Distributed Systems Programming (F21DS1) Formal Verification

Similar documents
LTL Reasoning: How It Works

Distributed Systems Programming (F21DS1) SPIN: Formal Analysis I

Introduction to Formal Methods

Distributed Systems Programming (F21DS1) SPIN: Formal Analysis II

Cover Page. The handle holds various files of this Leiden University dissertation

Distributed Systems Programming (F21DS1) SPIN: Simple Promela INterpreter

Research Collection. Formal background and algorithms. Other Conference Item. ETH Library. Author(s): Biere, Armin. Publication Date: 2001

Lecture 11 Lecture 11 Nov 5, 2014

Formal Verification. Lecture 10

INF672 Protocol Safety and Verification. Karthik Bhargavan Xavier Rival Thomas Clausen

Model Checking. Automatic Verification Model Checking. Process A Process B. when not possible (not AI).

UNIVERSITY OF SOUTHAMPTON Faculty of Engineering and Applied Science Department of Electronics and Computer Science

Temporal Refinement Using SMT and Model Checking with an Application to Physical-Layer Protocols

CITS5501 Software Testing and Quality Assurance Formal methods

By: Chaitanya Settaluri Devendra Kalia

The Maude LTL Model Checker and Its Implementation

Have we Learned from the Vasa Disaster?

! Use of formal notations. ! in software system descriptions. ! for a broad range of effects. ! and varying levels of use. !

Formal Verification for UML/SysML models

4/6/2011. Model Checking. Encoding test specifications. Model Checking. Encoding test specifications. Model Checking CS 4271

Model Checking with Automata An Overview

Distributed Systems Programming F29NM1 2. Promela I. Andrew Ireland. School of Mathematical and Computer Sciences Heriot-Watt University Edinburgh

Sérgio Campos, Edmund Clarke

Proving the Correctness of Distributed Algorithms using TLA

6. Hoare Logic and Weakest Preconditions

Overview of SRI s. Lee Pike. June 3, 2005 Overview of SRI s. Symbolic Analysis Laboratory (SAL) Lee Pike

To be or not programmable Dimitri Papadimitriou, Bernard Sales Alcatel-Lucent April 2013 COPYRIGHT 2011 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

these developments has been in the field of formal methods. Such methods, typically given by a

The Event-B Modelling Notation

Automatic synthesis of switching controllers for linear hybrid systems: Reachability control

Software Engineering using Formal Methods

Formal Methods in Software Engineering. Lecture 07

The SPIN Model Checker

Model checking Timber program. Paweł Pietrzak

Lecture 7: Requirements Modeling III. Formal Methods in RE

Chapter 1. Introduction

Lectures 20, 21: Axiomatic Semantics

Applications of Program analysis in Model-Based Design

Formal Specification and Verification

Introduction to Linear-Time Temporal Logic. CSE 814 Introduction to LTL

Theorem proving. PVS theorem prover. Hoare style verification PVS. More on embeddings. What if. Abhik Roychoudhury CS 6214

Software Engineering using Formal Methods

Joint Entity Resolution

Verifying control systems using CSP, FDR, and Handel-C.

T Reactive Systems: Kripke Structures and Automata

Self Stabilization. CS553 Distributed Algorithms Prof. Ajay Kshemkalyani. by Islam Ismailov & Mohamed M. Ali

GUI for model checkers

An Overview of the DE Hardware Description Language and Its Application in Formal Verification of the FM9001 Microprocessor

Formal Methods for Software Development

Negations in Refinement Type Systems

DIVERSITY TG Automatic Test Case Generation from Matlab/Simulink models. Diane Bahrami, Alain Faivre, Arnault Lapitre

An Exercise in Iterative Domain- Specific Language Design. Marcel van Amstel Mark van den Brand Luc Engelen

The design of a programming language for provably correct programs: success and failure

Formal Modelling of Railway Interlockings Using Event-B and the Rodin Tool-chain

Flight Systems are Cyber-Physical Systems

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

Areas related to SW verif. Trends in Software Validation. Your Expertise. Research Trends High level. Research Trends - Ex 2. Research Trends Ex 1

Algorithmic Verification. Algorithmic Verification. Model checking. Algorithmic verification. The software crisis (and hardware as well)

Promela and SPIN. Mads Dam Dept. Microelectronics and Information Technology Royal Institute of Technology, KTH. Promela and SPIN

Techniques for the unambiguous specification of software

COMP 763. Eugene Syriani. Ph.D. Student in the Modelling, Simulation and Design Lab School of Computer Science. McGill University

System Correctness. EEC 421/521: Software Engineering. System Correctness. The Problem at Hand. A system is correct when it meets its requirements

Timo Latvala. January 28, 2004

Applications of Formal Verification

Binary Decision Diagrams and Symbolic Model Checking

Combining Complementary Formal Verification Strategies to Improve Performance and Accuracy

Formal Methods. CITS5501 Software Testing and Quality Assurance

Tutorial on Model Checking Modelling and Verification in Computer Science

Introduction to Model Checking

Chapter 3. Describing Syntax and Semantics

Course Modelling of Concurrent Systems Summer Semester 2016 University of Duisburg-Essen

Formal Verification! Prof. Leon Osterweil! Computer Science 520/620! Spring 2012!

SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION

Part II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs?

Modeling a Cache Coherence Protocol with the Guarded Action Language

Topic Formal Methods. ICS 121 Lecture Notes. What are Formal Methods? What are Formal Methods? Formal Specification in Software Development

Cyber Physical System Verification with SAL

Static Analysis Techniques

Semantic Subtyping. Alain Frisch (ENS Paris) Giuseppe Castagna (ENS Paris) Véronique Benzaken (LRI U Paris Sud)

Q Body of techniques supported by. R precise mathematics. R powerful analysis tools. Q Rigorous, effective mechanisms for system.

System Debugging and Verification : A New Challenge. Center for Embedded Computer Systems University of California, Irvine

ECE 587 Hardware/Software Co-Design Lecture 12 Verification II, System Modeling

Modelling and verification of BPEL business processes

Hoare Logic. COMP2600 Formal Methods for Software Engineering. Rajeev Goré

Advances in Programming Languages

Advanced VLSI Design Prof. Virendra K. Singh Department of Electrical Engineering Indian Institute of Technology Bombay

Formal Verification by Model Checking

From Event-B Models to Dafny Code Contracts

Module 3. Requirements Analysis and Specification. Version 2 CSE IIT, Kharagpur

Formal Methods in Software Development

Property-based design with HORUS / SYNTHORUS

Invariant Based Programming

Discrete Mathematics Lecture 4. Harper Langston New York University

Chapter 3 (part 3) Describing Syntax and Semantics

Modeling Asynchronous Circuits in ACL2 Using the Link-Joint Interface

Hybrid System Modeling: Operational Semantics Issues

Basic Verification Strategy

Network Protocol Design and Evaluation

Course Modelling of Concurrent Systems Summer Semester 2016 University of Duisburg-Essen

CS/ECE 5780/6780: Embedded System Design

Transcription:

Distributed Systems Programming (F21DS1) Formal Verification Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University Edinburgh

Overview Focus on the process of formal verification. Survey the various representations, techniques and tools that support formal verification.

The Process of Formal Verification The following phases can be seen as defining the process of formal verification: Requirements capture; Modelling; Specification; Analysis; Documentation. Note that in reality some of these phases may overlap, in addition the overall process should be seen as iterative rather than sequential. We will focus on the middle three phases...

Modelling Phase Mathematical models can be developed for both discrete and continuous domains we will focus upon discrete models. Mathematical models for discrete domains: Functional & relational models; Abstract state machine models; Automata-based models; Object-oriented models. What typically distinguishes models within formal verification from other mathematical models is the notion of an underlying computational model, e.g. function composition, interleaving model,...

Functional & Relational Models Functional: Algorithms modelled as recursive functions, e.g. Device(a, b, c) fun 2 (fun 1 (a, b), c) Reasoning relatively easy; Function composition supports rapid prototyping. Relational: Algorithms modelled as relations, e.g. Device(a, b, c, d) p. rel 1 (a, b, p) rel 2 (p, c, d) where denotes there exists and denotes logical and. More natural than functional representation, e.g. variables correspond to wires within the model of a circuit; More expressive than functional representation, e.g. feedback loops can be modelled; Reasoning and rapid prototyping are harder.

Abstract State Machine Models A state machine model contains: An abstract representation of system state, e.g. values associated with the program counter and registers; A set of state operators which define a transition relation between the current and next states. For a given input-state pair the state transition operators determine the associated output and next state, i.e. Model : (Input State) (Output State) Supports rapid prototyping but reasoning can be cumbersome if the state becomes too large, e.g. many intermediate system properties may need to invented.

Automata-based Models An automata-based model is a finite-state transition system: set of states; set of state-to-state transitions based upon input stimuli. Automata may be deterministic or non-deterministic, *-Automata: the conventional notion of automata where there exists explicit initial and final states, i.e. recognizes finite sequence of stimuli. Acceptance corresponds to final state. ω-automata: an automata which contains an explicit initial state but no final state i.e. recognizes an infinite sequence of stimuli (reactive systems). Acceptance requires a different criteria, i.e. language inclusion; state exploration, reachability analysis (more later).

Object-oriented Models In an object-oriented model a system is represented by a structured collection of classes and objects which support encapsulation and inheritance. Many informal object-oriented methodologies, the emerging market leader is the Unified Modelling Language (UML). The roots of object-oriented modelling are in simulation rather than formal mathematics so there tends to be a lack of precision when it comes to semantics and formal analysis. However, there have been attempts at combining object-oriented features within existing formal frameworks, e.g. LOTOS and VDM (to give VDM++).

