• No results found

A Classification of Model Checking-based Verification Approaches for Software Models

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "A Classification of Model Checking-based Verification Approaches for Software Models"

Copied!
22
0
0

Loading.... (view fulltext now)

Download now ( 22 Page )

Full text

(1)

A Classification of Model Checking-based Verification

Approaches for Software Models

Petra Brosch, Sebastian Gabmeyer, Martina Seidl

(2)

Background

Motivation

Why are we doing this?

• Existing Surveys focus on model transformations

Broaden Scope: Verification approaches for software models

Software models = formal, abstract representation of software

Actually: plethora of different verification approaches

• > 70 different papers

Points of Interest

• Influences from techniques used to verify hardware & software

• Any new techniques?

• Successful in practice? – Difficult due to availability of tools

(3)

Contributions

Classification of Verification Approaches for Software Models

Restricted to Model Checking based approaches

1.

Feature Model

(in the style of Czarnecki and Helsen)

• Advantages: flexible, sufficiently expressive, easily extensible

2.

Classification of five verification approaches

(4)

Feature Model

Main Features

1.

Verification Goal

Aim of the verification, e.g., inter-model consistency

2.

Verification Technique

Model Checking, Theorem Proving, Static Analysis

3.

Specification Language

Formalism used to define interesting properties of the system

4.

Domain Representation

Representation used by the user to create the software models

5.

Verification Representation

(5)

Verification Goal

Goals

Consistency

Intra-model vs. Inter-model

Translation Correctness

Source/Target Correctness

Transformation Correctness

Behavioral Correctness

Specified by Operation Contracts

Specified by Transformations

(6)

Consistency

Verification Goal

Intra-Model Consistency

Example:

1. 1x Metamodel

2. 1x Set of Constraints (e.g.: OCL)

Q: Does there exist an instance model

conforming to the metamodel that satisfies

all the constraints?

Inter-Model Consistency

Example:

1. 1x Model being the Specification

2. ≥1 Model being the Implementation

(7)

Translation Correctness

Verification Goal

Goal: Assert that Model A is translated correctly into Model B

Source/Target Correctness

Q: Is the Target a correct image of the Source?

Example – Narayanan et al.:

State Charts to Extended Hybrid Automata: verify if all states reachable in the SC are reachable in the EHA

Transformation Correctness

Q: Does the Transformation produce a correct Model B?

Does the Transformation terminate?

Is the Transformation confluent?

Example – Buettner et al.:

(8)

Behavioral Correctness

Verification Goal

Goal: Does the software described by a model behave as specified?

Examples:

Dining Philosophers

• Model: Philosopher + Table + Forks

Specify: “Every philosopher will eat some time”

Users printing over a shared printer

• Model: User + Printer

Specify: “No two users can print at the same time”

Behavior can be described either by

Operation contracts

consist of pre and post conditions

Transformations

(9)

Verification Technique

Theorem Proving

• Interactive: Guided by the modeler

• Automatic: CSP, SAT (modulo theories)

Static Analysis

• Sound over-approximation of the real system • Example: Constant Propagation

Model Checking

• Automatic, exhaustive testing of all possible “states” of the implementation int a,b = 100; int t = 0; while (a > 0) do a := a – 1; if (a < 51) then t := a; a := b; b := t; fi od

States are triples of <a,b,t> Init: <100,100,0>

<99,100,0>, …, <50,100,0>, <50,100,50>, <100,100,50>, <100,50,50>, …, <0,50,50> Representation

(10)

Idea behind Model Checking

Verification by Model Checking

Generate the state space:

1. Initialize the state space to the initial model

2. Apply all applicable transformations currently in the state space

3. Repeat Step 2 until no more states are added to the state space

Then: Check if the specification holds in S, e.g., EG φ

φ

φ

(11)

Model Checking

Verification Technique

Distinguish approaches by

State Space Representation: Enumerative vs. Symbolic

Property Types

Reachability: “Can we reach a state from the initial state s.t. property P

holds?”

