2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 1 Formal Methods Mads.

Slides:



Advertisements
Similar presentations
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Advertisements

Formal Methods and Testing Goal: software reliability Use software engineering methodologies to develop the code. Use formal methods during code development.
Executional Architecture
ECOE 560 Design Methodologies and Tools for Software/Hardware Systems Spring 2004 Serdar Taşıran.
8/25/2009 Sofya Raskhodnikova Intro to Theory of Computation L ECTURE 1 Theory of Computation Course information Overview of the area Finite Automata Sofya.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Timed Automata.
LIFE CYCLE MODELS FORMAL TRANSFORMATION
Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
Advanced Formal Methods Mads Dam KTH/CSC Course 2D1453,
Discrete Maths Objective to give some background on the course , Semester 2, Who I am: Andrew Davison WiG Lab
CS603 Advanced Topics in Distributed Systems MWF 13:30-14:30 RHPH 162 Professor Chris Clifton.
CMSC 132: Object-Oriented Programming II Nelson Padua-Perez William Pugh Department of Computer Science University of Maryland, College Park.
From Discrete Mathematics to AI applications: A progression path for an undergraduate program in math Abdul Huq Middle East College of Information Technology,
1 CS 603: Advanced Topics in Distributed Systems Spring 2002 Professor Chris Clifton.
Designing Predictable and Robust Systems Tom Henzinger UC Berkeley and EPFL.
School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
Formal verification Marco A. Peña Universitat Politècnica de Catalunya.
Data Structures Lecture-1:Introduction
COMP 151: Computer Programming II Spring Course Topics Review of Java and basics of software engineering (3 classes. Chapters 1 and 2) Recursion.
Advances in Language Design
Do we need theoretical computer science in software engineering curriculum: an experience from Uni Novi Sad Bansko, August 28, 2013.
Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.
Teaching Teaching Discrete Mathematics and Algorithms & Data Structures Online G.MirkowskaPJIIT.
© Siemens AG, CT SE 1, Dr. A. Ulrich C O R P O R A T E T E C H N O L O G Y Research at Siemens CT SE Software & Engineering Development Techniques.
1 Mathematical Institute Serbian Academy of Sciences and Arts, Belgrade DEUKS Meeting Valencia, September 9-11, 2008, Valencia New PhD modules proposal.
CSCA48 Course Summary.
Lecture 0 Anish Arora CSE 6333 Introduction to Distributed Computing.
Lei Bu Preliminary Introduction to the Theory of Computation.
Scientific Computing By: Fatima Hallak To: Dr. Guy Tel-Zur.
Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.
EEL Software development for real-time engineering systems.
Framework for the Development and Testing of Dependable and Safety-Critical Systems IKTA 065/ Supported by the Information and Communication.
Motions for Permanent Undergraduate Course Numbers Brian L. Evans On Behalf of the ECE Curriculum Committee September 21, 2015.
CPSC 121: Models of Computation Unit 0 Introduction George Tsiknis Based on slides by Patrice Belleville and Steve Wolfman.
CIS 842: Specification and Verification of Reactive Systems Lecture 1: Course Overview Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The.
A Quantitative Trust Model for Negotiating Agents A Quantitative Trust Model for Negotiating Agents Jamal Bentahar, John Jules Ch. Meyer Concordia University.
- 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Validation - Formal verification -
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Verification & Validation By: Amir Masoud Gharehbaghi
HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering.
Modelling Reactive Systems 4 Professor Muffy Calder Dept. of Computing Science University of Glasgow
CSCI1600: Embedded and Real Time Software Lecture 28: Verification I Steven Reiss, Fall 2015.
Real-Time Systems, Events, Triggers. Real-Time Systems A system that has operational deadlines from event to system response A system whose correctness.
Computer Simulation of Networks ECE/CSC 777: Telecommunications Network Design Fall, 2013, Rudra Dutta.
CES 592 Theory of Software Systems B. Ravikumar (Ravi) Office: 124 Darwin Hall.
Formal Methods in Software Engineering1 Today’s Agenda  Mailing list  Syllabus  Introduction.
Requirements Engineering Methods for Requirements Engineering Lecture-31.
Data Structures and Algorithms in Java AlaaEddin 2012.
Why Study Automata? What the Course is About Administrivia 1 Welcome to CSE309.
Agenda  Quick Review  Finish Introduction  Java Threads.
Introductory Lecture. What is Discrete Mathematics? Discrete mathematics is the part of mathematics devoted to the study of discrete (as opposed to continuous)
Copyright 1999 G.v. Bochmann ELG 7186C ch.1 1 Course Notes ELG 7186C Formal Methods for the Development of Real-Time System Applications Gregor v. Bochmann.
CENG 424-Logic for CS Introduction Based on the Lecture Notes of Konstantin Korovin, Valentin Goranko, Russel and Norvig, and Michael Genesereth.
Sub-fields of computer science. Sub-fields of computer science.
COSC 5V90 Functional Programming and Interactive Theorem Proving
Why Study Automata Theory and Formal Languages?
Why Study Automata? What the Course is About Administrivia
Preliminary Introduction to the Theory of Computation
University of Ljubljana, Faculty of Electrical Engineering
Big Ideas in Computer Science
Gabor Madl Ph.D. Candidate, UC Irvine Advisor: Nikil Dutt
Preliminary Introduction to the Theory of Computation
Introduction CSE 373 Data Structures.
A Trusted Safety Verifier for Process Controller Code
Computer-Aided Verification 計算機輔助驗證 (Spring 2004)
Discrete Mathematics in the Real World
Presentation transcript:

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 1 Formal Methods Mads Dam (Course responsible) 4123/ Irem Aktug Mika Cohen

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 2 Synopsis Techniques and tools for formal modelling and analysis of computer systems Topics: –Modelling techniques –Model checking, temporal logic, automata, SPIN –Process algebra, CCS, CWB –Deductive verification, theorem proving, Floyd/Hoare logic, ESC/Java Theory and labs –Aim 1: Show this is useful stuff –Aim 2: Understand and reason about the theory Do not underestimate the workload!

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 3 Feedback Please! Your help is requested... Course committee (kursnämnd): –NN1: ___________________ –NN2: ___________________ –NN3: ___________________ Very important!

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 4 Requirements, 1 Four labs, 3 pts total –Lab 1, PVS Reporting on Sept 17 –Lab 2, SPIN Reporting on Sept 30 –Lab 3, ESC/Java Reporting on Oct 6 –Lab 4, CCS/CWB Reporting on Oct 13 Final exam, 2 pts, determines final grade

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 5 On the Labs No assigned lab facilities! Deadlines must be respected Important to get started early Requirements for each lab determined on course web To get help: –Use course mailing list: –Ask course assistant at exercise sessions

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 6 Literature Slides Course book: D. Peled: Software Reliability Methods Price ~550SEK, available at Kårbokhandeln Campus and Kista Handouts Course web

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 7 Why Formal Methods? The better you understand the problem and your proposed solution The better the quality of the end product Understanding !Properties ! Modelling !Formalisation !PROOF! Formalisation and proof = use of mathematics and logics Embodied in usable tools

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 8 The Challenge Real systems are huge and complex There is no silver bullet Problems –Undecidability: Applies to humans as well as machines –Distribution: Complexity explodes Engineering: –How to get a satisfactory analysis with the resources (time, space, people, machines) available –Satisfactory: Correct, or good enough for trust

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 9 The Sum Is More Than the Sum of the Parts Each link uses fault free data transfer protocol Is the system fault free? Used(B) = n*Size(AB) + m*Size(DB) Free(B) = Mem(B) – Used(B) Scenario: Min(Size(AB),Size((DB) > Free(B) n*Size(AB) < Size(BC) m*Size(DB) < Size(BE) A D BC E

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 10 Another Example What happens if we upgrade link AB to 10 Mbit/s? B permanently saturated AC throughput -> 1Mbit/s (But AB transmits at full speed) Buffer release rate at B: 2 Mbit/s AC traffic has 91% chance of grabbing free buffer DE traffic gets < 0.2 Mbit/s A D BC E 1 Mbit/s 10 Mbit/s

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 11 The Key Questions What is the right level of abstraction? –Physical? Circuit? Network? –Binaries? Bytecode? Source program? Libraries? –Architectural? Algorithmic? Process? Model? What are the important properties? –Type safety (e.g. Java bytecode verifier)? –Partial/total correctness? Implementation correctness? –Deadlocks? Starvation? Reactiveness? There is no ”correct” answer Answers determine choice of methods and tools

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 12 Occam’s Razor Abstraction, abstraction, abstraction... –Eliminate irrelevant details until the important features stick out –And then eliminate some of these if necessary –And try to eliminate the bad design decisions that made the analysis too complex – e.g. timing, language, platform dependencies Use common, well-understood models –Sequential systems: First-order logic (FOL), recursive functions –Concurrency and distribution: Automata = state machines, Communicating state machines, process algebra, temporal logic

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 13 Abstraction Assume you should verify absence of deadlock between an ATM trying to store a withdrawal and a server ATM: server!store(self,time,accountno,amount, transactionkind) Server: if correctChecksum(...) and validAmount(...) and allowedTransaction(...) then storeValue(time,accountno,amount,transactionkind); client!transactionOK else client!transactionNotOK endif

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 14 Abstraction, II What will the parameters be used for when checking for deadlocks? What can the server do which affects the possibility of deadlock?

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 15 Abstraction, III Suppose we don’t care about memory consumption, very detailed execution time analysis, actual value input/output relations... ATM: server!store(self) Server: if random() < 0.5 then storeValue() ; client!transactionOK else client!transactionNotOK endif

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 16 Main Schools Theorem proving –FOL, HOL, type theory, using formalised theories –Problem of proof search Model checking –Automatic traversal of finite state machine graphs –Efficient, but scalability issues Floyd/Hoare logic –Theorem proving for flow graphs/while programs –Proof search, but more domain knowledge Process algebra –Reasoning about abstract processes –Structured approach

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 17 The Field Formal verification is an ambitious task, so: –Use with discretion –Avoid exaggerated expectations –For engineers, not for programmers Current industrial usage –Common criteria EAL 5-7 –Computer security (e.g. BAN logics) –Programming language design Operational semantics, type systems –Processor design all major chip vendors + tool providers –Safety-critical systems Railway, automotive, power industry, aerospace