Formal Specification and Verification

Similar documents
Model Checking: An Introduction

Formal Verification and Linear-time Model Checking

Building SMT-based Software Model Checkers: an Experience Report

Algorithmic Software Verification

The Course.

T Reactive Systems: Introduction and Finite State Automata

logic language, static/dynamic models SAT solvers Verified Software Systems 1 How can we model check of a program or system?

Automata-based Verification - I

Journal of Mathematics Volume 1, Number 1, Summer 2006 pp

On the Modeling and Verification of Security-Aware and Process-Aware Information Systems

Formal Verification Coverage: Computing the Coverage Gap between Temporal Specifications

Verification of multiagent systems via ordered binary decision diagrams: an algorithm and its implementation

A Logic Approach for LTL System Modification

Formal Verification by Model Checking

Introduction to Software Verification

Introduction to Formal Methods. Các Phương Pháp Hình Thức Cho Phát Triển Phần Mềm

Software Modeling and Verification

Verification of hybrid dynamical systems

Automatic Conversion Software for the Safety Verification of Goal-based Control Programs

Table-based Software Designs: Bounded Model Checking and Counterexample Tracking

The Model Checker SPIN

Development of dynamically evolving and self-adaptive software. 1. Background

A Classification of Model Checking-based Verification Approaches for Software Models

Model Checking II Temporal Logic Model Checking

Model Checking based Software Verification

Scheduling Home Health Care with Separating Benders Cuts in Decision Diagrams

Optimization-based Trajectory Generation with Linear Temporal Logic Specifications

InvGen: An Efficient Invariant Generator

Software Verification and Testing. Lecture Notes: Temporal Logics

Checking MTL Properties of Discrete Timed Automata via Bounded Model Checking

Static Program Transformations for Efficient Software Model Checking

Formal Verification of Software

Analysis of Boolean Programs

Software Model Checking: Theory and Practice

Bounded LTL Model Checking with Stable Models

Model Checking of Software

npsolver A SAT Based Solver for Optimization Problems

Temporal Logics. Computation Tree Logic

Software Engineering using Formal Methods

Context-Bounded Model Checking of LTL Properties for ANSI-C Software

Program Synthesis is a Game

Specification and Analysis of Contracts Lecture 1 Introduction

Automated Route Planning for Milk-Run Transport Logistics with the NuSMV Model Checker

LTL Model Checking with Logic Based Petri Nets

Today s Agenda. Automata and Logic. Quiz 4 Temporal Logic. Introduction Buchi Automata Linear Time Logic Summary

Modeling and Verification of Sampled-Data Hybrid Systems

Model Checking of Global Power Management Strategies in Software with Temporal Logic Properties

A computational model for MapReduce job flow

Context-Bounded Model Checking of LTL Properties for ANSI-C Software. Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole

Teaching Software Model Checking

Fundamentals of Software Engineering

Some facts about polynomials modulo m (Full proof of the Fingerprinting Theorem)

asked the Software Engineering Institute Publishes Software Technology Review A Cliffs Notes Approach for PEOs, PMs, IPTs, and Support Staff

Monitoring Metric First-order Temporal Properties

Formal verification of contracts for synchronous software components using NuSMV

A Static Analyzer for Large Safety-Critical Software. Considered Programs and Semantics. Automatic Program Verification by Abstract Interpretation

Modeling, Verification and Testing using Timed and Hybrid. Automata. Stavros Tripakis and Thao Dang

Using Patterns and Composite Propositions to Automate the Generation of Complex LTL

HOMEWORK 5 SOLUTIONS. n!f n (1) lim. ln x n! + xn x. 1 = G n 1 (x). (2) k + 1 n. (n 1)!

