Patterns in property specifications for finite-state verification
George Avrunin1999, Proceedings of the 21st …
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
cess support for formal methods. Model checkers and other finite-state verification tools allow developers to detect certain kinds of errors automatically.
Related papers
Property specification patterns for finite-state verification
Proceedings of the second …, 1998
Finite-state verification (e.g., model checking) provides a powerful means to detect errors that are often subtle and difficult to reproduce. Nevertheless, the transition of this technology from research to practice has been slow. While there are a number of potential causes for reluctance in adopting such formal methods in practice, we believe that a primary cause rests with the fact that practitioners are unfamiliar with specification processes, notations, and strategies. Recent years have seen growing success in leveraging experience with design and coding patterns.
FORMAL VERIFICATION OF FINITE STATE MACHINES
VDAT 2002, 2002
The classical methods of design verification of a digital design had been simulation and testing. Due to constraint of time, simulation based testing approaches use only a small sub set of input patterns whereas formal verification allows all input combinations to be taken into consideration. Model checking is one of the approaches of formal verification. The design description, modeled using the model verifier script, allows specification of some properties of the design using temporal logic. A synchronous sequential design can always be described as a finite state machine (FSM)
Comparing finite-state verification techniques for concurrent software
1999
Finite-state verification provides software developers with a powerful tool to detect errors. Many different analysis techniques have been proposed and implemented, and the limited amount of empirical data available shows that the performance of these techniques varies enormously from system to system. Before this technology can be transferred from research to practice, the community must provide guidance to developers on which methods are best for different kinds of systems. We describe a substantial case study in which several finite-state verification tools were applied to verify properties of the Chiron user interface system, a real Ada program of substantial size. Our study provides important data comparing these different analysis methods, and points out a number of difficulties in conducting fair comparisons of finite-state verification tools.
Tool-supported program abstraction for finite-state verification
2001
Numerous researchers have reported success in reasoning about properties of small programs using finite-state verification techniques. We believe, as do most researchers in this area, that in order to scale those initial successes to realistic programs, aggressive abstraction of program data will be necessary. Furthermore, we believe that to make abstractionbased verification usable by non-experts significant tool support will be required.
Practical Programming, Validation and Verification with Finite-State Machines: a Library and its Industrial Application
Finite-state machines (FSMs) are among the oldest models employed in the formalization and analysis of both software and hardware. Owing to their simplicity, there exist various implementations to support their practical application in mainstream programming languages. Through such software libraries, programmers can explicitly define states, events and transitions in order to delegate the machine's execution to an underlying engine. However, as far as we know, no such library provides formal verification capabilities alongside its execution engine. That is to say, once an FSM is defined, the resulting program cannot be used as a formal specification to be subject to formal verification , thereby not making the analytical tractability of FSMs available. Formal verification, if any, is conducted in an independent model separate from the program, thus duplicating the information and creating the possibility of discrepancies between both. In this paper we show how to overcome this limitation. To this end, we present the Verum library, which allows the specification, execution and verification of FSMs in the Ruby language, largely bypassing the need to explicitly employ an additional modeling language. Formal verification is achieved by automatically translating the source program of the FSM into a Timed Automaton (TA) specification for the UPPAAL model checker. To illustrate the value of the approach, we present the industrial problem which inspired the creation of this tool and is currently using it, namely, a payment system. Besides the technical aspects of the tool, a number of practical lessons learned with this application are explored. Although we describe very concrete artifacts and applications, the overall approach is quite general.
An Expressive Verification Framework for State/Event
Specification languages for concurrent software systems need to combine practical algorithmic efficiency with high expressive power and the ability to reason about both states and events. We address this question by defining a new branching-time temporal logic SE-AΩ which integrates both state-based and action-based properties. SE-AΩ is universal, i.e., preserved by the simulation relation, and thus amenable to counterexample-guided abstraction refinement. We provide a model-checking algorithm for this logic, and describe a compositional abstraction-refinement loop which exploits the natural decomposition of the concurrent system; the abstraction and refinement steps are performed over each component separately, and only the model checking step requires an explicit composition of the abstracted components. For experimental evaluation, we have integrated the presented algorithms in the software verification tool MAGIC, and determined a previously unknown race condition error in a piece of an industrial robot control software. sets Ω of ω-regular path operators. A subtle property of AΩ is the monotonicity of the path operators: the semantics guarantees that the extended path operators cannot be used to implicitly define negation. While this property comes for free with the standard temporal path operators, its presence is crucial for obtaining extended universal branching logics. Such logics are preserved by simulation, and are therefore amenable to existential abstraction .
