OOTI Workshop on Model Checking and Static Analysis Day 3

1 / 9

# OOTI Workshop on Model Checking and Static Analysis Day 3 - PowerPoint PPT Presentation

OOTI Workshop on Model Checking and Static Analysis Day 3. Dragan Bošnački Eindhoven University of Technology The Netherlands. Topics Previous Lecture. Promela/Spin Some basic definitions and terminology Linear Temporal Logic Syntax, Semantics, Examples

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

## PowerPoint Slideshow about 'OOTI Workshop on Model Checking and Static Analysis Day 3' - kellsie

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

### OOTI Workshop onModel Checking and Static AnalysisDay 3

Dragan Bošnački

Eindhoven University of Technology

The Netherlands

Topics Previous Lecture
• Promela/Spin
• Some basic definitions and terminology
• Linear Temporal Logic
• Syntax, Semantics, Examples
• Exercise: Dijkstra’s mutual exclusion protocol
Outline for Today
• Discussion of the exercise (Dijkstra’s mutual exclusion protocol)
• Linear Temporal Logic (LTL) (continued)
• Büchi automata
• Translation of LTL to Büchi automata
• Dolev, Klawe and Rodeh (DKR) Leader Election Protocol
• Exercises
• First assignment
If then else construct in Promela
• if C then S1 else S2
• if
• :: C->S1
• :: else->S2
• fi
• if C then S1
• if
• :: C->S1
• :: else->S2
• fi
For loops in Promela
• for i :=1 to N do S
• i=1
• do
• :: i <= n -> S; i++
• :: else -> break
• od
C-style of Array Declaration/Definition
• bool b[N];
• bool c[N];
• Both b and c have N elements
• The index range of the arrays is 0..N-1 and not 0..N!
• So, a reference to b[N] is an error because the index value N is out of range
• If in the Dekker/Dijkstra algorithm we want to keep the original range of the arrays b and c, i.e. 1..N, then we have to define array with N+1 element
• #define N 2
• #define Nplus1 3
• bool b[Nplus1], c[Nplus1]
Some Specific Errors/Oversights
• Variable j is a local
• All Boolean arrays should be initialized to true
• The initial value of k is irrelevant, but it must satisfy 1 <= k <= N
• init{
• int i;
• atomic{
• i=1
• do
• :: i <= N -> b[i] = true; c[i] = true; i++
• :: else->break
• od
• }
Some Specific Errors/Oversights
• Variable j is a local
• All Boolean arrays should be initialized to true
• The initial value of k is irrelevant, but it must satisfy 1 <= k <= N
• init{
• int i;
• atomic{
• i=1
• do
• :: i <= N ->run P(i); i++
• :: else->break
• od
• }
Standard LTL formulae
• []p invariance
• <>p guarantee
• [] p-><>q response
• P->(q U r) precedence
• []<>p progress (recurrence)
• <>[]p non-progress (stability)
• <>p-><>q correlation