6.5.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof....

6.5.2008

Formal Methods of Systems SpecificationLogical Specification of Hard- and Software

Prof. Dr. Holger SchlingloffInstitut für Informatik der Humboldt Universität

and

Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik

http://www.hu-berlin.de/index.html

6.5.2008 Slide 2H. Schlingloff, Logical Specification

Boolean Normal Forms

•DNF, CNF, NAND-, NOR-normal form (p|q)=(p¬q); ¬p=(p|p); (pq)=(p|¬q) used for gate arrays

•Algebraic normal form XOR of conjunction of (positive) propositions

• later: tree normal forms (ordering of propositions)


Boolean Modelling of Reactive Systems

• (Parallel) transition systems, shared variables programs shared variables program (V,D,T,s0)

- V=(v1,…,vn) is a set (sequence) of program variables

- D=(D1,…,Dn) is a tuple of corresponding finite domains Di={di1,…,dim}

- TDD is a transition relation, and- s0 = (d11,…,dn1) is the initial state

•Propositional representation of programs T=((request=true)(state=ready)(state‘=busy))

•Representation of non-boolean domains?


Binary Encoding of Domains

• Any variable on a finite domain D can be replaced by log(D) binary variables similar to encoding of data types by compilers e.g. var v: {0..15} can be replaced by

var v1,v2,v3,v4: boolean(0=0000, 1= 0001, 2=0010, 3=0011, ..., 15=1111)

• State space still in the order of original domain! e.g. three int8-variables can have 224=108 states e.g. array of length 10 with 10-bit values 1030

states

• Representation of large sets of states?


Representation of Sets


Ordered Tree Form

•Normal form for propositional formulas

•Uses only the connective Ite

•Linear ordering on the set of propositions e.g., most significant bit first

•Shannon expansion


Truth table and tree form formula

Reduction: Replace Ite (v,ψ,ψ) by ψ


Abbreviations

• Introduce abbreviations

•maximally abbreviated


Binary Decision Trees (BDTs)

•Binary decision tree

•Elimination ofisomorphic subtrees(abbreviations)


Binary Decision Diagrams (BDDs)

• Elimination ofredundant nodes(redundant subformulas) Ite (v,ψ,ψ) by ψ


A Toy Example

• How many states are reachable?

• How to check whether a given state is reachable?


Coding in nuSMV


Coding in SMV (cont.)

• SMV quickly finds a solution (rrddlluurrddlluurrddlluurrdd)


Another Toy Example

• gibts vielleicht noch besser (color)


Verification Model of Shift Register


Non-toy Examples

•Software verification: Correctness of aerospace and train computers, automobile controllers, nontrivial search problems, ...

•Hardware verification: ALUs, PLAs, memory controllers, complete chip design, ...

•For safety-critical systems formal validation is mandatory, for widely deployed systems highly recommended


Calculation of BDDs


The Influence of Variable Ordering

• Heuristics: keep dependent variables close together!


Transitive Closure

• Each finite (transition) relation can be represented as a boolean formula / BDD

• The transitive closure of a relation R is defined recursively by

• Thus, transitive closure be calculated by an iteration on BDDs

• Logical operations (, , ) can be directly performed on BDDs


Reachability

•State s is reachable iff s0R*s, where s0S0 is an initial state and R is the transition relation

•Reachability is one of the most important properties in verification most safety properties can be reduced to it in a search algorithm, is the goal reachable?

•Can be arbitrarily hard for infinite state systems undecidable

•Can be efficiently calculated with BDDs


• Intuitively, xR*y iff there is a sequence w0 w1 ... wn of nodes connecting x with y

In a finite model, this sequence must be smaller than the number of states.

In practice, usually a few dozen steps are sufficient

6.5.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof....

Documents

Transcript of 6.5.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof....