© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 1 Adding Real-time to Formal Specifications Formal Specifications of Complex Systems.

Slides:

Advertisements

Similar presentations

Formal Methods and Testing Goal: software reliability Use software engineering methodologies to develop the code. Use formal methods during code development.

Advertisements

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

UPPAAL Introduction Chien-Liang Chen.

Timed Automata.

August Moscow meeting1August Moscow meeting1August Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.

Background information Formal verification methods based on theorem proving techniques and modelchecking –to prove the absence of errors (in the formal.

ISBN Chapter 3 Describing Syntax and Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.

CS 355 – Programming Languages

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.

© Katz, 2007CS Formal SpecificationsLecture - Temporal logic 1 Temporal Logic Formal Specifications CS Shmuel Katz The Technion.

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 1 Adding Real-time to Formal Specifications Formal Specifications of Complex Systems.

Course Summary. © Katz, 2003 Formal Specifications of Complex Systems-- Real-time 2 Topics (1) Families of specification methods, evaluation criteria.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Katz Formal Specifications Larch 1 Algebraic Specification and Larch Formal Specifications of Complex Systems Shmuel Katz The Technion.

© Betty HC Cheng. This presentation is available free for non-commercial use with attribution under a creative commons license. Acknowledge: S.

CS 330 Programming Languages 09 / 18 / 2007 Instructor: Michael Eckmann.

Categories of Aspects Shmuel Katz Computer Science Department The Technion Haifa, Israel.

© Katz, 2007 Formal Specifications of Complex Systems-- Real-time 1 Adding Real-time to Formal Specifications Formal Specifications of Complex Systems.

Overview Sequential Circuit Design Specification Formulation

Course Summary. © Katz, 2007 Formal Specifications of Complex Systems-- Real-time 2 Topics (1) Families of specification methods, evaluation criteria.

University of Toronto Department of Computer Science © Steve Easterbrook. This presentation is available free for non-commercial use with attribution.

ESE601: Hybrid Systems Introduction to verification Spring 2006.

CS 330 Programming Languages 09 / 16 / 2008 Instructor: Michael Eckmann.

Describing Syntax and Semantics

1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.

Principle of Functional Verification Chapter 1~3 Presenter : Fu-Ching Yang.

Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

Introduction to Software Testing Chapter 9.4 Model-Based Grammars Paul Ammann & Jeff Offutt

Requirements Expression and Modelling

Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.

Introduction to Formal Methods Based on Jeannette M. Wing. A Specifier's Introduction to Formal Methods. IEEE Computer, 23(9):8-24, September,

Overview of Formal Methods. Topics Introduction and terminology FM and Software Engineering Applications of FM Propositional and Predicate Logic Program.

CEFRIEL Consorzio per la Formazione e la Ricerca in Ingegneria dell’Informazione Politecnico di Milano Model Checking UML Specifications of Real Time Software.

- 1 - Embedded Systems - SDL Some general properties of languages 1. Synchronous vs. asynchronous languages Description of several processes in many languages.

ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.

Formal Verification Lecture 9. Formal Verification Formal verification relies on Descriptions of the properties or requirements Descriptions of systems.

Charles Kime & Thomas Kaminski © 2008 Pearson Education, Inc. (Hyperlinks are active in View Show mode) Chapter 5 – Sequential Circuits Part 2 – Sequential.

3.2 Semantics. 2 Semantics Attribute Grammars The Meanings of Programs: Semantics Sebesta Chapter 3.

ISBN Chapter 3 Describing Semantics.

Chapter 3 Part II Describing Syntax and Semantics.

Semantics In Text: Chapter 3.

1 CSEP590 – Model Checking and Automated Verification Lecture outline for August 6, 2003.

1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.

Software Engineering 2 -Prakash Shrestha.

Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.

Verification & Validation By: Amir Masoud Gharehbaghi

Ukrprog Formal requirement language and its applications A.Letichevsky Glushkov Institute of Cybernetics.

What’s Ahead for Embedded Software? (Wed) Gilsoo Kim

Properties as Processes : FORTE slide Properties as Processes: their Specification and Verification Joel Kelso and George Milne School of Computer.

