Presentation is loading. Please wait.

Presentation is loading. Please wait.

Verification of Hierarchical Component-Based Designs in FRESCO Tom Henzinger, Marius Minea, Vinayak Prabhu.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Verification of Hierarchical Component-Based Designs in FRESCO Tom Henzinger, Marius Minea, Vinayak Prabhu."— Presentation transcript:

1 Verification of Hierarchical Component-Based Designs in FRESCO Tom Henzinger, Marius Minea, Vinayak Prabhu

2 Context Overall Approach –use component hierarchy to limit complexity –design for verifiability Application Domain –primarily embedded systems Verification Goals –refinement checking –assume-guarantee reasoning

3 FRESCO: Formal Real-Time Software Components formal: components are mathematical objects that can be analyzed real-time: behavior contains discrete and continuous executions over time components model software + hardware + environment Masaccio: high-level component view Giotto: processes executing on real-time OS

4 Components in Masaccio Component = interface + behavior Interface: specifies interaction with other components –input and output variables + dependence relation –control locations + entry conditions Behavior: set of executions –entry (jump | flow)*(a,  ) –entry (jump | flow)* exit(a, , b) –components are deadlock-free x y a z b

5 Atomic Components Atomic discrete component Atomic continuous component ab xy y’ = f(x, y) ab xy y = f(x, y).

6 Operations: Parallel Composition synchronous conjunction of component behaviors same entry locations one component may preempt another (determines exit location) aa || cbbc a

7 Operations: Serial Composition disjunction of component behaviors entry conditions for common entry locations are disjoint can represent different execution modes of the system a + cb a g1g2 bc a g1  g2

8 Operations: Hiding and Renaming Location hiding –makes location internal to a component –strings together component executions –typically used with serial composition Location renaming Variable hiding Variable renaming abbcca

9 Building Components All components can be built from atomic components using the six basic operations Example: control of a robot motor, with obstacle sensor e x left:=right:=T  obst obst left: bool right: bool obst: bool

10 Refinement of Components Generalizes trace inclusion Component A refines component B iff: –A and B have compatible interfaces (A may have more variables, stronger dependence relation) –every behavior of A has as prefix a behavior of B (possibly ending in a different exit location) caab refines abbc + \ b = ca because

11 Example: A Simple Robot Motor Controller || Motor + || FollowLead + || Motor ++ StraightTurnMoveWait

12 Compositionality All components operations are compositional: –A  B  A + C  B + C –A  B  A || C  B || C –A  B  A \ a  B \ a –A  B  A [a := b]  B [a := b] –A  B  A \ x  B \ x –A  B  A [x := y]  B [x := y]

13 Assume-Guarantee Reasoning C[A1,B2]  C[A2,B2] C[A2,B1]  C[A2,B2] C[A1,B1]  C[A2,B2]    B2A1 C B2A2 C B2A2 C B1A2 C B2A2 C B1A1 C

14 Assume-Guarantee: Example Consider reimplementation of robot controller. Prove: C A [Control I A ]||C B [Control I B ]  C A [Control A ]||C B [Control B ] discharged by assume-guarantee: C A [Control I A ]||C B [Control B ]  C A [Control A ]||C B [Control B ] C A [Control A ]||C B [Control I B ]  C A [Control A ]||C B [Control B ] first premise rewritten as: Control I A ||Motor A ||Control B ||Motor B  Control A ||Motor A ||Control B ||Motor B discharged by compositional reasoning: Control I A ||Control B  Control A ||Control B rewritten as: (Control I A + Follow A )\e L \e F ||Control B  (Control A + Follow A )\e L \e F ||Control B

15 Assume-Guarantee: Importance Assume-guarantee rule for parallel composition: well studied [Abadi & Lamport, Alur & Henzinger, McMillan] For serial composition: only recently [Alur & Grosu ‘00] In Masaccio: first combination of the two Exploits compositionality and hierarchy of formalism

16 Ongoing and Future Work Related: –rich application interfaces (real-time, QoS) (Luca) –time-triggered implementation of Giotto (Ben, Christoph) Compositionality and Assume-Guarantee (w. Vinayak) –evaluation on examples Refinement of Timed Behavior –reduce to refinement of time-abstract quotients –use to show refinement between Masaccio and Giotto Exploiting Hierarchy in Verification –reachability analysis without flattening design

Download ppt "Verification of Hierarchical Component-Based Designs in FRESCO Tom Henzinger, Marius Minea, Vinayak Prabhu."

Similar presentations

Efficient Reachability Analysis of Hierarchic Reactive Modules R. Alur, R.Grosu, M.McDougall University of Pennsylvania www.cis.upenn.edu/~alur,grosu,mmcdougall.

Efficient Reachability Analysis of Hierarchic Reactive Modules R. Alur, R.Grosu, M.McDougall University of Pennsylvania
Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.

Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.
ECOE 560 Design Methodologies and Tools for Software/Hardware Systems Spring 2004 Serdar Taşıran.

ECOE 560 Design Methodologies and Tools for Software/Hardware Systems Spring 2004 Serdar Taşıran.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Decomposing Refinement Proofs using Assume-Guarantee Reasoning Tom Henzinger (UC Berkeley) Shaz Qadeer (Compaq Research) Sriram Rajamani (Microsoft Research)

Decomposing Refinement Proofs using Assume-Guarantee Reasoning Tom Henzinger (UC Berkeley) Shaz Qadeer (Compaq Research) Sriram Rajamani (Microsoft Research)
Interface-based design Philippe Giabbanelli CMPT 894 – Spring 2008.

Interface-based design Philippe Giabbanelli CMPT 894 – Spring 2008.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Automated assume-guarantee reasoning for component verification Dimitra Giannakopoulou (RIACS), Corina Păsăreanu (Kestrel) Automated Software Engineering.

Automated assume-guarantee reasoning for component verification Dimitra Giannakopoulou (RIACS), Corina Păsăreanu (Kestrel) Automated Software Engineering.
Luca de Alfaro Thomas A. Henzinger Ranjit Jhala UC Berkeley Compositional Methods for Probabilistic Systems.

Luca de Alfaro Thomas A. Henzinger Ranjit Jhala UC Berkeley Compositional Methods for Probabilistic Systems.
Modular Specification of Hybrid Systems in CHARON R. Alur, R. Grosu, Y. Hur, V. Kumar, I. Lee University of Pennsylvania SDRL and GRASP.

Modular Specification of Hybrid Systems in CHARON R. Alur, R. Grosu, Y. Hur, V. Kumar, I. Lee University of Pennsylvania SDRL and GRASP.
Fault-Tolerant Real-Time Networks Tom Henzinger UC Berkeley MURI Kick-off Workshop Berkeley, May 2000.

Fault-Tolerant Real-Time Networks Tom Henzinger UC Berkeley MURI Kick-off Workshop Berkeley, May 2000.
Page 1 Building Reliable Component-based Systems Chapter 13 -Components in Real-Time Systems Chapter 13 Components in Real-Time Systems.

Page 1 Building Reliable Component-based Systems Chapter 13 -Components in Real-Time Systems Chapter 13 Components in Real-Time Systems.
Interface-based Design of Embedded Systems Thomas A. Henzinger University of California, Berkeley.

Interface-based Design of Embedded Systems Thomas A. Henzinger University of California, Berkeley.
STARI: A Case Study in Compositional and Hierarchical Timing Verification Serdar Tasiran, Prof. Robert K. Brayton Department of Electrical Engineering.

STARI: A Case Study in Compositional and Hierarchical Timing Verification Serdar Tasiran, Prof. Robert K. Brayton Department of Electrical Engineering.
Integrated Design and Analysis Tools for Software-Based Control Systems Shankar Sastry (PI) Tom Henzinger Edward Lee University of California, Berkeley.

Integrated Design and Analysis Tools for Software-Based Control Systems Shankar Sastry (PI) Tom Henzinger Edward Lee University of California, Berkeley.
Type System, March 12, 2002 - 1 Data Types and Behavioral Types Yuhong Xiong Edward A. Lee Department of Electrical Engineering and Computer Sciences University.

Type System, March 12, Data Types and Behavioral Types Yuhong Xiong Edward A. Lee Department of Electrical Engineering and Computer Sciences University.
Models and Theory of Computation (MTC) EPFL Dirk Beyer, Jasmin Fisher, Nir Piterman Simon Kramer: Logic for cryptography Marc Schaub: Models for biological.

Models and Theory of Computation (MTC) EPFL Dirk Beyer, Jasmin Fisher, Nir Piterman Simon Kramer: Logic for cryptography Marc Schaub: Models for biological.
Causality Interface  Declares the dependency that output events have on input events.  D is an ordered set associated with the min ( ) and plus ( ) operators.

Causality Interface  Declares the dependency that output events have on input events.  D is an ordered set associated with the min ( ) and plus ( ) operators.
EECS 20 Lecture 16 (February 26, 2001) Tom Henzinger Determinization.

EECS 20 Lecture 16 (February 26, 2001) Tom Henzinger Determinization.
Chess Review May 11, 2005 Berkeley, CA Composable Code Generation for Distributed Giotto Tom Henzinger Christoph Kirsch Slobodan Matic.

Chess Review May 11, 2005 Berkeley, CA Composable Code Generation for Distributed Giotto Tom Henzinger Christoph Kirsch Slobodan Matic.

Similar presentations

Ads by Google