Software Quality Exercise 1

Similar documents
Lecture 9 verifying temporal logic

Introduction to SPIN. Acknowledgments. Parts of the slides are based on an earlier lecture by Radu Iosif, Verimag. Ralf Huuck. Features PROMELA/SPIN

Fundamentals of Software Engineering

Software Engineering using Formal Methods

Today s Agenda. Automata and Logic. Quiz 4 Temporal Logic. Introduction Buchi Automata Linear Time Logic Summary

System modeling. Budapest University of Technology and Economics Department of Measurement and Information Systems

Introduction to Promela and SPIN. LACL, Université Paris 12

INF5140: Specification and Verification of Parallel Systems

The Model Checker SPIN

Software Quality Exercise 2

Memory Management Simulation Interactive Lab

Formal Verification by Model Checking

SHARED HASH TABLES IN PARALLEL MODEL CHECKING

A Classification of Model Checking-based Verification Approaches for Software Models

TECH. Requirements. Why are requirements important? The Requirements Process REQUIREMENTS ELICITATION AND ANALYSIS. Requirements vs.

University of Pennsylvania Department of Electrical and Systems Engineering Digital Audio Basics

CS170 Lab 11 Abstract Data Types & Objects

MODEL CHECKING OF SERVICES WORKFLOW RECONFIGURATION: A PERSPECTIVE ON DEPENDABILITY

Stylianos Basagiannis

ONLINE EXERCISE SYSTEM A Web-Based Tool for Administration and Automatic Correction of Exercises

T Reactive Systems: Introduction and Finite State Automata

Abstract. For notes detailing the changes in each release, see the MySQL for Excel Release Notes. For legal information, see the Legal Notices.

Part 1 Foundations of object orientation

Dalhousie University CSCI 2132 Software Development Winter 2015 Lab 7, March 11

Assignment 4 Real-world programming

Forensic Imaging and Artifacts analysis of Linux & Mac (EXT & HFS+)

Lab 11. Simulations. The Concept

AB-Clock. Manual. Copyright by GRAHL software design

Your Personal Trading Journal

HDFS Users Guide. Table of contents

Introduction of Virtualization Technology to Multi-Process Model Checking

Instructions for the evaluation of project reports, student research projects, and bachelor s theses

JobScheduler Installation by Copying

Static Program Transformations for Efficient Software Model Checking

PMOD Installation on Linux Systems

i2b2 Installation Guide

Instructions for Department of Public Health (DPH) WebConnect (Mac)

SENIOR PROCUREMENT EXECUTIVES SMALL AGENCY COUNCIL MEMBERS

University of Twente. A simulation of the Java Virtual Machine using graph grammars

Offline Audit Tool Version 3.0

Software safety - DEF-STAN 00-55

Backing Up CNG SAFE Version 6.0

Towards a Framework for Generating Tests to Satisfy Complex Code Coverage in Java Pathfinder

Illustration 1: Diagram of program function and data flow

CS 2112 Spring Instructions. Assignment 3 Data Structures and Web Filtering. 0.1 Grading. 0.2 Partners. 0.3 Restrictions

Assignment # 2: Design Patterns and GUIs

Go to CGTech Help Library. Installing CGTech Products

WebSphere Business Monitor V6.2 KPI history and prediction lab

Kirsten Sinclair SyntheSys Systems Engineers

Animated Lighting Software Overview

Green = 0,255,0 (Target Color for E.L. Gray Construction) CIELAB RGB Simulation Result for E.L. Gray Match (43,215,35) Equal Luminance Gray for Green

App Building Guidelines

A block based storage model for remote online backups in a trust no one environment

Replication on Virtual Machines

Formal Verification Toolkit for Requirements and Early Design Stages

How to resolve Root Certificate Expiry Issue for Enterprise Manager - Database Control ( )

Department of Veterans Affairs. Open Source Electronic Health Record Services

Electronic Documents: Enhancing Construction Management Courses. Introduction

IBM SmartCloud Workload Automation - Software as a Service. Agent Installation and Uninstallation Messages

Modeling and Verification. Devoir Maison 6 : DSL

Using the JNIOR with the GDC Digital Cinema Server. Last Updated November 30, 2012

This Method will show you exactly how you can profit from this specific online casino and beat them at their own game.

EEC 119B Spring 2014 Final Project: System-On-Chip Module

Software localisation: Working with PASSOLO

Explain the relationship between a class and an object. Which is general and which is specific?

