Verification of Hierarchical Component-Based Designs in FRESCO Tom Henzinger, Marius Minea, Vinayak Prabhu.

Slides:



Advertisements
Similar presentations
Efficient Reachability Analysis of Hierarchic Reactive Modules R. Alur, R.Grosu, M.McDougall University of Pennsylvania
Advertisements

Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.
ECOE 560 Design Methodologies and Tools for Software/Hardware Systems Spring 2004 Serdar Taşıran.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Decomposing Refinement Proofs using Assume-Guarantee Reasoning Tom Henzinger (UC Berkeley) Shaz Qadeer (Compaq Research) Sriram Rajamani (Microsoft Research)
Interface-based design Philippe Giabbanelli CMPT 894 – Spring 2008.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Automated assume-guarantee reasoning for component verification Dimitra Giannakopoulou (RIACS), Corina Păsăreanu (Kestrel) Automated Software Engineering.
Luca de Alfaro Thomas A. Henzinger Ranjit Jhala UC Berkeley Compositional Methods for Probabilistic Systems.
Modular Specification of Hybrid Systems in CHARON R. Alur, R. Grosu, Y. Hur, V. Kumar, I. Lee University of Pennsylvania SDRL and GRASP.
Fault-Tolerant Real-Time Networks Tom Henzinger UC Berkeley MURI Kick-off Workshop Berkeley, May 2000.
Page 1 Building Reliable Component-based Systems Chapter 13 -Components in Real-Time Systems Chapter 13 Components in Real-Time Systems.
Interface-based Design of Embedded Systems Thomas A. Henzinger University of California, Berkeley.
STARI: A Case Study in Compositional and Hierarchical Timing Verification Serdar Tasiran, Prof. Robert K. Brayton Department of Electrical Engineering.
Integrated Design and Analysis Tools for Software-Based Control Systems Shankar Sastry (PI) Tom Henzinger Edward Lee University of California, Berkeley.
Type System, March 12, Data Types and Behavioral Types Yuhong Xiong Edward A. Lee Department of Electrical Engineering and Computer Sciences University.
Models and Theory of Computation (MTC) EPFL Dirk Beyer, Jasmin Fisher, Nir Piterman Simon Kramer: Logic for cryptography Marc Schaub: Models for biological.
Causality Interface  Declares the dependency that output events have on input events.  D is an ordered set associated with the min ( ) and plus ( ) operators.
EECS 20 Lecture 16 (February 26, 2001) Tom Henzinger Determinization.
Chess Review May 11, 2005 Berkeley, CA Composable Code Generation for Distributed Giotto Tom Henzinger Christoph Kirsch Slobodan Matic.
SDRL and GRASP University of Pennsylvania 6/27/00 MoBIES 1 Design, Implementation, and Validation of Embedded Software (DIVES) Contract No. F C-1707.
University of Pennsylvania 1 SDRL CHARON SDRL and GRASP University of Pennsylvania Funded by DARPA ITO.
Computing Delay with Coupling Using Timed Automata Serdar Tasiran, Yuji Kukimoto, Robert K. Brayton Department of Electrical Engineering & Computer Sciences.
EECE Hybrid and Embedded Systems: Computation T. John Koo, Ph.D. Institute for Software Integrated Systems Department of Electrical Engineering and.
Expressing Giotto in xGiotto and related schedulability problems Class Project Presentation Concurrent Models of Computation for Embedded Software University.
Hybrid Systems a lecture over: Tom Henzinger’s The Theory of Hybrid Automata Anders P. Ravn Aalborg University PhD-reading course November 2005.
NSF Foundations of Hybrid and Embedded Software Systems UC Berkeley: Chess Vanderbilt University: ISIS University of Memphis: MSI Hybrid Systems: From.
SEC PI Meeting Annapolis, May 8-9, 2001 Component-Based Design of Embedded Control Systems Edward A. Lee & Jie Liu UC Berkeley with thanks to the entire.
Department of Electrical Engineering and Computer Sciences University of California at Berkeley System-Level Types for Component-Based Design Edward A.
Designing Predictable and Robust Systems Tom Henzinger UC Berkeley and EPFL.
DIVES Alur, Lee, Kumar, Pappas: University of Pennsylvania  Charon: high-level modeling language and a design environment reflecting the current state.
Advanced Behavioral Modeling
EECS 20 Lecture 4 (January 24, 2001) Tom Henzinger Block Diagrams.
MOBIES Project Progress Report Engine Throttle Controller Design Using Multiple Models of Computation Edward Lee Haiyang Zheng with thanks to Ptolemy Group.
3. DIGITAL ELECTRONICS..
Jun. Sun Singapore University of Technology and Design Songzheng Song and Yang Liu National University of Singapore.
Comparison of methods for supervisory control and submodule construction 1 Gregor v. Bochmann, University of Ottawa Comparison of methods for supervisory.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 20 October 28, 2004.
Chapter 6 System Engineering - Computer-based system - System engineering process - “Business process” engineering - Product engineering (Source: Pressman,
Speaking Bluntly about SharpHDL: Some Old Stuff and Some Other Proposed Future Extensions Gordon J. Pace & Christine Vella Synchron’05 Malta, November.
1.4 FUNCTIONS!!! CALCULUS 9/10/14 -9/11/14. WARM-UP  Write a general equation to represent the total cost, C, in a business problem. How is it different.
SDS Foil no 1 Process Algebra Process Algebra – calculating with behaviours.
Automatic Assumption Generation for Compositional Verification Dimitra Giannakopoulou (RIACS), Corina Păsăreanu (Kestrel) Automated Software Engineering.
Race Checking by Context Inference Tom Henzinger Ranjit Jhala Rupak Majumdar UC Berkeley.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Lyra – A service-oriented and component-based method for the development of communicating systems (by Sari Leppänen, Nokia/NRC) Traditionally, the design,
Natallia Kokash (Accepted for PACO’2011) ACG, 31/05/ Input-output conformance testing for channel-based connectors 1.
Submodule construction in logics 1 Gregor v. Bochmann, University of Ottawa Using First-Order Logic to Reason about Submodule Construction Gregor v. Bochmann.
ECE 301 – Digital Electronics Basic Logic Operations, Boolean Expressions, and Boolean Algebra (Lecture #3)
Submodule construction for specifications with I/O, Nov Gregor v. Bochmann, University of Ottawa Submodule construction for specifications with.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Modular Refinement of Hierarchic Reactive Machines Rajeev Alur Radu Grosu University of Pennsylvania
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Smart Home Technologies
1 These courseware materials are to be used in conjunction with Software Engineering: A Practitioner’s Approach, 5/e and are provided with permission by.
Compositional Formal Verification using MOCHA PI: Tom Henzinger Student 1: Freddy Mang (game-theoretic methods) Student 2: Ranjit Jhala (probabilistic.
Formal Verification. Background Information Formal verification methods based on theorem proving techniques and model­checking –To prove the absence of.
Combining Terms Review on Distributive Property a (b + c) = ab +bc (b + c) a = ba + ca.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
FORMAL METHOD. Formal Method Formal methods are system design techniques that use rigorously specified mathematical models to build software and hardware.
Giotto Embedded Control Systems Development with Thomas A. Henzinger Ben Horowitz Christoph M. Kirsch University of California, Berkeley
CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4.
Logic Gates and Boolean Algebra
Domain Testing Functional testing which tests the application by giving inputs and evaluating its appropriate outputs. system does not accept invalid and.
3.5 Operations on Functions
Shanna-Shaye Forbes Ben Lickly Man-Kit Leung
Retargetable Model-Based Code Generation in Ptolemy II
Logical architecture refinement
Compositional Refinement for Hierarchical Hybrid Systems
Presentation transcript:

Verification of Hierarchical Component-Based Designs in FRESCO Tom Henzinger, Marius Minea, Vinayak Prabhu

Context Overall Approach –use component hierarchy to limit complexity –design for verifiability Application Domain –primarily embedded systems Verification Goals –refinement checking –assume-guarantee reasoning

FRESCO: Formal Real-Time Software Components formal: components are mathematical objects that can be analyzed real-time: behavior contains discrete and continuous executions over time components model software + hardware + environment Masaccio: high-level component view Giotto: processes executing on real-time OS

Components in Masaccio Component = interface + behavior Interface: specifies interaction with other components –input and output variables + dependence relation –control locations + entry conditions Behavior: set of executions –entry (jump | flow)*(a,  ) –entry (jump | flow)* exit(a, , b) –components are deadlock-free x y a z b

Atomic Components Atomic discrete component Atomic continuous component ab xy y’ = f(x, y) ab xy y = f(x, y).

Operations: Parallel Composition synchronous conjunction of component behaviors same entry locations one component may preempt another (determines exit location) aa || cbbc a

Operations: Serial Composition disjunction of component behaviors entry conditions for common entry locations are disjoint can represent different execution modes of the system a + cb a g1g2 bc a g1  g2

Operations: Hiding and Renaming Location hiding –makes location internal to a component –strings together component executions –typically used with serial composition Location renaming Variable hiding Variable renaming abbcca

Building Components All components can be built from atomic components using the six basic operations Example: control of a robot motor, with obstacle sensor e x left:=right:=T  obst obst left: bool right: bool obst: bool

Refinement of Components Generalizes trace inclusion Component A refines component B iff: –A and B have compatible interfaces (A may have more variables, stronger dependence relation) –every behavior of A has as prefix a behavior of B (possibly ending in a different exit location) caab refines abbc + \ b = ca because

Example: A Simple Robot Motor Controller || Motor + || FollowLead + || Motor ++ StraightTurnMoveWait

Compositionality All components operations are compositional: –A  B  A + C  B + C –A  B  A || C  B || C –A  B  A \ a  B \ a –A  B  A [a := b]  B [a := b] –A  B  A \ x  B \ x –A  B  A [x := y]  B [x := y]

Assume-Guarantee Reasoning C[A1,B2]  C[A2,B2] C[A2,B1]  C[A2,B2] C[A1,B1]  C[A2,B2]    B2A1 C B2A2 C B2A2 C B1A2 C B2A2 C B1A1 C

Assume-Guarantee: Example Consider reimplementation of robot controller. Prove: C A [Control I A ]||C B [Control I B ]  C A [Control A ]||C B [Control B ] discharged by assume-guarantee: C A [Control I A ]||C B [Control B ]  C A [Control A ]||C B [Control B ] C A [Control A ]||C B [Control I B ]  C A [Control A ]||C B [Control B ] first premise rewritten as: Control I A ||Motor A ||Control B ||Motor B  Control A ||Motor A ||Control B ||Motor B discharged by compositional reasoning: Control I A ||Control B  Control A ||Control B rewritten as: (Control I A + Follow A )\e L \e F ||Control B  (Control A + Follow A )\e L \e F ||Control B

Assume-Guarantee: Importance Assume-guarantee rule for parallel composition: well studied [Abadi & Lamport, Alur & Henzinger, McMillan] For serial composition: only recently [Alur & Grosu ‘00] In Masaccio: first combination of the two Exploits compositionality and hierarchy of formalism

Ongoing and Future Work Related: –rich application interfaces (real-time, QoS) (Luca) –time-triggered implementation of Giotto (Ben, Christoph) Compositionality and Assume-Guarantee (w. Vinayak) –evaluation on examples Refinement of Timed Behavior –reduce to refinement of time-abstract quotients –use to show refinement between Masaccio and Giotto Exploiting Hierarchy in Verification –reachability analysis without flattening design

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.