Slides based in part on previous lectures by Mahesh Vishwanathan, and by Gul Agha January 21,

An Approach to Model Checking Ada Programs

Information Theory and Coding Prof. S. N. Merchant Department of Electrical Engineering Indian Institute of Technology, Bombay

Automatic Verification by Abstract Interpretation

VSE II - Hybrid Automata to Express Realtime Properties

Combining Software and Hardware Verification Techniques

TEACHING MODEL CHECKING TO UNDERGRADUATES

From Hybrid Data-Flow Languages to Hybrid Automata: A Complete Translation

A Classification of Model Checking-Based Verification Approaches for Software Models

Coverability for Parallel Programs

The ProB Animator and Model Checker for B

Automata-Based Verification of Temporal Properties on Running Programs Dimitra Giannakopoulou Klaus Havelund

How To Test Automatically

Verification of Temporal Properties in Automotive Embedded Software

INF5140: Specification and Verification of Parallel Systems

ONLINE EXERCISE SYSTEM A Web-Based Tool for Administration and Automatic Correction of Exercises

A Formal Approach for Safe Controllers Analysis

Rigorous Software Development CSCI-GA

Model-Checking Verification for Reliable Web Service

2 Temporal Logic Model Checking

Runtime Verification - Monitor-oriented Programming - Monitor-based Runtime Reflection

models of Safety - A Practical Approach

Business Process Verification: The Application of Model Checking and Timed Automata

Testing LTL Formula Translation into Büchi Automata

A Framework for the Semantics of Behavioral Contracts

Development of global specification for dynamically adaptive software

MODEL CHECKING CONCURRENT AND REAL-TIME SYSTEMS: THE PAT APPROACH. LIU YANG (B.Sc. (Hons.), NUS)

tutorial: hardware and software model checking

Model Checking Distributed Software

SECTION 10-2 Mathematical Induction

Formal Verification Toolkit for Requirements and Early Design Stages

µz An Efficient Engine for Fixed points with Constraints

Eastern Washington University Department of Computer Science. Questionnaire for Prospective Masters in Computer Science Students

Online Checking of a Hybrid Laser Tracheotomy Model in UPPAAL-SMC

Model checking test models. Author: Kevin de Berk Supervisors: Prof. dr. Wan Fokkink, dr. ir. Machiel van der Bijl

Lecture 10: Distinct Degree Factoring

HECTOR a software model checker with cooperating analysis plugins. Nathaniel Charlton and Michael Huth Imperial College London

On Recognizable Timed Languages FOSSACS 2004

Algorithms for Monitoring Real-time Properties

Fairness Modulo Theory: A New Approach to LTL Software Model Checking

Curriculum Vitae. Sergiy Bogomolov. October 6, 2015

Transcription:

Formal Specification and Verification Stefan Ratschan Katedra číslicového návrhu Fakulta informačních technologíı České vysoké učení technické v Praze 2. 5. 2011 Stefan Ratschan (FIT ČVUT) PI-PSC 4 2. 5. 2011 1 / 19

History of System Design build try Stefan Ratschan (FIT ČVUT) PI-PSC 4 2. 5. 2011 2 / 19

History of System Design build model test model Intel Pentium FDIV bug (1994) implement model Stefan Ratschan (FIT ČVUT) PI-PSC 4 2. 5. 2011 3 / 19

History of System Design build model prove correctness implement model Stefan Ratschan (FIT ČVUT) PI-PSC 4 2. 5. 2011 4 / 19

Example Modulo 8 counter: State: S. = B 3 v 0 = v 0 v 1 = v 0 v 1 v 2 = (v 0 v 1 ) v 2 Stefan Ratschan (FIT ČVUT) PI-PSC 4 2. 5. 2011 5 / 19

Example: Digital Circuit Transition relation: T S S T ((v 0, v 1, v 2 ), (v 0, v 1, v 2 )). = ((v 0, v 1, v 2 ), (v 0, v 1, v 2)) (v 0 v 0) (v 1 v 0 v 1 ) (v 2 (v 0 v 1 ) v 2 ) Non-determinism Stefan Ratschan (FIT ČVUT) PI-PSC 4 2. 5. 2011 6 / 19

