Mapping Specification Notations to Analysis Tools

Slides:

Advertisements

Similar presentations

Embedded System, A Brief Introduction

Advertisements

Construction process lasts until coding and testing is completed consists of design and implementation reasons for this phase –analysis model is not sufficiently.

Architecture Representation

Formal Modelling of Reactive Agents as an aggregation of Simple Behaviours P.Kefalas Dept. of Computer Science 13 Tsimiski Str Thessaloniki Greece.

CS 290C: Formal Models for Web Software Lecture 4: Implementing and Verifying Statecharts Specifications Using the Spin Model Checker Instructor: Tevfik.

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

Background information Formal verification methods based on theorem proving techniques and modelchecking –to prove the absence of errors (in the formal.

Run Time Monitoring of Reactive System Models Mikhail Auguston Naval Postgraduate School Mark Trakhtenbrot Holon Academic Institute of.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Specification and Encoding of Transaction Interaction Properties Divjyot Sethi Yogesh Mahajan Sharad Malik Princeton University Hardware Verification Workshop.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

CS189A/172 - Winter 2008 Lecture 7: Software Specification, Architecture Specification.

Software Engineering, COMP201 Slide 1 Protocol Engineering Protocol Specification using CFSM model Lecture 30.

Models of Computation for Embedded System Design Alvise Bonivento.

Specification Formalisms Book: Chapter 5. Properties of formalisms Formal. Unique interpretation. Intuitive. Simple to understand (visual). Succinct.

Modeling State-Dependent Objects Using Colored Petri Nets

CS 290C: Formal Models for Web Software Lecture 6: Model Driven Development for Web Software with WebML Instructor: Tevfik Bultan.

1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.

Principle of Functional Verification Chapter 1~3 Presenter : Fu-Ching Yang.

Lecture 6 Template Semantics CS6133 Fall 2011 Software Specification and Verification.

02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.

Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

PROGRAMMING LANGUAGES The Study of Programming Languages.

Ch.2 Part A: Requirements, State Charts EECE **** Embedded System Design.

Lecture 4 Finite State Machine CS6133 Software Specification and Verification.

Introduction to Software Testing Chapter 9.4 Model-Based Grammars Paul Ammann & Jeff Offutt

Requirements Expression and Modelling

1 SFWR ENG 3KO4 Software Development Statemate I-CASE Tool for Designing Software Systems from Different Views Statemate I-CASE Tool for Designing Software.

Compositional IS Development Framework Application Domain Application Domain Pre-existing components, legacy systems Extended for CD (ontologies) OAD Methods.

Using Mathematica for modeling, simulation and property checking of hardware systems Ghiath AL SAMMANE VDS group : Verification & Modeling of Digital systems.

The Architecture of Secure Systems Jim Alves-Foss Laboratory for Applied Logic Department of Computer Science University of Idaho By, Nagaashwini Katta.

A Z Approach in Validating ORA-SS Data Models Scott Uk-Jin Lee Jing Sun Gillian Dobbie Yuan Fang Li.

Introduction to Formal Methods Based on Jeannette M. Wing. A Specifier's Introduction to Formal Methods. IEEE Computer, 23(9):8-24, September,

Overview of Formal Methods. Topics Introduction and terminology FM and Software Engineering Applications of FM Propositional and Predicate Logic Program.

Institute e-Austria in Timisoara 1 Author: prep. eng. Calin Jebelean Verification of Communication Protocols using SDL ( )

Software Engineering Research paper presentation Ali Ahmad Formal Approaches to Software Testing Hierarchal GUI Test Case Generation Using Automated Planning.

- 1 - Embedded Systems - SDL Some general properties of languages 1. Synchronous vs. asynchronous languages Description of several processes in many languages.

CS6133 Software Specification and Verification

Timed Use Case Maps Jameleddine Hassine Concordia University, Montreal, Canada URN Meeting, Ottawa, January 16-18, 2008.

Microsoft Research, Foundations of Software EngineeringW. Grieskamp et. al: Behavioral Compositions in Symbolic Domains Behavioral Composition in Symbolic.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Ch. 2. Specification and Modeling 2.1 Requirements Describe requirements and approaches for specifying and modeling embedded systems. Specification for.

Formal Verification Lecture 9. Formal Verification Formal verification relies on Descriptions of the properties or requirements Descriptions of systems.

An Ontological Framework for Web Service Processes By Claus Pahl and Ronan Barrett.

Secure Systems Research Group - FAU Model Checking Techniques for Security Systems 5/14/2009 Maha B Abbey PhD Candidate.

Submodule construction in logics 1 Gregor v. Bochmann, University of Ottawa Using First-Order Logic to Reason about Submodule Construction Gregor v. Bochmann.

Fall 2004EE 3563 Digital Systems Design EE 3563 VHSIC Hardware Description Language  Required Reading: –These Slides –VHDL Tutorial  Very High Speed.

Programming Languages and Design Lecture 3 Semantic Specifications of Programming Languages Instructor: Li Ma Department of Computer Science Texas Southern.

1 Checking Interaction Consistency in MARMOT Component Refinements Yunja Choi School of Electrical Engineering and Computer Science Kyungpook National.

1 CSEP590 – Model Checking and Automated Verification Lecture outline for August 6, 2003.

Formal Methods.

Xiaosong Lu Togashi Laboratory Department of Computer Science Shizuoka University Ａｐｒｉｌ 1999 Specification and Verification of Hierarchical Reactive Systems.

CS3773 Software Engineering Lecture 06 UML State Machines.

Course: COMS-E6125 Professor: Gail E. Kaiser Student: Shanghao Li (sl2967)

Formal Verification. Background Information Formal verification methods based on theorem proving techniques and modelchecking –To prove the absence of.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Requirement Analysis SOFTWARE ENGINEERING. What are Requirements? Expression of desired behavior Deals with objects or entities, the states they can be.

CS223: Software Engineering

Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.

From Natural Language to LTL: Difficulties Capturing Natural Language Specification in Formal Languages for Automatic Analysis Elsa L Gunter NJIT.

Symbolic Model Checking of Software Nishant Sinha with Edmund Clarke, Flavio Lerda, Michael Theobald Carnegie Mellon University.

Understanding and Comparing Model-Based Specification Notations Jianwei Niu, Joanne Atlee, and Nancy Day University of Waterloo.

Requirements Specification

An Overview of Requirements Engineering Tools and Methodologies*

Formal methods: Lecture

CIS 842: Specification and Verification of Reactive Systems

Software Design Methodology

Model Checking for an Executable Subset of UML

Abstract Types Defined as Classes of Variables

Presentation transcript:

Mapping Specification Notations to Analysis Tools METRO Jianwei Niu jniu@uwaterloo.ca University of Waterloo

North Carolina State University Formal Methods Software engineering is about developing quality software in a predictable way Errors in critical software can cause loss of life Confidence in software can be obtained by using formal methods Formal methods are rigorous means for specification and verification Formal notations and powerful tools (e.g., model checkers) have been increasingly applied in modeling and reasoning about computer-based systems March 26, 2004 North Carolina State University

North Carolina State University Model Checker Model Checker X Spec in input language for X True or False with counter examples Properties March 26, 2004 North Carolina State University

Specification Notation Specification notations describe systems’ behavior Process algebras (e.g., CCS, LOTOS) State-based notations (e.g., statecharts) These notations are suitable and flexible modeling large reactive systems They are intuitive for software practitioners Their composition mechanisms provide facilities to represent concurrency and communication Formal requirements models can be automatically analyzed and requirement errors are easier and cheaper to fix at the requirement stage March 26, 2004 North Carolina State University

Current Approaches for Analyzing Specifications Construct a specific tool to analyze a specification written in a certain notation [Cleaveland & Parrow & Steffen, Harel & Naamad] Model Checker for Notation M Spec in Formal Notation M March 26, 2004 North Carolina State University

Current Approaches for Analyzing Specifications Write a translator from the notation to an existing analyzer [Atlee & Gannon, Avrunin & Corbett & Dillion, Chan et al.] Spec in Formal Notation M Translator from M to X Existing Model Checker (Notation X) March 26, 2004 North Carolina State University

