behavioural analysis using mcrl2 - win.tue.nl fileipa course on formal methods technische...
TRANSCRIPT
![Page 1: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/1.jpg)
Behavioural Analysis using mCRL2
Aad Mathijssen Bas Ploeger Frank StappersTim Willemse
Department of Mathematics and Computer ScienceTechnische Universiteit Eindhoven
IPA Course on Formal MethodsTechnische Universiteit Eindhoven
June 26, 2008
1/105
![Page 2: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/2.jpg)
IntroductionAnalysis techniques
Main analysis techniques used in hardware/softwaredevelopment:
Structural analysis: what things are in the system
Class diagramsComponent diagramsPackage diagrams
Behavioural analysis: what happens in the system
State diagramsMessage sequence chartsPetri netsProcess algebraTemporal logic
2/105
![Page 3: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/3.jpg)
IntroductionSchedule
10:00 - 11:00 Basic process algebraParallelism and abstractionProcesses with data
11:00 - 11:15 Break11:15 - 12:15 Linear processes
Temporal logicVerification
12:15 - 13:15 Lunch
13:15 - 13:45 Toolset overview and demo13:45 - 14:15 Hands-on experience14:15 - 14:30 Break14:30 - 15:30 Hands-on experience15:30 - 15:45 Break15:45 - 16:15 Wrap-up
Industrial case studies
3/105
![Page 4: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/4.jpg)
Outline
1 Basic process algebra
2 Parallelism and abstraction
3 Processes with data
4 Linear processes
5 Temporal Logic
6 Verification
7 Toolset overview and demo
8 Hands-on experience
9 Wrap-up
10 Industrial case studies
4/105
![Page 5: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/5.jpg)
Outline
1 Basic process algebra
2 Parallelism and abstraction
3 Processes with data
4 Linear processes
5 Temporal Logic
6 Verification
7 Toolset overview and demo
8 Hands-on experience
9 Wrap-up
10 Industrial case studies
5/105
![Page 6: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/6.jpg)
Labelled transition systemsIntroduction
A labelled transition system is a basic formalism fordescribing behaviour.
Also known as labelled directed graphs or state spaces.
Labels represent discrete events, also called actions.
6/105
![Page 7: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/7.jpg)
Labelled transition systemsFormal definition
A labelled transition system is a tuple (S,L,→, s, T ) where:
S is a set of states
L is a set of labels
→⊆ S × L× S is a transition relation
s ∈ S is the initial state
T ⊆ S is the set of terminating states
7/105
![Page 8: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/8.jpg)
Labelled transition systemsExample: order items
Example
Ordering items:
order
receive
keep
refund
return
8/105
![Page 9: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/9.jpg)
Basic process algebraMotivation
Labelled transition systems are powerful, but low-level.
Basic process algebra allows us to:
describe labelled transition systems at an abstract level
reason about labelled transition systems using equations
9/105
![Page 10: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/10.jpg)
Basic process algebraDescribe behaviour
Basic processes: p ::= a | p · p | p+ p | δ
a, b, c, . . . represent actions
p · q represents sequential composition
p+ q represents non-deterministic choice
δ represents inaction or deadlock
Operator precedence:
· binds stronger than +· and + associate to the right
Use parentheses to override
For example: a · b + c · d · e stands for (a · b) + (c · (d · e))
10/105
![Page 11: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/11.jpg)
Basic process algebraDescribe behaviour
Exercise: draw LTSs
a · δ + b · c (a + b) · δ · c a + δ
11/105
![Page 12: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/12.jpg)
Basic process algebraDescribe behaviour
Exercise: draw LTSs
a · δ + b · c (a + b) · δ · c a + δ
a b
c a b a
11/105
![Page 13: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/13.jpg)
Basic process algebraDescribe behaviour
Exercise: draw LTSs
a · (b + c) · d · (b + c) a · (b · d · (b + c) + c · d · (b + c))
11/105
![Page 14: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/14.jpg)
Basic process algebraDescribe behaviour
Exercise: draw LTSs
a · (b + c) · d · (b + c) a · (b · d · (b + c) + c · d · (b + c))
a
b c
d
b c
a
b c
d d
b c b c
11/105
![Page 15: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/15.jpg)
Basic process algebraDescribe behaviour
Exercise: draw LTSs
a · (b + c) · d · (b + c) a · (b · d · (b + c) + c · d · (b + c))
a
b c
d
b c
a
b c
d d
b c b c
Are the two equivalent?
11/105
![Page 16: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/16.jpg)
Basic process algebraDescribe behaviour
Exercise: draw LTSs
a · (b + c) · d · (b + c) a · (b · d · (b + c) + c · d · (b + c))
a
b c
d
b c
a
b c
d d
b c b c
Are the two equivalent? Yes!
11/105
![Page 17: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/17.jpg)
Basic process algebraReason about behaviour: derivation rules
Derivation rules for process equality:
p = p
p = q
q = p
p = q q = r
p = r
p1 = q1 p2 = q2p1 · p2 = q1 · q2
p1 = q1 p2 = q2p1 + p2 = q1 + q2
p = q ∈ Ax
p = q
12/105
![Page 18: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/18.jpg)
Basic process algebraReason about behaviour: axioms
Axioms for the basic operators:
A1 p+ q = q + pA2 p+ (q + r) = (p+ q) + rA3 p+ p = pA4 (p+ q) · r = p · r + q · rA5 (p · q) · r = p · (q · r)A6 a + δ = aA7 δ · p = δ
Exercise
1 a + (δ + a) = a
2 δ · (a + b) = δ · a + δ · b3 a · (b+c) · d · (b+c) = a · (b · d · (b+c) + c · d · (b+c))
13/105
![Page 19: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/19.jpg)
Basic process algebraReason about behaviour: axioms
Axioms for the basic operators:
A1 p+ q = q + pA2 p+ (q + r) = (p+ q) + rA3 p+ p = pA4 (p+ q) · r = p · r + q · rA5 (p · q) · r = p · (q · r)A6 a + δ = aA7 δ · p = δ
Exercise
1 a + (δ + a) = a
2 δ · (a + b) = δ · a + δ · b3 a · (b+c) · d · (b+c) = a · (b · d · (b+c) + c · d · (b+c))
13/105
![Page 20: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/20.jpg)
Basic process algebraReason about behaviour: axioms (2)
Solution to exercise 1
Derivation of a + (δ + a) = a:
a + (δ + a)= { Axiom A2: p+ (q + r) = (p+ q) + r }
(a + δ) + a
= { Axiom A6: a + δ = a }a + a
= { Axiom A3: p+ p = p }a
14/105
![Page 21: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/21.jpg)
Basic process algebraReason about behaviour: axioms (2)
Solution to exercise 2
Derivation of δ · (a + b) = δ · a + δ · b:
δ · (a + b)= { Axiom A7: δ · p = δ }δ
= { Axiom A3: p+ p = p }δ + δ
= { Axiom A7 (twice) }δ · a + δ · b
14/105
![Page 22: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/22.jpg)
Basic process algebraReason about behaviour: axioms (2)
Solution to exercise 3
Derivation ofa · (b + c) · d · (b + c) = a · (b · d · (b + c) + c · d · (b + c)):
a · (b + c) · d · (b + c)= { Axiom A4: (p+ q) · r = p · r + q · r }
a · (b · d · (b + c) + c · d · (b + c))
14/105
![Page 23: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/23.jpg)
Basic process algebraReason about behaviour: axioms (3)
Is the following valid: p · (q + r) = p · q + p · r ?
