1 / 56

The mCRL2 toolset

The mCRL2 toolset. Jan Friso Groote, Jeroen Keiren , Wieger Wesselink , Sjoerd Cranen , Frank Stappers , (many others) 4S100 – Verification of discrete- event systems Eindhoven, The Netherlands October 17, 2011. Introduction. Analysis techniques.

terah
Download Presentation

The mCRL2 toolset

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The mCRL2 toolset Jan Friso Groote, JeroenKeiren, WiegerWesselink, SjoerdCranen, Frank Stappers, (many others) 4S100 – Verification of discrete-event systems Eindhoven, The Netherlands October 17, 2011

  2. Introduction 4S100: Frank Stappers

  3. Analysis techniques • Analysis techniques used in hardware/software development: • Structural analysis: what things are in the system • Class diagrams (software) • CAD-models (hardware) • PCB design (electronic circuits) • Behavioral analysis: what happens in the system • Matlabsimulink models • Message sequence charts • Petri nets • Process algebra • Temporal logic... 4S100: Frank Stappers

  4. Behavioral analysis • What is behavioral analysis about? • Modeling: • Create an abstract model of the behavior • Validation and Verification: • Validation: does the model roughly behave as expected? • Simulation, testing • Verification: does the model satisfy the requirements in all states? • Modelchecking, SAT solving, theorem proving 4S100: Frank Stappers

  5. Behavioral analysis Why modeling? To reduce complexity: Direct verification of software/hardware system is impossible due to the huge number of states. Much more complex than e.g. Rubik’s cube: 43,252,003,274,489,856,000 (4.3 * 10 19) states 4S100: Frank Stappers

  6. Behavioral analysis 100% (and this is even true for our language) From our experience: Without proper modeling it is impossible to get a system right. Implementing a model does not introduce substantial flaws. Modeling an implementation nearly always reveals flaws or ambiguities. 4S100: Frank Stappers

  7. Toolsets for behavioral analysis For verification of industrial systems, tool support is essential. Toolsets for modeling, validation and verification of behavior: CADP (INRIA Rhone Alpes, France) SPIN (Bell Labs, USA) FDR (Formal Systems Limited, Oxford, UK) Uppaal(Uppsala University, Sweden) NuSMV(Carnegie Mellon University, USA) mCRL2 (MDSE group / LaQuSo, TU/e) ... 4S100: Frank Stappers

  8. mCRL2 toolset overview - History 1990 2000 2010 now 2004 Common Representation Language (CRL) micro Common Representation Language 2 (mCRL2) micro Common Representation Language (μCRL) 4S100: Frank Stappers

  9. mCRL2 toolset overview – General Information • The mCRL2 toolset can be used for the specification, validation and verification of concurrent systems and protocols. • Collection of tools • Available for the following platforms: • Microsoft Windows • Linux (Ubuntu/openSUSE/Fedora) • Mac OS X • Distributed under the Boost license • Available at http://mcrl2.org 4S100: Frank Stappers

  10. Toolset overview 4S100: Frank Stappers

  11. Success stories 4S100: Frank Stappers

  12. modeling 4S100: Frank Stappers

  13. Actions • The behavior of a process is that which we can observe. • Observable behavior and observing behavior can be expressed in terms of actions. • Example: • A lamp has to shine in order for us to see that it is on. • We have to look at a lamp to see that it is shining. 4S100: Frank Stappers

  14. Labeled Transition Systems Formal definition: A labeled transition system is a tuple (S, L, →, s, T ) where: S is a set of states L is a set of labels →⊆ S × L × Sis a transition relation s ∈ Sis the initial state T ⊆ Sis the set of terminating states A labeled transition system is a basic formalism for describing behavior. Also known as labeled directed graphs or state spaces. Labels represent discrete events, also called actions. 4S100: Frank Stappers

  15. Labeled Transition Systems Example: Ordering items 4S100: Frank Stappers

  16. Basic process algebra A process with name ∈ is defined as P can be of the following form: An action (a ∈ Act) Sequential composition Alternative composition Recursion (Y∈ ) The deadlock process Internal/hidden action 4S100: Frank Stappers

  17. Basic process algebra Relating algebra to LTSs 4S100: Frank Stappers

  18. Basic process algebra - Ordering items 4S100: Frank Stappers

  19. Parallel composition a || b a | b • can be of the following form: • Parallel composition • Communication merge • This gives rise to multi-actions (Act*): • multi-action 4S100: Frank Stappers

  20. Parallelism Process specification 4S100: Frank Stappers

  21. Parallelism Corresponding LTS 4S100: Frank Stappers

  22. Communication Three operators for communication: • Communication (Act∗ × Act) • Encapsulation [block] (Act) • Allow (Act∗) Explanation: • renames multi-action a|b to c • blocks all actions in the set B • blocks multi-actions different from the ones in A 4S100: Frank Stappers

  23. Communication • Specification: 4S100: Frank Stappers

  24. Processes with data • Why data? • In real-life systems data is essential • Data allows for finite specifications of infinite systems • Examples: • Represent non-functional properties, e.g. color of a traffic light. • Capture information streams, e.g. communication of information • Manipulation, e.g. mathematical functions. • ... 4S100: Frank Stappers

