SlideShare a Scribd company logo
Modern Software Testing and Formal Verification
Techniques
Day 2
Sergey Staroletov
Polzunov Altai State Technical University,
Lenin avenue 46, Barnaul, 656038, Russia
Email: serg soft@mail.ru
June 25, 2019
1 / 52
Testing and Formal Verification
Software engineering world has already developed a sufficient
amount of testing technologies and they are applicable well when
creating typical desktop applications or web sites with their
business logic.
For systems that need to work in the CRITICAL industries such as
embedded control systems, aircraft management entities,
operating system components, the testing process does not
guarantee sufficient output quality of the product and the
appearance of an error can lead to costly consequences.
It is because the testing is not able to prove the absence of errors
over all possible states and can only show their lack at a particular
test.
2 / 52
Model Checking
Formal verification is a way to mathematically prove the model
program with respect to the requirements (assumptions of correct
model behavior). In the Model Checking approach, these requirements
are usually expressed in a timed logic, such as LTL or CTL. The
models for verification are usually written in a special modeling
language, which simplifies ordinary imperative or functional
programming language with some reduction of types, available
memory, standard library but adds some kind of modeling of process
interoperations and non-deterministic transitions.
3 / 52
SPIN and Promela
SPIN [spinroot.com] is a verifier for models written in special Promela
input language with respect to given LTL requirements consisted of
model key variables.
Some language features:
it is an actor-based (process-oriented) language
a C-style syntax in some cases
code in the language looks having the functional style, but the
language does not offer to define functions, it uses inline
declarations quite similar to the macros in C
allows non-deterministic transitions
primarily designed to describe protocols interoperations.
Nearest closest mainstream language is Erlang.
4 / 52
SPIN and Promela
SPIN: Simple Promela INterpreter
Promela: PROtocol MEta-LAnguage
Based on researches by
Amir Pnueli (LTL)
Gerard J. Holzmann (SPIN)
5 / 52
MBC process
6 / 52
Get my code samples for free!
https://github.com/SergeyStaroletov/PromelaSamples
7 / 52
SPIN and Promela example
int var = 2;
int count = 0;
l t l formula { [ ] ( var >= 0)}
active proctype main ( ) {
do
: : count != 3 −> {
i f
: : true−> var = var + 1;
: : true−> var = var − 1;
f i
count = count + 1;
}
: : else −>
break
od
}
8 / 52
SPIN internal automaton for the example program
9 / 52
SPIN internal automaton for the example formula
10 / 52
Parallel composition of internal automata of program
and formula
11 / 52
Parallel composition of internal automata of program
and formula with non-determinism resolution
12 / 52
Main problem in Model Checking
The problem of the explosion of the number of states during the
verification of real programs is exist and it is very challenging.
The more processes and the more parallel instructions in a program,
the more difficult it becomes to do the verification (if it is possible at
all!), because the number of states is growing too fast.
To reduce the brute force, special algorithms are used:
Partial order reduction
State compression
Symbolic model checking
Bitstate hashing
Bounded context switching
13 / 52
Non-deterministic IF clause
The Promela language contains conditions in the form
i f
: : boolean expression1 −> actions1
: : boolean expression2 −> actions2
: : boolean expressionN −> actionsN
f i
It is considered that in order to perform a certain action, it is necessary
that the corresponding logical expression was true.
14 / 52
Non-deterministic IF clause
The Promela language contains conditions in the form
Refer to the code snippet in Promela, modeling the Leader Selection
algorithm (Dolev, Klawe & Rodeh):
i f /∗ non−d e t e r m i n i s t i c choice ∗/
: : I n i [ 0 ] == 0 && N >= 1 −> I n i [ 0 ] = I
: : I n i [ 1 ] == 0 && N >= 2 −> I n i [ 1 ] = I
: : I n i [ 2 ] == 0 && N >= 3 −> I n i [ 2 ] = I
: : I n i [ 3 ] == 0 && N >= 4 −> I n i [ 3 ] = I
: : I n i [ 4 ] == 0 && N >= 5 −> I n i [ 4 ] = I
: : I n i [ 5 ] == 0 && N >= 6 −> I n i [ 5 ] = I
f i
with N equal to, for example, 3 and the zero value of Ini, it has four
variants of non-deterministic steps in the Promela model to continue at
this point.
15 / 52
Degree of abstraction in modeling languages
Modeling languages are declarative
They offers to decompose system behavior to very high-level
model
We do not care about particular logic of transitions: we just say:
sometime there will be a transition
During model checking process the verifier will check all possible
variants of transitions
16 / 52
Expressing requirements in LTL
LTL formula – is a formula on global program variables, standard
boolean and newly introduced additional operators:
[] – the temporal operator Globally (”Always”). [] p means that the
predicate p must always be hold (if p is false in one of the states,
we get an error)
<> – temporal operator Eventually (”Sometimes”). <> p means
that p should become true sometime in the future (before that it
may be false)
X (Next), X p means that p should be true in the next state,
