TTM/PAT: Specifying and Verifying Timed Transition Models
|
|
- Maryann McKinney
- 5 years ago
- Views:
Transcription
1 TTM/PAT: Specifying and Verifying Timed Transition Models Jonathan S. Ostroff 1, Chen-Wei Wang 1,Yang Liu 2, Jun Sun 3, and Simon Hudon 1 1 Department of Electrical Engineering & Computer Science, York University 2 School of Computer Engineering, Nanyang Technological University 3 Singapore University of Technology and Design FTSCS 13, Queenstown
2 Contents Introduction TTM/PAT: Architecture TTM/PAT: Resources Contributions A Pacemaker Example A TTM for Pacemaker Evaluation: A Nuclear Shutdown System More in this Paper: TTM Semantics Extended Work: Compositional Reasoning Conclusion Further References
3 Introduction Timed Transition Models (TTMs) guarded transition systems for describing reactive systems found useful in modelling a production nuclear reactor SDS TTMs were represented manually in foreign languages We propose a textual modelling language for TTMs: a discrete time domain [t ick event] system as a composition of module instances global & local timers [monotonicity] demonic assignments [compositional reasoning] time bounds & fairness constraints [event level] LTL properties language [untimed & timed] native tool support in PAT [simulation & checking]
4 TTM/PAT: Architecture TTM Module Reference:
5 TTM/PAT: Resources Reference:
6 Contributions 1. The textual syntax for the TTM notation 2. An operational semantics for TTMs using LTS (i.e., digitization) for this talk, we do not address it in details [see the paper] 3. Implemented tool support in PAT
7 A Pacemaker Example an electronic device implanted into the body to detect (or sense) natural cardiac stimulations regulate the heart beat by delivering electrical stimuli (or paces) over leads with electrodes that are in contact with the heart
8 In the VVI mode, the hysteresis rate interval (HRI=1200ms) is the default maximum time between two consecutive sensing s. Case of Pacing: no sensing has occurred within the current rate interval, then a pace is delivered hysteresis pacing is disabled by restricting the new cycle to the lower rate interval (LRI = 1000ms) Case of Sensing: a heartbeat is sensed within the current rate interval, then further sensing is disabled for a ventricular refractory period (VRP = 400ms) to avoid noise following the heartbeat once VRP is over, the cycle is relaxed to a larger HRI without delivering a pace
9 Heart Ventricle Controller new_cycle[0, 0] start t hbn[vrp, *] when!pace do ri := HRI, sense := true computer_delay[1, 1], vsense[0, 0] when sense do ri := HRI, sense := false new_cycle[0, 0] start t hbp[0, 0] when pace ^ t do ri := LRI, pace := false VRP computer_delay[1, 1] vpace[0, 0] when!sense && t = ri do ri := LRI, pace := true
10 A TTM for Pacemaker Constants and timers #define VRP 400; #define LRI 1000; #define HRI 1200; timers end t: 0.. (HRI+1) enabledinit share initialization sense: BOOL = false // channel: sent from Heart, received by Controller pace : BOOL = false // channel: sent from Controller, received by Heart end
11 Module of Environment the human heart module HEART interface pace: share BOOL sense : share BOOL local ri : INT = HRI last_ri : INT = HRI // record ri before hbn or hbp occurs pc : INT = 0 events hbn[vrp, *] // natural heart beat when!pace && pc==0 do sense := true, ri := HRI, last_ri:=ri, // ri denotes prestate value pc := 1 end hbp[0,0] // paced heart beat when pace && VRP <= t && pc==0 do pace := false, ri := LRI, last_ri := ri, pc := 1 end new_cycle[0,0] // restart a new cycle when pc==1 start t do pc := 0 end interface or local variables variable modifier: in, out, share events: guards, time bounds, start or stop timers, simultaneous assignments
12 Module of Controller the ventricle controller module VENTRICLE_CONTROLLER interface pace : share BOOL sense: share BOOL local ri : INT = HRI pc: INT = 0 events vpace[0,0] when pc==0 &&!sense && t==ri do ri := LRI, pace := true, pc:= 1 end vsense[0,0] when pc==0 && sense do ri := HRI, sense := false, pc :=1 end compute_delay[1,1] when pc==1 do pc:= 0 end end
13 Module Instantiations & Compositions instances H = HEART (share pace, share sense) VC = VENTRICLE_CONTROLLER (share pace, share sense) end composition System = H VC end We also support iterated composition, e.g., in the Fischer s algorithm: composition fischer = i: PROCESS(share x, share c, in i) end
