1 / 33

Design and implementation of embedded formal verification assistants in the .NET framework

Design and implementation of embedded formal verification assistants in the .NET framework. Ondrej Rysavy Brno University of Technology, CZ Rotor RFP II Capstone Workshop September 19-21, 2005 @ Redmond, US. Overview. Motivations Goals and the Scope Container-Concept-Algorithms approach

diza
Download Presentation

Design and implementation of embedded formal verification assistants in the .NET framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Design and implementation of embedded formal verification assistants in the .NET framework Ondrej Rysavy Brno University of Technology, CZ Rotor RFP II Capstone Workshop September 19-21, 2005 @ Redmond, US

  2. Overview • Motivations • Goals and the Scope • Container-Concept-Algorithms approach • Design principles • Implementation issues • Example • Progress and future work

  3. Introduction • Using formal methods is the acceptable approach for ensuring the development of more reliable systems. (http://www.fmeurope.org) • Why not used more extensively? • Many reasons: • They’re expensive. • Need to adapt the methods for particular kind of applications. • Need an easy way to specialize the tools. • Tools are not only efficient algorithms, but also editors, wizards, proof assistants, and other support tools.

  4. The Goal • An experimental implementation of class library for .NET that would have the following properties: • To collect well-known algorithms for MC and logical reasoning in a class library designed in a uniform style • To support the development of specialized tools by using generic algorithms • To exploit the advantages of .NET architecture • To be extensible, efficient, manageable, and easy to use library

  5. What algorithms ? • Existing tools use various specialized versions of the common algorithms • Model Checking algorithms: • Explicit state search – direct labeling procedure • Automata theoretic – product operation, emptiness checking, on-the-fly modifications, partial reductions • Symbolic based on BDD library • … • Logics: • Sat solver for PL • Simplification procedures • Syntactic rules, rewriting • …

  6. .NET • First implementations had been done in .NET version 1.x. • Redesigned and implemented for .NET 2.x, mainly because we wanted to use generics. • We mainly use C#, C++ and F# as implementation languages. • We wanted to follow as much as possible the rules of Design guidelines for Cass Library Developers and the spirit of .NET class libraries • naming conventions, interface design, enumerators, common design patterns, etc.

  7. Library model • Algorithm-oriented library • Efficient generic algorithms • Container-Concept-Algorithm model • Container is an implementation of a concrete data structure used as an input, output or internal data in an algorithm • Concept is a definition of properties of a container needed by an algorithm

  8. Algorithm oriented library Configuration Procedure Problem Algorithm Solution Concept Container Reference

  9. Algorithm oriented library Configuration Procedure Problem Algorithm Solution Concept Container Reference

  10. Algorithm oriented library Configuration Procedure Problem Algorithm Solution Concept Container Reference

  11. Mapping CCA to .NET • The mapping is quite straightforward for object-oriented implementation languages:

  12. Container –Concept – Algorithm model • The purpose of CCA model is to allow us to write efficient algorithms • An algorithm defines a collection of concepts that each container has to necessary meet • A concept is a collection of properties or operations • Container is in general a user defined object, but we have also some predefined ones • An algorithm works in an environment that supports all other stuffs needed – internal concepts, provided through problem definition and/or configuration set.

  13. An efficiency note 1 • Algorithms often create and use some auxiliary data • For the efficiency reason one must also to provide implementations for these internal data • User provided all these implementations can arbitrary customize and optimized them as needed • We represent an internal data in the same way as input data, through the concept notion. • Sometimes it is not clearly separated what is the problem specification and what is the internal concept.

  14. The use of internal concepts • A trivial example: ArrayList<term> sat; ArrayList<term> sat0; sat = new ArrayList(); sat0 = GetAllTerms(); while(!sat0.Equals(sat)) { sat0 = new ArrayList(sat); foreach(term t in sat0) { if(Satisfied(t)) sat.Add(t); } } ISet<term> sat; ISet<term> sat0; sat = termSet.Empty(); sat0 = GetAllTerms(); while(!sat0.Equals(sat)) { sat0 = sat.Copy(); foreach(term t in sat0) { if(Satisfied(t)) sat.Add(t); } }

  15. Problem Input-concepts Algorithm Output-concepts Configuration Internal-concepts Problem Input-concepts Algorithm Output-concepts Internal-concepts Input-concepts Output-concepts Internal-concepts The internal concepts

