Institute e-Austria in Timisoara 1 Author: prep. eng. Calin Jebelean Verification of Communication Protocols using SDL ( )
Institute e-Austria in Timisoara 2 Introduction Software verification – an issue of undisputable importance Manual solutions, though widely used, don’t scale up to industrial-size projects Current approaches to software verification involve: simulation testing formal verification
Institute e-Austria in Timisoara 3 Formal Verification – Model Checking Main idea: “Build a model of a system and perform exhaustive analysis on the model” Strong points: all system behaviors are covered highly automatable Weak points: state-explosion problem
Institute e-Austria in Timisoara 4 What Is SDL? Acronym for “Specification and Description Language” Formal language defined by the ITU-T as recommendation Z.100 Meant for specification of complex, event-driven, real- time systems involving concurrent activities that communicate through signals Extremely appropriate for describing communication protocols
Institute e-Austria in Timisoara 5 A Short Insight An SDL system consists of: structural level: system, block, process and procedure hierarchy communication level: signals with optional signal parameters and channels behavioral level: processes data level: abstract data types Commercial tools exist (ObjectGEODE), dedicated to: analysis design simulation testing code generation
Institute e-Austria in Timisoara 6 The Need For IF SDL itself – not suitable for model-checking: model-checking algorithms are difficult to integrate within commercial tools by third-parties SDL hierarchical structure – an impediment for analysis IF – an “Intermediate Format” for SDL IF – a plain, automaton-based representation of the SDL system IF representation – suitable for exhaustive state-space exploration
Institute e-Austria in Timisoara 7 Advantages Of IF Translation from SDL to IF reduces the model size (5 to 6 times, on average), mostly by eliminating certain transient states Analysis algorithms can run directly on the IF translation of the SDL specification Possibility to interconnect SDL with existing verification tools: SMV, Spin, etc., once translators from IF to the input language of these tools are available
Institute e-Austria in Timisoara 8 Results Using IF Several analysis techniques already implemented on IF, among which: “live variables” analysis a variable is live in a control state if there is a path from this state along which its value can be used before it is redefined “irrelevant variables” analysis a variable is irrelevant with respect to a property of interest if it has no effect on the respective property “compositional generation” technique based on the “divide-and-conquer” paradigm Model reductions of up to times have been reported Model-checking can be applied on the reduced model
Institute e-Austria in Timisoara 9 Generation methodNumber of states Number of transitions 1ObjectGEODE IF IF + live reduction IF + compositional generation Practical Results
Institute e-Austria in Timisoara 10 What We Want To Do Extract interfaces abstracting module-behavior in order to use them in the compositional verification of other modules, for which they constitute the environment Express properties of interest using a formalism such as temporal logic: CTL, LTL Check the model against such properties of interest Extend the capabilities of IF for dealing with external code written in other languages, such as C
Institute e-Austria in Timisoara 11 Some Examples Global properties: Absence of deadlock The initiator of the communication will either get connected or get an error within finite time Local properties: Any message received in some state must belong to a certain set of acceptable messages for that state A process must set a timer every time it begins waiting for some signal, to prevent blockage A process must deallocate all resources it is supposed to deallocate, if an “abandon” message is received
Institute e-Austria in Timisoara 12 Conclusions The IF formalism has certain advantages over other approaches to verification of SDL code Since SDL is widely used, there are clear possibilities for the application of formal methods and verification techniques on projects of industrial size and interest With SDL being a specification language, one could test an implementation against the specification, or the specification itself could be checked to reveal misconceptions
Institute e-Austria in Timisoara 13 Bibliography E. Clarke, J. Wing – “Formal Methods: State of the Art and Future Directions”, ACM Computing Surveys, 1996 E. Clarke, O. Grumberg, D. Long: “Verification Tools for Finite-State Concurrent Systems”, Lecture Notes in Computer Science, Springer Verlag, 1993 M. Bozga, J. Fernandez, L. Ghirvu, S. Graf, J. Krimm, L. Mounier: “IF: An Intermediate Representation and Validation Environment for Timed Asynchronous Systems”, Proceedings of FM’99, Toulouse, France, 1999 M. Bozga, J. Fernandez, L. Ghirvu, S. Graf, J. Krimm, L. Mounier, J. Sifakis: “IF: An Intermediate Representation for SDL and its Applications”, Proceedings of SDL-Forum’99, Montreal, Canada, 1999
Institute e-Austria in Timisoara 14 Thank You! Thank you for your attention!