Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 VeriSoft A Tool for the Automatic Analysis of Concurrent Reactive Software Represents By Miller Ofer.

Published byDavid Stevenson Modified over 9 years ago

Similar presentations

Presentation on theme: "1 VeriSoft A Tool for the Automatic Analysis of Concurrent Reactive Software Represents By Miller Ofer."— Presentation transcript:

1 1 VeriSoft A Tool for the Automatic Analysis of Concurrent Reactive Software Represents By Miller Ofer

2 2 Content III.Demo of simple reactive system. I. Motivation for using automatic tools. II. The main idea of the VeriSoft application. ***

3 3 Motivation What is it concurrent system ? :  Concurrent system composes of elements that can be operate concurrently and communicate with each other.  Each component can be view as ‘reactive system’, i.e., a system that continuously interacts with its environment. Example :  Communication protocols.

4 4 Motivation Reactive systems are notably hard to test :  Traditional test are of limited help since test coverage is bound to be only minute of the possible behaviors of the system.  Their components may interact in many unexpected way.  Scenarios leading to errors are often extremely difficult to reproduce.

5 5 The VeriSoft tool Purposes : –Systematically exploring the state space of systems composed of several concurrent processes executing arbitrary code. *

6 6 The VeriSoft tool Purposes : (continuance) –Automatically detect coordinate problems between concurrent processes. –Interactive graphical simulator /debugger is available for following the execution of all the processes.

7 7 The VeriSoft tool How does its work ? Each process execute a sequence of operation that can be written by any of c /c++ program Process communicate with each other by performing operations on communication objects. (i.e. shared variables, semaphores, FIFO buffers) P i =1 P i =2 s.v *

8 8 The VeriSoft tool Basic definitions : Definition : operations on communication objects are called Visible operations, while other operations are by default called invisible operations. Definition : execution of an operation is said to be blocking if it can not be completed.

9 9 The VeriSoft tool Basic definitions (continuance ) : Definition : global state defined when the next operation to be executed by every process in the system is a visible operation. Definition : transition is a visible operation followed by a finite sequence of invisible operation performed by a single process. Definition : transition whose visible operation is blocking in a global state s is said to be disable in s. Otherwise, the transition is said to be enable in s.

10 10 The VeriSoft tool Basic assumptions : Assumption : only executions of visible operations may be blocking. Assumption : every process in the system always eventually attempts to execute a visible operation.

11 11 The VeriSoft tool Once the execution of t from s is complete, the system reaches a global state s`, called the successor of s by t. The state space of the concurrent system is compose of a global states that are reachable from the initial global state s 0, and of the transitions that are possible between these.

12 12 The VeriSoft tool The “VS__toss”  In case of single “open” reactive system the environment has to be represented,in practice such environment may not be available.  VS_toss is a simplified representation for the environment to simulate its observable behavior.  VS_toss takes takes as argument a positive integer n, and returns an integer in [0,n].  This operation consider as a visible and nondeterministic and operation.

13 13 The VeriSoft tool What kind of bugs does the application find : Deadlocks  States where the execution of the next operation of every process in the system is blocking. deadlock **

14 14 The VeriSoft tool What kind of bugs does the application find : Assertion violations  Can be specified by the user with the special operation “VS_assert”. This operation consider as a visible operation.  If the expression evaluate to false, the assertion is said to be violation.

15 15 The VeriSoft tool What kind of bugs does the application find : Divergence  Occurs when a process does not attempt to execute any visible operation for more than a give (user-specified) amount of time. Livelocks  Occurs when a process has no enable transition during a sequence of more than a given (user-specified) number of successive global states.

16 16 Example Content  A program of an air conditioning controller.  An environment.  The manual simulation mode.  The automatic simulation mode.  The guided simulation mode.

17 17 Example void AC_controller() { char *message; int is_room_hot=0; /* initially, room is not hot */ int is_door_closed=1; /* and door is closed */ int ac=0; /* so, ac is off */ while (1) { message=(char *)rcv_from_queue(to_me,QSZ); if (strcmp(message,"room_is_hot") == 0) { is_room_hot=1; }; if (strcmp(message,"room_is_cool") == 0) { is_room_hot=0; }; if (strcmp(message,"open_door") == 0) { is_door_closed=0; ac=0; }; First stage Visible Operation on a communication object *

18 18 if ((strcmp(message,"close_door") == 0)){ is_door_closed=1; if (is_room_hot) ac=1; }; /* test */ if (is_room_hot && is_door_closed) VS_assert(ac); }; * First stage Visible operation of ‘VeriSoft’

19 19 void Environment() { char *message; message=(char *)malloc(100); while (1) { switch(VS_toss(3)) { case 0: sprintf(message,"room_is_cool"); break; case 1: sprintf(message,"room_is_hot"); break; case 2: sprintf(message,"open_door"); break; case 3: sprintf(message,"close_door"); break; }; send_to_queue(from_me, QSZ, message); }; } * Second stage Visible operation of ‘VeriSoft’

20 20 Third stage Trace View : this part display the operations that are visible according to the verisoft terminology: “VS_toss”, “VS_assert” and communication objects like : “send_to_queue”, “rcv_from queue”. *** Each “process view” shows the current state of the corresponding process. A process whose next instruction is colored in red is currently blocked. 20

21 21 Third stage The red horizontal bar indicates the current position in this scenario. Process 1 will be colored in blue when the process will be the next process to be scheduled according to the scenario being played. Process 2 will be colored in yellow when another process (e.g. process 1) is about to execute a non-visible operation. ***

22 22 Forth stage The automatic simulate mode.  In this mode the application explores all possible executions of the system that represented by graph called the “state space” of the system.  By default the application performs a sort of breadth- first search (bfs) in the space state.  In our case the ‘VeriSoft’ application immediately found a scenario leading to an assertion violation. This error trace will be save in a special file named “error1.path”.

23 23 Fifth stage The guided simulation mode of the file “ error1.path”.

24 24 void AC_controller() { while (1) { message=(char *)rcv_from_queue(to_me,QSZ); if (strcmp(message,"room_is_hot") == 0) { is_room_hot=1; }; if (strcmp(message,"room_is_cool") == 0) { is_room_hot=0; }; if (strcmp(message,"open_door") == 0) { is_door_closed=0; ac=0; }; if ((strcmp(message,"close_door") == 0)){ is_door_closed=1; if (is_room_hot) ac=1; }; if (is_room_hot && is_door_closed) VS_assert(ac); }; Inintialization int is_room_hot=0; int is_door_closed=1; int ac=0; *

Download ppt "1 VeriSoft A Tool for the Automatic Analysis of Concurrent Reactive Software Represents By Miller Ofer."

Similar presentations

Detecting Bugs Using Assertions Ben Scribner. Defining the Problem  Bugs exist  Unexpected errors happen Hardware failures Loss of data Data may exist.

Detecting Bugs Using Assertions Ben Scribner. Defining the Problem  Bugs exist  Unexpected errors happen Hardware failures Loss of data Data may exist.
1 Chapter 5 Concurrency: Mutual Exclusion and Synchronization Principals of Concurrency Mutual Exclusion: Hardware Support Semaphores Readers/Writers Problem.

1 Chapter 5 Concurrency: Mutual Exclusion and Synchronization Principals of Concurrency Mutual Exclusion: Hardware Support Semaphores Readers/Writers Problem.
Concurrency: Mutual Exclusion and Synchronization Chapter 5.

Concurrency: Mutual Exclusion and Synchronization Chapter 5.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,

PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
Background Concurrent access to shared data can lead to inconsistencies Maintaining data consistency among cooperating processes is critical What is wrong.

Background Concurrent access to shared data can lead to inconsistencies Maintaining data consistency among cooperating processes is critical What is wrong.
Chapter 7: User-Defined Functions II Instructor: Mohammad Mojaddam.

Chapter 7: User-Defined Functions II Instructor: Mohammad Mojaddam.
Reachability analysis A reachability analysis shows the product space of the two processes and the signal queues of their input ports. Say we have an SDL.

Reachability analysis A reachability analysis shows the product space of the two processes and the signal queues of their input ports. Say we have an SDL.
Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.

Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.
Concurrency.

Concurrency.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
Software Engineering, COMP201 Slide 1 Protocol Engineering Protocol Specification using CFSM model Lecture 30.

Software Engineering, COMP201 Slide 1 Protocol Engineering Protocol Specification using CFSM model Lecture 30.
1 CSC 1401 S1 Computer Programming I Hamid Harroud School of Science and Engineering, Akhawayn University

1 CSC 1401 S1 Computer Programming I Hamid Harroud School of Science and Engineering, Akhawayn University
1 CPN Tools Future work. 2 Overview Language extensions Manual simulation Analysis techniques Editing Other.

1 CPN Tools Future work. 2 Overview Language extensions Manual simulation Analysis techniques Editing Other.
Distribution of Marks Internal Sessional Evaluation Assignments – 10 Quizzes – 10 Class Participation Attendence – 5 Mid – Term Test – 25 External Evaluation.

Distribution of Marks Internal Sessional Evaluation Assignments – 10 Quizzes – 10 Class Participation Attendence – 5 Mid – Term Test – 25 External Evaluation.
11 Chapter 4 LOOPS AND FILES. 22 THE INCREMENT AND DECREMENT OPERATORS To increment a variable means to increase its value by one. To decrement a variable.

11 Chapter 4 LOOPS AND FILES. 22 THE INCREMENT AND DECREMENT OPERATORS To increment a variable means to increase its value by one. To decrement a variable.
[ §6 : 1 ] 6. Basic Methods II Overview 6.1 Models 6.2 Taxonomy 6.3 Finite State Model 6.4 State Transition Model 6.5 Dataflow Model 6.6 User Manual.

[ §6 : 1 ] 6. Basic Methods II Overview 6.1 Models 6.2 Taxonomy 6.3 Finite State Model 6.4 State Transition Model 6.5 Dataflow Model 6.6 User Manual.
Advances in Language Design

Advances in Language Design
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

Similar presentations

Ads by Google