state event software verification for branching time specifications n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
State-Event Software Verification for Branching-Time Specifications PowerPoint Presentation
Download Presentation
State-Event Software Verification for Branching-Time Specifications

Loading in 2 Seconds...

play fullscreen
1 / 47

State-Event Software Verification for Branching-Time Specifications - PowerPoint PPT Presentation


  • 114 Views
  • Uploaded on

State-Event Software Verification for Branching-Time Specifications. Sagar Chaki, Ed Clarke, Joel Ouaknine , Orna Grumberg Natasha Sharygina, Tayssir Touili , Helmut Veith. Software Model-Checking. Challenge in computer science Tools: SLAM, BLAST, MAGIC,…

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'State-Event Software Verification for Branching-Time Specifications' - fritzi


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
state event software verification for branching time specifications

State-Event Software Verification for Branching-Time Specifications

Sagar Chaki, Ed Clarke,

Joel Ouaknine, Orna Grumberg

Natasha Sharygina, Tayssir Touili , Helmut Veith

software model checking
Software Model-Checking
  • Challenge in computer science
  • Tools: SLAM, BLAST, MAGIC,…
  • Counter-Example Guided Abstraction Refinement (CEGAR)
cegar

Property

Abstraction

Model

Yes

System OK

No

Abstraction

Refinement

Yes

Spurious

Counterexample

CEGAR

Verification

No

Counterexample

Counterexample

Valid?

slide4

Property

Abstraction

Model

Yes

System OK

No

Counterexample

No

Yes

Limitation of CEGAR applications

LTL formula

Predicate

Abstraction

Verification

No branching time properties

Abstraction

Refinement

Counterexample

Valid?

slide5

Our Goal:Extension to branching-time properties

Abstraction

Model

Yes

System OK

No

Counterexample

No

Yes

Branching-time

formula

LTL formula

Predicate

Abstraction

Verification

Abstraction

Refinement

Counterexample

Valid?

first problem
First Problem
  • CEGAR cannot be applied to general branching-time logics
what are counterexamples
What are counterexamples?

S

property φ

φuniversal

cegar natural for ltl
CEGAR natural for LTL
  • LTL: universal logic
  • Describes events along a single path

G(Req→ F Ack)

  • S ╞ φ iff all the paths of S ╞ φ
  • ¬(S ╞ φ) iff exists one path p of S ¬( p╞ φ)
  • p: Counterexample
branching time properties are not universal
Branching-time properties are not universal
  • Existential operator:

AG(EF Restart)

CEGAR →

Define a universalBranching-time logic

slide10

Our Goal:Extension to branching-time properties

Abstraction

Model

Yes

System OK

No

Counterexample

No

Yes

Branching-time

formula

Predicate

Abstraction

Verification

Abstraction

Refinement

Counterexample

Valid?

we need to
We need to:
  • Define an expressiveuniversalbranching-time logic
  • Define a model-checking algorithm for this logic
  • Define suitable refinement techniques
state event universal branching time logic
State/event universal branching-time logic
  • Industrial applications need state/event reasoning
  • Bluetooth: when an action a is received in a q state, the next state has to be p
  • Need to a state/event framework
the state event universal logic se a
The state/event universal logic SE-AΩ
  • We view time operators as regular path patterns on the time line

Fφ:

Xφ:

Gφ:

φUψ:

the state event universal logic se a2

Lφ:

The state/event universal logic SE-AΩ

K(φ,a): φ and a hold at all even time points

K(φ,a):

Lφ: no more than 4 time units between 2 occurrences of φ

the state event universal logic se a4

p,q

p

a

b

c

q,r

The state/event universal logic SE-AΩ
  • Labeled Kripke Structure: M=(S,AP,L,Σ,T)
the state event universal logic se a5
The state/event universal logic SE-AΩ
  • Labeled Kripke Structure: M=(S,AP,L,Σ,T)
we need to1
We need to:
  • Define an expressiveuniversalbranching-time logic
  • Define a model-checking algorithm for this logic
  • Define suitable refinement techniques
slide25

Our Goal:Extension to branching-time properties

Abstraction

Model

Yes

System OK

No

Counterexample

No

Yes

SE-AΩ

Predicate

Abstraction

Verification

Abstraction

Refinement

Counterexample

Valid?

counterexample generation for se a
CounterExample generation for SE-AΩ

Compute a counterexample either for

counterexample generation for se a1
CounterExample generation for SE-AΩ

Compute a counterexample for

Compute a counterexample for

slide31

Our Goal:Extension to branching-time properties

Abstraction

Model

Yes

System OK

No

Counterexample

No

Yes

SE-AΩ

Predicate

Abstraction

Verification

Abstraction

Refinement

Counterexample

Valid?

slide32

Our Goal:Extension to branching-time properties

Abstraction

Model

Yes

System OK

No

Counterexample

No

Yes

SE-AΩ

Predicate

Abstraction

Verification

Abstraction

Refinement

Counterexample

Valid?

slide33

b

a

b

c

Projection

a

c

compositionality
Compositionality

Theorem:

iff

slide36

Our Goal:Extension to branching-time properties

Abstraction

Model

Yes

System OK

No

Counterexample

No

Yes

SE-AΩ

Predicate

Abstraction

Verification

Abstraction

Refinement

Counterexample

Valid?

compositional refinement
Compositional refinement

P1

P2

P3

P4

Spec

Abstraction

Spec

A1

A2

A3

A4

compositional refinement1
Compositional refinement

P1

P2

P3

P4

Spec

Abstraction

A1

Spec

A1

A2

A3

A4

Refinement

compositional refinement2
Compositional refinement

P1

P2

P3

P4

Spec

A1

A3

Abstraction

Spec

A1

A2

A3

A4

Refinement

compositional refinement3
Compositional refinement

P1

P2

P3

P4

Spec

A1

A1

A3

Abstraction

Spec

A1

A2

A3

A4

Refinement

compositional refinement4
Compositional refinement

P1

P2

P3

P4

Spec

No more counterexamples 

A1

Abstraction

A1

A2

A3

Spec

Refinement

A1

A2

A3

A4

compositional refinement5
Compositional refinement

P1

P2

P3

P4

Spec

Real counterexamples 

A1

Abstraction

A1

A2

A3

Spec

A1

A2

A3

A4

Refinement

action guided refinement
Action-guided Refinement

a

a

a

b

a

a,b

b

a,b

b

b

c

c

Counterexample

Abstraction

slide44

Our Goal:Extension to branching-time properties

Abstraction

Model

Yes

System OK

No

Counterexample

No

Yes

Branching-time

formula

Predicate

Abstraction

Verification

Abstraction

Refinement

Counterexample

Valid?

case study ipc
Case study: IPC
  • IPC (InterProcess Communication) Protocol: organize communication in a multithreaded robot controller
  • Bug discovery
  • Protocol has been used for 7 years
  • Bug undetected with earlier model-checking efforts using LTL
conclusion
Conclusion
  • Definition of an advanced branching-time state-event logic SE-AΩ
  • Model-checking algorithm for SE-AΩ
  • Compositional counterexample validation and refinement techniques for SE-AΩ

First application of compositional CEGAR to a branching-time specifications

Bug discovery in the IPC protocol