Formal Specification Transition System: Set of states S Set I S of initial states Transition relation R S S For example: S = B n, I, R given by formulas in propositional logic S is program state (program counter + ranges of variables) I, R given by computer program S = {1,..., n} R n, R given by clock checks and resets: timed systems/automata S = R n, I given by (in)equalities, R given by ordinary differential equations (models of physical systems) S = {1,..., n}, I, R given by (in)equalities, ordinary differential equations, and discrete rules: hybrid (dynamical) systems (models of embedded systems) Stefan Ratschan (FIT ČVUT) PI-PSC 4 2. 5. 2011 7 / 19

Formal Specification How to specify whether a given system behaves correctly? First we have to specify properties of single states: state properties Example: error(s): state s is an error state zero(s): state s represents zero Now we can extend this to one behavior of system: A path in a transition system (S, I, R) is an infinite sequence of states s 0 s 1 s 2... s.t. s 0 I, for all i {0, 1,... }, (s i, s i+1 ) R. How to specify whether a given path shows correct/incorrect behavior? Stefan Ratschan (FIT ČVUT) PI-PSC 4 2. 5. 2011 8 / 19

Properties on Paths π State property g holds on first element of path: π = g : g(π(0)) State property holds on next element of path: π = Xg : π 1 = g Train eventually reaches full speed π = Fg : there is k 0 s.t. π k = g (F: in the future ) Number of motor rotations always stays in safe area π = Gg : for all k 0, π k = g (G: globally ) The train eventually stops and until then the doors remain closed π = guh : there is i s.t. π i = h and for all j < i, π j = g (U: until ) As long as the plane does not reach full height the fasten seat belts sign is on π = grh : for all j 0, if for all i < j, not π i = g then π j = h (R: release ) Stefan Ratschan (FIT ČVUT) PI-PSC 4 2. 5. 2011 9 / 19

Combining Operators If the elevator is called, it will eventually show up (g Fh). The train will never move with open doors G (g h) So: Boolean combinations (,, ). Combining temporal operators. For example: FGg: Eventually property g will hold forever. GFg: Always eventually g will hold. Result: Linear Temporal Logic (LTL) Syntax: every state property is an LTL formula If g and h are LTL formulas then also Xg, guh, grh, Fg, Gg, and guh, g, g h, g h, are LTL formulas. Stefan Ratschan (FIT ČVUT) PI-PSC 4 2. 5. 2011 10 / 19

Semantics For a path π and LTL formulas g, h, π = g iff g is a state property and g(π(0)) π = Xg iff π 1 = g π = Fg iff there is k 0 s.t. π k = g π = Gg iff for all k 0, π k = g π = guh iff there is i s.t. π i = h and for all j < i, π j = g. π = grh iff for all j 0, if for all i < j, not π i = g then π j = h π = g iff not π = g π = g h iff π = g and π = h π = g h iff π = g or π = h Stefan Ratschan (FIT ČVUT) PI-PSC 4 2. 5. 2011 11 / 19

Specification of System We already can specify correctness of one path. Correctness of system: = g iff for all paths π of, π = g Industrial Usage: PSL (property specification language) LTL + regular expressions Stefan Ratschan (FIT ČVUT) PI-PSC 4 2. 5. 2011 12 / 19

Formal Verification Problem: Even finite transition systems may have paths of infinite length! Checking G ok: Check prefixes of paths of length 1, 2,... : bounded model checking BMC(n) In Boolean case, individual checks can be done efficiently by SAT (in practice, not in theory) Especially: Bugs can often be found fast Bounded model checking algorithms for other types of systems: Software: CBMC [Clarke et al., 2004] Hybrid Systems: isat [Fränzle and Herde, 2007, Fränzle et al., 2007]... Stefan Ratschan (FIT ČVUT) PI-PSC 4 2. 5. 2011 13 / 19

