a hoare calculus for the verification of synchronous
play

A Hoare Calculus for the Verification of Synchronous Languages - PowerPoint PPT Presentation

May 08, 2023 •314 likes •769 views

Introduction Preliminaries A Hoare Calculus for Quartz Conclusion A Hoare Calculus for the Verification of Synchronous Languages Manuel Gesell, Klaus Schneider http://es.cs.uni-kl.de Embedded Systems Group University of Kaiserslautern

  1. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion A Hoare Calculus for the Verification of Synchronous Languages Manuel Gesell, Klaus Schneider http://es.cs.uni-kl.de Embedded Systems Group University of Kaiserslautern International Open Workshop on Synchronous Programming 2011 Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 1

  2. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion Table of Contents Introduction 1 Preliminaries 2 Quartz Hoare Calculus A Hoare Calculus for Quartz 3 Conclusion 4 Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 2

  3. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion Outline Introduction 1 Preliminaries 2 Quartz Hoare Calculus A Hoare Calculus for Quartz 3 Conclusion 4 Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 3

  4. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion What is this Talk about? synchronous languages Quartz Hoare calculus synchronous tuple assignment form a Hoare calculus for Quartz Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 4

  5. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion Synchronous Model of Computation abstract time to sequence of reactions (instants) each variable has one value per instant inputs and outputs are read and produced for an instant coincides with clock-cycles of synchronous circuits gate delays mimic computation one value per wire for each clock cycle instants are a logical time-scale Synchronous Trace R 0 R 1 R 2 R 3 Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 5

  6. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion Synchronous Languages implement the synchronous model can be used for hardware and software data-flow oriented languages Lustre Signal control-flow oriented languages (imperative) Quartz developed in our working group Averest toolset Esterel Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 6

  7. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion Averest Averest Design Flow Transformation AIF Quartz Compilation HOL Module Verification SMV AIF . . . Linking Simulation Trace System C AIF Quartz Compilation SW Synthese Java Module SystemC HW Synthese VHDL Verilog http://www.averest.org Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 7

  8. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion Outline Introduction 1 Preliminaries 2 Quartz Hoare Calculus A Hoare Calculus for Quartz 3 Conclusion 4 Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 8

  9. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion Outline Introduction 1 Preliminaries 2 Quartz Hoare Calculus A Hoare Calculus for Quartz 3 Conclusion 4 Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 9

  10. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion Quartz Example module P1 ( nat ?i1,?i2,o1,o2) pause marks end of a step { nat x; i1 , i2 are inputs, o1 , o2 are loop { outputs, x is a local variable o1 = i1 + i2; x = i1; pause ; 1 2 3 4 5 o1 = o2 + i1 + x; o2 = i2; 1 2 3 4 5 i1 x = 2; 2 4 6 8 0 pause ; i2 if (i1 > 4) 1 2 2 4 2 x o1 = i1; o2 = i1 + o1; 3 8 8 12 7 o1 pause ; 0 4 11 11 0 } o2 } Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 10

  11. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion Quartz Statements assignments: x= α , next (x)= α end of step: pause conditional execution: if ( γ )... else ... loops: while ( γ ){ ... } , loop { ... } abortion: abort ... when ( γ ) various variants aborts execution when condition γ holds suspension: suspend ... when ( γ ) various variants suspens execution when condition γ holds concurrent execution: { ... } || { ... } . . . Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 11

  12. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion Causal Dependencies module P2( bool o) value for o holds for the whole step { both actions are executed according to their bool x; o = x; data dependencies x = true ; P2 is causally correct in sense of Quartz } module P3( bool o) if o= true is reached depends on o { o = true would lead to a valid execution of if (!o) pause ; the program o = true ; P3 is not causally correct in sense of Quartz } Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 12

  13. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion Outline Introduction 1 Preliminaries 2 Quartz Hoare Calculus A Hoare Calculus for Quartz 3 Conclusion 4 Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 13

  14. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion Why Hoare... model checking fully automatic suffers from state-space explosion problem enumerates all possible values interactive verification based on Hoare calculus interactive (semi-automatic) requires additional invariants allows abstraction from the size of data structures as well as the data-types itself An integration of model checking and interactive verification is desired. Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 14

  15. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion Hoare Calculus nothing : { Φ } nothing { Φ } assign : { [Φ] τ x } x = τ { Φ } { Φ 1 } S 1 { Φ 2 } { Φ 2 } S 2 { Φ 3 } sequence : { Φ 1 } S 1 ; S 2 { Φ 3 } { σ ∧ Φ } S 1 { Ψ } {¬ σ ∧ Φ } S 2 { Ψ } conditional : { Φ } if( σ ) S 1 else S 2 { Ψ } { σ ∧ Φ } S { Φ } loop : { Φ } while( σ ) S {¬ σ ∧ Φ } | = Φ 1 → Φ 2 { Φ 2 } S { Φ 3 } | = Φ 3 → Φ 4 weaken : { Φ 1 } S { Φ 4 } Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 15