Autodesk Navisworks 2015 Service Pack 3

Lab 1: Introduction to the network lab

Testing LTL Formula Translation into Büchi Automata

Sweet Home 3D user's guide

What is File Management. Methods for Categorizing Data. Viewing Data on a Computer

BECKHOFF. Application Notes. BC9000: Getting Started Guide. For additional documentation, please visit.

Resource Scheduler 2.0 Using VARCHART XGantt

Setting Up a Windows Virtual Machine for SANS FOR526

CONTENTS OF DAY 2. II. Why Random Sampling is Important 9 A myth, an urban legend, and the real reason NOTES FOR SUMMER STATISTICS INSTITUTE COURSE

Programming LEGO NXT Robots using NXC

Change Impact Analysis

Chapter 2 Data Storage

EXPRESSION OF INTEREST (EOI) Citizenship Information Management System (CIMS) Ministry of Home Affairs Singh Durbar, Kathmandu, Nepal

SAIP 2012 Performance Engineering

The goal with this tutorial is to show how to implement and use the Selenium testing framework.

Sonatype CLM Enforcement Points - Continuous Integration (CI) Sonatype CLM Enforcement Points - Continuous Integration (CI)

CS 1133, LAB 2: FUNCTIONS AND TESTING

FORENSIC ANALYSIS OF USB MEDIA EVIDENCE. Jesús Alexander García. Luis Alejandro Franco. Juan David Urrea. Carlos Alfonso Torres

Worksheet for Teaching Module Probability (Lesson 1)

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Merkle Hash Trees for Distributed Audit Logs

Finding Liveness Errors with ACO

Data Networks Project 2: Design Document for Intra-Domain Routing Protocols

Simba XMLA Provider for Oracle OLAP 2.0. Linux Administration Guide. Simba Technologies Inc. April 23, 2013

Waspmote IDE. User Guide

Effective Java Programming. measurement as the basis

THE BUSINESS VALUE OF AN ERP SYSTEM

Server Configuration and Deployment (part 1) Lotus Foundations Essentials

Performance Monitoring API for Java Enterprise Applications

Transcription:

Software Quality Exercise Model Checking Information. Dates Release: 7.0.0.5pm Deadline: 07.0.0.5pm Discussion:.0.0. Formalities While this exercise can be solved and handed in in groups of three, every member of a group must be able to answer questions about the group s solution. Please package the files containing your solution into a zip (or tar.gz) file and submit it via email to charrada@ifi.uzh.ch. The subject of the email must begin with [FS SWQ]. Answer the questions in a pdf document and include the source code (java, pml and ltl files) of your solutions. Do not include binary files such as class files, metadata (such as.svn folders or.project files) nor derived files like pan.c.. SPIN These exercises are based on spin, a model checker. You can find pointers to documentation about this tool from last year course on http://daiquiri.ifi.uzh.ch/trac/swq/wiki/spin. The tool has been installed on the computers in the lab (room: BINZ 0.B.04). Here are some helpful commands for these exercises:

Simulate a model (append -p -g for more verbose output) spin model.pml Verify a property on a model. spin -a -F property.ltl model.pml gcc -o pan pan.c./pan -a Replay a trace found by the verifier (append -p -g for more verbose output). spin -t model.pml Note: In some MacOSX and Linux distributions SPIN has problems to process LTL files given with the -F modifier. This issue can be avoided by specifying the LTL formula directly in the command line within double quotes after the -f modifier. For example: spin -a -f " [] greenlight" model.pml The LTL formula can then be saved in an LTL file before submitting the solution. Colony of Chameleons A friend of yours is the director of a zoo. He has described you the latest acquisition he was considering for his zoo: a rare colony of chameleons. This colony of chameleons includes 4 red, 5 blue, and 0 green individuals. Whenever two chameleons of different colors meet, each changes to the third color. The color mutation is an unique feature and your friend expects to attract many visitor with this colony. Still, the director has a doubt: if, by any chance, all 99 chameleons are in the same color, there will not be any color change any more and the colony would loose its value.. State Space a) Give a rough estimation of the number of states in which the colony can be. b) How many states present the undesired property?. Promela Model of the Colony Download the file Colony.pml.txt on the website of the exercises and rename it to Colony.pml. Study this model with the help of Promela documentation. a) What are the main components of a Promela model? b) The behavior of chameleons is not deterministic, in the sense that they meet each other randomly. How is this non-determinism expressed in the Promela model of the colony? c) Which other aspect of Promela is not deterministic? d) Explain briefly what are d step blocks and the reason of their presence in the Promela model of the colony. In which sense is the first instruction of such a block different than the others? e) Despite their relation with the color change phenomenon, the duration of a color change and the probability of a change have not been modeled. Explain, in maximum 5 sentences, why they are not relevant for the problem at hand.

