SlideShare a Scribd company logo

Staroletov Design by Contract, verification of Cyber-physical systems

S
Sergey Staroletov

Modern Software Testing and Formal Verification Techniques Day 3

Software
1 of 42
Download to read offline
Modern Software Testing and Formal Verification Techniques Day 3 Sergey Staroletov Polzunov Altai State Technical University, Lenin avenue 46, Barnaul, 656038, Russia Email: serg soft@mail.ru June 26, 2019 1 / 42
Today’s agenda 1 Design-By-Contract. MS Code Contracts 2 Deductive verification of C-code with Frama-C WP 3 C-code: is LTL applicable here? 4 Cyber-physical systems and their verification 2 / 42
Overall picture of tools applicability 3 / 42
Design-By-Contract Created by Bertrand Meyer, firstly implemented in Eiffel language and based on the Sir Tony Hoare’s logic The approach is based on specifying pre-conditions, post-conditions and invariant to functions (methods, classes). 4 / 42
Design-By-Contract Well-known forms: {P}C{Q} P =⇒ [C]Q where P – precondition, C – code, Q – postcondition. Invariant is a form of a global pre- and post- condition {I}C{I} In OOP languages: Pre- and Post- conditions are specified for methods Invariant is specified for the whole class Also, for loops Loop Invariants and Loop Variant are specified The things can be specified: As a part of language syntax (Eiffel) In comments (Frama-C) In annotations and special code (MS Code contracts) 5 / 42
A bit about Hoare’s Logic Program− > (Sentence)+ Sentence− > Skip|Assignment|If|Loop|Composition 6 / 42
A bit about Hoare’s Logic Skip changes nothing Assignment has an influence to the post-condition Composition makes sequential execution with making transition of post-condition If has two branches with “or” operator which holds with 2 preconditions Loop is characterized with the Invariant of the cycle which holds before the cycle, in the cycle and after the cycle is finished. Also there is addition control for resolving The halting Turing problem – the Variant, which should decrease at the each step and to be always positive. 7 / 42
MS Code contracts Microsoft, known for its research departments, has added a method to programming using contracts for .NET programs as a special library and extension for Visual Studio. Initially, the research included Spec# (Specification Sharp) language for contract description, but now the contracts are fully integrated into the project in the target programming language (for example, in C#). Contracts can be checked: In dynamic, that is, while the program is running, expressions in the contracts are calculated, and if they are not as expected, an exception is thrown. In static, i.e. during the project build without needing it to run, a special static checker can check the program branches and find some potential errors. 8 / 42
MS VS Addition for Code Contracts 9 / 42
Class Student 10 / 42
Class Student constructor contract with a precondition 11 / 42
Class Student object invariant 12 / 42
Class Student contract violation 13 / 42
Class Student contract violation – throw the exception 14 / 42
Static checker for contracts in the IDE 15 / 42
More complex contracts 16 / 42
Add a student to a group list 17 / 42
Remove a student from a group list 18 / 42
Group invariant 19 / 42
Double check 20 / 42
Contracts in C# – resume A good method to move academic approach into production Moves logic of class stability to a class Different way of implementation of checks Does not guarantee a class correctness 21 / 42
The Weakest Precondition Dijkstra has proposed the addition to Hoare’s logic – the weakest precondition (WP approach), which requires the precondition to be as simple as possible to reach just a postcondition {P}f{Q} =⇒ {wp(f, Q)fQ} In this case, the further program verification will be as follows: we calculate W = wp(f, Q), go from the end of Q to the start of the function, and we post a task to prove P => W to a theorem prover 22 / 42
Frama-C An extensible static-analyze tool Created by INRIA Based on annotation that user write to C code by hand Some annotations can be generated ACSL language for ISO-standardized annotations, provable specification for C code To prove the annotations, the WP approach is used. 23 / 42
Frama-C: the interface 24 / 42
Frama-C: inserting runtime checks 25 / 42
ACSL example 26 / 42
ACSL example in Frama-C 27 / 42
Verifying a simple car moving model 28 / 42
Towards verifying a drone attitude PID-controller 29 / 42
Towards verifying a drone attitude PID-controller Even for this simple code the verification on real floating point numbers is challenging! 30 / 42
Towards verifying a drone attitude PID-controller 31 / 42
Towards verifying a drone attitude PID-controller We should run Frama-C on infinite abstract real numbers model! 32 / 42
Towards verifying a drone attitude PID-controller 33 / 42
Towards verifying a drone attitude PID-controller 34 / 42
Towards verifying a drone attitude PID-controller 35 / 42
C code and LTL: Aora¨ı 36 / 42
C code and LTL: Aora¨ı 37 / 42
Verification of Cyber-physical systems demo Cyber-physical system: A Cyber part – descrete controller A Physical part – continuous model of the system, here – expressed in ODEs. 38 / 42
Verification of Cyber-physical systems These systems can be modeled as Hybrid automata which represent discrete-time and continuous-time transitions; such models are known as Hybrid models and specified using the Hybrid Dynamic Logic . According to A. Platzer, the syntax of hybrid programs is defined as follows: α ::= x := e | ?Q | x = f(x)&Q | α ∪ α | α; α | α∗ (1) where α is a meta-variable for the hybrid programs, x is a meta-variable for program variables, e is a meta-variable for the first-order real-valued terms, f is a meta-variable for the continuous real functions, and Q is a meta-variable for the first-order formulas over real numbers. The construct ‘;’ means here the sequential composition, ‘∪’ — is the non-deterministic choice, ‘?’ — is the condition operator, and ‘∗’ — is the non-deterministic iteration (like Kleene-star). * Platzer, Andr´e. ”Logical Foundations of Cyber-Physical Systems.” 39 / 42
Verification of a simple PD-controller The simplification of PID is PD-controller and the model of the system is given as a Hoare’s triple: init =⇒ [controller](req) (2) Then, we decompose the system into precondition, continuous PD-controller and requirements. Precondition: init :== v ≥ 0 ∧ c > 0 ∧ Kp = 2 ∧ Kd = 3 ∧ V(p, pr , v) < c (3) The continuous state: controller :== p = v, v = −Kp · (p − pr ) − Kd · v (4) As the requirement it is proposed to try stability using Lyapunov method: req :== V(p, pr , v) < c (5) V(p, pr , v) = 5/4 · (p − pr )2 + (p − pr ) · v/2 + v2 /4 (6) *Quesel et al.: How to Model and Prove Hybrid Systems with KeYmaera 40 / 42
KeYmaera – verification results of the model KeYmaera – is an automatic theorem prover and it implements the Dynamic Differential Logic and KeYmaera’s input are hybrid programs. 41 / 42
Learn more about ways of verification and contracts 42 / 42

