1 / 29

Xiaosong Lu Togashi Laboratory Department of Computer Science Shizuoka University April 1999

Specification and Verification of Hierarchical Reactive Systems. Xiaosong Lu Togashi Laboratory Department of Computer Science Shizuoka University April 1999. Introduction. Research Background and Objective System Properties and Requirements Formal Specifications

ebony-bowen
Download Presentation

Xiaosong Lu Togashi Laboratory Department of Computer Science Shizuoka University April 1999

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Specification and Verificationof Hierarchical Reactive Systems Xiaosong LuTogashi LaboratoryDepartment of Computer ScienceShizuoka UniversityApril 1999

  2. Introduction • Research Background and Objective • System Properties and Requirements • Formal Specifications • Soundness and Completeness • Synthesis of Formal Specifications • Compositional Verification • Reflection

  3. Related Work • Statecharts (Modechart, RSML) • Visual Formalism • State Hierarchy and broadcast communication • SDL: Communicating finite-state machines • Petri Net: Event-driven, one-level concurrency • CCS, CSP: algebraic nature, recursion, nested concurrency, naming, channel communication ...

  4. Research Objective • A New Methodology for Reactive Systems • System requirements: Declarative language • Formal specifications: Hierarchical state machines • A Flexible Development Environment • Stepwise Refinement • Reflection • Automatic Synthesis and Verification • Support of Modularity and Reusability

  5. System Requirements Synthesis System Simulator Verifier Formal Specifications Requirement Acquisition Compiler System Overview Present system Reflection System Programs

  6. Hierarchical System Properties • SPS = < P, L, D, L0 > • P: all atomic propositions • L: partition of P • D⊆L×L: partial order relation • L0: topmost level propositions

  7. SPS of a Radio/Tape Player Lo On P D Radio, Tape Stereo L Am, Fm Play, Pause

  8. Function Requirement • ρ = < id, a, fin, o, fout > • id: name • a: input symbol • fin: pre-condition • o: output symbol • fout: post-condition • Power on : ¬On ⇒ On : • < Power on, Power, ¬On, , On > Power

  9. Σ Ο Name γ0 B RM1 ¬On Power Power Power ¬On ⇒ On, On ⇒ ¬ On TF : Temporal logic formulae System Requirement Module • A Requirement Module of the Player • RM = < id, F, γ0, B, Σ, O, TF > Power

  10. On RT RM2 Radio RT RT Radio ⇒ Tape, Tape ⇒ Radio TF : Temporal logic formulae RM3 On S Stereo S S ¬ Stereo ⇒ Stereo Stereo ⇒ ¬ Stereo, TF : Temporal logic formulae Other Requirement Modules Radio/Tape Stereo

  11. Play Pause PL,PA Stop RM4 Tape ¬Play ⇒ Play PA Play∧¬Pause ⇒ Pause, Play∧Pause ⇒ ¬Pause Play⇒ ¬ Play∧¬Pause (TF : Temporal logic formulae) Radio AF RM5 Am,Fm Am ⇒ Fm, Fm ⇒ Am (TF : Temporal logic formulae) Other Requirement Modules Tape Radio

  12. System Requirement • R = < RM, RM0, >, C > • System Requirement of the Player RM0 RM1 - Power > RM2 - Radio/Tape RM3 - Stereo RM5 - Radio RM4 - Tape

  13. State Transition Module • TM = < id, Q, Σ, O, →, q0, B > • A State Transition Module of the Player Σ Power q0 Power Q ¬On On Power →

  14. Formal Specification • M = < TM, 》, TM0 > • TM: state transition modules • 》: partial order relation of state transition modules • TM0⊆TM: initial state transition modules

  15. Formal Specification of the Player TM0 Power 》 ¬On On S Power Stereo ¬Stereo RT S Radio Tape RT ¬Play∧¬Pause PL AF Stop Stop Play∧¬Pause Am Fm PA PA AF Play∧Pause

  16. Sub-states, Sub-transition, Default TM0 Power 》 ¬On On S Power Stereo ¬Stereo Default(On) RT S Radio Tape Substates(Tape) RT ¬Play∧¬Pause PL AF Stop Stop Play∧¬Pause Am Fm PA PA AF Play∧Pause Sub-transition(Radio)

  17. Power ¬On On On On Power Stereo Stereo Stereo Radio Tape Tape RT ¬Play∧¬Pause PL Play∧¬Pause Am Global Behavior of the Player ¬On

  18. Global Transition System Power ¬On Power On, Radio Am Power Power Power RT AF RT On, Radio Fm AF On, Tape ¬Play,¬Pause RT RT Stop PL Stop Power On, Tape Play,¬Pause On, Tape Play,Pause PA S PA Stereo ¬Stereo S

  19. Soundness • Transition ├ Function Requirement • Transition Module ├ Requirement Module • Formal Specification ├ System Requirement

  20. Completeness • M is Complete w.r.t. R • M is sound w.r.t. R • ∀sound M’ w.r.t. R, • ∃homomorphism ξ: M’→M • Standard System of R • sound • complete • unique

  21. Synthesis of Formal Specification • Synthesis System • Theorem on Synthesis: • The derived system is standard. system requirement module State transition module System Requirement Formal Specification

  22. Compositional Verification • Verification of Linear-time Properties • reachability analysis • liveness, fairness and safeness verification • trace analysis • Verification with Branching-time Logic • TCTL • partial model checker • further discussion

  23. Reachability Analysis • Bottom-up Algorithm • Time Complexity: O(|T|・logs|M|) 3. Until initial module reached [On] Power 2. Find upper module, analyze [Tape] Radio/Tape Stereo Radio Tape 1. Analyze local reachability [Play, Pause]

  24. A B D C A B D C A B D C Liveness, Fairness, Safeness • Liveness: every state is in a circle • local liveness • upper state liveness • Fairness: strongly connected • initial module local fairness • all states reachable • Safeness: absence of deadlock • deadlock detection

  25. Branching-time Logic: TCTL • Syntax • p, a, o are TCTL formulae • ¬f1, f1∧f2, AXf1, EXf1, A[f1Uf2], E[f1Uf2] are TCTL formula • f \P, f \A, f \O are TCTL formulae • Trace-based Semantics

  26. Partial Model Checker • Partial verification • hierarchical structure based • sequential portion of formal specification • any level specification • Partial Model Checker • obtain list of all subformulas of f to be verified • label states with formulas on the hierarchical structure • backwards search for EX and EU

  27. Further Discussion on Verification • Compositional Verification with Proof • Compositional Minimization • Symbolic Model Checking

  28. Reflection • Transition Addition/Deletion/Modification • State Addition/Deletion • Nonexecutable Function Detection System Requirement Formal Specification

  29. Conclusion • A Methodology for Specification and Verification of Reactive Systems • Future Work • Real-time, Predicate logic • Extensions on compositional verification • An integrated support environment

More Related