however, it is not available in SPIN by default
U – is the temporal operator ”Until”. p U q means that q should be
hold at some point in time in the future, and before that p should
be hold all the time
W – is the temporal operator ”non-strict Until”, p W q works in the
same way as p U q, but q can never be hold (or it can be hold)
V is the double U, (p V q) means !(!p U !q)
17 / 52
Expressing requirements in LTL
Examples from the book ”Model Checking” by Y.G. Karpov:
Today he plays jazz, tomorrow he will sell his Motherland (Next)
Lenin lived, Lenin lives, Lenin will live. V.I. Lenin (Globally)
Once Persil is always Persil (Globally with implication)
We are not friends until you apologize (Until)
We will fight until we win (non-strict Until )
Someday I will definitely love Masha (Eventually)
18 / 52
Expressing requirements in LTL
19 / 52
Sample system: Login Window
A model for GUI: 4 windows with checking login data and opening
secret or non-secret window
20 / 52
The requirements
21 / 52
Main window model code
22 / 52
Main window model internal automaton
23 / 52
Login window model code
24 / 52
Login window model internal automaton
25 / 52
Secret and Non-Secret window model code
26 / 52
iSpin tool
27 / 52
iSpin tool – simulation
28 / 52
iSpin tool – MSC
29 / 52
iSpin tool – Verification
30 / 52
iSpin tool – Verification – incorrect formula implies
verification error
31 / 52
iSpin tool – Verification – incorrect formula implies
verification error - replaying the counterexample
32 / 52
Modeling a queuing system: Russian Fast-Food
A Hungry Man makes an order to the Manager and expects it; The
Manager waits for the order, transfers the order for Pancake and Kvass
to the Cook, waits for the finished Pancake and poured Kvass from the
Cook and transfers the finished order to the Hungry Man; The Cook
receives an order for Kvass and a Pancake from the Manager, pours
Kvass and prepares a Pancake; Kvass and Pancake are waiting for the
Cook to cook them, and are served to the Manager.
33 / 52
Modeling a queuing system: Russian Fast-Food
34 / 52
Modeling a queuing system: Russian Fast-Food
35 / 52
Modeling a queuing system: Russian Fast-Food
36 / 52
Modeling a queuing system: Russian Fast-Food
37 / 52
Modeling a queuing system: Russian Fast-Food ::
Simulation (Got an error)
38 / 52
Modeling a queuing system: Russian Fast-Food ::
Simulation in a loosing message channel mode (OK)
39 / 52
Modeling a queuing system: Russian Fast-Food
So, the system will have a starvation. Direct process operation will lead
to loosing the orders. Such queuing systems requires the queuing.
40 / 52
Solving recursive puzzles with Model Checking based
on CounterExample-Driven Approach
We want to solve logic puzzles
That puzzle can be solved recursively or sometimes using
dynamic programing method
We can use different approach
1 Code in Promela the system behavior from the problem
description with using non-deterministic if clause
2 Request SPIN verifier to check the goal: we will not solve this
game
3 If the game is solvable, the verifier will found a counterexample
4 The counterexample is a solution.
41 / 52
Hano¨ı Tower
Suppose there are three rods on which you can fit round disks of
different sizes, and you must put a smaller disk on a larger disk, but not
vice versa. We assume that there are 5 disks. Initially they are all on
the first bar. It is necessary to move them (all 5) to the third rod, using
the second rod as an intermediate place.
42 / 52
Hano¨ı Tower
Suppose there are three rods on which you can fit round disks of
different sizes, and you must put a smaller disk on a larger disk, but not
vice versa. We assume that there are 5 disks. Initially they are all on
the first bar. It is necessary to move them (all 5) to the third rod, using
the second rod as an intermediate place.
43 / 52
Hano¨ı Tower (real photo)
44 / 52
Hano¨ı Tower – initial code
45 / 52
Hano¨ı Tower – step rules
Check if there are any more discs on the rod.
Is it possible to move to another rod (the number of elements
there is in 0 to N, not including the upper disk on the rod with the
size not larger than that moved disk size)?
Move the disk by adding an element to the top of the array,
increasing the number of elements in the new rod and decreasing
in the old one.
Or maybe we do not to do it, but why not to switch to another rod
to move disks from it or move them to another rod?
46 / 52
Hano¨ı Tower – step code (1 to 2)
47 / 52
Hano¨ı Tower – verification
Trying the counterexample [] (count3 != 5) and we got a solution!
48 / 52
Hano¨ı Tower – simulation the counterexample with the
solution
49 / 52
Hano¨ı Tower – optimal solution
Trying formulas like [] ( count3!=5 || moves!=50) and decrease moves
count and we got the optimal solution with [] ( count3!=5 || moves!=31)!
It required to reduce Maximum Search Depth to 1000 steps.
50 / 52
My research on Model Checking
Towards a Probabilistic Extension to Non-Deterministic Transitions
in Model-Based Checking. SYRCoSE 2019.
Applying Model Checking Approach with Floating Point Arithmetic
for Verification of Air Collision Avoidance Maneuver Hybrid Model.
Accepted for SPIN 2019.
A Method to Verify Parallel and Distributed Software in C# by
Doing Roslyn AST Transformation to a Promela Model. Preprint.
51 / 52
Learn more about Model Checking by reading in a
calm place
52 / 52

