Verification of Graph Transformation Systems Arman Sheikholeslami

Slides:

Advertisements

Similar presentations

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Advertisements

Clocked Mazurkiewicz Traces and Partial Order Reductions for Timed Automata D. Lugiez, P. Niebert, S. Zennou Laboratoire d Informatique Fondamentale de.

Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.

A Survey of Runtime Verification Jonathan Amir 2004.

Techniques to analyze workflows (design-time)

Partial Order Reduction: Main Idea

Chapter 16 : KRONOS (Model Checking of Real-time Systems)

Part 3: Safety and liveness

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Compilation 2011 Static Analysis Johnni Winther Michael I. Schwartzbach Aarhus University.

Budapest University of Technology and EconomicsDagstuhl 2004 Department of Measurement and Information Systems 1 Towards Automated Formal Verification.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

Program correctness The State-transition model A global state S  s 0 x s 1 x … x s m {s k = local state of process k} S0  S1  S2  … Each state transition.

PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,

UPPAAL Introduction Chien-Liang Chen.

Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?

Timed Automata.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.

Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.

ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.

Hybrid Approach to Model-Checking of Timed Automata DAT4 Project Proposal Supervisor: Alexandre David.

August Moscow meeting1August Moscow meeting1August Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.

Table of Contents Why Play Chess? Setting Up the Board Get to Know the Pieces Check and Checkmate What the Chess Pieces Are Worth Opening Goals Endgame.

CHESS FOR KIDS Lesson 1.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Tele Design of Reactive Systems Summer 2001 Prof. Dr. Stefan Leue Institute for Computer Science Albert-Ludwigs-Universität Freiburg

Discrete Abstractions of Hybrid Systems Rajeev Alur, Thomas A. Henzinger, Gerardo Lafferriere and George J. Pappas.

Model checking dynamic states in GROOVE Arend Rensink Formal Methods and Tools University of Twente.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.

1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.

Invisible Invariants: Underapproximating to Overapproximate Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.

How to play Chess.

272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.

Introduction to ASMs Dumitru Roman Digital Enterprise Research Institute

Apostles Chess Club Session Three. Chess Piece Symbols The symbols shown above are the ones most used when showing chess pieces in print or on the internet.

CS162 Week 8 Kyle Dewey. Overview Example online going over fail03.not (from the test suite) in depth A type system for secure information flow Implementing.

Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Lecture #5 Properties of hybrid systems João P. Hespanha University of California at Santa Barbara Hybrid Control and Switched Systems.

University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Towards Verified Model Transformations Holger Giese 1, Sabine Glesner 2, Johannes.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

1 Graph-Based State Spaces Arend Rensink, University of Twente CamPaM 2012 April 2012Graph-Based State Spaces.

1 Outline:  Optimization of Timed Systems  TA-Modeling of Scheduling Tasks  Transformation of TA into Mixed-Integer Programs  Tree Search for TA using.

Convergence of Model Checking & Program Analysis Philippe Giabbanelli CMPT 894 – Spring 2008.

Hwajung Lee. The State-transition model The set of global states = s 0 x s 1 x … x s m {s k is the set of local states of process k} S0  S1  S2  Each.

How to Play Chess. Name of Each Piece The relative values of the chess pieces 9 points 5 points 3+ points 3 points 1 point.

Chess By Kezia Farley.

Lesson 1 History of Chess Why We Teach Chess Goal of Chess.

Chess By Kyle Fischer. What is chess? Chess is a game that you try to get the other person’s king in a checkmate.

Verification & Validation By: Amir Masoud Gharehbaghi

Predicate Abstraction. Abstract state space exploration Method: (1) start in the abstract initial state (2) use to compute reachable states (invariants)

Reasoning about the Behavior of Semantic Web Services with Concurrent Transaction Logic Presented By Dumitru Roman, Michael Kifer University of Innsbruk,

Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.

1 Temporal logic. 2 Prop. logic: model and reason about static situations. Example: Are there truth values that can be assigned to x,y simultaneously.

Model Checking Lecture 1. Model checking, narrowly interpreted: Decision procedures for checking if a given Kripke structure is a model for a given formula.

Presented by: Belgi Amir Seminar in Distributed Algorithms Designing correct concurrent algorithms Spring 2013.

Model Checking Lecture 1: Specification Tom Henzinger.

SS 2017 Software Verification Timed Automata

Data Flow Analysis Suman Jana

Opeoluwa Matthews, Jesse Bingham, Daniel Sorin

State-Space and Behavior

Aspect Validation: Connecting Aspects and Formal Methods

Timed Automata Formal Systems Pallab Dasgupta Professor,

CSEP590 – Model Checking and Automated Verification

Rules to play chess. Chess is a played with 16 pieces: 8 pawns, 2 towers, 2 knights, 2 bishops, 1 queen and 1 king. Movements: Pawns: They only can move.

