formal verification model checking
play

Formal Verification, Model Checking Radek Pel anek Introduction - PowerPoint PPT Presentation

Oct 15, 2023 •241 likes •986 views

Introduction Modeling Specification Algorithms Conclusions Formal Verification, Model Checking Radek Pel anek Introduction Modeling Specification Algorithms Conclusions Motivation Formal Methods: Motivation examples of what can go

  1. Introduction Modeling Specification Algorithms Conclusions Formal Verification, Model Checking Radek Pel´ anek

  2. Introduction Modeling Specification Algorithms Conclusions Motivation Formal Methods: Motivation examples of what can go wrong – first lecture non-intuitiveness of concurrency (particularly with shared resources) mutual exclusion adding puzzle

  3. Introduction Modeling Specification Algorithms Conclusions Motivation Formal Methods Formal Methods ‘Formal Methods’ refers to mathematically rigorous techniques and tools for specification design verification of software and hardware systems.

  4. Introduction Modeling Specification Algorithms Conclusions Motivation Formal Verification Formal Verification Formal verification is the act of proving or disproving the correctness of a system with respect to a certain formal specification or property.

  5. Introduction Modeling Specification Algorithms Conclusions Motivation Formal Verification vs Testing formal verification testing finding bugs medium good proving correctness good - cost high small

  6. Introduction Modeling Specification Algorithms Conclusions Motivation Types of Bugs likely rare harmless testing not important catastrophic testing, FV FV

  7. Introduction Modeling Specification Algorithms Conclusions Motivation Formal Verification Techniques manual human tries to produce a proof of correctness semi-automatic theorem proving automatic algorithm takes a model (program) and a property; decides whether the model satisfies the property We focus on automatic techniques.

  8. Introduction Modeling Specification Algorithms Conclusions Motivation Application Domains of FV generally safety-critical systems: a system whose failure can cause death, injury, or big financial loses (e.g., aircraft, nuclear station) particularly embedded systems often safety critical reasonably small and thus amenable to formal verification

  9. Introduction Modeling Specification Algorithms Conclusions Motivation Well Known Bugs Ariane 5 explosion on its first flight; caused by reuse of some parts of a code from its predecessor without proper verification Therac-25 radiation therapy machine; due to a software error, six people are believed to die because of overdoses Pentium FDIV design error in a floating point division unit; Intel was forced to offer replacement of all flawed processors

  10. Introduction Modeling Specification Algorithms Conclusions Motivation Outlook this lecture (foundations): basics of a model checking technique overview of modeling formalisms, logics basic algorithms next lectures (real-time, applications): theory: timed automata extensions for practical modeling verification tool Uppaal case studies, realistic examples

  11. Introduction Modeling Specification Algorithms Conclusions Motivation Goal of the Lecture goal: to understand the basic principles of model checking technique important for efficient use of a model checking tool

  12. Introduction Modeling Specification Algorithms Conclusions Motivation Overlap with Other Courses IV113 Introduction to Validation and Verification IA159 Formal Verification Methods IA040 Modal and Temporal Logics for Processes IA006 Selected topics on automata theory verification in this course: foundations only briefly real-time aspects

  13. Introduction Modeling Specification Algorithms Conclusions Motivation Contents Modeling 2 Guarded Command Language Finite State Machines Other Modeling Formalisms Specification 3 Types of Properties Temporal Logics Timed Logics Algorithms 4 State Space Search Logic Verification State Space Explosion

  14. Introduction Modeling Specification Algorithms Conclusions Model Checking Model Checking automatic verification technique user produces: a model of a system a logical formula which describes the desired properties model checking algorithm: checks if the model satisfies the formula if the property is not satisfied, a counterexample is produced

  15. � � � Introduction Modeling Specification Algorithms Conclusions Model Checking Model Checking (cont.) system specification formal temporal logic model � � � � � � � �������������� � � �������������� � � � � � � � � � � � � � � � � � � � � � � � � � � � � model checking

  16. Introduction Modeling Specification Algorithms Conclusions Model Checking State Space model checking algorithms are based on state space exploration, i.e., “brute force” state space describes all possible behaviours of the model state space ∼ graph: nodes = states of the system edges = transitions of the system in order to construct state space, the model must be closed, i.e., we need to model environment of the system