More Related Content

What's hot

C programming session7
C programming  session7C programming  session7
C programming session7
Keroles karam khalil
 
Lecture13 control statementswitch.ppt
Lecture13 control statementswitch.pptLecture13 control statementswitch.ppt
Lecture13 control statementswitch.ppt
eShikshak
 
Brixton Library Technology Initiative Week1 Recap
Brixton Library Technology Initiative Week1 RecapBrixton Library Technology Initiative Week1 Recap
Brixton Library Technology Initiative Week1 Recap
Basil Bibi
 
Fortran - concise review
Fortran - concise reviewFortran - concise review
Fortran - concise review
Hans Zimermann
 
Password protected diary
Password protected diaryPassword protected diary
Password protected diary
SHARDA SHARAN
 
The GO programming language
The GO programming languageThe GO programming language
The GO programming language
Marco Sabatini
 
8 statement-level control structure
8 statement-level control structure8 statement-level control structure
8 statement-level control structure
jigeno
 
C notes diploma-ee-3rd-sem
C notes diploma-ee-3rd-semC notes diploma-ee-3rd-sem
C notes diploma-ee-3rd-sem
Kavita Dagar
 
Fortran 95
Fortran 95Fortran 95
Fortran 95
Zaahir Salam
 
C++ ppt
C++ pptC++ ppt
C++ ppt
parpan34
 
C programming session3
C programming  session3C programming  session3
C programming session3
Keroles karam khalil
 
Introduction to C programming
Introduction to C programmingIntroduction to C programming
Introduction to C programming
Rutvik Pensionwar
 
Intr fortran90
Intr fortran90Intr fortran90
POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIAPOLITEKNIK MALAYSIA
POLITEKNIK MALAYSIA
Aiman Hud
 
Switch case and looping statement
Switch case and looping statementSwitch case and looping statement
Switch case and looping statement
_jenica
 
The Road Not Taken: Estimating Path Execution Frequency Statically
The Road Not Taken: Estimating Path Execution Frequency StaticallyThe Road Not Taken: Estimating Path Execution Frequency Statically
The Road Not Taken: Estimating Path Execution Frequency Statically
Ray Buse
 
Fortran introduction
Fortran introductionFortran introduction
Fortran introduction
santhosh833
 
Ch4 Expressions
Ch4 ExpressionsCh4 Expressions
Ch4 Expressions
SzeChingChen
 
Notes on algorithms
Notes on algorithmsNotes on algorithms
Notes on algorithms
Valencia Jeremiah
 
Decision making and loop in C#
Decision making and loop in C#Decision making and loop in C#
Decision making and loop in C#
Prasanna Kumar SM
 

What's hot (20)

C programming session7
C programming  session7C programming  session7
C programming session7
 
Lecture13 control statementswitch.ppt
Lecture13 control statementswitch.pptLecture13 control statementswitch.ppt
Lecture13 control statementswitch.ppt
 
Brixton Library Technology Initiative Week1 Recap
Brixton Library Technology Initiative Week1 RecapBrixton Library Technology Initiative Week1 Recap
Brixton Library Technology Initiative Week1 Recap
 
Fortran - concise review
Fortran - concise reviewFortran - concise review
Fortran - concise review
 
Password protected diary
Password protected diaryPassword protected diary
Password protected diary
 
The GO programming language
The GO programming languageThe GO programming language
The GO programming language
 
8 statement-level control structure
8 statement-level control structure8 statement-level control structure
8 statement-level control structure
 
C notes diploma-ee-3rd-sem
C notes diploma-ee-3rd-semC notes diploma-ee-3rd-sem
C notes diploma-ee-3rd-sem
 
Fortran 95
Fortran 95Fortran 95
Fortran 95
 
C++ ppt
C++ pptC++ ppt
C++ ppt
 
C programming session3
C programming  session3C programming  session3
C programming session3
 
Introduction to C programming
Introduction to C programmingIntroduction to C programming
Introduction to C programming
 
Intr fortran90
Intr fortran90Intr fortran90
Intr fortran90
 
POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIAPOLITEKNIK MALAYSIA
POLITEKNIK MALAYSIA
 
Switch case and looping statement
Switch case and looping statementSwitch case and looping statement
Switch case and looping statement
 
The Road Not Taken: Estimating Path Execution Frequency Statically
The Road Not Taken: Estimating Path Execution Frequency StaticallyThe Road Not Taken: Estimating Path Execution Frequency Statically
The Road Not Taken: Estimating Path Execution Frequency Statically
 
Fortran introduction
Fortran introductionFortran introduction
Fortran introduction
 
Ch4 Expressions
Ch4 ExpressionsCh4 Expressions
Ch4 Expressions
 
Notes on algorithms
Notes on algorithmsNotes on algorithms
Notes on algorithms
 
Decision making and loop in C#
Decision making and loop in C#Decision making and loop in C#
Decision making and loop in C#
 

Similar to Staroletov MBC (Model Based Checking)

Integrating Model Checking and Procedural Languages
Integrating Model Checking and Procedural LanguagesIntegrating Model Checking and Procedural Languages
Integrating Model Checking and Procedural Languages
butest
 
Towards a Probabilistic Extension to Non-Deterministic Transitions in Model-B...
Towards a Probabilistic Extension to Non-Deterministic Transitions in Model-B...Towards a Probabilistic Extension to Non-Deterministic Transitions in Model-B...
Towards a Probabilistic Extension to Non-Deterministic Transitions in Model-B...
Sergey Staroletov
 
Symbolic Execution And KLEE
Symbolic Execution And KLEESymbolic Execution And KLEE
Symbolic Execution And KLEE
Shauvik Roy Choudhary, Ph.D.
 
NASA Formal Methods Symposium
NASA Formal Methods SymposiumNASA Formal Methods Symposium
NASA Formal Methods Symposium
Daniela Remenska
 
Tricky math puzzle project report
Tricky math puzzle project reportTricky math puzzle project report
Tricky math puzzle project report
Sanzid Kawsar
 
Python Programming - III. Controlling the Flow
Python Programming - III. Controlling the FlowPython Programming - III. Controlling the Flow
Python Programming - III. Controlling the Flow
Ranel Padon
 
265 ge8151 problem solving and python programming - 2 marks with answers
265   ge8151 problem solving and python programming - 2 marks with answers265   ge8151 problem solving and python programming - 2 marks with answers
265 ge8151 problem solving and python programming - 2 marks with answers
vithyanila
 
9781111530532 ppt ch05
9781111530532 ppt ch059781111530532 ppt ch05
9781111530532 ppt ch05
Terry Yoast
 
