1 / 47

State-Event Software Verification for Branching-Time Specifications

State-Event Software Verification for Branching-Time Specifications. Sagar Chaki, Ed Clarke, Joel Ouaknine , Orna Grumberg Natasha Sharygina, Tayssir Touili , Helmut Veith. Software Model-Checking. Challenge in computer science Tools: SLAM, BLAST, MAGIC,…

fritzi
Download Presentation

State-Event Software Verification for Branching-Time Specifications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. State-Event Software Verification for Branching-Time Specifications Sagar Chaki, Ed Clarke, Joel Ouaknine, Orna Grumberg Natasha Sharygina, Tayssir Touili , Helmut Veith

  2. Software Model-Checking • Challenge in computer science • Tools: SLAM, BLAST, MAGIC,… • Counter-Example Guided Abstraction Refinement (CEGAR)

  3. Property Abstraction Model Yes System OK No Abstraction Refinement Yes Spurious Counterexample CEGAR Verification No Counterexample Counterexample Valid?

  4. Property Abstraction Model Yes System OK No Counterexample No Yes Limitation of CEGAR applications LTL formula Predicate Abstraction Verification No branching time properties Abstraction Refinement Counterexample Valid?

  5. Our Goal:Extension to branching-time properties Abstraction Model Yes System OK No Counterexample No Yes Branching-time formula LTL formula Predicate Abstraction Verification Abstraction Refinement Counterexample Valid?

  6. First Problem • CEGAR cannot be applied to general branching-time logics

  7. What are counterexamples? S property φ φuniversal

  8. CEGAR natural for LTL • LTL: universal logic • Describes events along a single path G(Req→ F Ack) • S ╞ φ iff all the paths of S ╞ φ • ¬(S ╞ φ) iff exists one path p of S ¬( p╞ φ) • p: Counterexample

  9. Branching-time properties are not universal • Existential operator: AG(EF Restart) CEGAR → Define a universalBranching-time logic

  10. Our Goal:Extension to branching-time properties Abstraction Model Yes System OK No Counterexample No Yes Branching-time formula Predicate Abstraction Verification Abstraction Refinement Counterexample Valid?

  11. We need to: • Define an expressiveuniversalbranching-time logic • Define a model-checking algorithm for this logic • Define suitable refinement techniques

  12. State/event universal branching-time logic • Industrial applications need state/event reasoning • Bluetooth: when an action a is received in a q state, the next state has to be p • Need to a state/event framework

  13. The state/event universal logic SE-AΩ • We view time operators as regular path patterns on the time line Fφ: Xφ: Gφ: φUψ:

  14. Regular expression over a a a a b φ φ φ φ φ φ ψ The state/event universal logic SE-AΩ

  15. Lφ: The state/event universal logic SE-AΩ K(φ,a): φ and a hold at all even time points K(φ,a): Lφ: no more than 4 time units between 2 occurrences of φ

  16. The state/event universal logic SE-AΩ

  17. p,q p a b c q,r The state/event universal logic SE-AΩ • Labeled Kripke Structure: M=(S,AP,L,Σ,T)

  18. The state/event universal logic SE-AΩ • Labeled Kripke Structure: M=(S,AP,L,Σ,T)

  19. We need to: • Define an expressiveuniversalbranching-time logic • Define a model-checking algorithm for this logic • Define suitable refinement techniques

  20. Model-checking algorithm for SE-AΩ p,q b a p b c q,r

  21. Model-checking algorithm for SE-AΩ p,q b a p b c q,r

  22. Model-checking algorithm for SE-AΩ p,q b a p b c q,r

  23. Model-checking algorithm for SE-AΩ p,q b a p b c q,r

  24. Model-checking algorithm for SE-AΩ p,q a p b c q,r

  25. Our Goal:Extension to branching-time properties Abstraction Model Yes System OK No Counterexample No Yes SE-AΩ Predicate Abstraction Verification Abstraction Refinement Counterexample Valid?

  26. What is a counterexample formally?

  27. CounterExample generation for SE-AΩ Compute a counterexample either for

  28. CounterExample generation for SE-AΩ Compute a counterexample for Compute a counterexample for

  29. CounterExample generation for SE-AΩ AG ¬p vAF ¬q q q q p q

  30. b a b c CounterExample generation for SE-AΩ b a

  31. Our Goal:Extension to branching-time properties Abstraction Model Yes System OK No Counterexample No Yes SE-AΩ Predicate Abstraction Verification Abstraction Refinement Counterexample Valid?

  32. Our Goal:Extension to branching-time properties Abstraction Model Yes System OK No Counterexample No Yes SE-AΩ Predicate Abstraction Verification Abstraction Refinement Counterexample Valid?

  33. b a b c Projection a c

  34. Weak simulation p,q p,q a a

  35. Compositionality Theorem: iff

  36. Our Goal:Extension to branching-time properties Abstraction Model Yes System OK No Counterexample No Yes SE-AΩ Predicate Abstraction Verification Abstraction Refinement Counterexample Valid?

  37. Compositional refinement P1 P2 P3 P4 Spec Abstraction Spec A1 A2 A3 A4

  38. Compositional refinement P1 P2 P3 P4 Spec Abstraction A1 Spec A1 A2 A3 A4 Refinement

  39. Compositional refinement P1 P2 P3 P4 Spec A1 A3 Abstraction Spec A1 A2 A3 A4 Refinement

  40. Compositional refinement P1 P2 P3 P4 Spec A1 A1 A3 Abstraction Spec A1 A2 A3 A4 Refinement

  41. Compositional refinement P1 P2 P3 P4 Spec No more counterexamples  A1 Abstraction A1 A2 A3 Spec Refinement A1 A2 A3 A4

  42. Compositional refinement P1 P2 P3 P4 Spec Real counterexamples  A1 Abstraction A1 A2 A3 Spec A1 A2 A3 A4 Refinement

  43. Action-guided Refinement a a a b a a,b b a,b b b c c Counterexample Abstraction

  44. Our Goal:Extension to branching-time properties Abstraction Model Yes System OK No Counterexample No Yes Branching-time formula Predicate Abstraction Verification Abstraction Refinement Counterexample Valid?

  45. Case study: IPC • IPC (InterProcess Communication) Protocol: organize communication in a multithreaded robot controller • Bug discovery • Protocol has been used for 7 years • Bug undetected with earlier model-checking efforts using LTL

  46. Conclusion • Definition of an advanced branching-time state-event logic SE-AΩ • Model-checking algorithm for SE-AΩ • Compositional counterexample validation and refinement techniques for SE-AΩ First application of compositional CEGAR to a branching-time specifications Bug discovery in the IPC protocol

  47. Questions?

More Related