28.05.08 ukrprog 2008 1 formal requirement language and its applications a.letichevsky glushkov...
TRANSCRIPT
28.05.08
Ukrprog 2008
1
Formal requirement language and its applications
A.LetichevskyGlushkov Institute of Cybernetics
28.05.08 Ukrprog 2008 2
Formal requirement language BPSL
(Basic Protocol Specification Language)is an insertion modeling language
used for formal representing requirementsin distributed concurrent systems design
28.05.08 3
Historical prerequisitesof insertion modeling
А В
finite automata
Infinite registers with periodically defined transformations
Computer model Glushkov 1961-1965
Theory of descrete processors70-е
Joint software and hardware design
Theory of descrete processors70-е
Joint software and hardware design
Models of macroconveyer computations
80-е
Insertion programming and
modeling2000 - ...
cooperation with Motorola Theory of interaction of
agents and environemnts90-е
Ukrprog 2008
nenvironment
environment
agents
Insertion function
4
А В
Finiteautomata
Infinite registers withperiodically definedtransformations
BiAyxxFx jiiiii ),,...,,(21
Ukrprog 2008
80-еMacroconveyercomputations overdata structures
Active agents passive
environment
28.05.08
Active environment
28.05.08
Ukrprog 2008
5
nenvironment
environment
agents
Insertionfunction
Possesses behavior which is changed when new agents are inserted into it
28.05.08 6
Insertion modelingTechnology of constructing and studying
of real systems models by representing them as compositions of interacting
agents and environments
FormalyAgents: labeled transition systems
Environments: attribute transition systemsComposition: continuous insertion function
characterizing the behavior of environment with agents inserted into it
A kind ofModel Driven Engineering
Ukrprog 2008
Simple example: readers and writers
28.05.08 Ukrprog 2008 7
environment( agent types:( reader: (
registered: Bool, access allowed: Bool
), writer: Nil ); attributes:( rec: symb, queue: list of symb ); safety condition: Forall(m:reader)( m.access allowed->m.registered ); initial condition:( Forall(m:reader)( ~(reader m.registered)& ~(reader m.access allowed) ) ));
Environment description
BPS = environment description +[agent behaviors] + basic protocols
Agent behaviors
28.05.08 Ukrprog 2008 8
state reduction: rs(x)( reader init = register.(loop read; release), writer init = (loop write; release), loop x = (x;(loop x + Delta)))
incorrect state reduction: rs()( reader init = register state + read state + release state, register state = register. reader init, read state = read. reader init, release state = release. reader init, writer init = write state + writer release, write state = write. writer init, writer release = release. writer init)
Basic protocols: register and read
28.05.08 Ukrprog 2008 9
reader m env
reader(m, register.s)&
~(reader m.registered)
reader(m, s)&
reader m.registered
register m
ok
register(m,s)
reader m env
reader(m, read.s)&
reader m.access allowed
reader(m, s)&
~(reader m.access allowed)
read m
rec
read(m,s)
Forall(m,s)
Release and write
28.05.08 Ukrprog 2008 10
reader m env
reader(m, release.s)&
reader m.registered
reader(m, s)&
~(reader m.registered)
release m
ok
release(m,s)
writer m env
writer(m, write x.s)
writer(m, s)&
add_to_tail(queue,(m:x))
write(m:x)
ok
write(m,s,x)
Forall(m,s,x)
Update
28.05.08 Ukrprog 2008 11
rec
update x
update(x,t)
(queue=t)&(rec=x)&
Forall(n:reader)(n.registered->
n.access allowed)
(queue=(x,t))&
Exist(n:reader)(n.registered)&
Forall(n:reader)(n.registered->
~(n.access allowed))
queueForall(x,t)
BPSL partially implemented in VRSenvironment description
28.05.08 Ukrprog 2008 12
Types: Data types
simple: int, real, Bool, intervals, enumerated, symbolic (free terms), agent behaviors (process algebra), ADT
lists: list (m) of τ (simple)functional: (simple, arrays are considered as functional types)
Agent types: defined by the set of typed agent attributes
Environment attributes:used as functional symbols (simple= arity 0)
Agent attributes: typed namesInstances: (for MSC as processes in BPs)Axioms: formulas without attributes (ADT)Rewriting rule systems: equations as in APS (ADT and normal forms) Initial states: formula of basic language or concrete state
,...),( 21
Abstract representation of basic protocol
28.05.08 Ukrprog 2008 13
Algebraic representation:
x – list of typed parameters, P – process, and are pre- and postconditions.
Preconditions:1-st order formula with the following literals:
State assumptions (like reader(m, release.s)) Linear inequalities for numericEqualities and disequalities for symbolicBoolean attribute expressions Uninterpreted predicates
Postconditions:1-st order formula as in precondition Assignments x:=y considered as statements x´=y Updating lists
))()()(( Forall xxPxx )(x )(x
14
Semantics of BPSL
14
Defined by the notion of implementation: Attributed transition system with validity relation s|=α ,…such that for each BP and its instantiation
(direct implementation)
(inverse implementation)
For each finite MSC C such that (permutability relation on actions and partially sequential composition of processes).Concrete implementations: interpretation of signature and initial states are fixed as well as deterministic transitions, validity is computed from attribute valuations. Abstract implementations: interpretation of signature and initial states are not fixed, validity is inferenced from the states labeling.
|,| ][][ ssss CB
))()()(( Forall xxPxx )(tPB
][][ CB
|),|( ][][ ssss CB
Ukrprog 200828.05.08
Some new results on abstractions
28.05.08 Ukrprog 2008 15
A class of concrete implementations Concr(P) is defined and proved to be direct and inverse implementations of consistent BPS P.
Two classes Adir(P) and Ainv(P) of direct and inverse abstract implementations has been defined and proved to be implementations of consistent BPS P.
Each abstract implementation is an abstraction of some concrete one.
There exist the most abstract implementation (is an abstraction of all concrete implementations).
16
Tools forstatic and dynamic
requirements checking
The applications of BPSL
VRS Verification of Requirement
Specificationsa tool developed
for Motorola
Formalizing requirementsExperience in Telecommunications, telematics and other application domains
(projects for Motorola) Formal description of MPI library
(projects for Intel)
Generating tests from requirement specifications
28.05.08 Ukrprog 2008 17
Static requirements checking
• Proving consistency and completeness
• Proving safety
• Computing invariantsPreconditions for BPs (with the same external actions) must not
intersect
Disjunction of preconditions is valid
28.05.08 Ukrprog 2008 18
Symbolic trace generation
• Checking applicability of protocol– Satisfiability of current state and precondition
– Proving existential formula
• Computing predicate transformer– Proving predicate transformer formula
• Combining numeric and symbolic constraints
• Using data structures (arrays, lists etc.)
28.05.08 19
Experience in application of VRS
Tens of application systems from the domains:Telecommunications
Embedded systemsReal time systems
Sizes of formal requirements:Southands of basic protocols Handreds of attributes
Handreds of errors found in documentationsSouthands of tests providing complete covering of requirements Transition from piloting to commercial use of VRS tools.
Ukrprog 2008
28.05.08 20
Some new application domains
Parallel computations:Formalization of MPI libraryMethods of checking of correctness of parallel programs
using MPIInformation security:
Experiments on finding the possibility of attac on secure protocols of secret data exchange.
Ukrprog 2008