9781111530532 ppt ch05
9781111530532 ppt ch059781111530532 ppt ch05
9781111530532 ppt ch05
Terry Yoast
 
Turbo prolog 2.0 basics
Turbo prolog 2.0 basicsTurbo prolog 2.0 basics
Turbo prolog 2.0 basics
Soham Kansodaria
 
rlhf.pdf
rlhf.pdfrlhf.pdf
rlhf.pdf
ssuserec96e8
 
APP_Unit 1_updated.pptx
APP_Unit 1_updated.pptxAPP_Unit 1_updated.pptx
APP_Unit 1_updated.pptx
gogulram2
 
Problem Solving Techniques
Problem Solving TechniquesProblem Solving Techniques
Problem Solving Techniques
Ashesh R
 
Staroletov testing TDD BDD MBT
Staroletov testing TDD BDD MBTStaroletov testing TDD BDD MBT
Staroletov testing TDD BDD MBT
Sergey Staroletov
 
Lesson 1 of c programming algorithms and flowcharts.pptx
Lesson 1 of c programming algorithms and flowcharts.pptxLesson 1 of c programming algorithms and flowcharts.pptx
Lesson 1 of c programming algorithms and flowcharts.pptx
AlinaMishra7
 
Programming in Java: Getting Started
Programming in Java: Getting StartedProgramming in Java: Getting Started
Programming in Java: Getting Started
Martin Chapman
 
When Good Code Goes Bad: Tools and Techniques for Troubleshooting Plone
When Good Code Goes Bad: Tools and Techniques for Troubleshooting PloneWhen Good Code Goes Bad: Tools and Techniques for Troubleshooting Plone
When Good Code Goes Bad: Tools and Techniques for Troubleshooting Plone
David Glick
 
Dutch PHP Conference 2013: Distilled
Dutch PHP Conference 2013: DistilledDutch PHP Conference 2013: Distilled
Dutch PHP Conference 2013: Distilled
Zumba Fitness - Technology Team
 
SPoC: search-based pseudocode to code
SPoC: search-based pseudocode to codeSPoC: search-based pseudocode to code
SPoC: search-based pseudocode to code
Minhazul Arefin
 
Plc by Mohamed Al-Emam, Session3
Plc by Mohamed Al-Emam, Session3Plc by Mohamed Al-Emam, Session3
Plc by Mohamed Al-Emam, Session3
Mohamed Al-Emam, PMP®, CAP®
 

Similar to Staroletov MBC (Model Based Checking) (20)

Integrating Model Checking and Procedural Languages
Integrating Model Checking and Procedural LanguagesIntegrating Model Checking and Procedural Languages
Integrating Model Checking and Procedural Languages
 
Towards a Probabilistic Extension to Non-Deterministic Transitions in Model-B...
Towards a Probabilistic Extension to Non-Deterministic Transitions in Model-B...Towards a Probabilistic Extension to Non-Deterministic Transitions in Model-B...
Towards a Probabilistic Extension to Non-Deterministic Transitions in Model-B...
 
Symbolic Execution And KLEE
Symbolic Execution And KLEESymbolic Execution And KLEE
Symbolic Execution And KLEE
 
NASA Formal Methods Symposium
NASA Formal Methods SymposiumNASA Formal Methods Symposium
NASA Formal Methods Symposium
 
Tricky math puzzle project report
Tricky math puzzle project reportTricky math puzzle project report
Tricky math puzzle project report
 
Python Programming - III. Controlling the Flow
Python Programming - III. Controlling the FlowPython Programming - III. Controlling the Flow
Python Programming - III. Controlling the Flow
 
265 ge8151 problem solving and python programming - 2 marks with answers
265   ge8151 problem solving and python programming - 2 marks with answers265   ge8151 problem solving and python programming - 2 marks with answers
265 ge8151 problem solving and python programming - 2 marks with answers
 
9781111530532 ppt ch05
9781111530532 ppt ch059781111530532 ppt ch05
9781111530532 ppt ch05
 
9781111530532 ppt ch05
9781111530532 ppt ch059781111530532 ppt ch05
9781111530532 ppt ch05
 
Turbo prolog 2.0 basics
Turbo prolog 2.0 basicsTurbo prolog 2.0 basics
Turbo prolog 2.0 basics
 
rlhf.pdf
rlhf.pdfrlhf.pdf
rlhf.pdf
 
APP_Unit 1_updated.pptx
APP_Unit 1_updated.pptxAPP_Unit 1_updated.pptx
APP_Unit 1_updated.pptx
 
Problem Solving Techniques
Problem Solving TechniquesProblem Solving Techniques
Problem Solving Techniques
 
Staroletov testing TDD BDD MBT
Staroletov testing TDD BDD MBTStaroletov testing TDD BDD MBT
Staroletov testing TDD BDD MBT
 
Lesson 1 of c programming algorithms and flowcharts.pptx
Lesson 1 of c programming algorithms and flowcharts.pptxLesson 1 of c programming algorithms and flowcharts.pptx
Lesson 1 of c programming algorithms and flowcharts.pptx
 
Programming in Java: Getting Started
Programming in Java: Getting StartedProgramming in Java: Getting Started
Programming in Java: Getting Started
 
When Good Code Goes Bad: Tools and Techniques for Troubleshooting Plone
When Good Code Goes Bad: Tools and Techniques for Troubleshooting PloneWhen Good Code Goes Bad: Tools and Techniques for Troubleshooting Plone
When Good Code Goes Bad: Tools and Techniques for Troubleshooting Plone
 
Dutch PHP Conference 2013: Distilled
Dutch PHP Conference 2013: DistilledDutch PHP Conference 2013: Distilled
Dutch PHP Conference 2013: Distilled
 
