shinya umeno nancy lynch’s group csail, mit tds seminar september 18 th, 2009 machine-assisted...
DESCRIPTION
Shinya Umeno, TDS seminar, September 18 th 2009 Keywords of The Talk Time-Parametric Verification Timing Parameter Constraint Synthesis Real-time System Analysis (Formal Methods) Event-Order-Based Abstraction of Timed Systems Case Study Using an “Industrial” ExampleTRANSCRIPT
![Page 1: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/1.jpg)
Shinya UmenoNancy Lynch’s GroupCSAIL, MIT
TDS seminar
September 18th, 2009
Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event Order Abstraction
![Page 2: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/2.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
FORMATS 2009The 7th International Conference on Formal Modelling and Analysis of Timed Systems
Mostly theory papers (decidability, recognizability, etc).
Some application papers (using Alur-Dill automata and UPPAAL).
No parametric approach paper, except for mine.
FACTS:
![Page 3: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/3.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Keywords of The Talk
Time-Parametric Verification
Timing Parameter Constraint Synthesis
Real-time System Analysis (Formal Methods)
Event-Order-Based Abstraction of Timed Systems
Case Study Using an “Industrial” Example
![Page 4: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/4.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
OutlineBiphase Mark Protocol (BMP)
Our Approach: Event Order Abstraction
Case Study ResultBad Event Orders of BMP
Parameter Constraints for Bad EOs
Timing Constraints for Correctness
Human Guidance + Automatic Synthesis
Case Studies by Several Approaches
(Umeno, EMSOFT 2008)
![Page 5: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/5.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
- is a lower-layer communication protocol for consumer and industrial electronics.
- uses timing constraints on system’s behavior to encode and decode bits.
Biphase Mark Protocol (BMP)
- used in a digital audio protocol, S/PDIF (Sony Philips Digital InterFace)
![Page 6: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/6.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Biphase Mark Protocol (BMP)Bits to be sent: 1 0 1 1
Cell:
Sub-Cell:(Mark)
Signal
Time
Represents 1 by Toggling, and 0 by Flat signal
![Page 7: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/7.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Biphase Mark Protocol (BMP)Bits to be sent: 1 0 1 1
Cell:
Sub-Cell:(Mark)
Signal:
Time
Detects a signal level change
Detection:
![Page 8: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/8.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Biphase Mark Protocol (BMP)Bits to be sent: 1 0 1 1
Cell:
Sub-Cell:(Mark)
Signal:
Time
Detects a signal level change
Detection:
Check a signal level change
![Page 9: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/9.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Biphase Mark Protocol (BMP)Bits to be sent: 1 0 1 1
Cell:
Sub-Cell:(Mark)
Signal:
Time
Detection:
Decoded Bits: 1 0 1 1
Toggling is detected Flat is detected
![Page 10: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/10.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Biphase Mark Protocol (BMP)Bits to be sent: 1 0 1 1
Cell:
Sub-Cell:(Mark)
Signal:
Time
Detection:
Decoded Bits: 1 0 1 1
Timing Parameters: C, M1, , T (and Metastability H)
![Page 11: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/11.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
A parametric approach gives the user more information than a fixed-parameter approach (such as the Alur-Dill timed automata approach).
• Does the system satisfy a desirable property irrespective to parameter settings?
• If a parameter setting affects system correctness, then what are parameter sets that satisfy the correctness?
Why Parametric Approach?
Optimization under parameter constraints
(Undecidable; Alur et al.)
![Page 12: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/12.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Our Goal for BMP Case StudyCorrectness:
Synthesize parameter constraints under which the correctness is guaranteed.
1. Sent bits = Decoded bits2. No decoding overflow/underflow
- Special module for tracking the information
Goal:
Sender Receiver
Monitor
Signal Toggling
Sending Bits Decoded Bits
![Page 13: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/13.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Why is BMP Parametric Verification Challenging?
s0 (DetectF, Δ) s1 (DetectF, 2Δ) s2 (DetectF, 3Δ) s3 …
s0 DetectF s1 DetectF s2 DetectF s3 …
Timed execution:
Untimed execution:
All of si’s are different!Reachable state (fixed point) computation will not terminate.
All of si’s are same (DetectF is just a stuttering transition).
(TReX extrapolation technique takes care of this.)
Due to repetitions with timing constraints!
![Page 14: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/14.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Modeling: Time-Interval Automata
A time-interval automaton (A,b) is an I/O automaton A with an interval boundmap b.
An I/O automaton:• Is a classical state transition machine with
distinguished input/output/internal actions.• Is typically described using a guarded-
command style language.Suitable for concurrent/distributed systems.
![Page 15: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/15.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Interval Boundmapb (, ) = [L , U ]
An action of A
A set of actions that follow
A lower bound L and an upper bound U for the duration between and any
action in
b (DetectF, {DetectF, DetectT}) = []
Example from BMP:
b (DetectT, {Decode} ) = [] (Sampling distance)
(Repeated checks)
![Page 16: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/16.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
TIA Code of the Encoder
Precondition (transition guard)
State variables
Transition signatures
Effects (transition commands)
Time bounds
Automaton Declaration
![Page 17: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/17.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Overview of Our Approach (Event Order Abstraction, EOA)
Performed by our tool METEORS
1. Verification of Untimed Model + Event Order Constraints
2. Automatic Synthesis of Timing Parameter Constraints from Event Order Constraints
We split timed verification into two parts:
Untimed ModelEvent Order Constraints
Bad Event Order
Model-Checking Event Order Generalization(Subclass of Regular Expression)
![Page 18: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/18.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
• He/she then model-checks:
• The user first identifies a candidate set of bad event orders (which may be empty).
