An Informal introduction to Formal Verification

Similar documents
Reliability Block Diagrams based Analysis: A Survey

COEN6551: Formal Hardware Verification

Formal Verification of Mathematical Algorithms

Performance Analysis of ARQ Protocols using a Theorem Prover

Introduction. Pedro Cabalar. Department of Computer Science University of Corunna, SPAIN 2013/2014

Abstractions and Decision Procedures for Effective Software Model Checking

Intel s Successes with Formal Methods

Model Checking. Temporal Logic. Fifth International Symposium in Programming, volume. of concurrent systems in CESAR. In Proceedings of the

Software Verification using Predicate Abstraction and Iterative Refinement: Part 1

Model Checking: An Introduction

- Introduction to propositional, predicate and higher order logics

Introduction to Model Checking. Debdeep Mukhopadhyay IIT Madras

Price: $25 (incl. T-Shirt, morning tea and lunch) Visit:

A Brief Introduction to Model Checking

Model Checking. Boris Feigin March 9, University College London

CS 267: Automated Verification. Lecture 1: Brief Introduction. Transition Systems. Temporal Logic LTL. Instructor: Tevfik Bultan

Alan Bundy. Automated Reasoning LTL Model Checking

Evaluation and Validation

Ranking Verification Counterexamples: An Invariant guided approach

Formal Reasoning about Systems Biology using Theorem Proving

What are the recursion theoretic properties of a set of axioms? Understanding a paper by William Craig Armando B. Matos

Logic. Propositional Logic: Syntax

State-Space Exploration. Stavros Tripakis University of California, Berkeley

Propositional Calculus - Hilbert system H Moonzoo Kim CS Division of EECS Dept. KAIST

Formalizing Mathematics

FAIRNESS FOR INFINITE STATE SYSTEMS

Chapter 2. Reductions and NP. 2.1 Reductions Continued The Satisfiability Problem (SAT) SAT 3SAT. CS 573: Algorithms, Fall 2013 August 29, 2013

COP4020 Programming Languages. Introduction to Axiomatic Semantics Prof. Robert van Engelen

Logic. Propositional Logic: Syntax. Wffs

COMP3702/7702 Artificial Intelligence Week 5: Search in Continuous Space with an Application in Motion Planning " Hanna Kurniawati"

arxiv: v1 [cs.lo] 7 Dec Department of Electrical and Computer Engineering,

Propositional Logic: Syntax

Last Time. Inference Rules

Formal verification of IA-64 division algorithms

Symbolic Trajectory Evaluation (STE): Orna Grumberg Technion, Israel

Computer Aided Verification

Equalities and Uninterpreted Functions. Chapter 3. Decision Procedures. An Algorithmic Point of View. Revision 1.0

NPTEL Phase-II Video course on. Design Verification and Test of. Dr. Santosh Biswas Dr. Jatindra Kumar Deka IIT Guwahati

Deductive Verification

Lecture Notes on Software Model Checking

Guest lecturer: Prof. Mark Reynolds, The University of Western Australia

NICTA Advanced Course. Theorem Proving Principles, Techniques, Applications. Gerwin Klein Formal Methods

Learning Goals of CS245 Logic and Computation

MODEL CHECKING. Arie Gurfinkel

The LCF Approach to Theorem Proving

Probabilistic Guarded Commands Mechanized in HOL

Proofs Propositions and Calculuses

Logic: Propositional Logic Truth Tables

SAT, NP, NP-Completeness

Predicate Abstraction in Protocol Verification

Formal Reliability Analysis of Combinational Circuits using Theorem Proving

Theorem Proving for Verification

Classical Program Logics: Hoare Logic, Weakest Liberal Preconditions

Agenda. Artificial Intelligence. Reasoning in the Wumpus World. The Wumpus World

PREDICATE LOGIC: UNDECIDABILITY AND INCOMPLETENESS HUTH AND RYAN 2.5, SUPPLEMENTARY NOTES 2

Benefits of Interval Temporal Logic for Specification of Concurrent Systems

Model Checking with CTL. Presented by Jason Simas

Semantic Equivalences and the. Verification of Infinite-State Systems 1 c 2004 Richard Mayr

TESTING is one of the most important parts of the

Logic: The Big Picture

Lecture 2: Symbolic Model Checking With SAT

Double Header. Model Checking. Model Checking. Overarching Plan. Take-Home Message. Spoiler Space. Topic: (Generic) Model Checking

Examples: P: it is not the case that P. P Q: P or Q P Q: P implies Q (if P then Q) Typical formula:

Formal Verification Techniques. Riccardo Sisto, Politecnico di Torino

Temporal Logic. Stavros Tripakis University of California, Berkeley. We have designed a system. We want to check that it is correct.

