formal software design with alloy and electrum
play

formal software design with alloy and electrum temporal logic - PowerPoint PPT Presentation

Jul 09, 2023 •234 likes •740 views

Julien Brunel, David Chemouil, Alcino Cunha, Eunsuk Kang, Nuno Macedo formal software design with alloy and electrum temporal logic Universidade do Minho & INESC TEC ONERA DTIS & Universit fdrale de Toulouse Carnegie Mellon

  1. Julien Brunel, David Chemouil, Alcino Cunha, Eunsuk Kang, Nuno Macedo formal software design with alloy and electrum temporal logic Universidade do Minho & INESC TEC ONERA DTIS & Université fédérale de Toulouse Carnegie Mellon University 3rd World Congress on Formal Methods, Porto, Portugal, October 2019

  2. temporal logic

  3. formal software design with alloy and electrum / temporal logic 3 / 50 linear temporal logic E lectrum includes temporal connectives from Linear Temporal Logic (LTL). Formulas are interpreted over infinite sequences of states (traces).

  4. formal software design with alloy and electrum / temporal logic 4 / 50 future operators E lectrum Meaning p is always true from now on always p eventually p p will eventually be true p will be true in the next state after p p until q q will eventually be and p is true until then q can only be false afer p is true p releases q

  5. formal software design with alloy and electrum / temporal logic 5 / 50 past operators E lectrum Meaning p was always true historically p once p p was once true p was true in the previous state before p q was once true and p has been true aferwards p since q if p was once true, then q has been true onwards p triggered q

  6. formal software design with alloy and electrum / temporal logic 6 / 50 semantics by example eventually B

  7. formal software design with alloy and electrum / temporal logic 7 / 50 semantics by example not eventually B

  8. formal software design with alloy and electrum / temporal logic 8 / 50 semantics by example always A

  9. formal software design with alloy and electrum / temporal logic 9 / 50 semantics by example not always A

  10. formal software design with alloy and electrum / temporal logic 10 / 50 semantics by example before B

  11. formal software design with alloy and electrum / temporal logic 11 / 50 semantics by example not before B

  12. formal software design with alloy and electrum / temporal logic 12 / 50 semantics by example once B

  13. formal software design with alloy and electrum / temporal logic 13 / 50 semantics by example once A

  14. formal software design with alloy and electrum / temporal logic 14 / 50 semantics by example always (B implies eventually A)

  15. formal software design with alloy and electrum / temporal logic 15 / 50 semantics by example not always (A implies eventually B)

  16. formal software design with alloy and electrum / temporal logic 16 / 50 semantics by example eventually always A

  17. formal software design with alloy and electrum / temporal logic 17 / 50 semantics by example not eventually always B

  18. formal software design with alloy and electrum / temporal logic 18 / 50 semantics by example always eventually A

  19. formal software design with alloy and electrum / temporal logic 19 / 50 semantics by example not always eventually B

  20. formal software design with alloy and electrum / temporal logic 20 / 50 some ltl valid formulas always A iff not eventually not A eventually always A implies always eventually A A until B implies eventually B A releases B iff ( always not A) or B until (A and B)

  21. formal software design with alloy and electrum / temporal logic 21 / 50 trash Design a trash such that: A deleted file can still be restored if the trash is not emptied

  22. formal software design with alloy and electrum / temporal logic 22 / 50 trash assert restoreIsPossibleBeforeEmpty { -- a deleted file can still be restored if the trash is not emptied always ( all f:File | delete[f] implies (empty releases restoreEnabled[f])) }

  23. formal software design with alloy and electrum / temporal logic 23 / 50

  24. formal software design with alloy and electrum / temporal logic 24 / 50 exercise https://github.com/haslab/Electrum2/wiki/Trash (exercises 4)

  25. infinite traces

  26. formal software design with alloy and electrum / infinite traces 26 / 50 why infinite traces only? Semantic issues with finite traces What formulas are true in the last state? Different possible semantics In Electrum: infinite traces only Caveat: no deadlock detection in general But a finite trace can be represented by an infinite one stuttering on the last state

  27. formal software design with alloy and electrum / infinite traces 27 / 50 finite representation with lassos L asso trace Some infinite traces can be represented by finite lasso traces Notice some infinite traces cannot Small-Model Property for LTL If an LTL formula is satisfiable, then it is satisfied by at least one lasso trace.

