formal software design with alloy and electrum
play

formal software design with alloy and electrum temporal logic - PowerPoint PPT Presentation

Jul 09, 2023 •234 likes •740 views

Julien Brunel, David Chemouil, Alcino Cunha, Eunsuk Kang, Nuno Macedo formal software design with alloy and electrum temporal logic Universidade do Minho & INESC TEC ONERA DTIS & Universit fdrale de Toulouse Carnegie Mellon

  1. Julien Brunel, David Chemouil, Alcino Cunha, Eunsuk Kang, Nuno Macedo formal software design with alloy and electrum temporal logic Universidade do Minho & INESC TEC ONERA DTIS & Université fédérale de Toulouse Carnegie Mellon University 3rd World Congress on Formal Methods, Porto, Portugal, October 2019

  2. temporal logic

  3. formal software design with alloy and electrum / temporal logic 3 / 50 linear temporal logic E lectrum includes temporal connectives from Linear Temporal Logic (LTL). Formulas are interpreted over infinite sequences of states (traces).

  4. formal software design with alloy and electrum / temporal logic 4 / 50 future operators E lectrum Meaning p is always true from now on always p eventually p p will eventually be true p will be true in the next state after p p until q q will eventually be and p is true until then q can only be false afer p is true p releases q

  5. formal software design with alloy and electrum / temporal logic 5 / 50 past operators E lectrum Meaning p was always true historically p once p p was once true p was true in the previous state before p q was once true and p has been true aferwards p since q if p was once true, then q has been true onwards p triggered q

  6. formal software design with alloy and electrum / temporal logic 6 / 50 semantics by example eventually B

  7. formal software design with alloy and electrum / temporal logic 7 / 50 semantics by example not eventually B

  8. formal software design with alloy and electrum / temporal logic 8 / 50 semantics by example always A

  9. formal software design with alloy and electrum / temporal logic 9 / 50 semantics by example not always A

  10. formal software design with alloy and electrum / temporal logic 10 / 50 semantics by example before B

  11. formal software design with alloy and electrum / temporal logic 11 / 50 semantics by example not before B

  12. formal software design with alloy and electrum / temporal logic 12 / 50 semantics by example once B

  13. formal software design with alloy and electrum / temporal logic 13 / 50 semantics by example once A

  14. formal software design with alloy and electrum / temporal logic 14 / 50 semantics by example always (B implies eventually A)

  15. formal software design with alloy and electrum / temporal logic 15 / 50 semantics by example not always (A implies eventually B)

  16. formal software design with alloy and electrum / temporal logic 16 / 50 semantics by example eventually always A

  17. formal software design with alloy and electrum / temporal logic 17 / 50 semantics by example not eventually always B

  18. formal software design with alloy and electrum / temporal logic 18 / 50 semantics by example always eventually A

  19. formal software design with alloy and electrum / temporal logic 19 / 50 semantics by example not always eventually B

  20. formal software design with alloy and electrum / temporal logic 20 / 50 some ltl valid formulas always A iff not eventually not A eventually always A implies always eventually A A until B implies eventually B A releases B iff ( always not A) or B until (A and B)

  21. formal software design with alloy and electrum / temporal logic 21 / 50 trash Design a trash such that: A deleted file can still be restored if the trash is not emptied

  22. formal software design with alloy and electrum / temporal logic 22 / 50 trash assert restoreIsPossibleBeforeEmpty { -- a deleted file can still be restored if the trash is not emptied always ( all f:File | delete[f] implies (empty releases restoreEnabled[f])) }

  23. formal software design with alloy and electrum / temporal logic 23 / 50

  24. formal software design with alloy and electrum / temporal logic 24 / 50 exercise https://github.com/haslab/Electrum2/wiki/Trash (exercises 4)

  25. infinite traces

  26. formal software design with alloy and electrum / infinite traces 26 / 50 why infinite traces only? Semantic issues with finite traces What formulas are true in the last state? Different possible semantics In Electrum: infinite traces only Caveat: no deadlock detection in general But a finite trace can be represented by an infinite one stuttering on the last state

  27. formal software design with alloy and electrum / infinite traces 27 / 50 finite representation with lassos L asso trace Some infinite traces can be represented by finite lasso traces Notice some infinite traces cannot Small-Model Property for LTL If an LTL formula is satisfiable, then it is satisfied by at least one lasso trace.

