Presentation is loading. Please wait.

Presentation is loading. Please wait.

The University of Adelaide, School of Computer Science

Published byCamron Chapman Modified over 5 years ago

Similar presentations

Presentation on theme: "The University of Adelaide, School of Computer Science"— Presentation transcript:

1 The University of Adelaide, School of Computer Science
Computer Architecture A Quantitative Approach, Fifth Edition The University of Adelaide, School of Computer Science 22 February 2019 CDA 5416 Computer System Verification HW Review Instructor: Hao Zheng Department of Computer Science & Engineering University of South Florida Tampa, FL Phone: (813) Fax: (813) Chapter 2 — Instructions: Language of the Computer

2 HW 4

3 Problem 2

4 Problem 3

5 Problem 4

6 HW 3

7

8

9 HW 2

10 Draw program graphs for two processes with id = {0,1}.
Show an execution of the composed program graph. Build a Promela model for this algorithm with three processes.  Think about the type of channels that should be used. Format the relevant correctness requirement(s) using a separate process(es) and/or assertions in Promela.  Use the SPIN to check that the leader election model satisfies the correctness requirements.

11 C0 (c0) P1 P0 C1 (c1) 1 1 stop 2 /send(id0) /recv(c0) /send(c0)
/send(id0) /recv(c0) /send(c0) 1 1 /recv(m0) m0<id0 stop 2 m0=id0 m0>id0/send(m0)

12 C0 P1 P0 C1 1 1 1 1 1 1 1 1 /<send(id0), recv(c1)>
/<send(id0), recv(c1)> /<send(id1), recv(c0)> 1 1 1 1 /<send(id1), recv(c0)> /<send(id0), recv(c1)> 1 1 1 1

13 C0 P1 P0 C1 1 1 1 1 2 1 1 1 1 2 /<send(id1), recv(c0)>
/<send(c0), recv(m0)> /<send(c1), recv(m1)> 2 1 1 1 1 2

14 C0 P1 P0 C1 chan C1 = [1] of {byte}; chan C2 = [1] of {byte};

15 :: m0<id0 -> goto stop :: m0>id0 -> C1 ! m0 fi od stop: }
proctype P0() { byte m0; C1 ! id0; do :: C0 ? m0; if :: m0<id0 -> goto stop :: m0>id0 -> C1 ! m0 fi od stop: } /C1 ! id0 1 /C0 ? m0 m0<id0 stop 2 m0=id0 m0>id0/ C1 ! m0

16 HW 1

17 byte n = 0; active [2] proctype P() {     byte reg;     byte cnt = 0;     do      :: cnt == 10 -> break     :: else ->             reg = n;             reg++;             n = reg;             cnt++     od; } What are the largest and smallest values that n can be produced by the model upon termination?

18 byte n = 0; byte stop = 0; active [2] proctype P() {     byte reg;     byte cnt = 0;     do      :: cnt == 10 -> break     :: else ->             reg = n;             reg++;             n = reg;             cnt++     od; stop++; } /* passed  active proctype checker1() {         if          :: stop==2 -> assert (n <= 20);         fi } */ /* failed */ active proctype checker2()         :: stop==2 -> assert (n <= 19);

19 byte n = 0; byte stop = 0; active [2] proctype P() {     byte reg;     byte cnt = 0;     do      :: cnt == 10 -> break     :: else ->             reg = n;             reg++;             n = reg;             cnt++     od; stop++; } /* passed active proctype checker4() {         if          :: stop==2 -> assert (n >= 2);         fi } */ /* failed */         :: stop==2 -> assert (n >= 3);

20 byte n = 0; byte stop = 0; active [2] proctype P() { byte reg;
    byte cnt = 0;     do      :: cnt == 10 -> break     :: else ->             reg = n;             reg++;             n = reg;             cnt++     od; stop++; }   1: proc  1 (p:1) a1_3.pml:12 (state 3) [else]   2: proc  1 (p:1) a1_3.pml:13 (state 4) [reg = n]   3: proc  1 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)] n = 0; reg0=0, cnt0=0, reg1=1, cnt1=0   4: proc  0 (p:1) a1_3.pml:12 (state 3) [else]   5: proc  0 (p:1) a1_3.pml:13 (state 4) [reg = n]   6: proc  1 (p:1) a1_3.pml:15 (state 6) [n = reg]   7: proc  1 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)] n = 1; reg0=0, cnt0=0, reg1=1, cnt1=1   8: proc  1 (p:1) a1_3.pml:12 (state 3) [else]   9: proc  1 (p:1) a1_3.pml:13 (state 4) [reg = n]  10: proc  1 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)] 11: proc  1 (p:1) a1_3.pml:15 (state 6) [n = reg]  12: proc  1 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)] n = 2; reg0=0, cnt0=0, reg1=2, cnt1=2 spin -p -t model.pml /* replay error trace “model.pml.trail” */