Verification of Automatically Generated Pattern-Based LTL Specifications
10th IEEE High Assurance Systems Engineering Symposium (HASE'07), 2007
The use of property classifications and patterns, i.e., high-level abstractions that describe common behavior, have been shown to assist practitioners in generating formal specifications that can be used in formal verification
Validation and Verification of Software Design Using Finite State Process
2002
This thesis aims to evaluate the effectiveness, at eliminating errors from a design specification, of a formal language (Finite State Process) automated verification tool (Labelled Transition System Analyser). The language FSP is used to model the problem domain (a version of the Lift Problem), based on a provided specification that was refined with a validation-led methodology. The validationled model is translated (mapped) to a finite state domain wherein we test this new model for errors in the translation, for errors in the understanding of the initial requirements, and for faults in the concurrency properties of the identified cooperating entities. Exposition of errors drives their resolution. The resolution of errors gives rise to an evolutionary corrected model. The corrected model is then used as a specification for input to Implementation phases of software engineering, or, the corrected model may be used as input back to the client as text descriptions.
State Identification and Verification using a Model Checker
This paper presents a method for the application of model checking, i.e. verifying a finite state system against a given temporal specification, to the problem of generating test inputs. The generated test inputs allow state characterization, i.e. the identification and verification of internal states of the software under test by observation of the input/output behavior only. A test model is derived semiautomatically from a given state based specification and the testing goal is specified in terms of temporal logic. On the basis of these inputs, a model checking tool performs the testing input generation automatically. In consequence, the complexity of our approach is depending on the input model, the testing goal, and the applied model checking algorithm. The presented approach can be adapted with small changes to other model checking tools. It is a capable test generation method, whenever a state based behavioral specification of the software under test exists. Furthermore, it provides a descriptive view on state based testing, which may be beneficial in other contexts, e.g. education and program comprehension.
Formal Verification of Concurrent Systems via Directed Model Checking Abstract
2006
Model checking suffers from the state explosion problem, due to the exponential increase in the size of a finite state model as the number of system components grows. Directed model checking aims at reducing this problem through heuristic-based search strategies. The model of the system is built while checking the formula and this construction is guided by some heuristic function. In this line, we have defined a structure-based heuristic function operating on processes described in the Calculus of Communicating Systems (CCS), which accounts for the structure of the formula to be verified, expressed in the selective Hennessy-Milner logic. We have implemented a tool to evaluate the method and verified a sample of well known CCS processes with respect to some formulae, the results of which are reported and commented.
Related papers
An efficient tool for system-level verification of behaviors and temporal properties
1993
In this paper the use of Process Algebras is advocated as a solution for system-level description of structure, communication and behavior, while an action-based Temporal Logic is used to specify and check system-level properties. It is shown how SEVERO, a tool for describing and verifying finite state systems, can be used to integrate in the unified framework of symbolic manipulations both descriptive and prescriptive aspects. Experimental results show the efficiency of the BDD-based implementation of the proof procedures.
Linking a state-rich process algebra to a state-free algebra to verify software/hardware implementation
… of the 8th International Conference on …, 2010
Towards model checking of finite state machines extended with memory …
G. Antoniou, N. Mastorakis, & O. Panfilov (Eds.)
Abstract: - Model checking is a successful verification technique for models expressed as finite state machines (FSM). Although FSM are able to describe the control part of a system, they lack the ability to efficiently describe data. As a consequence, FSM are not suitable to model ...
