donal
Uploaded by
23 SLIDES
415 VIEWS
230LIKES

Formal Methods of Systems Specification Logical Specification of Hard- and Software

DESCRIPTION

Formal Methods of Systems Specification Logical Specification of Hard- and Software. Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik. off. tape. play. dn. up. up. up. dn. dn. memory. dn.

1 / 23

Download Presentation

Formal Methods of Systems Specification Logical Specification of Hard- and Software

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Formal Methods of Systems SpecificationLogical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik

  2. off tape play dn up up up dn dn memory dn A first example A new video camcorder (“DCR-PC330”) • owner's manual almost incomprehensible • can be found in the internet • typical for such devices

  3. Such models can help in the development of complex systems ("model-driven design") • The more concrete the formalism, the closer it is to an implementation • executable code may be generated from state diagrams • We might add additional information such as timing, communication, variables and such. • Specification as opposed to modeling describes properties of the targeted system • not aiming at a complete description of the system • not aiming at the generation of executable code

  4. Screen menu • The power-switch by itself is not a "complex system“ (Even I didn't need long to understand it). • Let's look at the screen menu.

  5. greyed out invisible Screen menu (contd.)

  6. There are menus, items and settings • menus: Camera Set,... • items: Volume, LCD Brightness, ... • settings: on/off, 0-100%, ... • Items may be nested in two levels • Setting screen allows to choose the value of a particular variable • only the relevant variables may be accessed

  7. Menu-off Menu MemorySet Pict.Appli. StandardSet CameraSet Volume LCD/VFSet RemoteCtrl LCDBright LCD Color Modelling as a tree ... ... ... ...

  8. Menu-off Menu MemorySet Pict.Appli. StandardSet CameraSet Volume LCD/VFSet RemoteCtrl LCDBright LCD Color Modelling as a tree ... ... ... ...

  9. Menus are mode-dependent • As a consequence, the up- anddown-relations in the graph aremode-dependent • Since the first line is not uniform,also the menu-relation is mode-dependent • Formalization shows weaknessin the design (usability) • what is hard to formalize is hard tounderstand and likely to contain orcause errors • How to describe such a structure?  homework (consider cases that an item disappears and that it is greyed out)

  10. Propositional Logic • A formal specification method consists of three parts • syntax, i.e., what are well-formed specifications • semantics, i.e., what is the meaning of a specification • calculus, i.e., what are transformations or deductions of a specification • Propositional logic: probably the first and most widely used specification method • dates back to Aristotle, Chrysippus, Boole, Frege, … • base of most modern logics • fundamental for computer science

  11. Syntax of Propositional Logic • Let Ρbe a finite set {p1,…,pn} of propositions and assume that ,  and (, ) are not in • Syntax PL ::= Ρ |  | (PL  PL) • every p is a wff •  is a wff („falsum“) • if  and  are wffs, then () is a wff • nothing else is a wff

  12. Remarks • Ρ may be empty • still a meaningful logic! • Minimalistic approach • infix-operator  necessitates parentheses • other connectives can be defined as usual ¬ ≙ (  ) (linear blowup!) Τ≙ ¬ () ≙(¬) () ≙¬(¬¬) ≙¬(¬) () ≙(()()) (exponential blowup!) • operator precedence as usual • literal = a proposition or a negated proposition

  13. Semantics of Propositional Logic • Propositional Model • Truth value universe U: {true, false} • Interpretation I: assignment Ρ↦ U • Model M: (U,I) • Validation relation ⊨ between model M and formula  • M ⊨ p if I(p)=true • M ⊭  • M ⊨ () if M ⊨  implies M ⊨  • M validates or satisfiesiff M ⊨  •  is valid (⊨) iff every model M validates  •  is satisfiable (SAT()) iff some model M satisfies 

  14. Propositional Calculus • Various calculi have been proposed • boolean satisfiability (SAT) algorithms • tableau systems, natural deduction, • enumeration of valid formulæ • Hilbert-style axiom system ⊢ (()) (weakening) ⊢ ((()) (()())) (distribution) ⊢ (¬¬) (excluded middle) , () ⊢  (modus ponens) • Derivability • All substitution instances of axioms are derivable • If all antecedents of a rule are derivable, so is the consequent

  15. An Example Derivation Show ⊢ (pp) • ⊢(p((pp)p))((p(pp))(pp)) (dis) • ⊢(p((pp)p)) (wea) • ⊢((p(pp))(pp)) (1,2,mp) • ⊢(p(pp)) (wea) • ⊢(pp) (3,4,mp)

  16. Correctness and Completeness • Correctness: ⊢  ⊨ Only valid formulæ can be derived • Induction on the length of the derivation • Show that all axiom instances are valid, and thatthe consequent of (mp) is valid if both antecedents are • Completeness: ⊨  ⊢ All valid formulæ can be derived • Show that consistent formulæ are satisfiable~⊢¬  ~⊨¬

  17. Consistency and Satisfiability • A finite set Φ of formulæ is consistent, if ~⊢¬ΛΦ • Extension lemma: If Φ is a finite consistent set of formulæ and  is any formula, then Φ{} or Φ{¬} is consistent • Assume ⊢¬(Φ) and ⊢¬(Φ¬). Then ⊢(Φ¬) and ⊢(Φ¬¬). Therefore ⊢¬Φ, acontradiction. • Let SF() be the set of all subformulæ of  • For any consistent , let # be a maximal consistent extension of  (i.e., # and for every SF(), either #or #. (Existence guaranteed by extension lemma)

  18. Canonical models • For a maximal consistent set #, the canonical modelCM(#) is defined by I(p)=true iff p#. • Truth lemma: For any SF(), I()=true iff # • Case =p: by construction • Case =: Φ{} cannot be consistent • Case =(12): by induction hypothesis and derivation • Therefore, if  is consistent, then for any maximal consistent set #, CM(#)⊨ • any consistent formula is satisfiable • any unsatisfiable formula is inconsistent • any valid formula is derivable

  19. Example: Combinational Circuits Pictures taken from: http://www.scs.ryerson.ca/~aabhari/cps213Chapter4.ppt • Multiplexer • S selects whether I0 or I1 is output to Y • Y = if S then I1else I0end • (Y((SI1)(¬SI0)))

  20. Boolean Specifications • Evaluator (output is 1 if input matches a certain binary value) • Encoder (output i is set if binary number i is on input lines) • Majority function (output is 1 if half or more of the inputs are 1) • Comparator (output is 1 if input0 > input1) • Half-Adder, Full-Adder, …

  21. Software Example • Code generator optimization • if (p and q) then if (r) then x else y else if (q or r) then y else if (p and not r) then x else y • Loop optimization

  22. Verification of Boolean Functions • Latch-Up: can a certain line go up? • does (¬L0) hold? • is (L0) satisfiable? • Given , ; does () hold? • usually reduced to SAT: is ((¬)(¬)) satisfiable? • efficient SAT-solver exist (annual competition) • partitioning techniques • any output depends only on some inputs • find which ones • generate test patterns (BIST: built-in-self-test)

  23. Optimizing Boolean Functions • Given ; find  such that () holds and  is „optimal“ • much harder question • optimal wrt. speed / size / power /… • translation to normal form (e.g., OBDD)

More Related