Presentation is loading. Please wait.

Presentation is loading. Please wait.

Specification Formalisms Book: Chapter 5. Properties of formalisms Formal. Unique interpretation. Intuitive. Simple to understand (visual). Succinct.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Specification Formalisms Book: Chapter 5. Properties of formalisms Formal. Unique interpretation. Intuitive. Simple to understand (visual). Succinct."— Presentation transcript:

1 Specification Formalisms Book: Chapter 5

2 Properties of formalisms Formal. Unique interpretation. Intuitive. Simple to understand (visual). Succinct. Spec. of reasonable size. Effective. Check that there are no contradictions. Check that the spec. is implementable. Check that the implementation satisfies spec. Expressive. May be used to generate initial code. Specifying the implementation or its properties?

3 A transition system A (finite) set of variables V. A set of states . A (finite) set of transitions T, each transition e==>t has an enabling condition e and a transformation t. An initial condition p. Denote by R(s, s’) the fact that s’ is a successor of s.

4 The interleaving model An execution is a finite or infinite sequence of states s 0, s 1, s 2, … The initial state satisfies the initial condition, I.e., p(s 0 ). Moving from one state s i to s i+1 is by executing a transition e==>t: e(s i ), I.e., s i satisfies e. s i+1 is obtained by applying t to s i.

5 LTL: Syntax  ::= (  ) | ¬  |  /\   \/  U   |O  | p  “box”, “always”, “forever”  “diamond”, “eventually”, “sometimes” O  “nexttime”  U  “until”

6 Semantics   O   U        

7 Combinations []<>p “p will happen infinitely often” <>[]p “p will happen from some point forever”. ([]<>p) --> ([]<>q) “If p happens infinitely often, then q also happens infinitely often”.

8 A Spring Example s1s3s2 pull release extended malfunction extended r0 = s1 s2 s1 s2 s1 s2 s1 … r1 = s1 s2 s3 s3 s3 s3 s3 … r2 = s1 s2 s1 s2 s3 s3 s3 … …

9 LTL satisfaction by a single sequence malfunction s1s3s2 pull release extended r2 = s1 s2 s1 s2 s3 s3 s3 … r2 |= extended ?? r2 |= O extended ?? r2 |= O O extended ?? r2 |= <> extended ?? r2 |= [] extended ?? r2 |= <>[] extended ?? r2 |= ¬ <>[] extended ?? r2 |= (¬extended) U malfunction ?? r2 |= [](¬extended->O extended) ??

10 LTL satisfaction by a system malfunction s1s3s2 pull release extended P |= extended ?? P |= O extended ?? P |= O O extended ?? P |= <> extended ?? P|= [] extended ?? P |= <>[] extended ?? P |= ¬ <>[] extended ?? P |= (¬extended) U malfunction ?? P |= [](¬extended->O extended) ??

11 Automata over finite words A=  (finite) the alphabet, S (finite) the states.  : S x  x S is the transition relation I : S are the starting states F: S are the accepting states. A A B BS0 S1

12 The transition relation (S0, A, S0) (S0, B, S1) (S1, A, S0) (S1, B, S1) A A B BS0 S1

13 A run over a word A word over , e.g., ABAAB. A sequence of states, e.g. S0S0S1S0S0S1. Starts with an initial state. Accepting if ends at accepting state. A A B BS0 S1

14 The language of an automaton The words that are accepted by the automaton. Includes AABBBA, ABBBBA. Does not include ABAB, ABBB. What is the language? A A B BS0 S1

15 Nondeterministic automaton Transitions: (S0,A,S0), (S0,B,S0), (S0,A,S1),(S1,A,S1). What is the language of this automaton? A,BA AS0 S1

16 Equivalent deterministic automaton A,BA AS0 S1 B A AS0 S1 B

17 Automata over infinite words Similar definition. Runs on infinite words over . Accepts when an accepting state occurs infinitely often in a run. A A B BS0 S1

18 Automata over infinite words Consider the word A B A B A B A B… There is a run S0 S0 S1 S0 S1 S0 S1 … This run in accepting, since S0 appears infinitely many times. A A B BS0 S1

19 Other runs For the word B B B B B… the run is S0 S1 S1 S1 S1… and is not accepting. For the word A A A B B B B B …, the run is S0 S0 S0 S0 S1 S1 S1 S1 … What is the run for A B A B B A B B B …? A A B BS0 S1