  17. Introduction Modeling Specification Algorithms Conclusions Model Checking Example: Model and State Space

  18. Introduction Modeling Specification Algorithms Conclusions Model Checking Model Checking: Steps modeling: system → model 1 specification: natural language specification → property 2 in formal logic verification: algorithm for checking whether a model 3 satisfies a property

  19. Introduction Modeling Specification Algorithms Conclusions Modeling Formalisms guarded command language simple low level modeling language finite state machines usually extended with variables, communication Petri Nets graphical modeling language process algebra infinite state systems timed automata focus of the next lecture

  20. Introduction Modeling Specification Algorithms Conclusions Guarded Command Language Guarded Command Language the simplest modeling language not useful for actual modeling simple to formalize we discuss formal syntax and semantics foundation for later discussion of timed automata

  21. Introduction Modeling Specification Algorithms Conclusions Guarded Command Language Guarded Command Language integer variables rules: if condition then update conditions: boolean expressions over variables updates: sequences of assignments to variables

  22. Introduction Modeling Specification Algorithms Conclusions Guarded Command Language Example a : if x = 0 then x := 1 b : if y < 2 then y := y + 1 c : if x = 1 ∧ y ≥ 1 then x := 0 , z := 1 Notes: this is an artificial example (does not model anything meaningful) a , b , c are names of actions no control flow rules executed repeatedly initial state: x = 0 , y = 0 , z = 0

  23. Introduction Modeling Specification Algorithms Conclusions Guarded Command Language Syntax let V be a finite set of integer variables expressions over V are defined using standard boolean (= , < ) and binary (+ , − , · , ... ) operations model is a tuple M = ( V , E ) E = { t 1 , . . . , t n } is a finite set of transitions, where t i = ( g i , u i ): predicate g i (a boolean expression over V ) update u i ( � x ) (a sequence of assignments over V )

  24. Introduction Modeling Specification Algorithms Conclusions Guarded Command Language Semantics The semantics of model M is a state space (formally called Kripke structure ) � M � = ( S , → , s 0 , L ) where states S are valuations of variables, i.e., V → Z s → s ′ iff there exists ( g i , u i ) ∈ T such that s ∈ � g i � , s ′ = u i ( s ) semantics � g i � of guards and u i ( s ) is the natural one s 0 is the zero valuation ( ∀ v ∈ V : s 0 ( v ) = 0)

  25. Introduction Modeling Specification Algorithms Conclusions Guarded Command Language Example a : if x = 0 then x := 1 b : if y < 2 then y := y + 1 c : if x = 1 ∧ y ≥ 1 then x := 0 , z := 1 Construct the state space.

  26. Introduction Modeling Specification Algorithms Conclusions Guarded Command Language Example a : if x = 0 then x := 1 b : if y < 2 then y := y + 1 c : if x = 1 ∧ y ≥ 1 then x := 0 , z := 1

  27. Introduction Modeling Specification Algorithms Conclusions Guarded Command Language Application simple to formalize, powerful (Turing power) not suitable for “human” use some simple protocols can be modeled control flow – variable pc (program counter)

  28. Introduction Modeling Specification Algorithms Conclusions Guarded Command Language Example: Ticket Protocol

  29. Introduction Modeling Specification Algorithms Conclusions Guarded Command Language Example: Ticket Protocol pc1 := 0; pc2 := 0; t := 0; s := 0; a1 := 0; a2 := 0; pc1 = 0 -> pc1 := 1, a1 := t, t := t + 1; pc1 = 1 && a1 <= s -> pc1 := 2; pc1 = 2 -> pc1 := 0, s := s + 1; pc2 = 0 -> pc2 := 1, a2 := t, t := t + 1; pc2 = 1 && a2 <= s -> pc2 := 2; pc2 = 2 -> pc2 := 0, s := s + 1;

  30. Introduction Modeling Specification Algorithms Conclusions Finite State Machines Extended Finite State Machines each process (thread) is modelled as one finite state machine (machine state = process program counter) machines are extended with variables: local computation: guards, updates shared memory communication automata can communicate via channels (with value passing): handshake (rendezvous, synchronous communication) asynchronous communication via buffers

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply mathematical arguments to prove the correctness of systems Systems have bugs Formal verification aims to find and correct such bugs Why? Computer systems

1.42k views • 122 slides
Formal Verification by Model Checking Jonathan Aldrich Carnegie Mellon University Based on

Formal Verification by Model Checking Jonathan Aldrich Carnegie Mellon University Based on

