formal engineering of reliable software
play

Formal Engineering of Reliable Software Natasha Sharygina Carnegie - PowerPoint PPT Presentation

Mar 18, 2024 •135 likes •376 views

Formal Engineering of Reliable Software Natasha Sharygina Carnegie Mellon University LASER 2004 school Tutorial, Lecture1 1 Project Goals To Build Reliable and Robust Software Systems by 1) Integrating Systems Engineering with Formal

  1. Formal Engineering of Reliable Software Natasha Sharygina Carnegie Mellon University LASER 2004 school Tutorial, Lecture1 1

  2. Project Goals To Build Reliable and Robust Software Systems by 1) Integrating Systems Engineering with Formal Verification techniques 2) Enabling Model Checking of Realistic Software Systems 2

  3. Outline Lecture 1, part 1 • Motivation • Model Checking Lecture 1, part 2 • State/Event-based software model checking Lecture 2 • Component Substitutability 3

  4. Outline Lecture 1, part 1 • Motivation • Model Checking Lecture 1, part 2 • State/Event-based software model checking Lecture 2 • Component Substitutability 4

  5. Motivation Goal: Build reliable computer systems - Secure and safe execution - Predictable designs (no unexpected behaviors) Applications: embedded systems in avionics, space, robotics, electro-mechanical engineering, etc. 5

  6. Motivation Approach: Integrate Validation and Verification with Systems Engineering – Reasoning about system designs during their construction – Design for verification 6

  7. ComFoRT: Component Formal Reasoning Framework SYSTEM System High-level ENGINEERING Design Specification Formal Temporal Model Properties FORMAL VERIFICATION MODEL CHECKER � � X X 7 DESIGN CORRECT BUG FOUND OUT OF RESOURCES

  8. CCL Modeling Language A CCL system is a parallel composition of individual sequential programs, P = p 1 || … || p n , Sample commands of CCL programs: Assignments: x: = exp | x := any{exp 1 , …, exp n } Communication: : Generate e i (ID,exp) - Event generation Receive e i (ID,x) - Event consumption Compounds: if then else, while do od, switch 8

  9. Sample CCL state model State Transition State Action Message Type State 9

  10. Outline • Motivation • Model Checking • State/Event-based software model checking • Component Substitutability 10

  11. Temporal Logic Model Checking • Systems are modeled by finite state machines . • Properties are written in propositional temporal logic. • Verification procedure is an exhaustive search of the state space of the design. • Diagnostic counterexamples 11

  12. What is Model Checking? Does model M satisfy a property P ? (written M |= P) What is “M”? What is “P”? What is “satisfy”? 12

  13. What is “M”? States: valuations to all variables a b Initial states: subset of states Arcs: transitions between states b c c Atomic Propositions: e.g. x = 5, y = true State Transition Graph or Kripke Model Observation (color): Valuation to all atomic propositions 13

  14. Model of Computation a b a b b c c a b c c b c c State Transition Graph Infinite Computation Tree Unwind State Graph to obtain Infinite Tree. A trace is an infinite sequence of states. 14

  15. What is “P”? Syntax: What are the property formulas? Semantics: What does it mean for model M to satisfy formula P ? Formulas: - Atomic propositions: properties of states - (Linear) Temporal Logic Specifications: properties of traces . 15

  16. Specification (Property) Examples: Safety (mutual exclusion): no two processes can be at the critical section at the same time Liveness (absence of starvation): every request will be eventually granted Linear Time Logic (LTL) [Pnueli 77]: logic of temporal sequences. • next ( α ): α holds in the next state α • eventually( γ ): γ holds eventually γ • always( λ ): λ holds from now on λ λ λ λ λ λ • α until β : α holds until β holds 16 α α α α β β

  17. NASA Robot Controller System v EEF Dynamics Criteria Compliance Kinematics Forces W Torques Inertia Perform ance Operational Software Components To Simulation Resource Operator Priority Setting Allocation Real-Time Control Components A ctuator C ontrol 17