Recommended

High quality implementation for
High quality implementation forHigh quality implementation for
High quality implementation forijseajournal
 
Control Flow Analysis
Control Flow AnalysisControl Flow Analysis
Control Flow AnalysisEdgar Barbosa
 
De-virtualizing virtual Function Calls using various Type Analysis Technique...
De-virtualizing virtual Function Calls using various Type Analysis Technique...De-virtualizing virtual Function Calls using various Type Analysis Technique...
De-virtualizing virtual Function Calls using various Type Analysis Technique...IOSR Journals
 
HIS 2017 Mark Batty-Industrial concurrency specification for C/C++
HIS 2017 Mark Batty-Industrial concurrency specification for C/C++HIS 2017 Mark Batty-Industrial concurrency specification for C/C++
HIS 2017 Mark Batty-Industrial concurrency specification for C/C++jamieayre
 
Binary code obfuscation through c++ template meta programming
Binary code obfuscation through c++ template meta programmingBinary code obfuscation through c++ template meta programming
Binary code obfuscation through c++ template meta programmingnong_dan
 
Computer programming chapter ( 4 )
Computer programming chapter ( 4 ) Computer programming chapter ( 4 )
Computer programming chapter ( 4 ) Ibrahim Elewah
 
C_Programming_Notes_ICE
C_Programming_Notes_ICEC_Programming_Notes_ICE
C_Programming_Notes_ICEGilbert NZABONITEGEKA
 
Resume_Prathamesh_VLSI_VIT_UNIVERSITY_Cadence_11Months_Exp
Resume_Prathamesh_VLSI_VIT_UNIVERSITY_Cadence_11Months_ExpResume_Prathamesh_VLSI_VIT_UNIVERSITY_Cadence_11Months_Exp
Resume_Prathamesh_VLSI_VIT_UNIVERSITY_Cadence_11Months_ExpPrathamesh Chodankar
 

Recommended

High quality implementation for
High quality implementation forHigh quality implementation for
High quality implementation forijseajournal
 
Control Flow Analysis
Control Flow AnalysisControl Flow Analysis
Control Flow AnalysisEdgar Barbosa
 
De-virtualizing virtual Function Calls using various Type Analysis Technique...
De-virtualizing virtual Function Calls using various Type Analysis Technique...De-virtualizing virtual Function Calls using various Type Analysis Technique...
De-virtualizing virtual Function Calls using various Type Analysis Technique...IOSR Journals
 
HIS 2017 Mark Batty-Industrial concurrency specification for C/C++
HIS 2017 Mark Batty-Industrial concurrency specification for C/C++HIS 2017 Mark Batty-Industrial concurrency specification for C/C++
HIS 2017 Mark Batty-Industrial concurrency specification for C/C++jamieayre
 
Binary code obfuscation through c++ template meta programming
Binary code obfuscation through c++ template meta programmingBinary code obfuscation through c++ template meta programming
Binary code obfuscation through c++ template meta programmingnong_dan
 
Computer programming chapter ( 4 )
Computer programming chapter ( 4 ) Computer programming chapter ( 4 )
Computer programming chapter ( 4 ) Ibrahim Elewah
 
C_Programming_Notes_ICE
C_Programming_Notes_ICEC_Programming_Notes_ICE
C_Programming_Notes_ICEGilbert NZABONITEGEKA
 
Resume_Prathamesh_VLSI_VIT_UNIVERSITY_Cadence_11Months_Exp
Resume_Prathamesh_VLSI_VIT_UNIVERSITY_Cadence_11Months_ExpResume_Prathamesh_VLSI_VIT_UNIVERSITY_Cadence_11Months_Exp
Resume_Prathamesh_VLSI_VIT_UNIVERSITY_Cadence_11Months_ExpPrathamesh Chodankar
 
Introduction to algorithms
Introduction to algorithmsIntroduction to algorithms
Introduction to algorithmssubhashchandra197
 
Path testing
Path testingPath testing
Path testingMohamed Ali
 
18CSS101J PROGRAMMING FOR PROBLEM SOLVING
18CSS101J PROGRAMMING FOR PROBLEM SOLVING18CSS101J PROGRAMMING FOR PROBLEM SOLVING
18CSS101J PROGRAMMING FOR PROBLEM SOLVINGGOWSIKRAJAP
 
C Programming and Coding Standards, Learn C Programming
C Programming and Coding Standards, Learn C ProgrammingC Programming and Coding Standards, Learn C Programming
C Programming and Coding Standards, Learn C ProgrammingTonex
 
Intro
IntroIntro
IntroCGC Technical campus,Mohali
 
Unit 3 Control Flow Testing
Unit 3 Control Flow TestingUnit 3 Control Flow Testing
Unit 3 Control Flow Testingravikhimani
 
Computer programming chapter ( 3 )
Computer programming chapter ( 3 ) Computer programming chapter ( 3 )
Computer programming chapter ( 3 ) Ibrahim Elewah
 
Notes of c programming 1st unit BCA I SEM
Notes of c programming 1st unit BCA I SEMNotes of c programming 1st unit BCA I SEM
Notes of c programming 1st unit BCA I SEMMansi Tyagi
 
Declare Your Language: What is a Compiler?
Declare Your Language: What is a Compiler?Declare Your Language: What is a Compiler?
Declare Your Language: What is a Compiler?Eelco Visser
 
C Programming Lab manual 18CPL17
C Programming Lab manual 18CPL17C Programming Lab manual 18CPL17
C Programming Lab manual 18CPL17manjurkts
 
C programming
C programmingC programming
C programmingRounak Samdadia
 
C language
C languageC language
C languagemarar hina
 
Practical List COMPILER DESIGN
Practical List COMPILER DESIGNPractical List COMPILER DESIGN
Practical List COMPILER DESIGNShraddha Patel
 
POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIAPOLITEKNIK MALAYSIA
POLITEKNIK MALAYSIAAiman Hud
 
POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIAPOLITEKNIK MALAYSIA
POLITEKNIK MALAYSIAAiman Hud
 
Using PSL and FoCs for Functional Coverage Verification
Using PSL and FoCs for Functional Coverage Verification Using PSL and FoCs for Functional Coverage Verification
Using PSL and FoCs for Functional Coverage Verification DVClub
 
Sta unit 2(abimanyu)
Sta unit 2(abimanyu)Sta unit 2(abimanyu)
Sta unit 2(abimanyu)Abhimanyu Mishra
 
Unit 2 unit testing
Unit 2 unit testingUnit 2 unit testing
Unit 2 unit testingravikhimani1984
 
Krml203
Krml203Krml203
Krml203Pedro Gonçalves
 
C++
C++C++
C++dean129
 
SE2023 0401 Software Coding and Testing.pptx
SE2023 0401 Software Coding and Testing.pptxSE2023 0401 Software Coding and Testing.pptx
SE2023 0401 Software Coding and Testing.pptxBharat Chawda
 
Nishar_Resume
Nishar_ResumeNishar_Resume
Nishar_ResumeMD NISHAR
 

More Related Content

What's hot

18CSS101J PROGRAMMING FOR PROBLEM SOLVING
18CSS101J PROGRAMMING FOR PROBLEM SOLVING18CSS101J PROGRAMMING FOR PROBLEM SOLVING
18CSS101J PROGRAMMING FOR PROBLEM SOLVINGGOWSIKRAJAP
 
C Programming and Coding Standards, Learn C Programming
C Programming and Coding Standards, Learn C ProgrammingC Programming and Coding Standards, Learn C Programming
C Programming and Coding Standards, Learn C ProgrammingTonex
 
Unit 3 Control Flow Testing
Unit 3 Control Flow TestingUnit 3 Control Flow Testing
Unit 3 Control Flow Testingravikhimani
 
Computer programming chapter ( 3 )
Computer programming chapter ( 3 ) Computer programming chapter ( 3 )
Computer programming chapter ( 3 ) Ibrahim Elewah
 
Notes of c programming 1st unit BCA I SEM
Notes of c programming 1st unit BCA I SEMNotes of c programming 1st unit BCA I SEM
Notes of c programming 1st unit BCA I SEMMansi Tyagi
 
Declare Your Language: What is a Compiler?
Declare Your Language: What is a Compiler?Declare Your Language: What is a Compiler?
Declare Your Language: What is a Compiler?Eelco Visser
 
C Programming Lab manual 18CPL17
C Programming Lab manual 18CPL17C Programming Lab manual 18CPL17
C Programming Lab manual 18CPL17manjurkts
 
Practical List COMPILER DESIGN
Practical List COMPILER DESIGNPractical List COMPILER DESIGN
Practical List COMPILER DESIGNShraddha Patel
 
POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIAPOLITEKNIK MALAYSIA
POLITEKNIK MALAYSIAAiman Hud
 
POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIAPOLITEKNIK MALAYSIA
POLITEKNIK MALAYSIAAiman Hud
 
Using PSL and FoCs for Functional Coverage Verification
Using PSL and FoCs for Functional Coverage Verification Using PSL and FoCs for Functional Coverage Verification
Using PSL and FoCs for Functional Coverage Verification DVClub
 

What's hot (20)

Introduction to algorithms
Introduction to algorithmsIntroduction to algorithms
Introduction to algorithms
 
Path testing
Path testingPath testing
Path testing
 
18CSS101J PROGRAMMING FOR PROBLEM SOLVING
18CSS101J PROGRAMMING FOR PROBLEM SOLVING18CSS101J PROGRAMMING FOR PROBLEM SOLVING
18CSS101J PROGRAMMING FOR PROBLEM SOLVING
 
C Programming and Coding Standards, Learn C Programming
C Programming and Coding Standards, Learn C ProgrammingC Programming and Coding Standards, Learn C Programming
C Programming and Coding Standards, Learn C Programming
 
Intro
IntroIntro
Intro
 
Unit 3 Control Flow Testing
Unit 3 Control Flow TestingUnit 3 Control Flow Testing
Unit 3 Control Flow Testing
 
Computer programming chapter ( 3 )
Computer programming chapter ( 3 ) Computer programming chapter ( 3 )
Computer programming chapter ( 3 )
 
Notes of c programming 1st unit BCA I SEM
Notes of c programming 1st unit BCA I SEMNotes of c programming 1st unit BCA I SEM
Notes of c programming 1st unit BCA I SEM
 
Declare Your Language: What is a Compiler?
Declare Your Language: What is a Compiler?Declare Your Language: What is a Compiler?
Declare Your Language: What is a Compiler?
 
