1 / 13

Chunks: Component Verification in CSP

Chunks: Component Verification in CSP. Steve Schneider & Helen Treharne, Surrey Neil Evans, Southampton http://www.csp-b.org. CSP Controlled B machines. B machines as concurrent components (good for data-rich aspects) CSP processes as controllers (good for patterns of communication)

jenn
Download Presentation

Chunks: Component Verification in CSP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chunks: Component Verification in CSP Steve Schneider & Helen Treharne, Surrey Neil Evans, Southampton http://www.csp-b.org

  2. CSP Controlled B machines • B machines as concurrent components (good for data-rich aspects) • CSP processes as controllers (good for patterns of communication) • Combination underpinned by CSP semantics for B • Tap into tools for CSP and for B CSP process B operations B machine

  3. Example B machine CSP controller MACHINE Switch VARIABLES switch INITIALISATION switch := off OPERATIONS light = PRE switch = off THEN switch := on END; dark = PRE switch = on THEN switch := off END END

  4. Consistency • Operations must be called within their preconditions • Established techniques available (based on wp semantics) for establishing consistency between a controller and a controlled machine. • Consistency expressed as divergence-freedom • Divergence-freedom means operations called within their preconditions

  5. Combining Components CSP CSP CSP B B B • System divergence-free if each pair is • System deadlock-free if CSP part is. • System meets particular specs if CSP part does

  6. Sorted? Not quite.Odd-Even example oepass.8 eopass.9 odd_get.7 odd_set.9 even_get.8 even_set.8 MACHINE Even VARIABLES mm INVARIANT even(mm) OPERATIONS even_set(ii) = PRE even(ii) THEN mm := ii END; jj <-- even_get = jj := mm END MACHINE Odd VARIABLES nn INVARIANT odd(nn) OPERATIONS odd_set(ii) = PRE odd(ii) THEN nn := ii END; jj <-- odd_get = jj := nn END

  7. Component Consistency Guarantees m even oepass.m+1 {even(m)} eopass?n <odd(n)> diverging assertion odd_get.m odd_set.n Introduce blocking assertion Consistency relies on n being odd MACHINE Odd … odd_set(ii) = PRE odd(ii) THEN nn := ii END; … END Consistency of ODD_CTRL’ and Odd guarantees m even under assumption of n odd

  8. Lifting state • Sometimes we need to relate assertions to the B state • To do this, we lift relevant state to the CSP level transfer.tim but T not in CSP add.tim

  9. Interaction transfer.tim add.tim take.tim

  10. Decomposing requirements

  11. Chunks – discharging proof obligations (chunks theorem) • Split the network into chunks – each assertion needs to be diverging in at least one chunk. Can be blocking in all others. • Chunks need to be divergence-free – this can be checked by FDR (for CSP parts) or by wp technique (CSP||B technique) • Then the system is divergence-free

  12. Chunks P <P> {P} Every predicate must have a chunk where it diverges (verify) In other chunks it can block (assumption)

  13. Current work • More elaborate architectures (B machines interact with more than one controller) • Hardware/software codesign • Links to software development methodology (industrial partner) • http://www.csp-b.org

More Related