INF5140 – Specification and Verification of Parallel Systems Spring 2015 June 9, 2015 Abstract This is the “handout” version of the slides for the lecture (i.e., it’s a rendering of the content of the slides in a way that does not waste so much paper when printing out). Note that sometimes overlays are tricky to represent in a handout. Note further that there are also the slides of the student presentations available on the net, they are not included here (with the exception of the TLA part). One part concerning the generation of the Büchi-automaton was presented on the white-board without slides. For that part, we put an book-excerpt as scan on the net. Contents I Overview of the course 2 1 Introduction 3 1.1 Content of the course . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2 Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2 Formal Methods 3 2.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1.1 An Easy Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2 How to guarantee correctness? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2.1 Software bugs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.3 On formal methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.3.1 What are formal methods? . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.3.2 General Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.3.3 Classification of formal methods . . . . . . . . . . . . . . . . . . . . . . . . 8 2.3.4 A few success stories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.3.5 How to choose the right formal method? . . . . . . . . . . . . . . . . . . . . 10 2.4 Formalisms for specification and verification . . . . . . . . . . . . . . . . . . . . . . 11 2.4.1 Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.4.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 II Logics 12 3 First-order logic 13 3.1 Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.2 Semantics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.3 Proof System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 4 Modal logics 18 4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 4.2 Semantics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 4.3 Axiomatic System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 1
5 Dynamic logics 23 5.1 Multi-modal logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 5.2 Dynamic logics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 5.3 Semantics of PDL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 III Lecture 4: (Hoare Logic and) Temporal Logics 27 6 Linear-Time Temporal Logic (LTL) 28 6.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 6.2 Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 6.3 Semantics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 6.4 The Past . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 6.5 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 6.6 Nested waiting-for . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 6.7 Formalization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 6.8 Duals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 6.9 Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 6.9.1 Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 6.9.2 Safety and Liveness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 6.9.3 Recurrence and Persistence . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 6.9.4 Reactivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 6.9.5 GCD Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 6.10 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 IV Logical model checking 40 7 Logic Model Checking: What is it about? 40 7.1 The Basic Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 7.2 General remarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 7.3 Motivating Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 8 Automata and Logic 45 8.1 Finite State Automata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 8.2 Büchi Automata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 8.3 Something on Logic and Automata . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 8.4 Implications in Model Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 8.5 Automata Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 9 Model Checking Algorithm 56 9.1 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 9.2 The Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 10 Final Remarks 57 10.1 Something on Automata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 V TLA & TLA+ 58 does not work in article mode 2
Part I Overview of the course 1 Introduction 1.1 Content of the course Content • See the homepage of the course: http://www.uio.no/studier/emner/matnat/ifi/INF5140/v15/ 1.2 Evaluation Evaluation System 1. Two (small) mandatory assignments • Alternative: Write a research report (paper) on a topic related to the course (specifica- tion and model checking) 2. Paper presentation on related topics 3. Oral exam • The mandatory assignments (as usual) give you the right to take the exam • A minimum will be required on every item above in order to be approved (e.g. you must present a paper) Remarks • We will give you more precise guidelines during the course • Check the web page regularly. 2 Formal Methods Outline Contents 2.1 Motivation 2.1.1 An Easy Problem The problem Compute the value of a 20 given the following definition 1 = 11 a 0 2 = 61 a 1 11 1130 − 3000 a n +2 = 111 − an a n +1 1 Thanks to César Muñoz (NASA, Langley) for providing the example. 3
A Java Implementation c l a s s mya { 1 2 s t a t i c double a ( i n t n) { 3 i f (n==0) 4 return 1 1 / 2 . 0 ; 5 i f (n==1) 6 return 61/11.0; 7 return 111 − (1130 − 3000/a (n − 2))/a (n − 1); 8 } 9 10 public s t a t i c void main ( String [ ] argv ) { 11 f o r ( i n t i =0; i <=20; i++) 12 System . out . p r i n t l n (" a("+ i +") = "+a ( i ) ) ; 13 } 14 } 15 The Solution (?) $ java mya a(0) = 5.5 a(2) = 5.5901639344262435 a(4) = 5.674648620514802 a(6) = 5.74912092113604 a(8) = 5.81131466923334 a(10) = 5.861078484508624 a(12) = 5.935956716634138 a(14) = 15.413043180845833 a(16) = 97.13715118465481 a(18) = 99.98953968869486 a(20) = 99.99996275956511 Should we trust software? In fact the value of a n for any n ≥ 0 may be computed by using the following expression: a n = 6 n +1 + 5 n +1 6 n + 5 n Where lim n →∞ a n = 6 We get then a 20 ≈ 6! 2.2 How to guarantee correctness of a system? Correctness • A system is correct if it meets its design requirements Examples: • System: The previous Java program computing a n Requirement: For any n ≥ 0 , the program should be conform with the previous equation ( limn →∞ an = 6 ) • System: A telephone system Requirement: If user A want to call user B, then eventually A will manage to establish a connection 4
Recommend
More recommend