 How to find the condition to execute a path? (weakest precondition

More information

Plan-Space Search. Searching for a Solution Plan in a Graph of Partial Plans

Plan-Space Search. Searching for a Solution Plan in a Graph of Partial Plans Plan-Space Search Searching for a Solution Plan in a Graph of Partial Plans Literature Malik Ghallab, Dana Nau, and Paolo Traverso. Automated Planning Theory and Practice, chapter 2 and 5. Elsevier/Morgan

More information

Software Engineering using Formal Methods

Software Engineering using Formal Methods Software Engineering using Formal Methods Model Checking with Temporal Logic Wolfgang Ahrendt 24th September 2013 SEFM: Model Checking with Temporal Logic /GU 130924 1 / 33 Model Checking with Spin model

More information

CS Master Level Courses and Areas COURSE DESCRIPTIONS. CSCI 521 Real-Time Systems. CSCI 522 High Performance Computing

CS Master Level Courses and Areas COURSE DESCRIPTIONS. CSCI 521 Real-Time Systems. CSCI 522 High Performance Computing CS Master Level Courses and Areas The graduate courses offered may change over time, in response to new developments in computer science and the interests of faculty and students; the list of graduate

More information

Semantics and Verification of Software

Semantics and Verification of Software Semantics and Verification of Software Lecture 21: Nondeterminism and Parallelism IV (Equivalence of CCS Processes & Wrap-Up) Thomas Noll Lehrstuhl für Informatik 2 (Software Modeling and Verification)

More information

Module 7. Software Engineering Issues. Version 2 EE IIT, Kharagpur 1

Module 7. Software Engineering Issues. Version 2 EE IIT, Kharagpur 1 Module 7 Software Engineering Issues Version 2 EE IIT, Kharagpur 1 Lesson 34 Requirements Analysis and Specification Version 2 EE IIT, Kharagpur 2 Specific Instructional Objectives At the end of this lesson,

More information

Model Checking LTL Properties over C Programs with Bounded Traces

Model Checking LTL Properties over C Programs with Bounded Traces Noname manuscript No. (will be inserted by the editor) Model Checking LTL Properties over C Programs with Bounded Traces Jeremy Morse 1, Lucas Cordeiro 2, Denis Nicole 1, Bernd Fischer 1,3 1 Electronics

More information

CSE 459/598: Logic for Computer Scientists (Spring 2012)

CSE 459/598: Logic for Computer Scientists (Spring 2012) CSE 459/598: Logic for Computer Scientists (Spring 2012) Time and Place: T Th 10:30-11:45 a.m., M1-09 Instructor: Joohyung Lee (joolee@asu.edu) Instructor s Office Hours: T Th 4:30-5:30 p.m. and by appointment

More information

Lecture 13 of 41. More Propositional and Predicate Logic

Lecture 13 of 41. More Propositional and Predicate Logic Lecture 13 of 41 More Propositional and Predicate Logic Monday, 20 September 2004 William H. Hsu, KSU http://www.kddresearch.org http://www.cis.ksu.edu/~bhsu Reading: Sections 8.1-8.3, Russell and Norvig

More information

Fundamentals of Software Engineering

Fundamentals of Software Engineering Fundamentals of Software Engineering Model Checking with Temporal Logic Ina Schaefer Institute for Software Systems Engineering TU Braunschweig, Germany Slides by Wolfgang Ahrendt, Richard Bubel, Reiner

More information

Formal verification of contracts for synchronous software components using NuSMV

Formal verification of contracts for synchronous software components using NuSMV Formal verification of contracts for synchronous software components using NuSMV Tobias Polzer Lehrstuhl für Informatik 8 Bachelorarbeit 13.05.2014 1 / 19 Problem description and goals Problem description

More information

CISC422/853: Formal Methods

CISC422/853: Formal Methods Outline CISC422/853: Formal Methods in Software Engineering: Computer-Aided Verification Topic 7: Specifying, or How to Describe How the System Should (or Should Not) Behave Juergen Dingel Feb, 2009 Readings:

