Presentation is loading. Please wait.

Presentation is loading. Please wait.

Process Analysis Toolkit PAT is A SPIN-like self-contained environment for system specification, visualized simulation and automated verification. PAT.

Published byJulius Rose Modified over 9 years ago

Similar presentations

Presentation on theme: "Process Analysis Toolkit PAT is A SPIN-like self-contained environment for system specification, visualized simulation and automated verification. PAT."— Presentation transcript:

1 Process Analysis Toolkit PAT is A SPIN-like self-contained environment for system specification, visualized simulation and automated verification. PAT is designed for supporting multiple domain specific languages. PAT embeds complementary model checking algorithms, e.g., reachability analysis by depth/breadth first search, SCC-based LTL verification, on-the-fly refinement checking, etc. PAT is available at http://pat.comp.nus.edu.sg

2 CSP@PAT for Concurrent Systems The modeling language combines high-level compositional operators from process algebra with program- like codes. PAT supports a variety of fairness notions for distributed algorithms, process-level weak/strong fairness, event-level weak/local strong/global strong fairness, etc. PAT outperforms SPIN for verification with fairness. PAT has been applied to many recently develop distributed algorithms (bug found!) and others.

3 WS@PAT for Web Services WS@PAT supports specialized intermediate languages for Web Service Choreography and Orchestration, which abstract WS-CDL and WSBPEL. WS@PAT checks conformance between Choreography and Orchestration using an on-the-fly refinement checking algorithm. WS@PAT verifies implementability of choreography by syntactic analysis and generates prototype orchestration.

4 Fairness: Motivating Examples Peterson’s algorithm – Bounded by-pass requires weak process-level weak fairness Population Protocols – Leader election in complete network graph (requires weak fairness) – Leader election in network rings (requires strong global fairness) – Token circulation in rings (requires strong global fairness)

5 Process-level Fairness Process-level weak fairness (e.g., SPIN) – Each process must make infinite progress if always possible. Process-level strong fairness (e.g., CHESS) – Each process must make infinite progress if repeated possible.

6 Weak Action Fairness <>[] a is enabled => []<> a is engaged Weak action fairness vs. process-level weak fairness

7 Strong Local Fairness []<> a is enabled => []<> a is engaged Strong local fairness vs weak action fairness

8 Strong Global Fairness If a step is infinitely often enabled, it must be taken infinitely. Strong global fairness vs. strong local fairness

9 Verification under Fairness Setting 1: one notion of fairness is applied to the whole system. – Verification under fairness = Loop searching, i.e., given a (liveness) property, a counterexample is a fair loop which fails the property. – Fair loop searching = Fair SCC searching, i.e., an on-the-fly model checking algorithm based Tarjan’s algorithm

10 Pros and Cons Pro: no additional user inputs. Con: – sometimes overwhelming, e.g., the eventual leader detector. – Partial order reduction is applicable to only verification under weak action fairness or weaker.

11 Verification under Fairness Setting 2: individual actions are annotated with fairness constraints. – The same SCC-based verification is used to identify fair SCCs. Pros – Different parts of the system may have different fairness, – Partial order reduction is possible. Con: need users to annotate fairness with the relevant actions.

12 Verification under Fairness Setting 3: design a fair scheduler to generate only fair executions Pros – Smaller state graph, – Nested depth-first-search is possible, – Infinite state systems may become finite. Con: the fair scheduler needs additional data structure to guarantee.

13 Experiments

Download ppt "Process Analysis Toolkit PAT is A SPIN-like self-contained environment for system specification, visualized simulation and automated verification. PAT."

Similar presentations

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Conclusion Summary Research trends Resources.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Conclusion Summary Research trends Resources.
Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.

Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
Modeling issues Book: chapters 4.12, 5.4, 8.4, 10.1.

Modeling issues Book: chapters 4.12, 5.4, 8.4, 10.1.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Snap-stabilizing Committee Coordination Borzoo Bonakdarpour Stephane Devismes Franck Petit IEEE International Parallel and Distributed Processing Symposium.

Snap-stabilizing Committee Coordination Borzoo Bonakdarpour Stephane Devismes Franck Petit IEEE International Parallel and Distributed Processing Symposium.
Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by Intel.

Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by Intel.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 13.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.

CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.
PSWLAB S PIN Search Algorithm from “THE SPIN MODEL CHECKER” by G Holzmann Presented by Hong,Shin 9 th Nov 2007 2015-05-071SPIN Search Algorithm.

PSWLAB S PIN Search Algorithm from “THE SPIN MODEL CHECKER” by G Holzmann Presented by Hong,Shin 9 th Nov SPIN Search Algorithm.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking.

Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking.
1 Towards formal manipulations of scenarios represented by High-level Message Sequence Charts Loïc Hélouet Claude Jard Benoît Caillaud IRISA/PAMPA (INRIA/CNRS/Univ.

1 Towards formal manipulations of scenarios represented by High-level Message Sequence Charts Loïc Hélouet Claude Jard Benoît Caillaud IRISA/PAMPA (INRIA/CNRS/Univ.
Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.

Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.
CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.

CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.

Similar presentations

Ads by Google