  18. Modeling of the NASA Robot Controller System Foreach Joint{ ee_reference=0; Generate EE6: MoveEndEffector(EE_ID) end_position=0; J1:Configure(Joint(Joint_ID).Joint_ID);} Idle arm_status=0; EE5: back(EE_ID) MovingJoints Initial Following A2: NotValidConfiguration(Arm ID) A1:Valid(Arm_ID) positioning Desired Trajectory EE3: BacktoIdle(EE_ID) A3:toNotValidState(Arm_ID Valid Not_Valid ) EE2: CheckLimits(EE_ID) arm_status=0; arm_status=1; ee_reference=1; ….. A4:toValidState(Arm_ID) if(Current_position>=final_point) For (int i=0;i<6;i++){ end_position=1; if (Current_position[i]>Limit[i]{ End_position=1;}} stopped …… EE4: CheckConstraints(EE_ID) A5:stop(Arm_ID) A6:terminate(Arm_ID) Checking constraints abort_var=1; || EndEffector Arm 18

  19. Examples of the Robot Control Properties • Safety Operation: If the EndEffector reaches an undesired position, then the program terminates prior to a new move of the EndEffector AfterAlwaysUntil(undesired_position =1,ee_reference=1,abort_var=1) • Configuration Validity Check: If an instance of EndEffector is in the “FollowingDesiredTrajectory” state, then the instance of the corresponding Arm class is in the ‘Valid” state Always((ee_reference=1) ->(arm_status=1) • Control Termination: Eventually the robot control terminates EventuallyAlways(abort_var=1) 19

  20. What is “satisfy”? M satisfies P if all the reachable states satisfy P Different Algorithms to check if M |= P . - Explicit State Space Exploration For example: Invariant checking Algorithm. 1. Start at the initial states and explore the states of M using DFS or BFS. 2. In any state, if P is violated then print an “error trace”. 3. If all reachable states have been visited then say “yes”. 20

  21. State Space Explosion Problem: Size of the state graph can be exponential in size of the program (both in the number of the program variables and the number of program components ) M = M 1 || … || M n If each M i has just 2 local states, potentially 2 n global states Research Directions: State space reduction 21

  22. State Space Explosion Principal Approaches to State Space Reduction: • Abstraction (elimination of details irrelevant to verification of a property) • Compositional reasoning (reasoning about parts of the system) • Symbolic Verification (BDDs represent state transition diagrams more efficiently) • Partial Order Reduction (reduction of number of states that must be enumerated) • Other (symmetry, cone of influence reduction, ….) 22

  23. Systems engineering and model checking Principal Approach • Component-based system design • Compositional reasoning (reasoning about parts of the system) 23

  24. Components Compositional reasoning reduces reasoning about entire system to reasoning about individual parts - Decompose the model: M = M1 || M2 Partition global properties into local properties: P= P1 ∧ P2 - - Show that M1 |= P1 and M2 |= P2 Component-based design Library of verified components � predictable designs - 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal software engineering for computational modelling Formal software engineering Focus on

Formal software engineering for computational modelling Formal software engineering Focus on

Formal software engineering for computational modelling Formal software engineering Focus on the formal, mathematical side of software Ex. Algebra Three problems What are the concepts that have to be used for the construction of

110 views • 7 slides
Formal Specification with Z ch ? = right arrow Software Engineering Software Engineering right

Formal Specification with Z ch ? = right arrow Software Engineering Software Engineering right

These slides are based on Jonathan Jackys The Way of Z Forward Editor ch ? : CHAR Formal Specification with Z ch ? = right arrow Software Engineering Software Engineering right = Andreas Zeller Saarland University

417 views • 24 slides
Formal Logical Environments for Building Reliable, High-Performance Software Christoph Kreitz

Formal Logical Environments for Building Reliable, High-Performance Software Christoph Kreitz

Formal Logical Environments for Building Reliable, High-Performance Software Christoph Kreitz Department of Computer Science, Cornell University Ithaca, NY 14853 Why Formal Formal Logical Environments? Too many errors in informal arguments

577 views • 25 slides
Introduction to Software Engineering 1 What is Software Engineering? The establishment and

Introduction to Software Engineering 1 What is Software Engineering? The establishment and

Introduction to Software Engineering 1 What is Software Engineering? The establishment and use of sound engineering principles in order to obtain economically software that is reliable and works efficiently on real machines. As

1.01k views • 59 slides
E ff ectively Using JML Software Engineering Processes incorporating Formal Specification Joseph

E ff ectively Using JML Software Engineering Processes incorporating Formal Specification Joseph

E ff ectively Using JML Software Engineering Processes incorporating Formal Specification Joseph Kiniry Department of Computer Science University College Dublin Software Engineering Processes old-school processes CRC and state-chart based