Current Approaches for Analyzing Specifications The number of translators can be reduced for verifying specifications in different notations using different tools Problem for these approaches: semantics of notations is evolving over time Solution: generating analyzers directly from notations’ semantics [Day&Joyce, Dillion & Stirewalt, Pezze & Young] Current Approaches for Analyzing Specifications Develop an intermediate notation and translate to the input languages for different tools [Bensalem et al., Bozga et al., Bultan] Specification in Formal Notation M Existing Model Checker (Notation X) Intermediate Notation Specification in Formal Notation N Existing Model Checker (Notation Y) Specification in Formal Notation S March 26, 2004 North Carolina State University

Current Approaches for Analyzing Specifications Spec in Formal Notation M Semantics for Notation M Existing Model Checker (Notation X) Model Compiler Transition relation (e.g., Kripke structure) [Day & Joyce, Dillion & Stirewalt, Pezze & Young] March 26, 2004 North Carolina State University

A New Approach for Mapping Specification Notations to Analysis Tools Template semantics Specifics of M given by parameters Spec in Formal Notation M Existing Model Checker (Notation X) Common Semantics Model Compiler Transition relation (e.g., Kripke structure) March 26, 2004 North Carolina State University

North Carolina State University Outline of Talk Template Semantics Computation model Step semantics Template parameters Composition operators Template semantics for different notations Generating analysis tools from template semantics Model compiler Parameterized translator Conclusions and future work March 26, 2004 North Carolina State University

North Carolina State University Computation Model A hierarchical transition system (HTS) is a hierarchical, extended state machine without concurrency March 26, 2004 North Carolina State University

Computation Model --- Syntax An HTS contains States and a state hierarchy Internal and external events Variables Transitions March 26, 2004 North Carolina State University

Semantics of HTS --- Snapshot Snapshot: observable point in execution current states current internal events current variable values current generated events Basic Elements Auxiliary Elements used to determine which transitions are enabled auxiliary states auxiliary internal events auxiliary variable values auxiliary external events March 26, 2004 North Carolina State University

North Carolina State University Semantics of HTS Behavior of an HTS is described by the possible execution steps it can take Which transition is enabled enabling states enabling events enabling variable values How the HTS is affected by executing a transition Step relates the current snapshot and the next snapshot of an HTS March 26, 2004 North Carolina State University

North Carolina State University Step Semantics Micro-Step: one transition execution Macro-Step: a sequence of micro steps until the system is stable Input macro-step micro-step SS0 SS1 SS2 stable March 26, 2004 North Carolina State University

North Carolina State University Step Semantics Three types of macro-steps Simple diligent take a micro-step if a transition is enabled Simple non-diligent take a micro-step or stay idle Stable: e.g., statecharts a maximal sequence of micro-steps until no enabled transitions for the set of inputs March 26, 2004 North Carolina State University

North Carolina State University Template Semantics Common semantics reset enabled transitions apply Template parameters reset state info reset event info reset variable info enabling states enabling events enabling variable values change state generate events change variable values March 26, 2004 North Carolina State University

Template Parameters how reset at how changed when a beginning of macro-step how changed when a transition is taken RESET NEXT current state current int_ev current var_val current output history state history int_ev history var_val history ext_ev en_states en_trig en_cond how used to enable a transition March 26, 2004 North Carolina State University

Template Parameters Enabling Events how reset at how changed when a beginning of macro-step how changed when a transition is taken RESET NEXT CS IE AV O CSa IEa AVa Ia en_states en_trig en_cond Enabling Events how used to enable a transition March 26, 2004 North Carolina State University

North Carolina State University Enabling Events Enabling internal events 1. Events generated since the beginning of the macro-step 2. Events generated in the previous micro-step Enabling external events 1. Events from the input are persistent through macro-step 2. Events from the input are enabling only in the first micro-step March 26, 2004 North Carolina State University

North Carolina State University Enabling Events Enabling internal events 1. Events generated since the beginning of the macro-step Enabling external events 1. Events from the input are persistent through macro-step Input 1: e /a SS0 SS1 IE = Ia = {e} trig() = e March 26, 2004 North Carolina State University

North Carolina State University Enabling Events Enabling internal events 1. Events generated since the beginning of the macro-step Enabling external events 1. Events from the input are persistent through macro-step Input 1: e /a 2: a SS0 SS0 SS1 SS2 IE = Ia = {e} trig() = e IE = {a} Ia = {e} trig() = a March 26, 2004 North Carolina State University

