Model checking dynamic states in GROOVE Arend Rensink Formal Methods and Tools University of Twente.

Slides:

Advertisements

Similar presentations

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Advertisements

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Recipes for State Space Reduction Arend Rensink, University of Twente Dutch Model Checking Day, May 2014.

A Survey of Runtime Verification Jonathan Amir 2004.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

Distributed Markov Chains P S Thiagarajan School of Computing, National University of Singapore Joint work with Madhavan Mukund, Sumit K Jha and Ratul.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Budapest University of Technology and EconomicsDagstuhl 2004 Department of Measurement and Information Systems 1 Towards Automated Formal Verification.

Verification of Graph Transformation Systems Arman Sheikholeslami

ARTIST2 - MOTIVES Trento - Italy, February 19-23, 2007 Model Transformation and UML Reiko Heckel University of Leicester, UK Foundations of Model Transformation.

Timed Automata.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

Semantic Translation of Simulink/Stateflow Models to Hybrid Automata using Graph Transformations A. Agarwal, Gy. Simon, G. Karsai ISIS, Vanderbilt University.

1 Towards formal manipulations of scenarios represented by High-level Message Sequence Charts Loïc Hélouet Claude Jard Benoît Caillaud IRISA/PAMPA (INRIA/CNRS/Univ.

On-the-fly Synthesis of Multi-Clock SVA Jiang Long Andrew Seawright Paparao Kavalipati IWLS’ 2008.

Yongjian Li The State Key Laboratory of Computer Science Chinese Academy of Sciences William N. N. HungSynopsys Inc. Xiaoyu SongPortland State University.

Course Summary. © Katz, 2003 Formal Specifications of Complex Systems-- Real-time 2 Topics (1) Families of specification methods, evaluation criteria.

1 Operational Semantics Mooly Sagiv Tel Aviv University Textbook: Semantics with Applications.

30 March 2005, IPA lentedagen, BredaGraph-Based State Spaces1 Graph Transformation for Model Transformation Arend Rensink University of Twente.

1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.

On-the-fly Model Checking from Interval Logic Specifications Manuel I. Capel & Miguel J. Hornos Dept. Lenguajes y Sistemas Informáticos Universidad de.

Course Summary. © Katz, 2007 Formal Specifications of Complex Systems-- Real-time 2 Topics (1) Families of specification methods, evaluation criteria.

Semantics with Applications Mooly Sagiv Schrirber html:// Textbooks:Winskel The.

1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.

Formal verification Marco A. Peña Universitat Politècnica de Catalunya.

© 2008 IBM Corporation Behavioral Models for Software Development Andrei Kirshin, Dolev Dotan, Alan Hartman January 2008.

Basic Concepts The Unified Modeling Language (UML) SYSC System Analysis and Design.

Behaviour-Preserving Model Transformation Arend Rensink, University of Twente IPA Spring Days, 18 April 2012.

02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.

Workshop on Integrated Application of Formal Languages, Geneva J.Fischer Mappings, Use of MOF for Language Families Joachim Fischer Workshop on.

Budapest University of Technology and Economics Adaptive Graph Pattern Matching for Model Transformations using Model-sensitive Search Plans Gergely Varró.

Context Tailoring the DBMS –To support particular applications Beyond alphanumerical data Beyond retrieve + process –To support particular hardware New.

CS 363 Comparative Programming Languages

APPLICATIONS OF CONTEXT FREE GRAMMARS BY, BRAMARA MANJEERA THOGARCHETI.

Formalizing the Asynchronous Evolution of Architecture Patterns Workshop on Self-Organizing Software Architectures (SOAR’09) September 14 th 2009 – Cambrige.

Validated Model Transformation Tihamér Levendovszky Budapest University of Technology and Economics Department of Automation and Applied Informatics Applied.

Software Engineering Research paper presentation Ali Ahmad Formal Approaches to Software Testing Hierarchal GUI Test Case Generation Using Automated Planning.

Copyright © 2007 Addison-Wesley. All rights reserved.1-1 Reasons for Studying Concepts of Programming Languages Increased ability to express ideas Improved.

Introduction to Graph Grammars Fulvio D’Antonio LEKS, IASI-CNR Rome,

Generative Programming. Automated Assembly Lines.

Review 1.Lexical Analysis 2.Syntax Analysis 3.Semantic Analysis 4.Code Generation 5.Code Optimization.

