Verification technique on SA applications using Incremental Model Checking 컴퓨터학과 신영주

Motivation What is problem? – SA applications are near by human and can affect human physically. – Small bugs in SA application can be very harmful to human. – For example, a microwave oven, embedding SA application that has some bugs, may be heated while it’s door is opened.

Challenging to solve this problem SA applications must be safe. It is necessary to find a method to detect safety violations before deploying SA applications. Safety of SA applications can be guaranteed by verifying it using some automated formal methods, which are already researched and developed.

Project Goals Develops a method to verify SA applications using Incremental Model Checking. Defines Situation-aware Application Model Description Language (SAMDL) that describes a formal representation of model of SA application. Defines Constraints Description Language(CDL) that describes a requirements specification a SA application must satisfy. Implements a verification tool using above method.

Solution Approach What is model checking? – Given a Kripke structure M=(S,R,L) that represents a finite state concurrent system and a temporal logic formula f expressing some desired specification, find the set of all states that satisfy f. – Kripke structure M=(S,R,L) means S is a finite set of states R ⊆ SXS is a transition relation of states L:S -> 2 AP is a function that labels each state with the set of atomic proposition true in that state.

Solution Approach (Cont.) Example of model checking (microwave oven) ~START ~CLOSE ~HEAT ~ERROR 1 ~START CLOSE ~HEAT ~ERROR 3 START ~CLOSE ~HEAT ERROR 2 START CLOSE ~HEAT ERROR 5 START CLOSE ~HEAT ~ERROR 6 START CLOSE HEAT ~ERROR 7 ~START CLOSE HEAT ~ERROR 4 Start oven Open door Close door Reset Start oven Open doorClose door Open door Done Cook Start cooking Warmup Kripke Structure of microwave oven Verify that this model have a below property If a microwave oven starts, then it will be eventually heat. AG(Start -> AF Heat) ≡ ┓ EF(Start ∧ EG ┓ Heat)) S(Start) = {2,5,6,7} S(EG ┓ Heat) = {1,2,3,5} S(Start ∧ EG ┓ Heat) = {2,5} S(EF(Start ∧ EG ┓ Heat)) = {1,2,3,4,5,6,7} Finally, S( ┓ EF(Start ∧ EG ┓ Heat)) = {0} // empty set So this model do not satisfy the given property

Solution Approach (Cont.) What is incremental model checking? – first, run baseline model checking algorithm once. – for any subsequent changes of model, reexamine only a minimal number of states affected by that changes. Incremental model checking can reduce the computing costs.

System Architecture of verification tool Report Generator IMC Module Model Analyzer SAMDL Verification tool CDL Verification report Figure. Architecture of verification tool

System Architecture of verification tool (Cont.) Input Situation Aware Application Model Description Language. (SAMDL) – A formal representation of SA application’s model. Constraints Description Language (CDL) – A specification of requirements that SA application must satisfy. – Example of Specification of requirements EX) A microwave oven must not be heat when a door is opened Output A report of verification result.

System Architecture of verification tool (Cont.) Verification tool consists of three components – Model Analyzer This module accepts a SAMDL(Situation-aware Application Model Description Language) file, then analyze it and produce a intermediate codes, which Is a input to Incremental Model Checker. – Incremental Model Checker Module This module accepts two inputs. One is a intermediate codes that is output of Model Analyzer, and another is CDL(Constraints Description Language) file. IMC verifies whether the SA application satisfies the requirement specification. – Report Generator This module accepts process results during analyzing phase and model checking phase, and generate a report that man can understand easily from the results.

Task Schedules Defines SAMDL, CDL due to 4/30 Implements verification tool due to 5/22