C Programming Lab manual 18CPL17
C Programming Lab manual 18CPL17C Programming Lab manual 18CPL17
C Programming Lab manual 18CPL17
 
C programming
C programmingC programming
C programming
 
C language
C languageC language
C language
 
Practical List COMPILER DESIGN
Practical List COMPILER DESIGNPractical List COMPILER DESIGN
Practical List COMPILER DESIGN
 
POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIAPOLITEKNIK MALAYSIA
POLITEKNIK MALAYSIA
 
POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIAPOLITEKNIK MALAYSIA
POLITEKNIK MALAYSIA
 
Using PSL and FoCs for Functional Coverage Verification
Using PSL and FoCs for Functional Coverage Verification Using PSL and FoCs for Functional Coverage Verification
Using PSL and FoCs for Functional Coverage Verification
 
Sta unit 2(abimanyu)
Sta unit 2(abimanyu)Sta unit 2(abimanyu)
Sta unit 2(abimanyu)
 
Unit 2 unit testing
Unit 2 unit testingUnit 2 unit testing
Unit 2 unit testing
 
Krml203
Krml203Krml203
Krml203
 
C++
C++C++
C++
 

Similar to Staroletov Design by Contract, verification of Cyber-physical systems

SE2023 0401 Software Coding and Testing.pptx
SE2023 0401 Software Coding and Testing.pptxSE2023 0401 Software Coding and Testing.pptx
SE2023 0401 Software Coding and Testing.pptxBharat Chawda
 
Nishar_Resume
Nishar_ResumeNishar_Resume
Nishar_ResumeMD NISHAR
 
Probe Debugging
Probe DebuggingProbe Debugging
Probe DebuggingESUG
 
Chap-02-1.ppt
Chap-02-1.pptChap-02-1.ppt
Chap-02-1.pptVamshi171
 
Chap-02-1.ppt
Chap-02-1.pptChap-02-1.ppt
Chap-02-1.ppthamsa72
 
Open-DO Update
Open-DO UpdateOpen-DO Update
Open-DO UpdateAdaCore
 
UoN-Lec_12_Control_Structure.pdf
UoN-Lec_12_Control_Structure.pdfUoN-Lec_12_Control_Structure.pdf
UoN-Lec_12_Control_Structure.pdfmadihamaqbool6
 
Estimation techniques and risk management
Estimation techniques and risk managementEstimation techniques and risk management
Estimation techniques and risk managementPurushottam Basnet
 
Csit77404
Csit77404Csit77404
Csit77404csandit
 
Invited Paper for ASM 2004
Invited Paper for ASM 2004Invited Paper for ASM 2004
Invited Paper for ASM 2004stephen_mcparlin
 

Similar to Staroletov Design by Contract, verification of Cyber-physical systems (20)

SE2023 0401 Software Coding and Testing.pptx
SE2023 0401 Software Coding and Testing.pptxSE2023 0401 Software Coding and Testing.pptx
SE2023 0401 Software Coding and Testing.pptx
 
Nishar_Resume
Nishar_ResumeNishar_Resume
Nishar_Resume
 
RamachandraParlapalli_RESUME
RamachandraParlapalli_RESUMERamachandraParlapalli_RESUME
RamachandraParlapalli_RESUME
 
Probe Debugging
Probe DebuggingProbe Debugging
Probe Debugging
 
Chap-02-01.ppt
Chap-02-01.pptChap-02-01.ppt
Chap-02-01.ppt
 
Chap-02-1.ppt
Chap-02-1.pptChap-02-1.ppt
Chap-02-1.ppt
 
Chap-02-1.ppt
Chap-02-1.pptChap-02-1.ppt
Chap-02-1.ppt
 
Chap-02-1.ppt
Chap-02-1.pptChap-02-1.ppt
Chap-02-1.ppt
 
Chap-02-1.ppt
Chap-02-1.pptChap-02-1.ppt
Chap-02-1.ppt
 
Chap-02-1.ppt
Chap-02-1.pptChap-02-1.ppt
Chap-02-1.ppt
 
Chap 02-1
Chap 02-1Chap 02-1
Chap 02-1
 
C programming-1.pptx
C programming-1.pptxC programming-1.pptx
C programming-1.pptx
 
Chapter 1.ppt
Chapter 1.pptChapter 1.ppt
Chapter 1.ppt
 
Open-DO Update
Open-DO UpdateOpen-DO Update
Open-DO Update
 
UoN-Lec_12_Control_Structure.pdf
UoN-Lec_12_Control_Structure.pdfUoN-Lec_12_Control_Structure.pdf
UoN-Lec_12_Control_Structure.pdf
 
LTTechServices_Surya
LTTechServices_SuryaLTTechServices_Surya
LTTechServices_Surya
 
Chap-02-1.ppt
Chap-02-1.pptChap-02-1.ppt
Chap-02-1.ppt
 
Estimation techniques and risk management
Estimation techniques and risk managementEstimation techniques and risk management
Estimation techniques and risk management
 
Csit77404
Csit77404Csit77404
Csit77404
 
Invited Paper for ASM 2004
Invited Paper for ASM 2004Invited Paper for ASM 2004
Invited Paper for ASM 2004
 

More from Sergey Staroletov

Distributed Systems Presentation for Business informatics students (Staroletov)
Distributed Systems Presentation for Business informatics students (Staroletov)Distributed Systems Presentation for Business informatics students (Staroletov)
Distributed Systems Presentation for Business informatics students (Staroletov)Sergey Staroletov
 
Теория языков программирования некоторые слайды к лекциям
Теория языков программирования некоторые слайды к лекциямТеория языков программирования некоторые слайды к лекциям
Теория языков программирования некоторые слайды к лекциямSergey Staroletov
 
Staroletov MBC (Model Based Checking)
Staroletov MBC (Model Based Checking)Staroletov MBC (Model Based Checking)
Staroletov MBC (Model Based Checking)Sergey Staroletov
 
Staroletov testing TDD BDD MBT
Staroletov testing TDD BDD MBTStaroletov testing TDD BDD MBT
Staroletov testing TDD BDD MBTSergey Staroletov
 
An Application of Test-Driven Development Methodology into the Process of Ha...
An Application of Test-Driven Development Methodology into the Process of Ha... An Application of Test-Driven Development Methodology into the Process of Ha...
An Application of Test-Driven Development Methodology into the Process of Ha...Sergey Staroletov
 
Towards a Probabilistic Extension to Non-Deterministic Transitions in Model-B...
Towards a Probabilistic Extension to Non-Deterministic Transitions in Model-B...Towards a Probabilistic Extension to Non-Deterministic Transitions in Model-B...
Towards a Probabilistic Extension to Non-Deterministic Transitions in Model-B...Sergey Staroletov
 
Applying Model Checking Approach with Floating Point Arithmetic for Verificat...
Applying Model Checking Approach with Floating Point Arithmetic for Verificat...Applying Model Checking Approach with Floating Point Arithmetic for Verificat...
Applying Model Checking Approach with Floating Point Arithmetic for Verificat...Sergey Staroletov
 

More from Sergey Staroletov (8)

Distributed Systems Presentation for Business informatics students (Staroletov)
Distributed Systems Presentation for Business informatics students (Staroletov)Distributed Systems Presentation for Business informatics students (Staroletov)
Distributed Systems Presentation for Business informatics students (Staroletov)
 
Теория языков программирования некоторые слайды к лекциям
Теория языков программирования некоторые слайды к лекциямТеория языков программирования некоторые слайды к лекциям
Теория языков программирования некоторые слайды к лекциям
 
Staroletov MBC (Model Based Checking)
Staroletov MBC (Model Based Checking)Staroletov MBC (Model Based Checking)
Staroletov MBC (Model Based Checking)
 
Staroletov testing TDD BDD MBT
Staroletov testing TDD BDD MBTStaroletov testing TDD BDD MBT
Staroletov testing TDD BDD MBT
 
An Application of Test-Driven Development Methodology into the Process of Ha...
An Application of Test-Driven Development Methodology into the Process of Ha... An Application of Test-Driven Development Methodology into the Process of Ha...
An Application of Test-Driven Development Methodology into the Process of Ha...
 
Towards a Probabilistic Extension to Non-Deterministic Transitions in Model-B...
Towards a Probabilistic Extension to Non-Deterministic Transitions in Model-B...Towards a Probabilistic Extension to Non-Deterministic Transitions in Model-B...
Towards a Probabilistic Extension to Non-Deterministic Transitions in Model-B...
 
Applying Model Checking Approach with Floating Point Arithmetic for Verificat...
Applying Model Checking Approach with Floating Point Arithmetic for Verificat...Applying Model Checking Approach with Floating Point Arithmetic for Verificat...
Applying Model Checking Approach with Floating Point Arithmetic for Verificat...
 
Cameroun (Francophone day)
Cameroun (Francophone day)Cameroun (Francophone day)
Cameroun (Francophone day)
 

Recently uploaded

VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
Software Coding for software engineering
Software Coding for software engineeringSoftware Coding for software engineering
Software Coding for software engineeringssuserb3a23b
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
cpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptcpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptrcbcrtm
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 

Recently uploaded (20)

VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
Software Coding for software engineering
Software Coding for software engineeringSoftware Coding for software engineering
Software Coding for software engineering
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
cpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptcpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.ppt
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 

Staroletov Design by Contract, verification of Cyber-physical systems

  • 1. Modern Software Testing and Formal Verification Techniques Day 3 Sergey Staroletov Polzunov Altai State Technical University, Lenin avenue 46, Barnaul, 656038, Russia Email: serg soft@mail.ru June 26, 2019 1 / 42
  • 2. Today’s agenda 1 Design-By-Contract. MS Code Contracts 2 Deductive verification of C-code with Frama-C WP 3 C-code: is LTL applicable here? 4 Cyber-physical systems and their verification 2 / 42
  • 3. Overall picture of tools applicability 3 / 42
  • 4. Design-By-Contract Created by Bertrand Meyer, firstly implemented in Eiffel language and based on the Sir Tony Hoare’s logic The approach is based on specifying pre-conditions, post-conditions and invariant to functions (methods, classes). 4 / 42
  • 5. Design-By-Contract Well-known forms: {P}C{Q} P =⇒ [C]Q where P – precondition, C – code, Q – postcondition. Invariant is a form of a global pre- and post- condition {I}C{I} In OOP languages: Pre- and Post- conditions are specified for methods Invariant is specified for the whole class Also, for loops Loop Invariants and Loop Variant are specified The things can be specified: As a part of language syntax (Eiffel) In comments (Frama-C) In annotations and special code (MS Code contracts) 5 / 42
  • 6. A bit about Hoare’s Logic Program− > (Sentence)+ Sentence− > Skip|Assignment|If|Loop|Composition 6 / 42
  • 7. A bit about Hoare’s Logic Skip changes nothing Assignment has an influence to the post-condition Composition makes sequential execution with making transition of post-condition If has two branches with “or” operator which holds with 2 preconditions Loop is characterized with the Invariant of the cycle which holds before the cycle, in the cycle and after the cycle is finished. Also there is addition control for resolving The halting Turing problem – the Variant, which should decrease at the each step and to be always positive. 7 / 42
  • 8. MS Code contracts Microsoft, known for its research departments, has added a method to programming using contracts for .NET programs as a special library and extension for Visual Studio. Initially, the research included Spec# (Specification Sharp) language for contract description, but now the contracts are fully integrated into the project in the target programming language (for example, in C#). Contracts can be checked: In dynamic, that is, while the program is running, expressions in the contracts are calculated, and if they are not as expected, an exception is thrown. In static, i.e. during the project build without needing it to run, a special static checker can check the program branches and find some potential errors. 8 / 42