SPoC: search-based pseudocode to code
SPoC: search-based pseudocode to codeSPoC: search-based pseudocode to code
SPoC: search-based pseudocode to code
 
Plc by Mohamed Al-Emam, Session3
Plc by Mohamed Al-Emam, Session3Plc by Mohamed Al-Emam, Session3
Plc by Mohamed Al-Emam, Session3
 

More from Sergey Staroletov

Distributed Systems Presentation for Business informatics students (Staroletov)
Distributed Systems Presentation for Business informatics students (Staroletov)Distributed Systems Presentation for Business informatics students (Staroletov)
Distributed Systems Presentation for Business informatics students (Staroletov)
Sergey Staroletov
 
Теория языков программирования некоторые слайды к лекциям
Теория языков программирования некоторые слайды к лекциямТеория языков программирования некоторые слайды к лекциям
Теория языков программирования некоторые слайды к лекциям
Sergey Staroletov
 
Staroletov Design by Contract, verification of Cyber-physical systems
Staroletov Design by Contract, verification of Cyber-physical systemsStaroletov Design by Contract, verification of Cyber-physical systems
Staroletov Design by Contract, verification of Cyber-physical systems
Sergey Staroletov
 
An Application of Test-Driven Development Methodology into the Process of Ha...
 An Application of Test-Driven Development Methodology into the Process of Ha... An Application of Test-Driven Development Methodology into the Process of Ha...
An Application of Test-Driven Development Methodology into the Process of Ha...
Sergey Staroletov
 
Applying Model Checking Approach with Floating Point Arithmetic for Verificat...
Applying Model Checking Approach with Floating Point Arithmetic for Verificat...Applying Model Checking Approach with Floating Point Arithmetic for Verificat...
Applying Model Checking Approach with Floating Point Arithmetic for Verificat...
Sergey Staroletov
 
Cameroun (Francophone day)
Cameroun (Francophone day)Cameroun (Francophone day)
Cameroun (Francophone day)
Sergey Staroletov
 

More from Sergey Staroletov (6)

Distributed Systems Presentation for Business informatics students (Staroletov)
Distributed Systems Presentation for Business informatics students (Staroletov)Distributed Systems Presentation for Business informatics students (Staroletov)
Distributed Systems Presentation for Business informatics students (Staroletov)
 
Теория языков программирования некоторые слайды к лекциям
Теория языков программирования некоторые слайды к лекциямТеория языков программирования некоторые слайды к лекциям
Теория языков программирования некоторые слайды к лекциям
 
Staroletov Design by Contract, verification of Cyber-physical systems
Staroletov Design by Contract, verification of Cyber-physical systemsStaroletov Design by Contract, verification of Cyber-physical systems
Staroletov Design by Contract, verification of Cyber-physical systems
 
An Application of Test-Driven Development Methodology into the Process of Ha...
 An Application of Test-Driven Development Methodology into the Process of Ha... An Application of Test-Driven Development Methodology into the Process of Ha...
An Application of Test-Driven Development Methodology into the Process of Ha...
 
Applying Model Checking Approach with Floating Point Arithmetic for Verificat...
Applying Model Checking Approach with Floating Point Arithmetic for Verificat...Applying Model Checking Approach with Floating Point Arithmetic for Verificat...
Applying Model Checking Approach with Floating Point Arithmetic for Verificat...
 
Cameroun (Francophone day)
Cameroun (Francophone day)Cameroun (Francophone day)
Cameroun (Francophone day)
 

Recently uploaded

Crafting highly scalable and performant Modern Data Platforms
Crafting highly scalable and performant Modern Data PlatformsCrafting highly scalable and performant Modern Data Platforms
Crafting highly scalable and performant Modern Data Platforms
Sameer Paradkar
 
TEQnation 2024: Sustainable Software: May the Green Code Be with You
TEQnation 2024: Sustainable Software: May the Green Code Be with YouTEQnation 2024: Sustainable Software: May the Green Code Be with You
TEQnation 2024: Sustainable Software: May the Green Code Be with You
marcofolio
 
當測試開始左移
當測試開始左移當測試開始左移
當測試開始左移
Jersey (CHE-PING) Su
 
PathSpotter: Exploring Tested Paths to Discover Missing Tests (FSE 2024)
PathSpotter: Exploring Tested Paths to Discover Missing Tests (FSE 2024)PathSpotter: Exploring Tested Paths to Discover Missing Tests (FSE 2024)
PathSpotter: Exploring Tested Paths to Discover Missing Tests (FSE 2024)
andrehoraa
 
To Avoid Mistakes When Using Online Attendance Sheets
To Avoid Mistakes When Using Online Attendance SheetsTo Avoid Mistakes When Using Online Attendance Sheets
To Avoid Mistakes When Using Online Attendance Sheets
Task Tracker
 
Il Data Streaming per un’AI real-time di nuova generazione
Il Data Streaming per un’AI real-time di nuova generazioneIl Data Streaming per un’AI real-time di nuova generazione
Il Data Streaming per un’AI real-time di nuova generazione
confluent
 
🚂🚘 Premium Girls Call Ranchi 🛵🚡000XX00000 💃 Choose Best And Top Girl Service...
🚂🚘 Premium Girls Call Ranchi  🛵🚡000XX00000 💃 Choose Best And Top Girl Service...🚂🚘 Premium Girls Call Ranchi  🛵🚡000XX00000 💃 Choose Best And Top Girl Service...
🚂🚘 Premium Girls Call Ranchi 🛵🚡000XX00000 💃 Choose Best And Top Girl Service...
bahubalikumar09988
 
