Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik...
-
Upload
brice-pearson -
Category
Documents
-
view
215 -
download
0
Transcript of Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik...
![Page 1: Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.](https://reader036.fdocuments.us/reader036/viewer/2022082709/56649f495503460f94c6a7c2/html5/thumbnails/1.jpg)
Software Verification 2Automated Verification
Prof. Dr. Holger SchlingloffInstitut für Informatik der Humboldt Universität
and
Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik
![Page 2: Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.](https://reader036.fdocuments.us/reader036/viewer/2022082709/56649f495503460f94c6a7c2/html5/thumbnails/2.jpg)
Slide 2H. Schlingloff, SS2012: SWV 2
Recap: LTS
• LTS=(, S, , S0) is a nonempty finite alphabet S is a nonempty finite set of states S S is the transition relation S0 S is the set of initial states
remark: sometimes a pseudo state s0S is used instead of S0S;sometimes there is only a single initial state s0S
• state = (program counter(s), variable valuation)transition = (state, instruction, state)
• S0 can be written as a predicate on variables and pc’s init: (pc== x==0 y<=5 ...)
can be written as a predicate on current and next variables : ((pc== x‘==x+1) (pc== x‘==x+2) ...)
12.4.2012
![Page 3: Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.](https://reader036.fdocuments.us/reader036/viewer/2022082709/56649f495503460f94c6a7c2/html5/thumbnails/3.jpg)
Slide 3H. Schlingloff, SS2012: SWV 2
Boolean Equivalences
next(state):= caseinp=0 : state;inp=50 & state=s0 : s50;inp=50 & state=s50 : s0;
esac;
( (inp==0 state‘==state) (inp==50 state=s0 state‘== s50) (inp==50 state=s50 state‘==s0) )
( (inp==0 state‘==state) (inp==50 (state=s0 state‘== s50 )
(state=s50 state‘== s0 ))
)12.4.2012
![Page 4: Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.](https://reader036.fdocuments.us/reader036/viewer/2022082709/56649f495503460f94c6a7c2/html5/thumbnails/4.jpg)
Slide 4H. Schlingloff, SS2012: SWV 2
• Parallel transition system / state machine T=(T1,...,Tn) all state sets must be pairwise disjoint
• Global TS associated with parallel TS: T=(, S, , S0), where
= i
S=S1 ... Sn
S0=S10 ... Sn0
((s1,...,sn), a, (s1’,...,sn’)) iff for all Ti,
- if a i, then (si, a, si’) i, and
- if a i, then si’= si
• Complexity (size of this construction)? Correctness???
19.4.2012
![Page 5: Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.](https://reader036.fdocuments.us/reader036/viewer/2022082709/56649f495503460f94c6a7c2/html5/thumbnails/5.jpg)
Slide 5H. Schlingloff, SS2012: SWV 2
Correctness
• T=(T1,...,Tn), T =T1 ... Tn
• Intuitively: T accepts/generates exactly those sequences which are accepted/generated by all Ti
projection of run onto the alphabet of a transition system: =123...|Ti =if (1i) then 1 (23...)|Ti else (23...)|Ti
Show: T acc iff i (Ti acc | Ti ) can also be used as a definition
12.4.2012
![Page 6: Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.](https://reader036.fdocuments.us/reader036/viewer/2022082709/56649f495503460f94c6a7c2/html5/thumbnails/6.jpg)
Slide 6H. Schlingloff, SS2012: SWV 2
Parallel State Machines
• Parallel state machine T=(T1,...,Tn), i=2E C 2A
• What is the global state machine associated with a parallel state machine? (“flattening”) synchronization by common e[c]/a is not an option possible choices: synchronize or compete on
common input events (triggers)? what if an effect contains sending of a trigger?
