formal behavior verification made for engineers
play

Formal Behavior Verification Made for Engineers Brian R Larson - PowerPoint PPT Presentation

Sep 25, 2023 •349 likes •599 views

Formal Behavior Verification Made for Engineers Brian R Larson brl@multitude.net Multitude Corporation October 28, 2019 Brian R Larson BLESS Language and Tools October 28, 2019 1 / 24 Model-Based Engineering Challenges AADL superbly models

  1. Formal Behavior Verification Made for Engineers Brian R Larson brl@multitude.net Multitude Corporation October 28, 2019 Brian R Larson BLESS Language and Tools October 28, 2019 1 / 24

  2. Model-Based Engineering Challenges AADL superbly models embedded system structure, interfaces, and non-functional properties for analysis. Can we ensure deployed systems (software) conform to their models, and function correctly? Brian R Larson BLESS Language and Tools October 28, 2019 2 / 24

  3. Formal Methods Have Disappointed Difficult to use; require PhD-level skills; don’t scale; don’t assure correctness. Absence of buffer overflow and conformance to security policy may be worth the cost and effort to formally verify, but the don’t begin to show systems with software perform as intended. Brian R Larson BLESS Language and Tools October 28, 2019 3 / 24

  4. BLESS is Different Behavior Language for Embedded Systems with Software (BLESS), and its verification tool, was specifically designed to verify cyber-physical system behavior conforms to its specification, by practicing engineers. Brian R Larson BLESS Language and Tools October 28, 2019 4 / 24

  5. Architecture AADL for System Structure AADL structure Brian R Larson BLESS Language and Tools October 28, 2019 5 / 24

  6. ‘Model’ Behavior Add Behavior Annex AADL structure BA behavior Brian R Larson BLESS Language and Tools October 28, 2019 6 / 24

  7. ‘Program’ Behavior BLESS is Superset of BA AADL structure BLESS behavior Brian R Larson BLESS Language and Tools October 28, 2019 7 / 24

  8. Exact (Formal) Specification BLESS Assertion adds Declarative Specification Assertion AADL specification structure BLESS behavior Brian R Larson BLESS Language and Tools October 28, 2019 8 / 24

  9. Verification Beyond Testing Formal Verification by Proof Proof Assertion AADL specification structure BLESS behavior Brian R Larson BLESS Language and Tools October 28, 2019 9 / 24

  10. Proof Not Theorem Proving! Extra information non-executed is interspersed throughout programs to for a “proof outline". The BLESS Proof Assistant transforms programs having proof outlines (with human guidance) into deductive proofs: a sequence of theorems, each of which is given or an axiom, or derived from prior theorems by a sound inference rule. BLESS proofs are human readable, use the same language as BLESS programs, and trace back to source code. Brian R Larson BLESS Language and Tools October 28, 2019 10 / 24

  11. BLESS is AADL Annex Sublanguages Assertion Temporal Logic BLESS uses first-order predicate calculus, extended by simple temporal operators to declaratively specify behavior. Such temporal logic formulas are called BLESS assertions . p @ t ≡ evaluate predicate p at time t . ✞ ☎ << VP: : --cause ventricular pace (n or p) @ ( now -lrl) --last beat occurred LRL interval ago, and --not since then not ( exists t: time --there is no time in now -lrl,, now --since then, ",," means open interval that (n or p) @ t) >> --with a beat ✝ ✆ Quantification over time together with simple temporal operators makes BLESS assertions uniquely capable of expressing timing of embedded systems. Brian R Larson BLESS Language and Tools October 28, 2019 11 / 24

  12. BLESS is AADL Annex Sublanguages Assertion Behavior Specification BLESS :: Assertion properties specify what is guaranteed about events issued by out ports, what is assumed about events received by in ports, and what is always true. ✞ ☎ thread VVI features s: in event port ; --signal from analog front-end p: out event port --pace ventricle { BLESS :: Assertion => " << VP() >> ";}; n: out event port --natural contraction { BLESS :: Assertion => " << ( now =0) or VS() >> ";}; lrl: in data port ms; --lower rate limit interval vrp: in data port ms; --ventricular refractory period properties Dispatch_Protocol => Aperiodic; BLESS :: Invariant => " << LRL( now ) >> "; end VVI; ✝ ✆ Brian R Larson BLESS Language and Tools October 28, 2019 12 / 24

