SS 2018 Software Verification Model Checking

Präsentation zum Thema: "SS 2018 Software Verification Model Checking"—  Präsentation transkript:

1 SS 2018 Software Verification Model Checking
Prof. Dr. Holger Schlingloff 1,2 Dr. Esteban Pavese 1 (1) Institut für Informatik der Humboldt Universität (2) Fraunhofer Institut für offene Kommunikationssysteme FOKUS

2 Hallo! Mein Name ist Holger Schlingloff
Ich bin Professor am Institut für Informatik Themen: Spezifikation, Verifikation & Testtheory Ich arbeite auch bei der Fraunhofer Gesellschaft Fraunhofer Institut für Offene Kommunikations- Systeme (FOKUS) Mehr finden Sie unter …

3 Worum geht‘s ... Software für sicherheitskritische Systeme
Flugzeuge, Bahnsignalisierung, Airbags, … Methoden der Verifikation „automatisierte Korrektheitsbeweise“ Modellprüfung (Model Checking) Temporale Logik von Programmen

4 Organisatorisches Ziele: Kenntnisse über den praktischen Einsatz von Methoden und Werkzeugen zur Software-Verifikation Umfang: 4SWS VL, 2SWS Ü VL: Di und Do 9-11 in Rud26, 1307 Ü: Di 11-13, Beginn 9 ECTS-Leistungspunkte = 270 Stunden = 20 Stunden pro Woche Hausaufgaben: Werkzeugeinsatz & praktische Beispiele eigene Präsentation von Lösungen erforderlich! Klausur oder mündliche Abschlussprüfung Materialien werden nach der VL verfügbar gemacht Moodle, Webseite, ... Sprache „teilweise Englisch“

5 Welcome to the class! Contents:
Automated verification methods for (embedded) software (and hardware) for safety-critical applications temporal logic: expressivity, complexity model checking: theory and practice verification of real-time systems probabilistic verification multi-agent systems software model checking

6 A First Example (Hardware)
gibts vielleicht noch besser (color)

7 Verification Model of Shift Register

8 Correctness Properties
checked for n=32 in less than a second

9 Literature E.M. Clarke, H. Schlingloff: Model Checking. Chapter 21 in Alan Robinson and Andrei Voronkov (eds.), Handbook of Automated Reasoning; Elsevier Science Publishers B.V., pp (2000) E.M. Clarke,O. Grumberg, D. Peled: Model Checking. MIT Press (2000) C. Baier, J.-P. Katoen: Principles of Model Checking. MIT Press (2008) B. Bernard, M. Bidoit, A. Finkel, F. Laroussinie, A. Petit, L. Petrucci, P. Schnoebelen: Systems and Software Verification: Model-Checking Techniques and Tools. Springer (2001, 2010)

10 Plan for the Summer Introduction Modeling of systems Temporal logics
Model checking algorithms Symbolic representations Abstraction and refinement Real time model checking Probabilistic model checking Software model checking Parallel program checking Multi-agent systems

11

12 Propositional Logic A formal specification method consists of three parts syntax, i.e., what are well-formed specifications semantics, i.e., what is the meaning of a specification calculus, i.e., what are transformations or deductions of a specification Propositional logic: probably the first and most widely used specification method dates back to Aristotle, Chrysippus, Boole, Frege, … base of most modern logics fundamental for computer science

13 Syntax of Propositional Logic
Let Ρ be a finite set {p1,…,pn} of propositions and assume that ,  and (, ) are not in Ρ Syntax PL ::= Ρ |  | (PL  PL) every p is a wff  is a wff („falsum“) if  and  are wffs, then () is a wff nothing else is a wff

14 Remarks Ρ may be empty Minimalistic approach still a meaningful logic!
infix-operator  necessitates parentheses other connectives can be defined as usual ¬ ≙ (  ) (linear blowup!) Τ ≙ ¬ () ≙ (¬) () ≙ ¬(¬¬) ≙ ¬(¬) () ≙ (()()) (exponential blowup!) operator precedence as usual literal = a proposition or a negated proposition

15 Exercise Write ((pq)  ¬p) unabbreviated Abbreviations
¬ ≙ (  ) also ~ Τ ≙ ¬ () ≙ (¬) also (+), (|), (v) () ≙ ¬(¬¬) ≙ ¬(¬) also (*), (&), (^) () ≙ (()()) also ( <-> ), (<=>) Write ((pq)  ¬p) unabbreviated

16 Choice of the Signature
Te set Ρ={p1,…,pn} of propositions is also called the signature of the logic The choice of Ρ often is the decisive abstraction step for modelling a system it determines which aspects are “accessible” to the specification Wittgenstein: “die Welt ist alles was der Fall ist”; the world consists of all true propositions e.g., sun-is-shining, pot-on-stove, line-busy, button_pressed, window5infocus, motor-on, … names should be chosen with consideration

17 Semantics of Propositional Logic
Propositional Model Truth value universe U: {true, false} Interpretation I: assignment Ρ ↦ U Model M: (U,I) Validation relation ⊨ between model M and formula  M ⊨ p if I(p)=true M ⊭  M ⊨ () if M ⊨  implies M ⊨  M validates or satisfies  iff M ⊨   is valid (⊨) iff every model M validates   is satisfiable (SAT()) iff some model M satisfies 

18 Puzzle Example: Ivor Spence’s Sudoku
SuDoku Puzzle as a Satisfiability Problem

19 How Does He Do It? Propositional modelling (e.g., for the 9*9 grid)
9 propositions per cell: proposition “ijk” indicates that row i, column j contains value k individual cell clauses each cell contains exactly one value (ij1 v ij2 v … v ij9) ^ ~(ij1 ^ ij2) ^ … ^ ~(ij8 ^ ij9) row and column clauses each row i contains each number, exactly once (i11 v … v i91) ^ (i12 v … v i92) ^ … (i19 v … v i99) j1 j2, k=1..9: ~(ij1k ^ ij2k) same for columns block clauses – similar pre-filled cells – easy SAT solving 729 propositions, ca clauses  few seconds