Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tele Design of Reactive Systems Summer 2001 Prof. Dr. Stefan Leue Institute for Computer Science Albert-Ludwigs-Universität Freiburg

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Tele Design of Reactive Systems Summer 2001 Prof. Dr. Stefan Leue Institute for Computer Science Albert-Ludwigs-Universität Freiburg"— Presentation transcript:

1 tele Design of Reactive Systems Summer 2001 Prof. Dr. Stefan Leue Institute for Computer Science Albert-Ludwigs-Universität Freiburg leue@uni-freiburg.de Copyright © Stefan Leue 2001

2 tele © Stefan Leue 2002 Design of Reactive Systems / Summer 2002 V - 2 Temporal Logic based Requirement Specification Part 5a

3 tele © Stefan Leue 2002 Design of Reactive Systems / Summer 2002 V - 3 Properties  Property  A system execution (computation) will be modeled as a sequence of states or events –  0 = –  1 =  A system property is represented by a set of computations –  = {  0,  1,...}  Definition  a program P has the property  if all its computations are in .  Property Representation  normally too cumbersome to enumerate all infinite computations, therefore use of mathematical formalisms –state machines  property corresponds to accepted language –  -regular expressions –temporal logic

4 tele © Stefan Leue 2002 Design of Reactive Systems / Summer 2002 V - 4 Safety and Liveness  Classification of Properties  safety: something bad will never happen –example: it is never the case that more than one process is in the critical section (mutual exclusion) –invariant violation  liveness: something good will eventually happen –example: any process attempting to get access to the critical section will eventually be granted access

5 tele © Stefan Leue 2002 Design of Reactive Systems / Summer 2002 V - 5 Safety and Liveness  Notation   : finite set of states   + : set of all non-empty, finite sequences of states from     : set of all non-empty, infinite sequences of states from   Finitary and infinitary properties  We call    + a finitary property, and  a finitary or partial computation  We call     an infinitary property, and  an infinitary computation

6 tele © Stefan Leue 2002 Design of Reactive Systems / Summer 2002 V - 6 Safety and Liveness  Prefixes

7 tele © Stefan Leue 2002 Design of Reactive Systems / Summer 2002 V - 7 Safety and Liveness

8 tele © Stefan Leue 2002 Design of Reactive Systems / Summer 2002 V - 8 Safety and Liveness

9 tele © Stefan Leue 2002 Design of Reactive Systems / Summer 2002 V - 9 Safety and Liveness

10 tele © Stefan Leue 2002 Design of Reactive Systems / Summer 2002 V - 10 Safety and Liveness

11 tele © Stefan Leue 2002 Design of Reactive Systems / Summer 2002 V - 11 Safety and Liveness

12 tele © Stefan Leue 2002 Design of Reactive Systems / Summer 2002 V - 12 Safety and Liveness  Why the safety/liveness classification?  Intuitively –checking safety property: simple exploration of all states –checking livenes property: exploration of all states, checking in every state whether any continuation of the prefix will satisfy property  Consequence –more search effort for liveness properties –therefore more expensive to verify

13 tele © Stefan Leue 2002 Design of Reactive Systems / Summer 2002 V - 13 Safety and Liveness  Example if the system is in a state in which a message has been sent, then it will eventually reach a state in which a message has been received

14 tele © Stefan Leue 2002 Design of Reactive Systems / Summer 2002 V - 14 Safety and Liveness

15 tele © Stefan Leue 2002 Design of Reactive Systems / Summer 2002 V - 15 Safety and Liveness

16 tele © Stefan Leue 2002 Design of Reactive Systems / Summer 2002 V - 16 Safety and Liveness

17 tele © Stefan Leue 2002 Design of Reactive Systems / Summer 2002 V - 17 Safety and Liveness

18 tele © Stefan Leue 2002 Design of Reactive Systems / Summer 2002 V - 18 Safety and Liveness

19 tele © Stefan Leue 2002 Design of Reactive Systems / Summer 2002 V - 19 Safety and Liveness

20 tele © Stefan Leue 2002 Design of Reactive Systems / Summer 2002 V - 20 Safety and Liveness  Other Classifications  topological –safety: closed sets –liveness: dense sets  temporal logic (more later)  automata theoretic

21 tele © Stefan Leue 2002 Design of Reactive Systems / Summer 2002 V - 21 Safety and Liveness  Examples  Safety –partial correctness  program doesn't produce wrong results and does not enter an unwanted state –mutual exclusion  never two processes in critical section at the same time –absence of deadlock  the program never reaches a deadlock state  Liveness –termination  the programme will eventually reach a final state –progress  the programme will eventually receive the requested service

22 tele © Stefan Leue 2002 Design of Reactive Systems / Summer 2002 V - 22 References  [Hughes and Cresswell] G. Huges and M. Cresswell, An Introduction to Modal Logic, Methuen, 1968  [Huth and Ryan] M. Huth and M. Ryan, Logic in Computer Science - Modelling and reasoning about systems, Cambridge University Press, 2000  [Manna and Pnueli 92] Z. Manna and A. Pnueli, The Temporal Logic of Reactive and Concurrent Systems - Specifications, Springer Verlag, 1992  [Schwarz and Melliar-Smith] R. Schwarz and M. Melliar- Smith, From State Machines to Temporal Logic: Specification Methods for Protocol Standards, IEEE Transactions on Communications, 30(12), S. 2486 - 2496, Dezember 1982.

Download ppt "Tele Design of Reactive Systems Summer 2001 Prof. Dr. Stefan Leue Institute for Computer Science Albert-Ludwigs-Universität Freiburg"

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Model Checking Lecture 1.

Model Checking Lecture 1.
1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.

1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.
Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.

Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Part 3: Safety and liveness

Part 3: Safety and liveness
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Program correctness The State-transition model A global state S  s 0 x s 1 x … x s m {s k = local state of process k} S0  S1  S2  … Each state transition.

Program correctness The State-transition model A global state S  s 0 x s 1 x … x s m {s k = local state of process k} S0  S1  S2  … Each state transition.
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,

PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
Visual Tools for Temporal Reasoning G. Kutty, L.K. Dillon, L.E. Moser, P.M. Melliar-Smith, and Y.S. Ramakrishna.

Visual Tools for Temporal Reasoning G. Kutty, L.K. Dillon, L.E. Moser, P.M. Melliar-Smith, and Y.S. Ramakrishna.
1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.

1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.
Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (www.dcs.warwick.ac.uk/~doron/notes.html)

Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Safety and Liveness. Defining Programs Variables with respective domain –State space of the program Program actions –Guarded commands Program computation.

Safety and Liveness. Defining Programs Variables with respective domain –State space of the program Program actions –Guarded commands Program computation.
Lecture 2: Reasoning with Distributed Programs Anish Arora CSE 6333.

Lecture 2: Reasoning with Distributed Programs Anish Arora CSE 6333.
CSEP590 – Model Checking and Software Verification University of Washington Department of Computer Science and Engineering Summer 2003.

CSEP590 – Model Checking and Software Verification University of Washington Department of Computer Science and Engineering Summer 2003.

Similar presentations

Ads by Google