  16. Problem Input-concepts Algorithm Output-concepts Configuration Internal-concepts Problem Input-concepts Algorithm Output-concepts Internal-concepts Input-concepts Output-concepts Internal-concepts The internal concepts

  17. Problem Input-concepts Algorithm Output-concepts Configuration Internal-concepts Problem Input-concepts Algorithm Output-concepts Internal-concepts Input-concepts Output-concepts Internal-concepts The internal concepts

  18. Containers • As the name suggests a container usually models a containment structure. • Contrary to STL, we consider container in a slightly broader sense: Generic Set, State machine, Expressions, Formula, Path, Trace, Inference Tree, ... • Containers provide concepts, it is convenient that they provides only the concepts they are able to implement efficiently. • A library provides some predefined basic containers or special broader usable containers.

  19. 4 states vs. 4.106 states A B C D An efficiency note 2 • Containers consists of items and we often need to work with these items. • How to represents these items ? • As concepts – too weight in many situation, it can raise to significant overhead and loss of performance • As unspecified types – no restriction on the concrete implementation (or possibly very general ones) interface IState<LABEL> { bool InitState { get; } ISet<IState> AdjancentStates { get; } LABEL Label { get; } } interface IStateMachine<LABEL, STATE> { STATE InitState(); ISet<STATE> GetAdjancentStates(STATE s); LABEL GetLabel(STATE s); } class State : IState<int, int> { private: int stateId; StateMachine *machine; } class StateMachine : IStateMachine<int, int> { int GetLabel(int s) { return states[s].label; } }

  20. References and iterators are of “unknown types” • The concepts are parameterized with these types. • It brings also the flexibility besides the mentioned efficiency. // F# implementation of Term type 'a Term = | True | False | Atom of 'a | Not of 'a Term | And of 'a Term * 'a Term | Or of 'a Term * 'a Term | Imply of 'a Term * 'a Term | Equiv of 'a Term * 'a Term | X of 'a Term | F of 'a Term | G of 'a Term | U of 'a Term * 'a Term | W of 'a Term * 'a Term | R of 'a Term * 'a Term with ... end // C# implementation of Term class Term<T> { private LtlTermType typ; private Term<T> subterms[2]; private T atom; ... }

  21. Architecture example Problem Solution Formula Formula Labelling algorithm Automaton Set of States .NET GC CtlFormula F# Labelling algorithm C# State Collection C++, STL StateMachine C++, STL Custom Allocator C++

  22. Architecture example Problem Solution Formula Formula Labelling algorithm Automaton Set of States .NET GC CtlFormula F# Labelling algorithm C# State Collection C++, STL StateMachine C++, STL Custom Allocator C++

  23. An efficiency note 3 • Creating each item in a container as GC object may be very expensive. • The present model allows the programmer implementing the container to take more optimal approach, e.g. array of values. • As C++ can work with memory in the “classical style” it is still possible to write containers with custom memory management model. ObjectHeader GC Internal Tables 4B TypeHandle 4B + ObjectFields

  24. Example: The Labeling algorithm [1] Automaton A = (S, T, L) S –set of states T ⊆ S × S – transition relation L: S → 2AP - labeling of states with a set of atomic propositions (AP) satisfied in the state Formula CTL is defined by the abstract syntax: f ::= p | f * f | f + f | !f | f -> f | f <-> f | AG f | AF f | AX f | EG f | EF f | EX f | f AU g | f EU g Container Concepts Container Concepts Labeling algorithm is a function Fun : A × F → 2S Algorithm

  25. Example: The Labeling algorithm [2] Term Atom State Set Factory Ctl Formula Labeling Algorithm State Set State Labeling Automaton State Reference Algorithm Concept

  26. Example: The Labeling algorithm [2] Term Atom State Set Factory Ctl Formula Labeling Algorithm State Set State Labeling Automaton State Reference Algorithm Concept

  27. Example: The Labeling algorithm [2] Term Atom State Set Factory Ctl Formula Labeling Algorithm State Set State Labeling Automaton State Reference Algorithm Concept

