xiaosong lu togashi laboratory department of computer science shizuoka university April ...
Post on 30-Dec-2015
35 Views
Preview:
DESCRIPTION
TRANSCRIPT
Xiaosong LuTogashi LaboratoryDepartment of Computer ScienceShizuoka University
April 1999
Specification and Verificationof Hierarchical Reactive SystemsSpecification and Verificationof Hierarchical Reactive Systems
* Research Background and Objective
* System Properties and Requirements
* Formal Specifications
* Soundness and Completeness
* Synthesis of Formal Specifications
* Compositional Verification
* Reflection
IntroductionIntroduction
* Statecharts (Modechart, RSML)* Visual Formalism* State Hierarchy and broadcast communication
* SDL: Communicating finite-state machines
* Petri Net: Event-driven, one-level concurrency
* CCS, CSP: algebraic nature, recursion, nested concurrency, naming, channel communication ...
Related WorkRelated Work
* A New Methodology for Reactive Systems* System requirements: Declarative language* Formal specifications: Hierarchical state
machines
* A Flexible Development Environment * Stepwise Refinement* Reflection
* Automatic Synthesis and Verification
* Support of Modularity and Reusability
Research ObjectiveResearch Objective
System Requirements
Synthesis System
Formal Specifications
Compiler
ProgramsPrograms
Requirement Acquisition
Verifier
Simulator
Present system
Reflection System
System OverviewSystem
Overview
* SPS = < P, L, D, L0 >* P: all atomic propositions* L: partition of P* D L×L: partial order relation⊆* L0: topmost level propositions
Hierarchical System Properties Hierarchical System Properties
SPS of a Radio/Tape PlayerSPS of a Radio/Tape Player
OnOn
Radio, TapeRadio, Tape StereoStereo
Am, FmAm, Fm Play, Pause Play, Pause
P
Lo
D
L
* ρ = < id, a, fin, o, fout >* id: name* a: input symbol* fin: pre-condition* o: output symbol* fout: post-condition
* Power on : ¬ On On : ⇒* < Power on, Power, ¬ On, , On >
Function Requirement Function Requirement
Power
* A Requirement Module of the Player
* RM = < id, F, γ0, B, Σ, O, TF >
System Requirement ModuleSystem Requirement Module
RM1 ¬ On Power
¬ On On,⇒Power
TF : Temporal logic formulae
BName γ0 Σ Ο
On ⇒ ¬ OnPower
PowerPower
Other Requirement ModulesOther Requirement Modules
RM2 Radio RT
Radio Tape,⇒RT
TF : Temporal logic formulae
On
RTTape Radio⇒
RM3 Stereo S
Stereo ⇒ ¬ Stereo, S
TF : Temporal logic formulae
On
S¬ Stereo Stereo ⇒
Radio/TapeRadio/Tape
StereoStereo
Other Requirement ModulesOther Requirement Modules
RM4PlayPause
¬ Play Play⇒
(TF : Temporal logic formulae)
PL,PAStop
Tape
Play∧ ¬ Pause Pause, Play Pause ⇒ ∧ ⇒ ¬ Pause
Play ⇒ ¬ Play∧ ¬ Pause
PA
RM5 Am,Fm AF
Am Fm, Fm Am⇒ ⇒
(TF : Temporal logic formulae)
Radio
TapeTape
RadioRadio
* R = < RM, RM0, > , C >
* System Requirement of the Player
System RequirementSystem Requirement
RM1 - PowerRM1 - Power
RM2 - Radio/TapeRM2 - Radio/Tape RM3 - StereoRM3 - Stereo
RM5 - Radio RM5 - Radio RM4 - Tape RM4 - Tape
RM0
>
* TM = < id, Q, Σ, O, →, q0, B >
* A State Transition Module of the Player
State Transition ModuleState Transition Module
PowerPower
¬ On¬ On OnOn
Power
Power QΣ
→
q0
* M = < TM, 》 , TM0 >
* TM: state transition modules* 》 : partial order relation of state transition
modules* TM0 TM: initial state transition modules ⊆
Formal SpecificationFormal Specification
Formal Specification of the PlayerFormal Specification of the Player
¬ On¬ On OnOnPower
Power
RadioRadio TapeTape
RT
RTStereoStereo ¬ Stereo¬ Stereo
S
S
¬ Play∧ ¬ Pause¬ Play∧ ¬ PausePL
Play∧ ¬ PausePlay∧ ¬ Pause
Play Pause∧Play Pause∧PA
StopStop
PAAmAm FmFm
AF
AF
TM0
》
Sub-states, Sub-transition, DefaultSub-states, Sub-transition, Default
¬ On¬ On OnOnPower
Power
RadioRadio TapeTape
RT
RTStereoStereo ¬ Stereo¬ Stereo
S
S
¬ Play∧ ¬ Pause¬ Play∧ ¬ PausePL
Play∧ ¬ PausePlay∧ ¬ Pause
Play Pause∧Play Pause∧PA
StopStop
PAAmAm FmFm
AF
AF
TM0
》
Substates(Tape)
Default(On)
Sub-transition(Radio)
Global Behavior of the PlayerGlobal Behavior of the Player
¬ On¬ On
StereoStereo
OnOn
RadioRadio
AmAm
Power
RT
TapeTape
¬ Play∧ ¬ Pause¬ Play∧ ¬ Pause
OnOn
StereoStereo
PL
Play∧ ¬ PausePlay∧ ¬ Pause
OnOn
TapeTape
StereoStereo
¬ On¬ On
Power
Global Transition SystemGlobal Transition System
Power¬ On¬ On
Power
AF RT
On, Tape¬ Play, ¬ Pause
On, Tape¬ Play, ¬ Pause
PL StopStop
PA On, TapePlay,PauseOn, Tape
Play,PauseOn, Tape
Play, ¬ PauseOn, Tape
Play, ¬ PausePA
On, RadioAm
On, RadioAm
On, RadioFm
On, RadioFm
AFRT
RT
RT
Power
PowerPower
Power
StereoStereo ¬ Stereo¬ Stereo
S
S
* Transition ├ Function Requirement
* Transition Module ├ Requirement Module
* Formal Specification ├ System Requirement
SoundnessSoundness
* M is Complete w.r.t. R * M is sound w.r.t. R* ∀sound M’ w.r.t. R, * ∃homomorphism ξ: M’→M
* Standard System of R* sound* complete* unique
CompletenessCompleteness
* Synthesis System
*
* Theorem on Synthesis: * The derived system is standard.
Synthesis of Formal SpecificationSynthesis of Formal Specification
system requirement
module
system requirement
module
Statetransitionmodule
Statetransitionmodule
System Requirement
System Requirement
Formal Specification
Formal Specification
* Verification of Linear-time Properties* reachability analysis* liveness, fairness and safeness verification* trace analysis
* Verification with Branching-time Logic* TCTL* partial model checker* further discussion
Compositional VerificationCompositional Verification
* Bottom-up Algorithm
* Time Complexity: O(|T| ・ logs|M|)
Reachability AnalysisReachability Analysis
PowerPower
Radio/TapeRadio/Tape StereoStereo
Radio Radio Tape Tape 1. Analyze local
reachability[Play, Pause]
2. Find upper module, analyze
[Tape]
3. Until initial module reached
[On]
* Liveness: every state is in a circle * local liveness* upper state liveness
* Fairness: strongly connected* initial module local fairness* all states reachable
* Safeness: absence of deadlock* deadlock detection
Liveness, Fairness, SafenessLiveness, Fairness, Safeness
AA
DD CC
BB
AA
DD CC
BB
AA
DD CC
BB
* Syntax* p, a, o are TCTL formulae* ¬ f1, f1 f∧ 2, AXf1, EXf1, A[f1Uf2], E[f1Uf2] are
TCTL formula* f \ P, f \ A, f \ O are TCTL formulae
* Trace-based Semantics
Branching-time Logic: TCTLBranching-time Logic: TCTL
* Partial verification* hierarchical structure based* sequential portion of formal specification* any level specification
* Partial Model Checker* obtain list of all subformulas of f to be verified* label states with formulas on the hierarchical
structure* backwards search for EX and EU
Partial Model CheckerPartial Model Checker
* Compositional Verification with Proof
* Compositional Minimization
* Symbolic Model Checking
Further Discussion on VerificationFurther Discussion on Verification
* Transition Addition/Deletion/Modification
* State Addition/Deletion
* Nonexecutable Function Detection
ReflectionReflection
System Requirement
System Requirement
Formal Specification
Formal Specification
top related