Sommerville 2004,Mejia-Alvarez 2009Software Engineering, 7th edition. Chapter 8 Slide 1 System models.

Semantics & Verification Research Group Department of Computer Science University of Malta FLACOS 2008 Detection of Conflicts in Electronic Contracts Stephen.

Performance evaluation of component-based software systems Seminar of Component Engineering course Rofideh hadighi 7 Jan 2010.

1 Graph-Based State Spaces Arend Rensink, University of Twente CamPaM 2012 April 2012Graph-Based State Spaces.

4 March 2005, NVTI day, UtrechtGraph-Based State Spaces1 Arend Rensink University of Twente.

Model construction and verification for dynamic programming languages Radu Iosif

I-Neighbourhood Abstraction in Graph Transformation Arend Rensink University of Twente Based on work with: Jörg Bauer, Iovka Boneva, Dino Distefano, Marcus.

1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.

Semantics Preserving Transformation: An Impossible Dream? Arend Rensink, University of Twente BX Position Statement.

Dana Nau: Lecture slides for Automated Planning Licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License:

Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.

Dana Nau: Lecture slides for Automated Planning Licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License:

Concepts and Realization of a Diagram Editor Generator Based on Hypergraph Transformation Author: Mark Minas Presenter: Song Gu.

Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.

1 Groove demo (sf.net/projects/groove) Arend Rensink, University of Twente Computer Automated Multi-Paradigm Modelling, April 2012 April 2012Computer Automated.

Onlinedeeneislam.blogspot.com1 Design and Analysis of Algorithms Slide # 1 Download From

SystemC Semantics by Actors and Reduction Techniques in Model Checking Marjan Sirjani Formal Methods Lab, ECE Dept. University of Tehran, Iran MoCC 2008.

Symbolic Model Checking of Software Nishant Sinha with Edmund Clarke, Flavio Lerda, Michael Theobald Carnegie Mellon University.

Senior Project Board Implementation of the Solution to the Conjugacy Problem in Thompson’s Group F by Nabil Hossain Advisers: James Belk & Robert McGrail.

Wolfgang Runte Slide University of Osnabrueck, Software Engineering Research Group Wolfgang Runte Software Engineering Research Group Institute.

Rewriting Nested Graphs, through Term Graphs Roberto Bruni, Andrea Corradini, Fabio Gadducci Alberto Lluch Lafuente and Ugo Montanari Dipartimento di Informatica,

Presentation Title 2/4/2018 Software Verification using Predicate Abstraction and Iterative Refinement: Part Bug Catching: Automated Program Verification.

State Digrams in UML: A Formal Senmatics using Graph Transformations

Graph-Based Operational Semantics

Model Checking for an Executable Subset of UML

Introduction to Graph Transformation

Presentation transcript:

Model checking dynamic states in GROOVE Arend Rensink Formal Methods and Tools University of Twente

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove2 Outline Context: Graph transformation – GROOVE tool for software model checking Integrated methods – On-the-fly model checking – Partial order reduction Method integration – Stochastic analysis – Aspect-oriented program analysis Interoperability – Syntactic: Model transformation – Semantic: Graph transformation approaches

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove3 States as graphs Objects & method frames as nodes Relations & variables as (labelled) edges BufferCell next last first Object val heap stack

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove4 Graph formalism Graphs in this presentation: – flat (i.e., not hierarchical), untyped – directed, edge-labelled, no parallel edges – self-edges depicted as node labels Formally: G = (L,N,E) with – L set of labels – N finite set of nodes – E  N  L  N finite set of labelled edges Partial morphisms – structure-preserving node mappings

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove5 Graphs as states BufferCell next first, last Object val BufferCell next last first Object val Object val BufferCell next last first Object val Object val Object val BufferCell next first last BufferCell next last first Object val

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove6 forbidden Graph Productions Production rule source graph matching Graph transition src(t)tgt(t) morph(t) target graph pushout NAC NACs (SPO = Single Pushout Approach) LHSRHS rule morphism (partial)

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove7 Example production rule Alternative single-graph representation: Buffer Cell Object next val last Object blue = eraser: LHS, not RHS; to be matched and deleted green = creator: RHS, not LHS; to be added black = reader: LHS and RHS; to be matched and preserved red = embargo: NAC, not LHS; forbidden