• Monitors are constucted by a support tool from the given orders (for model-checking).
not SafetyPropertyViolated.
A monitor raises a flag if a bad event order is detected in the current model execution.
Untimed Model not Monitor.raiseFlag
Identifying Bad Event Orders
![Page 19: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/19.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Bad Scenario Example of BMP
Edge0 New Edge (0 or 1)
Decode 1 !!
Flat
![Page 20: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/20.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Bad Scenario Example of BMP
Edge0 New Edge (0 or 1)
Decode 1 !!
Flat
DetectF-DetectF-DetectF-Edge0-DetectT-Edge0-Decode•This event order specifies the order of
consecutive actions in an automaton execution.
![Page 21: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/21.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Bad Scenario Example of BMP
Edge0 New Edge (0 or 1)
Decode 1 !!
Flat
> c
![Page 22: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/22.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Bad Scenario Example of BMP
Edge0 New Edge (0 or 1)
Decode 1 !!
Flat
> c
< <
![Page 23: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/23.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Bad Scenario Example of BMP
Edge0 New Edge (0 or 1)
Decode 1 !!
Flat
> c
< < c >
![Page 24: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/24.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Bad Scenario Example of BMP
Edge0 New Edge (Edge0)
Flat signal for 0 is completely missed!
Metastability
![Page 25: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/25.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Bad Scenario Example of BMP
Edge0-(DetectF)*- DetectT- Settle-Edge0
Edge0 New Edge (Edge0)
![Page 26: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/26.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Bad Scenario Example of BMP
Edge0-(DetectF)*- DetectT- Settle-Edge0
Edge0 New Edge (Edge0)
<
![Page 27: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/27.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Bad Scenario Example of BMP
Edge0-(DetectF)*- DetectT- Settle-Edge0
Edge0 New Edge (Edge0)
> c
< <
![Page 28: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/28.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Bad Scenario Example of BMP
Edge0-(DetectF)*- DetectT- Settle-Edge0
Edge0 New Edge (Edge0)
> c
< <
c >
![Page 29: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/29.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Bad Scenario Example of BMP
Decode- (DetectF)*- Edge1S-(DetectF)*-Settle-Edge1T
Edge1S Edge1T
![Page 30: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/30.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Bad Scenario Example of BMP
Decode- (DetectF)*- Edge1S-(DetectF)*-Settle-Edge1T
Edge1S Edge1T
![Page 31: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/31.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Bad Scenario Example of BMP
Decode- (DetectF)*- Edge1S-(DetectF)*-Settle-Edge1T
Edge1S Edge1T
![Page 32: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/32.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Bad Scenario Example of BMP
Decode- (DetectF)*- Edge1S-(DetectF)*-Settle-Edge1T
Edge1S Edge1T
> m1
![Page 33: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/33.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Bad Scenario Example of BMP
Decode- (DetectF)*- Edge1S-(DetectF)*-Settle-Edge1T
Edge1S Edge1T
> m1
< H
![Page 34: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/34.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Bad Scenario Example of BMP
Decode- (DetectF)*- Edge1S-(DetectF)*-Settle-Edge1T
Edge1S Edge1T
> m1
< < H
![Page 35: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/35.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Bad Scenario Example of BMP
Decode- (DetectF)*- Edge1S-(DF)*- DF -Settle-Edge1T
Edge1S Edge1T
> m1
< < H
Unwinding!
m1 >
![Page 36: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/36.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Our Tool: METEORS
One event order: Disjunction of linear inequalities
Multiple event orders: Conjunction of disjunction of linear inequalities
- Automatic decomposition
Simplification of resulting constraint
- All derivable bounds
![Page 37: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/37.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Bad Scenarios of BMPFrom page 269 of the proceedings:
![Page 38: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/38.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Sufficient Parameter Constraints
m1 > H +
> M1 + Hc > H + + T
It is sufficient to satisfy three constraints for correctness of BMP.
METEORS reported:
![Page 39: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/39.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Related Work (BMP Verification)
UPPAAL and PVS:
Calendar Automata:
HyTech:
Vaandrager, F.W., de Groot, A.: Analysis of a biphase mark protocol with UPPAAL and PVS. 2006
Brown, G.M., Pike, L.: Easy parameterized verification of biphase mark and 8N1 protocols. 2006
Henzinger, T., Preussig, J., Wong-Toi, H.: Some lessons from the HYTECH experience. 2001
- Bad event order are found using UUPAAL- Constraints are manually derived from bad orders.- Correctness under the derived constraints is proved using PVS.
- BMP is modeled using Calendar Automata framework for SAL- Correctness under the derived constraints is proved using
SAL (inductive invariants must be used though proof is automatic.)
Verification
Synthesis
- Some parameters are fixed.- Model is modified: no repetitive checks with time bounds
![Page 40: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/40.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Other Case Studies of EOA
• IEEE 1394 (FireWire / i-Link), Root Contention Protocol
• Train-Gate Toy Problem
• Fischer’s Mutual Exclusion Algorithm
(Randomness is abstracted)
![Page 41: Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1af97f8b9ab059982fe6/html5/thumbnails/41.jpg)
Shinya Umeno, TDS seminar, September 18th 2009
Summary and Future Work
We synthesized parameter constraints of BMP using Event Order Abstraction (METEORS and SAL are used).
Future work:
Automatic bad event order identification
- List of counter examples from model-checking
- Automatic “chopping” and generalization??