  28. example

  29. formal software design with alloy and electrum / example 29 / 50 leader election in a ring V erify the correctness of the protocol: One leader will be elected

  30. formal software design with alloy and electrum / example 30 / 50 configuration and state open util/ordering[Id] sig Id {} sig Node { id : one Id, succ : one Node, var inbox : set Id, var outbox : set Id } fact ring { all i : Id | lone id.i all n : Node | Node in n.^succ }

  31. formal software design with alloy and electrum / example 31 / 50 election fun elected : set Node { { n : Node | once n.id in n.inbox } }

  32. formal software design with alloy and electrum / example 32 / 50 operations pred send [n : Node] { ... } pred compute [n : Node] { some i : n.inbox { n.inbox' = n.inbox - i n.outbox' = n.outbox + (i - n.id.*(~next)) } all m : Node - n | m.inbox' = m.inbox all m : Node - n | m.outbox' = m.outbox } pred skip { ... }

  33. formal software design with alloy and electrum / example 33 / 50 behavior fact init { no inbox outbox = id } fact transitions { always (skip or some n : Node | send[n] or compute[n]) }

  34. formal software design with alloy and electrum / example 34 / 50 exercise https://github.com/haslab/Electrum2/wiki/Leader-election (exercise 1-3)

  35. safety vs liveness

  36. formal software design with alloy and electrum / safety vs liveness 36 / 50 safety properties Something “bad” will never happen. A trace that violates a safety property has a “bad” prefix. A “bad” prefix is one s.t. every possible continuation violates the property. always p always (p implies once q) always (p implies after always not p)

  37. formal software design with alloy and electrum / safety vs liveness 37 / 50 leader election assert safety { always lone elected }

  38. formal software design with alloy and electrum / safety vs liveness 38 / 50

  39. formal software design with alloy and electrum / safety vs liveness 39 / 50 exercise https://github.com/haslab/Electrum2/wiki/Leader-election (exercise 4)

  40. formal software design with alloy and electrum / safety vs liveness 40 / 50 liveness properties Something “good” will eventually happen. A property is a liveness property if any prefix can be extended to an infinite trace satisfying it. Much harder to check than safety properties. ◮ Observing a prefix is not sufficient to detect a violation. eventually p always (p implies eventually q) always eventually p

  41. formal software design with alloy and electrum / safety vs liveness 41 / 50 leader election assert liveness { eventually some elected }

  42. formal software design with alloy and electrum / safety vs liveness 42 / 50

  43. fairness

  44. formal software design with alloy and electrum / fairness 44 / 50 fairness assumptions Necessary for verifying most liveness properties. Exclude traces where an event becomes “continuously” enabled but never occurs ◮ continuously = infinitely ofen (strong) ◮ continuously = permanently (weak) Strong fairness ( always eventually p) implies ( always eventually q) Weak fairness ( eventually always p) implies ( always eventually q)

  45. formal software design with alloy and electrum / fairness 45 / 50 leader election specification fixed pred sendEnabled [n : Node] { some n.outbox } pred computeEnabled [n : Node] { some n.inbox } pred fairness { all n : Node { ( eventually always sendEnabled[n]) implies ( always eventually send[n]) ( eventually always computeEnabled[n]) implies ( always eventually compute[n]) } } assert liveness { fairness implies eventually some elected }

