{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

DimitraFMschoolMay2011

# DimitraFMschoolMay2011 - Automating Compositional...

This preview shows pages 1–14. Sign up to view the full content.

Dimitra Giannakopoulou, NASA Ames Automating Compositional Verification

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
collaborators § Corina P ă s ă reanu (CMU / NASA Ames) § and talented students / visitors: Howard Barringer (Univ. of Manchester) Colin Blundell (UPenn) Jamieson Cobleigh (UMass, now MathWorks) Michael Emmi (UCLA) Mihaela Gheorgiu (Univ. of Toronto) Chang-Seo Park (UC Berkeley) Suzette Person (Univ. of Nebraska) Rishabh Singh (MIT)
state-explosion problem

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
compositional verification M 2 M 1 A satisfies P? check P on entire system: too many states! use system ` s natural decomposition into components to break-up the verification task check components in isolation: does system made up of M 1 and M 2 satisfy property P? does M 1 satisfy P?
§ l when we try to pick out anything by itself, we find it hitched to everything else in the universe z John Muir

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
assume-guarantee reasoning l discharge z the assumption 1. A M 1 P 2. true M 2 A true M 1 || M 2 P M 2 M 1 A satisfies P? introduces assumptions / reasons about triples: A M P is true if whenever M is part of a system that satisfies A, then the system must also guarantee P simplest assume-guarantee rule (A SYM ): how do we come up with the assumption?
the weakest assumption [ASE 2002] § given component M, property P, and the interface of M with its environment, generate the weakest environment assumption WA such that: WA M P holds § weakest means that for all environments E: true M || E P IFF true E WA M P WA

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
weakest assumption in AG reasoning true M 1 || M 2 P IFF true M 2 WA in other words: true M 2 holds implies true M 1 || M 2 P holds true M 2 not holds implies true M 1 || M 2 P not holds 1. A M 1 P 2. true M 2 A true M 1 || M 2 P weakest assumption makes rule complete for all E, true M || E P IFF true E
formalisms § components modeled as finite state machines (FSM) – FSMs assembled with parallel composition operator l || z synchronizes shared actions, interleaves remaining actions § a safety property P is a FSM – P describes all legal behaviors in terms of its alphabet – P err complement of P determinize & complete P with an l error z state; bad behaviors lead to error – component M satisfies P iff error state unreachable in (M || P err ) § assume-guarantee reasoning – assumptions and guarantees are FSMs A M P holds iff error state unreachable in (A || M || P err )

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
example Input Output in send ack out Input in send ack Output out send ack require in and out to alternate (property Order) Order err in out in out
parallel composition Input in send ack Output out send ack ||

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
property satisfaction || Order err in out in out Input in send ack crex. 1: (I 0 , O 0 ) out (I 0 , O error ) crex. 2: (I 0 , O 0 ) in (I 1 , O 1 ) send (I 2 , O 1 ) out (I 2 , O 0 ) out (I 2 , O error ) 0 1 2 0 1
assume-guarantee reasoning ||

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
This is the end of the preview. Sign up to access the rest of the document.
• Spring '11
• MartinRinard
• Assumption of Mary, Pallavolo Modena, Sisley Volley Treviso, Associazione Sportiva Volley Lube, Piemonte Volley

{[ snackBarMessage ]}

### Page1 / 43

DimitraFMschoolMay2011 - Automating Compositional...

This preview shows document pages 1 - 14. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online