Presentation is loading. Please wait.

Presentation is loading. Please wait.

Development of Formally Verified Erlang Programs a case study Thomas Arts Clara Benac Earle Computer Science Lab Stockholm, Sweden.

Published byAllison Baldwin Modified over 8 years ago

Similar presentations

Presentation on theme: "Development of Formally Verified Erlang Programs a case study Thomas Arts Clara Benac Earle Computer Science Lab Stockholm, Sweden."— Presentation transcript:

1

2 Development of Formally Verified Erlang Programs a case study Thomas Arts Clara Benac Earle Computer Science Lab Stockholm, Sweden

3 Research question how can we identify the hard-to-find errors in the code? can formal methods help in finding errors not uncovered by testing?

4 AXD 301 Architecture CP Switch Core DPDP DPDP DPDP DPDP DPDP DPDP DPDP AXD 301 Call setup

5 AXD 301 Architecture CP Switch Core DPDP DPDP DPDP DPDP DPDP DPDP DPDP CP OM CP OM CP OM CC CP CC OM AXD 301 fault tolerance

6 CP CC CP CC CP Switch Core DPDP DPDP DPDP DPDP DPDP DPDP DPDP CP OM CP OM CP OM CP CC OM CP OM CP CC CP CC node OM node app Billing application Take over

7 CP CC node OM node Billing application app Take over take over

8 CP OM node app CP CC node OM node Billing application app Take over

9 Application lock During take over the respective application should not be used. distributed resource locker with shared and exclusive locks

10 CLIENTSRESOURCES A C B LOCKER CLIENT 1 CLIENT 2 CLIENT 3 ok {request,[A],shared} ok {request,[A],exclusive} ok {release} done {release} done {request,[A,B],shared} C1 C2 C3

11 example -module(client). start_link(Locker) -> {ok,spawn_link(loop,[Locker])}. loop(Locker) -> gen_server:call(Locker,request), critical(), gen_server:call(Locker,release), loop(Locker).

12 example start_link() -> gen_server:start_link(locker,[],[]). init([]) -> {ok,[]}. handle_call(request,Client,Pending)-> case Pending of [] -> {reply, ok, [Client]}; _ -> {noreply, Pending ++ [Client]} end; handle_call(release, Client, [_|Pending]) -> case Pending of [] -> {reply, done, []}; _ -> gen_server:reply(hd(Pending), ok), {reply, done, Pending} end.

13 Supervisor processes standard supervision structure can be used to obtain initialization information for transition diagram supervisor locker gen_server client start supervision tree with 5 clients supervisor:start(locker_sup,start,[5]).

14 Testing versus Verification Thus, for one input, 100% coverage with verification testing: many program runs on different input verification: all runs on different input verify:allruns(locker_sup,start,[8]).

15 Mutual exclusion (at most one client has access to resource) -module(client). start_link(Locker) -> {ok,spawn_link(loop,[Locker])}. loop(Locker) -> gen_server:call(Locker,request), critical(), gen_server:call(Locker,release), loop(Locker). io:format(“enter cs~n”), critical(), io:format(“exit cs~n”), erlang:trace for gen_server:call

16 testing io client 2client 1 enter cs exit cs enter cs exit cs enter cs exit cs

17 Verification: generate State Space clients states transitions 2 14 18 3 53 75 4 230 344 5 1177 1805 6 7100 10980 8 398074 617216

18 Erlang -> transitions start verification with 2 clients verify:allruns(locker_sup,start,[2]) our Tool locker.erl client.erl locker_sup.erl client_sup.erl our Tool our Tool our Tool our Tool EtoE rest tool locker.erl client.erl init.erl instantiation

19 Erlang -> transitions start verification with 2 clients etomcrl:instantiator(locker_sup,start,[2]) locker.erl client.erl locker_sup.erl client_sup.erl locker.erl client.erl init.erl instantiation tomcrl.erl instantiation EtoE rest tool EtoPmcrl

20 Erlang -> transitions locker.erl client.erl locker_sup.erl client_sup.erl instantiation tomcrl.erl instantiation EtoE rest tool EtoPmcrl rest tool CWI tool instantiator locker.mCRL toMCRL start verification with 2 clients etomcrl:instantiator(locker_sup,start,[2]) locker.erl client.erl init.erl

21 Erlang -> transitions locker.erl client.erl locker_sup.erl client_sup.erl instantiation tomcrl.erl instantiation EtoE rest tool EtoPmcrl CWI tool instantiator locker.mCRL toMCRL start verification with 2 clients etomcrl:instantiator(locker_sup,start,[2]) locker.erl client.erl init.erl Aldebaran locker.aut

22 State Space analysis simulation with backtrack possibilities find execution sequence deadlock check states in the graph without out-arrow property check such as mutual exclusion

23 State Space analysis Between two handle_call(request,_,_) there should be a handle_call(release,_,_). [-*,“ handle_call(request,_,_) ”, (not “ handle_call(release,_,_) ”)*, “ handle_call(request,_,_) ” ]false Properties are specified as regular expressions over Erlang function calls in combination with [] and <> operators. After a gen_server:call(locker, request) there is always a gen_server:call(locker,release) possible. [-*,“ gen_server:call(locker, request) ”] true

24 Conclusions We developed software to verify properties of Erlang programs We verified a resource locker program featuring multiple resources with shared and exclusive access (upto 6 clients in many different configurations) State space upto a million states (several techniques to reduces state space if property is given) Working on addition of Erlang constructs to cover more of the language (fault tolerance handling, gen_fsm)

Download ppt "Development of Formally Verified Erlang Programs a case study Thomas Arts Clara Benac Earle Computer Science Lab Stockholm, Sweden."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.
Formal Methods and Testing Goal: software reliability Use software engineering methodologies to develop the code. Use formal methods during code development.

Formal Methods and Testing Goal: software reliability Use software engineering methodologies to develop the code. Use formal methods during code development.
Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.

Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.
Dr. Kalpakis CMSC 621, Advanced Operating Systems. Distributed Mutual Exclusion.

Dr. Kalpakis CMSC 621, Advanced Operating Systems. Distributed Mutual Exclusion.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Thomas Arts Industrial Use of a Functional Language Thomas Arts Ericsson Computer Science Laboratory Stockholm, Sweden

Thomas Arts Industrial Use of a Functional Language Thomas Arts Ericsson Computer Science Laboratory Stockholm, Sweden
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.

SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.
CS 290C: Formal Models for Web Software Lecture 4: Implementing and Verifying Statecharts Specifications Using the Spin Model Checker Instructor: Tevfik.

CS 290C: Formal Models for Web Software Lecture 4: Implementing and Verifying Statecharts Specifications Using the Spin Model Checker Instructor: Tevfik.
Multiprocessor Synchronization Algorithms (20225241) Lecturer: Danny Hendler The Mutual Exclusion problem.

Multiprocessor Synchronization Algorithms ( ) Lecturer: Danny Hendler The Mutual Exclusion problem.
LIFE CYCLE MODELS FORMAL TRANSFORMATION

LIFE CYCLE MODELS FORMAL TRANSFORMATION
1 Concurrency Specification. 2 Outline 4 Issues in concurrent systems 4 Programming language support for concurrency 4 Concurrency analysis - A specification.

1 Concurrency Specification. 2 Outline 4 Issues in concurrent systems 4 Programming language support for concurrency 4 Concurrency analysis - A specification.
Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (www.dcs.warwick.ac.uk/~doron/notes.html)

Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (
Ordering and Consistent Cuts Presented By Biswanath Panda.

Ordering and Consistent Cuts Presented By Biswanath Panda.
Banker’s Algorithm Implementation in CPN Tools Michal Žarnay Department of Transportation Networks University of Žilina, Slovakia.

Banker’s Algorithm Implementation in CPN Tools Michal Žarnay Department of Transportation Networks University of Žilina, Slovakia.
Computer Science Lecture 12, page 1 CS677: Distributed OS Last Class Distributed Snapshots –Termination detection Election algorithms –Bully –Ring.

Computer Science Lecture 12, page 1 CS677: Distributed OS Last Class Distributed Snapshots –Termination detection Election algorithms –Bully –Ring.
Ch6: Software Verification. 1 Statement coverage criterion  Informally:  Formally:  Difficult to minimize the number of test cases and still ensure.

Ch6: Software Verification. 1 Statement coverage criterion  Informally:  Formally:  Difficult to minimize the number of test cases and still ensure.

Similar presentations

Ads by Google