14 Properties Language: TTM vs Uppaal Assertion TCTL of Uppaal LTL of TTM/PAT Henceforth p S = A p S = p Eventually p S = A p S = p Whenever p, eventually q S = p q S = (p ( q)) Infinitely often p S = t rue p S = p Referring to a state M.state pc = state Non-Zenoness S = t ick p until q S = p q q releases p S = q p Nesting of temporal operators e.g., ( p (p q)) Referring to occurrences of event e e Timer t has increased monotonically mono (t) Eventually henceforth p S = p S possibly maintains p S = E p inverse of S = ( p) S possibly reaches p S = E p S reaches p Nesting of path quantifiers p
15 Formalizing Requirements We translate a list of requirements into LTL formulas: 1. A natural heartbeat occurs only in the interval [VRP, H.last_ri] in the cardiac cycle. System = (H.hbn VRP t H.last_ri) We couldn t use H.ri since it has already been changed by H.hbn. 2. Infinitely often, a natural or paced heart beat occurs between VRP and HRI time units from each other (note. LRI < HRI). No events illegally set the value of timer t. System = ( H.new_cycle t = 0 mono(t) ( (H.hbn H.hbp) VRP t HRI ) )
16 We also translate a list of healthiness conditions into LTL formulas: 1. Clock ticks infinitely often (non-zeno behaviour). System = tick 2. Timer t is always bounded by HRI. System = (t HRI + 1)
17 Demo: Locating the Pacemaker Example
18 TTM/PAT: Static Type Checking
19 TTM/PAT: Generating Reachability Graph
20 TTM/PAT: Graphical Simulation
21 TTM/PAT: Verification
22 TTM/PAT: Generating Counter-Example
23 TTM/PAT: Traceability of Counter-Examples
24 Evaluation: A Nuclear Shutdown System Context Diagram of SDS Nuclear Reactor State Diagram of SDS Controller both_hi[1,1] delay[29,29] power_low[1,1] power_hi[1,1] power_hi[1,1] relay:=open Trip Relay SDS Controller Pressure Power power_low[1,1] relay:=close delay[19,19] Analog Implementation of SDS Controller Pressure AND Timer1 AND Timer2 Relay Power
25 Liveness & Safety Properties Liveness Response Formula F res : Henceforth, if Power and Pressure simultaneously exceed their threshold values for at least 2 clock ticks, and 30 ticks later Power exceeds its threshold for another 2 ticks, then within 30 to 32 ticks, open the reactor relay for at least 20 ticks. [pattern: (p q)] Safety Recovery Formula F rec : Henceforth, if the relay is open for 20 ticks, and after the 20th tick the power is low for at least 2 ticks, then the relay is closed before the 22nd tick. [pattern: ( (T power_low = 2 rela y = open) )]
26 TTM/PAT outperforms manual encodings in Uppaal and SAL Property Controller Model TTM: t ick Result TTM/PAT Uppaal SAL F res : System Response F ires : Initialized System Response SP EC PROG SP EC r PROG r SP EC PROG SP EC r PROG r SP EC r1 SP EC r PROG r1 PROG r >1h #states: 421,442 #states: 1,771,396 #trans.: 821,121 #trans: 1,771,396 F rec : System Recovery SP EC PROG SP EC r PROG r SP EC r1 SP EC r PROG r1 PROG r >1h Unit of Measurement: Seconds
27 More in this Paper: TTM Semantics Abstract Syntax Single Machine Digitation using LTS turning event occurrences (e.g., t ick) into state predicates scheduling real-time: time bounds [l, u] e.g., spontaneous ([0, ]), instantaneous ([0, 0]) fairness assumptions: just (weak) vs compassionate (strong) e.g. just enter[0, ] when... do... end Multiple Machines module instantiation module composition iterated composition
28 Extended Work: Compositional Reasoning Motivation. local reasoning w.r.g. an arbitrary environment Rule m1 = m P m2 m Q P Q R m1 m2 = R Demonic, non-deterministic assignments to model event actions: a :: b :: BOOL c :: {on, off} d :: ARRAY[STATE](20) type STATE = {low, high} end module Plant interface power : out STATE = low pressure : out STATE = low events update[1, ] do power :: STATE, pressure :: STATE end
29 Conclusion textual syntax for the convenient, expressive TTM notation modules, events, time bounds, fairness assumptions untimed and timed LTL properties [mono. of timer, non-zeno] LTS semantics (i.e., digitization) tool support for automated encoding: TTM/PAT static type checking graphical simulation model checking & traceable counter-examples significantly better performance than encodings in Uppaal and SAL will improve the performance (e.g., BDD, DBM) event-based syntax is amenable to theorem proving when model checking runs out of steam!
