Download presentation
Presentation is loading. Please wait.
1
22.4.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik
2
Slide 2 H. Schlingloff, Logical Specification 22.4.2008 A first example A new video camcorder (“DCR-PC330”) owner's manual almost incomprehensible can be found in the internet typical for such devices off memorytapeplay dn up
3
Slide 3 H. Schlingloff, Logical Specification 22.4.2008 Such models can help in the development of complex systems ("model-driven design") The more concrete the formalism, the closer it is to an implementation executable code may be generated from state diagrams We might add additional information such as timing, communication, variables and such. Specification as opposed to modeling describes properties of the targeted system not aiming at a complete description of the system not aiming at the generation of executable code
4
Slide 4 H. Schlingloff, Logical Specification 22.4.2008 Screen menu The power-switch by itself is not a "complex system“ (Even I didn't need long to understand it). Let's look at the screen menu.
5
Slide 5 H. Schlingloff, Logical Specification 22.4.2008 Screen menu (contd.) greyed out invisible
6
Slide 6 H. Schlingloff, Logical Specification 22.4.2008 There are menus, items and settings menus: Camera Set,... items: Volume, LCD Brightness,... settings: on/off, 0-100%,... Items may be nested in two levels Setting screen allows to choose the value of a particular variable only the relevant variables may be accessed
7
Slide 7 H. Schlingloff, Logical Specification 22.4.2008 Modelling as a tree Menu-off MemorySet Pict.Appli.StandardSetCameraSet... VolumeLCD/VFSetRemoteCtrlLCDBrightLCD Color... Menu
8
Slide 8 H. Schlingloff, Logical Specification 22.4.2008 Modelling as a tree Menu-off MemorySet Pict.Appli.StandardSetCameraSet... VolumeLCD/VFSetRemoteCtrlLCDBrightLCD Color... Menu
9
Slide 9 H. Schlingloff, Logical Specification 22.4.2008 Menus are mode-dependent As a consequence, the up- and down-relations in the graph are mode-dependent Since the first line is not uniform, also the menu-relation is mode- dependent Formalization shows weakness in the design (usability) what is hard to formalize is hard to understand and likely to contain or cause errors How to describe such a structure? homework (consider cases that an item disappears and that it is greyed out) Camera /Tape Camera /Memory Play /Edit Camera Set + + - Memory Set - + + Pict.Appl. + + + Edit/Play + - + Standard Set + + + Time/Langu + + +
10
Slide 10 H. Schlingloff, Logical Specification 22.4.2008 Propositional Logic A formal specification method consists of three parts syntax, i.e., what are well-formed specifications semantics, i.e., what is the meaning of a specification calculus, i.e., what are transformations or deductions of a specification Propositional logic: probably the first and most widely used specification method dates back to Aristotle, Chrysippus, Boole, Frege, … base of most modern logics fundamental for computer science
11
Slide 11 H. Schlingloff, Logical Specification 22.4.2008 Syntax of Propositional Logic Let Ρ be a finite set {p 1,…,p n } of propositions and assume that , and (, ) are not in Syntax PL ::= Ρ | | (PL PL) every p is a wff is a wff („falsum“) if and are wffs, then ( ) is a wff nothing else is a wff
12
Slide 12 H. Schlingloff, Logical Specification 22.4.2008 Remarks Ρ may be empty still a meaningful logic! Minimalistic approach infix-operator necessitates parentheses other connectives can be defined as usual ¬ ≙ ( )(linear blowup!) Τ ≙ ¬ ( ) ≙ (¬ ) ( ) ≙ ¬(¬ ¬ ) ≙ ¬( ¬ ) ( ) ≙ (( ) ( )) (exponential blowup!) operator precedence as usual literal = a proposition or a negated proposition
13
Slide 13 H. Schlingloff, Logical Specification 22.4.2008 Semantics of Propositional Logic Propositional Model Truth value universe U: {true, false} Interpretation I: assignment Ρ ↦ U Model M: (U,I) Validation relation ⊨ between model M and formula M ⊨ p if I(p)=true M ⊭ M ⊨ ( ) if M ⊨ implies M ⊨ M validates or satisfies iff M ⊨ is valid ( ⊨ ) iff every model M validates is satisfiable (SAT( )) iff some model M satisfies
14
Slide 14 H. Schlingloff, Logical Specification 22.4.2008 Propositional Calculus Various calculi have been proposed boolean satisfiability (SAT) algorithms tableau systems, natural deduction, enumeration of valid formulæ Hilbert-style axiom system ⊢ ( ( )) (weakening) ⊢ (( ( )) (( ) ( ))) (distribution) ⊢ (¬¬ ) (excluded middle) , ( ) ⊢ (modus ponens) Derivability All substitution instances of axioms are derivable If all antecedents of a rule are derivable, so is the consequent
15
Slide 15 H. Schlingloff, Logical Specification 22.4.2008 An Example Derivation Show ⊢ (p p) (1) ⊢ (p ((p p) p)) ((p (p p)) (p p)) (dis) (2) ⊢ (p ((p p) p)) (wea) (3) ⊢ ((p (p p)) (p p)) (1,2,mp) (4) ⊢ (p (p p)) (wea) (5) ⊢ (p p) (3,4,mp)
16
Slide 16 H. Schlingloff, Logical Specification 22.4.2008 Correctness and Completeness Correctness: ⊢ ⊨ Only valid formulæ can be derived Induction on the length of the derivation Show that all axiom instances are valid, and that the consequent of (mp) is valid if both antecedents are Completeness: ⊨ ⊢ All valid formulæ can be derived Show that consistent formulæ are satisfiable ~ ⊢ ¬ ~ ⊨ ¬
17
Slide 17 H. Schlingloff, Logical Specification 22.4.2008 Consistency and Satisfiability A finite set Φ of formulæ is consistent, if ~ ⊢ ¬Λ Φ Extension lemma: If Φ is a finite consistent set of formulæ and is any formula, then Φ { } or Φ {¬ } is consistent Assume ⊢ ¬(Φ ) and ⊢ ¬(Φ ¬ ). Then ⊢ (Φ ¬ ) and ⊢ (Φ ¬¬ ). Therefore ⊢ ¬Φ, acontradiction. Let SF( ) be the set of all subformulæ of For any consistent , let # be a maximal consistent extension of (i.e., # and for every SF( ), either # or #. (Existence guaranteed by extension lemma)
18
Slide 18 H. Schlingloff, Logical Specification 22.4.2008 Canonical models For a maximal consistent set #, the canonical model CM( # ) is defined by I(p)=true iff p #. Truth lemma: For any SF( ), I( )=true iff # Case =p: by construction Case = : Φ { } cannot be consistent Case =( 1 2 ): by induction hypothesis and derivation Therefore, if is consistent, then for any maximal consistent set #, CM( # ) ⊨ any consistent formula is satisfiable any unsatisfiable formula is inconsistent any valid formula is derivable
19
Slide 19 H. Schlingloff, Logical Specification 22.4.2008 Example: Combinational Circuits Multiplexer S selects whether I 0 or I 1 is output to Y Y = if S then I 1 else I 0 end (Y ((S I 1 ) (¬S I 0 ))) Pictures taken from: http://www.scs.ryerson.ca/~aabhari/cps213Chapter4.ppt I0I0 I1I1 SY 0000 1001 0100
20
Slide 20 H. Schlingloff, Logical Specification 22.4.2008 Boolean Specifications Evaluator (output is 1 if input matches a certain binary value) Encoder (output i is set if binary number i is on input lines) Majority function (output is 1 if half or more of the inputs are 1) Comparator (output is 1 if input0 > input1) Half-Adder, Full-Adder, …
21
Slide 21 H. Schlingloff, Logical Specification 22.4.2008 Software Example Code generator optimization if (p and q) then if (r) then x else y else if (q or r) then y else if (p and not r) then x else y Loop optimization
22
Slide 22 H. Schlingloff, Logical Specification 22.4.2008 Verification of Boolean Functions Latch-Up: can a certain line go up? does ( ¬L 0 ) hold? is ( L 0 ) satisfiable? Given , ; does ( ) hold? usually reduced to SAT: is (( ¬ ) (¬ )) satisfiable? efficient SAT-solver exist (annual competition) partitioning techniques any output depends only on some inputs find which ones generate test patterns (BIST: built-in-self-test)
23
Slide 23 H. Schlingloff, Logical Specification 22.4.2008 Optimizing Boolean Functions Given ; find such that ( ) holds and is „optimal“ much harder question optimal wrt. speed / size / power /… translation to normal form (e.g., OBDD)
Similar presentations