Towards model checking of finite state machines extended with memory through refinement
2001
Abstract:-Model checking is a successful verification technique for models expressed as finite state machines (FSM). Although FSM are able to describe the control part of a system, they lack the ability to efficiently describe data. As a consequence, FSM are not suitable to model several systems, which include complex data structures.
An improvement in formal verification
1994
Critical safety and liveness properties of a concurrent system can often be proven with the help of a reachability analysis of a finite state model. This type of analysis is usually implemented as a depth−first search of the product state−space of all components in the system, with each (finite state) component modeling the behavior of one asynchronously executing process. Formal verification is achieved by coupling the depth−first search with a method for identifying those states or sequences of states that violate the correctness requirements.
Uniform approaches to the verification of finite state systems
State University of New York at Albany, Albany, NY, 1997
Given the increasing size and complexity of modern computing systems, the formal veri cation of hardware designs and distributed protocols has been gaining importance. Research in formal veri cation mainly involves the following activities : development of appropriate models for capturing essential aspects of systems; design of speci cation formalisms for describing desirable properties; development of algorithmic techniques to establish the conformance of systems to the desired properties; and analysis of the complexity of algorithmic problems arising in these contexts. The contributions of thesis are mainly in the last two of these areas, the main emphasis being on the development of uniform techniques.
Automated Verification of Specifications with Typestates and Access Permissions
Electron. Commun. Eur. Assoc. Softw. Sci. Technol., 2012
We propose an approach to formally verify Plural specifications of concurrent programs based on access permissions and typestates, by model-checking automatically generated abstract state-machines. Our approach captures all possible relevant behaviors of abstract concurrent programs implementing the specification. We describe the formal methodology employed in our technique and provide an example as proof of concept for the state-machine construction rules. We implemented the fully automated algorithm to generate and verify models as a freely available plug-in of the Plural tool, called Pulse. We tested Pulse on the full specification of a Multi Threaded Task Server commercial application and showed that this approach scales well and is efficient in finding errors in specifications that could not be previously detected with the Data Flow Analysis (DFA) capabilities of Plural.
Method of analysing extended finite-state machine specifications
Computer Communications, 1990
Beh et Sarikaya, Vassilios Koukoulidis and Gregor V Bochmann* develop a technique for self-consistency analysis of complex protocol/service specifications Formal specifications are the basis for automated verification and implementation in communication software. The paper gives a method of dynamic analysis for modular specifications which is based on symbolic execution and reachability analysis. Symbolic execution is a technique for static analysis and applied first to the specification. It is effective in detecting syntactic and semantic errors. A form of reachability analysis, called limited reachability, is used to dynamically analyse the intermodule communication. It has two applications: combining modules and detecting any errors in intermodule communication. The technique is first applied to the specifications in a nondeterministic finite-state machine model and then applied to an extended finite-state machine model for which two standard formal description languages exist.
Arrangements of Finite-state Machines - Semantics, Simulation, and Model Checking
Proceedings of the 1st International Conference on Model-Driven Engineering and Software Development, 2013
We propose a contrasting approach to the main stream direction that UML and STATEMATE have recently taken when using finite-state machines (FSMs) to model behaviour. That is, rather than the event-driven model that is currently dominant, we suggest to adopt a model of time, a synchronous model. We do support concurrency in our arrangements of FSMs but eliminate the sources of unpredictable threads of execution. Currently, such capacity of the dominant semantics actually results in the need to create many language constructs to regulate threads that, in many cases, even result in imprecise semantics, hampering their use for model-driven development (MDD). By allowing transitions to only be labeled by statements of logic and by executing the machines with an offline schedule, we obtain a simpler language, with less burden for the developer. This creates far reaching potential for accompanying tools, such as integrated development environments, simulators, and even formal verification through model-checking. Model-checking is of particular importance as MDD becomes ubiquitous. Model-checking is possible for our FSMs as we do not need to consider all possible combinations of progress of each of the many threads that the event-driven alternative requires.
Model-Checking Large Finite-State Systems and Beyond
Lecture Notes in Computer Science, 2007
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.