30 Further References Compositional Reasoning using TTM/PAT J. S. Ostroff, C.-W. Wang, and S. Hudon. (2013) TTM/PAT: A Tool for Modelling and Verifying Timed Transition Models. Tech Report CSE
31 Please Question/Comment/Criticize.
32 in FTSCS 13 Index 2 Contents 3 Introduction 4 TTM/PAT: Architecture 5 TTM/PAT: Resources 6 Contributions 7 A Pacemaker Example 10 A TTM for Pacemaker 10 Constants and timers 11 Module of Environment the human heart 12 Module of Controller the ventricle controller 13 Module Instantiations & Compositions
33 in FTSCS Properties Language: TTM vs Uppaal 15 Formalizing Requirements 18 TTM/PAT: Static Type Checking 19 TTM/PAT: Generating Reachability Graph 20 TTM/PAT: Graphical Simulation 21 TTM/PAT: Verification 22 TTM/PAT: Generating Counter-Example 23 TTM/PAT: Traceability of Counter-Examples 24 Evaluation: A Nuclear Shutdown System 25 Liveness & Safety Properties 26 TTM/PAT outperforms manual encodings in Uppaal and SAL 27 More in this Paper: TTM Semantics 28 Extended Work: Compositional Reasoning
34 29 Conclusion 30 Further References 32 Index
Improved BDD-based Discrete Analysis of Timed Systems
Improved BDD-based Discrete Analysis of Timed Systems Truong Khanh Nguyen 1, Jun Sun 2, Yang Liu 1, Jin Song Dong 1 and Yan Liu 1 1 School of Computing National University of Singapore 2 Information System
More informationStateClock: a Tool for Timed Reactive Modules
StateClock: a Tool for Timed Reactive Modules Jonathan S. Ostroff Department Of Computer Science, York University, Toronto, Canada, M3J 1P3. Email: jonathan@yorku.ca Abstract: We provide an overview of
More informationIntroduction to Linear-Time Temporal Logic. CSE 814 Introduction to LTL
Introduction to Linear-Time Temporal Logic CSE 814 Introduction to LTL 1 Outline Motivation for TL in general Types of properties to be expressed in TL Structures on which LTL formulas are evaluated Syntax
More informationDistributed Systems Programming (F21DS1) Formal Verification
Distributed Systems Programming (F21DS1) Formal Verification Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University Edinburgh Overview Focus on
More informationOverview of Timed Automata and UPPAAL
Overview of Timed Automata and UPPAAL Table of Contents Timed Automata Introduction Example The Query Language UPPAAL Introduction Example Editor Simulator Verifier Conclusions 2 Introduction to Timed
More informationA Safety-Assured Development Approach for Real-Time Software
Department of Computer & Information Science Departmental Papers (CIS) University of Pennsylvania Year 2010 A Safety-Assured Development Approach for Real-Time Software Eunkyoung Jee Shaohui Wang Jeong
More informationFormal Methods in Software Engineering. Lecture 07
Formal Methods in Software Engineering Lecture 07 What is Temporal Logic? Objective: We describe temporal aspects of formal methods to model and specify concurrent systems and verify their correctness
More informationM. De Wulf, L. Doyen,J.-F. Raskin Université Libre de Bruxelles Centre Fédéré en Vérification
Systematic Implementation of Real-Time Models M. De Wulf, L. Doyen,J.-F. Raskin Université Libre de Bruxelles Centre Fédéré en Vérification Model-based Development for Controllers Make a model of the environment
More informationOverview. Probabilistic Programming. Dijkstra s guarded command language: Syntax. Elementary pgcl ingredients. Lecture #4: Probabilistic GCL
Overview Lecture #4: Probabilistic GCL 1 Joost-Pieter Katoen 2 3 Recursion RWTH Lecture Series on 2018 Joost-Pieter Katoen 1/31 Joost-Pieter Katoen 2/31 Dijkstra s guarded command language: Syntax Elementary
More informationTemporal Logic and Timed Automata
Information Systems Analysis Temporal Logic and Timed Automata (5) UPPAAL timed automata Paweł Głuchowski, Wrocław University of Technology version 2.3 Contents of the lecture Tools for automatic verification
More informationAn Introduction to UPPAAL. Purandar Bhaduri Dept. of CSE IIT Guwahati
An Introduction to UPPAAL Purandar Bhaduri Dept. of CSE IIT Guwahati Email: pbhaduri@iitg.ernet.in OUTLINE Introduction Timed Automata UPPAAL Example: Train Gate Example: Task Scheduling Introduction UPPAAL:
More informationDistributed Systems Programming (F21DS1) SPIN: Formal Analysis II
Distributed Systems Programming (F21DS1) SPIN: Formal Analysis II Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University Edinburgh Overview Introduce
More informationFurther Topics in Modelling & Verification
Further Topics in Modelling & Verification Thursday Oct 09, 2014 Philipp Rümmer Uppsala University Philipp.Ruemmer@it.uu.se 1/34 Recap: Timed automata (TA) 2/34 Recap: Properties 3/34 Questions about TA
More informationSymbolic Trajectory Evaluation - A Survey
Automated Verification Symbolic Trajectory Evaluation - A Survey by Mihaela Gheorghiu Department of Computer Science University of Toronto Instructor: Prof. Marsha Chechik January 3, 24 Motivation Simulation
More informationVerification in Continuous Time Recent Advances
Verification in Continuous Time Recent Advances Hongyang Qu Department of Automatic Control and Systems Engineering University of Sheffield 10 March 2017 Outline Motivation Probabilistic models Real-time
More informationLecture 7: Requirements Modeling III. Formal Methods in RE
Lecture 7: Requirements Modeling III Last Last Week: Week: Modeling Modeling and and (II) (II) Modeling Modeling Functionality Functionality Structured Structured Object Object Oriented Oriented This This
More informationSoftware Engineering of Robots
Software Engineering of Robots Ana Cavalcanti Jon Timmis, Jim Woodcock Wei Li, Alvaro Miyazawa, Pedro Ribeiro University of York December 2015 Overview One of UK eight great technologies: robotics and
More informationwant turn==me wait req2==0
Uppaal2k: Small Tutorial Λ 16 October 2002 1 Introduction This document is intended to be used by new comers to Uppaal and verification. Students or engineers with little background in formal methods should
More informationModel checking and timed CTL
Chapter 6 Model checking and timed CTL Ah! What did I tell you? 88 miles per hour! The temporal displacement occurred at exactly 1:20am and *zero* seconds! [Dr Emmett Brown] 6.1 Timed CTL Page 86 Formal
More informationA Simple Tutorial on NuSMV
NuSMV-tutorial 1 A Simple Tutorial on NuSMV Chenyi Zhang March 28, 2007 For a comprehensive tutorial, please visit the site http://nusmv.irst.itc.it/ NuSMV-tutorial 2 Introduction History SMV is the first
More informationOverview. Discrete Event Systems - Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?