  28. example

  29. formal software design with alloy and electrum / example 29 / 50 leader election in a ring V erify the correctness of the protocol: One leader will be elected

  30. formal software design with alloy and electrum / example 30 / 50 configuration and state open util/ordering[Id] sig Id {} sig Node { id : one Id, succ : one Node, var inbox : set Id, var outbox : set Id } fact ring { all i : Id | lone id.i all n : Node | Node in n.^succ }

  31. formal software design with alloy and electrum / example 31 / 50 election fun elected : set Node { { n : Node | once n.id in n.inbox } }

  32. formal software design with alloy and electrum / example 32 / 50 operations pred send [n : Node] { ... } pred compute [n : Node] { some i : n.inbox { n.inbox' = n.inbox - i n.outbox' = n.outbox + (i - n.id.*(~next)) } all m : Node - n | m.inbox' = m.inbox all m : Node - n | m.outbox' = m.outbox } pred skip { ... }

  33. formal software design with alloy and electrum / example 33 / 50 behavior fact init { no inbox outbox = id } fact transitions { always (skip or some n : Node | send[n] or compute[n]) }

  34. formal software design with alloy and electrum / example 34 / 50 exercise https://github.com/haslab/Electrum2/wiki/Leader-election (exercise 1-3)

  35. safety vs liveness

  36. formal software design with alloy and electrum / safety vs liveness 36 / 50 safety properties Something “bad” will never happen. A trace that violates a safety property has a “bad” prefix. A “bad” prefix is one s.t. every possible continuation violates the property. always p always (p implies once q) always (p implies after always not p)

  37. formal software design with alloy and electrum / safety vs liveness 37 / 50 leader election assert safety { always lone elected }

  38. formal software design with alloy and electrum / safety vs liveness 38 / 50

  39. formal software design with alloy and electrum / safety vs liveness 39 / 50 exercise https://github.com/haslab/Electrum2/wiki/Leader-election (exercise 4)

  40. formal software design with alloy and electrum / safety vs liveness 40 / 50 liveness properties Something “good” will eventually happen. A property is a liveness property if any prefix can be extended to an infinite trace satisfying it. Much harder to check than safety properties. ◮ Observing a prefix is not sufficient to detect a violation. eventually p always (p implies eventually q) always eventually p

  41. formal software design with alloy and electrum / safety vs liveness 41 / 50 leader election assert liveness { eventually some elected }

  42. formal software design with alloy and electrum / safety vs liveness 42 / 50

  43. fairness

  44. formal software design with alloy and electrum / fairness 44 / 50 fairness assumptions Necessary for verifying most liveness properties. Exclude traces where an event becomes “continuously” enabled but never occurs ◮ continuously = infinitely ofen (strong) ◮ continuously = permanently (weak) Strong fairness ( always eventually p) implies ( always eventually q) Weak fairness ( eventually always p) implies ( always eventually q)

  45. formal software design with alloy and electrum / fairness 45 / 50 leader election specification fixed pred sendEnabled [n : Node] { some n.outbox } pred computeEnabled [n : Node] { some n.inbox } pred fairness { all n : Node { ( eventually always sendEnabled[n]) implies ( always eventually send[n]) ( eventually always computeEnabled[n]) implies ( always eventually compute[n]) } } assert liveness { fairness implies eventually some elected }

  46. concurrent executions

  47. formal software design with alloy and electrum / concurrent executions 47 / 50 interleaved vs. concurrent executions P revious models force interleaved execution of operations ◮ the frame condition in each event prevents other events from occurring Concurrent executions can also be specified in Electrum ◮ frame conditions must be relaxed, but still prevent arbitrary changes ◮ counter-examples can be shorter (more efficient verification) but harder to understand ◮ some properties that are true in an interleaved model may no longer be true

