Abstract Verification is traditionally done by determining the truth of a temporal formula (the specification) with respect to a timed transition system.

Slides:

Advertisements

Similar presentations

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.

Advertisements

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Timed Automata Rajeev Alur University of Pennsylvania SFM-RT, Bertinoro, Sept 2004.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

Chapter 16 : KRONOS (Model Checking of Real-time Systems)

1 Fault Diagnosis for Timed Automata Stavros Tripakis VERIMAG.

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

UPPAAL Introduction Chien-Liang Chen.

Hybrid System Verification Synchronous Workshop 2003 A New Verification Algorithm for Planar Differential Inclusions Gordon Pace University of Malta December.

Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?

Timed Automata.

1 Chapter Six Algorithms. 2 Algorithms An algorithm is an abstract strategy for solving a problem and is often expressed in English A function is the.

1 Mechanical Verification of Timed Automata Myla Archer and Constance Heitmeyer Presented by Rasa Bonyadlou 24 October 2002.

Presenter: PCLee – This paper outlines the MBAC tool for the generation of assertion checkers in hardware. We begin with a high-level presentation.

1 Conditional XPath, the first order complete XPath dialect Maarten Marx Presented by: Einav Bar-Ner.

Formal Software Testing and Model Checking Generating Test Cases For a Timed I/O Automaton Model Leonid Mokrushin.

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 1 Adding Real-time to Formal Specifications Formal Specifications of Complex Systems.

Discrete Abstractions of Hybrid Systems Rajeev Alur, Thomas A. Henzinger, Gerardo Lafferriere and George J. Pappas.

Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.

© Katz, 2007 Formal Specifications of Complex Systems-- Real-time 1 Adding Real-time to Formal Specifications Formal Specifications of Complex Systems.

Review of the automata-theoretic approach to model-checking.

Embedded Systems Laboratory Department of Computer and Information Science Linköping University Sweden Formal Verification and Model Checking Traian Pop.

ESE601: Hybrid Systems Introduction to verification Spring 2006.

Automata and Formal Lanugages Büchi Automata and Model Checking Ralf Möller based on slides by Chang-Beom Choi Provable Software Lab, KAIST.

Beyond HyTech Presented by: Ben Horowitz and Rupak Majumdar Joint work with Tom Henzinger and Howard Wong-Toi.

Model Checking LTL over (discrete time) Controllable Linear System is Decidable P. Tabuada and G. J. Pappas Michael, Roozbeh Ph.D. Course November 2005.

Flavio Lerda 1 LTL Model Checking Flavio Lerda. 2 LTL Model Checking LTL –Subset of CTL* of the form: A f where f is a path formula LTL model checking.

Regular Model Checking Ahmed Bouajjani,Benget Jonsson, Marcus Nillson and Tayssir Touili Moran Ben Tulila

MATH 224 – Discrete Mathematics

Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.

Languages of nested trees Swarat Chaudhuri University of Pennsylvania (with Rajeev Alur and P. Madhusudan)

DECIDABILITY OF PRESBURGER ARITHMETIC USING FINITE AUTOMATA Presented by : Shubha Jain Reference : Paper by Alexandre Boudet and Hubert Comon.

Theory of Computation, Feodor F. Dragan, Kent State University 1 NP-Completeness P: is the set of decision problems (or languages) that are solvable in.

On Reducing the Global State Graph for Verification of Distributed Computations Vijay K. Garg, Arindam Chakraborty Parallel and Distributed Systems Laboratory.

Copyright © Cengage Learning. All rights reserved. CHAPTER 11 ANALYSIS OF ALGORITHM EFFICIENCY ANALYSIS OF ALGORITHM EFFICIENCY.

Formal Verification Lecture 9. Formal Verification Formal verification relies on Descriptions of the properties or requirements Descriptions of systems.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4.

Timed I/O Automata: A Mathematical Framework for Modeling and Analyzing Real-Time Systems Frits Vaandrager, University of Nijmegen joint work with Dilsun.

Page 1 Analysis of Asynchronous Systems Steven P. Miller Michael W. Whalen {spmiller, Advanced Computing Systems Rockwell.

Introduction to State Machine

Hamming Code,Decoders and D,T-flip flops Prof. Sin-Min Lee Department of Computer Science.

Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.

Verification & Validation By: Amir Masoud Gharehbaghi

CS 203: Introduction to Formal Languages and Automata

Recognising Languages We will tackle the problem of defining languages by considering how we could recognise them. Problem: Is there a method of recognising.

Symbolic Algorithms for Infinite-state Systems Rupak Majumdar (UC Berkeley) Joint work with Luca de Alfaro (UC Santa Cruz) Thomas A. Henzinger (UC Berkeley)

1 CSEP590 – Model Checking and Automated Verification Lecture outline for July 9, 2003.

1 Temporal logic. 2 Prop. logic: model and reason about static situations. Example: Are there truth values that can be assigned to x,y simultaneously.

Quality Assurance in the Presence of Variability Kim Lauenroth, Andreas Metzger, Klaus Pohl Institute for Computer Science and Business Information Systems.