Computer Engineering and Networks Overview Discrete Event Systems - Verification of Finite Automata Lothar Thiele Introduction Binary Decision Diagrams Representation of Boolean Functions Comparing two
More informationFormal Methods for Software Development
Formal Methods for Software Development Model Checking with Temporal Logic Wolfgang Ahrendt 21st September 2018 FMSD: Model Checking with Temporal Logic /GU 180921 1 / 37 Model Checking Check whether a
More informationSelf Stabilization. CS553 Distributed Algorithms Prof. Ajay Kshemkalyani. by Islam Ismailov & Mohamed M. Ali
Self Stabilization CS553 Distributed Algorithms Prof. Ajay Kshemkalyani by Islam Ismailov & Mohamed M. Ali Introduction There is a possibility for a distributed system to go into an illegitimate state,
More informationCyber Physical System Verification with SAL
Cyber Physical System Verification with July 22, 2013 Cyber Physical System Verification with Outline 1 2 3 4 5 Cyber Physical System Verification with Table of Contents 1 2 3 4 5 Cyber Physical System
More informationDiscrete Mathematics Lecture 4. Harper Langston New York University
Discrete Mathematics Lecture 4 Harper Langston New York University Sequences Sequence is a set of (usually infinite number of) ordered elements: a 1, a 2,, a n, Each individual element a k is called a
More informationCOMP 763. Eugene Syriani. Ph.D. Student in the Modelling, Simulation and Design Lab School of Computer Science. McGill University
Eugene Syriani Ph.D. Student in the Modelling, Simulation and Design Lab School of Computer Science McGill University 1 OVERVIEW In the context In Theory: Timed Automata The language: Definitions and Semantics
More informationSCADE S E M I N A R I N S O F T W A R E E N G I N E E R I N G P R E S E N T E R A V N E R B A R R
SCADE 1 S E M I N A R I N S O F T W A R E E N G I N E E R I N G P R E S E N T E R A V N E R B A R R What is SCADE? Introduction 2 Software Critical Application Development Environment, a Lustrebased IDE
More informationTOWARDS A VERIFIED CARDIAC PACEMAKER. Asankhaya Sharma
TOWARS A VERIFIE CARIAC PACEMAKER Asankhaya Sharma asankhaya@nus.edu.sg Technical Report November 2010 TOWARS A VERIFIE CARIAC PACEMAKER Abstract In this report we describe our attempt to solve the pacemaker
More informationVS 3 : SMT Solvers for Program Verification
VS 3 : SMT Solvers for Program Verification Saurabh Srivastava 1,, Sumit Gulwani 2, and Jeffrey S. Foster 1 1 University of Maryland, College Park, {saurabhs,jfoster}@cs.umd.edu 2 Microsoft Research, Redmond,
More informationECDAR: An Environment for Compositional Design and Analysis of Real Time Systems
ECDAR: An Environment for Compositional Design and Analysis of Real Time Systems AlexandreDavid 1,Kim.G.Larsen 1,AxelLegay 2, UlrikNyman 1,AndrzejWąsowski 3 1 ComputerScience,AalborgUniversity,Denmark
More informationMore on Verification and Model Checking
More on Verification and Model Checking Wednesday Oct 07, 2015 Philipp Rümmer Uppsala University Philipp.Ruemmer@it.uu.se 1/60 Course fair! 2/60 Exam st October 21, 8:00 13:00 If you want to participate,
More informationFinite State Verification. CSCE Lecture 14-02/25/2016
Finite State Verification CSCE 747 - Lecture 14-02/25/2016 So, You Want to Perform Verification... You have a property that you want your program to obey. Great! Let s write some tests! Does testing guarantee
More informationSeamless Formal Verification of Complex Event Processing Applications
Seamless Formal Verification of Complex Event Processing Applications AnnMarie Ericsson School of Humanities and Informatics University of Skövde, Sweden annmarie.ericsson@his.se Paul Pettersson Department
More informationFormal Specification and Verification
Formal Specification and Verification Model Checking with Temporal Logic Bernhard Beckert Based on a lecture by Wolfgang Ahrendt and Reiner Hähnle at Chalmers University, Göteborg Formal Specification
More informationThe SPIN Model Checker
The SPIN Model Checker Metodi di Verifica del Software Andrea Corradini Lezione 1 2013 Slides liberamente adattate da Logic Model Checking, per gentile concessione di Gerard J. Holzmann http://spinroot.com/spin/doc/course/
More informationProgramming Languages Third Edition
