Presentation is loading. Please wait.

Presentation is loading. Please wait.

VIP: A Visual Editor and Compiler for v-Promela Stefan Leue Albert-Ludwigs-University Freiburg

Published byAmaya Bolas Modified over 9 years ago

Similar presentations

Presentation on theme: "VIP: A Visual Editor and Compiler for v-Promela Stefan Leue Albert-Ludwigs-University Freiburg"— Presentation transcript:

1 VIP: A Visual Editor and Compiler for v-Promela Stefan Leue Albert-Ludwigs-University Freiburg leue@uni-freiburg.de http://www.informatik.uni-freiburg.de/~leue March 31, 2000

2 Stefan Leue- 2 - Joint work with Moataz Kamel

3 Stefan Leue- 3 - Outline  Introduction  Modeling with VIP  structure  behaviour  Compilation of Promela code  structure  behaviour  Property Validation using SPIN  POTS  CORBA GIOP  Conclusions

4 Stefan Leue- 4 - Visual Interface for Promela (VIP)  Based on v-Promela  visual notation for describing structure and behaviour of concurrent, object-based systems  syntax based on UML-RT (ROOM in UML’s clothes)  incorporates Promela features  supports hierarchical modeling of structure and behaviour  can be compiled into Promela code  transparent use of SPIN

5 Stefan Leue- 5 - Visual Interface for Promela (VIP)  VIP  GUI-based tool for editing and maintaining v-Promela models  v-Promela to Promela compiler

6 Stefan Leue- 6 - Modeling Steps Supported by VIP  Structure  concurrent objects: capsules  message passing interfaces: ports  data classes  data objects  signal lists: protocols  Behaviour  states  transitions  transition code

7 Stefan Leue- 7 - Running Example: POTS  Simple Plain Old Telephony Call Processing  two user objects  each one controlled by a phone handler object  phone handlers communicate to set up and tear down calls

8 Stefan Leue- 8 - Structure Definition in VIP

9 Stefan Leue- 9 - Protocols

10 Stefan Leue- 10 - Data Classes

11 Stefan Leue- 11 - Data Classes

12 Stefan Leue- 12 - Message Types

13 Stefan Leue- 13 - Data Objects

14 Stefan Leue- 14 - Ports

15 Stefan Leue- 15 - Internal Capsule Structure

16 Stefan Leue- 16 - Connectors

17 Stefan Leue- 17 - State Machines

18 Stefan Leue- 18 - Substate Refinement

19 Stefan Leue- 19 - State Entry/Exit Code

20 Stefan Leue- 20 - Transition Code

21 Stefan Leue- 21 - Transition Code

22 Stefan Leue- 22 - Transition Code

23 Stefan Leue- 23 - Transition Code

24 Stefan Leue- 24 - Buffers and Synchronizers  Buffers  queue variables  buffer access points  producer-consumer system  Synchronizers  enable Promela-style synchronous communication amongst arbitrary sets of capsule instances  example: semaphores

25 Stefan Leue- 25 - Semaphore

26 Stefan Leue- 26 - Buffers and Synchronizers in GIOP

27 Stefan Leue- 27 - Structure Implementation  Capsules as proctypes  Ports as proctype parameters proctype User(chan fromSwitch, toSwitch ) {...} proctype PhoneHandler(chan fromUser, toUser, toOtherHandler, fromOtherHandler ) {...} proctype POTS( ) {chan toUser1435267635 = [1] of { SwitchToUser }; chan fromUser590843343 = [1] of { UserToSwitch };... run User( toUser1435267635, fromUser590843343 ); run User( toUser986680783, fromUser849317327 ); run PhoneHandler( fromUser590843343, toUser1435267635, leftToRight1222086095, rightToLeft1089179087 ); run PhoneHandler( fromUser849317327, toUser986680783, rightToLeft1089179087, leftToRight1222086095 );} init{atomic {run POTS();}}

28 Stefan Leue- 28 - Behaviour - Implementation  States: Promela labels  Transitions: Promela code + goto s  Entry and exit code inlined  Transition code atomic  General state code format: state-name: entry-code; atomic { if :: transition-code_i; exit-code; goto state-name fi }

29 Stefan Leue- 29 - Transition Code if /* correct_connectreq_audiblering */ :: received_ph_num.phone_number == 1 -> /* exit digit_received */ /* action correct_connectreq_audiblering */ toOtherHandler!connectreq; toUser!audiblering; /* exit await_digit */ /* action connectreq */ /* entry originator */ /* action untitled */ /* entry party_ringing */ goto party_ringing1956295048 if idle1723158139: :: fromUser?[offhook] && true -> fromUser?UserToSwitch_msg; /* exit idle */ /* action offhook_ */ /* entry await_digit */ toUser!dialtone; /* entry wait */ goto wait2091208315... fi

30 Stefan Leue- 30 - Group Transitions ringing62399654: {if :: fromUser?[offhook]... fi } unless { if :: fromUser?[onhook]... :: fromOtherHandler?[disconnect]... fi} ringing62399654: {if :: fromUser?[onhook]... :: fromOtherHandler?[disconnect]... fi } unless { if :: fromUser?[offhook]... fi} ringing2063158907: if :: fromUser?[offhook]... :: fromUser?[onhook]... :: fromOtherHandler?[disconnect]... fi

31 Stefan Leue- 31 - Property Validation - POTS  Is the model capable of establishing a phone call between parties? ! <> (s && r && p && q) #define p (PhoneHandler[4]@conversation_orig1702392370) #define q (PhoneHandler[5]@conversation_term163607093) #define r (User[2]@conversation1450209847) #define s (User[3]@conversation1450209847) Counterexample found: trail of 872 steps state-vector 188 bytes 1 million states, 1.5 million transition 43 Mbytes of memory

32 Stefan Leue- 32 - Property Validation - CORBA GIOP  Comparison with previous, hand-coded model  Some differences:  VIP model uses goto, hand-coded model uses control state variables  VIP model uses channels as local variables, hand- coded model uses global channel variables

33 Stefan Leue- 33 - VIP  Implemented in JAVA, using SDK 1.2, and XML  Approximately 1 man-year  Approximately 20000 loc  Class structure documented in UML diagrams, at least initially...

34 Stefan Leue- 34 - Conclusions  VIP - based modeling  Compilation of Promela code  Property Validation  POTS  CORBA GIOP  Expected Benefits  increased acceptance of formal modeling and analysis in practicioner’s circles  improved documentation and maintenance of Promela models  facilitated use in education

35 Stefan Leue- 35 - To Do...  Simulation Capability inside VIP  Interpretation of Spin results in VIP model context  Facilitated requirement specification  better hooks  more suitable requirements languages –(life) MSCs –graphical interval logics –automata-based observer  Addition of features  replication  dynamic construction and destruction  inheritance

36 Stefan Leue- 36 - Public Availability?  Hope to be able to make tool available shortly  Contact: leue@uni-freiburg.de m2kamel@uwaterloo.ca

Download ppt "VIP: A Visual Editor and Compiler for v-Promela Stefan Leue Albert-Ludwigs-University Freiburg"

Similar presentations

System and Software Engineering Research 1 Motorola 2003 Integrated Application of MSC Clive Jervis Rapporteur Q15 Motorola UK Research Labs.

System and Software Engineering Research 1 Motorola 2003 Integrated Application of MSC Clive Jervis Rapporteur Q15 Motorola UK Research Labs.
Comparison of Several Meta-modeling Tools 2 Yi Lu Computer Science Department McGill University 3.24.2003.

Comparison of Several Meta-modeling Tools 2 Yi Lu Computer Science Department McGill University
Software development process. Explanation of the iterative nature of the software development process.

Software development process. Explanation of the iterative nature of the software development process.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.

Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.
M INERVA (Metamodel-based Intuitive Editors with Reports and Visualizations of Analysis) Laura A. Campbell Advisor: Dr. Betty H.C. Cheng Software Engineering.

M INERVA (Metamodel-based Intuitive Editors with Reports and Visualizations of Analysis) Laura A. Campbell Advisor: Dr. Betty H.C. Cheng Software Engineering.
The Spin Model Checker Promela Introduction 50374 Nguyen Tuan Duc 50378 Shogo Sawai.

The Spin Model Checker Promela Introduction Nguyen Tuan Duc Shogo Sawai.
IEC 61850 Substation Configuration Language and Its Impact on the Engineering of Distribution Substation Systems Notes Dr. Alexander Apostolov.

IEC Substation Configuration Language and Its Impact on the Engineering of Distribution Substation Systems Notes Dr. Alexander Apostolov.
1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.

1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.
Example: Infinite Split and Merge #define N 128 #define size 16 chan in = [size] of {short}; chan large = [size] of {short}; chan small = [size] of {short};

Example: Infinite Split and Merge #define N 128 #define size 16 chan in = [size] of {short}; chan large = [size] of {short}; chan small = [size] of {short};
Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti Part 4: Specifications.

Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti Part 4: Specifications.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.

1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.
Programming Languages Structure

Programming Languages Structure
More on RDT Robert John Walters. RDT – a reprise A Graphically based formal modelling language Models represented as diagrams (not text) Communications.

More on RDT Robert John Walters. RDT – a reprise A Graphically based formal modelling language Models represented as diagrams (not text) Communications.
Implementing Hierarchical Features in a Graphically Based Formal Modelling Language Peter Henderson, Robert John Walters and Stephen Crouch Department.

Implementing Hierarchical Features in a Graphically Based Formal Modelling Language Peter Henderson, Robert John Walters and Stephen Crouch Department.
Automating Checking of Models Built Using a Graphically Based Formal Language Robert John Walters.

Automating Checking of Models Built Using a Graphically Based Formal Language Robert John Walters.
Ch5: Software Specification. 1 Overview  Use of specifications  Specification qualities  Classification of specification styles  Verification of specifications.

Ch5: Software Specification. 1 Overview  Use of specifications  Specification qualities  Classification of specification styles  Verification of specifications.

Similar presentations

Ads by Google