21 byte n = 0; byte stop = 0; active [2] proctype P() { byte reg;
    byte cnt = 0;     do      :: cnt == 10 -> break     :: else ->             reg = n;             reg++;             n = reg;             cnt++     od; stop++; } n = 2; reg0=0, cnt0=0, reg1=2, cnt1=2  13: proc  1 (p:1) a1_3.pml:12 (state 3) [else]  14: proc  1 (p:1) a1_3.pml:13 (state 4) [reg = n]  15: proc  1 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]  16: proc  1 (p:1) a1_3.pml:15 (state 6) [n = reg]  17: proc  1 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]   n = 3; reg0=0, cnt0=0, reg1=3, cnt1=3 18: proc  1 (p:1) a1_3.pml:12 (state 3) [else]  19: proc  1 (p:1) a1_3.pml:13 (state 4) [reg = n]  20: proc  1 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]  21: proc  1 (p:1) a1_3.pml:15 (state 6) [n = reg]  22: proc  1 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]   n = 4; reg0=0, cnt0=0, reg1=4, cnt1=4

22 byte n = 0; byte stop = 0; active [2] proctype P() { byte reg;
    byte cnt = 0;     do      :: cnt == 10 -> break     :: else ->             reg = n;             reg++;             n = reg;             cnt++     od; stop++; }   n = 4; reg0=0, cnt0=0, reg1=4, cnt1=4  23: proc  1 (p:1) a1_3.pml:12 (state 3) [else]  24: proc  1 (p:1) a1_3.pml:13 (state 4) [reg = n]  25: proc  1 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]  26: proc  1 (p:1) a1_3.pml:15 (state 6) [n = reg]  27: proc  1 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]   n = 5; reg0=0, cnt0=0, reg1=5, cnt1=5  28: proc  1 (p:1) a1_3.pml:12 (state 3) [else]  29: proc  1 (p:1) a1_3.pml:13 (state 4) [reg = n]  30: proc  1 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]  31: proc  1 (p:1) a1_3.pml:15 (state 6) [n = reg]  32: proc  1 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]   n = 6; reg0=0, cnt0=0, reg1=6, cnt1=6

23 byte n = 0; byte stop = 0; active [2] proctype P() { byte reg;
    byte cnt = 0;     do      :: cnt == 10 -> break     :: else ->             reg = n;             reg++;             n = reg;             cnt++     od; stop++; }   n = 8; reg0=0, cnt0=0, reg1=8, cnt1=8 43: proc  1 (p:1) a1_3.pml:12 (state 3) [else]  44: proc  1 (p:1) a1_3.pml:13 (state 4) [reg = n]  45: proc  1 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]  46: proc  1 (p:1) a1_3.pml:15 (state 6) [n = reg]  47: proc  1 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]  48: proc  1 (p:1) a1_3.pml:12 (state 3) [else]   n = 9; reg0=0, cnt0=0, reg1=9, cnt1=9  49: proc  0 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]  50: proc  0 (p:1) a1_3.pml:15 (state 6) [n = reg]   n = 1; reg0=1, cnt0=0, reg1=9, cnt1=9  51: proc  1 (p:1) a1_3.pml:13 (state 4) [reg = n]  52: proc  1 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]   n = 1; reg0=1, cnt0=0, reg1=2, cnt1=9

24 byte n = 0; byte stop = 0; active [2] proctype P() { byte reg;
    byte cnt = 0;     do      :: cnt == 10 -> break     :: else ->             reg = n;             reg++;             n = reg;             cnt++     od; stop++; }   n = 1; reg0=1, cnt0=0, reg1=2, cnt1=9 53: proc  0 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]   n = 1; reg0=1, cnt0=1, reg1=2, cnt1=9  54: proc  0 (p:1) a1_3.pml:12 (state 3) [else]  55: proc  0 (p:1) a1_3.pml:13 (state 4) [reg = n]  56: proc  0 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]  57: proc  0 (p:1) a1_3.pml:15 (state 6) [n = reg]  58: proc  0 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]   n = 2; reg0=2, cnt2=2, reg1=2, cnt1=9  59: proc  0 (p:1) a1_3.pml:12 (state 3) [else]  60: proc  0 (p:1) a1_3.pml:13 (state 4) [reg = n]  61: proc  0 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]  62: proc  0 (p:1) a1_3.pml:15 (state 6) [n = reg]  63: proc  0 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]   n = 3; reg0=3, cnt0=3, reg1=2, cnt1=9

25 byte n = 0; byte stop = 0; active [2] proctype P() { byte reg;
    byte cnt = 0;     do      :: cnt == 10 -> break     :: else ->             reg = n;             reg++;             n = reg;             cnt++     od; stop++; }   n = 3; reg0=3, cnt0=3, reg1=2, cnt1=9 64: proc  0 (p:1) a1_3.pml:12 (state 3) [else]  65: proc  0 (p:1) a1_3.pml:13 (state 4) [reg = n]  66: proc  0 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]  67: proc  0 (p:1) a1_3.pml:15 (state 6) [n = reg]  68: proc  0 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]   n = 4; reg0=4, cnt0=4, reg1=2, cnt1=9  69: proc  0 (p:1) a1_3.pml:12 (state 3) [else]  70: proc  0 (p:1) a1_3.pml:13 (state 4) [reg = n]  71: proc  0 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]  72: proc  0 (p:1) a1_3.pml:15 (state 6) [n = reg]  73: proc  0 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]   n = 5; reg0=5, cnt0=5, reg1=2, cnt1=9

26 byte n = 0; byte stop = 0; active [2] proctype P() { byte reg;
    byte cnt = 0;     do      :: cnt == 10 -> break     :: else ->             reg = n;             reg++;             n = reg;             cnt++     od; stop++; }   n = 5; reg0=5, cnt0=5, reg1=2, cnt1=9  74: proc  0 (p:1) a1_3.pml:12 (state 3) [else]  75: proc  0 (p:1) a1_3.pml:13 (state 4) [reg = n]  76: proc  0 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]  77: proc  0 (p:1) a1_3.pml:15 (state 6) [n = reg]  78: proc  0 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]   n = 6; reg0=6, cnt0=6, reg1=2, cnt1=9  79: proc  0 (p:1) a1_3.pml:12 (state 3) [else]  80: proc  0 (p:1) a1_3.pml:13 (state 4) [reg = n]  81: proc  0 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]  82: proc  0 (p:1) a1_3.pml:15 (state 6) [n = reg]  83: proc  0 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]   n = 7; reg0=7, cnt0=7, reg1=2, cnt1=9

27 byte n = 0; byte stop = 0; active [2] proctype P() { byte reg;
    byte cnt = 0;     do      :: cnt == 10 -> break     :: else ->             reg = n;             reg++;             n = reg;             cnt++     od; stop++; }   n = 7; reg0=7, cnt0=7, reg1=2, cnt1=9  84: proc  0 (p:1) a1_3.pml:12 (state 3) [else]  85: proc  0 (p:1) a1_3.pml:13 (state 4) [reg = n]  86: proc  0 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]  87: proc  0 (p:1) a1_3.pml:15 (state 6) [n = reg]  88: proc  0 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]    n = 8; reg0=8, cnt0=8, reg1=2, cnt1=9 89: proc  0 (p:1) a1_3.pml:12 (state 3) [else]  90: proc  0 (p:1) a1_3.pml:13 (state 4) [reg = n]  91: proc  0 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]  92: proc  0 (p:1) a1_3.pml:15 (state 6) [n = reg]  93: proc  0 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]   n = 9; reg0=9, cnt0=9, reg1=2, cnt1=9

