02 - Introduction To Formal Methods - 161215

Introduction to Formal Methods Dr-Ing.
Abderahman KRIOUILE
Contents
• Need for Formal Methods
• Formal Methods Definition
• Formal Modeling
• Temporal logics
• Model Checking
• CADP toolbox
linkedin.com/in/akriouile @A_KRIOUILE Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 2
From Systems to Models

Today: Formal Modeling
to Formal Verification
• Modeling Concurrency
• Finite State Machines (FSM)
• Labeled Transition Systems (LTS)
• Petri Nets
• Process Calculus
Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 3 Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 4
Transformational programs Reactive programs

Input1 Output1
Input Program Output Input2 Program Output2
Input3 Output3
• Sequential behavior • Cyclic behavior

• Normal termination (except error) • Anomalous termination (except error)
• Receive Inputs and respond with Outputs
• Output function of the Input: Output=f(Input)
• Examples:
• Examples: – Operating Systems
– Algorithmic programs (C,C++,Ada, etc.) – Graphical interfaces
Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016 Dr. Abderahman KRIOUILE - Introduction to Formal Methods - ENSIAS 2015/2016
ENSIAS Systèmes Embarqués et Mobiles 2015/2016 1

Introduction to Formal Methods Dr-Ing. Abderahman KRIOUILE
Reactive programs Reactive programs

• The same Input can produce different outputs Input(t)/Output(t)
Stat(t) Stat(t+1)
if the input happens in different moments
• Example:
• Notion of a stat (memory)
– Double clicking a GUI
– Stat(t): the stat of the program at the moment t
– Counter
• Output and current stat
– Output(t+1) = f(Input(t), Stat(t))
– Stat(t+1) = g(Input(t), Stat(t))
• Notion of a transition
Finite State Machines (FSM) Finite State Machines (FSM)
• Start of the Soda Machine FSM Model • Second Phase of the Soda Machine FSM Model
Finite State Machines (FSM) Finite State Machines (FSM)

Labeled Transition Systems (LTS) Labeled Transition Systems (LTS)

• State-transition graph Definition 2.
• no information attached to states (except the initial state) An LTS is a quadruple M = (Q,A,T,q0) where:
• information ("labels" or "actions") attached to transitions – Q is the set of states;
– A the set of actions (transition labels); the set A
contains the invisible action, which denotes
internal (unobservable) activity.
– T = Q × A × Q is the transition relation;
– q0 ϵ Q is the initial state.
Modeling Concurrency Modeling Time

• Synchronous models are good at: modeling • Synchronous models are intrinsically timed,
parallelism between processes that share a because of the existence of a global clock
common clock; describing synchronous circuits; • Asynchronous models are intrinsically
describing a “logical” parallelism that will be
untimed; adding time to an asynchronous
compiled into sequential code;
model requires ad-hoc modifications.
• Asynchronous models are good at: modeling
parallelism when no common clock exists (or
when does not want to rely on the clocks and
their synchronization when developing the SW);
Synchronous Product Asynchronous Product

M1 x M2 M1 x M2
M1 M2 M1 M2
(tM1, tM2)= (0,0)

t=0 0 0 t=0 0 tM1=0 0 0 tM2=0 0
a c
a. c (1,0) (0,1)
a c a c
1 2
b c a d
t=1 1
|| 1 = t=1 1 tM1=1 1
|| 1 tM2=1 = (2,0) (0,2)
3 4 5
b b.d b d
d b d c (1,1) a
t=3 t=3 6 7
2 2 2 tM1=2 tM2=2
2 2 (2,1) (1,2)
d b
8
(2,2)

Asynchronous Product Asynchronous Product

with communication with communication
M1 x M2
M1 M2
M1 M2 M1 x M2
0 0 0
0 a c
0 0
a a c 1 2
a c
1 1
|| 1 = c a
1
||
b=c
1 = b=c
b
b=d
d
3
b=d
2
b d 4
d 2 2
2 2
3
Petri Nets Petri Nets

• First introduced by Carl Adam Petri in 1962. • Example:
• A diagrammatic tool to model concurrency
and synchronization in distributed systems.
• Very similar to State Transition Diagrams.
• Used as a visual communication aid to model
the system behavior. – p0, p1, p2, p3 are called places
• Based on strong mathematical foundation. – t0, t1 are called transitions
– p0 =2 tokens, p1=1 token is the initial marking
Petri Nets Petri Nets Simulation

• A Change of State …
• is denoted by a movement of token(s) (black
dots) from place(s) to place(s); and is caused state 0
props p0 p3
by the firing of a transition. trans t0/1
Equivalent LTS
• The firing represents an occurrence of the state 1
des(0,2,3)
props p1
event or an action taken. trans t1/2
(0,"t0",1)
(1,"t1",2)
• The firing is subject to the input conditions, state 2
0
t0
t1
props p2 p3
denoted by token availability. trans
1
2

02 - Introduction To Formal Methods - 161215

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

02 - Introduction To Formal Methods - 161215

Uploaded by

Copyright:

Available Formats

Introduction to Formal Methods Dr-Ing.

From Systems to Models

Transformational programs Reactive programs

• Sequential behavior • Cyclic behavior

ENSIAS Systèmes Embarqués et Mobiles 2015/2016 1

Reactive programs Reactive programs

Finite State Machines (FSM) Finite State Machines (FSM)

Finite State Machines (FSM) Finite State Machines (FSM)

ENSIAS Systèmes Embarqués et Mobiles 2015/2016 2

Labeled Transition Systems (LTS) Labeled Transition Systems (LTS)

Modeling Concurrency Modeling Time

Synchronous Product Asynchronous Product

(tM1, tM2)= (0,0)

ENSIAS Systèmes Embarqués et Mobiles 2015/2016 3

Asynchronous Product Asynchronous Product

Petri Nets Petri Nets

Petri Nets Petri Nets Simulation

ENSIAS Systèmes Embarqués et Mobiles 2015/2016 4

You might also like