Software verification 2 automated verification
This presentation is the property of its rightful owner.
Sponsored Links
1 / 14

Software Verification 2 Automated Verification PowerPoint PPT Presentation


  • 107 Views
  • Uploaded on
  • Presentation posted in: General

Software Verification 2 Automated Verification. Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik. Recap: LTS. LTS=( , S, , S 0 )  is a nonempty finite alphabet

Download Presentation

Software Verification 2 Automated Verification

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Software verification 2 automated verification

Software Verification 2Automated Verification

Prof. Dr. Holger Schlingloff

Institut für Informatik der Humboldt Universität

and

Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik


Recap lts

Recap: LTS

  • LTS=(, S, , S0)

    •  is a nonempty finite alphabet

    • S is a nonempty finite set of states

    •   S    S is the transition relation

    • S0  S is the set of initial states

      remark: sometimes a pseudo state s0S is used instead of S0S;sometimes there is only a single initial state s0S

  • state = (program counter(s), variable valuation)transition = (state, instruction, state)

  • S0 can be written as a predicate on variables and pc’s

    • init: (pc==  x==0  y<=5  ...)

  •  can be written as a predicate on current and next variables

    • : ((pc==  x‘==x+1)  (pc== x‘==x+2)  ...)


Boolean equivalences

Boolean Equivalences

next(state):= case

inp=0: state;

inp=50 & state=s0: s50;

inp=50 & state=s50: s0;

esac;

((inp==0  state‘==state) 

(inp==50  state=s0  state‘== s50) 

(inp==50  state=s50  state‘==s0) )

((inp==0  state‘==state) 

(inp==50  (state=s0  state‘== s50 ) 

(state=s50  state‘== s0 )

)

)


Software verification 2 automated verification

  • Parallel transition system / state machine

    • T=(T1,...,Tn)

    • all state sets must be pairwise disjoint

  • Global TS associated with parallel TS: T=(, S, , S0), where

    • = i

    • S=S1 ...  Sn

    • S0=S10 ... Sn0

    • ((s1,...,sn), a, (s1’,...,sn’))   iff for all Ti,

      • if a  i, then (si, a, si’)  i, and

      • if a  i, then si’= si

  • Complexity (size of this construction)? Correctness???


Correctness

Correctness

  • T=(T1,...,Tn), T =T1 ...  Tn

  • Intuitively: T accepts/generates exactly those sequences which are accepted/generated by all Ti

    • projection of run onto the alphabet of a transition system: =123...|Ti =if (1i) then 1 (23...)|Ti else (23...)|Ti

    • Show: T acc  iffi (Ti acc | Ti )

    • can also be used as a definition


  • Parallel state machines

    Parallel State Machines

    • Parallel state machine

      • T=(T1,...,Tn), i=2E  C  2A

    • What is the global state machine associated with a parallel state machine? (“flattening”)

      • synchronization by common e[c]/a is not an option

      • possible choices: synchronize or compete on common input events (triggers)?

      • what if an effect contains sending of a trigger?

        (“run-to-completion-semantics”: tedious formalization)


    Example

    Example


    Introducing data

    Introducing Data

    • Simple state machines

      • E: set of events, C: set of conditions, A: set of actions

      • a simple state machine is an LTS where =2E  C  2A

    • Extended state machine: Assume a first-order signature (D, F, R) with finite domains D and a set V of program variables on these domains. An ESM is a simple state machine where

      • a guard is a quantifier-free first-order formula on (D, F, R) and V

      • an action is an assignment V=T

        • Attention: the effect of a transition is a set of actions!Parallel execution introduces nondeterminism.


    Example1

    Example


    Introducing hierarchies

    Introducing Hierarchies

    • In a UML state machine, a state may contain other states

      • powerful abstraction concept

      • semantics can be tedious


    Introducing visibility scopes

    Introducing Visibility Scopes

    • A state machine can be part of a class or module

      • all variables are visible within the module only

      • modules may be nested

    • Classes or modules can be parameterized

      • instances of classes are objects


    Introducing fairness

    Introducing Fairness

    • LTSs cannot specify that something will eventually happen

      • only maximal sequences are accepted (terminating or infinite)

    • want to express that in infinite runs, certain states must occur infinitely often

    • Just LTS=(LTS,J), where J=(J1,...,Jm), JiS(justice requirements)

      • for each JiJ each infinite run must contain infinitely many sJi

    • Fair LTS=(LTS,F), where F=(F1,...,Fm), Fi=(Pi,Qi), PiS, QiS(compassion requirements)

      • for each FiF and each infinite run it holds that if it contains infinitely many sPi, then it also contains infinitely many sQi

    • Cf. automata theory: Büchi- and Rabin-acceptance


    Example peterson s mutual exclusion

    Example: Peterson’s Mutual Exclusion

    {t=0; x=0; y=0;

    {0:while(true){NC1: skip; 1:x=1; 2:t=1;

    3:await(t==0  y==0); C1: skip;

    4:x=0;}

    ||

    {0:while(true){NC2: skip; 1:y=1; 2:t=0;

    3:await(t==1  x==0); C2: skip;

    4:y=0;}

    }


    Summary finite state modeling concepts

    Summary: Finite State Modeling Concepts

    • We discussed

      • (parallel) while-Programs with finite domains

      • Labeled transition systems

      • Simple state machines

      • Parallel transition systems / state machines

      • UML state machines

      • Object-oriented concepts

      • Fairness Constraints (justice, compassion)

    • Mutual simulation possible

      • but may be tedious; cross-compiler technology


  • Login