  48. formal software design with alloy and electrum / concurrent executions 48 / 50 operations redefined pred skip { ... } pred send [n : Node] { ... } pred compute [n : Node] { some i : n.inbox { n.inbox' = n.inbox - i n.outbox' = n.outbox + (i - n.id.*(~next)) } }

  49. formal software design with alloy and electrum / concurrent executions 49 / 50 frame conditions fact frame { always all n : Node { n.inbox' != n.inbox implies (compute[n] or send[succ.n]) n.outbox' != n.outbox implies (compute[n] or send[n]) } }

  50. formal software design with alloy and electrum / concurrent executions 50 / 50

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

formal software design with alloy and electrum overview Universidade do Minho & INESC TEC

formal software design with alloy and electrum overview Universidade do Minho & INESC TEC

Julien Brunel, David Chemouil, Alcino Cunha, Eunsuk Kang, Nuno Macedo formal software design with alloy and electrum overview Universidade do Minho & INESC TEC ONERA DTIS & Universit fdrale de Toulouse Carnegie Mellon University

652 views • 31 slides
Lecture on Automated Software Engineering Alloy: Analyzing Software Requirements, Design and

Lecture on Automated Software Engineering Alloy: Analyzing Software Requirements, Design and

Lecture on Automated Software Engineering Alloy: Analyzing Software Requirements, Design and Algorithms Martin Monperrus, Ph.D. version of Oct 15, 2012 Creative Commons Attribution License Copying and modifying are authorized as long as

818 views • 34 slides
Electrum Lightweight specification of behavioral models with rich configurations Julien Brunel 1

Electrum Lightweight specification of behavioral models with rich configurations Julien Brunel 1

Electrum Lightweight specification of behavioral models with rich configurations Julien Brunel 1 , David Chemouil 1 , Alcino Cunha 2 , Nuno Macedo 2 et al. Workshop on the Future of Alloy, April 30 & May 1, 2018, MIT. 1 ONERA/DTIS &

209 views • 7 slides
alloy oy Daniel Jackson MIT Lab for Computer Science 6898: Advanced Topics in Software Design

alloy oy Daniel Jackson MIT Lab for Computer Science 6898: Advanced Topics in Software Design

alloy oy Daniel Jackson MIT Lab for Computer Science 6898: Advanced Topics in Software Design February 11, 2002 co course ad rse admin in new version of bill new version of bills notes online s notes online schedule today: Alloy

599 views • 34 slides
An Overview of the Alloy Language & Analyzer Slides contain some modified content from the

An Overview of the Alloy Language & Analyzer Slides contain some modified content from the

An Overview of the Alloy Language & Analyzer Slides contain some modified content from the Alloy Tutorial by G. Dennis & R. Seater (see alloy.mit.edu) Alloy Lecture 1 1 What is Alloy? A formal language and analyzer based on Z

329 views • 6 slides
The Master Alloy of Al -Nb- B 1 The Master Alloy of Al-Nb-B Edmundo Burgos Cruz

The Master Alloy of Al -Nb- B 1 The Master Alloy of Al-Nb-B Edmundo Burgos Cruz

The Master Alloy of Al -Nb- B 1 The Master Alloy of Al-Nb-B Edmundo Burgos Cruz Daniel Pallos Fridman Alarcio Martins Vieira Technology Center - CBMM - Brazil Overview Motivation Master Alloy Design

537 views • 18 slides
Preventing Arithmetic Overflows in Alloy Aleksandar Milicevic Daniel Jackson

Preventing Arithmetic Overflows in Alloy Aleksandar Milicevic Daniel Jackson

Preventing Arithmetic Overflows in Alloy Aleksandar Milicevic Daniel Jackson (aleks@csail.mit.edu) (dnj@csail.mit.edu) Software Design Group Massachusetts Institute of Technology Cambridge, MA International Conference of Alloy, ASM, B, VDM,

2.03k views • 65 slides
Principles of Software Construction: Objects, Design, and Concurrency A formal design process

Principles of Software Construction: Objects, Design, and Concurrency A formal design process