  • 9. MS VS Addition for Code Contracts 9 / 42
  • 11. Class Student constructor contract with a precondition 11 / 42
  • 12. Class Student object invariant 12 / 42
  • 13. Class Student contract violation 13 / 42
  • 14. Class Student contract violation – throw the exception 14 / 42
  • 15. Static checker for contracts in the IDE 15 / 42
  • 17. Add a student to a group list 17 / 42
  • 18. Remove a student from a group list 18 / 42
  • 21. Contracts in C# – resume A good method to move academic approach into production Moves logic of class stability to a class Different way of implementation of checks Does not guarantee a class correctness 21 / 42
  • 22. The Weakest Precondition Dijkstra has proposed the addition to Hoare’s logic – the weakest precondition (WP approach), which requires the precondition to be as simple as possible to reach just a postcondition {P}f{Q} =⇒ {wp(f, Q)fQ} In this case, the further program verification will be as follows: we calculate W = wp(f, Q), go from the end of Q to the start of the function, and we post a task to prove P => W to a theorem prover 22 / 42
  • 23. Frama-C An extensible static-analyze tool Created by INRIA Based on annotation that user write to C code by hand Some annotations can be generated ACSL language for ISO-standardized annotations, provable specification for C code To prove the annotations, the WP approach is used. 23 / 42
  • 25. Frama-C: inserting runtime checks 25 / 42
  • 27. ACSL example in Frama-C 27 / 42
  • 28. Verifying a simple car moving model 28 / 42
  • 29. Towards verifying a drone attitude PID-controller 29 / 42
  • 30. Towards verifying a drone attitude PID-controller Even for this simple code the verification on real floating point numbers is challenging! 30 / 42
  • 31. Towards verifying a drone attitude PID-controller 31 / 42
  • 32. Towards verifying a drone attitude PID-controller We should run Frama-C on infinite abstract real numbers model! 32 / 42
  • 33. Towards verifying a drone attitude PID-controller 33 / 42
  • 34. Towards verifying a drone attitude PID-controller 34 / 42
  • 35. Towards verifying a drone attitude PID-controller 35 / 42
  • 36. C code and LTL: Aora¨ı 36 / 42
  • 37. C code and LTL: Aora¨ı 37 / 42
  • 38. Verification of Cyber-physical systems demo Cyber-physical system: A Cyber part – descrete controller A Physical part – continuous model of the system, here – expressed in ODEs. 38 / 42
  • 39. Verification of Cyber-physical systems These systems can be modeled as Hybrid automata which represent discrete-time and continuous-time transitions; such models are known as Hybrid models and specified using the Hybrid Dynamic Logic . According to A. Platzer, the syntax of hybrid programs is defined as follows: α ::= x := e | ?Q | x = f(x)&Q | α ∪ α | α; α | α∗ (1) where α is a meta-variable for the hybrid programs, x is a meta-variable for program variables, e is a meta-variable for the first-order real-valued terms, f is a meta-variable for the continuous real functions, and Q is a meta-variable for the first-order formulas over real numbers. The construct ‘;’ means here the sequential composition, ‘∪’ — is the non-deterministic choice, ‘?’ — is the condition operator, and ‘∗’ — is the non-deterministic iteration (like Kleene-star). * Platzer, Andr´e. ”Logical Foundations of Cyber-Physical Systems.” 39 / 42
  • 40. Verification of a simple PD-controller The simplification of PID is PD-controller and the model of the system is given as a Hoare’s triple: init =⇒ [controller](req) (2) Then, we decompose the system into precondition, continuous PD-controller and requirements. Precondition: init :== v ≥ 0 ∧ c > 0 ∧ Kp = 2 ∧ Kd = 3 ∧ V(p, pr , v) < c (3) The continuous state: controller :== p = v, v = −Kp · (p − pr ) − Kd · v (4) As the requirement it is proposed to try stability using Lyapunov method: req :== V(p, pr , v) < c (5) V(p, pr , v) = 5/4 · (p − pr )2 + (p − pr ) · v/2 + v2 /4 (6) *Quesel et al.: How to Model and Prove Hybrid Systems with KeYmaera 40 / 42
  • 41. KeYmaera – verification results of the model KeYmaera – is an automatic theorem prover and it implements the Dynamic Differential Logic and KeYmaera’s input are hybrid programs. 41 / 42
  • 42. Learn more about ways of verification and contracts 42 / 42