1 IFM 2005 – November 30, 2005 EXP.OPEN 2.0 A flexible tool integrating partial order, compositional, and on-the-fly verification methods Frédéric Lang.

Slides:

Advertisements

Similar presentations

Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.

Advertisements

Clocked Mazurkiewicz Traces and Partial Order Reductions for Timed Automata D. Lugiez, P. Niebert, S. Zennou Laboratoire d Informatique Fondamentale de.

INTRODUCTION TO SIMULATION WITH OMNET++ José Daniel García Sánchez ARCOS Group – University Carlos III of Madrid.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

Game-theoretic simulation checking tool Peter Bulychev, Vladimir Zakharov, Igor Konnov Moscow State University.

Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.

Goal and Scenario Validation: a Fluent Combination Chin-Yi Tsai.

Process Algebra (2IF45) Dr. Suzana Andova. 1 Process Algebra (2IF45) Practical issues Lecturer - Suzana Andova - Group: Software Engineering and Technology.

1 Towards formal manipulations of scenarios represented by High-level Message Sequence Charts Loïc Hélouet Claude Jard Benoît Caillaud IRISA/PAMPA (INRIA/CNRS/Univ.

An Associative Broadcast Based Coordination Model for Distributed Processes James C. Browne Kevin Kane Hongxia Tian Department of Computer Sciences The.

Course on Probabilistic Methods in Concurrency (Concurrent Languages for Probabilistic Asynchronous Communication) Lecture 1 The pi-calculus and the asynchronous.

May 9, 2008IPA Lentedagen, Rhenen1 Dynamic Fault Tree analysis using Input/Output Interactive Markov Chains Hichem Boudali 1, Pepijn Crouzen 2, and Mariëlle.

Eric MADELAINE1 E. Madelaine, Antonio Cansado, Emil Salageanu OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis OSCAR meeting, Valparaiso,

1 Flexible Subtyping Relations for Component- Oriented Formalisms and their Verification David Hurzeler PhD Examination, 9/11/2004.

Banker’s Algorithm Implementation in CPN Tools Michal Žarnay Department of Transportation Networks University of Žilina, Slovakia.

Course Summary. © Katz, 2003 Formal Specifications of Complex Systems-- Real-time 2 Topics (1) Families of specification methods, evaluation criteria.

Leiden Workshop 20/06/ Presentation of the CADP toolbox CADP toolbox What is CADP ? LOTOS language Tools for functional verification CADP extended.

1 Ivan Lanese Computer Science Department University of Bologna Roberto Bruni Computer Science Department University of Pisa A mobile calculus with parametric.

1 Formal Models for Distributed Negotiations Description Roberto Bruni Dipartimento di Informatica Università di Pisa XVII Escuela de Ciencias Informaticas.

Component-Interaction Automata for Specification and Verification of Component Interactions P. Vařeková and B. Zimmerova Masaryk University in Brno Czech.

Semantics of LOTOS Answering the question: Which processes are equivalent? Basic LOTOS: ignore ! and ?...pure synchronization Dining philosophers example:

1 Formal Models for Distributed Negotiations Concurrent Languages Translation Roberto Bruni Dipartimento di Informatica Università di Pisa XVII Escuela.

1212 Models of Computation: Automata and Processes Jos Baeten.

Models of Computation for Embedded System Design Alvise Bonivento.

Course Summary. © Katz, 2007 Formal Specifications of Complex Systems-- Real-time 2 Topics (1) Families of specification methods, evaluation criteria.

1 Ivan Lanese Computer Science Department University of Bologna Italy Concurrent and located synchronizations in π-calculus.

End-to-End Design of Embedded Real-Time Systems Kang G. Shin Real-Time Computing Laboratory EECS Department The University of Michigan Ann Arbor, MI

Mathematical Operational Semantics and Finitary System Behaviour Stefan Milius, Marcello Bonsangue, Robert Myers, Jurriaan Rot.

Lecture 6 Template Semantics CS6133 Fall 2011 Software Specification and Verification.

02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.

Veriﬁcation of Information Flow Properties in Cyber-Physical Systems Ravi Akella, Bruce McMillin Department of Computer Science Missouri University of.

INRIA Sophia-Antipolis, Oasis team INRIA Rhône-Alpes, Vasy team Feria–IRIT/LAAS, SVF team Toulouse GET - ENST Paris, LTCI team FIACRE Models and Tools.

Process Algebra (2IF45) Probabilistic Branching Bisimulation: Exercises Dr. Suzana Andova.

Model-based Methods for Web Service Verification.

Scientific Computing By: Fatima Hallak To: Dr. Guy Tel-Zur.

Introduction to Formal Methods Based on Jeannette M. Wing. A Specifier's Introduction to Formal Methods. IEEE Computer, 23(9):8-24, September,

SDS Foil no 1 Process Algebra Process Algebra – calculating with behaviours.

Mathematical Operational Semantics and Finitary System Behaviour Stefan Milius, Marcello Bonsangue, Robert Myers, Jurriaan Rot.

Advanced Topics in SE Spring Process Algebra Hossein Hojjat Formal Methods Lab University of Tehran.

Institute e-Austria in Timisoara 1 Author: prep. eng. Calin Jebelean Verification of Communication Protocols using SDL ( )

Software Engineering Research paper presentation Ali Ahmad Formal Approaches to Software Testing Hierarchal GUI Test Case Generation Using Automated Planning.

Eric Madelaine FORTE ’04 -- Madrid sept /25 Parameterized Models for Distributed Java Objects Eric Madelaine work with Tomás Barros, Rabéa Boulifa.

Eric MadelaineOSMOSE -- WP2 -- Prague June 2004 Models for the Verification of Distributed Java Objects Eric Madelaine work with Tomás Barros, Rabéa Boulifa,

Reactive systems – general

PAT: Getting started.

“DECISION” PROJECT “DECISION” PROJECT INTEGRATION PLATFORM CORBA PROTOTYPE CAST J. BLACHON & NGUYEN G.T. INRIA Rhône-Alpes June 10th, 1999.

Lyra – A service-oriented and component-based method for the development of communicating systems (by Sari Leppänen, Nokia/NRC) Traditionally, the design,

Natallia Kokash (Accepted for PACO’2011) ACG, 31/05/ Input-output conformance testing for channel-based connectors 1.

Submodule construction in logics 1 Gregor v. Bochmann, University of Ottawa Using First-Order Logic to Reason about Submodule Construction Gregor v. Bochmann.

1 CSEP590 – Model Checking and Automated Verification Lecture outline for August 6, 2003.

Formal Methods for Software Engineering Part II: Modelling & Analysis of System Behaviour.

Mastère RSD - TC4 2005/20061 Distributed Components –ProActive-Fractal : main concepts –Behaviour models for components –Deployment, management, transformations.

Parameterized Models for Distributed Java Objects Tomás Barros & Rabéa Boulifa OASIS Project INRIA Sophia Antipolis April 2004.

Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.

HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering.

Eric MadelaineOSCAR Workshop -- Santiago Nov Verification of Distributed Applications Eric Madelaine work with Isabelle Attali, Tomás Barros, Rabéa.

Eric MADELAINE1 A. Cansado, L. Henrio, E. Madelaine OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis Fractal workshop, Nantes, 3 july.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 4 Slide 1 Software Processes.

Properties as Processes : FORTE slide Properties as Processes: their Specification and Verification Joel Kelso and George Milne School of Computer.

Tomás BarrosMonday, April 18, 2005FIACRE Toulouse p. 1 Behavioural Models for Hierarchical Components Tomás Barros, Ludovic Henrio and Eric Madelaine.

Execution Replay and Debugging. Contents Introduction Parallel program: set of co-operating processes Co-operation using –shared variables –message passing.

Process Algebra (2IF45) Abstraction Parallel composition (short intro) Suzana Andova.