  46. concurrent executions

  47. formal software design with alloy and electrum / concurrent executions 47 / 50 interleaved vs. concurrent executions P revious models force interleaved execution of operations ◮ the frame condition in each event prevents other events from occurring Concurrent executions can also be specified in Electrum ◮ frame conditions must be relaxed, but still prevent arbitrary changes ◮ counter-examples can be shorter (more efficient verification) but harder to understand ◮ some properties that are true in an interleaved model may no longer be true

  48. formal software design with alloy and electrum / concurrent executions 48 / 50 operations redefined pred skip { ... } pred send [n : Node] { ... } pred compute [n : Node] { some i : n.inbox { n.inbox' = n.inbox - i n.outbox' = n.outbox + (i - n.id.*(~next)) } }

  49. formal software design with alloy and electrum / concurrent executions 49 / 50 frame conditions fact frame { always all n : Node { n.inbox' != n.inbox implies (compute[n] or send[succ.n]) n.outbox' != n.outbox implies (compute[n] or send[n]) } }

  50. formal software design with alloy and electrum / concurrent executions 50 / 50

Recommend

formal software design with alloy and electrum overview Universidade do Minho & INESC TEC

formal software design with alloy and electrum overview Universidade do Minho & INESC TEC

Julien Brunel, David Chemouil, Alcino Cunha, Eunsuk Kang, Nuno Macedo formal software design with alloy and electrum overview Universidade do Minho & INESC TEC ONERA DTIS & Universit fdrale de Toulouse Carnegie Mellon University

652 views • 31 slides
Lecture on Automated Software Engineering Alloy: Analyzing Software Requirements, Design and

Lecture on Automated Software Engineering Alloy: Analyzing Software Requirements, Design and

Lecture on Automated Software Engineering Alloy: Analyzing Software Requirements, Design and Algorithms Martin Monperrus, Ph.D. version of Oct 15, 2012 Creative Commons Attribution License Copying and modifying are authorized as long as

818 views • 34 slides
Electrum Lightweight specification of behavioral models with rich configurations Julien Brunel 1

Electrum Lightweight specification of behavioral models with rich configurations Julien Brunel 1

Electrum Lightweight specification of behavioral models with rich configurations Julien Brunel 1 , David Chemouil 1 , Alcino Cunha 2 , Nuno Macedo 2 et al. Workshop on the Future of Alloy, April 30 & May 1, 2018, MIT. 1 ONERA/DTIS &

209 views • 7 slides
alloy oy Daniel Jackson MIT Lab for Computer Science 6898: Advanced Topics in Software Design

alloy oy Daniel Jackson MIT Lab for Computer Science 6898: Advanced Topics in Software Design

alloy oy Daniel Jackson MIT Lab for Computer Science 6898: Advanced Topics in Software Design February 11, 2002 co course ad rse admin in new version of bill new version of bills notes online s notes online schedule today: Alloy

599 views • 34 slides
An Overview of the Alloy Language & Analyzer Slides contain some modified content from the

An Overview of the Alloy Language & Analyzer Slides contain some modified content from the

An Overview of the Alloy Language & Analyzer Slides contain some modified content from the Alloy Tutorial by G. Dennis & R. Seater (see alloy.mit.edu) Alloy Lecture 1 1 What is Alloy? A formal language and analyzer based on Z

329 views • 6 slides
The Master Alloy of Al -Nb- B 1 The Master Alloy of Al-Nb-B Edmundo Burgos Cruz

The Master Alloy of Al -Nb- B 1 The Master Alloy of Al-Nb-B Edmundo Burgos Cruz

The Master Alloy of Al -Nb- B 1 The Master Alloy of Al-Nb-B Edmundo Burgos Cruz Daniel Pallos Fridman Alarcio Martins Vieira Technology Center - CBMM - Brazil Overview Motivation Master Alloy Design

537 views • 18 slides
Preventing Arithmetic Overflows in Alloy Aleksandar Milicevic Daniel Jackson

Preventing Arithmetic Overflows in Alloy Aleksandar Milicevic Daniel Jackson

Preventing Arithmetic Overflows in Alloy Aleksandar Milicevic Daniel Jackson (aleks@csail.mit.edu) (dnj@csail.mit.edu) Software Design Group Massachusetts Institute of Technology Cambridge, MA International Conference of Alloy, ASM, B, VDM,

2.03k views • 65 slides
Principles of Software Construction: Objects, Design, and Concurrency A formal design process

Principles of Software Construction: Objects, Design, and Concurrency A formal design process

Principles of Software Construction: Objects, Design, and Concurrency A formal design process Josh Bloch Charlie Garrod Darya Melicher 17-214 1 Administrivia Homework 2 feedback in your GitHub repository Homework 3 due today at

829 views • 28 slides
Alloy Intro Trimble & Authorized Trimble Dealer Only Trimble RTN Overview RTN Software

Alloy Intro Trimble & Authorized Trimble Dealer Only Trimble RTN Overview RTN Software

2018 IGNSS Conference | Michael Bruno | Trimble Inc Alloy Intro Trimble & Authorized Trimble Dealer Only Trimble RTN Overview RTN Software Trimble Pivot Platform RTN Hardware Trimble Alloy GNSS Receiver Zephyr 3 Antennas GNSS Field Users

317 views • 10 slides
CSEP504: Advanced topics in software systems Software architecture: design-based Formal

CSEP504: Advanced topics in software systems Software architecture: design-based Formal

CSEP504: Advanced topics in software systems Software architecture: design-based Formal reasoning about properties Static vs. dynamic architectures Software architecture: property-based Autonomic systems Relationship to

1.46k views • 79 slides
Reducing the Evolutionary Analysis Cost of Alloy Hamid Bagheri Workshop on the Future of Alloy

Reducing the Evolutionary Analysis Cost of Alloy Hamid Bagheri Workshop on the Future of Alloy

Reducing the Evolutionary Analysis Cost of Alloy Hamid Bagheri Workshop on the Future of Alloy April 30 & May 1, 2018. Cambridge, MA Alloys widespread applications Program verification Design modeling and analysis PO POL Mo MonA

220 views • 21 slides
Formal software engineering for computational modelling Formal software engineering Focus on

Formal software engineering for computational modelling Formal software engineering Focus on

Formal software engineering for computational modelling Formal software engineering Focus on the formal, mathematical side of software Ex. Algebra Three problems What are the concepts that have to be used for the construction of

110 views • 7 slides
CSE 331 Software Design and Implementation Lecture 2 Formal Reasoning Leah Perlmutter / Summer

CSE 331 Software Design and Implementation Lecture 2 Formal Reasoning Leah Perlmutter / Summer

CSE 331 Software Design and Implementation Lecture 2 Formal Reasoning Leah Perlmutter / Summer 2018 Announcements First section tomorrow! Homework 0 due today (Wednesday) at 10 pm Heads up: no late days for this one! Quiz 1 due

556 views • 53 slides
Performa 285 Performa 285 High Alloy Zinc Nickel High Alloy Zinc Nickel Alloy Zinc Automotive

Performa 285 Performa 285 High Alloy Zinc Nickel High Alloy Zinc Nickel Alloy Zinc Automotive

Performa 285 Performa 285 High Alloy Zinc Nickel High Alloy Zinc Nickel Alloy Zinc Automotive Applications Alloy Zinc Automotive Applications Anti-Vibration Components Door Hinges Fasteners Brake Calipers Fluid Delivery Tubes Alkaline

317 views • 18 slides
Introduction to Formal Analysis Mark Greenstreet CpSc 513 Term 1, 2015/16 Formal

Introduction to Formal Analysis Mark Greenstreet CpSc 513 Term 1, 2015/16 Formal

Introduction to Formal Analysis Mark Greenstreet CpSc 513 Term 1, 2015/16 Formal verification uses algorithms to rigorously prove properties of hardware or software design. 20 years ago, we had the FDIV bug: 42.0 / 7.0 = 8.0 Formal

576 views • 6 slides
Mondex / Alloy Last Updates Tahina Ramananandro cole Normale Suprieure Paris, France