  28. Example: The Labeling algorithm [3] publicinterface ILabellingProblem<State, Term, Atom> : IProblem { ICtlFormula<Term, Atom> Formula { get; } IAutomatonStateBackward<State> Automaton { get; } ILabeledStates<State, Atom> StateLabelling { get; } } public interface ILabellingConfiguration<State, Term, Atom> : IConfiguration { ISetFactory<State> StateSetFactory { get; } bool ComputeAllOperators{ get; } } public interface ILabellingSolution<State, Term, Atom> : ISolution { ICtlFormula<Term, Atom> Formula { get; } ISet<State> States { get; } } public class LabellingAlgorithm<State, Term, Atom> : IAlgorithm { public static LabellingAlgorithm<State, Term, Atom> Create(ILabellingConfiguration configuration); public ILabellingSolution<State, Term, Atom> Solve(ILabellingProblem problem); ... }

  29. Example: The Labeling algorithm [3] publicinterface ILabellingProblem<State, Term, Atom> : IProblem { ICtlFormula<Term, Atom> Formula { get; } IAutomatonStateBackward<State> Automaton { get; } ILabeledStates<State, Atom> StateLabelling { get; } } publicinterface ILabellingConfiguration<State, Term, Atom> : IConfiguration { ISetFactory<State> StateSetFactory { get; } bool ComputeAllOperators{ get; } } public interface ILabellingSolution<State, Term, Atom> : ISolution { ICtlFormula<Term, Atom> Formula { get; } ISet<State> States { get; } } public class LabellingAlgorithm<State, Term, Atom> : IAlgorithm { public static LabellingAlgorithm<State, Term, Atom> Create(ILabellingConfiguration configuration); public ILabellingSolution<State, Term, Atom> Solve(ILabellingProblem problem); ... }

  30. Example: The Labeling algorithm [3] publicinterface ILabellingProblem<State, Term, Atom> : IProblem { ICtlFormula<Term, Atom> Formula { get; } IAutomatonStateBackward<State> Automaton { get; } ILabeledStates<State, Atom> StateLabelling { get; } } publicinterface ILabellingConfiguration<State, Term, Atom> : IConfiguration { ISetFactory<State> StateSetFactory { get; } bool ComputeAllOperators{ get; } } publicinterface ILabellingSolution<State, Term, Atom> : ISolution { ICtlFormula<Term, Atom> Formula { get; } ISet<State> States { get; } } public class LabellingAlgorithm<State, Term, Atom> : IAlgorithm { public static LabellingAlgorithm<State, Term, Atom> Create(ILabellingConfiguration configuration); public ILabellingSolution<State, Term, Atom> Solve(ILabellingProblem problem); ... }

  31. Example: The Labeling algorithm [3] publicinterface ILabellingProblem<State, Term, Atom> : IProblem { ICtlFormula<Term, Atom> Formula { get; } IAutomatonStateBackward<State> Automaton { get; } ILabeledStates<State, Label> StateLabelling { get; } } publicinterface ILabellingConfiguration<State, Term, Atom> : IConfiguration { ISetFactory<State> StateSetFactory { get; } bool ComputeAllOperators{ get; } } publicinterface ILabellingSolution<State, Term, Atom> : ISolution { ICtlFormula<Term, Atom> Formula { get; } ISet<State> States { get; } } public class LabellingAlgorithm<State, Term, Atom> : IAlgorithm { public static LabellingAlgorithm<State, Term, Atom> Create(ILabellingConfiguration configuration); public ILabellingSolution<State, Term, Atom> Solve(ILabellingProblem problem); ... }

  32. Project progress and future work • Design the model and the basic architecture, • Develop an infrastructure for the project • Implementation of the foundations • Implementation of several selected algorithms, and basic containers • Polish the implementation and make it available online • Complete the documentation throughout the library • Evaluation and comparison of the efficiency of the implementation of algorithms • Intensive testing • Further development of the library Present Future Past

  33. Links • The official project website: http://vutbrmsr.sourceforge.net/ • Other (related) projects: • Orbital library (JAVA) http://www.functologic.com/orbital/ • BOOST C++ libraries http://www.boost.org/ • Carnegie Mellon Univ. Model-Checking tools http://www.cs.cmu.edu/~modelcheck/code.htm • Common Framework Initiative for algebraic specification and development http://www.brics.dk/Projects/CoFI/ • Community Z Tools http://czt.sourceforge.net/ • Formal Methods Projects page at FM Library http://vl.fmnet.info/projects/ • Math.NET http://nmath.sourceforge.net • JavaDD library http://javaddlib.sourceforge.net/

More Related