15/105
![Page 24: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/24.jpg)
Basic process algebraReason about behaviour: axioms (3)
Is the following valid: p · (q + r) = p · q + p · r ?
The princess, or the dragon?
open door
marry princess confront dragon
6= open door open door
marry princess confront dragon
F. Stockton, “The Lady, or the Tiger?”, An Anthology of FamousAmerican Stories, New York, Modern Library, 1953, pp. 248-253.
15/105
![Page 25: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/25.jpg)
Basic process algebraReason about behaviour: axioms (3)
Is the following valid: p · (q + r) = p · q + p · r ?
It depends on your view:
Bisimulation equivalence: no
Trace equivalence: yes
Lots of equivalences inbetween.
15/105
![Page 26: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/26.jpg)
Basic process algebraProcess definition
Deal with loops by introducing recursive processes:
Add process definitions of the form P = p
P is called a process reference
Processes: p ::= a | p · p | p+ p | δ | P
16/105
![Page 27: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/27.jpg)
Basic process algebraProcess definition
Deal with loops by introducing recursive processes:
Add process definitions of the form P = p
P is called a process reference
Processes: p ::= a | p · p | p+ p | δ | P
Example: LTS of P
P = a · P P = a · a · P P = c · P + a · b · P
a
a a
c
a b
16/105
![Page 28: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/28.jpg)
Basic process algebraProcess definition
Deal with loops by introducing recursive processes:
Add process definitions of the form P = p
P is called a process reference
Processes: p ::= a | p · p | p+ p | δ | P
Example: LTS of P
P = a · P P = a · a · P P = c · P + a · b · P
a
a a
c
a b
P = a · P is equivalent to P = a · a · P.
16/105
![Page 29: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/29.jpg)
Basic process algebraProcess specifications
Process specifications:
act a0, . . . , an;proc P0 = p0; · · · Pm = pm;init p;
act declares actions used in proc and init
proc consists of process definitions
init represents the initial process
17/105
![Page 30: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/30.jpg)
Basic process algebraProcess specifications (2)
Exercise
Give a process specification of the following LTS:
order
receive
keep
refund
return
18/105
![Page 31: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/31.jpg)
Basic process algebraProcess specifications (2)
Solution
Process specification:
order
receive
keep
refund
return
act order, receive, keep, refund, return;proc Start = order · Ordered;
Ordered = receive · Received
+ refund · Start;Received = return · Ordered
+ keep;init Start;
18/105
![Page 32: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/32.jpg)
Outline
1 Basic process algebra
2 Parallelism and abstraction
3 Processes with data
4 Linear processes
5 Temporal Logic
6 Verification
7 Toolset overview and demo
8 Hands-on experience
9 Wrap-up
10 Industrial case studies
19/105
![Page 33: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/33.jpg)
Parallelism and abstractionMotivation
Observation (Robin Milner, 1973):
Interaction is a primary conceptin computer science.
Key ideas:
Black box philosophy: focus on the interactions(inputs and outputs) of a system
Treat distributed systems as communicating black boxes
20/105
![Page 34: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/34.jpg)
Parallelism and abstractionMotivation
Observation (Robin Milner, 1973):
Interaction is a primary conceptin computer science.
Key ideas:
Black box philosophy: focus on the interactions(inputs and outputs) of a system
Treat distributed systems as communicating black boxes
20/105
![Page 35: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/35.jpg)
Parallelism and abstractionParallelism
Processes:
p ::= a | p · p | p+ p | δ | P | p ‖ p | p | p
‖ represent parallel composition
| represents synchronisation
Processes of the form a | · · · | a are called multiactions
21/105
![Page 36: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/36.jpg)
Parallelism and abstractionParallelism: example
P Qr1 s2 r2 s3
22/105
![Page 37: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/37.jpg)
Parallelism and abstractionParallelism: example
P Qr1 s2 r2 s3
Process specification:
act r1, s2, r2, s3;proc P = r1 · s2 · P;
Q = r2 · s3 · Q;init P ‖ Q;
22/105
![Page 38: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/38.jpg)
Parallelism and abstractionParallelism: example
P Qr1 s2 r2 s3
Corresponding LTS:
r1|r2
r2
r1
s2|s3
s3
s2
r1|s3
s3
r1s2|r2
r2
s2
22/105
![Page 39: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/39.jpg)
Parallelism and abstractionCommunication
Processes:
p ::= a | p · p | p+ p | δ | P | p ‖ p | p | p| Γ{a|ma→a,...,a|ma→a}(p) | ∂{a,...,a}(p) | ∇{ma,...,ma}(p)
ma ::= a | · · · | a
Γ{a|b→c}(p) renames multiactions a|b to c
∂S(p) blocks (renames to δ) all actions in the set S
∇S(p) blocks all multiactions different fromthe ones in S
23/105
![Page 40: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/40.jpg)
Parallelism and abstractionCommunication
Processes:
p ::= a | p · p | p+ p | δ | P | p ‖ p | p | p| Γ{a|ma→a,...,a|ma→a}(p) | ∂{a,...,a}(p) | ∇{ma,...,ma}(p)
ma ::= a | · · · | a
Γ{a|b→c}(p) renames multiactions a|b to c
∂S(p) blocks (renames to δ) all actions in the set S
∇S(p) blocks all multiactions different fromthe ones in S
Enforce communication of a|b to c:
∂{a,b}(Γ{a|b→c}(p)) by blocking a and b∇{c}(Γ{a|b→c}(p)) by only allowing c
23/105
![Page 41: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/41.jpg)
Parallelism and abstractionCommunication: example
P Qr1 s2
c2
r2 s3
24/105
![Page 42: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/42.jpg)
Parallelism and abstractionCommunication: example
P Qr1 s2
c2
r2 s3
Process specification:
act r1, s2, r2, s3, c2;proc P = r1 · s2 · P;
Q = r2 · s3 · Q;init ∂{r2,s2}(Γ{s2|r2→c2}(P ‖ Q));
24/105
![Page 43: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/43.jpg)
Parallelism and abstractionCommunication: example
P Qr1 s2
c2
r2 s3
Corresponding LTS:
r1
c2
r1|s3s3
r1 s3
24/105
![Page 44: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/44.jpg)
Parallelism and abstractionCommunication: example
P Qr1 s2
c2
r2 s3
Process specification:
act r1, s2, r2, s3, c2;proc P = r1 · s2 · P;
Q = r2 · s3 · Q;init ∇{c2,r1,s3,r1|s3}(Γ{s2|r2→c2}(P ‖ Q));
24/105
![Page 45: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/45.jpg)
Parallelism and abstractionAbstraction
Motivation for abstraction:
Focus on external behaviour:abstract from internal behaviour
Composition of models
25/105
![Page 46: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/46.jpg)
Parallelism and abstractionAbstraction (2)
Processes:
p ::= a | p · p | p+ p | δ | P | p ‖ p | p | p| Γ{a|ma→a,...,a|ma→a}(p) | ∂{a,...,a}(p) | ∇{ma,...,ma}(p)| τ | τ{a,...,a}(p)
ma ::= a | · · · | a
τ represents an internal action
τS(p) hides (renames to τ) all actions from S in p
26/105
![Page 47: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/47.jpg)
Parallelism and abstractionAbstraction: example
P Qr1 s2
c2
r2 s3
27/105
![Page 48: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/48.jpg)
Parallelism and abstractionAbstraction: example
P Qr1 s2
c2
r2 s3
Process specification:
act r1, s2, r2, s3, c2;proc P = r1 · s2 · P;
Q = r2 · s3 · Q;init τ{c2}(∂{r2,s2}(Γ{s2|r2→c2}(P ‖ Q)));
27/105
![Page 49: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/49.jpg)
Parallelism and abstractionAbstraction: example
P Qr1 s2
c2
r2 s3
Corresponding LTS:
r1
τ
r1|s3s3
r1 s3
27/105
![Page 50: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/50.jpg)
Parallelism and abstractionAbstraction: example
P Qr1 s2
c2
r2 s3
Corresponding LTS:
r1
r1|s3
s3
r1 s3
27/105
![Page 51: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/51.jpg)
Parallelism and abstractionBranching bisimulation
Consequences of adding τ transitions:
Only external actions are observable
The effects of an internal action can only be observed ifit determines a choice
Weaker notion of bisimulation: branching bisimulation
28/105
![Page 52: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/52.jpg)
Parallelism and abstractionBranching bisimulation: example
Example
The following are equivalent: a · (τ + τ · τ) · b and a · b
29/105
![Page 53: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/53.jpg)
Parallelism and abstractionBranching bisimulation: example
Example
The following are equivalent: a · (τ + τ · τ) · b and a · b
a
ττ
τ
b
a
b
29/105
![Page 54: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/54.jpg)
Parallelism and abstractionBranching bisimulation: example
Example
The following are equivalent: a · (τ + τ · τ) · b and a · b
a
ττ
τ
b
a
b
29/105
![Page 55: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/55.jpg)
Parallelism and abstractionBranching bisimulation: example
Example
The following are equivalent: a · (τ + τ · τ) · b and a · b
a
ττ
τ
b
a
b
29/105
![Page 56: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/56.jpg)
Parallelism and abstractionBranching bisimulation: example
Example
The following are equivalent: a · (τ + τ · τ) · b and a · b
a
ττ
τ
b
a
b
29/105
![Page 57: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/57.jpg)
Parallelism and abstractionBranching bisimulation: example
Example
The following are equivalent: a · (τ + τ · τ) · b and a · b
a
ττ
τ
b
a
b
29/105
![Page 58: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/58.jpg)
Parallelism and abstractionBranching bisimulation: example
Example
The following are equivalent: a · (τ + τ · τ) · b and a · b
a
ττ
τ
b
a
b
29/105
![Page 59: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/59.jpg)
Parallelism and abstractionBranching bisimulation: axioms
Axioms for the basic operators and τ :
A1 p+ q = q + pA2 p+ (q + r) = (p+ q) + rA3 p+ p = pA4 (p+ q) · r = p · r + q · rA5 (p · q) · r = p · (q · r)A6 a + δ = aA7 δ · p = δ
T1 p · τ = pT2 p · (τ · (q + r) + q) = p · (q + r)
30/105
![Page 60: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/60.jpg)
Parallelism and abstractionBranching bisimulation: axioms
Axioms for the basic operators and τ :
A1 p+ q = q + pA2 p+ (q + r) = (p+ q) + rA3 p+ p = pA4 (p+ q) · r = p · r + q · rA5 (p · q) · r = p · (q · r)A6 a + δ = aA7 δ · p = δ
T1 p · τ = pT2 p · (τ · (q + r) + q) = p · (q + r)
Exercise
Show the following: a · ((τ + τ · τ) · b) = a · b
30/105
![Page 61: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/61.jpg)
Parallelism and abstractionBranching bisimulation: axioms
Axioms for the basic operators and τ :
A1 p+ q = q + pA2 p+ (q + r) = (p+ q) + rA3 p+ p = pA4 (p+ q) · r = p · r + q · rA5 (p · q) · r = p · (q · r)A6 a + δ = aA7 δ · p = δ
T1 p · τ = pT2 p · (τ · (q + r) + q) = p · (q + r)
Exercise
a · ((τ + τ · τ) · b) T1= a · ((τ + τ) · b) A3,A5= (a · τ) · b T1= a · b
30/105
![Page 62: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/62.jpg)
Outline
1 Basic process algebra
2 Parallelism and abstraction
3 Processes with data
4 Linear processes
5 Temporal Logic
6 Verification
7 Toolset overview and demo
8 Hands-on experience
9 Wrap-up
10 Industrial case studies
31/105
![Page 63: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/63.jpg)
Processes with dataWhy add data?
In real-life systems data is essential
Data allows for finite specifications of infinite systems
Example
A specification of a buffer that repeatedly receives a naturalnumber and then sends it to the outside world:
act send 0, receive 0, send 1, receive 1, . . .
proc Buffer = receive 0 · send 0 · Buffer
+ receive 1 · send 1 · Buffer
+ . . .
init Buffer;
32/105
![Page 64: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/64.jpg)
Processes with dataWhy add data?
In real-life systems data is essential
Data allows for finite specifications of infinite systems
Example
A specification of a buffer that repeatedly receives a naturalnumber and then sends it to the outside world:
act send 0, receive 0, send 1, receive 1, . . .
proc Buffer = receive 0 · send 0 · Buffer
+ receive 1 · send 1 · Buffer
+ . . .
init Buffer;
32/105
![Page 65: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/65.jpg)
Processes with dataData types
All types: equality, inequality and if≈, 6≈, if ( , , )Basic types: B, N+, N, Z, R¬, ∧, ∨, ∀, ∃, <, ≤, +, −, ∗, div, mod, max, min, . . .
Lists, sets and bags[1, 3, 4], ., / , ++ , ∪, ∩, \, ∈, ⊆, ⊂, . . .
Functionsλx:N . x ∗ xStructured typessort State = struct idle | running | defect ;sort Tree = struct leaf (N) | node(Tree,Tree);
33/105
![Page 66: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/66.jpg)
Processes with dataData specifications
Example: flatten a tree using pattern matching
sort Tree = struct leaf (N)| node(Tree,Tree);
map flatten:Tree → List(N);var n:N; t, u:Tree;eqn flatten(leaf (n)) = [n];
flatten(node(t, u)) = t++u;
34/105
![Page 67: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/67.jpg)
Processes with dataData specifications
Example: flatten a tree without pattern matching
sort Tree = struct leaf (val :N)?is leaf| node(left :Tree, right :Tree)?is node;
map flatten:Tree → List(N);var t:Tree;eqn is leaf (t) → flatten(t) = [val(t)];
is node(t) → flatten(t) =flatten(left(t)) ++ flatten(right(t));
34/105
![Page 68: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/68.jpg)
Processes with dataAdding data to processes
Processes:
p ::= a | p · p | p+ p | δ | P | p ‖ p | p | p| Γ{a|ma→a,...,a|ma→a}(p) | ∂{a,...,a}(p) | ∇{ma,...,ma}(p)| τ | τ{a,...,a}(p)| a(d, . . . , d) | P(d, . . . , d) | b→ p � p |
∑x:s p
ma ::= a | · · · | a
Action and processes can be parameterised: a(25), P(true)Declarations of actions and processes: a:N, P(b:B) = . . .
