Presentation is loading. Please wait.

Presentation is loading. Please wait.

Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti Part 4: Specifications.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti Part 4: Specifications."— Presentation transcript:

1 Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti splp@ecs.soton.ac.uk Part 4: Specifications

2 Introduction (1) A specification is (FOLDOC) a document describing how some system should work (a model describes how the system currently works)

3 Introduction (2) Specified in  The model Assertions (local, global) Labels: progress (starvation), acceptance (deadlock), end (livelock)  Correctness properties LTL Formula Büchi automata never claim states cycles

4 Safety and liveness Safety: “nothing bad ever happens”  ex.: deadlock freedom  Find a trace leading to the “bad” thing; if there is not such a trace, the property is satisfied Liveness: “something good will eventually happen”  ex.: termination  Find a loop in which the “good” thing does not happen; if there is not such a loop, the property is satisfied

5 Local properties Assertions assert(P) assert(true) assert(false)

6 Global property Invariant proctype monitor() { assert(P); } Variant forms atomic{ !P -> assert(P);} do :: assert(P) od

7 End-state label How to differentiate between “idle” and “normal end” of a process? Specify valid end-state Statement where the blocking of the process is “normal” (acceptable) Useful when looking for deadlocks

8 Progress-state label The statement indicates that the system makes progress Non-progress may indicate starvation or badly designed system

9 Acceptance-state label Special marking of a state to indicate a “particular” property at that point during the simulation Related to the (Büchi- or ω-) automaton nature of the behaviour of PROMELA models

10 LTL syntax True, false Unary operators: [], <>, ! ( X ) Binary operators: U, &&, ||, ->,

11 Typical LTL formulas (1) [] p always p <> p eventually p p -> (<> q) p implies eventually q p -> (q U r) p implies q until r [] <> p always eventually p <> [] p eventually, always p <> p -> <> q eventually p implies eventually q

12 Typical LTL formulas (2) Useful  ! [] p <> !p  ! <> p [] !p X operator  Next-time-free properties are stutter- invariant

13 Never claims (1) Define an “observer process” (concurrent automaton that never blocks and never communicates) Accept bad behaviours (property violations) (principle: finding a counter-example is simpler/faster than showing that something is always true)

14 Never claims (2) Reference a process state proctypename[pid]@label ex: monitor[123]@progress45

15 Never claims (3) never { S0: do :: A@A1 -> break :: else od; do :: (a ==b) -> break :: else od; accept: true -> goto S0}

16 SPIN’s Slicing Algorithm Will try to suggest optimisations (abstraction, code merging) to the PROMELA model base on the correctness properties

Download ppt "Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti Part 4: Specifications."

Similar presentations

Model Checking Lecture 1.

Model Checking Lecture 1.
Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.

1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Part 3: Safety and liveness

Part 3: Safety and liveness
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
© 2011 Carnegie Mellon University SPIN: Part 2 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.

© 2011 Carnegie Mellon University SPIN: Part /614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.
/ PSWLAB P ROMELA Semantics from “THE SPIN MODEL CHECKER” by G. J. Holzmann Presented by Hong,Shin 5 th Oct 2007 08:021PROMELA Semantics.

/ PSWLAB P ROMELA Semantics from “THE SPIN MODEL CHECKER” by G. J. Holzmann Presented by Hong,Shin 5 th Oct :021PROMELA Semantics.
Frederico Araujo CS6362 – Fall 2010 The SPIN Model Checker.

Frederico Araujo CS6362 – Fall 2010 The SPIN Model Checker.
PSWLAB S PIN Search Algorithm from “THE SPIN MODEL CHECKER” by G Holzmann Presented by Hong,Shin 9 th Nov 2007 2015-05-071SPIN Search Algorithm.

PSWLAB S PIN Search Algorithm from “THE SPIN MODEL CHECKER” by G Holzmann Presented by Hong,Shin 9 th Nov SPIN Search Algorithm.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
Sept 2011 1 COMP60611 Fundamentals of Parallel and Distributed Systems Lecture 12 The Critical Section problem John Gurd, Graham Riley Centre for Novel.

Sept COMP60611 Fundamentals of Parallel and Distributed Systems Lecture 12 The Critical Section problem John Gurd, Graham Riley Centre for Novel.
The Spin Model Checker Promela Introduction 50374 Nguyen Tuan Duc 50378 Shogo Sawai.

The Spin Model Checker Promela Introduction Nguyen Tuan Duc Shogo Sawai.
1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.

1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.

Similar presentations

Ads by Google