Presentation is loading. Please wait.

Presentation is loading. Please wait.

OOTI Workshop on Model Checking and Static Analysis Day 3 Dragan Bošnački Eindhoven University of Technology The Netherlands.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "OOTI Workshop on Model Checking and Static Analysis Day 3 Dragan Bošnački Eindhoven University of Technology The Netherlands."— Presentation transcript:

1 OOTI Workshop on Model Checking and Static Analysis Day 3 Dragan Bošnački Eindhoven University of Technology The Netherlands

2 Topics Previous Lecture Promela/Spin –Some basic definitions and terminology Linear Temporal Logic –Syntax, Semantics, Examples Exercise: Dijkstra’s mutual exclusion protocol

3 Outline for Today Discussion of the exercise (Dijkstra’s mutual exclusion protocol) Linear Temporal Logic (LTL) (continued) Büchi automata Translation of LTL to Büchi automata Dolev, Klawe and Rodeh (DKR) Leader Election Protocol Exercises First assignment

4 If then else construct in Promela if C then S1 else S2 if :: C->S1 :: else->S2 fi if C then S1 if :: C->S1 :: else->S2 fi

5 For loops in Promela for i :=1 to N do S i=1 do :: i S; i++ :: else -> break od

6 C-style of Array Declaration/Definition bool b[N]; bool c[N]; Both b and c have N elements The index range of the arrays is 0..N-1 and not 0..N ! –So, a reference to b[N] is an error because the index value N is out of range If in the Dekker/Dijkstra algorithm we want to keep the original range of the arrays b and c, i.e. 1..N, then we have to define array with N+1 element #define N 2 #define Nplus1 3 bool b[Nplus1], c[Nplus1]

7 Some Specific Errors/Oversights Variable j is a local All Boolean arrays should be initialized to true The initial value of k is irrelevant, but it must satisfy 1 <= k <= N init{ int i; atomic{ i=1 do :: i b[i] = true; c[i] = true; i++ :: else->break od }

8 Some Specific Errors/Oversights Variable j is a local All Boolean arrays should be initialized to true The initial value of k is irrelevant, but it must satisfy 1 <= k <= N init{ int i; atomic{ i=1 do :: i run P(i); i++ :: else->break od }

9 Standard LTL formulae []p invariance <>p guarantee [] p-><>q response P->(q U r) precedence []<>p progress (recurrence) <>[]p non-progress (stability) <>p-><>q correlation

Download ppt "OOTI Workshop on Model Checking and Static Analysis Day 3 Dragan Bošnački Eindhoven University of Technology The Netherlands."

Similar presentations

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
CSE Lecture 3 – Algorithms I

CSE Lecture 3 – Algorithms I
CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.
Program correctness The State-transition model A global state S  s 0 x s 1 x … x s m {s k = local state of process k} S0  S1  S2  … Each state transition.

Program correctness The State-transition model A global state S  s 0 x s 1 x … x s m {s k = local state of process k} S0  S1  S2  … Each state transition.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
Expressions and Statements. 2 Contents Side effects: expressions and statements Expression notations Expression evaluation orders Conditional statements.

Expressions and Statements. 2 Contents Side effects: expressions and statements Expression notations Expression evaluation orders Conditional statements.
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.

1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.
Shin Hong, KAIST17 th April,2007 1/33 Provable Software Laboratory, CS KAIST.

Shin Hong, KAIST17 th April,2007 1/33 Provable Software Laboratory, CS KAIST.
CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.

CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.
Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti Part 4: Specifications.

Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti Part 4: Specifications.
General Computer Science for Engineers CISC 106 Lecture 19 Dr. John Cavazos Computer and Information Sciences 04/06/2009.

General Computer Science for Engineers CISC 106 Lecture 19 Dr. John Cavazos Computer and Information Sciences 04/06/2009.

Similar presentations

Ads by Google