Presentation transcript:

Verification of Graph Transformation Systems Arman Sheikholeslami

Graph and GTS 2 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

Chess Transformed! A7 Pawn A8 A6 B7 B8 Rook A7 Pawn A8 A6 B7 B8 Rook Transformed! 3 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

How Transformation works? H 4 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn G A7 A6 Pawn A5 A7 A6 A5 RHS A7 A6 Pawn LHS A7 A6 Pawn

Algebraic approach –Single push-out (SPO) If node deletion causes dangling edge, node is deleted along with dangled edge. –Double push-out (DPO) If node deletion causes dangling edge, the rule is not applied. Not applicable in chess! Formalization of GTS LHSRHS GH A7 Pawn A7 A6 Pawn A7 A6 LHSRHS GH A7 Pawn A7 A6 Pawn A6 Pawn 5 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

Transition System using SPO Rule X LHS RHS A7 A6 P A7 A6 P Rule Y LHS RHS P P A5 A6 A7 A6 A5 Rule Z LHS RHS P A7 A6 A5 B5 K A7 A6 A5 B5 P Rule X Rule Z Rule Y A7 A6 Pawn A5B5 Knight A7 A6 Pawn A5B5 A7 A6 Pawn A5 B5 Knight A7 A6 Pawn A5 B5 Knight 6 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

Verification is to determine if behavior of system (semantic) to conform with specifications (properties). Properties of GTS –conditions and restrains a GTS should satisfy. Semantic of GTS –producible transition system. Verification of GTS 7 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

Which properties of GTS can be verified? –Safety something bad will never happen. e.g. a forbidden pattern (sub-graph) is never reached. –Liveness something good will eventually happen. e.g. Deadlock-freedom, security Properties of GTS A7 A6 Pawn A5B5 Knight Knight hit by Pawn! Unsafe! 8 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

Intuitively… Rule X LHS RHS A7 A6 P A7 A6 P Rule Z LHS RHS P A7 A6 A5 B5 K A7 A6 A5 B5 P Rule X Rule Z Rule Y A7 A6 Pawn A5B5 Knight A7 A6 Pawn A5B5 A7 A6 Pawn A5B5 Rule Y LHS RHS P A7 A6 A5 B5 K A7 A6 A5 B5 P A7 A6 Pawn A5B5 Knight 9 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn Hit pattern, Unsafe!

Technically… SemanticsProperties Kripke Structure Temporal Logic Model Checker B A C D E Chess play Transition System Avoid getting hit!  10 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

Problem statement –several variables in a system with range of possible values. –a state assigned to each possible concrete combination of variables. –set of possible states is too large. This happens in almost every system –That’s why we cannot have a complete verification of large systems e.g. OS. State space explosion x,y 11 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

A worse case of State Space Explosion problem. Occurs when state set of system is endless. Infinite state space is created by application of rules in which LHS can be found in RHS. Infinite State Space LHSRHS GH 12 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

Under-approximation –An abstraction (subset) of original graph (state set) satisfying less properties. Bounded Model Checking Over-approximation –An abstraction (superset) of original graph (state set) satisfying more properties. Shape Graphs Inductive Invariance Applicable to both State Space Explosion and Infinite State Space problems Solutions 13 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

Bounded Model Checking 14 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn Only movements of one level are modeled! (K=1)

To shrink state space by abstraction –information is discarded. –how to retrieve it to create concrete instances? Local Shape Logic (LSL) –a way to express additional information about nodes and edges in a graph. Shape graph is an abstract model –concrete instances are built based on shape constraints. Still more than one precise instance can be produced (over-approx.). Shape Graphs 15 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

Shape Graphs (example) Abstraction Reproduction Not a valid Instance! Constraints: There is exactly one Pawn A7 Pawn A8 A6 B7 B8 Rook G A7 Pawn A8 A6 B7 B8 Rook Pawn A7 Pawn A8 A6 B7 B8 Rook G 16 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn Cell King Queen Rook Pawn Knight Bishop SG G

Investigate if transition from a safe state to an error state (forbidden pattern) is possible –Apply the rules backwards from forbidden pattern. –if safe state reached, the property is can be violated (it’s NOT Inductive Invariant). Instead of the whole graph, only borders are investigated (abstraction). Inductive Invariance A6 A7 A5 Pawn B5 Knight A6 A7 A5 Pawn B5 Knight 17 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

If the property is inductive invariant –no rule can be used to reach forbidden pattern from a state is not forbidden pattern. –the system is safe. If the property is not inductive invariant –the system still might be safe. –forbidden pattern can be reached given any starting graph (over- approx.). Inductive Invariant (cont.) E4 E5 E3 Bishop D4 D5 D3 Bishop 18 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn C2 C3 C1 D7 D8 Pawn Bishop

What if we need to differentiate elements of graphs from each other? –we need to use attributes to specify differences. –Typed Attributed Graphs (TAG) introduces as extension. What if time has specific effect on the system? –simple graphs do not care about time! –Timed Graphs introduces as extension (also and extension to TAG). 19 Extensions Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

Typed Attributed GTS A7 Pawn A8 A6 B7 B8 Rook Black A data node indicating color 20 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

Contains 3 rules to perform TGT 1.Clock Instance Rule adds clock instances to graph. by using discrete- or dense-time model (timed automata), passing of time can be expressed. 2.Invariant Rule restrict the execution of the rule to a specific time interval. 3.Timed Graph Transformation Rule normal graph transformation rule. Timed GTS 21 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

Timed GTS (example) Apply Invariant rule 2 A7 Pawn A8 Rook A6 A7 Pawn A8 Rook CI A6 Rule X LHS RHS A7 A6 P A7 A6 P Apply Clock Instance rule 1 A7 Pawn A8 Rook CI A6 Rule Y LHS RHS A8 A7 R A8 A7 R 22 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn Apply Transformation rule 3 No Yes

Verification of TGTS Timed GTS FO-TCTL Property TCTL Property TCTL Model Checker Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

Verification of TGTS (example) TCTL Model Checker FO-TCTL TCTL Timed GTS A7 Pawn A8 Rook CI A6 A7 Pawn A8 Rook CI A6 A7 Pawn A8 Rook CI A6 A7 Pawn A8 Rook CI A6 A7 Pawn A8 Rook CI A6 A7 Pawn A8 Rook CI A6 CI_x 24 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

25 Question?! Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn