Upload File

spin: part 2

25
© 2011 Carnegie Mellon University SPIN: Part 2 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014

Upload: coen

Post on 23-Feb-2016

40 views

Category:

Documents


0 download

Report

DESCRIPTION

SPIN: Part 2. 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014. Control flow. We have already seen some Concatenation of statements, parallel execution, atomic sequences There are a few more Case selection, repetition, unconditional jumps. Case selection. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: SPIN: Part 2

© 2011 Carnegie Mellon University

SPIN: Part 2

15-414/614 Bug Catching: Automated Program Verification

Sagar ChakiApril 21, 2014

Page 2: SPIN: Part 2

2SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

Control flow

We have already seen some•Concatenation of statements, parallel execution, atomic sequences

There are a few more•Case selection, repetition, unconditional jumps

Page 3: SPIN: Part 2

3SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

Case selection

Cases need not be exhaustive or mutually exclusive•Non-deterministic selection

Page 4: SPIN: Part 2

4SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

Repetition

Page 5: SPIN: Part 2

5SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

Repetition

Page 6: SPIN: Part 2

6SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

Unconditional jumps

Page 7: SPIN: Part 2

7SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

Procedures and Recursion

Procedures can be modeled as processes•Even recursive ones•Return values can be passed back to the calling process via a global variable

or a message

Page 8: SPIN: Part 2

8SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

Time for example 3

Page 9: SPIN: Part 2

9SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

Timeouts

Get enabled when the entire system is deadlocked

No absolute timing considerations

Page 10: SPIN: Part 2

10SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

Assertions

•pure expression

If condition holds ) no effect

If condition does not hold ) error report during verification with Spin

Page 11: SPIN: Part 2

11SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

Time for example 4

Page 12: SPIN: Part 2

12SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

LTL model checking

Two ways to do it

Convert Kripke to Buchi•Convert claim (LTL) to Buchi•Check language inclusion

OR•Convert ~Claim (LTL) to Buchi•Check empty intersection

Page 13: SPIN: Part 2

13SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

What Spin does

Checks non-empty intersection•Requires very little space in best case

Works directly with Promela•No conversion to Kripke or Buchi

Must provide Spin with negation of property you want to prove

Page 14: SPIN: Part 2

14SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

LTL syntax in SPIN

Page 15: SPIN: Part 2

15SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

Time for example 5

Page 16: SPIN: Part 2

16SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

Peterson’s Algorithm in SPINbool turn, flag[2];

active [2] proctype user(){ assert(_pid == 0 || _pid == 1);again: flag[_pid] = 1; turn = _pid; (flag[1 - _pid] == 0 || turn == 1 - _pid);

/* critical section */

flag[_pid] = 0; goto again; }

Active process:automatically creates instances of processes

_pid:Identifier of the process

assert:Checks that there are only at most two instances with

identifiers 0 and 1

Page 17: SPIN: Part 2

17SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

Peterson’s Algorithm in SPINbool turn, flag[2];byte ncrit;

active [2] proctype user(){ assert(_pid == 0 || _pid == 1);again: flag[_pid] = 1; turn = _pid; (flag[1 - _pid] == 0 || turn == 1 - _pid);

ncrit++; assert(ncrit == 1); /* critical section */ ncrit--;

flag[_pid] = 0; goto again; }

ncrit:Counts the number of

Process in the critical section

assert:Checks that there are alwaysat most one process in the

critical section

Page 18: SPIN: Part 2

18SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

Peterson’s Algorithm in SPINbool turn, flag[2];bool critical[2];

active [2] proctype user(){ assert(_pid == 0 || _pid == 1);again: flag[_pid] = 1; turn = _pid; (flag[1 - _pid] == 0 || turn == 1 - _pid); critical[_pid] = 1; /* critical section */ critical[_pid] = 0;

flag[_pid] = 0; goto again; }

mutex

no starvation

alternation

alternation

Use a pair of flags instead of a count

Page 19: SPIN: Part 2

19SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

Peterson’s Algorithm in SPINbool turn, flag[2];bool critical[2];

active [2] proctype user(){ assert(_pid == 0 || _pid == 1);again: flag[_pid] = 1; turn = _pid; (flag[1 - _pid] == 0 || turn == 1 - _pid); critical[_pid] = 1; /* critical section */ critical[_pid] = 0;

flag[_pid] = 0; goto again; }

holds

holds

does not hold

does not hold

Page 20: SPIN: Part 2

20SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

N

S

W

Traffic Controller

Page 21: SPIN: Part 2

21SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

Modeling in SPIN

System• No turning allowed• Traffic either flows East-West or North-South• Traffic Sensors in each direction to detect waiting vehicles• Traffic.pml

Properties:• Safety : no collision (traffic1.ltl)• Progress – each waiting car eventually gets to go (traffic2.ltl)• Optimality – light only turns green if there is traffic (traffic3.ltl)

Page 22: SPIN: Part 2

22SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

Dining Philosophers

Page 23: SPIN: Part 2

23SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

Modeling in SPIN

Each fork is a rendezvous channel

A philosopher picks up a fork by sending a message to the fork.

A philosopher releases a fork by receiving a message from the fork.

Properties• No deadlock• Safety – two adjacent philosophers never eat at the same time – dp0.ltl• No livelock – dp1.ltl• No starvation – dp2.ltl

Versions• dp.pml – deadlock, livelock and starvation• dp_no_deadlock1.pml – livelock and starvation• dp_no_deadlock2.pml – starvation

Page 24: SPIN: Part 2

24SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

References

http://cm.bell-labs.com/cm/cs/what/spin/

http://cm.bell-labs.com/cm/cs/what/spin/Man/Manual.html

http://cm.bell-labs.com/cm/cs/what/spin/Man/Quick.html

http://cm.bell-labs.com/cm/cs/what/spin/
http://cm.bell-labs.com/cm/cs/what/spin/Man/Manual.html
http://cm.bell-labs.com/cm/cs/what/spin/Man/Manual.html
http://cm.bell-labs.com/cm/cs/what/spin/Man/Quick.html
http://cm.bell-labs.com/cm/cs/what/spin/Man/Quick.html
Page 25: SPIN: Part 2

25SPIN – Part 2Sagar Chaki, April 23, 2014© 2011 Carnegie Mellon University

Questions?

Sagar ChakiSenior Member of Technical StaffRTSS ProgramTelephone: +1 412-268-1436Email: [email protected]

U.S. MailSoftware Engineering InstituteCustomer Relations4500 Fifth AvenuePittsburgh, PA 15213-2612USA

Webwww.sei.cmu.edu/staff/chaki

Customer RelationsEmail: [email protected]: +1 412-268-5800SEI Phone: +1 412-268-5800SEI Fax: +1 412-268-6257

mailto:[email protected]

SPIN MATRICES FOR ARBITRARY SPIN - Reed College › physics › faculty › wheeler... · 4 Spin matrices whichimpliesandisimpliedbythestatements σσ2 1 =σσ 2 2 =σσ 2 3 =I (6.1)

2”-3” Spin Klin Automatic disc filtration system TM · 2”-3” Spin KlinTM Automatic disc filtration system ... The Arkal 2”- 3” Spin KlinTM series are modular, ... 3 4

09 Spin Manipulation Chapter 2

Coaching SPIN 2. 0solutionsheet

© 2011 Carnegie Mellon University SPIN: Part 2 15-414 Bug Catching: Automated Program Verification and Testing Sagar Chaki November 2, 2011

Spin Master - Mgmt Roadshow Presentation (Jul 2 … TOYS AND GAMES MARKET ... SPIN MASTER OVERVIEW . 10 EXCEPTIONAL BRAND ... Spin Master - Mgmt Roadshow Presentation (Jul 2 2015)

Thermo Scientific SPIN TISSUE PROCESSOR INSTRUCTION … · Thermo Scientific Spin Tissue Processor Microm STP 120 2 Microm International GmbH part of Thermo Fisher Scientific Otto-Hahn-Str

Bethe Ansatz and Open Spin-1/2 XXZ Quantum Spin Chain

Low Spin S = 1/2 n = 1 High Spin S = 5/2 n = 5 Intermediate Spin S = 3/2 n = 3 How will the spin state of Fe(porphyrin) complexes change on binding imidazole?

Wilhelm Wilhelmsen Holding analysis (Part 2)€¦ · Wilhelm Wilhelmsen Holding analysis (Part 2) July 10, 2016 In this final part I will be discussing the topics below: 1) Post spin-off

SPIN: Part 1

The Spin Model Checker : Part I Moonzoo Kim KAIST

The Spin Model Checker : Part I

An introduction to Electron Spin Resonance (ESR), Nov 1 st 2006 An Introduction to Electron Spin Resonance (ESR). Part 2. Pulse methods and distance measurements

Spin-off Monthly report September issue 2011 - …hanabergh.com/researchproducts/smallcaps/documents/Spin...2 Spin-Off Research September 2011 Table of Contents Spin-Off Announcement

Electron arrangement part 4 orbitals and spin

Imaging Sequences part II Gradient Echo Spin Echo Fast Spin Echo Inversion Recovery

13.9 Spin-Spin Splitting 13.9 Spin-Spin Splitting

Quantum Spin Liquid Behaviors in the Random Spin-1/2 ...nqs2014.ws/archive/Presen...Quantum Spin Liquid Behaviors in the Random Spin-1/2 Heisenberg Antiferromagnets on the Triangular

SPIN: Part 2emc/15414-f12/lecture/spin2.pdf · 2012. 11. 14. · © 2011 Carnegie Mellon University SPIN: Part 2 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki

Chapter Six Part 2 Arrangement of Electrons in Atoms · Arrangement of Electrons in Atoms MAR Electron Spin Quantum Number, m s MAR Electron spin can be proven experimentally. Two

Teil 2: Spin-Spin Kopplung - otto-diels-institut.de · NMR-Spektroskopie Teil 2: Spin-Spin Kopplung 1. Die skalare Spin-Spin Kopplung 2. Multiplizitaet und Intensitaetsverteilung

Excitations of the Gapped XXZ Heisenberg Spin-1/2 ChainCaux) that are designed to e ectively calculate e. g. spin-spin correlation functions. For the gapped XXZHeisenberg spin-1/2

ME 392 Chapter 5 Spin Balancing February 21, 2012 week 7 part 2

SPIN: Part 2emc/15414-f12/lecture/spin2.pdf© 2011 Carnegie Mellon University SPIN: Part 2 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki November 14, 2012

€¦ · 2 Spin-Off Research September 2011 Table of Contents Spin-Off Announcement Calendar

Lecture 2: Instrumentation - Spin Dynamics

Step 2 Spin and Racket Angles: It's a Game of Spin 2 - Spin and Racket Angles - It's a Game... · 20 Table Tennis: Steps to Success Step 2 Spin and Racket Angles: It's a Game of Spin

Spin Glas Dynamics and Stochastic Optimization Schemes · Spin Glas Dynamics and Stochastic Optimization Schemes Karl Heinz Hoffmann TU Chemnitz. 2 Spin Glasses spin glass? Frustration

ROUND BALE WRAPPER Spin S Spin F - jawas.home.pljawas.home.pl/samasz/instrukcje/IN129USA.pdf · Operator's Manual Round bale wrapper Spin S, Spin F - 2 - 1. IDENTIFYING THE MACHINE

Elementary Relativistic Wave Mechanics of Spin 0 and Spin 1/2

Spin Echo Study of the Dynamics of Spin Ice Ho 2 Ti 2 O 7

Spin-Resistant Airframe (SRA) - ICON Aircraft · ideally suited for spin-resistance testing of the A5. The FAA Part 23 spin-resistance standards require tests across the range of

Spin Palace Casino Spin Spin Spin to Win!

The Dynamical Approach to Spin-2 Gravityphilsci-archive.pitt.edu/18016/1/spin-2.pdf · 2020. 8. 21. · The Dynamical Approach to Spin-2 Gravity Kian Salimkhani Forthcoming in Studies