140 likes | 281 Views
Verification of Communication Protocols using SDL. (12.02.2003). Author: prep. eng. Calin Jebelean. Introduction. Software verification – an issue of undisputable importance Manual solutions, though widely used, don’t scale up to industrial-size projects
E N D
Verification of Communication Protocols using SDL (12.02.2003) Author: prep. eng. Calin Jebelean
Introduction • Software verification – an issue of undisputable importance • Manual solutions, though widely used, don’t scale up to industrial-size projects • Current approaches to software verification involve: • simulation • testing • formal verification
Formal Verification – Model Checking Main idea: “Build a model of a system and perform exhaustive analysis on the model” Strong points: all system behaviors are covered highly automatable Weak points: state-explosion problem
What Is SDL? Acronym for “Specification and Description Language” Formal language defined by the ITU-T as recommendation Z.100 Meant for specification of complex, event-driven, real-time systems involving concurrent activities that communicate through signals Extremely appropriate for describing communication protocols
A Short Insight An SDL system consists of: structural level: system, block, process and procedure hierarchy communication level: signals with optional signal parameters and channels behavioral level: processes data level: abstract data types Commercial tools exist (ObjectGEODE), dedicated to: analysis design simulation testing code generation
The Need For IF SDL itself – not suitable for model-checking: model-checking algorithms are difficult to integrate within commercial tools by third-parties SDL hierarchical structure – an impediment for analysis IF – an “Intermediate Format” for SDL IF – a plain, automaton-based representation of the SDL system IF representation – suitable for exhaustive state-space exploration
Advantages Of IF Translation from SDL to IF reduces the model size (5 to 6 times, on average), mostly by eliminating certain transient states Analysis algorithms can run directly on the IF translation of the SDL specification Possibility to interconnect SDL with existing verification tools: SMV, Spin, etc., once translators from IF to the input language of these tools are available
Results Using IF Several analysis techniques already implemented on IF, among which: “live variables” analysis a variable is live in a control state if there is a path from this state along which its value can be used before it is redefined “irrelevant variables” analysis a variable is irrelevant with respect to a property of interest if it has no effect on the respective property “compositional generation” technique based on the “divide-and-conquer” paradigm Model reductions of up to 100-500 times have been reported Model-checking can be applied on the reduced model
What We Want To Do Extract interfaces abstracting module-behavior in order to use them in the compositional verification of other modules, for which they constitute the environment Express properties of interest using a formalism such as temporal logic: CTL, LTL Check the model against such properties of interest Extend the capabilities of IF for dealing with external code written in other languages, such as C
Some Examples Global properties: Absence of deadlock The initiator of the communication will either get connected or get an error within finite time Local properties: Any message received in some state must belong to a certain set of acceptable messages for that state A process must set a timer every time it begins waiting for some signal, to prevent blockage A process must deallocate all resources it is supposed to deallocate, if an “abandon” message is received
Conclusions The IF formalism has certain advantages over other approaches to verification of SDL code Since SDL is widely used, there are clear possibilities for the application of formal methods and verification techniques on projects of industrial size and interest With SDL being a specification language, one could test an implementation against the specification, or the specification itself could be checked to reveal misconceptions
Bibliography E. Clarke, J. Wing – “Formal Methods: State of the Art and Future Directions”, ACM Computing Surveys, 1996 E. Clarke, O. Grumberg, D. Long: “Verification Tools for Finite-State Concurrent Systems”, Lecture Notes in Computer Science, Springer Verlag, 1993 M. Bozga, J. Fernandez, L. Ghirvu, S. Graf, J. Krimm, L. Mounier: “IF: An Intermediate Representation and Validation Environment for Timed Asynchronous Systems”, Proceedings of FM’99, Toulouse, France, 1999 M. Bozga, J. Fernandez, L. Ghirvu, S. Graf, J. Krimm, L. Mounier, J. Sifakis: “IF: An Intermediate Representation for SDL and its Applications”, Proceedings of SDL-Forum’99, Montreal, Canada, 1999
Thank You! Thank you for your attention!