20 Nondeterministic automaton What is the language of this automaton? What is the LTL specification if B -- PC0=CR0, A=¬B? A,BA AS0 S1

21 Specification using Automata Let each letter correspond to some propositional property. Example: A -- P0 enters critical section, B -- P0 does not enter section. []<>PC0=CR0 A A B BS0 S1

22 Mutual Exclusion A -- PC0=CR0/\PC1=CR1 B -- ¬(PC0=CR0/\PC1=CR1) C -- TRUE []¬(PC0=CR0/\PC1=CR1) BA CS0 S1

23 L0:While True do NC0:wait(Turn=0); CR0:Turn=1 endwhile || L1:While True do NC1:wait(Turn=1); CR1:Turn=0 endwhile T0:PC0=L0==>PC0=NC0 T1:PC0=NC0/\Turn=0==> PC0:=CR0 T2:PC0=CR0==> (PC0,Turn):=(L0,1) T3:PC1==L1==>PC1=NC1 T4:PC1=NC1/\Turn=1==> PC1:=CR1 T5:PC1=CR1==> (PC1,Turn):=(L1,0) Initially: PC0=L0/\PC1=L1

24 The state space Turn=0 L0,L1 Turn=0 L0,NC1 Turn=0 NC0,L1 Turn=0 CR0,NC1 Turn=0 NC0,NC1 Turn=0 CR0,L1 Turn=1 L0,CR1 Turn=1 NC0,CR1 Turn=1 L0,NC1 Turn=1 NC0,NC1 Turn=1 NC0,L1 Turn=1 L0,L1

25 [] ¬ (PC0=CR0/\PC1=CR1) Turn=0 L0,L1 Turn=0 L0,NC1 Turn=0 NC0,L1 Turn=0 CR0,NC1 Turn=0 NC0,NC1 Turn=0 CR0,L1 Turn=1 L0,CR1 Turn=1 NC0,CR1 Turn=1 L0,NC1 Turn=1 NC0,NC1 Turn=1 NC0,L1 Turn=1 L0,L1

26 [](Turn=0 --> <>Turn=1) Turn=0 L0,L1 Turn=0 L0,NC1 Turn=0 NC0,L1 Turn=0 CR0,NC1 Turn=0 NC0,NC1 Turn=0 CR0,L1 Turn=1 L0,CR1 Turn=1 NC0,CR1 Turn=1 L0,NC1 Turn=1 NC0,NC1 Turn=1 NC0,L1 Turn=1 L0,L1

27 Correctness condition We want to find a correctness condition for a model to satisfy a specification. Language of a model: L(Model) Language of a specification: L(Spec). We need: L(Model)  L(Spec).

28 Correctness All sequences Sequences satisfying Spec Program executions

29 Incorrectness All sequences Sequences satisfying Spec Program executions Counter examples

Download ppt "Specification Formalisms Book: Chapter 5. Properties of formalisms Formal. Unique interpretation. Intuitive. Simple to understand (visual). Succinct."

Similar presentations

Modeling Software Systems Lecture 2 Book: Chapter 4.

Modeling Software Systems Lecture 2 Book: Chapter 4.
Model Checking and Testing combined

Model Checking and Testing combined
Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.

Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
Modeling issues Book: chapters 4.12, 5.4, 8.4, 10.1.

Modeling issues Book: chapters 4.12, 5.4, 8.4, 10.1.
Language and Automata Theory

Language and Automata Theory
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Part 3: Safety and liveness

Part 3: Safety and liveness
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
C O N T E X T - F R E E LANGUAGES ( use a grammar to describe a language) 1.

C O N T E X T - F R E E LANGUAGES ( use a grammar to describe a language) 1.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
Process Synchronization Continued 7.2 The Critical-Section Problem.

Process Synchronization Continued 7.2 The Critical-Section Problem.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.

Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.
Introduction to Computability Theory

Introduction to Computability Theory
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.
Infinite Automata -automata is an automaton that accepts infinite strings A Buchi automaton is similar to a finite automaton: S is a finite set of states,

Infinite Automata -automata is an automaton that accepts infinite strings A Buchi automaton is similar to a finite automaton: S is a finite set of states,
CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.

CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.

Similar presentations

Ads by Google