formal verifjcation lecture 1 introduction to model
play

Formal Verifjcation Lecture 1: Introduction to Model Checling and - PowerPoint PPT Presentation

Formal Verifjcation Lecture 1: Introduction to Model Checling and Temporal Logic Jacques Fleuriot jdf@inf.ed.ac.uk Acknowledgement: Adapted from original material by Paul Jackson, including some additions by Bob Atkey. Formal Verifjcation


  1. Formal Verifjcation Lecture 1: Introduction to Model Checling and Temporal Logic ¹ Jacques Fleuriot jdf@inf.ed.ac.uk ¹ Acknowledgement: Adapted from original material by Paul Jackson, including some additions by Bob Atkey.

  2. Formal Verifjcation (in a nutshell) Describe formally a specifjcation that we desire the model to satisfy Check the model satisfjes the specifjcation theorem proving (usually interactive but not necessarily) Model checking ▶ Create a formal model of some system of interest ▶ Hardware ▶ Communication protocol ▶ Sofuware, esp. concurrent sofuware

  3. satisfy Formal Verifjcation (in a nutshell) Check the model satisfjes the specifjcation theorem proving (usually interactive but not necessarily) Model checking ▶ Create a formal model of some system of interest ▶ Hardware ▶ Communication protocol ▶ Sofuware, esp. concurrent sofuware ▶ Describe formally a specifjcation that we desire the model to

  4. satisfy Formal Verifjcation (in a nutshell) ▶ Create a formal model of some system of interest ▶ Hardware ▶ Communication protocol ▶ Sofuware, esp. concurrent sofuware ▶ Describe formally a specifjcation that we desire the model to ▶ Check the model satisfjes the specifjcation ▶ theorem proving (usually interactive but not necessarily) ▶ Model checking

  5. Introduction to Model Checling ▶ Specifjcations as Formulas, Programs as Models ▶ Programs are abstracted as Finite State Machines ▶ Formulas are in Temporal Logic

  6. Model Checking , is M = ? 4. For a fjxed M and P , is it the case that M = Not in this course “Tieory discovery”/“Learning from Data”/“Generalisation” true? s make M = 3. For a fjxed (class of) M , what Satisfjability true for some M ? 2. For a fjxed = Formula Tiis can be done via proof in a theorem prover e.g. Isabelle. Validity of true for all M ? , is M = 1. For a fjxed Qvestions we can ask: Interpretation | Tie relationship between interpretations M and formulas φ : M | = φ We say M models φ .

  7. Model Checking , is M = ? 4. For a fjxed M and P , is it the case that M = Not in this course “Tieory discovery”/“Learning from Data”/“Generalisation” true? s make M = 3. For a fjxed (class of) M , what Satisfjability true for some M ? 2. For a fjxed = Formula Qvestions we can ask: Interpretation | Tie relationship between interpretations M and formulas φ : M | = φ We say M models φ . 1. For a fjxed φ , is M | = φ true for all M ? ▶ Validity of φ ▶ Tiis can be done via proof in a theorem prover e.g. Isabelle.

  8. Model Checking = Formula ? 4. For a fjxed M and P , is it the case that M = Not in this course “Tieory discovery”/“Learning from Data”/“Generalisation” Qvestions we can ask: true? s make M = 3. For a fjxed (class of) M , what Interpretation | Tie relationship between interpretations M and formulas φ : M | = φ We say M models φ . 1. For a fjxed φ , is M | = φ true for all M ? ▶ Validity of φ ▶ Tiis can be done via proof in a theorem prover e.g. Isabelle. 2. For a fjxed φ , is M | = φ true for some M ? ▶ Satisfjability

  9. Model Checking Qvestions we can ask: ? 4. For a fjxed M and P , is it the case that M = = Formula Interpretation | Tie relationship between interpretations M and formulas φ : M | = φ We say M models φ . 1. For a fjxed φ , is M | = φ true for all M ? ▶ Validity of φ ▶ Tiis can be done via proof in a theorem prover e.g. Isabelle. 2. For a fjxed φ , is M | = φ true for some M ? ▶ Satisfjability 3. For a fjxed (class of) M , what φ s make M | = φ true? ▶ “Tieory discovery”/“Learning from Data”/“Generalisation” ▶ Not in this course

  10. Qvestions we can ask: = Formula Interpretation | Tie relationship between interpretations M and formulas φ : M | = φ We say M models φ . 1. For a fjxed φ , is M | = φ true for all M ? ▶ Validity of φ ▶ Tiis can be done via proof in a theorem prover e.g. Isabelle. 2. For a fjxed φ , is M | = φ true for some M ? ▶ Satisfjability 3. For a fjxed (class of) M , what φ s make M | = φ true? ▶ “Tieory discovery”/“Learning from Data”/“Generalisation” ▶ Not in this course 4. For a fjxed M and P , is it the case that M | = φ ? ▶ Model Checking