  13. BLESS is AADL Annex Sublanguages State-Transition Machine State-Transition Machine BLESS began as BA, adding assertions to express what is true about the system when a machine is in a particular state. Actions performed during transitions can also be augmented with assertions. BLESS defines formal semantics for every construct, adding a type system to be a programming language. Brian R Larson BLESS Language and Tools October 28, 2019 13 / 24

  14. BLESS is AADL Annex Sublanguages State-Transition Machine ✞ ☎ variables last_beat : time --the last pace or non-refractory sense occurred at last_beat << LAST: :(n or p) @ last_beat >> ; states power_on : initial state --powered-up, <<now =0 >> ; --start with "sense" pace : complete state --a ventricular pace has occurred in the --previous LRL-interval milliseconds << PACE( now ) >> ; . . . check_pace_vrp : state --execute state to check if s is in vrp after pace << s @now and PACE( now ) >> ; . . . ✝ ✆ Brian R Larson BLESS Language and Tools October 28, 2019 14 / 24

  15. BLESS is AADL Annex Sublanguages State-Transition Machine ✞ ☎ . . . T3_PACE_LRL_AFTER_VP: --pace when LRL times out pace -[ on dispatch timeout (n or p) lrl ms]-> pace { << VP() >> p ! << p @now>> --cause pace when LRL times out & last_beat:= now << last_beat= now>> }; T4_VS_AFTER_VP: --sense after pace=>check if in VRP pace -[ on dispatch s]-> check_pace_vrp{}; T5_VS_AFTER_VP_IN_VRP: -- s in VRP, go back to "pace" state check_pace_vrp -[( now -last_beat)<vrp]-> pace{}; T6_VS_AFTER_VP_IS_NR: --s after VRP, --go to "sense" state, send n ! , reset timeouts check_pace_vrp -[( now -last_beat)>=vrp]-> sense { << VS() >> n ! << n @now>> --send n ! to reset timeouts & last_beat:= now << last_beat= now>> }; . . . ✝ ✆ Brian R Larson BLESS Language and Tools October 28, 2019 15 / 24

  16. BLESS is OSATE Plugin(s) Editor Text Editor The BLESS editor plugin to OSATE was created with Xtext to seamlessly add syntax coloring, grammar checking while typing, and error markers for BLESS annex subclauses, and Assertion annex libraries. Brian R Larson BLESS Language and Tools October 28, 2019 16 / 24

  17. BLESS is OSATE Plugin(s) Proof Assistant Proof Assistant The BLESS proof assistant plugin to OSATE generates proofs 1 that formally verifies that behavior implementations meet behavior specifications. 1 with human guidance Brian R Larson BLESS Language and Tools October 28, 2019 17 / 24

  18. BLESS is a Formal Verification Method Transform Proof Outlines to Deductive Proofs BLESS assertions attached to states, and interspersed though actions performed when transitions occur form a proof outline . BLESS state machines are verified to uphold their specifications by transforming their proof outlines into deductive proofs. 2 The last theorem in the proof says all verification conditions have been met. 2 sequences of theorems, each of which is given or axiomatic, or derived from prior theorems in the sequence by sound inference rules Brian R Larson BLESS Language and Tools October 28, 2019 18 / 24

  19. BLESS is a Formal Verification Method Composition Verification BLESS allows composite components (having proved correct subcomponents) to be proved correct. Composition verification conditions: out port’s assertion implies connected in port’s assertion (assume-guarantee) conjunction of subcomponents’ invariants implies containing component’s invariant Brian R Larson BLESS Language and Tools October 28, 2019 19 / 24

  20. BLESS Generates Real Code for Real Embedded Systems Adventium Lab’s ISOSCELES BLESS Generates C++ Kansas State University worked with Adventium Labs on Intrinsically-Secure, Open, and Safe Cyber-physically Enabled Life-critical Essential Services (ISOSCELES) for the Department of Homeland Security to develop a platform for secure medical devices. Proof-of-concept C++ code auto-generated from BLESS using AADL runtime services implemented for ISOSCELES. Brian R Larson BLESS Language and Tools October 28, 2019 20 / 24

