Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti Part 5: Some PROMELA examples.

Slides:



Advertisements
Similar presentations
1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.
Advertisements

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
1 Carnegie Mellon UniversitySPIN ExamplesFlavio Lerda Bug Catching SPIN Examples.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.
CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.
Interprocess Communication
Promela/SPIN Acknowledgements: These notes used some of the material presented by Flavio Lerda as part of Ed Clarke’s model-checking course.
Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.
An Overview of PROMELA. A protocol Validation Language –A notation for the specification and verification of procedure rules. –A partial description of.
תרגול 9 META LABELS. Basic types of claims State properties.
Frederico Araujo CS6362 – Fall 2010 The SPIN Model Checker.
CIS 725 Guarded Command Notation. Programming language style notation Guarded actions en(a)  a en(a): guard of the action boolean condition or boolean.
The Spin Model Checker Promela Introduction Nguyen Tuan Duc Shogo Sawai.
1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.
Shin Hong, KAIST17 th April,2007 1/33 Provable Software Laboratory, CS KAIST.
Example: Infinite Split and Merge #define N 128 #define size 16 chan in = [size] of {short}; chan large = [size] of {short}; chan small = [size] of {short};
Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.
© 2011 Carnegie Mellon University SPIN: Part Bug Catching: Automated Program Verification and Testing Sagar Chaki November 2, 2011.
© 2011 Carnegie Mellon University SPIN: Part Bug Catching: Automated Program Verification and Testing Sagar Chaki October 31, 2011.
Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti Part 4: Specifications.
OOTI Workshop on Model Checking and Static Analysis Day 3 Dragan Bošnački Eindhoven University of Technology The Netherlands.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.
5.6.2 Thread Synchronization with Semaphores Semaphores can be used to notify other threads that events have occurred –Producer-consumer relationship Producer.
1 Reader-writer Problem w/ Additional Requirement I Reader-writer problem: Share a buffer which holds one item (an integer) A single reader and writer.
OOTI Workshop on Model Checking and Static Analysis Day 2 Dragan Bošnački Eindhoven University of Technology The Netherlands.
Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti Part 3: The PROMELA Semantics.
More on RDT Robert John Walters. RDT – a reprise A Graphically based formal modelling language Models represented as diagrams (not text) Communications.
Automating Checking of Models Built Using a Graphically Based Formal Language Robert John Walters.
CS 290C: Formal Models for Web Software Lecture 4: Model Checking Navigation Models with Spin Instructor: Tevfik Bultan.
The Parallel PV Model-checker Robert Palmer and Ganesh Gopalakrishnan School of Computing University of Utah.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Verification by Model Checking1 Formal Methods Laboratory University of Tehran Based on the chapter 3 of “Logic in Computer Science”, Huth & Ryan.
Correctness requirements. Basic Types of Claims Basic assertions End-state labels Progress-state labels Accept-state labels Never claims Trace assertions.
1 Rendez-Vous Logical extension of chan buffer = [N] of byte is chan port = [0] of byte Channel port is a rendez-vous port (binary handshake). Two processes,
Sept COMP60611 Fundamentals of Parallel and Distributed Systems Lecture 15 More Advanced Program Properties: Temporal logic and jSpin John Gurd,
Concurrency. A process is a program executing on a virtual computer Processor speed and multiplexing of shared resources are ignored Order of thread execution.
Today’s Agenda  Quiz 4 next Tuesday  Quick Review  Continue on SPIN Overview.
Radu Iosif Introduction to SPIN Radu Iosif
CIS 842: Specification and Verification of Reactive Systems Lecture SPIN-Soldiers: Soldiers Case Study Copyright , Matt Dwyer, John Hatcliff,
Temporal Logic Model-checking with SPIN
The Spin Model Checker : Part I Moonzoo Kim KAIST.
Q1:Royal Garden’s Puzzle as a Model Checking Problem Pictures from UbiSoft HW6: Due Dec 4th 23:59.
/ PSWLAB S PIN Search Optimization from “THE SPIN MODEL CHECKER” by G. Holzmann Presented by Hong,Shin 23 th Nov SPIN Search.
Lecture 4 Introduction to Promela. Promela and Spin Promela - process meta language G. Holzmann, Bell Labs (Lucent) C-like language + concurrency dyamic.
Alternating Bit Protocol Protocol for simplex data-transfer channel: data flows from sender to receiver control flows in both directions the transfer medium.
CS 2200 Presentation 18b MUTEX. Questions? Our Road Map Processor Networking Parallel Systems I/O Subsystem Memory Hierarchy.
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
1 Pass the Parcel /* Pass the parcel in Promela */ /* passing is not atomic */ /* communication is asynchronous */ /* Muffy Calder, November 2000 */ mtype.
CIS 725 Lecture 2. Finite State Machine Model FSM = (A, S, T, s 0 ) A = set of actions S = set of states s 0 = initial states T = transition relation.
Sept COMP60611 Fundamentals of Parallel and Distributed Systems Lecture 9 Promela, jSpin and the problem of Interference John Gurd, Graham Riley.
CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.
Formal verification in SPIN
CSE 503 – Software Engineering
4-1 LOGIC OPERATIONS In Chapter 3 we discussed the fact that data inside a computer is stored as patterns of bits. Logic operations refer to those operations.
CIS 720 Mutual Exclusion 2.
COMP60621 Designing for Parallelism
The University of Adelaide, School of Computer Science
An explicit state model checker
A Refinement Calculus for Promela
CSE 555 Protocol Engineering
True / False Variables.
HW6: Due Dec 14 23:59 To specify a corresponding Promela specification
COMP60621 Designing for Parallelism
HW6: Due Nov 26 23:59 To specify a corresponding Promela specification
CIS 720 Mutual Exclusion 2.
CSE 503 – Software Engineering
HW6: Due Dec 20 23:59 To specify a corresponding Promela specification
Presentation transcript:

Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti Part 5: Some PROMELA examples

Three Values byte state = 1; proctype A() {byte tmp; (state==1) ->tmp=state; tmp=tmp+1; state=tmp} proctype B() {byte tmp; (state==1) -> tmp=state; tmp=tmp-1; state=tmp} init {run A(); run B() }

Channel Communication proctype A(chan q1) { chan q2; q1?q2; q2!123 } proctype B(chan qforb) { int x; qforb?x; printf("x= %d\n",x) } init { chan qname = [1] of {chan}; chan qforb = [1] of {int}; run A(qname); run B(qforb); qname!qforb}

Factorial proctype fact(int n; chan p) { chan child = [1] of {int};int result; if :: (n p!1; :: (n >= 2) -> run fact(n-1,child); child?result; p!n*result fi } init { chan child = [1] of {int};int result; run fact(7,child); child?result; printf("result: %d\n", result) }

Mutual Exclusion #define Aturn false #define Bturn true bool x, y, t; proctype A() { x = true; t = Bturn; (y == false || t == Aturn) /* critical section */ x = false} proctype B() { y = true; t = Aturn; (x == false || t == Bturn) /* critical section */ y = false} init { run A(); run B() }

Semaphore #define p 0 #define v 1 chan sema = [0] of {bit}; proctype dijkstra() { byte count = 1; do :: (count == 1) -> sema!p; count = 0 :: (count == 0) -> sema?v; count = 1 od} proctype user() { do ::sema?p; /* critical section */ sema!v od} init { run dijstra(); run user(); run user(); run user() }

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.