  11. Model Checling At a high level, many tasks can be rephrased as model checking. Historically, “Model Checking” usually refers to the last one. Tiis is statement? (and to what degree?)” is extremely common. Details difger widely, but question of “is this data consistent with this specifjcation checking = temporal logic speech recognition = acoustic/lang. model audio data spellchecking = dictionary sequences of letuers spam detection = spam rules parsing Task = grammars database tables = SQL queries query execution email texts the one we will cover over the next few lectures. “Interpretations” M | = “Formulas” φ sequences of tokens | | | | | fjnite state machines |

  12. Uses of Model Checling Model Checking has been used to: Exploration Rovers , Deep Impact http://www.dcs.ed.ac.uk/pepa/ ▶ Check Microsofu Windows device drivers for bugs ▶ Tie “Static Driver Verifjer” tool ▶ Tie SPIN tool ( http://spinroot.com ): ▶ http://spinroot.com/spin/success.html ▶ Flood control barrier control sofuware ▶ Call processing sofuware at Lucent ▶ Parts of Mars Science Laboratory , Deep Space 1 , Cassini , the Mars ▶ … ▶ PEPA (Performance Evaluation Process Algebra) ▶ Multiprocessor systems ▶ Biological systems ▶ …

  13. Model Checling – Models A model of some system has: that can be reached “in one time step”. Good for Refjnements of this setup can handle: Infjnite state spaces , Continuous state spaces , Continuous time , Probabilistic Transitions . Good for hybrid ( i.e., discrete and continuous) and control systems. ▶ A fjnite set of states ▶ A subset of states considered as the initial states ▶ A transition relation which, given a state, describes all states ▶ Sofuware, sequential and concurrent ▶ Digital hardware ▶ Communication protocols

  14. Model Checling – Models Models are always abstractions of reality. We must choose what to model and what not to model Tiere will limitations forced by the formalism e.g., here we are limited to fjnite state models Tiere will be things we do not understand suffjciently to model e.g., people In the words of the Tie Cure ’s Pictures of You : I’ve been looking so long at these pictures of you Tiat I almost believe that they’re real I’ve been living so long with my pictures of you Tiat I almost believe that the pictures are All I can feel Do not do this : the pictures are not real.

  15. Model Checling – Models Models are always abstractions of reality. Tiere will limitations forced by the formalism e.g., here we are limited to fjnite state models Tiere will be things we do not understand suffjciently to model e.g., people In the words of the Tie Cure ’s Pictures of You : I’ve been looking so long at these pictures of you Tiat I almost believe that they’re real I’ve been living so long with my pictures of you Tiat I almost believe that the pictures are All I can feel Do not do this : the pictures are not real. ▶ We must choose what to model and what not to model

  16. Model Checling – Models Models are always abstractions of reality. Tiere will be things we do not understand suffjciently to model e.g., people In the words of the Tie Cure ’s Pictures of You : I’ve been looking so long at these pictures of you Tiat I almost believe that they’re real I’ve been living so long with my pictures of you Tiat I almost believe that the pictures are All I can feel Do not do this : the pictures are not real. ▶ We must choose what to model and what not to model ▶ Tiere will limitations forced by the formalism ▶ e.g., here we are limited to fjnite state models

  17. Model Checling – Models Models are always abstractions of reality. In the words of the Tie Cure ’s Pictures of You : I’ve been looking so long at these pictures of you Tiat I almost believe that they’re real I’ve been living so long with my pictures of you Tiat I almost believe that the pictures are All I can feel Do not do this : the pictures are not real. ▶ We must choose what to model and what not to model ▶ Tiere will limitations forced by the formalism ▶ e.g., here we are limited to fjnite state models ▶ Tiere will be things we do not understand suffjciently to model ▶ e.g., people

  18. Model Checling – Models Models are always abstractions of reality. In the words of the Tie Cure ’s Pictures of You : I’ve been looking so long at these pictures of you Tiat I almost believe that they’re real I’ve been living so long with my pictures of you Tiat I almost believe that the pictures are All I can feel Do not do this : the pictures are not real. ▶ We must choose what to model and what not to model ▶ Tiere will limitations forced by the formalism ▶ e.g., here we are limited to fjnite state models ▶ Tiere will be things we do not understand suffjciently to model ▶ e.g., people

Recommend


More recommend