Mondex / Alloy Last Updates Tahina Ramananandro cole Normale Suprieure Paris, France

Third Mondex Workshop University of York October 5-6 th , 2006 Mondex / Alloy Last Updates Tahina Ramananandro cole Normale Suprieure Paris, France Daniel Jackson Massachusetts Institute of Technology CSAIL Software Design Cambridge

247 views • 20 slides
Alloy Analyzer 4 Tutorial Session 4: Dynamic Modeling Greg Dennis and Rob Seater Software

Alloy Analyzer 4 Tutorial Session 4: Dynamic Modeling Greg Dennis and Rob Seater Software

Alloy Analyzer 4 Tutorial Session 4: Dynamic Modeling Greg Dennis and Rob Seater Software Design Group, MIT model of an address book abstract sig Target {} sig Name extends Target {} sig Addr extends Target {} sig Book { addr: Name -> Target

873 views • 28 slides
Formal System Design Process with UML Use a formal process & tools to facilitate and

Formal System Design Process with UML Use a formal process & tools to facilitate and

Formal System Design Process with UML Use a formal process & tools to facilitate and automate design steps: Requirements Specification System architecture Coding/chip design Testing Text: Chapter 1.4 Other resources on course web

584 views • 41 slides
The Role of Alloy in Developing Scientific Software John Baugh and Tristan Dyer Civil

The Role of Alloy in Developing Scientific Software John Baugh and Tristan Dyer Civil

The Role of Alloy in Developing Scientific Software John Baugh and Tristan Dyer Civil Engineering and Operations Research North Carolina State University, Raleigh, NC Workshop on

360 views • 17 slides
Formal Specification Techniques Knowledge of typical approaches to formal software specification

Formal Specification Techniques Knowledge of typical approaches to formal software specification

Goals Understanding of the motivation of mathematical approaches to software specification Formal Specification Techniques Knowledge of typical approaches to formal software specification CAS 707 and verification McMaster University, Winter

106 views • 6 slides
High Assurance Spiral 18-847E Spiral: Formal Approaches to Hardware & Software Design &

High Assurance Spiral 18-847E Spiral: Formal Approaches to Hardware & Software Design &

Carnegie Mellon Carnegie Mellon DARPA HACMS High Assurance Spiral 18-847E Spiral: Formal Approaches to Hardware & Software Design & Algorithm Verification Franz Franchetti Carnegie Mellon University www.ece.cmu.edu/~franzf Lecture

684 views • 52 slides
Formal Specification with Z ch ? = right arrow Software Engineering Software Engineering right

Formal Specification with Z ch ? = right arrow Software Engineering Software Engineering right

These slides are based on Jonathan Jackys The Way of Z Forward Editor ch ? : CHAR Formal Specification with Z ch ? = right arrow Software Engineering Software Engineering right = Andreas Zeller Saarland University

417 views • 24 slides
ALLOY ENTERPRISES BRINGING LIFE TO YOUR HOMES COMPANYS PROFILE ALLOY ENTERPRISES is a

ALLOY ENTERPRISES BRINGING LIFE TO YOUR HOMES COMPANYS PROFILE ALLOY ENTERPRISES is a

ALLOY ENTERPRISES BRINGING LIFE TO YOUR HOMES COMPANYS PROFILE ALLOY ENTERPRISES is a solution provider and a manufacturing company for windows openings, shutters, rapid action doors and projection screens. The company came into existence

570 views • 19 slides
F Formal Modeling and Verification of l M d li d V ifi ti f Safety-Critical Software

F Formal Modeling and Verification of l M d li d V ifi ti f Safety-Critical Software

Submitted to IEEE Software 2009 - Special issue on Software Development for Embedded Systems F Formal Modeling and Verification of l M d li d V ifi ti f Safety-Critical Software implemented in PLC JUNBEOM YOO JUNBEOM YOO KONKUK

882 views • 32 slides

More recommend