Formal Verification by Model Checking Jonathan Aldrich Carnegie Mellon University Based on slides developed by Natasha Sharygina 17-654/17-754: Analysis of Software Artifacts Spring 2006 1 Formal Verification by Model Checking Domain:

380 views • 13 slides
Formal Verification by Model Checking Jonathan Aldrich Carnegie Mellon University Based on

Formal Verification by Model Checking Jonathan Aldrich Carnegie Mellon University Based on

Formal Verification by Model Checking Jonathan Aldrich Carnegie Mellon University Based on slides developed by Natasha Sharygina 15-413: Introduction to Software Engineering Fall 2005 3 Formal Verification by Model Checking Domain:

289 views • 24 slides
Formal Verification by Model Checking Jonathan Aldrich Carnegie Mellon University Based on

Formal Verification by Model Checking Jonathan Aldrich Carnegie Mellon University Based on

Formal Verification by Model Checking Jonathan Aldrich Carnegie Mellon University Based on slides developed by Natasha Sharygina 17-654/17-754: Analysis of Software Artifacts Spring 2006 1 CTL Model Checking AG (Start AF Heat)

307 views • 20 slides
SMT-based model checking techniques for formal software verification of synchronous dataflow

SMT-based model checking techniques for formal software verification of synchronous dataflow

An insight into SMT-based model checking techniques for formal software verification of synchronous dataflow programs Jonathan Laurent Ecole Normale Sup erieure, National Institute of Aerospace, NASA Langley Research Center August 11 th ,

1.01k views • 67 slides
Formal Verification of P Systems with Active Membranes through Model Checking Florentin Ipate 1 ,

Formal Verification of P Systems with Active Membranes through Model Checking Florentin Ipate 1 ,

Formal Verification of P Systems with Active Membranes through Model Checking Florentin Ipate 1 , Raluca Lefticaru 1 , Ignacio Prez-Hurtado 2 , Mario J. Prez-Jimnez 2 , Cristina Tudose 1 1 University of Pitesti 2 University of Sevilla

578 views • 23 slides
Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal Verification Yosys-STMBMC iCE40 FPGAs Bounded Model Checking (Project IceStorm) Using any SMT-LIB2 solver (using QF_AUFBV logic) Xilinx

706 views • 56 slides
Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for Analyzing Computing Systems Shilpi Goel shilpi@centtech.com Formal Verification Engineer Centaur Technology, Inc. Software and Reliability Can we rely

1.14k views • 78 slides
CS6480: Model Checking and TLC Robbert van Renesse Cornell University What is formal

CS6480: Model Checking and TLC Robbert van Renesse Cornell University What is formal

CS6480: Model Checking and TLC Robbert van Renesse Cornell University What is formal verification? Does so&amp;ware correctly implement a specifica3on? Does so&amp;ware have desired proper3es (safety, liveness, other)? Is a par3cular

1.25k views • 47 slides
Spark verification features Paul Jackson School of Informatics University of Edinburgh Formal

Spark verification features Paul Jackson School of Informatics University of Edinburgh Formal

Spark verification features Paul Jackson School of Informatics University of Edinburgh Formal Verification Spring 2018 Adding specification information to programs Verification concerns checking whether some model (or program) has desired

476 views • 22 slides
Formal Verification using Parity Games Mathias N. Justesen DTU Compute, Technical University of

Formal Verification using Parity Games Mathias N. Justesen DTU Compute, Technical University of

Formal Verification using Parity Games Mathias N. Justesen DTU Compute, Technical University of Denmark (DTU) Overview Background Many problems within formal verification can be reduced to solving parity games Model checking (Stirling,

794 views • 64 slides
Interpolant Compaction In Unbounded Model Checking Danilo Vendraminetto PhD student at Formal

Interpolant Compaction In Unbounded Model Checking Danilo Vendraminetto PhD student at Formal

Alpine Verification Meeting 2013, FBK, Trento, Italy. Optimization Techniques For Craig Interpolant Compaction In Unbounded Model Checking Danilo Vendraminetto PhD student at Formal Methods Group, Politecnico di Torino, Torino, Italy. Before

880 views • 40 slides
VTSA10 Summer School, Luxembourg, September 2010 Introduction Probabilistic model checking

VTSA10 Summer School, Luxembourg, September 2010 Introduction Probabilistic model checking

VTSA10 Summer School, Luxembourg, September 2010 Introduction Probabilistic model checking Model checking Automated formal verification for finite-state models Finite-state model System Result Model checker e.g. SMV, Spin Counter-

776 views • 58 slides
Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Concurrency in Go Behavioural type inference Model checking behavioural types Termination checking Summary Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker Types Transform Check safety and

681 views • 67 slides
Probabilistic Model Checking Michaelmas Term 2011 Dr. Dave Parker Department of

Probabilistic Model Checking Michaelmas Term 2011 Dr. Dave Parker Department of

Probabilistic Model Checking Michaelmas Term 2011 Dr. Dave Parker Department of Computer Science University of Oxford Probabilistic Model Checking Formal verification and analysis of systems that exhibit probabilistic

821 views • 40 slides
Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and

Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and

Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and Verification Group RWTH Aachen University associated to University of Twente, Formal Methods and Tools Lecture at Quantitative Model Checking School, March

672 views • 66 slides
Scientific Certification John Rushby Computer Science Laboratory SRI International Menlo Park,

Scientific Certification John Rushby Computer Science Laboratory SRI International Menlo Park,

Scientific Certification John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I Scientific Certification: 1 Does The Current Approach Work? Fuel emergency on Airbus A340-642, G-VATL, on 8

998 views • 21 slides
Preacher: Network Policy Checker for Adversarial Environments Kashyap Thimmaraju, Liron Schiff

Preacher: Network Policy Checker for Adversarial Environments Kashyap Thimmaraju, Liron Schiff

Preacher: Network Policy Checker for Adversarial Environments Kashyap Thimmaraju, Liron Schiff and Stefan Schmid 1 Backdoors and exploits Network devices are very effective attack vectors Provide access to internal networks

469 views • 18 slides
CS 251 Fall 2019 CS 251 Spring 2020 Principles of Programming Languages Principles of

CS 251 Fall 2019 CS 251 Spring 2020 Principles of Programming Languages Principles of

CS 251 Fall 2019 CS 251 Spring 2020 Principles of Programming Languages Principles of Programming Languages Ben Wood Ben Wood ML vs. Racket and Static vs. Dynamic Type-Checking https://cs.wellesley.edu/~cs251/s20/ 1 Static vs.

755 views • 33 slides
Dynamically checking types, bounds and maybe even more (or: some were meant for C) Stephen

Dynamically checking types, bounds and maybe even more (or: some were meant for C) Stephen

Dynamically checking types, bounds and maybe even more (or: some were meant for C) Stephen Kell stephen.kell@cl.cam.ac.uk Computer Laboratory University of Cambridge 1 Tool wanted (how it all started) if (obj &gt; type == OBJ

863 views • 29 slides
Symbolic Model Checking 10 20 States and Beyond Burch Clarke McMillan Dill Hwang Seminal

Symbolic Model Checking 10 20 States and Beyond Burch Clarke McMillan Dill Hwang Seminal

The Mu-Calculus Model Checking Example Results Symbolic Model Checking 10 20 States and Beyond Burch Clarke McMillan Dill Hwang Seminal Papers in Verification March 23, 2012 Andrena Francisco Symbolic Model Checking The Mu-Calculus

196 views • 15 slides
Practical Techniques for Verification and Validation of Robots Kerstin Eder and with a demo by

Practical Techniques for Verification and Validation of Robots Kerstin Eder and with a demo by

Practical Techniques for Verification and Validation of Robots Kerstin Eder and with a demo by Dejanira Araiza Illan University of Bristol and Bristol Robotics Laboratory Simulation-based testing Why and how? D. Araiza Illan, D. Western, A.

989 views • 52 slides
Towards the Promised Land: Globalization Developments in Web Standards Richard Ishida and Addison

Towards the Promised Land: Globalization Developments in Web Standards Richard Ishida and Addison

Towards the Promised Land: Globalization Developments in Web Standards Richard Ishida and Addison Phillips W3C Internationalization Activity Vastly improved or room for improvement? Why the promised land? The promise of a

1.48k views • 68 slides
Automated Reasoning LTL Model Checking Alan Bundy Automated Reasoning LTL Model Checking

Automated Reasoning LTL Model Checking Alan Bundy Automated Reasoning LTL Model Checking

Automated Reasoning LTL Model Checking Alan Bundy Automated Reasoning LTL Model Checking Lecture 9, page 1 Introduction So far we have looked at theorem proving Powerful, especially where good sets of rewrite rules or decision procedures

639 views • 26 slides

More recommend