Model Generation for Distributed Java Programs Rabéa Boulifa Eric Madelaine Oasis Team INRIA, Sophia-Antipolis France, I3S, UNSA Luxembourg, November 28,

Behavioural Models for Distributed Hierarchical Components

Formal Specification and Verification of Distributed Component Systems

Gabor Madl Ph.D. Candidate, UC Irvine Advisor: Nikil Dutt

Event-Based Architecture Definition Language

Design Yaodong Bi.

Presentation transcript:

1 IFM 2005 – November 30, 2005 EXP.OPEN 2.0 A flexible tool integrating partial order, compositional, and on-the-fly verification methods Frédéric Lang INRIA Rhône-Alpes / VASY 655, avenue de l’Europe F Montbonnot Saint Martin 1

2 IFM 2005 – November 30, 2005 EXP.OPEN 2.0 A new tool of the CADP verification toolbox, whose main features are: Automata compositions using the operators of several languages (CCS, CSP, LOTOS,  CRL, E-LOTOS,...) –Classical and generalized hide, rename, and cut –Classical and generalized parallel composition –Synchronization vectors Combination of enumerative verification methods –Compositional verification –On-the-fly verification –Partial order reductions Connection with PEP and FC2

3 IFM 2005 – November 30, Input language

4 IFM 2005 – November 30, 2005 Examples csp behaviour ( ("snd.bcg" ||| "rec.bcg") [| { s1, s2, r1, r2 } |] ("m1.bcg" ||| "m2.bcg") ) \ { s1, s2, r1, r2 } par s1 * s1 * _ * _ -> s1, _ * _ * s2 * s2 -> s2, _ * r1 * _ * r1 -> r1, r2 * _ * r2 * _ -> r2 in "snd.bcg" || "m1.bcg" || "m2.bcg" || "recv.bcg" end par mcrl behaviour comm s1|r1 = c1, s2|r2 = c2, s3|r3 = c3, s4|r4 = c4, s5|r5 = c5, s6|r6 = c6 end comm hide "c." in cut "s.", "r." in "snd.bcg" || "rec.bcg" || "m1.bcg" || "m2.bcg" end cut end hide

5 IFM 2005 – November 30, 2005 Labelled Transition System (LTS) The semantic model of most process algebras Quadruple (S, A, T, s 0 ), where –S and A are the sets of states and labels (communication events and internal event written tau) –T is a set of transitions between states, labelled by elements of A –s 0 is the initial state Four file formats available (BCG, Aldébaran, FC2, SEQ) Many forms of labels are accepted

6 IFM 2005 – November 30, 2005 Hide, cut, and rename Standard notions in process algebras EXP.OPEN 2.0 implements  CRL and CCS cut,  CRL, CSP, and LOTOS hide, CCS and CSP rename Generalized hide, cut and rename also available –Events (gate or label) represented by Posix regexp –Hide and cut using negation of a list of events –Possibility to define rules in a separate file

7 IFM 2005 – November 30, 2005 Examples Labels of B: PUT(T1), GET(T1), PUT(T2), GET(T2) total hide "PUT(T1)" in B hides "PUT(T1)" partial cut all but "T2" in B cuts all transitions labelled "PUT(T1)" or "GET(T1)" gate rename "\(.\)\(.\)\(.\)"  "\3\2\1" in B renames e.g., "PUT(T1)" into "TUP(T1)" multiple rename "T"  "TT" in B renames e.g., "PUT(T1)" into "PUTT(TT1)"

8 IFM 2005 – November 30, 2005 Parallel composition Binary infix parallel composition operators from CCS, CSP, LOTOS, and  CRL Generalized parallel composition operators –Parallel composition using synchronization vectors –E-LOTOS parallel composition

9 IFM 2005 – November 30, 2005 E-LOTOS parallel composition Generalization of LOTOS (Garavel & Sighireanu, 1999) Forced synchronization on a set of events for n concurrent processes Relaxed forms of synchronization for particular events –n among m synchronization –Interface synchronization