Developing Models Two important concerns when developing mathematical models: Abstraction: crucial for mastering complexity, but care must be taken to ensure that no key characteristic of the real system is lost, e.g. modelling a railway system without the possibility of a driver passing a signal at danger has obvious limitations in terms of safety predictions. Expressiveness vs analytical power: the more expressive a representation one uses to model a system the harder the process of analysis becomes, e.g. relations are more expressive than functions but formal reasoning becomes harder.

Specification Phase Complete verification involves two models of a system where one denotes the specification (abstract) and the other denotes the implementation (concrete). The intention being that both models are in some formal sense equivalent. Risk of errors being propagating from abstract model to concrete model. Property verification involves a single model of the system and a set of desired properties that are to be established with respect to the system model. Risk of under-specification, however, simple abstract properties can be very effective at identify design flaws. Hybrid is possible and desirable, i.e. develop key properties for both the specification and implementation models.

Logics for Specification Classical propositional logic, e.g. ((P Q) P) Q Classical first-order predicate calculus, e.g. X. Y.(number(X ) number(y )) greater(y, X ) Also higher-order versions which support quantification over functions and predicates. Temporal reasoning: (P Q) This assert that henceforth whenever P is true then eventually Q will become true. Many more logics...

Specification of Correctness Properties Partial correctness: (Pre(x) terminates(prog(x, y))) Post(x, y) Total correctness: Pre(x) (terminates(prog(x, y)) Post(x, y)) Safety properties: P property P must always hold (system invariant), e.g. mutual exclusion and absence of deadlocks. Liveness properties: P property P must eventually hold, e.g. absence of resource starvation.

Formal Analysis Direct execution & simulation. Equivalence checking (finite-state). Model checking (finite-state). Theorem proving (infinite-state).

Direct Execution & Simulation Allows a designer to observe the behaviour of a system model with respect to particular input stimuli. Direct execution and simulation are not formal analysis techniques, they complement formal analysis. However, within the context of formal methods, direct execution and simulation are possible if the modelling language is executable, e.g. The modelling language associated with the Nqthm theorem prover is a subset of common LISP; The specification language VDM has an executable subset which has been exploited commercially (see VDM-SL Toolbox produced by IFAD).

Equivalence Checking An equivalence checker determines whether or not two finite state representations perform the same function. In terms of formal verification, if a reference design and a candidate implementation can be represented by finite states then equivalence checking is applicable. Equivalence checking works well in hardware design during the final tuning and optimization phases. Equivalence checking assumes that the reference design is bug free!

Model Checking Model checking is more powerful than equivalence checking. An equivalence checker compares finite states while a model checker allows us to verify temporal properties of a finite state representation. The basic idea is that a finite state model of a system is systematically explored in order to determine whether or not a given temporal property holds. The technique is fully automatic and delivers a counter example if the specified property does not hold. Because a complete state space is generated for a given model, the analysis may fail due lack of memory if the model is too large. This state explosion problem can be tackled via abstraction.

Theorem Proving Theorem proving is more powerful than model checking. Theorem proving allows the verification infinite models, i.e. parameterized designs such as a N-bit carry adder or a bus architecture with N-processors. The basic idea is that both the model and specification (refined model or property) are represented within a suitable logic. Theorem proving is the process of showing that the model satisfies the specification by means of formal proof, i.e. a sequence of statements each of which is an instance of an axiom or follows from earlier statements by means of a proof rules. Avoids the state explosion problem but incurs a combinatorial explosion with respect to the applicability of axioms and proof rules, at best a semi-automatic technique.

Towards Integration of Analysis Techniques All the formal analysis techniques have strengths and weaknesses. Industrial strength applications typically require a variety of analysis techniques. Current trend is towards integration, e.g. The Stanford TEmporal Prover (STEP) combines both model checking and theorem proving capabilities; A model checker has been integrated within the PVS theorem prover (SRI). Ultimately formal analysis will need to be embedded within conventional computer-aided design frameworks...

SPIN: Design Verification System Modelling, specification and analysis of distributed systems. Promela PROcess MEta LAnguage: Influenced by Dijkstra s guarded command language, Hoare s process algebra CSP and has C-like syntax; Process communication modelled via message channels (asynchronous and synchronous). SPIN Formal analysis tool for Promela programs: Supports simulation, either random or interactive; Supports formal verification, i.e. deadlock freedon; unexecutable code; non-progress execution cycles; model checking for linear time temporal properties.

Summary Learning outcomes: Recommended reading: Gain an understanding of the various representations, techniques and tools associated with the formal modelling, specification and analysis of system designs. Overview of the SPIN design verification system. Formal Methods Specification and Analysis Guidebook for the Verification of Software Systems: Volume II A Practitioner s Companion, Published by NASA, see http//eis.jpl.nasa.gov/quality/formal_ Methods/ Note: All web links available via module homepage: http://www.macs.hw.ac.uk/~air/dsp-spin/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback