Course on Protocol Validation Frits Vaandrager Institute for - - PowerPoint PPT Presentation

course on protocol validation
SMART_READER_LITE
LIVE PREVIEW

Course on Protocol Validation Frits Vaandrager Institute for - - PowerPoint PPT Presentation

Oct 08, 2023 124 likes •326 views

Course on Protocol Validation Frits Vaandrager Institute for Computing and Information Sciences Radboud University Nijmegen http://www.cs.ru.nl/~fvaan/ Overview 1. Introduction 2. Model checking of (timed) automata 3. Safe IOAs, invariants,

slide-1
SLIDE 1

Course on Protocol Validation

Frits Vaandrager Institute for Computing and Information Sciences Radboud University Nijmegen http://www.cs.ru.nl/~fvaan/

slide-2
SLIDE 2

Overview

  • 1. Introduction
  • 2. Model checking of (timed) automata
  • 3. Safe IOAs, invariants, and composition
  • 4. Fairness, liveness, and implementation
  • 5. Simulation proof techniques
slide-3
SLIDE 3
  • 6. Real-time, hybrid and probabilistic extensions
slide-4
SLIDE 4

Introduction

slide-5
SLIDE 5

Reliability in System Design

  • Computer systems are getting more complex and pervasive
  • Safety-critical applications: bugs are unacceptable.

Mission control (ARIANE-5), medicine, etc, etc

  • Bugs are expensive: earlier we catch them, the better.

E.g. FDIV in Pentium

  • Testing takes more time than designing. Automation key to im-

prove time-to-market

  • Increasing use of programmable components shifts focus from

low-level optimizations to high-level designs

slide-6
SLIDE 6

Goal Formal Verification Provide tools and techniques as design aids to produce reliable systems

slide-7
SLIDE 7

Coping with Complexity

  • Design reuse
  • Separation of concerns: logical vs physical, logical vs timing, etc
  • Formalization – precise unambiguous semantics
  • Abstraction – eliminate unnecessary details
  • Decomposition – divide and conquer
  • Incremental refinements
slide-8
SLIDE 8

What is Formal Verification?

  • Build mathematical model of system: what are possible behaviors?
  • Write correctness requirements in specification language:

what are desirable behaviors?

  • Analysis: check that model satisfies specification
  • Formal ⇒ Correctness claim is precise mathematical statement
  • Verification ⇒ Analysis either proves or disproves correctness claim
slide-9
SLIDE 9

Limitations of FV

  • Appropriate only for control-intensive applications with interesting

interaction among components

  • Decidability and complexity remain obstacles; great progress in

finding heuristics; flexibility in setting up the problem

  • Falsification rather than verification: model, and not system, is

verified; only stated requirements are checked

  • Finding appropriate abstractions requires expertise
slide-10
SLIDE 10

The Formal Methods Jungle ACL2, ACP, ACSR, Action Semantics, Argos, ASM, ADLT, BDDs, B, Boyer-Moore, Caesar/Aldebaran, CCS, Circal, COLD, Coq, COSPAN, CSP, FDR2, CWB, DisCo, DC, Estelle, EVES, GIL, HOL, HyTech, IMPS, I/O Automata, ITL, Isabelle, JAPE, KIV, Kronos, LAMBDA, Larch, LeanTaP, LEGO, LOTOS, Lustre, MALPAS, Meije, Mizar, µCRL, Murphi, NP-tools, Nqthm, Nuprl, OBJ, Otter, Petri Nets, Pi- calculus, Pobl, ProofPower, PVS, RAISE, Rapide, Refinement Calcu- lus, SDL, SGM, Signal, SMV, SPARK, SPIN, STeP, TAM, TAM97, Temporal-Rover, TLA, TPS, TRIO, TTM/RTTL, Unity, Uppaal, VeriSoft, VDM, VIS, Z, ..

slide-11
SLIDE 11

The Trinity of Formal Methods Theory Tools Applications

❅ ❅ ❅ ❅ ❅ ❅ ❅ ❅ ❅

slide-12
SLIDE 12

I/O Automata (Lynch & Tuttle, ’87; Jonsson ’87) Purpose Formal model for specification+verification of distributed algorithms Characteristics:

  • Both system and specification modelled as transition system
  • Language inclusion as implementation relation

(⇒ stepwise refinement!)

  • Compositionality
  • Distinction between input and output actions
  • Fairness/liveness
  • Assertional reasoning (invariants, simulations, etc)
  • Extensions deal with real-time, hybrid, and probabilistic aspects
slide-13
SLIDE 13

Stepwise Refinement S2 S1 S0 ⊑ ⊑ ⊑ implementation preorder

✏ ✏ ✏ ✏ ✏ ✏ ✮

❅ ❅ ❅ ❘

· · ·

slide-14
SLIDE 14

Compositionality S1 S0 ⊑ S1 S0 ⊑ ⇒

slide-15
SLIDE 15

Extensions and Restrictions of IOA model (S= Safe, F=Fair, L=Live, T=Timed, H=Hybrid, P=Probabilistic)

t t t t t t t t t t t t t t t ✲ ✲ ✲ ❄ ❄ ❄ ❄ ✲ ✲ ❄ ❄ ❄ ❩ ❩ ❩ ❩ ❩ ❩ ❩ ❩ ❩ ❩ ⑥ ❩ ❩ ❩ ❩ ❩ ❩ ❩ ❩ ❩ ❩ ⑥ ❩ ❩ ❩ ❩ ❩ ❩ ❩ ❩ ❩ ❩ ⑥ ❩ ❩ ❩ ❩ ❩ ❩ ❩ ❩ ❩ ❩ ⑥ ❩ ❩ ❩ ❩ ❩ ❩ ❩ ❩ ❩ ❩ ⑥ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✼ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✼ ✓ ✓ ✓ ✼

IOA FIOA LIOA LTIOA SIOA TIOA HIOA SPIOA PA A TA HA PTA PTIOA PIOA

slide-16
SLIDE 16

Timed Automata

  • Model of finite automata enriched with real-values clock variables

proposed by Rajeev Alur and David Dill in 1990

  • Model checking tools under development since then; enormous

progress has been made!

  • Especially UPPAAL has become quite mature (for an academic

prototype)

  • Dozens of industrial applications: embedded controllers, distributed

algorithms and protocols, scheduling problems,...

slide-17
SLIDE 17

Applications: Communication Protocols

  • 1. At most once message delivery
  • 2. Bounded retransmission
  • 3. IEEE 1394 tree identify
  • 4. Audio control
  • 5. Biphase mark
  • 6. Rambo
slide-18
SLIDE 18

Applications: Transportation

  • 1. Railroad crossing
  • 2. Personal rapid transit
  • 3. Automated highway systems (PATH)
  • 4. Traffic Alert and Collision Avoidance System (TCAS)
  • 5. Height control in BMW
slide-19
SLIDE 19

More Applications

  • 1. Distributed operating systems
  • 2. Database concurrency control
  • 3. Steam boiler controller
  • 4. Lego car
  • 5. etc. etc.