10 IFM 2005 – November 30, 2005 Examples gate par G#2, H in B 1 || B 2 ||B 3 end par  B1B1 B3B3 G G B2B2 H G gate par G in H, J  B 1 || J, K  B 2 ||K, L  B 3 ||L, H  B 4 end par B1B1 B4B4 B3B3 H K L J B2B2 G 

11 IFM 2005 – November 30, State space exploration using EXP.OPEN 2.0

12 IFM 2005 – November 30, 2005 Compilation into an internal form Every expression is compiled into a vector of LTSs and a set of synchronization vectors Allows an homogeneous treatment of expressions Example: rename "H"  "K" in |[G]| is compiled into (S 1, S 2 ), { ("tau", _)  "tau", ("H", _)  "K", ("G(1)", "G(1)")  "G(1)", ("G(2)", "G(2)")  "G(2)" } G(1) G(2) tau H S1S1 G(1) G(2) S2S2

13 IFM 2005 – November 30, 2005 Integration within OPEN/CAESAR (CADP) Open/Caesar API BCG_OPEN … LTS generation interactive simulation random execution on the fly verification partial verification test generation Open/Caesar librairies MCRL_OPEN LOTOS LTS Network of LTSs Mcrl CAESAR.OPEN Front-end Back-end SEQ.OPEN Traces EXP.OPEN 2.0

14 IFM 2005 – November 30, 2005 Partial order reductions Select a partially ordered execution of a set of transitions to avoid exploring all interleavings Three partial order reductions are implemented, preserving different relations –Branching bisimulation –Stochastic branching bisimulation –Deadlocks No modification of the verification back-ends

15 IFM 2005 – November 30, 2005 Compositional verification Standard approach: Generate, hide, and reduce modulo an equivalence incrementally –May avoid explosion of the full LTS –Sound as the main equivalences are congruences –But limited by possible explosion of an intermediate LTS Refined approach: Additionally use interface constraints to generate LTSs –Interface = LTS modeling an abstraction of the context –Proposed by Graf & Steffen (90) and implemented in the PROJECTOR tool by Krimm & Mounier (97)

16 IFM 2005 – November 30, 2005 Interface constraints generation EXP.OPEN allows to generate interface constraints for a process in a known context automatically Main advantages: –It avoids generation of constraints by hand –It is not restricted to a particular language –Interface constraints can be built upon any subset of the processes in the context of the process to constrain –It improves over other approaches in the case of nondeterministic synchronization For LOTOS, the approach is automated within SVL

17 IFM 2005 – November 30, Applications and performances

18 IFM 2005 – November 30, 2005 Various applications Verification of Net update protocol (Firewire) –By Romijn, Vorstenboch, and Huo (Univ. of Eindhoven) –Distributed state space generation Performance analysis of a distributed mutual exclusion algorithm –By Hermanns and Johr (Saarland University) –Branching stochastic partial order reduction and distributed state space generation Compositions of hierarchical object components –By Barros and Madelaine (INRIA) –Hierarchical compositions using synchronization vectors

19 IFM 2005 – November 30, 2005 Various applications (continued) Several online demos available in CADP –Distributed summation algorithm using m among n synchronization –ODP trader using m among n synchronization –Distributed Erathostene’s sieve using partial order reduction –Compositional verification of Data Encryption Standard (DES) –etc.

20 IFM 2005 – November 30, 2005 Performances Erathostene’s sieve using partial order reduction preserving branching bisimulation

21 IFM 2005 – November 30, 2005 Performances (cont’d) Significant improvements wrt. version 1.0 Memory divided by 2 Time:

22 IFM 2005 – November 30, 2005 Conclusion EXP.OPEN 2.0 combines operators –Classical and generalized process algebra operators –Synchronization vectors –First implementation of E-LOTOS parallel composition EXP.OPEN 2.0 combines techniques –On-the-fly verification and partial order reductions –Compositional verification with interface constraints EXP.OPEN 2.0 is available online: