Lecture 9 verifying temporal logic

Similar documents
Software Engineering using Formal Methods

Fundamentals of Software Engineering

Introduction to SPIN. Acknowledgments. Parts of the slides are based on an earlier lecture by Radu Iosif, Verimag. Ralf Huuck. Features PROMELA/SPIN

Today s Agenda. Automata and Logic. Quiz 4 Temporal Logic. Introduction Buchi Automata Linear Time Logic Summary

The Model Checker SPIN

Software Quality Exercise 1

Formal Verification by Model Checking

Introduction to Promela and SPIN. LACL, Université Paris 12

INF5140: Specification and Verification of Parallel Systems

MODEL CHECKING OF SERVICES WORKFLOW RECONFIGURATION: A PERSPECTIVE ON DEPENDABILITY

A Classification of Model Checking-based Verification Approaches for Software Models

Lecture Notes on Linear Search

CISC422/853: Formal Methods

Formal verification of contracts for synchronous software components using NuSMV

Temporal Logics. Computation Tree Logic

Model Checking based Software Verification

Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification

Using Patterns and Composite Propositions to Automate the Generation of Complex LTL

Commission Formula. Value If True Parameter Value If False Parameter. Logical Test Parameter

Validated Templates for Specification of Complex LTL Formulas

Stylianos Basagiannis

Formal Verification of Software

NSPK Protocol Security Model Checking System Builder

Concepts of Concurrent Computation

Software safety - DEF-STAN 00-55

Formal Verification and Linear-time Model Checking

TEACHING MODEL CHECKING TO UNDERGRADUATES

Specification and Analysis of Contracts Lecture 1 Introduction

System modeling. Budapest University of Technology and Economics Department of Measurement and Information Systems

Algorithmic Software Verification

logic language, static/dynamic models SAT solvers Verified Software Systems 1 How can we model check of a program or system?

User s Guide. Version 5.0

Traditional Software Development. Model Requirements and JAVA Programs. Formal Verification & Validation. What is a state?

Zeros of Polynomial Functions

tutorial: hardware and software model checking

Model Checking: An Introduction

The Course.

Logistics. Software Testing. Logistics. Logistics. Plan for this week. Before we begin. Project. Final exam. Questions?

Development of dynamically evolving and self-adaptive software. 1. Background

Static Program Transformations for Efficient Software Model Checking

Program Synthesis is a Game

Testing LTL Formula Translation into Büchi Automata

Lecture 8: Safety and Liveness Properties

Boolean Expressions, Conditions, Loops, and Enumerations. Precedence Rules (from highest to lowest priority)

Model Checking LTL Properties over C Programs with Bounded Traces

Applying Model Checking to Destructive Testing and Analysis of Software System

Rigorous Software Development CSCI-GA

Section 4.2: The Division Algorithm and Greatest Common Divisors

Informatica e Sistemi in Tempo Reale

MATHEMATICAL INDUCTION. Mathematical Induction. This is a powerful method to prove properties of positive integers.

8 Divisibility and prime numbers

Zeros of a Polynomial Function

Iteration CHAPTER 6. Topic Summary

CS11 Java. Fall Lecture 7

Rigorous Software Engineering Hoare Logic and Design by Contracts

Model checking test models. Author: Kevin de Berk Supervisors: Prof. dr. Wan Fokkink, dr. ir. Machiel van der Bijl

Software Modeling and Verification

Sources: On the Web: Slides will be available on:


Business Process Verification: The Application of Model Checking and Timed Automata

T Reactive Systems: Introduction and Finite State Automata

Digital Design Verification

Regression Verification: Status Report

INF5140: Specification and Verification of Parallel Systems

ECE 3401 Lecture 7. Concurrent Statements & Sequential Statements (Process)

Lecture Notes for Chapter 34: Images

Model Checking of Software

A Static Analyzer for Large Safety-Critical Software. Considered Programs and Semantics. Automatic Program Verification by Abstract Interpretation