28 byte n = 0; byte stop = 0; active [2] proctype P() { byte reg;
    byte cnt = 0;     do      :: cnt == 10 -> break     :: else ->             reg = n;             reg++;             n = reg;             cnt++     od; stop++; }   n = 9; reg0=9, cnt0=9, reg1=2, cnt1=9  94: proc  0 (p:1) a1_3.pml:12 (state 3) [else]  95: proc  0 (p:1) a1_3.pml:13 (state 4) [reg = n]  96: proc  0 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]  97: proc  0 (p:1) a1_3.pml:15 (state 6) [n = reg]    n = 10; reg0=10, cnt0=9, reg1=2, cnt1=9 98: proc  1 (p:1) a1_3.pml:15 (state 6) [n = reg]  99: proc  1 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)] 100: proc  1 (p:1) a1_3.pml:11 (state 1) [((cnt==10))] 101: proc  1 (p:1) a1_3.pml:18 (state 11) [stop = (stop+1)] n = 2; reg0=9, cnt0=9, reg1=2, cnt1=10; stop=1

29 byte n = 0; byte stop = 0; active [2] proctype P() { byte reg;
    byte cnt = 0;     do      :: cnt == 10 -> break     :: else ->             reg = n;             reg++;             n = reg;             cnt++     od; stop++; } n = 2; reg0=9, cnt0=9, reg1=2, cnt1=10; stop=1 102: proc  0 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)] 103: proc  0 (p:1) a1_3.pml:11 (state 1) [((cnt==10))] 104: proc  0 (p:1) a1_3.pml:18 (state 11) [stop = (stop+1)] n = 2; reg0=9, cnt0=10, reg1=2, cnt1=10; stop=2 105: proc  2 (checker4:1) a1_3.pml:71 (state 1) [((stop==2))] 106: proc  2 (checker4:1) a1_3.pml:71 (state 2) [assert((n>=3))]

Download ppt "The University of Adelaide, School of Computer Science"

Similar presentations

1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.

1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.
© 2011 Carnegie Mellon University SPIN: Part 2 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.

© 2011 Carnegie Mellon University SPIN: Part /614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.
Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.

Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.
/ PSWLAB P ROMELA Semantics from “THE SPIN MODEL CHECKER” by G. J. Holzmann Presented by Hong,Shin 5 th Oct 2007 08:021PROMELA Semantics.

/ PSWLAB P ROMELA Semantics from “THE SPIN MODEL CHECKER” by G. J. Holzmann Presented by Hong,Shin 5 th Oct :021PROMELA Semantics.
Wishnu Prasetya Model Checking with SPIN Modeling and Verification with SPIN.

Wishnu Prasetya Model Checking with SPIN Modeling and Verification with SPIN.
CIS 725 Guarded Command Notation. Programming language style notation Guarded actions en(a)  a en(a): guard of the action boolean condition or boolean.

CIS 725 Guarded Command Notation. Programming language style notation Guarded actions en(a)  a en(a): guard of the action boolean condition or boolean.
The Spin Model Checker Promela Introduction 50374 Nguyen Tuan Duc 50378 Shogo Sawai.

The Spin Model Checker Promela Introduction Nguyen Tuan Duc Shogo Sawai.
1 Choose a Leader Example: find extrema in unidirectional ring There are N processes configured into a unidirectional ring; i.e. For 1

1 Choose a Leader Example: find extrema in unidirectional ring There are N processes configured into a unidirectional ring; i.e. For 1
1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.

1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.
Shin Hong, KAIST17 th April,2007 1/33 Provable Software Laboratory, CS KAIST.

Shin Hong, KAIST17 th April,2007 1/33 Provable Software Laboratory, CS KAIST.
Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.

Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.
© 2011 Carnegie Mellon University SPIN: Part 2 15-414 Bug Catching: Automated Program Verification and Testing Sagar Chaki November 2, 2011.

© 2011 Carnegie Mellon University SPIN: Part Bug Catching: Automated Program Verification and Testing Sagar Chaki November 2, 2011.
© 2011 Carnegie Mellon University SPIN: Part 1 15-414 Bug Catching: Automated Program Verification and Testing Sagar Chaki October 31, 2011.

© 2011 Carnegie Mellon University SPIN: Part Bug Catching: Automated Program Verification and Testing Sagar Chaki October 31, 2011.
Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti Part 4: Specifications.

Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti Part 4: Specifications.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.

1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.

Similar presentations

Ads by Google