Related software tools - Theoretical and practical tools for validating discrete and real time

2.7.1 SPIN and PROMELA

SPIN [Hol03] is a model checker originally developed at Bell Labs, which aims to provide efficient software verification rather than hardware verification. The tool has been continuously improved for more than 15 years. It is now an open-source software tool. The release used in this work is Version 4.2.5.

SPIN uses PROMELA (a PROcess MEta LAnguage) as its input language. PROMELA allows nondeterminism in order to model real-world behaviors. Each command in PROMELA can be seen as a guarded command [Dij75]. It also supports I/O operations based on Hoare’s CSP language [Hoa85].

In addition to the simulation of behaviors of the system, SPIN can ex- haustively verify the specified correctness properties. The theoretical foun- dation of SPIN for the verification is based on the automata-theoretic ap- proach [VW86]. It can check if a property represented by a Linear time Tem- poral Logic (LTL) formula [Pnu81] is maintained by a system. The system, described in PROMELA, is modeled by finite-state automata. The nega- tion of the LTL formula is modeled by a B ¨uchi automaton [Tho90]. Then the synchronous product of the automata of the system and the property is generated. If the language accepted by the product is empty, the property holds in the system. Otherwise, an error execution (counterexample), which violates the property, is reported. SPIN employs the explicit state model checking technique to do this automata-based verification. The state

space checked during the verification is generated on-the-fly [Pel94] rather than statically. In order to reduce the state space, SPIN adopts a partial order reduction technique [HP94].

Usually, the model of the system is either written in PROMELA directly or translated from the C, Java or other language code into PROMELA programs automatically, e.g. [HP00]. Since version 4, embedded C code can be included into PROMELA models. This is done by five new primitives:

c expr, c code, c decl, c stateand c track. Thus it is possible to verify the implementation (in C) of a system directly.

2.7.2 The Omega library

The Omega library [KMP+95] was developed in C++ for Omega Test, one of two major components of the Omega project at the Computer Science De- partment of the University of Maryland, College Park. The library is used to simplify and verify Presburger formulas. A Presburger formula [KK67] is a formula which only contains affine constraints (either equality constraints or inequality constraints) on integer variables, logical connectives¬,∧and

∨, and quantifiers∃and ∀. The release used in this work is Version 1.2.

2.7.3 DOT

DOT [GN00] is a tool in the Graphviz software package, which was developed originally at AT&T Research and is now an open source software. DOT defines an input format, which is used to describe a directed graph. The description contains the definition, such as name, label and shape, of

nodes and edges. DOT generates a hierarchical layout of nodes and edges of the graph. The layout contains the screen coordinates of each node and each edge from its description. Then the layout can be displayed on the screen either by DOT or other software. DOT can also convert the layout to other known graphic formats. The release used in this work is Version 2.6.

2.7.4 Pascal

Pascal [JWMM91] is an imperative programming language, which was first developed in 1970. It was named after the mathematician and philosopher Blaise Pascal. Pascal is a structured language, which means that the flow of control of a program is structured into standard statements, such asifand

whileconstructs, ideally without gotostatements. It supports scalar variables, such as integer variables and boolean variables, and array variables. It groups a program into procedures, which do not return values, and functions, which return values. The language was originally intended to teach students structured programming. Later it had been broadly used in both teaching and software development. Since new languages, such as C and Java, appeared, Pascal has been adopted less often.

2.7.5 The C Language

The C programming language [KR88] is one of most widely used imperative programming language nowadays, developed in the early 1970s at Bell labs. Since it was used to write the UNIX operating system, it has gained widespread acceptance in software development. C has many sim-

ilar characteristics to those of Pascal. For example, it is structured, it supports many data types similar to Pascal’s, and it supports procedural programs. In this thesis, we only consider the basic statements of C, such as compound statements, assignments, conditional statements, loops, and integer variable definitions. These statements can be translated into Pascal easily and vice versa. For example, “{” and “}” are used in C to delimit the beginning and the end of a block, and are translated into begin and

endin Pascal; assignment operator “=” in C is translated into “:=” in Pas- cal. A statement “if (condition) S1 else S2” in C is translated into “if (condition) then S1 else S2” in Pascal and while statements have the same grammar in both C and Pascal. A variable definition “int v” in C is translated into “var v: integer” in Pascal. However, C also has some features which do not exist in Pascal. GCC [WvH03] is a popular C compiler used in Linux and Unix systems. The GCC release used in this work is Version 3.2.3.