North Carolina State University Enabling Events Enabling internal events 1. Events generated since the beginning of the macro-step Enabling external events 1. Events from the input are persistent through macro-step Input 1: e /a 2: a 3: e SS0 SS0 SS1 SS2 SS3 IE = Ia = {e} trig() = e IE = {a} Ia = {e} trig() = a IE = {a} Ia = {e} trig() = e March 26, 2004 North Carolina State University

North Carolina State University Enabling Events Enabling internal events 1. Events generated since the beginning of the macro-step Enabling external events 1. Events from the input are persistent through macro-step Input 1: e /a 2: a 3: e SS0 SS0 SS1 SS2 SS3 IE = Ia = {e} trig() = e IE = {a} Ia = {e} trig() = a IE = {a} Ia = {e} trig() = e IE = {a} Ia = {e} trig()  IE  Ia March 26, 2004 North Carolina State University

North Carolina State University Enabling Events Enabling internal events 2. Events generated in the previous micro-step Enabling external events 2. Events from the input are enabling only in the first micro-step Input 1: e /a SS0 SS1 IE =  Ia = {e} trig() = e March 26, 2004 North Carolina State University

North Carolina State University Enabling Events Enabling internal events 2. Events generated in the previous micro-step Enabling external events 2. Events from the input are enabling only in the first micro-step Input 1: e /a 2: a SS0 SS1 SS2 IE =  Ia = {e} trig() = e IE = {a} Ia =  trig() = a March 26, 2004 North Carolina State University

North Carolina State University Enabling Events Enabling internal events 2. Events generated in the previous micro-step Enabling external events 2. Events from the input are enabling only in the first micro-step Input 1: e /a 2: a SS0 SS1 SS2 IE =  Ia = {e} trig() = {e} IE = {a} Ia =  trig() = {a} IE =  Ia =  trig()  IE  Ia March 26, 2004 North Carolina State University

Template Parameters Enabling Events Enabling States how reset at beginning of macro-step how changed when a transition is taken RESET NEXT CS IE AV O CSa IEa AVa Ia en_states en_trig en_cond Enabling Events Enabling States how used to enable a transition March 26, 2004 North Carolina State University

North Carolina State University Outline of Talk Template Semantics Computation model Step semantics Template parameters Composition operators Template semantics for different notations Generating analysis tools from template semantics Model compiler Parameterized translator Conclusions and future work March 26, 2004 North Carolina State University

North Carolina State University Composition Operator CP1 CP2 CP3 CP4 HTS3 HTS4 HTS5 HTS1 HTS2 March 26, 2004 North Carolina State University

North Carolina State University Composition Operator Parallel Interleaving Synchronization Environmental synchronization Rendezvous synchronization Interrupt Sequence Choice March 26, 2004 North Carolina State University

North Carolina State University Composition Operator Parallel Interleaving Synchronization Environmental synchronization Rendezvous synchronization Interrupt Sequence Choice March 26, 2004 North Carolina State University

Parallel Composition Components execute in parallel March 26, 2004 North Carolina State University

Parallel Composition Each component takes a transition if both are enabled simultaneously March 26, 2004 North Carolina State University

Parallel Composition Enabled component executes in isolation March 26, 2004 North Carolina State University

Environmental Synchronization x x Components synchronize on an external synchronization event March 26, 2004 North Carolina State University

Environmental Synchronization x  syncEv x x Each component takes a transition if enabled by an external synchronization event March 26, 2004 North Carolina State University

Environmental Synchronization y  syncEv x x Components interleave March 26, 2004 North Carolina State University

Interrupt Transfer control from one component to the other. March 26, 2004 North Carolina State University

Interrupt Interrupt transition has priority and executes March 26, 2004 North Carolina State University

Interrupt The left component has priority and steps March 26, 2004 North Carolina State University

Composition Operators Compose multiple HTSs into a system, and represent Concurrency Communication Synchronization Constrain Which component to execute When to transfer control to each other How to exchange events and data Rely on parameters March 26, 2004 North Carolina State University