Programming Languages Third Edition Chapter 12 Formal Semantics Objectives Become familiar with a sample small language for the purpose of semantic specification Understand operational semantics Understand
More informationFormal Verification: Practical Exercise Model Checking with NuSMV
Formal Verification: Practical Exercise Model Checking with NuSMV Jacques Fleuriot Daniel Raggi Semester 2, 2017 This is the first non-assessed practical exercise for the Formal Verification course. You
More informationSEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION
CHAPTER 5 SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION Alessandro Artale UniBZ - http://www.inf.unibz.it/ artale/ SECTION 5.5 Application: Correctness of Algorithms Copyright Cengage Learning. All
More informationSoftware Model Checking: Theory and Practice
Software Model Checking: Theory and Practice Lecture: Specification Checking - Specification Patterns Copyright 2004, Matt Dwyer, John Hatcliff, and Robby. The syllabus and all lectures for this course
More informationCompositional Analysis of Discrete Time Petri nets
Compositional Analysis of Discrete Time Petri nets Y. Thierry-Mieg, B. Berard, F. Kordon, D. Lime & O. H. Roux June 2011 - Compo Net 1st workshop on Petri Nets Compositions Modelling time constrained systems
More informationUpdate on Behavior Language for Embedded Systems with Software for Proof Based Analysis of Behavior
October 19, 2010 BLESS Progress Report (1) Update on Behavior Language for Embedded Systems with Software for Proof Based Analysis of Behavior Brian Larson Multitude Corporation October 19, 2010 October
More informationTemporal Refinement Using SMT and Model Checking with an Application to Physical-Layer Protocols
Temporal Refinement Using SMT and Model Checking with an Application to Physical-Layer Protocols Lee Pike (Presenting), Galois, Inc. leepike@galois.com Geoffrey M. Brown, Indiana University geobrown@cs.indiana.edu
More informationPart II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs?
Part II. Hoare Logic and Program Verification Part II. Hoare Logic and Program Verification Dilian Gurov Props: Models: Specs: Method: Tool: safety of data manipulation source code logic assertions Hoare
More informationVerification Options. To Store Or Not To Store? Inside the UPPAAL tool. Inactive (passive) Clock Reduction. Global Reduction
Inside the UPPAAL tool Data Structures DBM s (Difference Bounds Matrices) Canonical and Minimal Constraints Algorithms Reachability analysis Liveness checking Termination Verification Otions Verification
More informationFinite State Verification. CSCE Lecture 21-03/28/2017
Finite State Verification CSCE 747 - Lecture 21-03/28/2017 So, You Want to Perform Verification... You have a property that you want your program to obey. Great! Let s write some tests! Does testing guarantee
More informationVerifying Safety Property of Lustre Programs: Temporal Induction
22c181: Formal Methods in Software Engineering The University of Iowa Spring 2008 Verifying Safety Property of Lustre Programs: Temporal Induction Copyright 2008 Cesare Tinelli. These notes are copyrighted
More informationLecture 2: Symbolic Model Checking With SAT
Lecture 2: Symbolic Model Checking With SAT Edmund M. Clarke, Jr. School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 (Joint work over several years with: A. Biere, A. Cimatti, Y.
More informationAlgorithmic Verification. Algorithmic Verification. Model checking. Algorithmic verification. The software crisis (and hardware as well)
Algorithmic Verification The software crisis (and hardware as well) Algorithmic Verification Comp4151 Lecture 1-B Ansgar Fehnker Computer become more powerful (Moore s law) The quality of programs cannot
More informationSoftwaretechnik. Program verification. Albert-Ludwigs-Universität Freiburg. June 28, Softwaretechnik June 28, / 24
Softwaretechnik Program verification Albert-Ludwigs-Universität Freiburg June 28, 2012 Softwaretechnik June 28, 2012 1 / 24 Road Map Program verification Automatic program verification Programs with loops
More informationEditor. Analyser XML. Scheduler. generator. Code Generator Code. Scheduler. Analyser. Simulator. Controller Synthesizer.