Safety: “Nothing bad happens” , e.g., “No two users print at the same time”Liveness: “Something good will eventually happen”, e.g., “Every philosopher

(12)

Specification Language

A property specifies desirable/undesirable system states

First Order Logic

Temporal Logic: LTL, CTL, CTL*,…

“From every state it is possible to return to the initial state”

Rewriting Logic

search <P : Philosopher | state : thinking> =>1 <Q : Philosopher | _>

Automata

“There exists a trace to a state such that b always holds”

OCL

(13)

Domain Representation

Domain Representation – used by the modeler

Graphs

OMG-related: MOF (Ecore), UML, QVT, OCL

DSLs , e.g., ATL+Ecore

(14)

Verification Representation

Verification Representation – used by the verification engine

Algebraic Terms

Transition Systems

• LTS, GTS, Petri Nets

(15)
(16)

GROOVE

Verifies the behavioral correctness of OO systems

Based on Graph Transformation Theory

Uses its own Model Checker

State Space:

User provides initial model

User provides a set of transformations that define the behavior

GROOVE builds the state space by

• applying the transformations to the initial graph

• then: applies the transformations to all resulting graphs

• stops when no more graphs can be added (or keeps on going indefinitely)

Each graph represents a state

Each transition corresponds to the application of graph transformation

Result: Graph Transition System (GTS)

(17)

Classifying GROOVE

Verification Goal

Behavioral Correctness

Behavior specified by

Transformation

Verification Technique

Model Checking

•Enumerative

•Reachability, Safety,

Liveness

Specification Language Temporal Logic

CTL

Domain Representation Graphs

Verification

(18)

HUGO

Verifies the consistency between multiple UML State Charts and

Sequence Diagrams

SDs = Specification

SCs = Implementation

Derive Interaction Automaton from SDs

Message Traces

Uses SPIN model checker

Translate Interaction Automaton and SCs into Promela

Verifies safety properties

Specified by LTL

(19)

Classifying HUGO

Verification Goal

Consistency

Inter-Model

Verification Technique

Model Checking

•Enumerative

•Safety

Specification Language Temporal Logic

LTL

Domain Representation UML

Verification

(20)

Conclusion

Survey of Verification Approaches for Software Models

Feature Model

• Verification Goal

• Verification Technique: restricted to Model Checking

• Specification Language

• Domain Representation

• Verification Representation

Classification of existing approaches

(21)
(22)

Thank you for attention!

Visit our website at

References

Download now ( PDF - 22 Page - 2.38 MB )

Related documents

Modular Software Model Checking For Distributed Systems

Existing technique displays the idea of cache based model checking, which focuses on checking a single process in a distributed framework.. An arrangement of methodologies, based

On the use of probabilistic model-checking for the verification of prognostics applications

We have identified two possibilities to verify prognostics models using probabilistic model-checking: (a) specify the prognostics algorithm using a state-based

Software Model Checking Extracting Verification Models from Source Code

Each verification run initiated through these web-pages always starts with the model extraction process, i.e., it starts with the call processing source code in C from the

Computer Aided Verification of Relational Models by Strategic Rewriting

Keywords: Models verification, Symbolic execution; Abstract model verification; Extended static checking; Strategic term rewriting..

Checking RTECTL properties of STSs via SMT-based Bounded Model Checking

We have proposed an SMT-based BMC verification method for model checking RTECTL properties interpreted over the simply-time systems that are generated for simply-timed automata

Teaching Software Model Checking

In this paper, we introduce the curriculum design of software model checking, which is part of a larger education program that addresses several issues in software engineering

tutorial: hardware and software model checking

although formal verification methods have been in widespread use at Intel for several years, sequential formal verification (using model checking) has seen its first wide

Runtime Probabilistic Model Checking Based on Incremental Method

we propose a runtime probabilistic model checking based on incremental method, which applies the ideal of incremental verification to reuse the calculated value of the previous