Formalization of Ray Optics (Highlights)

ESE601: Hybrid Systems. Introduction to verification

Introduction to Embedded Systems

Software Verification

Chapter 1 The Real Numbers

Model Checking, Theorem Proving, and Abstract Interpretation: The Convergence of Formal Verification Technologies

Requirements Validation. Content. What the standards say (*) ?? Validation, Verification, Accreditation!! Correctness and completeness

Axiomatic Semantics. Lecture 9 CS 565 2/12/08

Formalization of Continuous Probability Distributions

ON COMPUTAMBLE NUMBERS, WITH AN APPLICATION TO THE ENTSCHENIDUGSPROBLEM. Turing 1936

Implementing Proof Systems for the Intuitionistic Propositional Logic

Formal Verification of Mobile Network Protocols

Formal Verification. Lecture 1: Introduction to Model Checking and Temporal Logic¹

Overview. Discrete Event Systems Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?

Automated Reasoning and its Applications

Computational Logic and the Quest for Greater Automation

Integrating Induction and Deduction for Verification and Synthesis

Accurate Reliability Analysis of Combinational Circuits using Theorem Proving

CS 275 Automata and Formal Language Theory

Proof Techniques (Review of Math 271)

6. Logical Inference

A brief history of model checking. Ken McMillan Cadence Berkeley Labs

Logic in Automatic Verification

02 Propositional Logic

On-the-Fly Model Checking for Extended Action-Based Probabilistic Operators

CHAPTER 10 Zeros of Functions

Axiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 CSE

Great Theoretical Ideas

Institute for Applied Information Processing and Communications (IAIK) Secure & Correct Systems. Decidability

Zeros of Functions. Chapter 10

Introduction to Turing Machines

Verification. Arijit Mondal. Dept. of Computer Science & Engineering Indian Institute of Technology Patna

Bounded Model Checking with SAT/SMT. Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39

Artificial Intelligence Chapter 7: Logical Agents

CS 275 Automata and Formal Language Theory

Transcription:

An Informal introduction to Formal Verification Osman Hasan National University of Sciences and Technology (NUST), Islamabad, Pakistan

O. Hasan Formal Verification 2 Agenda q Formal Verification Methods, Osman Hasan q Can Formal Logic help with Social Decision Making?, Stephen Arthur Cook q 1982 ACM Turing award for his contributions to complexity theory q Birth of Model Checking, Edmund M. Clarke q Formal Methods Assessment and Perspectives, Joseph Sifakis q Prof. Clarke and Prof. Sifakis are co-recipients of the 2007 ACM Turing Award for their role in developing Model Checking into a highly effective verification technology

O. Hasan Formal Verification 3 Objectives q Formal Verification A sound system analysis technique Soundness: Every statement that is provable is actually true q Why do we need it? q What is it? q How can we apply it for the analysis of real-world systems?

O. Hasan Formal Verification 4 System Analysis q Does the system exhibit the desired behavior? q Mathematically using paper-and-pencil proof methods q Computer Simulations

Paper-and-Pencil Proof Methods q Construct a mathematical model of the system q Mathematically verify that the system exhibits the desired characteristics q Accurate q Scalability q Error-Prone O. Hasan Formal Verification 5

O. Hasan O. Hasan and S. Tahar Formal Verification 6 Simulation or Testing q Construct a computer based model of the system q Analyze the behavior of the system model under a number of test cases to deduce properties of interest

Simulation or Testing Example: Remainder and Quotient Program var x, y, q, r: integer; r := x; q := 0; while y < r do r := r - y; q := q + 1; q Property q r and q represent the remainder and quotient for all values of variables x and y q Test Cases Input (x,y) Output (r,q) Property (23,4) (3,5) True (2,5) (2,0) True (17,3) (2,5) True q Infer: The property is true since it is found to be true for all the test vectors used O. Hasan O. Hasan and S. Tahar Formal Verification 7

Simulation or Testing Example: Remainder and Quotient Program var x, y, q, r: integer; r := x; q := 0; while y < r do r := r - y; q := q + 1; q Testing for (24, 4) q After the fifth iteration, r = 4, q = 5, y = 4, the loop ends and we get (5, 4), which is wrong q Fix: Replace the condition y < r with y r q Testing for (23, -2) q r is always greater than x and thus we have an infinite loop q Fix: Constrain y to have positive values only O. Hasan O. Hasan and S. Tahar Formal Verification 8

O. Hasan O. Hasan and S. Tahar Formal Verification 9 Simulation or Testing q Easy to use q May lead to wrong conclusions q Practically impossible to test for all possible cases when dealing with large systems q Suppose we want to test a 64-bit floating-point division routine. There are 2 128 combinations. q At 1 test/ms, it will take 10 25 years Program testing can be a very effective way to show the presence of bugs, but it is hopelessly inadequate for showing their absence. Edsgar W. Dijkstra

System Analysis Accuracy q Extremely Important Hardware Software O. Hasan Formal Verification 10

O. Hasan O. Hasan and S. Tahar Formal Verification 11 System Analysis Accuracy q Faulty systems can be disastrous q FDIV bug in Intel Pentium (60 Mhz, 90Mhz) q Hardware error in the floating point division unit q Expected precision up to 18 positions q in practice, only 4 positions q Example: q 5505001 / 294911 q wrong answer: 18.66600093 q expected answer: 18.6665197 q Resulted in net loss of approximately US $500M to the company in 1994

O. Hasan Formal Verification 12 System Analysis Accuracy q Faulty systems can be disastrous q Therac-25 q Software Bug in a Cancer Therapy Machine q 3 Deaths and 3 severe injuries between 1985-87

O. Hasan O. Hasan and S. Tahar Formal Verification 13 System Analysis Accuracy q Faulty systems can be disastrous q Mars Polar Lander q Mars Climate Orbiter q Engine shutdown due to spurious signals that gave false indication that spacecraft had landed Mars q Resulted in a loss of US $370M in 1999 q Conversion error from English units to metric units q Resulted in a loss of US $125M in 1999

O. Hasan O. Hasan and S. Tahar Formal Verification 14 System Analysis Accuracy q Faulty systems can be disastrous

Formal Verification q Bridges the gap between Paper-and-pencil proof methods and simulation Paper-and-pencil Proof Methods Formal Verification Simulation q Shares their advantages q As precise as a mathematical proof can be q Computers are used for book-keeping q Not as straightforward to use as testing O. Hasan O. Hasan and S. Tahar Formal Verification 15

O. Hasan O. Hasan and S. Tahar Formal Verification 16 Formal Verification q Construct a computer-based mathematical model of the system (implementation) q Use mathematical methods to check if the implementation satisfies the properties of interest (specifications) in a computerized environment

O. Hasan O. Hasan and S. Tahar Formal Verification 17 Formal Verification Methods q Most widely used techniques q Model Checking q Theorem proving

Model Checking q Typically used for verifying Concurrent Finite- State Systems q Rigorous testing is infeasible due to large number of possible scenarios q Implementation q State-transition Graph q Specifications q Temporal Logic O. Hasan Formal Verification 18

Temporal Logic q Time is modeled as a sequence of states q Atomic formulas associated with each state q Temporal connectives allow us to refer to the future q F: some Future state (Fp) p q X: next state (Xp) p q G: Globally (Gp) p p p p q U: Until (puq) p p p q O. Hasan Formal Verification 19

Model Checking q The verification can be done automatically using rigorous state-exploration methods q Counter Examples q In case of failing properties, counter examples are provided for debugging purposes O. Hasan Formal Verification 20

O. Hasan Formal Verification 21 Model Checking Example: Mutual Exclusion Protocol q Concurrent processes sharing the same file q Each process has a critical section (where the shared file is accessed) q The protocol manages the entry of a process in its critical sections q Formally verify that the protocol allows only one process to enter its critical section at any time

Model Checking Example: Mutual Exclusion Protocol q Model of the Protocol q Two Processes q non-critical state (n) q trying to enter its critical state (t) q its critical state (c) Logic in Computer Science, Ruth & Ryan O. Hasan Formal Verification 22

O. Hasan Formal Verification 23 Model Checking Example: Mutual Exclusion Protocol q Property 1: Only one process is in its critical section at any time q : True Logic in Computer Science, Ruth & Ryan

O. Hasan Formal Verification 24 Model Checking Example: Mutual Exclusion Protocol q Property 2: Whenever any process requests to enter its critical section, it will eventually be permitted to do so q : False q Counter Example: q Fix: FIFO Logic in Computer Science, Ruth & Ryan

O. Hasan Formal Verification 25 Model Checking q Extensively used in verifying q Software q Security Protocols q Telecommunication Protocols q Digital hardware q Analog and mixed signal circuits q Microprocessors q Biological Systems

O. Hasan O. Hasan and S. Tahar Formal Verification 26 Model Checking q Advantages q Automatic (Push button type analysis tools) q No proofs involved q Diagnostic counter examples q Disadvantages q Limited expressiveness q State-space explosion problem q Some commonly used Model Checking Tools q SPIN q NuSMV q PRISM (A probabilistic model checker)