Conditions influence process behaviour: b→ a � bb→ p is an abbrevation of b→ p � δSummation over data types:
∑n:N a(n)
35/105
![Page 69: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/69.jpg)
Processes with dataAdding data to processes: example
684
up down
set
act up, down;set:N;
proc Counter(n:N) = up · Counter(n+ 1)+ (n > 0)→ down · Counter(n− 1)+∑
m:N set(m) · Counter(m);init Counter(684);
36/105
![Page 70: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/70.jpg)
Processes with dataAdding data to processes: example (2)
Prime Checkerask(n) yes/no
map primes : Set(N);eqn primes = {n:N | ∀p,q:N p > 1 ∧ q > 1 ⇒ p ∗ q 6= n};act ask : N;
yes, no;proc PC =
∑n:N ask(n) · ((n ∈ primes)→ yes � no) · PC;
init PC;
37/105
![Page 71: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/71.jpg)
Outline
1 Basic process algebra
2 Parallelism and abstraction
3 Processes with data
4 Linear processes
5 Temporal Logic
6 Verification
7 Toolset overview and demo
8 Hands-on experience
9 Wrap-up
10 Industrial case studies
38/105
![Page 72: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/72.jpg)
Linear processesLinear process definitions
A linear process definition is a process of the form:
P(d : D) =∑i∈I
∑e:Ei
ci(d, e)→ ai(fi(d, e)) · P(gi(d, e))
Idea: a series of condition – action – effect rules:
Given the current state
If the condition holds
The action can be executed
Resulting in the next state (optional)
39/105
![Page 73: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/73.jpg)
Linear processesLinear process definitions
A linear process definition is a process of the form:
P(d : D) =∑i∈I
∑e:Ei
ci(d, e)→ ai(fi(d, e)) · P(gi(d, e))
Idea: a series of condition – action – effect rules:
Given the current state
If the condition holds
The action can be executed
Resulting in the next state (optional)
39/105
![Page 74: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/74.jpg)
Linear processesLinear process definitions
A linear process definition is a process of the form:
P(d : D) =∑i∈I
∑e:Ei
ci(d, e)→ ai(fi(d, e)) · P(gi(d, e))
Idea: a series of condition – action – effect rules:
Given the current state
If the condition holds
The action can be executed
Resulting in the next state (optional)
39/105
![Page 75: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/75.jpg)
Linear processesLinear process definitions
A linear process definition is a process of the form:
P(d : D) =∑i∈I
∑e:Ei
ci(d, e)→ ai(fi(d, e)) · P(gi(d, e))
Idea: a series of condition – action – effect rules:
Given the current state
If the condition holds
The action can be executed
Resulting in the next state (optional)
39/105
![Page 76: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/76.jpg)
Linear processesLinear process definitions
A linear process definition is a process of the form:
P(d : D) =∑i∈I
∑e:Ei
ci(d, e)→ ai(fi(d, e)) · P(gi(d, e))
Idea: a series of condition – action – effect rules:
Given the current state
If the condition holds
The action can be executed
Resulting in the next state (optional)
39/105
![Page 77: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/77.jpg)
Linear processesLinear process specifications
A linear process specification (LPS) is a restricted form of anmCRL2 process specification:
a data type specification;
an action specification;
a single, linear process definition;
an initial process reference.
An LPS is a symbolic representation of a labelled transitionsystem.
An mCRL2 specification can be linearised to an LPS if it is aparallel composition of parallel-free processes.
40/105
![Page 78: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/78.jpg)
Linear processesLinearisation
Example
mCRL2 specification before linearisation:
act order, receive, keep, refund, return;proc Start = order · Ordered;
Ordered = receive · Received + refund · Start;Received = return · Ordered + keep;
init Start;
41/105
![Page 79: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/79.jpg)
Linear processesLinearisation
Example
mCRL2 specification after linearisation:
sort State = struct start | ordered | received ;act order, receive, keep, refund, return;proc P(s : State) =
(s ≈ start) → order · P(ordered)+ (s ≈ ordered) → receive · P(received)+ (s ≈ ordered) → refund · P(start)+ (s ≈ received) → return · P(ordered)+ (s ≈ received) → keep;
init P(start);
41/105
![Page 80: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/80.jpg)
Linear processesLinearisation
Exercise: linearise the following mCRL2 specification
Bufferreceive(n) send(n)
act receive, send : N;proc Buffer =
∑n:N receive(n) · send(n) · Buffer;
init Buffer;
42/105
![Page 81: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/81.jpg)
Linear processesLinearisation
Exercise: linearise the following mCRL2 specification
Bufferreceive(n) send(n)
act receive, send : N;proc Buffer =
∑n:N receive(n) · send(n) · Buffer;
init Buffer;Parameter b : B:
42/105
![Page 82: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/82.jpg)
Linear processesLinearisation
Exercise: linearise the following mCRL2 specification
Bufferreceive(n) send(n)
act receive, send : N;proc Buffer =
∑n:N
false
receive(n)
true
· send(n)
false
· Buffer;init Buffer;Parameter b : B:
42/105
![Page 83: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/83.jpg)
Linear processesLinearisation
Exercise: linearise the following mCRL2 specification
Bufferreceive(n) send(n)
act receive, send : N;proc Buffer =
∑n:N
false
receive(n)
true
· send(n)
false
· Buffer;init Buffer;Parameter b : B:
proc P(b:B,m:N) =∑
n:N ¬b → receive(n) · P(true, n)+ b → send(m) · P(false, 0);
init P(false, 0);
42/105
![Page 84: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/84.jpg)
Linear processesSummary
Linear process specification:
Simple mCRL2 specification:
no parallelismsingle processrestricted format (condition – action – effect)
Symbolic representation of LTS, hence:
compactfinite, even if LTS is infinite
Very suitable for automated manipulation and analysis
Most mCRL2 specifications can be easily linearised
Central notion in mCRL2 toolset
43/105
![Page 85: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/85.jpg)
Outline
1 Basic process algebra
2 Parallelism and abstraction
3 Processes with data
4 Linear processes
5 Temporal Logic
6 Verification
7 Toolset overview and demo
8 Hands-on experience
9 Wrap-up
10 Industrial case studies
44/105
![Page 86: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/86.jpg)
Temporal Logic
Model checking is an automated verification method. It canbe used to check functional requirements against a model.
A (software or hardware) system is modelled in mCRL2
The requirements are specified as properties in atemporal logic
A model checking algorithm decides whether theproperty holds for the model: the property can beverified or refuted. Sometimes, witnesses or counterexamples can be provided
Temporal logic of choice in mCRL2:µ-calculus with data, time and regular expressions.
45/105
![Page 87: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/87.jpg)
Temporal Logic
Idea of µ-calculus: add fixed point operators (i.e. recursion)as primitives to standard Hennessy-Milner logic.
µ-calculus is very expressive (subsumes e.g. CTL∗).
µ-calculus is very pure.
drawback: lack of intuition.
Today: alternation-free µ-calculus using regularexpressions and data.
LTL CTL
CTL∗
µ-calculus
46/105
![Page 88: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/88.jpg)
Temporal Logic
Hennessy-Milner logic: propositional logic with modalities:
φ ::= true | false | φ ∧ φ | φ ∨ φ | [a]φ | 〈a〉φ
Notation
s |= φ: state s of a transition system satisfies formula φ
for all states s: s |= true; for no state s: s |= false;
s |= [a]φ iff all a-labelled transitions starting in s andleading to a state t satisfy t |= φ;
s |= 〈a〉φ iff there is at least one a-labelled transitionstarting in s and leading to a state t satisfying t |= φ.
47/105
![Page 89: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/89.jpg)
Temporal Logic
Exercise
Determine the largest subset S ⊆ {s1, s2, s3, s4} in thefollowing satisfaction problems:
s1 s2
s3 s4
a
a
b
b
aS |= [b]falseS |= [a][b][c]trueS |= 〈a〉true
48/105
![Page 90: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/90.jpg)
Temporal Logic
Exercise
Determine the largest subset S ⊆ {s1, s2, s3, s4} in thefollowing satisfaction problems:
s1 s2
s3 s4
a
a
b
b
aS |= [b]false S = {s2, s3}S |= [a][b][c]true S = {s1, s2, s3, s4}S |= 〈a〉true S = {s1, s2, s3}
48/105
![Page 91: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/91.jpg)
Temporal Logic
HM-logic + basic regular expressions:
φ ::= true | false | φ ∧ φ | φ ∨ φ | [ρ]φ | 〈ρ〉φρ ::= ε | a | ρ · ρ | ρ+ ρ
ε is the empty word;
a is an action;
ρ · ρ is concatenation;
ρ+ ρ is choice.