Formal Verification. Background Information Formal verification methods based on theorem proving techniques and modelchecking –To prove the absence of.

Model Checking Lecture 1. Model checking, narrowly interpreted: Decision procedures for checking if a given Kripke structure is a model for a given formula.

Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.

Winter 2007SEG2101 Chapter 121 Chapter 12 Verification and Validation.

Specifying Multithreaded Java semantics for Program Verification Abhik Roychoudhury National University of Singapore (Joint work with Tulika Mitra)

CSC3315 (Spring 2009)1 CSC 3315 Languages & Compilers Hamid Harroud School of Science and Engineering, Akhawayn University

C HAPTER 3 Describing Syntax and Semantics. D YNAMIC S EMANTICS Describing syntax is relatively simple There is no single widely acceptable notation or.

Agenda  Quick Review  Finish Introduction  Java Threads.

Introduction to Formal Methods

SS 2017 Software Verification Timed Automata

Syntax Questions 6. Define a left recursive grammar rule.

Logical architecture refinement

Aspect Validation: Connecting Aspects and Formal Methods

CSCI1600: Embedded and Real Time Software

Over-Approximating Boolean Programs with Unbounded Thread Creation

CSCI1600: Embedded and Real Time Software

Presentation transcript:

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 1 Adding Real-time to Formal Specifications Formal Specifications of Complex Systems Shmuel Katz The Technion L e c t u r e n u m b e r L e c t u r e ti tl e B o t h o n m a s t e r

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 2 What is real-time? Specifying restrictions on the time needed/ required for operations, time between operations, global elapsed time for sequences of operations,.... Used in connecting software to a physical environment Essential in control systems, avionics, human-computer interfaces

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 3 Liveness and real time Liveness properties, such as eventualities in temporal logic, can be seen as an abstraction for lower level real-time requirements, before we have any timing information. [] ( p => <> q ) “q is true within 5 seconds of p” Real-time can be used INSTEAD of liveness requirements to guarantee progress.

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 4 Temporal Logic: Explicit Time Add a built-in TIME variable, STARTa constant for each time an operation a is started, and use constants UPPERa and LOWERa: []( in(s) => (TIME - STARTs  UPPERs ) ) []( after(s) => (TIME > STARTs + LOWERs) ) [] (at(s) => TIME  STARTs )

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 5 Liveness and realtime (cont.) The real-time properties are safety, not liveness! The liveness is “hidden” in the properties of the TIME variable itself. It must monotonically increase. Is that enough? Zeno, rabbits and tortoises

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 6 The non-Zeno Property For any constant r, <> ( TIME > r ) This plus safety properties given earlier, allow proving liveness properties in(s) => <> ~ in(s) Use []( in(s) => TIME  STARTs+UPPERs)

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 7 Checking internal consistency Example: a module s made of sequential composition of a and b Assume have UPPER and LOWER for each Must have: LOWERa + LOWERb  UPPERs UPPERa + UPPERb  LOWERs What if a and b are in parallel?

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 8 Temporal logic: adding bounds “Liveness” operators have added upper and/or lower time bounds: [] ( P => <> [1, 5] Q ) in(CS0) Until [3,7] ~in(CS0) Can use with CTL, linear, and still do model checking Gives most common real-time reqs., can reveal inconsistent bounds, hidden links

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 9 Temporal logic: adding dummy vars. [], <> and O can have bound variables added, that “remember” the time for future comparison. (called “freeze” variables) <>s. x > y /\ s < 6 [] t. ( req => <> s. answer /\ 1< s - t < 10) Non-Zeno becomes: for all r. <>t. ( t > r ) Better for model checking than using TIME

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 10 Tick Real-time => interleaving step should not mean time has necessarily advanced. Need to “calibrate” clocks “tick” a special action that advances time. All other actions do not advance time.... A tick could change the time by a full unit, or just advance it by some positive amount (but non-Zeno must still hold)

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 11 Restrictions on tick Unit tick: []t. Os. ((tick => s = t + 1) /\ (~tick)=> s=t) At most one non-tick step per processor between tick steps.... Calibrate: 10 steps in P1, but 1 in P2 between ticks. Continuous clock: still has non-Zeno, can calibrate with inequalities.