Principles of Software Construction: Objects, Design, and Concurrency A formal design process Josh Bloch Charlie Garrod Darya Melicher 17-214 1 Administrivia Homework 2 feedback in your GitHub repository Homework 3 due today at

829 views • 28 slides
Alloy Intro Trimble & Authorized Trimble Dealer Only Trimble RTN Overview RTN Software

Alloy Intro Trimble & Authorized Trimble Dealer Only Trimble RTN Overview RTN Software

2018 IGNSS Conference | Michael Bruno | Trimble Inc Alloy Intro Trimble & Authorized Trimble Dealer Only Trimble RTN Overview RTN Software Trimble Pivot Platform RTN Hardware Trimble Alloy GNSS Receiver Zephyr 3 Antennas GNSS Field Users

317 views • 10 slides
CSEP504: Advanced topics in software systems Software architecture: design-based Formal

CSEP504: Advanced topics in software systems Software architecture: design-based Formal

CSEP504: Advanced topics in software systems Software architecture: design-based Formal reasoning about properties Static vs. dynamic architectures Software architecture: property-based Autonomic systems Relationship to

1.46k views • 79 slides
Reducing the Evolutionary Analysis Cost of Alloy Hamid Bagheri Workshop on the Future of Alloy

Reducing the Evolutionary Analysis Cost of Alloy Hamid Bagheri Workshop on the Future of Alloy

Reducing the Evolutionary Analysis Cost of Alloy Hamid Bagheri Workshop on the Future of Alloy April 30 & May 1, 2018. Cambridge, MA Alloys widespread applications Program verification Design modeling and analysis PO POL Mo MonA

220 views • 21 slides
Formal software engineering for computational modelling Formal software engineering Focus on

Formal software engineering for computational modelling Formal software engineering Focus on

Formal software engineering for computational modelling Formal software engineering Focus on the formal, mathematical side of software Ex. Algebra Three problems What are the concepts that have to be used for the construction of

110 views • 7 slides
CSE 331 Software Design and Implementation Lecture 2 Formal Reasoning Leah Perlmutter / Summer

CSE 331 Software Design and Implementation Lecture 2 Formal Reasoning Leah Perlmutter / Summer

CSE 331 Software Design and Implementation Lecture 2 Formal Reasoning Leah Perlmutter / Summer 2018 Announcements First section tomorrow! Homework 0 due today (Wednesday) at 10 pm Heads up: no late days for this one! Quiz 1 due

556 views • 53 slides
Performa 285 Performa 285 High Alloy Zinc Nickel High Alloy Zinc Nickel Alloy Zinc Automotive

Performa 285 Performa 285 High Alloy Zinc Nickel High Alloy Zinc Nickel Alloy Zinc Automotive

Performa 285 Performa 285 High Alloy Zinc Nickel High Alloy Zinc Nickel Alloy Zinc Automotive Applications Alloy Zinc Automotive Applications Anti-Vibration Components Door Hinges Fasteners Brake Calipers Fluid Delivery Tubes Alkaline

317 views • 18 slides
Introduction to Formal Analysis Mark Greenstreet CpSc 513 Term 1, 2015/16 Formal

Introduction to Formal Analysis Mark Greenstreet CpSc 513 Term 1, 2015/16 Formal

Introduction to Formal Analysis Mark Greenstreet CpSc 513 Term 1, 2015/16 Formal verification uses algorithms to rigorously prove properties of hardware or software design. 20 years ago, we had the FDIV bug: 42.0 / 7.0 = 8.0 Formal

576 views • 6 slides
Mondex / Alloy Last Updates Tahina Ramananandro cole Normale Suprieure Paris, France

Mondex / Alloy Last Updates Tahina Ramananandro cole Normale Suprieure Paris, France

Third Mondex Workshop University of York October 5-6 th , 2006 Mondex / Alloy Last Updates Tahina Ramananandro cole Normale Suprieure Paris, France Daniel Jackson Massachusetts Institute of Technology CSAIL Software Design Cambridge

247 views • 20 slides
CSGK Virtual Town Hall Meetings Wednesday, July 15 th , 7 pm: St. Augustine Cathedral School

CSGK Virtual Town Hall Meetings Wednesday, July 15 th , 7 pm: St. Augustine Cathedral School

CSGK Virtual Town Hall Meetings Wednesday, July 15 th , 7 pm: St. Augustine Cathedral School Thursday, July 16 th , 7 pm: St. Monica Catholic School Monday, July 20 th , 7 pm. Hackett Catholic Prep Opening Prayer Written by Fr. Ken Schmidt Lord,

408 views • 25 slides
DCPG TOWN HALL: AN OPPORTUNITY TO PROVIDE FEEDBACK AND DISCUSSION Housekeeping All

DCPG TOWN HALL: AN OPPORTUNITY TO PROVIDE FEEDBACK AND DISCUSSION Housekeeping All

DCPG TOWN HALL: AN OPPORTUNITY TO PROVIDE FEEDBACK AND DISCUSSION Housekeeping All participants are muted Options for participation: Chat feature Raise hand Monitoring for disruptions and recording this meeting Talking

291 views • 4 slides
Photos, illustrations, graphics here. Welliver, LeChase, Streeter, Kline, Pike, Mancini, Matco,

Photos, illustrations, graphics here. Welliver, LeChase, Streeter, Kline, Pike, Mancini, Matco,

Contractor Town Hall Update Agenda: 1. Our Organization 2. Key Initiatives & Areas of Focus 3. Contracts Update 4. eBuilder Bidding Module 5. Environmental Health & Safety Update 6. Capital Project Forecast 7.

222 views • 6 slides
CARES Act Town Hall MAY 6, 2020 9:00 10:30AM ZOOM FACILITATORS Erica Orians, Michigan

CARES Act Town Hall MAY 6, 2020 9:00 10:30AM ZOOM FACILITATORS Erica Orians, Michigan

CARES Act Town Hall MAY 6, 2020 9:00 10:30AM ZOOM FACILITATORS Erica Orians, Michigan Center for Student Success Precious Miller, Michigan Center for Student Success Priya Chaplot, National Center for Inquiry and Improvement Rob

405 views • 22 slides
Linear Temporal Logic for Hyperproperties (HyperLTL) Course: Specification and Verification of

Linear Temporal Logic for Hyperproperties (HyperLTL) Course: Specification and Verification of

Linear Temporal Logic for Hyperproperties (HyperLTL) Course: Specification and Verification of Parallel Systems 29 November 2019 Presented by: Elahe Fazeldehkordi 1 Hyperproperties Trace: a sequence of states System: is modeled by

546 views • 13 slides
Lecture 23 Verified Systems Software Infrastructure is Shaky Software Infrastructure is Shaky

Lecture 23 Verified Systems Software Infrastructure is Shaky Software Infrastructure is Shaky

Software Infrastructure Lecture 23 Verified Systems Software Infrastructure is Shaky Software Infrastructure is Shaky Software Infrastructure is Shaky When exhaustive testing is impossible, our trust can only be based on proof. Edsger W.

538 views • 40 slides
Reputation Systems Reputation systems: quantify the trust between different users. Application:

Reputation Systems Reputation systems: quantify the trust between different users. Application:

Formal Verification of e-Reputation Protocols 1 Ali Kassem 2 , Pascal Lafourcade 1 , Yassine Lakhnech 2 1 University dAuvergne, LIMOS 2 Universit Grenoble Alpes, CNRS, VERIMAG The 7th International Symposium on Foundations & Practice of

583 views • 33 slides
Reproducibility Tool for Digital Systems Joint work with Lennon Chaves, Iury Bessa, and Daniel

Reproducibility Tool for Digital Systems Joint work with Lennon Chaves, Iury Bessa, and Daniel

21st ACM International Conference on Hybrid Systems: Computation and Control (HSCC18) DSValidator: An Automated Counterexample Reproducibility Tool for Digital Systems Joint work with Lennon Chaves, Iury Bessa, and Daniel Kroening Lucas Cordeiro

643 views • 50 slides

More recommend