  21. BLESS Generates Real Code for Real Embedded Systems Kansas State University’s Slang BLESS Generates Slang Alternatively, proof-of-concept Slang 3 can be generated from BLESS. This enables BLESS to take advantage of the Slang development and simulation environment and its translation backends. 3 KSU-developed dialect of Scala Brian R Larson BLESS Language and Tools October 28, 2019 21 / 24

  22. Summary AADL+BLESS unifies specification, programming, and verification with architecture (SSoT). BLESS treats programs, specifications, and executions as mathematical objects; deductive proofs argue that every execution conforms to specification. BLESS was created to be used by practicing engineers. BLESS correctness proofs can be read, understood, and checked. BLESS generates proof-of-concept executable code through two, different, compilation tool chains. Together with architecture-centric virtual integration, BLESS may reduce costs and duration of development as tests confirm correctness rather than finding errors. Brian R Larson BLESS Language and Tools October 28, 2019 22 / 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply mathematical arguments to prove the correctness of systems Systems have bugs Formal verification aims to find and correct such bugs Why? Computer systems

1.42k views • 122 slides
Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for Analyzing Computing Systems Shilpi Goel shilpi@centtech.com Formal Verification Engineer Centaur Technology, Inc. Software and Reliability Can we rely

1.14k views • 78 slides
Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim for automation (bit level) Find niches where formal methods work well Use assertions/ properties first in sim. and then in FV (the acronym is ABV,

1.14k views • 65 slides
Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry 1 Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal verification Machine-checked proof Automatic and interactive approaches HOL Light Floating point

366 views • 25 slides
Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic 1 Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal verification Machine-checked proof Automatic and interactive approaches HOL Light

539 views • 19 slides
Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms 1 Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of bugs Formal verification Levels of verification HOL Light Formalizing mathematics

353 views • 19 slides
Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA http://www.clifford.at/papers/2018/riscv-formal/ About assertion based formal verification (formal ABV) Assertion based verification (ABV) Uses

781 views • 39 slides
Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal Verification Yosys-STMBMC iCE40 FPGAs Bounded Model Checking (Project IceStorm) Using any SMT-LIB2 solver (using QF_AUFBV logic) Xilinx

706 views • 56 slides
Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim Kobeissi PROSECCO: Pro gramming Sec urely with C rypt o graphy. Team at INRIA Paris specializing in applied cryptography and formal verification.

357 views • 14 slides
Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica

Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica

Formal Specification and Verification Formal specification (2) 29.11.2016 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Until now Logic Formal specification (generalities) Algebraic specification 2 Formal

627 views • 19 slides
Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica

Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica

Formal Specification and Verification Formal specification (2) 6.12.2016 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Until now Logic Formal specification (generalities) Algebraic specification Transition systems 2

798 views • 62 slides
Formal Verification and Testing for Formal Verification and Testing for Reactive Systems

Formal Verification and Testing for Formal Verification and Testing for Reactive Systems

ARTIST2 - ARTIST2 - MOTIVES MOTIVES Trento - - Italy, February 19 Italy, February 19- -23, 2007 23, 2007 Trento Session: Testing and Runtime Verification Formal Verification and Testing for Formal Verification and Testing for Reactive

881 views • 31 slides
Machine Learning in Formal Verification Manish Pandey, PhD Chief Architect, New Technologies

Machine Learning in Formal Verification Manish Pandey, PhD Chief Architect, New Technologies

Machine Learning in Formal Verification Manish Pandey, PhD Chief Architect, New Technologies Synopsys, Inc. June 18, 2017 1 Build Better Formal Verification Tools? CAR BICYCLE DOG S oftware that learns from experience and enables

767 views • 40 slides
Formal Verification with SymbiYosys and Yosys-SMTBMC Clifford Wolf Availability of various EDA

Formal Verification with SymbiYosys and Yosys-SMTBMC Clifford Wolf Availability of various EDA

Formal Verification with SymbiYosys and Yosys-SMTBMC Clifford Wolf Availability of various EDA tools for students, hobbyists, enthusiasts FPGA Synthesis Formal Verification Free to use: Free to use: Xilinx Vivado WebPack,