TIMES - A Tool for Modelling and Implementation of Embedded Systems Tobias Amnell, Elena Fersman, Leonid Mokrushin, Paul Pettersson, and Wang Yi? Uppsala University, Sweden Abstract. Times is a new modelling,
More informationGUI for model checkers
GUI for model checkers by Bo Wang THESIS MASTER OF SCIENCE Department of Computer Science Faculty of EEMCS Delft University of Technology June, 2006 Colophon Author: Bo Wang Student id: 1235931 E-mail:
More informationOn partial order semantics for SAT/SMT-based symbolic encodings of weak memory concurrency
On partial order semantics for SAT/SMT-based symbolic encodings of weak memory concurrency Alex Horn and Daniel Kroening University of Oxford April 30, 2015 Outline What s Our Problem? Motivation and Example
More informationLecture 6. Abstract Interpretation
Lecture 6. Abstract Interpretation Wei Le 2014.10 Outline Motivation History What it is: an intuitive understanding An example Steps of abstract interpretation Galois connection Narrowing and Widening
More informationOverview. CS389L: Automated Logical Reasoning. Lecture 6: First Order Logic Syntax and Semantics. Constants in First-Order Logic.
Overview CS389L: Automated Logical Reasoning Lecture 6: First Order Logic Syntax and Semantics Işıl Dillig So far: Automated reasoning in propositional logic. Propositional logic is simple and easy to
More informationSoftwaretechnik. Program verification. Software Engineering Albert-Ludwigs-University Freiburg. June 30, 2011
Softwaretechnik Program verification Software Engineering Albert-Ludwigs-University Freiburg June 30, 2011 (Software Engineering) Softwaretechnik June 30, 2011 1 / 28 Road Map Program verification Automatic
More informationOverview of SRI s. Lee Pike. June 3, 2005 Overview of SRI s. Symbolic Analysis Laboratory (SAL) Lee Pike
June 3, 2005 lee.s.pike@nasa.gov Model-Checking 101 Model-checking is a way automatically to verify hardware or software. For a property P, A Model-checking program checks to ensure that every state on
More informationModeling and Analysis of Networked Embedded Systems using UPPAAL. Ezio Bartocci
Modeling and Analysis of Networked Embedded Systems using UPPAAL Ezio Bartocci Overview Timed Automata in UPPAAL UPPAAL modeling language Declara5ons in UPPAAL Templates in UPPAAL Urgent Channels Broadcast
More informationLectures 20, 21: Axiomatic Semantics
Lectures 20, 21: Axiomatic Semantics Polyvios Pratikakis Computer Science Department, University of Crete Type Systems and Static Analysis Based on slides by George Necula Pratikakis (CSD) Axiomatic Semantics
More informationApplications of Program analysis in Model-Based Design
Applications of Program analysis in Model-Based Design Prahlad Sampath (Prahlad.Sampath@mathworks.com) 2018 by The MathWorks, Inc., MATLAB, Simulink, Stateflow, are registered trademarks of The MathWorks,
More informationBehavioral Requirements
Functional Requirements: Behavioral Requirements Overview Decision-oriented Behavioral Models State-oriented Behavioral Models Finite State Machines (Protocol Validation & Verification) Statecharts SCR
More informationProving the Correctness of Distributed Algorithms using TLA
Proving the Correctness of Distributed Algorithms using TLA Khushboo Kanjani, khush@cs.tamu.edu, Texas A & M University 11 May 2007 Abstract This work is a summary of the Temporal Logic of Actions(TLA)
More informationSpecification and Analysis of Real-Time Systems Using Real-Time Maude
Specification and Analysis of Real-Time Systems Using Real-Time Maude Peter Csaba Ölveczky1,2 and José Meseguer 1 1 Department of Computer Science, University of Illinois at Urbana-Champaign 2 Department
More informationProgramming Embedded Systems
Programming Embedded Systems Lecture 10 An introduction to Lustre Wednesday Feb 15, 2012 Philipp Rümmer Uppsala University Philipp.Ruemmer@it.uu.se 1/34 Course topic: programming lang. Which language to
More informationReal Time is Really Simple
Real Time is Really Simple Leslie Lamport Microsoft Research Technical Report MSR-TR-2005-30 4 March 2005 Revised 16 August 2005 Abstract It is easy to write and verify real-time specifications with existing
More informationA Test Case Generation Algorithm for Real-Time Systems
A Test Case Generation Algorithm for Real-Time Systems Anders Hessel and Paul Pettersson Department of Information Technology Uppsala University, P.O. Box 337 SE-751 05 Uppsala, Sweden {hessel,paupet}@it.uu.se
More informationFormal Verification. Lecture 10
Formal Verification Lecture 10 Formal Verification Formal verification relies on Descriptions of the properties or requirements of interest Descriptions of systems to be analyzed, and rely on underlying
More informationPROPER TECHNIQUE OF SOFTWARE INSPECTION USING GUARDED COMMAND LANGUAGE