Full LTL? Unbounded Case? Full LTL [Biere et al., 2003] For every LTL formula φ, for all n, = φ implies BMC(φ, n) Opposite direction? Observation: = Gs iff BMC(Gs, S ) If system does not fulfill Gs then it has an error path of length at most S Theorem for all finite transition system, for all LTL formula φ there is a bound n s.t. for all n n, BMC(φ, n ) iff = φ But: bound may be huge! Stefan Ratschan (FIT ČVUT) PI-PSC 4 2. 5. 2011 14 / 19

Unbounded Model Checking If we want to prove correctness over unbounded time, or we search for a bug that shows up after long time. Reach set computation: let R be the set of initial states add reachable state reachable from R until no more new reachable states If for all x R, ok(x), then = G ok. For full LTL (and other temporal logics), more complicated [Clarke et al., 1999]. Stefan Ratschan (FIT ČVUT) PI-PSC 4 2. 5. 2011 15 / 19

Unbounded Model Checking for Specific System Types In Boolean case, sets can be represented by (reduced ordered) binary decision diagrams (BDD) BDDs provide a unique representation for Boolean formulas Hence can be used equivalence checking (i.e., specification is another circuit) Other systems: Software: Huge field of software model checking [Jhala and Majumdar, 2009] Timed automata: Uppaal (http://www.uppaal.org) Hybrid systems: HyTech [Henzinger et al., 1997] PHAver [Frehse, 2008] HSolver [Ratschan and She, 2007] Stefan Ratschan (FIT ČVUT) PI-PSC 4 2. 5. 2011 16 / 19

Literature I Armin Biere, Alessandro Cimatti, Edmund M. Clarke, Ofer Strichman, and Yunshan Zhu. Bounded model checking. volume 58 of Advances in Computers, pages 117 148. Elsevier, 2003. doi: DOI:10.1016/S0065-2458(03)58003-2. Edmund Clarke, Daniel Kroening, and Flavio Lerda. A tool for checking ANSI-C programs. In Kurt Jensen and Andreas Podelski, editors, Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2004), volume 2988 of Lecture Notes in Computer Science, pages 168 176. Springer, 2004. ISBN 3-540-21299-X. Edmund M. Clarke, Orna Grumberg, and Doron A. Peled. Model Checking. MIT Press, 1999. Stefan Ratschan (FIT ČVUT) PI-PSC 4 2. 5. 2011 17 / 19

Literature II M. Fränzle, C. Herde, S. Ratschan, T. Schubert, and T. Teige. Efficient solving of large non-linear arithmetic constraint systems with complex boolean structure. JSAT Journal on Satisfiability, Boolean Modeling and Computation, Special Issue on SAT/CP Integration, 1:209 236, 2007. Martin Fränzle and Christian Herde. Hysat: An efficient proof engine for bounded model checking of hybrid systems. Formal Methods in System Design, 30(3):179 198, 2007. Goran Frehse. Phaver: algorithmic verification of hybrid systems past hytech. International Journal on Software Tools for Technology Transfer (STTT), 10(3):263 279, 2008. doi: 10.1007/s10009-007-0062-x. Thomas A. Henzinger, Pei-Hsin Ho, and Howard Wong-Toi. HYTECH: a model checker for hybrid systems. International Journal on Software Tools for Technology Transfer (STTT), 1:110 122, 1997. Stefan Ratschan (FIT ČVUT) PI-PSC 4 2. 5. 2011 18 / 19

Literature III Ranjit Jhala and Rupak Majumdar. Software model checking. ACM Comput. Surv., 41(4):1 54, 2009. ISSN 0360-0300. doi: http://doi.acm.org/10.1145/1592434.1592438. Stefan Ratschan and Zhikun She. Safety verification of hybrid systems by constraint propagation based abstraction refinement. ACM Transactions in Embedded Computing Systems, 6(1), 2007. Stefan Ratschan (FIT ČVUT) PI-PSC 4 2. 5. 2011 19 / 19

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information