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove8 Aim: software model checking Construct graph procuction system from – UML diagrams / other specifications – Programs to be checked Generate state space – States=graphs, transitions=transformations Formulate properties – invariants/reachability (safety) – liveness – full temporal logic Check properties on the model

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove9 Envisaged tool chain Program (source) Program (graph) Compilation Semantics (rules) Generation State space (GTS) Properties Verification Conclusion Testing Tracing abstraction refinement Rule system per language Combine (on-the- fly checking)

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove10 Problem: Complexity of GT Traditional approach – Concurrent communicating automata – Model paradigm much closer to machine – Fast evaluation – 20 years research in Symbolic storage Symmetry & partial order reduction Abstractions & heuristics Graph Transformation – Graph matching & manipulation – Dynamic models: No a priori bounds – Many existing results do not apply Sometimes reflects a feature of the modelled system

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove11 Challenge: How to counter Transfer existing results to GT approach (integrated methods) – Model checking algorithms – Partial order reduction Make use of graph structure – Store states as graph deltas – Isomorphism for symmetry reduction – Graph-based abstractions – Nested rules

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove12 Outline Context: Graph transformation – GROOVE tool for software model checking Integrated methods – On-the-fly model checking – Partial order reduction Method integration – Stochastic analysis – Aspect-oriented program analysis Interoperability – Syntactic: Model transformation – Semantic: Graph transformation approaches

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove13 Integrated Methods On-the fly model checking – Principle: check while expanding state space; in particular, check for cycles – Problem: state space here infinite; hence cycle check easily fails to terminate – Solution: combination with bounded MC Partial order reduction – Principle: avoid concurrent interleavings – Problem: actions here a priori unknown – Solution: new POR algorithm

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove14 Example: On-the-fly model checking Existing algorithm [Schwoon, Ersparza 2005] Exhaustive DFS detect cycles in accepting states The exhaustive DFS will not terminat for infinite state spaces

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove15 Combination with bounded checking Approximate ! by sequence of ! i

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove16 Outline Context: Graph transformation – GROOVE tool for software model checking Integrated methods – On-the-fly model checking – Partial order reduction Method integration – Stochastic analysis – Aspect-oriented program analysis Interoperability – Syntactic: Model transformation – Semantic: Graph transformation approaches

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove17 Method Integration: Example 1 Stochastic graph transformation systems [Heckel, Lajios, Menge, 2006] – Application area: performance/reliability analysis of dynamic systems – Basic idea: Associate rates with graph transformation rules – Generate state space – Derive and solve continuous-time Markov chains – Tool chain: GROOVE -> PRISM/EMC 2 GROOVE [offers] state space generation [and] import/export functionality.

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove18 Example transformation rules move connect breakdownfail handover

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove19 Method Integration: Example 2 Aspect composition conflict detection [Havinga et al., 2007] – Application area: aspect-oriented programming – Analysis of run-time introduction of new methods in existing classes – Translate Java and AspectJ to graphs – Graph trafo rules to model introductions – Conflict detection through forbidden patterns

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove20 Example graphs and rules AspectJ program Abstract syntax graph Forbidden pattern Introduction rule

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove21 Outline Context: Graph transformation – GROOVE tool for software model checking Integrated methods – On-the-fly model checking – Partial order reduction Method integration – Stochastic analysis – Aspect-oriented program analysis Interoperability – Syntactic: Model transformation – Semantic: Graph transformation approaches

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove22 Syntactic Interoperability: Example Graph Transformation Semantics for QVT [Rensink, Nederpel 2006] – Context: model transformation – Approach: use graph transformation

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove23 Overall method Artefacts 1-3 given in different languages Steps 4-6 involve syntactic translations – There is no semantics to be preserved – Translation defines semantics

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove24 Semantic Interoperability: Example Simulating Multigraph Transformations Using Simple Graphs [Boneva et al. 2007] – Motivation: use GROOVE technology for other tools’ graph production systems – Different graph models (multigraphs have edge identities) – Different transformation approaches (Single Pushout versus Double Pushout) – Encoding: translate multigraph edges into simple graph nodes

IPA Spring Days, 7 May 2008 Model checking dynamic states in Groove25 Conclusion GROOVE technology used in different contexts – Built on well-researched formal methods – Usable GUI – XML-based graph I/O – Open Java source code Integrating methods necessary, but – Not seen as “cutting edge” research – Ratio effort/output not highest – We need more funding for this!!