International Journal of Computer Science and Communication Vol. 2, No. 1, January-June 2011, pp. 153-157 PROPER TECHNIQUE OF SOFTWARE INSPECTION USING GUARDED COMMAND LANGUAGE Neeraj Kumar Singhania University,
More informationAn Introduction to Lustre
An Introduction to Lustre Monday Oct 06, 2014 Philipp Rümmer Uppsala University Philipp.Ruemmer@it.uu.se 1/35 ES Programming languages Which language to write embedded software in? Traditional: low-level
More informationUsing Monterey Phoenix to Formalize and Verify System Architectures
Using Monterey Phoenix to Formalize and Verify System Architectures Jiexin Zhang, Yang Liu, Mikhail Auguston, Jun Sun and Jin Song Dong School of Computing, National University of Singapore {jiexinzh,dongjs}@comp.nus.edu.sg
More informationCover Page. The handle holds various files of this Leiden University dissertation
Cover Page The handle http://hdl.handle.net/1887/22891 holds various files of this Leiden University dissertation Author: Gouw, Stijn de Title: Combining monitoring with run-time assertion checking Issue
More informationA Correctness Proof for a Practical Byzantine-Fault-Tolerant Replication Algorithm
Appears as Technical Memo MIT/LCS/TM-590, MIT Laboratory for Computer Science, June 1999 A Correctness Proof for a Practical Byzantine-Fault-Tolerant Replication Algorithm Miguel Castro and Barbara Liskov
More informationBehavioural Equivalences and Abstraction Techniques. Natalia Sidorova
Behavioural Equivalences and Abstraction Techniques Natalia Sidorova Part 1: Behavioural Equivalences p. p. The elevator example once more How to compare this elevator model with some other? The cabin
More informationModel Checking Revision: Model Checking for Infinite Systems Revision: Traffic Light Controller (TLC) Revision: 1.12
Model Checking mc Revision:.2 Model Checking for Infinite Systems mc 2 Revision:.2 check algorithmically temporal / sequential properties fixpoint algorithms with symbolic representations: systems are
More informationFORMAL METHODS IN NETWORKING COMPUTER SCIENCE 598D, SPRING 2010 PRINCETON UNIVERSITY LIGHTWEIGHT MODELING IN PROMELA/SPIN AND ALLOY
FORMAL METHODS IN NETWORKING COMPUTER SCIENCE 598D, SPRING 2010 PRINCETON UNIVERSITY LIGHTWEIGHT MODELING IN PROMELA/SPIN AND ALLOY Pamela Zave AT&T Laboratories Research Florham Park, New Jersey, USA
More informationLecture 2. Decidability and Verification
Lecture 2. Decidability and Verification model temporal property Model Checker yes error-trace Advantages Automated formal verification, Effective debugging tool Moderate industrial success In-house groups:
More informationINF672 Protocol Safety and Verification. Karthik Bhargavan Xavier Rival Thomas Clausen
INF672 Protocol Safety and Verication Karthik Bhargavan Xavier Rival Thomas Clausen 1 Course Outline Lecture 1 [Today, Sep 15] Introduction, Motivating Examples Lectures 2-4 [Sep 22,29, Oct 6] Network
More informationLecture 11 Lecture 11 Nov 5, 2014
Formal Verification/Methods Lecture 11 Lecture 11 Nov 5, 2014 Formal Verification Formal verification relies on Descriptions of the properties or requirements Descriptions of systems to be analyzed, and
More information4/6/2011. Model Checking. Encoding test specifications. Model Checking. Encoding test specifications. Model Checking CS 4271
Mel Checking LTL Property System Mel Mel Checking CS 4271 Mel Checking OR Abhik Roychoudhury http://www.comp.nus.edu.sg/~abhik Yes No, with Counter-example trace 2 Recap: Mel Checking for mel-based testing
More informationProgram verification. Generalities about software Verification Model Checking. September 20, 2016
Program verification Generalities about software Verification Model Checking Laure Gonnord David Monniaux September 20, 2016 1 / 43 The teaching staff Laure Gonnord, associate professor, LIP laboratory,
More informationThe WOODDES 1 Project: Building Better Embedded Systems
The WOODDES 1 Project: Building Better Embedded Systems M. Oliver Möller BRICS 2 ªArhus PhD student omoeller@brics.dk 1 Workshop for Object-Oriented Design and Development of Embedded Systems 2 Basic Research
More informationProgramming with Lustre
Programming with 1 Using tools This tutorial shows how to use the tool on a tiny program (the rising edge detector). You can indeed write your own program and experiment with it. 1.1 Writing the edge program
More informationPredictable multithreading of embedded applications using PRET-C
Predictable multithreading of embedded applications using PRET-C Sidharta Andalam University of Auckland New Zealand Interactive Presentation March 2010 Andalam (UoA) PRET DATE'10 1 / 20 Layout 1 Introduction
More informationAutomatic synthesis of switching controllers for linear hybrid systems: Reachability control
Automatic synthesis of switching controllers for linear hybrid systems: Reachability control Massimo Benerecetti and Marco Faella Università di Napoli Federico II, Italy Abstract. We consider the problem