49/105
![Page 92: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/92.jpg)
Temporal Logic
HM-logic + basic regular expressions:
φ ::= true | false | φ ∧ φ | φ ∨ φ | [ρ]φ | 〈ρ〉φρ ::= ε | a | ρ · ρ | ρ+ ρ
ε is the empty word;
a is an action;
ρ · ρ is concatenation;
ρ+ ρ is choice.
Combined with the modalities [ ] and 〈 〉 :
s |= [ρ1 · ρ2]φ iff s |= [ρ1][ρ2]φs |= [ρ1 + ρ2]φ iff s |= [ρ1]φ ∧ [ρ2]φ
s |= 〈ρ1 · ρ2〉φ iff s |= 〈ρ1〉〈ρ2〉φs |= 〈ρ1 + ρ2〉φ iff s |= 〈ρ1〉φ ∨ 〈ρ2〉φ
49/105
![Page 93: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/93.jpg)
Temporal Logic
Exercise
Determine the largest subset S ⊆ {s1, s2, s3, s4} in thefollowing satisfaction problems:
s1 s2
s3 s4
a
a
b
b
a
S |= [b + a]falseS |= [a · b · c]falseS |= 〈a · a · b + a · a · a〉true
50/105
![Page 94: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/94.jpg)
Temporal Logic
Exercise
Determine the largest subset S ⊆ {s1, s2, s3, s4} in thefollowing satisfaction problems:
s1 s2
s3 s4
a
a
b
b
a
S |= [b + a]false S = ∅S |= [a · b · c]false S = {s1, s2, s3, s4}S |= 〈a · a · b + a · a · a〉true
S = {s1, s2}
50/105
![Page 95: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/95.jpg)
Temporal Logic
HM-logic + iteration + regular expressions:
φ ::= true | false | φ ∧ φ | φ ∨ φ | [ρ]φ | 〈ρ〉φρ ::= ε | a | ρ · ρ | ρ+ ρ | ρ∗ | ρ+
ρ∗ := ε+ ρ · ρ∗: transitive, reflexive closure of ρ;
ρ+ := ρ · ρ∗: transitive closure of ρ.
Iteration operators + modalities = recursion.
recursion is coded using fixed points in the µ-calculus.
51/105
![Page 96: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/96.jpg)
Temporal Logic
HM-logic + iteration + regular expressions:
φ ::= true | false | φ ∧ φ | φ ∨ φ | [ρ]φ | 〈ρ〉φρ ::= ε | a | ρ · ρ | ρ+ ρ | ρ∗ | ρ+
ρ∗ := ε+ ρ · ρ∗: transitive, reflexive closure of ρ;
ρ+ := ρ · ρ∗: transitive closure of ρ.
Iteration operators + modalities = recursion.
recursion is coded using fixed points in the µ-calculus.
[ρ∗]φ := νX. [ρ]X ∧ φ; ν expresses looping;
〈ρ∗〉φ := µX. 〈ρ〉X ∨ φ; µ expresses finite looping.
51/105
![Page 97: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/97.jpg)
Temporal Logic
Exercise
Determine the largest subset S ⊆ {s1, s2, s3, s4} in thefollowing satisfaction problems:
s1 s2
s3 s4
a
a
b
b
a
S |= 〈a∗〉trueS |= 〈a+〉trueS |= [a∗ · b]falseHow to phrase absence of deadlock?
52/105
![Page 98: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/98.jpg)
Temporal Logic
Exercise
Determine the largest subset S ⊆ {s1, s2, s3, s4} in thefollowing satisfaction problems:
s1 s2
s3 s4
a
a
b
b
a
S |= 〈a∗〉true S = {s1, s2, s3, s4}S |= 〈a+〉true S = {s1, s2, s3}S |= [a∗ · b]false S = {s2}How to phrase absence of deadlock?
[(a + b)∗]〈a + b〉true
52/105
![Page 99: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/99.jpg)
Temporal Logic
Consider the following definition of a lossy channel:
proc C(b:B,m:M) =∑
k:M b→ read(k) · C(false, k)+ ¬b→ send(m) · C(true,m)+ ¬b→ lose · C(true,m);
53/105
![Page 100: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/100.jpg)
Temporal Logic
Consider the following definition of a lossy channel:
proc C(b:B,m:M) =∑
k:M b→ read(k) · C(false, k)+ ¬b→ send(m) · C(true,m)+ ¬b→ lose · C(true,m);
Problem
|M | =∞ =⇒ infinitely many read and send actions;
How to specify deadlock freedom as a finite expression?
How to verify that no miracles happen? (e.g. messagecreation, duplication, etc.)
53/105
![Page 101: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/101.jpg)
Temporal Logic
Extended HM-logic + action abstraction:
φ ::= true | false | φ ∧ φ | φ ∨ φ | [ρ]φ | 〈ρ〉φρ ::= ε | α | ρ · ρ | ρ+ ρ | ρ∗ | ρ+
α ::= a | a(d, . . . , d) | b | α ∧ α | α ∨ α | ¬α | ∀x:D α | ∃x:D α
Changes regular formulae (ρ):
Actions have been replaced by parameterised actions.
Logic is used to describe a possibly infinite set of actions.
Nota Bene:
d stands for a data expression;
b stands for a data expression of sort B.
54/105
![Page 102: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/102.jpg)
Temporal Logic
Logic for describing sets of actions:
true acts as wildcard (i.e. the entire set of actions);
∀ acts as intersection; ∃ is dual;
¬ acts as set complement.
Examples:
Any parameterised action a:N: . . . . . . . . . . 〈∃n:N a(n)〉trueAny action (but not a:N):. . . . . . . . . . . . .〈∀n:N ¬a(n)〉trueAbsence of deadlock: . . . . . . . . . . . . . . . . . [true∗]〈true〉true
55/105
![Page 103: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/103.jpg)
Temporal Logic
Logic for describing sets of actions:
true acts as wildcard (i.e. the entire set of actions);
∀ acts as intersection; ∃ is dual;
¬ acts as set complement.
Examples:
Any parameterised action a:N: . . . . . . . . . . 〈∃n:N a(n)〉trueAny action (but not a:N):. . . . . . . . . . . . .〈∀n:N ¬a(n)〉trueAbsence of deadlock: . . . . . . . . . . . . . . . . . [true∗]〈true〉true
Abstraction enables finite description of infinite set of actions.It does not provide full support for data-dependence.
55/105
![Page 104: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/104.jpg)
Temporal Logic
Extended HM-logic + action abstraction + data:
φ ::= φ ∧ φ | φ ∨ φ | [ρ]φ | 〈ρ〉φ | b | ∀x:D φ | ∃x:D φρ ::= ε | α | ρ · ρ | ρ+ ρ | ρ∗ | ρ+
α ::= a | a(d, . . . , d) | b | α ∧ α | α ∨ α | ¬α | ∀x:D α | ∃x:D α
Example
No a(n) action with n < 10 is allowed to occur:
∀n:N(n < 10) =⇒ [true∗ · a(n)]false
All a(n) actions can be followed by a(n+1) actions:
∀n:N[true∗ · a(n)]〈true∗ · a(n+1)〉true
56/105
![Page 105: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/105.jpg)
Temporal Logic
Exercise
s1
s2 s3
a(2)a(1)
c
Which of the following holds:
s1 |= ∃n:N [a(n)]〈c〉trues1 |= [∃n:N a(n)]〈c〉true
57/105
![Page 106: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/106.jpg)
Temporal Logic
Exercise
s1
s2 s3
a(2)a(1)
c
Which of the following holds:
s1 |= ∃n:N [a(n)]〈c〉true Yes.
s1 |= [∃n:N a(n)]〈c〉true No.