Interrupt --- Formal Definition March 26, 2004 North Carolina State University

North Carolina State University Validation Instantiate the template semantics Define parameters Choose composition operators Using our template semantics to describe the semantics for CCS, CSP, LOTOS, statecharts variants, and SDL Niu & Atlee & Day, FSE, 2002 Niu & Atlee & Day, TSE, 2003 March 26, 2004 North Carolina State University

North Carolina State University Validation Template semantics is expressive and succinct to represent different notations SCR, Petri Nets Template semantics eases users’ effort in comparing and understanding specification notations, such as variants of statecharts Harel’s, Pnueli & Shalev’s, RSML, STATEMATE Niu & Atlee & Day, RE, 2003 March 26, 2004 North Carolina State University

North Carolina State University Outline of Talk Template Semantics Computation model Step semantics Template parameters Composition operators Template semantics for different notations Generating analysis tools from template semantics Model compiler Parameterized translator Conclusions and future work March 26, 2004 North Carolina State University

North Carolina State University * METRO Map specification notations to analysis tools using template semantics Use template-based semantics to generate a transition-relation, which then can be used as an input to formal analysis tools * Metro is an environmentally friendly system for rapid transit between disparate places. By analogy, the template semantics approach aims to ease the transit between verification environments. March 26, 2004 North Carolina State University

METRO METRO Specifics of M given by parameters Spec in Formal Notation Existing Model Checker (Notation X) Common Semantics Model Compiler transition relation (e.g.,Kripke structure) March 26, 2004 North Carolina State University

North Carolina State University METRO Existing Model Checker X METRO Spec in Formal Notation M Specifics of M given by parameters Express . Common Semantics Existing Model Checker Y Lu & Atlee & Day & Niu., submitted for publication, 2004 March 26, 2004 North Carolina State University

North Carolina State University March 26, 2004 North Carolina State University

North Carolina State University March 26, 2004 North Carolina State University

North Carolina State University March 26, 2004 North Carolina State University

North Carolina State University March 26, 2004 North Carolina State University

North Carolina State University March 26, 2004 North Carolina State University

North Carolina State University Validation Use two case studies A single lane bridge A heating system Demonstrate model compiler: generating an analyzer from the template semantics description for a given notation Compare Express with model compiler METRO METRO March 26, 2004 North Carolina State University

Comparison Fusion MagicDraw XML S+ SMV comm template semantics Semantic parameters, Composition operators (expressed in logic) comm template semantics symbolic function eval transition relation model checker type checker BDD MagicDraw (with plugin) XML S+ XML S+ SMV optimized translation Semantic parameters, (selected from menus of values) transcription March 26, 2004 North Carolina State University

North Carolina State University Future Work Problem: integrate specifications in Multiple Notations Software practitioners tend to write specifications of different aspects of the system using different notations A framework to parameterize the composition operators while composing Different step semantics Different event languages Different data languages March 26, 2004 North Carolina State University

North Carolina State University Conclusions Template semantics is a new approach to structuring semantics of specification notations Capture common semantics and parameterize notation- specific behavior Define a notation’s execution semantics and composition operators as separate concerns Template semantics is effective and expressive for representing the semantics of many specification notations March 26, 2004 North Carolina State University

North Carolina State University Conclusions Key benefit a template semantics description of a notation can be used as an input to a tool for generating formal analysis tools Secondary benefit template semantics eases the specifiers’ effort in understanding and comparison of different notations March 26, 2004 North Carolina State University

North Carolina State University References Jianwei Niu, Joanne M. Atlee, and Nancy A. Day. "Composable Semantics for Model-Based Notations", Proc. of the 10th ACM SIGSOFT Int. Symp. on the Foundations of Soft. Eng. (FSE), pages 149-158, 2002 Jianwei Niu, Joanne M. Atlee, and Nancy A. Day. "Comparing and Understanding Model-Based Specification Notations", Proc. of the 11th IEEE Int. Requirements Eng. Conf. (RE), pages 188-199, 2003 Jianwei Niu, Joanne M. Atlee, and Nancy A. Day. "Template Semantics for Model-Based Notations", IEEE Transactions on Soft. Eng., vol. 29, no.10, pages 866-882, 2003 Yun Lu, Joanne M. Atlee, Nancy A. Day, and Jianwei Niu. “Model Checking Template-Semantics Specifications”, submitted for publication, 2004 March 26, 2004 North Carolina State University