Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

Published byAshlee Rose French Modified over 9 years ago

Similar presentations

Presentation on theme: "Cheng/Dillon-Software Engineering: Formal Methods Model Checking."— Presentation transcript:

1 Cheng/Dillon-Software Engineering: Formal Methods Model Checking

2 Cheng/Dillon-Software Engineering: Model Checking Model Checking Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design Specify critical correctness properties Validate the model w/r to the specifications

3 Cheng/Dillon-Software Engineering: Model Checking Create a FSM FSM languages focus on expressing concurrency, synchronization, and communication abstract details of internal computations must be precise and unambiguous (formally defined syntax and semantics) We will use Promela for giving system descriptions

4 Cheng/Dillon-Software Engineering: Model Checking Specify correctness properties Safety properties: Nothing “bad” ever happens Formalized using state invariants  execution never reaches a “bad” state Liveness properties: Something “good” eventually happens Formalized using temporal logic  special logic for describing sequences

5 Cheng/Dillon-Software Engineering: Model Checking Validate the model “Execute” the model to test it simulate executions of the system check satisfaction of safety properties along simulated executions Exhaustive analysis generate reachability graph to verify safety and liveness properties Generate counterexamples to illustrate failures

6 Cheng/Dillon-Software Engineering: Model Checking Home Heating System

7 Cheng/Dillon-Software Engineering: Model Checking Example properties Pump is never on unless Burner is also on Whenever Sensor calls resp-temp(LOW), eventually Controller becomes all-on

8 Cheng/Dillon-Software Engineering: Model Checking Reachability Graph Graph of global states that can be “reached” during execution global state contains a state for each concurrent “process” transitions show how an event or action transforms the global state Analyze global state space to verify safety properties Analyze paths through the RG to verify liveness properties

9 Cheng/Dillon-Software Engineering: Model Checking Promela The system description language of SPIN Designed for modeling data communication protocols System described as a collection of concurrent processes Processes communicate and synchronize via message channels and global variables

10 Cheng/Dillon-Software Engineering: Model Checking Promela Specify macro definitions #define signal 0 Declare symbolic constants mtype = { ON, OFF, LOW, OK } Declare a synchronous message channel chan pump_in = [0] of { mtype }

11 Cheng/Dillon-Software Engineering: Model Checking Promela Create a process instance active proctype pump ( ) { statements } Send a message pump_in!ON Receive a message pump_in?ON

12 Cheng/Dillon-Software Engineering: Model Checking Promela version of HHS

13 Cheng/Dillon-Software Engineering: Model Checking Promela version of HHS

14 Cheng/Dillon-Software Engineering: Model Checking Promela version of HHS

15 Cheng/Dillon-Software Engineering: Model Checking SPIN simulation of HHS SPIN automatically generates sequence diagrams to represent executions random guided interactive Automates tracing between system views sequence diagram Promela description state diagram textual execution traces

16 Cheng/Dillon-Software Engineering: Model Checking Verification of a safety property Pump is never on unless Burner is also on

17 Cheng/Dillon-Software Engineering: Model Checking Verification of a liveness property Whenever Sensor calls resp-temp(LOW), eventually Controller becomes all-on

18 Cheng/Dillon-Software Engineering: Model Checking Verification of a liveness property

Download ppt "Cheng/Dillon-Software Engineering: Formal Methods Model Checking."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Part 3: Safety and liveness

Part 3: Safety and liveness
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Budapest University of Technology and EconomicsDagstuhl 2004 Department of Measurement and Information Systems 1 Towards Automated Formal Verification.

Budapest University of Technology and EconomicsDagstuhl 2004 Department of Measurement and Information Systems 1 Towards Automated Formal Verification.
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,

PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
Verification of Graph Transformation Systems Arman Sheikholeslami

Verification of Graph Transformation Systems Arman Sheikholeslami
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.

Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.
/ PSWLAB P ROMELA Semantics from “THE SPIN MODEL CHECKER” by G. J. Holzmann Presented by Hong,Shin 5 th Oct 2007 08:021PROMELA Semantics.

/ PSWLAB P ROMELA Semantics from “THE SPIN MODEL CHECKER” by G. J. Holzmann Presented by Hong,Shin 5 th Oct :021PROMELA Semantics.
© 2011 Carnegie Mellon University SPIN: Part 1 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.

© 2011 Carnegie Mellon University SPIN: Part /614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.
M INERVA (Metamodel-based Intuitive Editors with Reports and Visualizations of Analysis) Laura A. Campbell Advisor: Dr. Betty H.C. Cheng Software Engineering.

M INERVA (Metamodel-based Intuitive Editors with Reports and Visualizations of Analysis) Laura A. Campbell Advisor: Dr. Betty H.C. Cheng Software Engineering.
Hydra (A General Framework for Formalizing UML with Formal Languages for Embedded Systems*) *from the Ph.D. thesis of William E. McUmber Software Engineering.

Hydra (A General Framework for Formalizing UML with Formal Languages for Embedded Systems*) *from the Ph.D. thesis of William E. McUmber Software Engineering.
CSE 522 UPPAAL – A Model Checking Tool Computer Science & Engineering Department Arizona State University Tempe, AZ 85287 Dr. Yann-Hang Lee

CSE 522 UPPAAL – A Model Checking Tool Computer Science & Engineering Department Arizona State University Tempe, AZ Dr. Yann-Hang Lee
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
The Spin Model Checker Promela Introduction 50374 Nguyen Tuan Duc 50378 Shogo Sawai.

The Spin Model Checker Promela Introduction Nguyen Tuan Duc Shogo Sawai.

Similar presentations

Ads by Google