2.7.6 Tcl/Tk

Tcl/Tk [Ous98] stands for the Tool Command Language and the Tool Kit. They were developed originally at the University of California Berkeley, later at Sun, and now at a company whose name is also Tcl. Tcl is a very sim- ple scripting programming language such that a new Tcl programmer who has experience with other programming languages can learn it very quickly and easily. Tk is a tool kit based on Tcl, providing many reusable graphical components to speed up development of graphical user interfaces. Tcl/Tk has been widely adopted to develop software systems. Programs written

in Tcl/Tk are interpreted by the Tcl interpreter to execute. Thus their execution is slower than the execution of those written in C. But, in general, Tcl/Tk is fast enough for interfaces that do not need great speed and its ease of use more than outweighs the loss of speed. The release used in this work is Version 8.4.11.

2.7.7 Lex & Yacc

Lex and Yacc [LMB92] are acronyms for A Lexical Analyzer Generator and Yet Another Compiler-Compiler, respectively. Lex and Yacc are standard tools in Unix systems. Usually they work together. Lex reads an input file which specifies lexical rules, and generates a lexical analyzer in C. The analyzer scans the source code of a program constructed according to the lexical rules, and decomposes the source code into a sequence of lexical tokens. Yacc generates a parser in C which recognizes a grammar composed of the tokens output by the lexical analyzer. Flex [Pax95], a fast scanner generator, is an open source analyzer generator on Linux which is compatible with Lex. The release of Flex used in this work is Version 1.2 and the release of Yacc is Version 1.9.

2.7.8 SML/NJ

SML stands for Standard Meta Language (for short, Standard ML) [MTH90]. SML is a general-purpose programming language. It combines the elegance of functional programming with the effectiveness of imperative programming. SML supports higher-order functions, which accept functions as pa-

rameters and/or return functions as results. It has strong type checking, which can eliminate many bugs at compile time. Another important char- acteristic of SML is that it allows programmers to handle symbolic values very easily.

SML/NJ (Standard ML of New Jersey) is an implementation of a modest revision of the language, SML’ 97 [MTM97]. It was originally developed jointly at Bell Labs and Princeton University, and is now a joint project between researchers at Bell Labs, Princeton University, Yale University, and AT&T Research. Besides packages which implement the SML specification, SML/NJ contains many additional packages, such as ML lex [AMT94], which is a lexical analyzer generator for SML, and ML yacc [TA00], which is a parser generator for SML. ML lex and ML yacc have the same functionali- ties as Lex and Yacc. SML/NJ has been used to develop many large systems, for example, HOL90. The release used in this work is Version 110.0.7.

2.7.9 HOL90

HOL stands for Higher Order Logic. It also represents a family of interac- tive theorem provers. HOL90 [GM93], developed in SML/NJ at Cambridge University, is one member of the family. It was initially used to generate for- mal proofs by man-machine collaboration for the specification and verification of hardware designs. Now it is being applied to many other areas, such as verifying operational semantics of programming languages and distrib- uted algorithms. HOL90 has a built-in simplification library, which is used by PET to simplify Presburger formulas. The release used in this work is Version 10.

2.7.10 Mathematica

Mathematica [Wol03] is developed by Wolfram Research Inc. It calculates many mathematical functions, such as integration formulas and differential equations. Mathematica has a graphical user interface, which allows users to input and edit mathematical functions directly by using either graphical or text commands. It also provides a programming interface, which supports C and Java languages. Users’ programs can call Mathematica through this interface without users’ involvement. The release used in this work is Version 5.1.

In document Theoretical and practical tools for validating discrete and real time systems (Page 47-53)