(“run-to-completion-semantics”: tedious formalization)
19.4.2012
![Page 7: Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.](https://reader036.fdocuments.us/reader036/viewer/2022082709/56649f495503460f94c6a7c2/html5/thumbnails/7.jpg)
Slide 7H. Schlingloff, SS2012: SWV 2
Example
12.4.2012
![Page 8: Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.](https://reader036.fdocuments.us/reader036/viewer/2022082709/56649f495503460f94c6a7c2/html5/thumbnails/8.jpg)
Slide 8H. Schlingloff, SS2012: SWV 2
Introducing Data
• Simple state machines E: set of events, C: set of conditions, A: set of actions a simple state machine is an LTS where =2E C
2A
• Extended state machine: Assume a first-order signature (D, F, R) with finite domains D and a set V of program variables on these domains. An ESM is a simple state machine where a guard is a quantifier-free first-order formula on (D,
F, R) and V an action is an assignment V=T
- Attention: the effect of a transition is a set of actions!Parallel execution introduces nondeterminism.
19.4.2012
![Page 9: Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.](https://reader036.fdocuments.us/reader036/viewer/2022082709/56649f495503460f94c6a7c2/html5/thumbnails/9.jpg)
Slide 9H. Schlingloff, SS2012: SWV 2
Example
12.4.2012
![Page 10: Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.](https://reader036.fdocuments.us/reader036/viewer/2022082709/56649f495503460f94c6a7c2/html5/thumbnails/10.jpg)
Slide 10H. Schlingloff, SS2012: SWV 2
Introducing Hierarchies
• In a UML state machine, a state may contain other states powerful abstraction concept semantics can be tedious
19.4.2012
![Page 11: Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.](https://reader036.fdocuments.us/reader036/viewer/2022082709/56649f495503460f94c6a7c2/html5/thumbnails/11.jpg)
Slide 11H. Schlingloff, SS2012: SWV 2
Introducing Visibility Scopes
•A state machine can be part of a class or module all variables are visible within the module
only modules may be nested
•Classes or modules can be parameterized instances of classes are objects
12.4.2012
![Page 12: Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.](https://reader036.fdocuments.us/reader036/viewer/2022082709/56649f495503460f94c6a7c2/html5/thumbnails/12.jpg)
Slide 12H. Schlingloff, SS2012: SWV 2
Introducing Fairness
• LTSs cannot specify that something will eventually happen only maximal sequences are accepted (terminating or infinite)
• want to express that in infinite runs, certain states must occur infinitely often
• Just LTS=(LTS,J), where J=(J1,...,Jm), JiS(justice requirements) for each JiJ each infinite run must contain infinitely many sJi
• Fair LTS=(LTS,F), where F=(F1,...,Fm), Fi=(Pi,Qi), PiS, QiS(compassion requirements) for each FiF and each infinite run it holds that if it contains
infinitely many sPi, then it also contains infinitely many sQi
• Cf. automata theory: Büchi- and Rabin-acceptance12.4.2012
![Page 13: Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.](https://reader036.fdocuments.us/reader036/viewer/2022082709/56649f495503460f94c6a7c2/html5/thumbnails/13.jpg)
Slide 13H. Schlingloff, SS2012: SWV 2
Example: Peterson’s Mutual Exclusion
{t=0; x=0; y=0;{0: while(true){NC1: skip; 1: x=1; 2: t=1;
3: await(t==0 y==0); C1: skip; 4: x=0;}
||{0: while(true){NC2: skip; 1: y=1; 2: t=0;
3: await(t==1 x==0); C2: skip; 4: y=0;}
}
12.4.2012
![Page 14: Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.](https://reader036.fdocuments.us/reader036/viewer/2022082709/56649f495503460f94c6a7c2/html5/thumbnails/14.jpg)
Slide 14H. Schlingloff, SS2012: SWV 2
Summary: Finite State Modeling Concepts
• We discussed (parallel) while-Programs with finite domains Labeled transition systems Simple state machines Parallel transition systems / state machines UML state machines Object-oriented concepts Fairness Constraints (justice, compassion)
• Mutual simulation possible but may be tedious; cross-compiler technology
19.4.2012