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 12 Real-time in Statecharts Already there: timeout, forcing transitions “3<“ at least 3 time units in the state “ 5>“ at most 5 time units in the state Transitions take 0 time, delay before or after Real-time is used to guarantee progress

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 13 Adding bounds on transitions [lower, upper] for time to do the transition Are we always “in a state”? >If not, makes complex consistency condition, but may be more realistic >If yes, wait in state until transition is made in 0 time Can reveal “hidden” timing relations (timing in one process affects timing in others because of sync., conditions,...) Also done for pure state machines

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 14 Summary Many ways to do it Becoming common, but still non-standard Can reveal hidden real-time links Problem in refinement: how to verify before lowest level is reached. Most useful for synchronous parallelism.

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 15 Topics (1) Families of specification methods, evaluation criteria Safety and liveness Expressing properties in predicate calculus (logic) Input/output assertions, partial correctness, Hoare logic, invariants Z notations: dom ran and special symbols Z schemas: defining the state, operations Z examples: symb. table, assembler, Unix files, telephone,...

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 16 Topics (2) Schema calculus: modularity, hiding,... Refinement in Z: applying mapping functions, data and operation refinement, applicability and correctness State machine: pure graph, traces, using Z for state machines Statecharts: superstates, parallelism, joint transitions, history, micro-steps, activities Lamport’s textual state machines: open versus closed system, critical moment

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 17 Topics (3) Allowed changes, parameter passing Temporal logics, linear: [], <>,..., next Anchored version, past operators, classes of properties, fairness Branching time: E, A, F, G, X, CTL Fault tolerance, lossy queue and fairness, alternating bit protocol impl. of queue Process algebras and LOTOS Nondeterminism, gates, actions, Process declaration and instantiation

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 18 Topics (4) Parallel comp.: |||, |[ gates ]|, | |, hiding Offering (!) and accepting (?), negotiation Stop, hiding, i, and multiway gates Semantic views: bisimulation equivalence, testing equiv., trace equiv. Algebraic specification and Larch, algebraic axioms, initial/final algebra Generated by, partitioned by, converts Shared versus Interface Languages Real time: TIME, ranges, bound vars. with temp. logic; for statecharts

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 19 Three kinds of specifications Data and transition modeling: Z vrs. Larch shared lang.; For individual steps; textual, sequential Control: Statecharts vrs. LOTOS (vrs. Esterelle vrs...) For concurrency, overlap, synchronization Global liveness (and safety too): Temporal logic in some version

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 20 Present Use of Formal Specifications Invariants and I/O assertions: added to UML designs, appear as run-time checks, assert statements and checkers (in recent systems, around 10% of Microsoft code) Elements of Z are in OCL (Object Constraint Language) extension of UML Software model checkers Bandera, accepts Java programs annotated with a version of temporal logic SLAM, a Microsoft product for checking temporal logic assertions about driver software Java Pathfinder: NASA tool for model checking Java

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 21 Present use (cont.) Feasibility checks for Java applets >No memory segment violations, no illegal operations Legal requirements for formal specification and verification using a tool, in addition to testing >Aircraft control >Railway control in Europe and the US >Software controlling nuclear reactors in Europe Description languages for test data generation Hardware (design) verification using model checking and/or simulation: widely used in Intel, IBM, Motorola

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 22 Trends Use formal methods selectively for problem areas Develop tools with clear added value Use for error detection as well as showing correctness Set up environment where methods can be combined (not yet widespread): >VeriTech: project to translate among verification tools and their specification notations >AOSD Formal Methods Lab: apply specification notations and verification tools to Aspect-Oriented Programming

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 23 Realistically.... Potential benefits are known. Problems with formal methods have become evident. Modeling and tools have helped on real projects in particular application areas. Software development is in so much trouble, there is new willingness to invest in formal methods.