233 views • 21 slides
Department of Computer Science People in Software Engineering: Research at Samik Basu (Formal

Department of Computer Science People in Software Engineering: Research at Samik Basu (Formal

Department of Computer Science People in Software Engineering: Research at Samik Basu (Formal Methods) Iowa State University Carl Chang (Requirements Engineering) Gary T. Leavens (Formal Methods, AOP) (summary) Markus Lumpe

322 views • 3 slides
Formal methods for Safety Assessment of Critical Software at RATP Engineering Department --

Formal methods for Safety Assessment of Critical Software at RATP Engineering Department --

Formal methods for Safety Assessment of Critical Software at RATP Engineering Department -- RATP/ING/STF/QS/AQL Evguenia DMITRIEVA / Oct 16 2014, Toulouse Plan 1. Industrial Context 2. Formal methods for software safety assessment : PERF 3.

498 views • 32 slides
Why FT-Software? Safe and reliable software operation is a significant requirement for many

Why FT-Software? Safe and reliable software operation is a significant requirement for many

Software Fault-Tolerance Techniques Techniques Hadi Salimi Distributed Systems Lab, School of Computer Engineering, School of Computer Engineering, Iran University of Science and Technology, hsalimi@iust.ac.ir Why FT-Software? Safe and

660 views • 29 slides
Formal Methods Software Engineering 2008 Bernd Schoeller ETH Zurich The Grand Challenge The

Formal Methods Software Engineering 2008 Bernd Schoeller ETH Zurich The Grand Challenge The

Formal Methods Software Engineering 2008 Bernd Schoeller ETH Zurich The Grand Challenge The ideal of correct software has long been the goal of research in Computer Science. We now have a good theoretical understanding of how to describe what

806 views • 31 slides
Concurrency Bugs Ben Liblit with Guoliang Jin and Shan Lu We need reliable software Peoples

Concurrency Bugs Ben Liblit with Guoliang Jin and Shan Lu We need reliable software Peoples

Automated Repair of Concurrency Bugs Ben Liblit with Guoliang Jin and Shan Lu We need reliable software Peoples daily life now depends on reliable software Software companies spend lots of resources on debugging More than 50% effort

792 views • 55 slides
Industrial use of a safe and efficient formal method based software engineering process in

Industrial use of a safe and efficient formal method based software engineering process in

Industrial use of a safe and efficient formal method based software engineering process in avionics Presented by Jean Souyris Airbus Operations SAS Abderrahmane Brahmi*, Marie-Jo Carolus*, David Delmas*, Mohamed Habib Essoussi*, Pascal

547 views • 16 slides
Human factors: Intertwining of formal and empirical methods in software engineering HaPoC

Human factors: Intertwining of formal and empirical methods in software engineering HaPoC

Human factors: Intertwining of formal and empirical methods in software engineering HaPoC Symposium at IACAP-14 Conference of the International Association for Computing and Philosophy Thessaloniki, July 3rd 2014 Gonzalo Gnova

401 views • 12 slides
CS314 Software Engineering New Intern Orientation Dave Matthews TripCo - Welcome to your

CS314 Software Engineering New Intern Orientation Dave Matthews TripCo - Welcome to your

1/13/18 CS314 Software Engineering New Intern Orientation Dave Matthews TripCo - Welcome to your Internship! A mobile web application development startup that quickly produces reliable, high quality solutions using Agile software engineering

76 views • 7 slides
Types of Formal Specifications for Assertions Concurrent and Reactive Systems Assertions

Types of Formal Specifications for Assertions Concurrent and Reactive Systems Assertions

Outline Formal specifications CISC422/853: Formal Methods Types of formal specifications: in Software Engineering: assertions invariants Computer-Aided Verification safety and liveness properties How to express safety

226 views • 22 slides
Integrating Reliable Memory in Databases Wee Teck Ng, Peter M. Chen Computer Science and

Integrating Reliable Memory in Databases Wee Teck Ng, Peter M. Chen Computer Science and

Integrating Reliable Memory in Databases Wee Teck Ng, Peter M. Chen Computer Science and Engineering Division Electrical Engineering and Computer Science University of Michigan Objectives Introduce the Rio file cache software-based reliable

364 views • 13 slides
Software Engineering Software Applications A.Y. 2020/2021 What is software engineering? What is