More information

Formal Engineering for Industrial Software Development

Formal Engineering for Industrial Software Development Shaoying Liu Formal Engineering for Industrial Software Development Using the SOFL Method With 90 Figures and 30 Tables Springer Contents Introduction 1 1.1 Software Life Cycle... 2 1.2 The Problem 4 1.3

More information

Fabio Patrizi DIS Sapienza - University of Rome

Fabio Patrizi DIS Sapienza - University of Rome Fabio Patrizi DIS Sapienza - University of Rome Overview Introduction to Services The Composition Problem Two frameworks for composition: Non data-aware services Data-aware services Conclusion & Research

More information

Optimizing Description Logic Subsumption

Optimizing Description Logic Subsumption Topics in Knowledge Representation and Reasoning Optimizing Description Logic Subsumption Maryam Fazel-Zarandi Company Department of Computer Science University of Toronto Outline Introduction Optimization

More information

Software Model Checking: Theory and Practice

Software Model Checking: Theory and Practice Software Model Checking: Theory and Practice Lecture: Specification Checking - LTL Model Checking Copyright 2004, Matt Dwyer, John Hatcliff, and Robby. The syllabus and all lectures for this course are

More information

The Course. http://www.cse.unsw.edu.au/~cs3153/

The Course. http://www.cse.unsw.edu.au/~cs3153/ The Course http://www.cse.unsw.edu.au/~cs3153/ Lecturers Dr Peter Höfner NICTA L5 building Prof Rob van Glabbeek NICTA L5 building Dr Ralf Huuck NICTA ATP building 2 Plan/Schedule (1) Where and When Tuesday,

More information

Automata-Based Verification of Temporal Properties on Running Programs Dimitra Giannakopoulou Klaus Havelund

Automata-Based Verification of Temporal Properties on Running Programs Dimitra Giannakopoulou Klaus Havelund Automata-Based Verification of Temporal Properties on Running Programs Dimitra Giannakopoulou Klaus Havelund RIACS Technical Report 01.21 August 2001 Presented at the 16 th IEEE International Conference

More information

Language-oriented Software Development and Rewriting Logic

Language-oriented Software Development and Rewriting Logic Language-oriented Software Development and Rewriting Logic Christiano Braga cbraga@ic.uff.br http://www.ic.uff.br/ cbraga Universidade Federal Fluminense (UFF) Language-oriented Software Development and

More information

Algebraic Recognizability of Languages

Algebraic Recognizability of Languages of Languages LaBRI, Université Bordeaux-1 and CNRS MFCS Conference, Prague, August 2004 The general problem Problem: to specify and analyse infinite sets by finite means The general problem Problem: to

More information

4 Domain Relational Calculus

4 Domain Relational Calculus 4 Domain Relational Calculus We now present two relational calculi that we will compare to RA. First, what is the difference between an algebra and a calculus? The usual story is that the algebra RA is

More information

Goal-Driven Adaptable Software Architecture for UAVs

Goal-Driven Adaptable Software Architecture for UAVs SEAS DTC Annual Technical Conference 2008 Goal-Driven Adaptable Software Architecture for UAVs William Heaven, Daniel Sykes, Jeff Magee, Jeff Kramer SER001 Imperial College London The Challenge Autonomous

More information

Combining Software and Hardware Verification Techniques

Combining Software and Hardware Verification Techniques Formal Methods in System Design, 21, 251 280, 2002 c 2002 Kluwer Academic Publishers. Manufactured in The Netherlands. Combining Software and Hardware Verification Techniques ROBERT P. KURSHAN VLADIMIR

More information

tutorial: hardware and software model checking

tutorial: hardware and software model checking tutorial: hardware and software model checking gerard holzmann and anuj puri { gerard anuj } @research.bell-labs.com Bell Labs, USA outline introduction (15 mins) theory and algorithms system modeling

More information

Toward Model-Based Verification of Adaptive Allocation Managers

Toward Model-Based Verification of Adaptive Allocation Managers Toward Model-Based Verification of Adaptive Allocation Managers William Leal, Frank Drews, Chang Liu, Lonnie Welch Ohio University { leal@cs.ohiou.edu, drews@ohiou.edu, changliu@cs.ohiou.edu, welch@ohio.edu

More information

The Common Fragment of ACTL and LTL

The Common Fragment of ACTL and LTL The Common Fragment of ACTL and LTL Miko laj Bojańczyk Warsaw University Abstract. The paper explores the relationship between tree languages definable in LTL, CTL, and ACTL, the fragment of CTL where

More information

Path Querying on Graph Databases

Path Querying on Graph Databases Path Querying on Graph Databases Jelle Hellings Hasselt University and transnational University of Limburg 1/38 Overview Graph Databases Motivation Walk Logic Relations with FO and MSO Relations with CTL

More information

Trading Security with Quality of Experience

Trading Security with Quality of Experience Trading Security with Quality of Experience Alessandro Aldini University of Urbino Carlo Bo, Italy Dagstuhl Seminar 12481, Quantitative Security Analysis Outline 1 Introduction 2 Security vs. performability

More information

Coverability for Parallel Programs

Coverability for Parallel Programs 2015 http://excel.fit.vutbr.cz Coverability for Parallel Programs Lenka Turoňová* Abstract We improve existing method for the automatic verification of systems with parallel running processes. The technique

More information

Software Model Checking. Equivalence Hierarchy

Software Model Checking. Equivalence Hierarchy Software Equivalence Hierarchy Moonzoo Kim CS Dept. KAIST CS750B Software Korea Advanced Institute of Science and Technology Equivalence semantics and SW design Preliminary Hierarchy Diagram Trace-based

More information

Handout #1: Mathematical Reasoning

Handout #1: Mathematical Reasoning Math 101 Rumbos Spring 2010 1 Handout #1: Mathematical Reasoning 1 Propositional Logic A proposition is a mathematical statement that it is either true or false; that is, a statement whose certainty or

More information

A Classification of Model Checking-based Verification Approaches for Software Models

A Classification of Model Checking-based Verification Approaches for Software Models A Classification of Model Checking-based Verification Approaches for Software Models Petra Brosch, Sebastian Gabmeyer, Martina Seidl Sebastian Gabmeyer Business Informatics Group Institute of Software

More information

Verifying Specifications with Proof Scores in CafeOBJ

Verifying Specifications with Proof Scores in CafeOBJ Verifying Specifications with Proof Scores in CafeOBJ FUTATSUGI, Kokichi 二 木 厚 吉 Chair of Language Design Graduate School of Information Science Japan Advanced Institute of Science and Technology (JAIST)

More information

Concurrent Programming

Concurrent Programming Concurrent Programming Principles and Practice Gregory R. Andrews The University of Arizona Technische Hochschule Darmstadt FACHBEREICH INFCRMATIK BIBLIOTHEK Inventar-Nr.:..ZP.vAh... Sachgebiete:..?r.:..\).

More information

Technical Report. Machine learning and automated theorem proving. James P. Bridge. Number 792. November Computer Laboratory

Technical Report. Machine learning and automated theorem proving. James P. Bridge. Number 792. November Computer Laboratory Technical Report UCAM-CL-TR-792 ISSN 1476-2986 Number 792 Computer Laboratory Machine learning and automated theorem proving James P. Bridge November 2010 15 JJ Thomson Avenue Cambridge CB3 0FD United

More information

LTL Model Checking with Logic Based Petri Nets

LTL Model Checking with Logic Based Petri Nets LTL Model Checking with Logic Based Petri Nets Tristan M. Behrens and Jürgen Dix IfI Technical Report Series IfI-07-04 Impressum Publisher: Institut für Informatik, Technische Universität Clausthal Julius-Albert

More information

Introducing Formal Methods. Software Engineering and Formal Methods

Introducing Formal Methods. Software Engineering and Formal Methods Introducing Formal Methods Formal Methods for Software Specification and Analysis: An Overview 1 Software Engineering and Formal Methods Every Software engineering methodology is based on a recommended

More information

Computational Logic and Cognitive Science: An Overview

Computational Logic and Cognitive Science: An Overview Computational Logic and Cognitive Science: An Overview Session 1: Logical Foundations Technical University of Dresden 25th of August, 2008 University of Osnabrück Who we are Helmar Gust Interests: Analogical

More information

MetaGame: An Animation Tool for Model-Checking Games

MetaGame: An Animation Tool for Model-Checking Games MetaGame: An Animation Tool for Model-Checking Games Markus Müller-Olm 1 and Haiseung Yoo 2 1 FernUniversität in Hagen, Fachbereich Informatik, LG PI 5 Universitätsstr. 1, 58097 Hagen, Germany mmo@ls5.informatik.uni-dortmund.de

More information

Eastern Washington University Department of Computer Science. Questionnaire for Prospective Masters in Computer Science Students

Eastern Washington University Department of Computer Science. Questionnaire for Prospective Masters in Computer Science Students Eastern Washington University Department of Computer Science Questionnaire for Prospective Masters in Computer Science Students I. Personal Information Name: Last First M.I. Mailing Address: Permanent

More information

Primal Infon Logic with Conjunctions as Sets

Primal Infon Logic with Conjunctions as Sets Primal Infon Logic with Conjunctions as Sets Carlos Cotrini 1 Yuri Gurevich 2 Ori Lahav 3 Artem Melentyev 4 1 Swiss Federal Institute of Technology, Switzerland 2 Microsoft Research, USA 3 Tel Aviv University,

More information

A Framework for the Semantics of Behavioral Contracts

A Framework for the Semantics of Behavioral Contracts A Framework for the Semantics of Behavioral Contracts Ashley McNeile Metamaxim Ltd, 48 Brunswick Gardens, London W8 4AN, UK ashley.mcneile@metamaxim.com Abstract. Contracts have proved a powerful concept

More information

Summary Last Lecture. Automated Reasoning. Outline of the Lecture. Definition sequent calculus. Theorem (Normalisation and Strong Normalisation)

Summary Last Lecture. Automated Reasoning. Outline of the Lecture. Definition sequent calculus. Theorem (Normalisation and Strong Normalisation) Summary Summary Last Lecture sequent calculus Automated Reasoning Georg Moser Institute of Computer Science @ UIBK Winter 013 (Normalisation and Strong Normalisation) let Π be a proof in minimal logic

More information

Formal Specification and Verification

Formal Specification and Verification Formal Specification and Verification Stefan Ratschan Katedra číslicového návrhu Fakulta informačních technologíı České vysoké učení technické v Praze 2. 5. 2011 Stefan Ratschan (FIT ČVUT) PI-PSC 4 2.

More information

TEACHING MODEL CHECKING TO UNDERGRADUATES

TEACHING MODEL CHECKING TO UNDERGRADUATES STUDIA UNIV. BABEŞ BOLYAI, INFORMATICA, Volume LV, Number 3, 2010 TEACHING MODEL CHECKING TO UNDERGRADUATES A.VESCAN AND M. FRENŢIU Abstract. The way program verification is taught in our faculty is firstly

More information

Business Process Verification: The Application of Model Checking and Timed Automata

Business Process Verification: The Application of Model Checking and Timed Automata Business Process Verification: The Application of Model Checking and Timed Automata Luis E. Mendoza Morales Processes and Systems Department, Simón Bolívar University, P.O. box 89000, Baruta, Venezuela,

More information

Bisimulation and Logical Preservation for Continuous-Time Markov Decision Processes

Bisimulation and Logical Preservation for Continuous-Time Markov Decision Processes Bisimulation and Logical Preservation for Continuous-Time Markov Decision Processes Martin R. Neuhäußer 1,2 Joost-Pieter Katoen 1,2 1 RWTH Aachen University, Germany 2 University of Twente, The Netherlands

More information

System modeling. Budapest University of Technology and Economics Department of Measurement and Information Systems

System modeling. Budapest University of Technology and Economics Department of Measurement and Information Systems System modeling Business process modeling how to do it right Partially based on Process Anti-Patterns: How to Avoid the Common Traps of Business Process Modeling, J Koehler, J Vanhatalo, IBM Zürich, 2007.

More information

Runtime Verification - Monitor-oriented Programming - Monitor-based Runtime Reflection

Runtime Verification - Monitor-oriented Programming - Monitor-based Runtime Reflection Runtime Verification - Monitor-oriented Programming - Monitor-based Runtime Reflection Martin Leucker Technische Universität München (joint work with Andreas Bauer, Christian Schallhart et. al) FLACOS

More information

2 Temporal Logic Model Checking

2 Temporal Logic Model Checking Bounded Model Checking Using Satisfiability Solving Edmund Clarke 1, Armin Biere 2, Richard Raimi 3, and Yunshan Zhu 4 1 Computer Science Department, CMU, 5000 Forbes Avenue Pittsburgh, PA 15213, USA,

More information

Aikaterini Marazopoulou

Aikaterini Marazopoulou Imperial College London Department of Computing Tableau Compiled Labelled Deductive Systems with an application to Description Logics by Aikaterini Marazopoulou Submitted in partial fulfilment of the requirements

More information

Model-Checking Verification for Reliable Web Service

Model-Checking Verification for Reliable Web Service Model-Checking Verification for Reliable Web Service Shin NAKAJIMA Hosei University and PRESTO, JST nkjm@i.hosei.ac.jp Abstract Model-checking is a promising technique for the verification and validation

More information

XML Data Integration

XML Data Integration XML Data Integration Lucja Kot Cornell University 11 November 2010 Lucja Kot (Cornell University) XML Data Integration 11 November 2010 1 / 42 Introduction Data Integration and Query Answering A data integration

More information

Modular Verification of Dynamically Adaptive Systems

Modular Verification of Dynamically Adaptive Systems Modular Verification of Dynamically Adaptive Systems Ji Zhang, Heather J. Goldsby, and Betty H.C. Cheng Department of Computer Science and Engineering, Michigan State University East Lansing, Michigan,

More information

Formal Verification of Computer Systems - (INFO-F-412)

Formal Verification of Computer Systems - (INFO-F-412) Formal Verification of Computer Systems - (INFO-F-412) Thierry Massart Université Libre de Bruxelles Département d Informatique February 2013 Acknowledgment I want to thank Edmund Clarke, Keijo Heljanko,

More information

Quick Start Guide. June 3, 2012

Quick Start Guide. June 3, 2012 The ERIGONE Model Checker Quick Start Guide Mordechai (Moti) Ben-Ari Department of Science Teaching Weizmann Institute of Science Rehovot 76100 Israel http://stwww.weizmann.ac.il/g-cs/benari/ June 3, 2012

More information

Access Control Models Part I. Murat Kantarcioglu UT Dallas

Access Control Models Part I. Murat Kantarcioglu UT Dallas UT DALLAS Erik Jonsson School of Engineering & Computer Science Access Control Models Part I Murat Kantarcioglu UT Dallas Introduction Two main categories: Discretionary Access Control Models (DAC) Definition:

More information

Software Engineering. How does software fail? Terminology CS / COE 1530

Software Engineering. How does software fail? Terminology CS / COE 1530 Software Engineering CS / COE 1530 Testing How does software fail? Wrong requirement: not what the customer wants Missing requirement Requirement impossible to implement Faulty design Faulty code Improperly

More information

Context-Bounded Model Checking of LTL Properties for ANSI-C Software. Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole

Context-Bounded Model Checking of LTL Properties for ANSI-C Software. Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole Model Checking C Model checking: normally applied to formal state transition

More information

University of Ostrava. Reasoning in Description Logic with Semantic Tableau Binary Trees

University of Ostrava. Reasoning in Description Logic with Semantic Tableau Binary Trees University of Ostrava Institute for Research and Applications of Fuzzy Modeling Reasoning in Description Logic with Semantic Tableau Binary Trees Alena Lukasová Research report No. 63 2005 Submitted/to

More information

Program Monitoring with LTL in EAGLE

Program Monitoring with LTL in EAGLE Howard Barringer University of Manchester, England Program Monitoring with LTL in EAGLE Allen Goldberg, Klaus Havelund Kestrel Technology, NASA Ames Research Center, USA Koushik Sen University of Illinois,

More information