Verification with LoLA: 1 Basics
Upcoming SlideShare
Loading in...5
×
 

Verification with LoLA: 1 Basics

on

  • 478 views

 

Statistics

Views

Total Views
478
Views on SlideShare
358
Embed Views
120

Actions

Likes
0
Downloads
1
Comments
0

1 Embed 120

http://www.informatik.uni-rostock.de 120

Accessibility

Categories

Upload Details

Uploaded via as Apple Keynote

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n

Verification with LoLA: 1 Basics Verification with LoLA: 1 Basics Presentation Transcript

  • Verification with LoLA Niels Lohmann and Karsten Wolf The Blue Angel Germany, 1930 Run Lola Run Germany,1998
  • What is LoLA?• Explicit state space generation• Place/Transition nets• Focus on standard properties• Many reduction techniques, unique features• Stream based interface• Open source
  • Where does it come from?• INA - Integrated Net Analyzer by Peter Starke • grown for long time • state space and structural techniques • several net classes • suboptimal design decisions • MODULA 2• Papers needed tables with absolute run times
  • Purpose• Generate competitive “experimental results” tables• Explore impact of basic design decisions• ... Ship as tool
  • Milestones• 1998: 1st release• 1998-2005: State space reduction techniques• 2000: Presentation at Petri Nets• 2005-: Case studies, integration• 2007: Invited talk at Petri Nets• since 2008: Implementation of software development processes
  • Basic Design Decisions• No GUI • Realistic nets are generated, not painted • GUI blocks portability • Many GUIs available, simple connection possible • Do not want user interaction during verification
  • Basic Design Decisions• One property, one state space • as opposed to query languages on state spaces • One property, one dedicated reduction • Benefit from on-the-fly verification • Generation faster than loading
  • Basic Design Decisions• Configuration at compile time • property class, search strategy, reductions • #define instead of if() • repeated runs in same configuration
  • Featured Properties• Boundedness (place) • Reversibility• Boundedness • Home states• Reachability (marking) • LTL properties F φ, GF φ, FG φ (predicate)• Reachability (predicate) • CTL (formula)• Deadlocks• Death (transition)• Liveness (predicate)
  • Featured Reductions• Stubborn Sets • Reduction based on S/T invariants • unique: dedicated techniques for standard properties • unique.• Symmetries • Coverability graphs • unique: automated • unique: combination with other reductions determination of symmetries in low level net• Sweep-Line • unique: automated calculation of a progress measure
  • Goal of Tutorial• Can LoLA help you?• Where (and why) does it perform well?• How to (optimally) use it, to integrate it
  • Outline• Introduction • Input Language • Motivation, • State Space background, Techniques history • Using LoLA • Preview and outline • Case Studies • Basic notions • Integrating LoLA • First demo • Implementation
  • Basic notions: net• Net: [P,T,F,W,m0] • P,T finite, nonempty, disjoint • F ⊆(P x T) ∪ (T x P) • W: F →N+ • m0: P →N• Firing • t activated in m: (p,t) ∈ F m(p) ≥ W(p,t) • firing; m [t> m’: m’(p) = m(p) - W(p,t) + W(t,p)• State space: • states: reachable markings • edges: m[t>m’
  • Basic notions: properties• Place p is ... • bounded iff there is a k such that, for all reachable m, m(p) < k• Transition t is ... • dead iff it is not activated in any reachable marking• State predicate φ (p <>≤≥=≠ k, φ∧φ, φ∨φ,¬φ) is ... • reachable iff some reachable marking satisfies v • live iff, from every reachable marking, a marking is reachable that satisfies φ• Net ... • is bounded iff all places are • is reversible iff the initial marking is reachable from all reachable marking • has home states iff some marking is reachable from all reachable markings • is deadlock-free iff every reachable marking activates at least one transition
  • Basic notions: Temporal Logic• LTL: infinite path (starting in m0) satisfies ... • F φ : is satisfied at least once • GF φ: φ is satisfied in infinitely many markings • FG φ: φ is satisfied forever from some marking on• CTL: marking m satisfies ... • AX (EX) φ: φ holds in all (some) immediate successor marking • AF (EF) φ: every (some) path from m contains a marking satisfying φ • AG (EG) φ: on every (some) path from m, φ holds in all markings • A(E) φ U ψ: on every (some) path starting in m, there is a marking that satisfies ψ such that all preceding markings satisfy φ
  • Basic notions: State Space• Strongly connected component (scc) • max set of mutually reachable states • partitions state space • form acyclic graph, maximal elements: terminal scc (tscc)• Properties vs scc: • reversible: net has one scc • home states: net has one tscc • live: satisfiable in all tscc
  • Basic notions: Search• Depth first • can be extended easily for detecting cycles and scc • tends to yield long paths• Breadth first • difficult to detect cycles and scc • yields shortest path