  16. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion Hoare Calculus nothing : { Φ } nothing { Φ } assign : { [Φ] τ x } x = τ { Φ } { Φ 1 } S 1 { Φ 2 } { Φ 2 } S 2 { Φ 3 } sequence : { Φ 1 } S 1 ; S 2 { Φ 3 } { σ ∧ Φ } S 1 { Ψ } {¬ σ ∧ Φ } S 2 { Ψ } conditional : { Φ } if( σ ) S 1 else S 2 { Ψ } { σ ∧ Φ } S { Φ } loop : { Φ } while( σ ) S {¬ σ ∧ Φ } | = Φ 1 → Φ 2 { Φ 2 } S { Φ 3 } | = Φ 3 → Φ 4 weaken : { Φ 1 } S { Φ 4 } Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 15

  17. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion A Hoare calculus for Quartz defining a Hoare calculus only requires the definition of a Hoare rule for each statement it is possible to synthesis a Quartz program to sequential code and then apply the classical Hoare calculus Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 16

  18. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion Outline Introduction 1 Preliminaries 2 Quartz Hoare Calculus A Hoare Calculus for Quartz 3 Conclusion 4 Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 17

  19. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion Problems Defining a Hoare Calculus for Quartz problems defining a Hoare calculus for Quartz on statement level inputs are read in each macro step ⇒ reaching a pause : update inputs and depended conditions each statement rule requires to regard many cases macro step must be identified all variable updates have to be done synchronously in case no assignment is done the default value must be used Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 18

  20. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion Problems Defining a Hoare Calculus - Many Cases { Φ } S 1 ; S 2 { Ψ } ⇒ case: inst ( S 1 ) ∧ inst ( S 2 ) case: ¬ inst ( S 1 ) ∧ inst ( S 2 ) case: inst ( S 1 ) ∧ ¬ inst ( S 2 ) case: ¬ inst ( S 1 ) ∧ ¬ inst ( S 2 ) even worse: { Φ } S 1 || S 2 { Ψ } Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 18

  21. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion Problems Defining a Hoare Calculus for Quartz problems defining a Hoare calculus for Quartz on statement level inputs are read in each macro step ⇒ reaching a pause : update inputs and depended conditions each statement rule requires to regard many cases macro step must be identified all variable updates have to be done synchronously in case no assignment is done the default value must be used Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 18

  22. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion Macro Step Behaviour Each variable in a macro step has a unique value. Either determined by an delayed assignment in the previous step, an immediate assignment in the current step or a type dependent default value Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 19

  23. Introduction Preliminaries A Hoare Calculus for Quartz Conclusion Macro Step Behaviour P4 P5 P6 if (a) { if (a) { if (a) { x = 5; x = 5; x=5; y = true ; y = true ; y = true ; } else { } else { } else { y = false ; y = false ; y = false ; } } } if (!y) x = 3; if (!y & b) x = 3; pause ; pause ; pause ; Manuel Gesell A Hoare Calculus for the Verification of Sync. . . 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Decision Procedures for Separation Logic Alessio Mansutti Barbizon 2018 Program verification

Decision Procedures for Separation Logic Alessio Mansutti Barbizon 2018 Program verification

Decision Procedures for Separation Logic Alessio Mansutti Barbizon 2018 Program verification with Hoare calculus Hoare calculus is based on proof rules manipulating Hoare triples. { P } C { Q } where C is a program P and Q are assertions in some

417 views • 30 slides
Hoare Calculus and Predicate Transformers 1. The Hoare Calculus for Non-Loop Programs Wolfgang

Hoare Calculus and Predicate Transformers 1. The Hoare Calculus for Non-Loop Programs Wolfgang

Hoare Calculus and Predicate Transformers 1. The Hoare Calculus for Non-Loop Programs Wolfgang Schreiner Wolfgang.Schreiner@risc.uni-linz.ac.at 2. Predicate Transformers Research Institute for Symbolic Computation (RISC) 3. Partial Correctness

857 views • 11 slides
COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification Invented: Quicksort, the null reference (called it his billion dollar mistake) CSP (formal specification language), and Hoare Logic 2 Summary L

2k views • 158 slides
COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification

COMP2111 Week 8 Term 1, 2020 Hoare Logic 1 Sir Tony Hoare Pioneer in formal verification Invented: Quicksort, the null reference (called it his billion dollar mistake) CSP (formal specification language), and Hoare Logic 2 Summary L

770 views • 59 slides
Generation of Verification Conditions Andreas Podelski November 15, 2011 mechanization of

Generation of Verification Conditions Andreas Podelski November 15, 2011 mechanization of

Generation of Verification Conditions Andreas Podelski November 15, 2011 mechanization of correctness proof given a Hoare triple { } C { } , a derivation is a sequence of Hoare triples, each Hoare triple is an axiom (skip, update) or

818 views • 61 slides
Software verification using Hoare logic in Isabelle Petros Papapanagiotou pe.p@ed.ac.uk 7

Software verification using Hoare logic in Isabelle Petros Papapanagiotou pe.p@ed.ac.uk 7

Automated R Reasoni ning ng Coursework Assignm nment nt 1 1 Software verification using Hoare logic in Isabelle Petros Papapanagiotou pe.p@ed.ac.uk 7 October 2013 Breakdown Part 1 : Natural Deduction (40 marks) 14 lemmas to

389 views • 22 slides
Symbolic Verification in Synchronous Constraint Programming (Work in progress) Synchronous

Symbolic Verification in Synchronous Constraint Programming (Work in progress) Synchronous

Symbolic Verification in Synchronous Constraint Programming (Work in progress) Synchronous workshop 2003 Christophe Mauras Christophe.Mauras@univ-nantes.fr Irin/Universit e de Nantes Overview From Symbolic Simulation to Constraint

388 views • 19 slides
08Program Verification II CS 5209: Foundation in Logic and AI Martin Henz and Aquinas Hobor

08Program Verification II CS 5209: Foundation in Logic and AI Martin Henz and Aquinas Hobor

Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness 08Program Verification II CS 5209: Foundation in Logic and AI Martin

778 views • 39 slides
Modal logics and - calculus INF 5140-Specification and verification of parallel system Ratan

Modal logics and - calculus INF 5140-Specification and verification of parallel system Ratan

Modal logics and - calculus INF 5140-Specification and verification of parallel system Ratan Thapa ratanbt@ifi.uio.no 18 May 2018 1 Table of Content Review Theory of fixpoints calculus Syntax of calculus Semantics

394 views • 22 slides
The Calculus of Computation Decision Procedures with Applications to Verification Aaron R.

The Calculus of Computation Decision Procedures with Applications to Verification Aaron R.

The Calculus of Computation Decision Procedures with Applications to Verification Aaron R. Bradley and Zohar Manna Stanford University (Aaron is visiting EPFL and will soon be at CU Boulder) The Calculus of Computation 1/17 The Calculus of

587 views • 17 slides
Hoare Calculus and Predicate Transformers Wolfgang Schreiner

Hoare Calculus and Predicate Transformers Wolfgang Schreiner

Hoare Calculus and Predicate Transformers Wolfgang Schreiner Wolfgang.Schreiner@risc.uni-linz.ac.at Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria http://www.risc.uni-linz.ac.at Wolfgang Schreiner

737 views • 41 slides
locales C ONTENT I SAR I S B ASED O N C ONTEXTS Intro & motivation, getting started with

locales C ONTENT I SAR I S B ASED O N C ONTEXTS Intro & motivation, getting started with

L AST T IME Syntax and semantics of IMP Hoare logic rules Soundness of Hoare logic NICTA Advanced Course Verification conditions Slide 1 Theorem Proving Slide 3 Principles, Techniques, Applications Example program proofs

322 views • 8 slides
Program Verification using Hoare logic ThanhVu Nguyen CSCE 467 Adapted from Jonathan Aldrichs

Program Verification using Hoare logic ThanhVu Nguyen CSCE 467 Adapted from Jonathan Aldrichs

Program Verification using Hoare logic ThanhVu Nguyen CSCE 467 Adapted from Jonathan Aldrichs Program Analysis slides November 19, 2019 1 Big-Step Operational Semantics E a n E-Assign E x := a E { x n } E-Skip E

661 views • 26 slides
SMT-based model checking techniques for formal software verification of synchronous dataflow

SMT-based model checking techniques for formal software verification of synchronous dataflow

An insight into SMT-based model checking techniques for formal software verification of synchronous dataflow programs Jonathan Laurent Ecole Normale Sup erieure, National Institute of Aerospace, NASA Langley Research Center August 11 th ,

1.01k views • 67 slides
Outline Synchronous Programming Introduction of Reactive Systems The Data-Flow Language Lustre

Outline Synchronous Programming Introduction of Reactive Systems The Data-Flow Language Lustre

Outline Synchronous Programming Introduction of Reactive Systems The Data-Flow Language Lustre The Imperative Language Esterel Compilation of Synchronous Languages Nicolas Halbwachs Verification and Automatic Testing of Synchronous

371 views • 26 slides
Floyd-Hoare Logic for Program Verification Julio Mari no Rigorous Software Development E

Floyd-Hoare Logic for Program Verification Julio Mari no Rigorous Software Development E

Floyd-Hoare Logic for Program Verification Julio Mari no Rigorous Software Development E UROPEAN M ASTER IN S OFTWARE E NGINEERING / M ASTER IN S OFTWARE AND S YSTEMS Universidad Polit ecnica de Madrid/IMDEA Software October 2015 Mari

279 views • 17 slides
On the 1/f noise in ultra-stable quartz oscillators Enrico Rubiola and Vincent Giordano FEMTO-ST

On the 1/f noise in ultra-stable quartz oscillators Enrico Rubiola and Vincent Giordano FEMTO-ST

On the 1/f noise in ultra-stable quartz oscillators Enrico Rubiola and Vincent Giordano FEMTO-ST Institute, Besanon, France (CNRS and Universit de Franche Comt) Outline Amplifier noise Leeson effect Interpretation of S (f)

415 views • 14 slides
Multivariate Quadratic Public-Key Cryptography Part 1: Basics Bo-Yin Yang Academia Sinica

Multivariate Quadratic Public-Key Cryptography Part 1: Basics Bo-Yin Yang Academia Sinica

Multivariate Quadratic Public-Key Cryptography Part 1: Basics Bo-Yin Yang Academia Sinica PQCrypto Executive Summer School 2017 Eindhoven, the Netherlands Friday, 23.06.2017 B.-Y. Yang (Academia Sinica) Multivariate Cryptography PQC Exec.

973 views • 49 slides
Beam Test of Quartz Radiators for Mu2e Precision Timing Profile Monitor Mu2e Weak Force Decay

Beam Test of Quartz Radiators for Mu2e Precision Timing Profile Monitor Mu2e Weak Force Decay

Beam Test of Quartz Radiators for Mu2e Precision Timing Profile Monitor Mu2e Weak Force Decay (common) Direct Conversion (signal) Search for Charged Lepton Flavor Violation (CLFV) in the form of neutrino-less muon to electron conversion

437 views • 16 slides
Shaving the Black Hole Yogesh K. Srivastava Work with Dileep Jatkar and Ashoke Sen KEK

Shaving the Black Hole Yogesh K. Srivastava Work with Dileep Jatkar and Ashoke Sen KEK

Prologue String Theory Precision counting of microstates Black Hole Hair Analysis of the BMPV BH Entropy Analysis of the 4D BH Entropy Hair modes in Supergravity Regularity of Hair Modes Conclusion Shaving the Black Hole Yogesh K.

876 views • 54 slides
Geant4 simulation of SpaCal (update ) Jelena Ilic 18/11/2014 Analysis of scint.photons

Geant4 simulation of SpaCal (update ) Jelena Ilic 18/11/2014 Analysis of scint.photons

Geant4 simulation of SpaCal (update ) Jelena Ilic 18/11/2014 Analysis of scint.photons Geometry 1) Calo block: 5 x 5 x 10 cm 2) 100 m air gap between W and quartz 3) 200 m Al mirror at the front of calo block 5 cm 5

410 views • 11 slides
Summary n Typical uses for time stamps n Alarms Timestamping n Logging n Post Mortem n GPS

Summary n Typical uses for time stamps n Alarms Timestamping n Logging n Post Mortem n GPS

16 April 2002 page 2 Summary n Typical uses for time stamps n Alarms Timestamping n Logging n Post Mortem n GPS Presentation to the Third LHC n Formats for time (text, Unix and Windows, Java, Oracle) Controls Project Workshop n How Computers

188 views • 6 slides
Overview of nucleon form factor measurements Focus on neutron form factor measurements form

Overview of nucleon form factor measurements Focus on neutron form factor measurements form

Overview of nucleon form factor measurements Focus on neutron form factor measurements form factor measurements Mark Jones Jefferson Lab HUGS 2009 Where to get a free neutron target? Use the deuteron as neutron target e Incident

657 views • 33 slides
neutron beam at TSL C. Gustavsson, S. Pomp, P. Andersson, R. Bevilacqua, M. Lantz, M. sterlund,

neutron beam at TSL C. Gustavsson, S. Pomp, P. Andersson, R. Bevilacqua, M. Lantz, M. sterlund,

Measurements at the 175 MeV neutron beam at TSL C. Gustavsson, S. Pomp, P. Andersson, R. Bevilacqua, M. Lantz, M. sterlund, V. Simutkin, E. Tengborn Department of physics and astronomy, Uppsala University, Sweden A. Hjalmarsson and A.

307 views • 17 slides

More recommend