More informationSource EE 4770 Lecture Transparency. Formatted 16:43, 30 April 1998 from lsli
17-3 17-3 Rate Monotonic Priority Assignment (RMPA) Method for assigning priorities with goal of meeting deadlines. Rate monotonic priority assignment does not guarantee deadlines will be met. A pure periodic
More informationCS 267: Automated Verification. Lecture 13: Bounded Model Checking. Instructor: Tevfik Bultan
CS 267: Automated Verification Lecture 13: Bounded Model Checking Instructor: Tevfik Bultan Remember Symbolic Model Checking Represent sets of states and the transition relation as Boolean logic formulas
More informationCMSC 330: Organization of Programming Languages
CMSC 330: Organization of Programming Languages Operational Semantics CMSC 330 Summer 2018 1 Formal Semantics of a Prog. Lang. Mathematical description of the meaning of programs written in that language
More informationRequirements Specifications
ACM Transactions on Software Engineering and Methodology, 1996. Automated Consistency Checking of Requirements Specifications CONSTANCE L. HEITMEYER, RALPH D. JEFFORDS, BRUCE G. LABAW JUNBEOM YOO Dependable
More informationCS4215 Programming Language Implementation. Martin Henz
CS4215 Programming Language Implementation Martin Henz Thursday 26 January, 2012 2 Chapter 4 The Language simpl In this chapter, we are exting the language epl in order to provide a more powerful programming
More informationPRISM An overview. automatic verification of systems with stochastic behaviour e.g. due to unreliability, uncertainty, randomisation,
PRISM An overview PRISM is a probabilistic model checker automatic verification of systems with stochastic behaviour e.g. due to unreliability, uncertainty, randomisation, Construction/analysis of probabilistic
More informationSpecifying and Proving Broadcast Properties with TLA
Specifying and Proving Broadcast Properties with TLA William Hipschman Department of Computer Science The University of North Carolina at Chapel Hill Abstract Although group communication is vitally important
More informationFrom synchronous models to distributed, asynchronous architectures
From synchronous models to distributed, asynchronous architectures Stavros Tripakis Joint work with Claudio Pinello, Cadence Alberto Sangiovanni-Vincentelli, UC Berkeley Albert Benveniste, IRISA (France)
More informationHow to Verify a CSP Model? February 28, 2009
How to Verify a CSP Model? February 28, 2009 1 Previously Given a process, a Labeled Transition System can be built by repeatedly applying the operational semantics. Given, Alice Bob Fork1 Fork2 = Alice.get.fork
More informationA Verification Approach for GALS Integration of Synchronous Components
GALS 2005 Preliminary Version A Verification Approach for GALS Integration of Synchronous Components F. Doucet, M. Menarini, I. H. Krüger and R. Gupta 1 Computer Science and Engineering University of California,
More informationTimed Automata: Semantics, Algorithms and Tools
Timed Automata: Semantics, Algorithms and Tools Johan Bengtsson and Wang Yi Uppsala University Email: {johanb,yi}@it.uu.se Abstract. This chapter is to provide a tutorial and pointers to results and related
More informationEE382N.23: Embedded System Design and Modeling
EE382N.23: Embedded System Design and Modeling Lecture 3 Language Semantics Andreas Gerstlauer Electrical and Computer Engineering University of Texas at Austin gerstl@ece.utexas.edu Lecture 3: Outline
More informationDesign and Analysis of Distributed Interacting Systems
Design and Analysis of Distributed Interacting Systems Lecture 5 Linear Temporal Logic (cont.) Prof. Dr. Joel Greenyer May 2, 2013 (Last Time:) LTL Semantics (Informally) LTL Formulae are interpreted on
More informationTIMES A Tool for Modelling and Implementation of Embedded Systems
TIMES A Tool for Modelling and Implementation of Embedded Systems Tobias Amnell, Elena Fersman, Leonid Mokrushin, Paul Pettersson, and Wang Yi Uppsala University, Sweden. {tobiasa,elenaf,leom,paupet,yi}@docs.uu.se.
More informationFinding and Fixing Bugs in Liquid Haskell. Anish Tondwalkar
Finding and Fixing Bugs in Liquid Haskell Anish Tondwalkar Overview Motivation Liquid Haskell Fault Localization Fault Localization Evaluation Predicate Discovery Predicate Discovery Evaluation Conclusion
More informationHandout 9: Imperative Programs and State
06-02552 Princ. of Progr. Languages (and Extended ) The University of Birmingham Spring Semester 2016-17 School of Computer Science c Uday Reddy2016-17 Handout 9: Imperative Programs and State Imperative
More informationRandom Oracles - OAEP
Random Oracles - OAEP Anatoliy Gliberman, Dmitry Zontov, Patrick Nordahl September 23, 2004 Reading Overview There are two papers presented this week. The first paper, Random Oracles are Practical: A Paradigm
More information