57/105
![Page 107: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/107.jpg)
Temporal Logic
Patterns coding for functional properties:
Invariance: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [true∗]ψSafety: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [ρ]falseAttainability: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 〈ρ〉trueFair reachability: . . . . . . . . . . . . . . [ρ · (¬a)∗]〈(¬a)∗ · a〉true
Outside regular formulae (but still valid µ-calculus formulae):
Inevitability of a: . . . . . . . . . . . . . . µX. [¬a]X ∧ 〈true〉trueFinitely many a actions: . . . . . . . . . µX. νY. [a]X ∧ [¬a]YInfinitely often action a: . . . . . . . . νX. µY. 〈a〉X ∨ 〈¬a〉Yψ holds along ρ-paths while φ fails: . νX. φ ∨ (ψ ∧ [ρ]X)
58/105
![Page 108: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/108.jpg)
Outline
1 Basic process algebra
2 Parallelism and abstraction
3 Processes with data
4 Linear processes
5 Temporal Logic
6 Verification
7 Toolset overview and demo
8 Hands-on experience
9 Wrap-up
10 Industrial case studies
59/105
![Page 109: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/109.jpg)
Verification
Model Checking Problem
Given a model with initial state s and a formula φ,decide (compute) whether s |= φ holds or not.
infinity in specifications . . . . . . . . C(n:N) = a(n) · C(n+1)infinity in µ-calculus . . . . . . νX(n:N = 0). 〈a(n)〉X(n+1)
60/105
![Page 110: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/110.jpg)
Verification
Model Checking Problem
Given a model with initial state s and a formula φ,decide (compute) whether s |= φ holds or not.
infinity in specifications . . . . . . . . C(n:N) = a(n) · C(n+1)infinity in µ-calculus . . . . . . νX(n:N = 0). 〈a(n)〉X(n+1)
mCRL2 Model Checking Rationale
The two sources of infinity require symbolic techniques tomake model checking tractable in practice . . . . . . . . . . . PBESs
60/105
![Page 111: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/111.jpg)
Verification
Equation Systems
Sequences of equations of the following form:
(µX(x1:D1, . . . , xn:Dn) = φ)or
(νX(x1:D1, . . . , xn:Dn) = φ)
X is a (sorted) predicate variable;
φ is a predicate in which predicate variables occur.
61/105
![Page 112: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/112.jpg)
Verification
Equation Systems
Sequences of equations of the following form:
(µX(x1:D1, . . . , xn:Dn) = φ)or
(νX(x1:D1, . . . , xn:Dn) = φ)
X is a (sorted) predicate variable;
φ is a predicate in which predicate variables occur.
Example(νX(n:N) = ∀m:N. m ≤ 10 =⇒ Y (n+m)
)(µY (n:N) = X(n+ 1)
)61/105
![Page 113: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/113.jpg)
Verification
Methodology
Logic Process
Model CheckingTransformation
EquivalencesTransformation
Equation System
Manipulators/Solvers
62/105
![Page 114: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/114.jpg)
Verification
Example (Infinite State Counter System)
act inc:N;proc C(n:N) = inc(n) · C(n+1);init C(0);
ninc(n)n := n+1
Absence of deadlock: . . . . . . . . . C(0)?
|= [true∗]〈true〉trueEquation system encoding absence of deadlock:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
(νX(n:N) = X(n+ 1)
)Note: X(0) = true iff C(0) is deadlock-free.
63/105
![Page 115: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/115.jpg)
Verification
Solving equation systems is generally undecidable;
Decidable fragment: Boolean Equation Systems;
PBES manipulations:
logic rewriting, e.g.:
φ = ψ =⇒ (νX(d:D) = φ) ≡ (νX(d:D) = ψ)
strengthen/weaken equations, e.g.;
φ v ψ =⇒ (νX(d:D) = φ) ≤ (νX(d:D) = ψ)
Gauß elimination + symbolic approximation;invariants;instantiation to BES.
64/105
![Page 116: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/116.jpg)
Verification
Example (Symbolic approximation)
Equation coding absence of deadlock for the counter:(νX(n:N) = X(n+ 1)
)Computing the solution to X using symbolic approximation:
Denote the ith approximant of X by Xi:- X0 = true- X1 = X(n+ 1)[X := true]
= true
Solution to X is true, since X0 = X1;Conclusion: the counter system is deadlock-free
65/105
![Page 117: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/117.jpg)
Verification
Tools for Gauß Elimination + Symbolic Approximation:
mucheck (µCRL), andpbessolve (mCRL2, still under development);
Successful case studies with mucheck:
ABP with infinitely large data domain (instead of theusual 2 elements);Bakery Protocol infinite state (natural numbers);EUV Wafer Handler Controller;FireWire;
Slow when complex data is involved;
On finite state-spaces, symbolic approximation is often(not always!) outperformed by explicit state techniques.
66/105
![Page 118: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/118.jpg)
Verification
Example (Instantiation)(νX(n:N) = n ≤ 2 ∧ Y (n)
) (µY (n:N) = odd(n) ∨X(n+1)
)Instantiation to BES for solution of X(0):
1 X(0) = 0 ≤ 2 ∧ Y (0) . . . . . . . . . . . . . . . . . . . . . . . . . = Y (0)2 Y (0) = odd(0) ∨X(1) . . . . . . . . . . . . . . . . . . . . . . . . = X(1)3 X(1) = 1 ≤ 2 ∧ Y (1) . . . . . . . . . . . . . . . . . . . . . . . . . = Y (1)4 Y (1) = odd(1) ∨X(2) . . . . . . . . . . . . . . . . . . . . . . . . . = true
X(0) 7→ X0 X(1) 7→ X1 Y (0) 7→ Y0 Y (1) 7→ Y1
BES: (νX0 = Y 0) (νX1 = Y 1) (µY0 = X1) (µY1 = true)
67/105
![Page 119: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/119.jpg)
Verification
Instantiation is akin to state-space exploration;
Algorithms for solving BESs:
Gauß Elimination (no symbolic approximation needed!);Small Progress Measures;. . .
Linear time algorithms for alternation-free BESs exist;
Tool implementing instantiation and BES solving:pbes2bool (mCRL2);
Applicable to all finite state systems and formulae;
Remarkable: instantiation and solving can outperformstate space exploration.
68/105
![Page 120: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/120.jpg)
Verification
Instantiation may not terminate:(νX(n:N) = X(n+ 1)
)- Instantiation starting at e.g. X(2)- X(3) occurs in (X(n+ 1)[n := 2])- X(4) occurs in (X(n+ 1)[n := 3])- etcetera
Observe: parameter n is non-influential and can be removed(tool: pbesparelm):(
νX(n:N) = X(n+ 1))≈(νX = X
)Note: n cannot be removed in:proc C(n:N) = inc(n) · C(n+1);
69/105
![Page 121: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/121.jpg)
Verification
Open Ends
Develop tooling to support invariants;
Exploit confluence and symmetry for PBESs;
Conduct timed verifications using PBESs;
Transfer regions techniques from Timed Automata;
Develop (and implement) new patterns;
Connect to theorem proving technology.
70/105
![Page 122: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/122.jpg)
Verification
Some References1 A. Mader, Verification of Modal Properties Using Boolean Equation
Systems, 1997.
2 R. Mateescu, Local model-checking of an alternation-free value-basedmodal mu-calculus, 1998.
3 J.F. Groote and T.A.C. Willemse, Verification of temporal properties ofprocesses in a setting with data, 2005.
4 J.F. Groote and T.A.C. Willemse, Parameterised Boolean EquationSystems, 2005.
5 M.M. Gallardo, C. Joubert, and P. Merino Implementing influenceanalysis using parameterised boolean equation systems, 2006.
6 T. Chen, B. Ploeger, J. van de Pol, and T.A.C. Willemse, Equivalencechecking for infinite systems using parameterized boolean equationsystems, 2007.
7 S.M. Orzan and T.A.C. Willemse, Invariants for parameterised booleanequation systems, 2008.
71/105
![Page 123: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/123.jpg)
Outline
1 Basic process algebra
2 Parallelism and abstraction
3 Processes with data
4 Linear processes
5 Temporal Logic
6 Verification
7 Toolset overview and demo
8 Hands-on experience
9 Wrap-up
10 Industrial case studies
72/105
![Page 124: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/124.jpg)
Toolset overviewIntroduction
The mCRL2 toolset can be used for modelling, validationand verification of concurrent systems and protocols.
Developed at the department of Mathematics andComputer Science of the Technische UniversiteitEindhoven, in collaboration with LaQuSo and CWI.
The mCRL2 toolset is available for the followingplatforms:
Microsoft WindowsLinuxMac OS XFreeBSDSolaris
Available at http://mcrl2.org
73/105
![Page 125: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/125.jpg)
Toolset overviewTool categories
Processspecification
Modalformula
LineariserPBES
generator
Theoremproving
Linearprocess
specification
Parametrisedboolean equation
system
SimulatorsLTS
generatorBES
generator Solvers
Labelledtransition
system
Booleanequationsystem
Visualisers
user input
abstract
concrete
74/105
![Page 126: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/126.jpg)
Toolset overviewLinear process specifications
LPS tools:
Generation:
mcrl22lps: Linearise a process specification
Information:
lpsinfo: Information about an LPSlpspp: Pretty prints an LPS
Simulation:
sim: Text based simulation of an LPSxsim: Graphical simulation of an LPS
75/105
![Page 127: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/127.jpg)
Toolset overviewLinear process specifications (2)
LPS tools:
Optimisation:
lpsconstelm: Removes constant process parameterslpsparelm: Removes irrelevant process parameterslpssuminst: Instantiate sum operatorslpssumelm: Removes superfluous sum operatorslpsactionrename: Renaming of actionslpsconfcheck: Marks confluent tau summandslpsinvelm: Removes violating summands on invariantslpsbinary: Replaces finite sort variables by vectors ofboolean variableslpsrewr: Rewrites data expressions of an LPSlpsuntime: Removes time from an LPS
76/105
![Page 128: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/128.jpg)
Toolset overviewLabelled transition systems
LTS tools:
Generation:
lps2lts: Generates an LTS from an LPS
Information and visualisation:
ltsinfo: Information about an LTStracepp: View traces generated by sim/xsim or lps2ltsltsgraph: 2D LTS graph based visualisationltsview: 3D LTS state based clustered visualisationdiagraphica: Multivariate state visualisation andsimulation analysis for LTSs
Comparison, conversion and minimisation:
ltscompare: Compares two LTSs with respect toan equivalence or preorderltsconvert: Converts and minimises an LTS
77/105
![Page 129: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/129.jpg)
Toolset overviewParameterised boolean equation systems
PBES tools:
Generation:
lps2pbes: Generates a PBES from an LPS and atemporal formulatxt2pbes: Parses a textual description of a PBES
Information:
pbesinfo: Information about a PBESpbes2pp: Pretty prints a PBES
Solving:
pbes2bool: Solves a PBES
Optimisation:
pbesrewr: Rewrite data expressions in a PBES
78/105
![Page 130: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/130.jpg)
Toolset overviewImport and export
Import and export tools:
chi2mcrl2: Translates a χ specification to an mCRL2specification
pnml2mcrl2: Translates a Petri net to an mCRL2specification
tbf2lps: Translates a µCRL LPE to an mCRL2 LPS
formcheck : Checks whether a boolean data expressionholds
lps2torx: Provide TorX explorer interface to an LPS
79/105
![Page 131: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/131.jpg)
Toolset demo: dining philosophers
Dining philosophers:
1 Problem description
2 Model the problem
3 Verify the problem
4 A solution
5 Verify the solution
80/105
![Page 132: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/132.jpg)
Toolset demo: dining philosophersProblem description
Illustrative example of acommon computing problemin concurrency
5 hungry philosophers
5 forks in-between thephilosophers
Rules:
Philosophers cannotcommunicateTwo forks are neededfor eating
p1
p2
p3 p4
p5
f1
f2
f3
f4
f5
81/105
![Page 133: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/133.jpg)
Toolset demo: dining philosophersProblem description (2)
Deadlock: Every philosopher holds a left fork and waitsfor a right fork (or vice versa).
Starvation: If a philosopher cannot acquire two forkshe will starve.
The dining philosophers problem is a generic and abstractproblem used for explaining various issues which arise inconcurrency theory.
The forks resemble shared resources.
The philosophers resemble concurrent processes.
82/105
![Page 134: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/134.jpg)
Toolset demo: dining philosophersModelling the problem: data types
Data type for representing the philosophers and the forks:
sort PhilId = struct p1 | p2 | p3 | p4 | p5;ForkId = struct f1 | f2 | f3 | f4 | f5;
Function for representing the positions of the forks relative tothe philosophers (the left and right fork):
map lf , rf : PhilId → ForkId ;eqn lf (p1) = f1; lf (p2) = f2; lf (p3) = f3;
lf (p4) = f4; lf (p5) = f5;rf (p1) = f5; rf (p2) = f1; rf (p3) = f2;rf (p4) = f3; rf (p5) = f4;
83/105
![Page 135: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/135.jpg)
Toolset demo: dining philosophersModelling the problem: individual processes
Modelling the behaviour of the philosophers:
eat(p): philosopher p eats
get(p, f): philosopher p takes up fork f
put(p, f): philosopher p puts down fork f
act get, put : PhilId × ForkId ;eat : PhilId ;
proc Phil(p : PhilId) =(get(p, lf (p)) · get(p, rf (p)) + get(p, rf (p)) · get(p, lf (p)))· eat(p)· (put(p, lf (p)) · put(p, rf (p)) + put(p, rf (p)) · put(p, lf (p)))· Phil(p);
84/105
![Page 136: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/136.jpg)
Toolset demo: dining philosophersModelling the problem: individual processes
Modelling the behaviour of the forks:
up(p, f): fork f is picked up by philosopher p
down(p, f): fork f is put down by philosopher p
act up, down : PhilId × ForkId ;proc Fork(f : ForkId) =∑
p:Phil up(p, f) · down(p, f) · Fork(f);
85/105
![Page 137: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/137.jpg)
Toolset demo: dining philosophersModelling the problem: communication and initialisation
Complete specification:
put all forks and philosophers in parallel
synchronise on actions get and up,and on actions put and down
act lock, free : PhilId × ForkId ;init ∇({lock, free, eat},
Γ({get|up→ lock, put|down→ free},Phil(p1) ‖ Phil(p2) ‖ Phil(p3) ‖ Phil(p4) ‖ Phil(p5) ‖Fork(f1) ‖ Fork(f2) ‖ Fork(f3))) ‖ Fork(f4) ‖ Fork(f5)));
86/105
![Page 138: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/138.jpg)
Toolset demo: dining philosophersAnalysing the model
Linearisation:mcrl22lps -vD dining5.mcrl2 dining5.lps
Sum instantation:lpssuminst -v dining5.lps dining5.sum.lps
Constant elimination:lpsconstelm -v dining5.sum.lps dining5.sum.const.lps
Parameter elimination:lpsparelm -v dining5.sum.const.lps
dining5.sum.const.par.lps
Generate state space:lps2lts -vD dining5.sum.const.lps dining5.sum.const.lts
Deadlock detected!
