1. 28.05.08 Ukrprog 2008 1 Formal requirement language and its applications A.Letichevsky Glushkov Institute of Cybernetics

2. 28.05.08Ukrprog 20082 Formal requirement language BPSL (Basic Protocol Specification Language) is an insertion modeling language used for formal representing requirements in distributed concurrent systems design

3. 28.05.083 Historical prerequisites of insertion modeling А В finite automata Infinite registers with periodically defined transformations Computer model Glushkov 1961-1965 Theory of descrete processors 70-е Joint software and hardware design Theory of descrete processors 70-е Joint software and hardware design Models of macroconveyer computations 80-е Insertion programming and modeling 2000 -... cooperation with Motorola Theory of interaction of agents and environemnts 90-е Ukrprog 2008 n environment agents Insertion function

4. 4 А В Finite automata Infinite registers with periodically defined transformations Ukrprog 2008 80-е Macroconveyer computations over data structures Active agents passive environment 28.05.08

5. Active environment 28.05.08 Ukrprog 2008 5 n environment agents Insertion function Possesses behavior which is changed when new agents are inserted into it

6. 28.05.086 Insertion modeling Technology of constructing and studying of real systems models by representing them as compositions of interacting agents and environments Formaly Agents: labeled transition systems Environments: attribute transition systems Composition: continuous insertion function characterizing the behavior of environment with agents inserted into it A kind of Model Driven Engineering Ukrprog 2008

7. Simple example: readers and writers 28.05.08Ukrprog 20087 environment( agent types:( reader: ( registered: Bool, access allowed: Bool ), writer: Nil ); attributes:( rec: symb, queue: list of symb ); safety condition: Forall(m:reader)( m.access allowed->m.registered ); initial condition:( Forall(m:reader)( ~(reader m.registered)& ~(reader m.access allowed) ) ); Environment description BPS = environment description + [agent behaviors] + basic protocols

8. Agent behaviors 28.05.08Ukrprog 20088 state reduction: rs(x)( reader init = register.(loop read; release), writer init = (loop write; release), loop x = (x;(loop x + Delta)) ) incorrect state reduction: rs()( reader init = register state + read state + release state, register state = register. reader init, read state = read. reader init, release state = release. reader init, writer init = write state + writer release, write state = write. writer init, writer release = release. writer init )

9. Basic protocols: register and read 28.05.08Ukrprog 20089 reader menv reader(m, register.s)& ~(reader m.registered) reader(m, s)& reader m.registered register m ok register(m,s) reader menv reader(m, read.s)& reader m.access allowed reader(m, s)& ~(reader m.access allowed) read m rec read(m,s) Forall(m,s)

10. Release and write 28.05.08Ukrprog 200810 reader menv reader(m, release.s)& reader m.registered reader(m, s)& ~(reader m.registered) release m ok release(m,s) writer menv writer(m, write x.s) writer(m, s)& add_to_tail(queue,(m:x)) write(m:x) ok write(m,s,x) Forall(m,s,x)

11. Update 28.05.08Ukrprog 200811 rec update x update(x,t) (queue=t)&(rec=x)& Forall(n:reader)(n.registered-> n.access allowed) (queue=(x,t))& Exist(n:reader)(n.registered)& Forall(n:reader)(n.registered-> ~(n.access allowed)) queue Forall(x,t)

12. BPSL partially implemented in VRS environment description 28.05.08Ukrprog 200812 Types: Data types simple: int, real, Bool, intervals, enumerated, symbolic (free terms), agent behaviors (process algebra), ADT lists: list (m) of τ (simple) functional: (simple, arrays are considered as functional types) Agent types: defined by the set of typed agent attributes Environment attributes: used as functional symbols (simple= arity 0) Agent attributes: typed names Instances: (for MSC as processes in BPs) Axioms: formulas without attributes (ADT) Rewriting rule systems: equations as in APS (ADT and normal forms) Initial states: formula of basic language or concrete state

13. Abstract representation of basic protocol 28.05.08Ukrprog 200813 Algebraic representation: x – list of typed parameters, P – process, and are pre- and postconditions. Preconditions: 1-st order formula with the following literals: State assumptions (like reader(m, release.s) ) Linear inequalities for numeric Equalities and disequalities for symbolic Boolean attribute expressions Uninterpreted predicates Postconditions: 1-st order formula as in precondition Assignments x:=y considered as statements x´=y Updating lists

14. 14 Semantics of BPSL 14 Defined by the notion of implementation: Attributed transition system with validity relation s|=α,… such that for each BP and its instantiation (direct implementation) (inverse implementation) For each finite MSC C such that (permutability relation on actions and partially sequential composition of processes). Concrete implementations: interpretation of signature and initial states are fixed as well as deterministic transitions, validity is computed from attribute valuations. Abstract implementations: interpretation of signature and initial states are not fixed, validity is inferenced from the states labeling. Ukrprog 200828.05.08

15. Some new results on abstractions 28.05.08Ukrprog 200815 A class of concrete implementations Concr(P) is defined and proved to be direct and inverse implementations of consistent BPS P. Two classes Adir(P) and Ainv(P) of direct and inverse abstract implementations has been defined and proved to be implementations of consistent BPS P. Each abstract implementation is an abstraction of some concrete one. There exist the most abstract implementation (is an abstraction of all concrete implementations).

16. 16 Tools for static and dynamic requirements checking The applications of BPSL VRS Verification of Requirement Specifications a tool developed for Motorola Formalizing requirements Experience in Telecommunications, telematics and other application domains (projects for Motorola) Formal description of MPI library (projects for Intel) Generating tests from requirement specifications

17. 28.05.08Ukrprog 200817 Static requirements checking Proving consistency and completeness Proving safety Computing invariants Preconditions for BPs (with the same external actions) must not intersect Disjunction of preconditions is valid

18. 28.05.08Ukrprog 200818 Symbolic trace generation Checking applicability of protocol –Satisfiability of current state and precondition –Proving existential formula Computing predicate transformer –Proving predicate transformer formula Combining numeric and symbolic constraints Using data structures (arrays, lists etc.)

19. 28.05.0819 Experience in application of VRS Tens of application systems from the domains: Telecommunications Embedded systems Real time systems Sizes of formal requirements: Southands of basic protocols Handreds of attributes Handreds of errors found in documentations Southands of tests providing complete covering of requirements Transition from piloting to commercial use of VRS tools. Ukrprog 2008

20. 28.05.0820 Some new application domains Parallel computations: Formalization of MPI library Methods of checking of correctness of parallel programs using MPI Information security: Experiments on finding the possibility of attac on secure protocols of secret data exchange. Ukrprog 2008