. Simulation and Verification a) Run a few simulations of the model. Have you ended up in a state where all chameleons are of the same color? b) Express the property there are always at least two chameleons of different color in an LTL formula using the variables defined in the Promela model of the colony. Save this formula in a textfile named ColorChange.ltl. Note that you cannot define predicates in an ltl file; you have to define them as macros in the Promela model. For example: #define noredchameleonleft (!nred) c) Is it a safety or a liveness property? Why? d) Using spin, investigate whether the colony can reach a state where this property does not hold. Note that spin looks for executions that satisfy an LTL property, so, you have to negate the formula in ColorChange.ltl. What will you recommand to your friend? e) In the report of pan, the number of states stored is the number of reachable states. How many states were reachable? Compare with your answer in...a). f) In the report of pan, the number of transitions is the number of transitions that have been visited during the search. How many transitions were investigated by pan? g) A few days later, the director of the zoo informs you: a green chameleon escaped during the delivery. Has he any reason to worry? h) What is the depth of the trace (that is, the number of steps) found by pan?.4 Extending the Model After a few weeks, you visit the zoo. Looking at this chameleon colony, you feel a strong relief: there are still chameleons of every color and they change colors happily. Still, by observing them, you figure out that your friend did not describe the behavior of the chameleons very precisely. You make the following additional observations: When chameleons of different colors meet, they argue violently and kill eachother. When chameleons of the same color meet, they give birth to a new chameleon of their color. At the day of your visit, there were 0 red, 8 blue, and 6 green individuals. a) Extend the Promela model of the colony with processes so that it reflects your new observations. b) Run a few simulations of this model. What happens? Explain. c) Let s make an assumption here: chameleons only give birth if there are less than N chameleons of that color in the colony ( N = 5). Modify the model accordingly. d) Express the property soon or later, there will be no chameleon left in an LTL formula. Save this formula in a textfile named Extinction.ltl. e) Is it a safety or a liveness property? Why? f) Using spin, investigate whether the colony can die off. Are chameleons threatened with extinction? g) Modify you model again so that chameleons only give birth if there are in total less than N chameleons in the colony (initially, set N to 0). Are chameleons still threatened with extinction? h) Change the the number N to 50 instead of 0. As you did previously, investigate whether the colony can die off. What happens? Why?

p₃ t₂ p₁ t₁ p₂ cap(p₂) = 5 Figure : Example of Petri net i) Set the max search depth to 5 000 000 steps when performing the verification. Do you obtain a different result? What is the depth of the trace? Which depth has been reached during the search? j) Change the order of process declarations in the Promela model by swapping the fight process with the birth process and re-verify the model. What is the depth of the trace and which depth has been reached during the verification? Explain the difference with your previous results. Your explanation must account the fact that the behavior of the model remains unchanged by your modification..5 Scalability This exercise is based on the extended model of the colony built in the exercise..4. No LTL property will be checked on the model. While keeping the max search depth to 5 000 000 steps, perform an exhaustive search on the model for N = 60, N = 0, N = 80, N = 0 and N = 400. Note that you have to invoke pan without the option -a, since no LTL property was specified. For every execution of pan, report the following information in a table: the time spent for the verification. the number of transitions explored. the length of the longest trace explorated. the number of reachable states. the memory used for the verification. Petri Nets Petri nets can easily be translated into Promela models. For example, the Petri net in figure can be translated in the following Promela code: byte p, p, p; /* assumption: at most 56 tokens on each place */ init { p = ; p = 0; p = ; /* initial marking */ do /*t*/ :: d_step {p >= && p <= 4; p = p - ; p = p + ;} /*t*/ :: d_step {p >= ; p = p - ; p = p + ;} od } 4

Create a Promela model based on the Petri net depicted in figure. Using spin, verify whether (a) this Petri net is free of deadlock, (b) the transition t 4 can be fired at least once, (c) the transition t can be fired an infinite number of times and whether (d) as soon as p 4 receives a token, it never gets empty again. If applicable, give an execution trace to justify your answer. In each case, explain briefly how you did the verification with spin. cap(p₁) = 6 cap(p₄) = p₁ p₄ t₁ p₂ t₃ t₂ cap(p 5 ) = 4 p 5 5 t 5 t₄ Figure : Petri net to be translated in Promela 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information