Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed."— Presentation transcript:

1 CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed (KFUPM) Spring 2004 (Term 032)

2 Correctness Requirements (Cont.)

3 CSE555-SqalliTerm 0324-2-3 How To Check A Model  The model can be represented as a graph  Various graph theoretic algorithms are applicable to search for violations of correctness criteria:  Invariants  Should hold in all states  Deadlocks  A state is reachable where program is blocked  Unreachable states  There are states that are never executed  Search through the state space  Use a search algorithm: depth-first-search, breadth-first search, etc.  Search entire state space or optimize  Report result  Conformance; or  Counter example: at least one state where criteria are not met

4 CSE555-SqalliTerm 0324-2-4 Credit: Theo Ruys (University of Twente)

5 CSE555-SqalliTerm 0324-2-5 Formal Correctness Condition  We want to find a correctness condition for a model to satisfy a specification:  Language of a model: L(Model)  Language of a specification: L(Spec)  We need: L(Model)  L(Spec)  In order to prove correctness:  Show that L(Model)  L(Spec)  Equivalently: ______ Show that L(Model)  L(Spec) = Ø.  Also: can obtain L(Spec) by translating from LTL! All sequences Sequences satisfying Spec Program executions

6 CSE555-SqalliTerm 0324-2-6 Reference: http://spinroot.com/spin/Doc/course/index.html Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

7 CSE555-SqalliTerm 0324-2-7 Reference: http://spinroot.com/spin/Doc/course/index.html Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

8 CSE555-SqalliTerm 0324-2-8 Credit: Theo Ruys (University of Twente)

9 CSE555-SqalliTerm 0324-2-9 Credit: Theo Ruys (University of Twente)

10 CSE555-SqalliTerm 0324-2-10 Reference: http://spinroot.com/spin/Doc/course/index.html Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

11 CSE555-SqalliTerm 0324-2-11 Reference: http://spinroot.com/spin/Doc/course/index.html Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

12 CSE555-SqalliTerm 0324-2-12 Credit: Theo Ruys (University of Twente)

13 CSE555-SqalliTerm 0324-2-13 Reference: http://spinroot.com/spin/Doc/course/index.html Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

14 CSE555-SqalliTerm 0324-2-14 Reference: http://spinroot.com/spin/Doc/course/index.html Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

15 CSE555-SqalliTerm 0324-2-15 Spin Verification  Spin accepts correctness properties using Linear Temporal Logic (LTL)  It uses a depth-first search algorithm  Exhaustive search  State space compression  Space complexity is the biggest problem with verification tools

16 CSE555-SqalliTerm 0324-2-16 LTL Syntax  LTL formulae are used to specify liveness properties  LTL = propositional logic + temporal operators  Temporal logic unary (boolean/temporal) operators:  []Always (e.g., []p - always p)  <>Eventually (e.g., <>p - eventually p)  XNext  !Logical negation  Binary operators  UStrong until (e.g., p U q - p is true until q becomes true)  &&Logical and  ||Logical or  ->Logical implication  (p -> q) is shorthand for: (!p || q)  Logical equivalence (iff)  (p q) is shorthand for: (p -> q) && (q -> p)

17 CSE555-SqalliTerm 0324-2-17 Reference: http://spinroot.com/spin/Doc/course/index.html Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

18 CSE555-SqalliTerm 0324-2-18 LTL Examples  Examples about LTL syntax:  [] p “p is invariantly true”  <>p “p eventually becomes true”  p U q “p is true until q becomes true”  Examples of LTL combinations:  <>[] p “p eventually becomes invariantly true” “p will happen from some point forever”  []<>p “p will happen infinitely often”  []<>!p “p always eventually becomes false at least once more”  [] (p -> !q) “p always implies ¬q”  [] (p -> <> q) “p always implies eventually q”  ([]<>p) --> ([]<>q) “If p happens infinitely often, then q also happens infinitely often”

19 CSE555-SqalliTerm 0324-2-19 Semantics   X   U        

20 CSE555-SqalliTerm 0324-2-20 Reference: http://spinroot.com/spin/Doc/course/index.html Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

21 CSE555-SqalliTerm 0324-2-21 Credit: Theo Ruys (University of Twente)

22 CSE555-SqalliTerm 0324-2-22 Reference: http://spinroot.com/spin/Doc/course/index.html Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

23 CSE555-SqalliTerm 0324-2-23 Reference: http://spinroot.com/spin/Doc/course/index.html Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

24 CSE555-SqalliTerm 0324-2-24 Reference: http://spinroot.com/spin/Doc/course/index.html Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

25 CSE555-SqalliTerm 0324-2-25 LTL Formulae to Buchi Automata  Spin converts LTL formulae into Buchi automata  An initial state  An accepting state  Example:  LTL formula:  [] (pUq)  “It is always guaranteed that p remains true at least until q becomes true”  Buchi automata for LTL  PROMELA syntax:

26 CSE555-SqalliTerm 0324-2-26 Another Example  LTL formula:  [] (<>p)  “At any point in an execution, it is guaranteed that eventually p will become true at least once more”  Buchi automata:  PROMELA specifications:

27 CSE555-SqalliTerm 0324-2-27 Reference: http://spinroot.com/spin/Doc/course/index.html Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

28 CSE555-SqalliTerm 0324-2-28 Reference: http://spinroot.com/spin/Doc/course/index.html Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

29 CSE555-SqalliTerm 0324-2-29 Reference: http://spinroot.com/spin/Doc/course/index.html Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

30 CSE555-SqalliTerm 0324-2-30 Reference: http://spinroot.com/spin/Doc/course/index.html Lecture Notes - Caltech - January-March 2004http://spinroot.com/spin/Doc/course/index.html

Download ppt "CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed."

Similar presentations

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.

1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.
Model Checking and Testing combined

Model Checking and Testing combined
Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.

Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Partial Order Reduction: Main Idea

Partial Order Reduction: Main Idea
Part 3: Safety and liveness

Part 3: Safety and liveness
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
CS6133 Software Specification and Verification

CS6133 Software Specification and Verification
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes.

1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking.

Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking.

Similar presentations

Ads by Google