Presentation is loading. Please wait.

Presentation is loading. Please wait.

CIS 842: Specification and Verification of Reactive Systems Lecture INTRO-Bogor-Simulation: Executing (Simulating) Concurrent Systems in Bogor Copyright.

Published byValentine Lang Modified over 8 years ago

Similar presentations

Presentation on theme: "CIS 842: Specification and Verification of Reactive Systems Lecture INTRO-Bogor-Simulation: Executing (Simulating) Concurrent Systems in Bogor Copyright."— Presentation transcript:

1 CIS 842: Specification and Verification of Reactive Systems Lecture INTRO-Bogor-Simulation: Executing (Simulating) Concurrent Systems in Bogor Copyright 2004, Matt Dwyer, John Hatcliff, and Robby. The syllabus and all lectures for this course are copyrighted materials and may not be used in other course settings outside of Kansas State University in their current form or modified form without the express written permission of one of the copyright holders. During this course, students are prohibited from selling notes to or being paid for taking notes by any person or commercial firm without the express written permission of one of the copyright holders.

2 CIS 842: INTRO: Bogor Simulation 2 Objectives Understand how a model-checker’s random simulation and user-guided simulation mode can be applied to explore paths through a system’s computation tree. Be able to apply Bogor in both random simulation mode and user-guided simulation mode.

3 CIS 842: INTRO: Bogor Simulation 3 Outline Bogor random simulation mode Bogor user-guided simulation mode

4 CIS 842: INTRO: Bogor Simulation 4 system SumToN { const PARAM { N = 3 }; typealias byte int wrap (0,255); byte x; byte t1; byte t2; thread Thread1() { loc loc0: when x != 0 do { t1 := x; } goto loc1; loc loc1: do { t2 := x; } goto loc2; loc loc2: do { x := t1 + t2; } goto loc0; } SumToN thread Thread2() { loc loc0: when x != 0 do { t1 := x; } goto loc1; loc loc1: do { t2 := x; } goto loc2; loc loc2: do { x := t1 + t2; } goto loc0; } thread Thread0() { loc loc0: do { x := 1; } goto loc1; loc loc1: do { assert (x != PARAM.N); } return; }

5 CIS 842: INTRO: Bogor Simulation 5 Assessment Even though this is a very small system, it is already tedious for us to try to find a violating trace. Bogor can act as a simulator to help us find a violating trace. Bogor simulates in two ways: random simulation user-guided simulation Same as many other model-checkers (e.g., Spin).bir Bogor (simulation mode) user interaction

6 CIS 842: INTRO: Bogor Simulation 6 Random Simulation At choice points, Bogor randomly chooses one of the enabled transitions. In a random simulation, Bogor randomly chooses a branch at a choice point.

7 CIS 842: INTRO: Bogor Simulation 7 Guided Simulation In a guided simulation, Bogor asks the user which transition to take at a choice point. At choice points, Bogor asks user which transition to take.

8 CIS 842: INTRO: Bogor Simulation 8 For You To Do… Pause the lecture… The computation tree for the SumToN example depicted on earlier slides is five levels deep. Extend the diagram to six levels. Download the file sumton.bir from the examples page. Run Bogor in random simulation mode. Edit sumton.bir and change the assertion to x != 1. Do you understand Bogor’s output? Was Bogor able to find a violating trace? Why/why-not? Edit sumton.bir and change the assertion to x != 3. Run Bogor in random simulation mode several times. Do you understand Spin’s output? Was Bogor able to find a violating trace each time? Edit sumton.bir and change the assertion to x != 5. Using Bogor in guided simulation mode, construct a trace that leads to an assertion violation. Is this the shortest trace that leads to a violation? How can you be sure? Edit sumton.bir and change the assertion to x != 7. Using Bogor in guided simulation mode, construct a trace that leads to an assertion violation. Is this the shortest trace that leads to a violation? How can you be sure?

9 CIS 842: INTRO: Bogor Simulation 9 Assessment Bogor in random simulation mode… sometimes it can find an error e.g., when assertion read x != 1 most of the time it won’t find an error e.g., when assertion read x != 3 in this case, Bogor runs forever, and you can notice the overflow error messages associated with the variables of type byte

10 CIS 842: INTRO: Bogor Simulation 10 Assessment Bogor in guided simulation mode… the user can guide Bogor to the error but this requires that the user already know or at least have a good idea about how the error can occur! tedious and error prone infeasible on all but very short traces cannot be used in practice to obtain an exhaustive search of all possible traces can be useful in practice if the user simply wants to explore the behavior, e.g., of a particularly troublesome section of code

11 CIS 842: INTRO: Bogor Simulation 11 On To Exhaustive Exploration… Bogor’s randon simulation isn’t that useful for finding bugs only explores one execution trace Bogor’s guided simulation is only useful on short traces where the user already has a good idea of how a property violation might arise only feasible to explore a few execution traces The main strength of Bogor is its automatic exhaustive search capabilities this is why people use model-checkers! this is what this course is all about

Download ppt "CIS 842: Specification and Verification of Reactive Systems Lecture INTRO-Bogor-Simulation: Executing (Simulating) Concurrent Systems in Bogor Copyright."

Similar presentations

PLEASE CLICK. Once you have logged in you will be greeted with your Home Page See the Administration Section in the lower left The Course Files tab is.

PLEASE CLICK. Once you have logged in you will be greeted with your Home Page See the Administration Section in the lower left The Course Files tab is.
Copyright 2003-04, Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.

Copyright , Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Introducing BLAST Software Verification John Gallagher CS4117.

Introducing BLAST Software Verification John Gallagher CS4117.
Introduction to Flowcharting

Introduction to Flowcharting
Module 20 Troubleshooting Common SQL Server 2008 R2 Administrative Issues.

Module 20 Troubleshooting Common SQL Server 2008 R2 Administrative Issues.
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.
1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.

1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.
Logic Based LSC Consistency Testing Presenter: Anup Niroula.

Logic Based LSC Consistency Testing Presenter: Anup Niroula.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
Software Testing. “Software and Cathedrals are much the same: First we build them, then we pray!!!” -Sam Redwine, Jr.

Software Testing. “Software and Cathedrals are much the same: First we build them, then we pray!!!” -Sam Redwine, Jr.
DEBUGGERS For CS302 Data Structures Course Slides prepared by TALHA OZ (most of the text is from

DEBUGGERS For CS302 Data Structures Course Slides prepared by TALHA OZ (most of the text is from
(C)opyright 2003 Scott/Jones Publishers Introduction to Flowcharting A Supplement to Starting Out with C++, 4th Edition by Tony Gaddis Scott/Jones Publishers.

(C)opyright 2003 Scott/Jones Publishers Introduction to Flowcharting A Supplement to Starting Out with C++, 4th Edition by Tony Gaddis Scott/Jones Publishers.
1 CSE 142 Lecture Notes Interactive Programs with Scanner Chapter 4 Suggested reading: 4.1 - 4.3 Suggested self-checks: Section 4.10 #1-4 These lecture.

1 CSE 142 Lecture Notes Interactive Programs with Scanner Chapter 4 Suggested reading: Suggested self-checks: Section 4.10 #1-4 These lecture.
Programming For Nuclear Engineers Lecture 12 MATLAB (3) 1.

Programming For Nuclear Engineers Lecture 12 MATLAB (3) 1.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
15.1.2003Software Engineering 2003 Jyrki Nummenmaa 1 CASE Tools CASE = Computer-Aided Software Engineering A set of tools to (optimally) assist in each.

Software Engineering 2003 Jyrki Nummenmaa 1 CASE Tools CASE = Computer-Aided Software Engineering A set of tools to (optimally) assist in each.
Enrolment Services – Class Scheduling Fall 2014 Course Combinations.

Enrolment Services – Class Scheduling Fall 2014 Course Combinations.
1 VeriSoft A Tool for the Automatic Analysis of Concurrent Reactive Software Represents By Miller Ofer.

1 VeriSoft A Tool for the Automatic Analysis of Concurrent Reactive Software Represents By Miller Ofer.
Ch 101 Chapter 10 Introduction to Batch Files. Ch 102 Overview A batch file is a text file that contains an ordered series of commands.

Ch 101 Chapter 10 Introduction to Batch Files. Ch 102 Overview A batch file is a text file that contains an ordered series of commands.

Similar presentations

Ads by Google