87/105
![Page 139: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/139.jpg)
Toolset demo: dining philosophersA Possible solution: the waiter
Waiter:
Decides whether a philosopher may pick up two forks
Only allowed when less than four forks are in use
p1
p2
p3 p4
p5
f1
f2
f3
f4
f5
88/105
![Page 140: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/140.jpg)
Toolset demo: dining philosophersModelling the solution: actions
New actions:
ack(p): philosopher p takes the opportunity to pick uptwo forks and eat
done(p): philosopher p signal the waither that he is doneeating and has put down both forks
act r ack, s ack, ack : Phil ;r done, s done, done : Phil ;
89/105
![Page 141: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/141.jpg)
Toolset demo: dining philosophersModelling the solution: the waiter
Modelling the behaviour of the waiter:
proc Waiter(n : N) =(n < 4) →
∑p:Phil s ack(p) ·Waiter(n+2)
+ (n > 1) →∑
p:Phil r done(p) ·Waiter(Int2Nat(n−2));
90/105
![Page 142: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/142.jpg)
Toolset demo: dining philosophersModelling the solution: the philosophers
Extend the philosopher process:
proc Phil(p : PhilId) =r ack(p)· (get(p, lf (p)) · get(p, rf (p)) + get(p, rf (p)) · get(p, lf (p)))· eat(p)· (put(p, lf (p)) · put(p, rf (p)) + put(p, rf (p)) · put(p, lf (p)))· s done(p)· Phil(p);
91/105
![Page 143: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/143.jpg)
Toolset demo: dining philosophersModelling the solution: communication and initialisation
Complete specification:
init ∇({lock, free, eat, ack, done},Γ({get|up→ lock, put|down→ free
r ack|s ack→ ack, r done|s done→ done,
Phil(p1) ‖ Phil(p2) ‖ Phil(p3) ‖ Phil(p4) ‖ Phil(p5) ‖Fork(f1) ‖ Fork(f2) ‖ Fork(f3) ‖ Fork(f4) ‖ Fork(f5) ‖Waiter(0)));
92/105
![Page 144: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/144.jpg)
Toolset demo: dining philosophersVerifying the solution
Deadlock freedom: Yes
[true∗] 〈true〉 true
1 lps2pbes --formula=nodeadlock.mcf dining5 waiter.lpsdining5 waiter nd.pbes
2 pbes2bool dining5 waiter nd.pbes
Starvation freedom: Yes
∀p:Phil [true∗ · (¬eat(p))∗] 〈(¬eat(p))∗ · eat(p)〉 true
1 lps2pbes --formula=nostarvation.mcf dining5 waiter.lpsdining5 waiter ns.pbes
2 pbes2bool dining5 waiter ns.pbes
93/105
![Page 145: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/145.jpg)
Outline
1 Basic process algebra
2 Parallelism and abstraction
3 Processes with data
4 Linear processes
5 Temporal Logic
6 Verification
7 Toolset overview and demo
8 Hands-on experience
9 Wrap-up
10 Industrial case studies
94/105
![Page 146: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/146.jpg)
Hands-on experience
Start up:
Boot the laptop into Ubuntu!
Log in as usual (local).
Start a terminal window and go to directory:
~/Desktop/VendingMachine for the vending machine
~/Desktop/RopeBridge for the rope bridge
Directories are also visible on your desktop.
Information on mCRL2 language/tools can be found:
in your handouts
on the website: http://mcrl2.org
Good luck!
95/105
![Page 147: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/147.jpg)
Outline
1 Basic process algebra
2 Parallelism and abstraction
3 Processes with data
4 Linear processes
5 Temporal Logic
6 Verification
7 Toolset overview and demo
8 Hands-on experience
9 Wrap-up
10 Industrial case studies
96/105
![Page 148: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/148.jpg)
Outline
1 Basic process algebra
2 Parallelism and abstraction
3 Processes with data
4 Linear processes
5 Temporal Logic
6 Verification
7 Toolset overview and demo
8 Hands-on experience
9 Wrap-up
10 Industrial case studies
97/105
![Page 149: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/149.jpg)
Industrial case studiesOverview
Some industrial case studies:
Oce: automated document feeder
Add-controls: distributed system for lifting trucks
CVSS: automated parking garage
Vitatron: pacemaker
AIA: ITP load-balancer
98/105
![Page 150: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/150.jpg)
Industrial case studiesOce: automatic document feeder
Feed documents to the scanner automatically
One sheet at a time
Prototype implementation
Analysis:
Model: µCRL
Verification: CADPµ-calculus model checking
Size: 350,000 statesand 1,100,000 transitions
Actual errors found: 2
99/105
![Page 151: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/151.jpg)
Industrial case studiesAdd-controls: distributed system for lifting trucks
Each lift has a controller
Controls are connected in a circular network
3 errors found after testing by the developers
Analysis:
Model: µCRL
Verification: µ-calculus
Actual errors found: 4
Lifts States Transitions
2 383 7163 7,282 18,9574 128,901 419,1085 2,155,576 8,676,815
100/105
![Page 152: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/152.jpg)
Industrial case studiesCVSS: automated parking garage
An automated parking garage:
101/105
![Page 153: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/153.jpg)
Industrial case studiesCVSS: automated parking garage (2)
Verified design:
Design of the control software
Verified the safety layer of this design
Analysis:
Design: 991 lines of mCRL2
Verification: 217 lines of mCRL2
Size: 3.3 million states and 98 million transitions
Simulation using custom built visualisation plugin
102/105
![Page 154: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/154.jpg)
Industrial case studiesCVSS: automated parking garage (3)
Design flaws detected using the visualisation plugin:
103/105
![Page 155: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/155.jpg)
Industrial case studiesVitatron: pacemaker
Controlled by firmware
Must deal with all possible rates and arrhythmias
Firmware design
Analysis:
Model: mCRL2 (and Uppaal)
Verification: mCRL2 state spacegeneration and µ-calculus model checking
Size:
full model: 500 million statessuspicious part: 714.464 states
Actual errors found: 1 (known)
104/105
![Page 156: Behavioural Analysis using mCRL2 - win.tue.nl fileIPA Course on Formal Methods Technische Universiteit Eindhoven June 26, 2008 1/105. 7 Introduction Analysis techniques Main analysis](https://reader031.vdocument.in/reader031/viewer/2022022117/5caa521d88c993e3548b69fb/html5/thumbnails/156.jpg)
Industrial case studiesAIA: ITP load-balancer
ITP: Intelligent Text Processing
Print job distribution over document processors
7,500 lines of C code
Analysis:Load balancing part
Model: mCRL2
Verification: mCRL2state space generation
Actual errors found: 6
Size: 1.9 billion statesand 38.9 billion transitions
LaQuSo certification105/105