818 views • 49 slides
Formal Verification via MCMAS &amp; PRISM Hongyang Qu University of Sheffield 1 December 2015

Formal Verification via MCMAS &amp; PRISM Hongyang Qu University of Sheffield 1 December 2015

Formal Verification via MCMAS &amp; PRISM Hongyang Qu University of Sheffield 1 December 2015 Outline Motivation for Formal Verification Overview of MCMAS Overview of PRISM Formal verification It is a systematic way to check

461 views • 34 slides
Formal Specification and Verification 8.11.2016 Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification 8.11.2016 Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification 8.11.2016 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Mathematical foundations Formal logic: Syntax: a formal language (formula expressing facts) Semantics: to define the meaning

740 views • 54 slides
Introduction ASD and Inclusion Current State of Inclusion Gap Difficulties putting

Introduction ASD and Inclusion Current State of Inclusion Gap Difficulties putting

Introduction ASD and Inclusion Current State of Inclusion Gap Difficulties putting law into practice Roles and Responsibilities School Personnel Parents Research Question : The purpose of this study was to identify

571 views • 7 slides
Feature Assembly Find out what, why and how in 5 steps. Find out what, why and how in 5 steps.

Feature Assembly Find out what, why and how in 5 steps. Find out what, why and how in 5 steps.

Feature Assembly Find out what, why and how in 5 steps. Find out what, why and how in 5 steps. Move from Creating products To .. Assembling products Step 1: Turn your challenge into an opportunity How to anticipate and manage complexity

496 views • 38 slides
Computer er S Scien ence D e Depar artmen ent November 3, 2017 College of Natural a and B

Computer er S Scien ence D e Depar artmen ent November 3, 2017 College of Natural a and B

CS Advisory C Council M Meeting Computer er S Scien ence D e Depar artmen ent November 3, 2017 College of Natural a and B Behavio ioral S Sciences y Domin inguez H Hills ills Californ rnia S State U e Univer ersity Mohsen

768 views • 31 slides
Assembly Language Introduction Learning Objectives Explain what assembly language is

Assembly Language Introduction Learning Objectives Explain what assembly language is

Assembly Language Introduction Learning Objectives Explain what assembly language is Define Registers Instruction Operands Produce assembly from C 9/22/2015 CS61 Fall 2015 1 What is assembly? Yet another layer

450 views • 7 slides
Biosimilar Pathway Sunhee (Sunny) Lee, Partner SUGHRUE MION PLLC www.sughrue.com April 2010

Biosimilar Pathway Sunhee (Sunny) Lee, Partner SUGHRUE MION PLLC www.sughrue.com April 2010

Biosimilar Pathway Sunhee (Sunny) Lee, Partner SUGHRUE MION PLLC www.sughrue.com April 2010 Biosimilar Pathway Biosimilar pathway balance between innovator and biosimilar product Patient Protection and Affordable Care Act (H.R. 3590)

412 views • 13 slides
Enhancing public engagement in climate change: Five assertions 2011 Climate Change Communicators of

Enhancing public engagement in climate change: Five assertions 2011 Climate Change Communicators of

Enhancing public engagement in climate change: Five assertions 2011 Climate Change Communicators of the Year Award Seminar June 8 th , 2011 Edward Maibach, MPH, PhD Public engagement both process and outcome Public engagement the process

367 views • 35 slides
Class Objectives What is the State Whistleblower Act? Definitions of Improper

Class Objectives What is the State Whistleblower Act? Definitions of Improper

W A S H I N G T O N S T A T E U N I V E R S I T Y Sta State Whistl Whistlebl eblower wer Act Act Heather Lopez Chief Audit Executive, Internal Audit August 2019 Updated August 2019 Class Objectives What is the State

229 views • 9 slides
Economic Development Support Team Asserting First Nations Rights for Economic Benefit December

Economic Development Support Team Asserting First Nations Rights for Economic Benefit December

Economic Development Support Team Asserting First Nations Rights for Economic Benefit December 12, 2017 EDST Description The Economic Development Support Team (EDST) is jointly funded by New Relationship Trust (NRT) and Western Economic

421 views • 18 slides

More recommend