Software Engineering Software Applications A.Y. 2020/2021 What is software engineering? What is

Software Engineering Software Applications A.Y. 2020/2021 What is software engineering? What is software engineering? An engineering discipline that is concerned with all aspects of software production from the early stages of system

676 views • 29 slides
Stochastic Identification of Jet particles in pPb and PbPb Martin Schmidt Physikalisches

Stochastic Identification of Jet particles in pPb and PbPb Martin Schmidt Physikalisches

BMBF Forschungsschwerpunkt BMBF Forschungsschwerpunkt 202 ALICE Experiment ALICE Experiment Stochastic Identification of Jet particles in pPb and PbPb Martin Schmidt Physikalisches Institut, University of Tbingen Jet Meeting

581 views • 34 slides
Optimization Techniques for BDD-based Bisimulation Computation Ralf Wimmer, Marc Herbstritt,

Optimization Techniques for BDD-based Bisimulation Computation Ralf Wimmer, Marc Herbstritt,

Optimization Techniques for BDD-based Bisimulation Computation Ralf Wimmer, Marc Herbstritt, Bernd Becker Institute of Computer Science University of Freiburg Germany Great Lakes Symposium on VLSI March 13 th , 2007 Outline Motivation 1

623 views • 30 slides
Radiative energy loss in absorptive media Marcus Bluhm Laboratoire SUBATECH, Nantes with P . B.

Radiative energy loss in absorptive media Marcus Bluhm Laboratoire SUBATECH, Nantes with P . B.

Radiative energy loss in absorptive media Marcus Bluhm Laboratoire SUBATECH, Nantes with P . B. Gossiaux, T. Gousset, J. Aichelin Heavy Ion Collisions in the LHC Era - Rencontres du Vietnam Quy Nhon, Vietnam, July 15-21, 2012 based on: MB, P

454 views • 27 slides
Directed Model Checking (not only) for Timed Automata Sebastian Kupferschmid March, 2010 Model

Directed Model Checking (not only) for Timed Automata Sebastian Kupferschmid March, 2010 Model

Directed Model Checking (not only) for Timed Automata Sebastian Kupferschmid March, 2010 Model Checking Motivation Embedded Systems Omnipresent Safety relevant systems Pentium bug Ariane 5 Errors can be extremely harmful Correct

837 views • 67 slides
Automatic Verification of RMA Programs via Abstraction Extrapolation Cedric Baumann 1 , Andrei

Automatic Verification of RMA Programs via Abstraction Extrapolation Cedric Baumann 1 , Andrei

Automatic Verification of RMA Programs via Abstraction Extrapolation Cedric Baumann 1 , Andrei Marian Dan 1 , Yuri Meshman 2 , Torsten Hoefler 1 , Martin Vechev 1 1 Department of Computer Science, ETH Zurich, Switzerland 2 IMDEA Software Institute,

761 views • 61 slides
Does metallicity influence the evolution and rate of Type Ia supernovae? (WD mergers) Ashley J.

Does metallicity influence the evolution and rate of Type Ia supernovae? (WD mergers) Ashley J.

Does metallicity influence the evolution and rate of Type Ia supernovae? (WD mergers) Ashley J. Ruiter Postdoctoral Research Fellow (group of Brian Schmidt) Research School of Astronomy &amp; Astrophysics Mount Stromlo Observatory The

481 views • 13 slides
IGDA Unity SIG II AI in Unity Emil AngryAnt Johansen Unity Technologies AI in Unity

IGDA Unity SIG II AI in Unity Emil AngryAnt Johansen Unity Technologies AI in Unity

IGDA Unity SIG II AI in Unity Emil AngryAnt Johansen Unity Technologies AI in Unity Sensors Decision logic Navigation Sensors Active &quot;Passive&quot; Message driven Second pass filtering Additional sensors or inclusion areas

719 views • 23 slides
Future or futures? Au ur Ingimarsdttir, Sigurkarl Stefnsson, Caitlin Wilson I SEE project

Future or futures? Au ur Ingimarsdttir, Sigurkarl Stefnsson, Caitlin Wilson I SEE project

Future or futures? Au ur Ingimarsdttir, Sigurkarl Stefnsson, Caitlin Wilson I SEE project In contemporary society, uncertainty prevails (Rosa, 2013) The future is perceived as threatening, and science and technology are

407 views • 12 slides

More recommend