1 / 17

Model Checking

Demonstration Of SPIN By Mitra Purandare. Model Checking. Motivation. More and more complex systems Increased dependability : everything important depends on computers Increased functionality : security, mobility Testing is becoming humanly un-manageable!. Testing.

john
Download Presentation

Model Checking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Demonstration Of SPIN By Mitra Purandare Model Checking

  2. Motivation • More and more complex systems • Increased dependability : everything important depends on computers • Increased functionality : security, mobility • Testing is becoming humanly un-manageable!

  3. Testing • Dynamic Execution/Simulation of System • Generating test-cases : Limited by tester's ability to devise test-cases • To Prove : Absence of a certain bug? • To Prove : Presence of a certain property? • Is CSARDAS 100% correct? • Testing : Not formal/Mathematical!

  4. Implications • More efficient methods for test and verification needed. • Formal Verification is the most promising approach. • Experts in these new methods lacking!! • Job : A great motivation to study formal methods!

  5. Formal Verification • Problem : Does an implementation satisfy a property? • Two Basic categories • Theorem provers : infinite state systems, time-consuming, not really automated • Model Checkers : exhaustive state space exploration, finite state systems, automated

  6. Model Checking • Introduced by Clarke and Emerson, Quielle and Sifakis in 1981 • Given a property (P) and a system (M), does M ⊨ P? • Yes, P holds in M • No, generate a trace which shows the property violation

  7. Example : Model and Property • Model : Kripke Structure, Finite State Machine, Automaton • Property : CTL/ LTL • Safety Property • Liveness Property a b q c p Result LTL G !p a b c ! G !p b b a a a.... F q q U p

  8. Model Checking • Explicit State Model Checking : explicit state representation, Kripke structure( graph) • Symbolic : Uses BDDs to represent sets of states • Now a days SAT solvers!

  9. Tools • SPIN (Bell Labs) • SMV, NuSMV (CMU) • Mocha (Penn) • JPF (Java Path Finder, NASA) • Bandera (KSU) • BLAST (Berkeley) • MAGIC (CMU) • FormalCheck (Cadence) • RuleBase (IBM, Haifa) • SLAM, Zing (Microsoft Research) • FormalPro (Mentor Graphics)

  10. SPIN(Simple Promela INterpreter) • Developed by G.Z. Holzman@Bell Labs • Promela (PROtocal MEta LAnguage) • Publicly available since 1991 • Prestigious ACM System Software Award for 2001 • Most efficient and scalable • still active research -> good support

  11. SPIN • Explicit state LTL model checker • On-the-fly reachability • Partial order reduction to reduce state space • Targets software verification • Scales well for large problem sizes

  12. The Cabbage-Goat-Wolf problem! • Ferryman with C, G, W and a boat on one side of a river • Only ferryman can row the boat • Ferryman can take only one item at a time • Not goat and wolf together without ferryman • Not goat and cabbage together without ferryman • GOAL : Ferryman wants to take all 3 items to the other side!

  13. Property • Goal : wolf_location = destination & goat_location = destination & cabbage_location = destination & ferryman_location = destination • Restriction 1 : wolf_location = goat_location & ferryman_location != wolf_location • Restriction 2 : goat_location = cabbage_location & ferryman_location != cabbage_location • !(Restriction 1 | Restriction 2) U Goal

  14. State Transition Diagram • 4 variables, ferryman, cabbage, goat, wolf respectively • 1 : on this bank , 0 : other bank i.e. destination 0010 1000 1011 1010 0111 0011 0101 1111 0001 1101 1001 0000 1100 0110 1110 0100

  15. SPIN References • http://spinroot.com/spin/whatispin.html • THE SPIN MODEL CHECKER Primer and Reference Manual : Holzman • Model Checking : Clarke, Grumberg and Peled • Symbolic Model Checking : Kenneth L. McMillan • OR Come To the H-Floor! :)

  16. Challenges • Coverage • Reliability • Repair • Scalability • Infinite State System • Specification • InterOperability

  17. Future • Bounded Model Checking • SAT Solvers • Abstraction and refinement • Hybrid Systems

More Related