O. Hasan O. Hasan and S. Tahar Formal Verification 27 Theorem Proving S ystem Properties Logic (Function) Logic (Theorem) Theorem Prover Form al proofs of the system properties

Logic q Study of drawing conclusions (reasoning) q Propositional logic Supports statements that can be true or false q First-order logic (Predicate logic) Quantification over variables ( : For all, : there exists) q Higher-order logic Quantification over sets and functions Propositional Logic Less expressive(-) Decidable(+) First-Order Logic Higher-Order Logic Very expressive(+) Undecidable(-) O. Hasan Formal Verification 28

O. Hasan O. Hasan and S. Tahar 29 Formal Verification 29 Theorem Prover q A theorem prover consists of q A notation (Syntax) q A small set of fundamental axioms (facts) Example: ( A) A q A small set of deduction rules Example: Given (A B) and A, we can deduce B q Soundness is assured as every new theorem must be created from q The basic axioms and primitive inference rules q Any other already proved theorems (Theory Files)

Theorem Proving - Example: Natural Log of Product val LN_MUL = store_thm("ln_mul", (--` x y. 0 < x 0 < y (ln (x * y) = ln x + ln y)`--), REPEAT GEN_TAC THEN STRIP_TAC THEN ONCE_REWRITE_TAC[GSYM EXP_INJ] THEN REWRITE_TAC[EXP_ADD] THEN SUBGOAL_THEN (--`&0 < x * y`--) ASSUME_TAC THENL [MATCH_MP_TAC REAL_LT_MUL THEN ASM_REWRITE_TAC[], EVERY_ASSUM(fn th => REWRITE_TAC[ONCE_REWRITE_RULE[GSYM EXP_LN] th])]); [EXP_INJ] x y. (exp x = exp y) (x = y) [EXP_ADD] x y. exp (x + y) = exp x * exp y [EXP_LN] x. (exp (ln x) = x) 0 < x O. Hasan Formal Verification 30

Theorem Proving q Formalization of Classical Mathematical Theories q Multivariable analysis q Euclidian Geometry q Probability q Information q Fractional Calculus O. Hasan O. Hasan and S. Tahar Formal Verification 31

O. Hasan O. Hasan and S. Tahar Formal Verification 32 Theorem Proving q Some Significant Formally Verified Theorems q Gödel's Incompleteness Theorem q The Impossibility of Trisecting the Angle and Doubling the Cube q Euler's Generalization of Fermat's Little Theorem q Fundamental Theorem of Integral Calculus q De Moivre's Theorem q Feuerbach's Theorem q The Solution of a Cubic q Minkowski's Fundamental Theorem q Pick's Theorem q Cramer's Rule

Theorem Proving q System Analysis q Compilers q Floating-point algorithms q Digital Signal Processing systems q Optical systems q Wireless sensor networks q Kinematic Analysis of Robots O. Hasan O. Hasan and S. Tahar Formal Verification 33

Significance of Assumptions q May be guessed q We all know that Probabilities need to be in the interval [0,1] q Not very straightforward q Theorem cannot be verified except these Theorem: Repairability of Stuck-at Faults a b w. (0 a) (a 1) (0 b) (b 1) ( n. (0<w(n)) (w(n)<(a+b) ) ) n (lim λ n. 1 w(n) = 0 ) (lim (λn. P{ s (fst (num_of_faults n a b w s) ) (a+b)n}) = 1) O. Hasan Formal Verification 34

O. Hasan O. Hasan and S. Tahar Formal Verification 35 Theorem Proving q Advantages q High expressiveness q No risk of mistakes (human errors) q Some parts of the proofs can be automated q Disadvantages q Detailed and explicit human guidance required for verifying realworld systems q The state-of-the-art is limited q Theorem Proving Tools q ACL2 (First-order Logic) q Coq (Higher-order Logic) q HOL (Higher-order-logic)

O. Hasan Formal Verification 36 Objectives q Formal Verification q Why do we need it? Exact Answers (Useful for the analysis of Safety-critical systems) q What is it? Mathematically reason about properties of a system using a computer-based tool q How can we apply it for the analysis of real-world systems? Mathematically model the system (Implementation) Mathematically model the desired properties (Specification) Use tool support to mathematically prove that the specification holds for your implementation

Conclusions q Formal Verification is not an alternative to simulation q Both techniques have to play together for a successful analysis framework q Less critical sections of the system q Simulation/Testing q Critical sections of the system that can be expressed as a FSM q Model Checking q Critical sections of the system that cannot be handled by Model Checking q Theorem Proving O. Hasan Formal Verification 37

O. Hasan Formal Verification 38 Thanks! q For More Information q Visit our website http://save.seecs.nust.edu.pk q Contact osman.hasan@seecs.nust.edu.pk

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback