Model Checking - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Model Checking

Description:

How do we find out whether it is correct? Statement coverage: 1 ... Only one process in the ... Ken McMillan, http://embedded.eecs.berkeley.edu ... – PowerPoint PPT presentation

Number of Views:27
Avg rating:3.0/5.0
Slides: 18
Provided by: Jochen9
Category:

less

Transcript and Presenter's Notes

Title: Model Checking


1
Model Checking
  • Facts and Fiction

2
Agenda
  • What is Model Checking
  • What can we do
  • What cant we do
  • Where does it make sense
  • Where doesnt it?

3
Origins
  • void foo(int bar)
  • printf("this is")
  • if (bar lt 1)
  • printf("not ")
  • printf("a positive integer")
  • return
  • Is this program correct?
  • How do we find out whether it is correct?
  • Statement coverage 1
  • Condition Coverage 1
  • Path Coverage 2
  • Path coverage is exponential!

4
Problems
  • Specifications in natural language
  • Testing requires manual input definitions
  • Simulation also?
  • How to deal with concurrency?

5
The Model Checking Problem
Does the property P hold in model M ?
6
Properties
  • f0 false
  • f1 false
  • turn 0 // or 1
  • p0 f0 true
  • while f1
  • if turn ? 0
  • f0 false
  • while turn ? 0
  • f0 true
  • //critical section
  • turn 1
  • f0 false
  • Mutual exclusion requires
  • Only one process in the critical section.Safety
  • If a process wants to enter the critical section,
    it eventually will.Liveness

7
Models
  • Model Checkers work on finite state machines.
  • These FSMs should encode the behaviour of our
    system.

8
Model Checking
?
9
Model Checkers
  • SPIN - explicit state, input PROMELAGerard
    Holzmann, http//spinroot.com
  • SMV - symbolic, input SMVKen McMillan,
    http//embedded.eecs.berkeley.edu/Alumni/kenmcmil/
    smv/
  • SATABS - SAT-based predicate abstraction, input
    C-codeDaniel Kroening, http//www.inf.ethz.ch/per
    sonal/daniekro/satabs/

10
Questions?
?
11
Fiction
  • Model Checking can prove that your program is
    correct!

12
Levels of Checking
Requirements
Analysis
Charmy, Hugo/RT
Design
Hugo/RT
SLAM, BLAST, SATABS
Coding
Testing
13
Examples
bit f0,f1 byte mutex / procs in crit.
sect. / byte turn / who's turn is it?
/ define A_TURN 0 define B_TURN 1 active
proctype A() turn B_TURN f0 1
f1 0 (turn A_TURN) mutex /
enter crit. / mutex-- / leave crit. /
f0 0
f0 false f1 false turn 0 // or 1 p0
f0 true while f1 if turn ? 0 f0
false while turn ? 0 f0 true
//critical section turn 1 f0 false
14
WWW
  • Why do we want to verify our system?
  • What do we want to verify?
  • When should we verify it?

15
Building Models
16
Conclusion
  • Model Checking is a tool that can help improve SW
    quality
  • Like every other tool it has its own domain of
    applications
  • You need good judgement to know when it is useful
  • Know what model checking results mean!

17
  • Questions ?
Write a Comment
User Comments (0)
About PowerShow.com