  25. Processes with data All sorts Basic sorts Container sorts Functions: Structured sorts: 4S100: Frank Stappers

  26. Processes with data • Data specification • Sort declarations • Constructors (for creating user defined data types) • Mappings • Example – compute the sum over a list of values: 4S100: Frank Stappers

  27. Processes with Data • BNF: • Examples • Data parameterized action: • Data parameterized process: • Conditions: • Summation: 4S100: Frank Stappers

  28. Processes with Data ∞ • Summation: • Short hand notation for choice • over a domain of values: a(0)+a(1)+...+a(N-1)+a(N) 4S100: Frank Stappers

  29. An odd-max-5-counter • Process specification counter filter 4S100: Frank Stappers

  30. An odd-max-5-counter Tool demo: mCRL2-gui mCRL22lps lps2lts ltsgraph counter filter 4S100: Frank Stappers

  31. Verification counter filter • How to ensure that… • no deadlock? • counter does not exceed value X? • an input (r1) is always followed by an output (s3)? 4S100: Frank Stappers

  32. Verification 4S100: Frank Stappers

  33. Verification Temporal logic used within mCRL2: μ-calculus with data, time and regular expressions Model checking is an automated verification method. It can be used to check functional requirements against a model. A (software or hardware) system is modeledin mCRL2 The requirements are specified as properties in a temporal logic A model checking algorithm decides whether the property holds for the model. 4S100: Frank Stappers

  34. Temporal logic UPPAAL CTL* μ-calculus CTL LTL mCRL2 • Idea of μ-calculus: add fixed point operators (i.e. recursion) as primitives to standard Hennessy-Milner logic • μ-calculus is very expressive (subsumes e.g. CTL∗) • μ-calculus is very pure • drawback: lack of intuition 4S100: Frank Stappers

  35. A flavor of μ-calculus For all states s: s true For no state s: sfalse Hennessy-Milner logic: proposition logic with modalities: Notation: : state of a transition system satisfies formula 4S100: Frank Stappers

  36. A flavor of μ-calculus s [a]phi holds in a state sif everya-labeled transition leading out of sleads to a state where phi holds Hennessy-Milner logic: proposition logic with modalities: Notation: : state of a transition system satisfies formula 4S100: Frank Stappers

  37. A flavor of μ-calculus s <a>phi holds in a state s if any a-labeled transition leading out of s leads to a state where phiholds Hennessy-Milner logic: proposition logic with modalities: Notation: : state of a transition system satisfies formula 4S100: Frank Stappers

  38. A flavor of μ-calculus S [b]false S [a][b]true S <a>true Example: Determine the largest set of states S that satisfy: 4S100: Frank Stappers

  39. A flavor of μ-calculus mCRL2 extends HM logic with regular expressions: Explanation: R.R concatenation R+R choice R* match R zero times or more R+ match Ronce or more 4S100: Frank Stappers

  40. A flavor of μ-calculus S[b+a]false S [a.b.c]false S<a.a.b+a.a.a>true S<a*>true S<a+>true S[a*.b]false Example: Determine the largest set of states S that satisfy: 4S100: Frank Stappers

  41. An odd-max-5-counter verification counter filter action wildcard r1’,s3’ actions with eliminated data parameters • How to ensure that… • no deadlock? [true*]<true>true • counter does not exceed value X? [true*.s3(X)]false • an input (r1) is always followed by an output (s3)? [true*.r1’.(!s3’)*]<(!s3’)*.s3’>true 4S100: Frank Stappers

  42. An odd-max-5-counter verification Tool demo: mCRL2-gui lps2pbes pbes2bool (lpsactionrename) counter filter 4S100: Frank Stappers

  43. Case study 4S100: Frank Stappers

  44. HEF system 4S100: Frank Stappers • Modular HEF system • Levers (≥ 2) are connect to • Relays connect levers • Messages are sent over CAN-bus • Relays control `length’ of the bus • Occasionally nonresponsive levers • What is wrong? • Something in the design? • Time for model-checking!

  45. HEF system – full model (6 levers) We focus on initialization 4S100: Frank Stappers

  46. HEF system - initialization 4 3 1 2 4S100: Frank Stappers

  47. Simplified HEF system • Assumptions: • Good weather-behavior • Initialization only! • No up- and down movement • Modular design • Simplified model: • User (#1) • Relays (#3) • Levers (#3) • Every process has a physical position (used for identification) 4S100: Frank Stappers

  48. Simplified HEF system – User process User process • User is attached to lever pos • Press “start” • Send send_start message to attached lever • Notification: “Found n levers” • recv_found message contains the n found levers 4S100: Frank Stappers

  49. Simplified HEF system – Relay process Relay process: Relay can be Open or Closed Relay has a position between two levers and an open status: Opening/closing relay: 4S100: Frank Stappers

  50. Simplified HEF system – Relay process Re-tweeting of message IDs 4S100: Frank Stappers

More Related