Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti Part 4: Specifications.

Slides:



Advertisements
Similar presentations
Model Checking Lecture 1.
Advertisements

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Part 3: Safety and liveness
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
© 2011 Carnegie Mellon University SPIN: Part /614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.
/ PSWLAB P ROMELA Semantics from “THE SPIN MODEL CHECKER” by G. J. Holzmann Presented by Hong,Shin 5 th Oct :021PROMELA Semantics.
Frederico Araujo CS6362 – Fall 2010 The SPIN Model Checker.
PSWLAB S PIN Search Algorithm from “THE SPIN MODEL CHECKER” by G Holzmann Presented by Hong,Shin 9 th Nov SPIN Search Algorithm.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
Sept COMP60611 Fundamentals of Parallel and Distributed Systems Lecture 12 The Critical Section problem John Gurd, Graham Riley Centre for Novel.
The Spin Model Checker Promela Introduction Nguyen Tuan Duc Shogo Sawai.
1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.
Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.
© 2011 Carnegie Mellon University SPIN: Part Bug Catching: Automated Program Verification and Testing Sagar Chaki November 2, 2011.
Infinite Automata -automata is an automaton that accepts infinite strings A Buchi automaton is similar to a finite automaton: S is a finite set of states,
CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.
OOTI Workshop on Model Checking and Static Analysis Day 3 Dragan Bošnački Eindhoven University of Technology The Netherlands.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.
Witness and Counterexample Li Tan Oct. 15, 2002.
Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti Part 3: The PROMELA Semantics.
Review of the automata-theoretic approach to model-checking.
ESE601: Hybrid Systems Introduction to verification Spring 2006.
Witness and Counterexample Li Tan Oct. 15, 2002.
Automata and Formal Lanugages Büchi Automata and Model Checking Ralf Möller based on slides by Chang-Beom Choi Provable Software Lab, KAIST.
The Model Checker SPIN Written by Gerard J. Holzmann Presented by Chris Jensen.
1 Carnegie Mellon UniversitySPINFlavio Lerda Bug Catching SPIN An explicit state model checker.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Wishnu Prasetya Model Checking with SPIN A Bit More about SPIN.
Correctness requirements. Basic Types of Claims Basic assertions End-state labels Progress-state labels Accept-state labels Never claims Trace assertions.
Scientific Computing By: Fatima Hallak To: Dr. Guy Tel-Zur.
CIS 842: Specification and Verification of Reactive Systems Lecture Specifications: Sequencing Properties Copyright , Matt Dwyer, John Hatcliff,
CIS 842: Specification and Verification of Reactive Systems Lecture Specifications: LTL Model Checking Copyright , Matt Dwyer, John Hatcliff,
Sept COMP60611 Fundamentals of Parallel and Distributed Systems Lecture 15 More Advanced Program Properties: Temporal logic and jSpin John Gurd,
MODEL CHECKING WITH SPIN MODELING AND VERIFICATION WITH SPIN ANDREA ORLANDINI – ISTC (CNR) TexPoint fonts used in EMF. Read the TexPoint manual before.
Today’s Agenda  Quiz 4 next Tuesday  Quick Review  Continue on SPIN Overview.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
1 CSEP590 – Model Checking and Automated Verification Lecture outline for August 6, 2003.
Temporal Logic Model-checking with SPIN
Recognizing safety and liveness Presented by Qian Huang.
2015 Concurrency: logical properties 1 ©Magee/Kramer 2 nd Edition Chapter 14 Logical Properties Satisfied? Not satisfied?
Lecture 4 Introduction to Promela. Promela and Spin Promela - process meta language G. Holzmann, Bell Labs (Lucent) C-like language + concurrency dyamic.
Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The syllabus and all lectures for this course are copyrighted materials and may not be used.
1 Temporal logic. 2 Prop. logic: model and reason about static situations. Example: Are there truth values that can be assigned to x,y simultaneously.
Model Checking Lecture 1. Model checking, narrowly interpreted: Decision procedures for checking if a given Kripke structure is a model for a given formula.
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
Today’s Agenda  Quiz 4  Temporal Logic Formal Methods in Software Engineering1.
Model Checking Lecture 1: Specification Tom Henzinger.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Model Checking Lecture 2. Model-Checking Problem I |= S System modelSystem property.
Model Checking Lecture 2 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.
An explicit state model checker
Program Synthesis is a Game
An explicit state model checker
Linear Time Properties
Introduction to verification
HW6: Due Dec 14 23:59 To specify a corresponding Promela specification
COMP60621 Designing for Parallelism
HW6: Due Nov 26 23:59 To specify a corresponding Promela specification
CSE 503 – Software Engineering
HW6: Due Dec 20 23:59 To specify a corresponding Promela specification
Presentation transcript:

Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti Part 4: Specifications

Introduction (1) A specification is (FOLDOC) a document describing how some system should work (a model describes how the system currently works)

Introduction (2) Specified in  The model Assertions (local, global) Labels: progress (starvation), acceptance (deadlock), end (livelock)  Correctness properties LTL Formula Büchi automata never claim states cycles

Safety and liveness Safety: “nothing bad ever happens”  ex.: deadlock freedom  Find a trace leading to the “bad” thing; if there is not such a trace, the property is satisfied Liveness: “something good will eventually happen”  ex.: termination  Find a loop in which the “good” thing does not happen; if there is not such a loop, the property is satisfied

Local properties Assertions assert(P) assert(true) assert(false)

Global property Invariant proctype monitor() { assert(P); } Variant forms atomic{ !P -> assert(P);} do :: assert(P) od

End-state label How to differentiate between “idle” and “normal end” of a process? Specify valid end-state Statement where the blocking of the process is “normal” (acceptable) Useful when looking for deadlocks

Progress-state label The statement indicates that the system makes progress Non-progress may indicate starvation or badly designed system

Acceptance-state label Special marking of a state to indicate a “particular” property at that point during the simulation Related to the (Büchi- or ω-) automaton nature of the behaviour of PROMELA models

LTL syntax True, false Unary operators: [], <>, ! ( X ) Binary operators: U, &&, ||, ->,

Typical LTL formulas (1) [] p always p <> p eventually p p -> (<> q) p implies eventually q p -> (q U r) p implies q until r [] <> p always eventually p <> [] p eventually, always p <> p -> <> q eventually p implies eventually q

Typical LTL formulas (2) Useful  ! [] p <> !p  ! <> p [] !p X operator  Next-time-free properties are stutter- invariant

Never claims (1) Define an “observer process” (concurrent automaton that never blocks and never communicates) Accept bad behaviours (property violations) (principle: finding a counter-example is simpler/faster than showing that something is always true)

Never claims (2) Reference a process state ex:

Never claims (3) never { S0: do :: -> break :: else od; do :: (a ==b) -> break :: else od; accept: true -> goto S0}

SPIN’s Slicing Algorithm Will try to suggest optimisations (abstraction, code merging) to the PROMELA model base on the correctness properties

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.