Lecture Notes on Binary Search Trees

Relational Calculus. Module 3, Lecture 2. Database Management Systems, R. Ramakrishnan 1

CS 103X: Discrete Structures Homework Assignment 3 Solutions

What Is Recursion? Recursion. Binary search example postponed to end of lecture

Combining Software and Hardware Verification Techniques

Zeros of Polynomial Functions

Boogie: A Modular Reusable Verifier for Object-Oriented Programs

Software Verification and Testing. Lecture Notes: Temporal Logics

VeriTech - A Framework for Translating among Model Description Notations

v w is orthogonal to both v and w. the three vectors v, w and v w form a right-handed set of vectors.

What is a Loop? Pretest Loops in C++ Types of Loop Testing. Count-controlled loops. Loops can be...

Transcription:

Basics of advanced software systems Lecture 9 verifying temporal logic formulae with SPIN 21/01/2013 1

Outline for today 1. Introduction: motivations for formal methods, use in industry 2. Developing models : automaton, specification of correctness properties 3. Verification Techniques : simulation, model checking, schedulability analysis, theorem proving, etc 4. Focus : Promela Spin for the verification of concurrent processes 5. Lab work: modeling & verification of an electronic purse - 2

Limits of assertions for verification No separation of concerns between the model and correctness properties Invariance properties are more conveniently expressed as global properties, e.g.: array index k must be within bounds at each step of a program : 0 <= x <= len- 1 the number of processes accessing the network interface at each point in time must be less than or equal to 1 Many correctness properties cannot be expressed with assertions: Absence of deadlocks: if several planes are waiting to land, eventually one of them will be allowed to land Absence of starvation: if one plane wants to land, eventually that place will be permitted to land 3

Recap on how to specify properties (1/2) Safety: Something good is guaranteed throughout each run: [] p Something bad never happens: []! p Liveness: Something good will eventually happen: <>p 4

Recap on how to specify properties (2/2) p : always p (p is always true), express invariance p : eventually p (p will become true at some point), express guarantee One has! p!p and! p!p p q : p implies eventually q, express response to an event p : always eventually p ( if p happens to be false, it is always guaranteed to become true again ), p : eventually always p ( at some point, p will become invariantly true for the remainder of the run ) - 5

Verifying temporal logic formulae with Spin (1/2) Step1: defining properties Add #define at the top of the program defining each variable used in the formulae, e.g. #define p (! (Gate_is_up && train_is_passing) ) #define q ( nb==1 ) Define temporal logic in the model file (.pml): ltl <name> { <TL formula> }, ex: ltl q_is_always_true { [] q } ltl other_property { <> ( critical <= 1 ) } 6

Verifying temporal logic formulae with Spin (2/2) Step2 - case A : verifying safety properties spin610 a model.pml; gcc DSAFETY o pan pan.c;./pan N property_name Step2 - case B : verifying liveness properties spin610 a model.pml; gcc o pan pan.c; sometimes DNFAIR=x is needed./pan a f N property_name 7

Exercise: producers consumers continued Question 1: check that it never happens that starting from some point only productions occur, only consumptions occur. Test the two opposite properties as well, and resimulate the failing trace: spin t p l model.pml (uses the pml file) Question 2: extend the model so that the same consumer does not consume twice in a row 8

Exercise: let us consider the following code #define NUM_PROCS 3 bool locked = false; int nb = 0; active[num_procs] proctype loop() { do :: true-> atomic { }! locked -> locked = true; nb++; /* interesting code would go here */ printf( current process %d \n", _pid ); nb--; } locked = false; od 9

Verifying temporal logic formulae with Spin Question 1 : understand the program, what does it do? What is the range of variation of nb? Question 2: check using an assert statement that there is exactly one process in critical section. Question 3: using verification with temporal logic, prove that the property on variable nb holds at each possible state of the system. Question 4: using verification with temporal logic, verify that the value of nb alternates between 0 and 1. 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information