Introduction to Formal Methods Dr-Ing.

Abderahman KRIOUILE

Contents
• Need for Formal Methods
• Formal Methods Definition
• Formal Modeling
• Temporal logics
• Model Checking
• CADP toolbox

linkedin.com/in/akriouile @A_KRIOUILE Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 2

Process Calculus
• Process refers to a behavior of a system
– execution of a software system
– actions of a machine
– the actions of a human being
• Behavior is the set of events or actions that a
system can perform
– We consider an abstraction or idealization of the
PROCESS CALCULI “real” behavior
– We have an observation of the behavior
• We call action the chosen unit of observation

Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 3 Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 4

Process Calculus Process Calculus

• Called also Process Algebra • Process calculi provide means for a high-level
• Theoretical formalisms used as based for multiple description of interactions, communications,
specification and verification tools
• Examples:
and synchronizations between a set of
– CCS (Calculus of Communicating Systems) [Milner-80, independent components of a concurrent
Milner-89] system
– CSP (Communicating Sequential Processes) [Hoare-85]
– ACP (Algebra of Communication Processes) [Bergstra-Klop-
• Provide laws to describe, manipulate, and
84] analyze processes
– Standard: LOTOS [ISO-88]
– Modern Language: LNT [abrev. LOTOS New Technology]

Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 5 Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 6

ENSIAS Systèmes Embarqués et Mobiles 2015/2016 1

Introduction to Formal Methods Dr-Ing. Abderahman KRIOUILE

Equivalence Automate and Regular

Textual Formalisms (not graphical)
Expression
• In opposition to automata or Petri Nets,
Process calculi have a textual syntax 0
(≈ programs) In LNT:
a
• Advantages: 2 a; select b [] c; d end select; stop
– More expressiveness (structuring) b c
– Scalability (large specification) 3 4

• Disadvantages d
– Less intuitive syntax 5

Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 7 Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 8

Regular Expression Parallel Operator

• Process calculi use 3 operators similar to • Parallel operators are freely combined with
regular expressions: the other operators (choice, sequence, etc.)
– Choice (‘+’ in CCS, ‘[]’ in CSP, ‘select’ in LNT) • In LNT: par G1, …, Gn (≈ ⊗{G1, …, Gn} of automata)
– Sequence (‘.’ in CCS, ‘;’ in CSP and LNT) • Example …
– fixed point(recursive call of processes in CSS and
LNT, ‘loop’ in LNT)

Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 9 Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 10

Asynchronous Product In LNT

M1 x M2
M1 M2 M1 M2

par par
0 0 0 0 0
a c a; b M1
a c a c
1 2
b c a d || ||
1
|| 1 = 1
|| 1 = =
3
b
4
d
5 c; d M2
b d c a b d
6 7 end par end par
2 2 2 2
d b
8

Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 11 Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 12

ENSIAS Systèmes Embarqués et Mobiles 2015/2016 2

Introduction to Formal Methods Dr-Ing. Abderahman KRIOUILE

Asynchronous Product
In LNT
with communication
M1 x M2
M1 M2 M1 M2

0
par b in par b in
0 0 0 0
a c
a; b M1
a c 1 2 a c
|| ||
1
|| 1 = c a 1
|| 1 = =
b 3 b c; b M2
b b b b b
End par End par
2 2 4 2 2

Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 13 Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 14

LNT LNT tutorial: Plan

• A modern formal specification language
• LNT: Language overview
• LNT is intended to be concise, expressive,
easily readable, and user-friendly 1. Modules
• The semantics of an LNT model is defined as 2. Types & Functions
an LTS, following a black box view of the 3. Processes
system

Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 15 Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 16

(1) LNT Modules Sample LNT Modules

• Modules module PLAYER is
– Compilation unit ... file “PLAYER.lnt”
module Team (PLAYER)
– One module = one file end module
(of the same name) is List of imported
modules
– Modules can import …
other modules end module module Team (PLAYER) is
– Principal module ... file “TEAM.lnt”
containing the root end module or (one of
process (“MAIN”) Or “team.lnt”

Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 17 Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 18

ENSIAS Systèmes Embarqués et Mobiles 2015/2016 3

Introduction to Formal Methods Dr-Ing. Abderahman KRIOUILE

(2) LNT Types & Functions Sample LNT Types

• Types & Functions • Enumerated type
type Num is type Weekday is (* LOTOS-style comment *)
– Enumerated type one, two, three Mon, Tue, Wed, Thu, Fri, Sat, Sun
end type
– Record type with "==", "<=" • Record type
– Inductive type end type type Date is ‐‐ ADA‐style comment
date (day: Nat, weekday: Weekday, month: Nat, year: Nat)
– Automatic definition end type
of standard functions • Inductive type
function pi: Real is type Nat_Tree is
leaf (value: Nat),
return node (left: Nat_Tree, right: Nat_Tree)
3.14159265 end type
end function
Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 19 Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 20

(2) LNT Processes

• Processes
– symmetric sequential module hello_world is
composition
– variable assignment,
process MAIN [G:any]
“if-then-else”, “case”, is
“loop”, etc.
– communication:
G (”Hello, world!\n”)
rendezvous with value end process
communication
– parallel composition: end module
“par”
– nondeterministic choice:
“select”

Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 21

ENSIAS Systèmes Embarqués et Mobiles 2015/2016 4