Model Checking Lecture 1. Model checking, narrowly interpreted: Decision procedures for checking if a given Kripke structure is a model for a given formula.

Variants of LTL Query Checking Hana ChocklerArie Gurfinkel Ofer Strichman IBM Research SEI Technion Technion - Israel Institute of Technology.

From Natural Language to LTL: Difficulties Capturing Natural Language Specification in Formal Languages for Automatic Analysis Elsa L Gunter NJIT.

Presented by: Belgi Amir Seminar in Distributed Algorithms Designing correct concurrent algorithms Spring 2013.

Today’s Agenda  Quiz 4  Temporal Logic Formal Methods in Software Engineering1.

Model Checking Lecture 1: Specification Tom Henzinger.

IS 2620: Developing Secure Systems Formal Verification/Methods Lecture 9 March 15, 2012.

6/12/20161 a.a.2015/2016 Prof. Anna Labella Formal Methods in software development.

CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4.

SS 2017 Software Verification Timed Automata

LPV: a new technique, based on linear programming, to formally prove or disprove safety properties J-L Lambert, valiosys.

Modeling Mutual Exclusion Algorithms

SS 2018 Software Verification Strategic Reasoning

IS 2935: Developing Secure Systems

CSEP590 – Model Checking and Automated Verification

Formal Methods in software development

Introduction to verification

Formal Methods in software development

Presentation transcript:

Abstract Verification is traditionally done by determining the truth of a temporal formula (the specification) with respect to a timed transition system such as a timed automaton (the abstract model). The concrete model is then proved to be bisimilar to the specification. The temporal logics usually have the property that two bisimilar states satisfy the same formula, and thus we finally get that the implementation model satisfies the formal specification. We look at a quantitative verification methodology where each formula has a numerical value in the interval [0,1] instead of just boolean values. We also look at quantitative notions of bisimilarity which group states according to how close they are to each other in terms of behaviour. November 18, 2004 Quantitative Verification For Real Time Systems Prof Thomas Henzinger Rupak Majumdar Vinayak Prabhu Example: Train Gate Controller Approach x:=0 T1 T2 x· 5 T3 x· 5 T2 x· 5 x>2, In Out Exit Train Lower y:=0 G1 G2 y· 1 G3 G4 y· 2 Down Raise Exit Gate y:=0 C2 z· 1 C3 z· 1 C1 Exit, z:=0 Raise Approach, z:=0 z=1, Lower Controller x,y,z are clocks which increase at rate 1 inside locations. “Approach, Lower” etc are synchronization signals. A specification might be that the gates be closed when the Train enters the crossing. CTL expresses this as 8  ((T3 Ç T4) ! G3) We may be also interested in response properties: How soon do we get to a “desired” state? Eg. Whenever a request is made, it is granted (perhaps after some time) In the train-gate example: We can always get to a state where the gate is raised (non- blocking requirement) CTL: 8  9} G1 9} P True at state s if from s we can get to a state s’ where P is satisfied. We may also want to know just how quickly we reach P (the sooner the better) – give a quantitative value to the formula. Also Discount : a P now is better than a P later. 8  P : we want P to hold forever (safety specification). Quantitatively: How long does P hold? Standard Notion of Bisimilarity MA: an abstract model of a controller MI: Concrete implementation – more details - perhaps related to the implementation platform, or details left out by the designer. Does MI do what the control designer specified? Formally: A trace is the observable behavior of a system (internal variables and details are hidden). Is the trace language of MI = trace language of MA ? Undecidable for timed automata (there cannot exist any algorithm which answers the question in full generality). Sufficient conditions? Bisimilarity States s1, s2 are bisimilar if If s1 can take a “p” transition then so can s2, such that the next states are again bisimilar. If s2  If s1,s2 are bisimilar then they generate the same behaviors. Utilizes the fact that closely related states generate similar behaviors Two notions of Bisimilarity for Timed Systems: Time abstract bisimilarity does not take time into account. A transition taken by one state at time 3 can be matched by the other state at any time. Timed Bisimilarity requires that a transition at time 3 must be matched by a transition at time 3. Timed Bisimilarity is strictly finer than time abstract bisimilarity. Quantitative Extension What if we allow a non-zero (but finite) slack in the matching of transitions? In between time abstract and timed bisimilarity. Open question whether this problem is decidable for timed automata. We believe it is. It quantifies just how close a system MI is to system MA. Generally we are satisfied if a system is “close enough” to the specification. In practice this degree of “closeness” is determined by testing. We hope formal verification methods can be extended to this area. Results We can compute quantitative bisimilarity on weighted graphs (graphs with each edge labelled with a union of real intervals with rational endpoints). We can also compute the values of quantitative formulae on the graphs. We have also shown that the formalism makes sense: if two states are epsilon bisimilar then the quantitative values of the formulae are again close (continuity theorem) Moreover, if s1 is epsilon bisimilar to s2, and if s1 satisfies a formula  (in the standard sense) then s2 satisfies a delta relaxed version of  (delta depending on epsilon) Future work: Instead of getting exact values, getting upper bounds may simplify the problem. Extension to more general timed and hybrid models.