Celebrity Girls Call Mumbai 🛵🚡9910780858 💃 Choose Best And Top Girl Service A...
Celebrity Girls Call Mumbai 🛵🚡9910780858 💃 Choose Best And Top Girl Service A...Celebrity Girls Call Mumbai 🛵🚡9910780858 💃 Choose Best And Top Girl Service A...
Celebrity Girls Call Mumbai 🛵🚡9910780858 💃 Choose Best And Top Girl Service A...
norina2645
 
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
aslasdfmkhan4750
 
welcome to presentation on Google Apps
welcome to   presentation on Google Appswelcome to   presentation on Google Apps
welcome to presentation on Google Apps
AsifKarimJim
 
VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...
VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...
VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...
jealousviolet
 
bangalore Girls call 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
bangalore Girls call  👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Deliverybangalore Girls call  👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
bangalore Girls call 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
sunilverma7884
 
Empowering Businesses with Intelligent Software Solutions - Grawlix
Empowering Businesses with Intelligent Software Solutions - GrawlixEmpowering Businesses with Intelligent Software Solutions - Grawlix
Empowering Businesses with Intelligent Software Solutions - Grawlix
Aarisha Shaikh
 
GT degree offer diploma Transcript
GT degree offer diploma TranscriptGT degree offer diploma Transcript
GT degree offer diploma Transcript
attueb
 
SAP implementation steps PDF - Zyple Software
SAP implementation steps PDF - Zyple SoftwareSAP implementation steps PDF - Zyple Software
SAP implementation steps PDF - Zyple Software
Zyple Software
 
Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...
Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...
Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...
3610stuck
 
Fantastic Design Patterns and Where to use them No Notes.pdf
Fantastic Design Patterns and Where to use them No Notes.pdfFantastic Design Patterns and Where to use them No Notes.pdf
Fantastic Design Patterns and Where to use them No Notes.pdf
6m9p7qnjj8
 
Amadeus Travel API, Amadeus Booking API, Amadeus GDS
Amadeus Travel API, Amadeus Booking API, Amadeus GDSAmadeus Travel API, Amadeus Booking API, Amadeus GDS
Amadeus Travel API, Amadeus Booking API, Amadeus GDS
aadhiyaeliza
 
Predicting Test Results without Execution (FSE 2024)
Predicting Test Results without Execution (FSE 2024)Predicting Test Results without Execution (FSE 2024)
Predicting Test Results without Execution (FSE 2024)
andrehoraa
 
Busty Girls Call Mumbai 9930245274 Unlimited Short Providing Girls Service Av...
Busty Girls Call Mumbai 9930245274 Unlimited Short Providing Girls Service Av...Busty Girls Call Mumbai 9930245274 Unlimited Short Providing Girls Service Av...
Busty Girls Call Mumbai 9930245274 Unlimited Short Providing Girls Service Av...
revolutionary575
 

Recently uploaded (20)

Crafting highly scalable and performant Modern Data Platforms
Crafting highly scalable and performant Modern Data PlatformsCrafting highly scalable and performant Modern Data Platforms
Crafting highly scalable and performant Modern Data Platforms
 
TEQnation 2024: Sustainable Software: May the Green Code Be with You
TEQnation 2024: Sustainable Software: May the Green Code Be with YouTEQnation 2024: Sustainable Software: May the Green Code Be with You
TEQnation 2024: Sustainable Software: May the Green Code Be with You
 
當測試開始左移
當測試開始左移當測試開始左移
當測試開始左移
 
PathSpotter: Exploring Tested Paths to Discover Missing Tests (FSE 2024)
PathSpotter: Exploring Tested Paths to Discover Missing Tests (FSE 2024)PathSpotter: Exploring Tested Paths to Discover Missing Tests (FSE 2024)
PathSpotter: Exploring Tested Paths to Discover Missing Tests (FSE 2024)
 
To Avoid Mistakes When Using Online Attendance Sheets
To Avoid Mistakes When Using Online Attendance SheetsTo Avoid Mistakes When Using Online Attendance Sheets
To Avoid Mistakes When Using Online Attendance Sheets
 
Il Data Streaming per un’AI real-time di nuova generazione
Il Data Streaming per un’AI real-time di nuova generazioneIl Data Streaming per un’AI real-time di nuova generazione
Il Data Streaming per un’AI real-time di nuova generazione
 
🚂🚘 Premium Girls Call Ranchi 🛵🚡000XX00000 💃 Choose Best And Top Girl Service...
🚂🚘 Premium Girls Call Ranchi  🛵🚡000XX00000 💃 Choose Best And Top Girl Service...🚂🚘 Premium Girls Call Ranchi  🛵🚡000XX00000 💃 Choose Best And Top Girl Service...
🚂🚘 Premium Girls Call Ranchi 🛵🚡000XX00000 💃 Choose Best And Top Girl Service...
 
Celebrity Girls Call Mumbai 🛵🚡9910780858 💃 Choose Best And Top Girl Service A...
Celebrity Girls Call Mumbai 🛵🚡9910780858 💃 Choose Best And Top Girl Service A...Celebrity Girls Call Mumbai 🛵🚡9910780858 💃 Choose Best And Top Girl Service A...
Celebrity Girls Call Mumbai 🛵🚡9910780858 💃 Choose Best And Top Girl Service A...
 
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
 
welcome to presentation on Google Apps
welcome to   presentation on Google Appswelcome to   presentation on Google Apps
welcome to presentation on Google Apps
 
VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...
VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...
VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...
 
bangalore Girls call 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
bangalore Girls call  👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Deliverybangalore Girls call  👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
bangalore Girls call 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
 
Empowering Businesses with Intelligent Software Solutions - Grawlix
Empowering Businesses with Intelligent Software Solutions - GrawlixEmpowering Businesses with Intelligent Software Solutions - Grawlix
Empowering Businesses with Intelligent Software Solutions - Grawlix
 
GT degree offer diploma Transcript
GT degree offer diploma TranscriptGT degree offer diploma Transcript
GT degree offer diploma Transcript
 
SAP implementation steps PDF - Zyple Software
SAP implementation steps PDF - Zyple SoftwareSAP implementation steps PDF - Zyple Software
SAP implementation steps PDF - Zyple Software
 
Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...
Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...
Mumbai Girls Call Mumbai 🎈🔥9930687706 🔥💋🎈 Provide Best And Top Girl Service A...
 
Fantastic Design Patterns and Where to use them No Notes.pdf
Fantastic Design Patterns and Where to use them No Notes.pdfFantastic Design Patterns and Where to use them No Notes.pdf
Fantastic Design Patterns and Where to use them No Notes.pdf
 
Amadeus Travel API, Amadeus Booking API, Amadeus GDS
Amadeus Travel API, Amadeus Booking API, Amadeus GDSAmadeus Travel API, Amadeus Booking API, Amadeus GDS
Amadeus Travel API, Amadeus Booking API, Amadeus GDS
 
Predicting Test Results without Execution (FSE 2024)
Predicting Test Results without Execution (FSE 2024)Predicting Test Results without Execution (FSE 2024)
Predicting Test Results without Execution (FSE 2024)
 
Busty Girls Call Mumbai 9930245274 Unlimited Short Providing Girls Service Av...
Busty Girls Call Mumbai 9930245274 Unlimited Short Providing Girls Service Av...Busty Girls Call Mumbai 9930245274 Unlimited Short Providing Girls Service Av...
Busty Girls Call Mumbai 9930245274 Unlimited Short Providing Girls Service Av...
 

Staroletov MBC (Model Based Checking)

  • 1. Modern Software Testing and Formal Verification Techniques Day 2 Sergey Staroletov Polzunov Altai State Technical University, Lenin avenue 46, Barnaul, 656038, Russia Email: serg soft@mail.ru June 25, 2019 1 / 52
  • 2. Testing and Formal Verification Software engineering world has already developed a sufficient amount of testing technologies and they are applicable well when creating typical desktop applications or web sites with their business logic. For systems that need to work in the CRITICAL industries such as embedded control systems, aircraft management entities, operating system components, the testing process does not guarantee sufficient output quality of the product and the appearance of an error can lead to costly consequences. It is because the testing is not able to prove the absence of errors over all possible states and can only show their lack at a particular test. 2 / 52
  • 3. Model Checking Formal verification is a way to mathematically prove the model program with respect to the requirements (assumptions of correct model behavior). In the Model Checking approach, these requirements are usually expressed in a timed logic, such as LTL or CTL. The models for verification are usually written in a special modeling language, which simplifies ordinary imperative or functional programming language with some reduction of types, available memory, standard library but adds some kind of modeling of process interoperations and non-deterministic transitions. 3 / 52
  • 4. SPIN and Promela SPIN [spinroot.com] is a verifier for models written in special Promela input language with respect to given LTL requirements consisted of model key variables. Some language features: it is an actor-based (process-oriented) language a C-style syntax in some cases code in the language looks having the functional style, but the language does not offer to define functions, it uses inline declarations quite similar to the macros in C allows non-deterministic transitions primarily designed to describe protocols interoperations. Nearest closest mainstream language is Erlang. 4 / 52
  • 5. SPIN and Promela SPIN: Simple Promela INterpreter Promela: PROtocol MEta-LAnguage Based on researches by Amir Pnueli (LTL) Gerard J. Holzmann (SPIN) 5 / 52
  • 7. Get my code samples for free! https://github.com/SergeyStaroletov/PromelaSamples 7 / 52
  • 8. SPIN and Promela example int var = 2; int count = 0; l t l formula { [ ] ( var >= 0)} active proctype main ( ) { do : : count != 3 −> { i f : : true−> var = var + 1; : : true−> var = var − 1; f i count = count + 1; } : : else −> break od } 8 / 52
  • 9. SPIN internal automaton for the example program 9 / 52
  • 10. SPIN internal automaton for the example formula 10 / 52
  • 11. Parallel composition of internal automata of program and formula 11 / 52
  • 12. Parallel composition of internal automata of program and formula with non-determinism resolution 12 / 52
  • 13. Main problem in Model Checking The problem of the explosion of the number of states during the verification of real programs is exist and it is very challenging. The more processes and the more parallel instructions in a program, the more difficult it becomes to do the verification (if it is possible at all!), because the number of states is growing too fast. To reduce the brute force, special algorithms are used: Partial order reduction State compression Symbolic model checking Bitstate hashing Bounded context switching 13 / 52
  • 14. Non-deterministic IF clause The Promela language contains conditions in the form i f : : boolean expression1 −> actions1 : : boolean expression2 −> actions2 : : boolean expressionN −> actionsN f i It is considered that in order to perform a certain action, it is necessary that the corresponding logical expression was true. 14 / 52
  • 15. Non-deterministic IF clause The Promela language contains conditions in the form Refer to the code snippet in Promela, modeling the Leader Selection algorithm (Dolev, Klawe & Rodeh): i f /∗ non−d e t e r m i n i s t i c choice ∗/ : : I n i [ 0 ] == 0 && N >= 1 −> I n i [ 0 ] = I : : I n i [ 1 ] == 0 && N >= 2 −> I n i [ 1 ] = I : : I n i [ 2 ] == 0 && N >= 3 −> I n i [ 2 ] = I : : I n i [ 3 ] == 0 && N >= 4 −> I n i [ 3 ] = I : : I n i [ 4 ] == 0 && N >= 5 −> I n i [ 4 ] = I : : I n i [ 5 ] == 0 && N >= 6 −> I n i [ 5 ] = I f i with N equal to, for example, 3 and the zero value of Ini, it has four variants of non-deterministic steps in the Promela model to continue at this point. 15 / 52
  • 16. Degree of abstraction in modeling languages Modeling languages are declarative They offers to decompose system behavior to very high-level model We do not care about particular logic of transitions: we just say: sometime there will be a transition During model checking process the verifier will check all possible variants of transitions 16 / 52
  • 17. Expressing requirements in LTL LTL formula – is a formula on global program variables, standard boolean and newly introduced additional operators: [] – the temporal operator Globally (”Always”). [] p means that the predicate p must always be hold (if p is false in one of the states, we get an error) <> – temporal operator Eventually (”Sometimes”). <> p means that p should become true sometime in the future (before that it may be false) X (Next), X p means that p should be true in the next state, however, it is not available in SPIN by default U – is the temporal operator ”Until”. p U q means that q should be hold at some point in time in the future, and before that p should be hold all the time W – is the temporal operator ”non-strict Until”, p W q works in the same way as p U q, but q can never be hold (or it can be hold) V is the double U, (p V q) means !(!p U !q) 17 / 52
  • 18. Expressing requirements in LTL Examples from the book ”Model Checking” by Y.G. Karpov: Today he plays jazz, tomorrow he will sell his Motherland (Next) Lenin lived, Lenin lives, Lenin will live. V.I. Lenin (Globally) Once Persil is always Persil (Globally with implication) We are not friends until you apologize (Until) We will fight until we win (non-strict Until ) Someday I will definitely love Masha (Eventually) 18 / 52
  • 20. Sample system: Login Window A model for GUI: 4 windows with checking login data and opening secret or non-secret window 20 / 52
  • 22. Main window model code 22 / 52
  • 23. Main window model internal automaton 23 / 52
  • 24. Login window model code 24 / 52
  • 25. Login window model internal automaton 25 / 52
  • 26. Secret and Non-Secret window model code 26 / 52
  • 28. iSpin tool – simulation 28 / 52
  • 29. iSpin tool – MSC 29 / 52
  • 30. iSpin tool – Verification 30 / 52
  • 31. iSpin tool – Verification – incorrect formula implies verification error 31 / 52
  • 32. iSpin tool – Verification – incorrect formula implies verification error - replaying the counterexample 32 / 52
  • 33. Modeling a queuing system: Russian Fast-Food A Hungry Man makes an order to the Manager and expects it; The Manager waits for the order, transfers the order for Pancake and Kvass to the Cook, waits for the finished Pancake and poured Kvass from the Cook and transfers the finished order to the Hungry Man; The Cook receives an order for Kvass and a Pancake from the Manager, pours Kvass and prepares a Pancake; Kvass and Pancake are waiting for the Cook to cook them, and are served to the Manager. 33 / 52
  • 34. Modeling a queuing system: Russian Fast-Food 34 / 52
  • 35. Modeling a queuing system: Russian Fast-Food 35 / 52
  • 36. Modeling a queuing system: Russian Fast-Food 36 / 52
  • 37. Modeling a queuing system: Russian Fast-Food 37 / 52
  • 38. Modeling a queuing system: Russian Fast-Food :: Simulation (Got an error) 38 / 52
  • 39. Modeling a queuing system: Russian Fast-Food :: Simulation in a loosing message channel mode (OK) 39 / 52
  • 40. Modeling a queuing system: Russian Fast-Food So, the system will have a starvation. Direct process operation will lead to loosing the orders. Such queuing systems requires the queuing. 40 / 52
  • 41. Solving recursive puzzles with Model Checking based on CounterExample-Driven Approach We want to solve logic puzzles That puzzle can be solved recursively or sometimes using dynamic programing method We can use different approach 1 Code in Promela the system behavior from the problem description with using non-deterministic if clause 2 Request SPIN verifier to check the goal: we will not solve this game 3 If the game is solvable, the verifier will found a counterexample 4 The counterexample is a solution. 41 / 52
  • 42. Hano¨ı Tower Suppose there are three rods on which you can fit round disks of different sizes, and you must put a smaller disk on a larger disk, but not vice versa. We assume that there are 5 disks. Initially they are all on the first bar. It is necessary to move them (all 5) to the third rod, using the second rod as an intermediate place. 42 / 52
  • 43. Hano¨ı Tower Suppose there are three rods on which you can fit round disks of different sizes, and you must put a smaller disk on a larger disk, but not vice versa. We assume that there are 5 disks. Initially they are all on the first bar. It is necessary to move them (all 5) to the third rod, using the second rod as an intermediate place. 43 / 52
  • 44. Hano¨ı Tower (real photo) 44 / 52
  • 45. Hano¨ı Tower – initial code 45 / 52
  • 46. Hano¨ı Tower – step rules Check if there are any more discs on the rod. Is it possible to move to another rod (the number of elements there is in 0 to N, not including the upper disk on the rod with the size not larger than that moved disk size)? Move the disk by adding an element to the top of the array, increasing the number of elements in the new rod and decreasing in the old one. Or maybe we do not to do it, but why not to switch to another rod to move disks from it or move them to another rod? 46 / 52
  • 47. Hano¨ı Tower – step code (1 to 2) 47 / 52
  • 48. Hano¨ı Tower – verification Trying the counterexample [] (count3 != 5) and we got a solution! 48 / 52
  • 49. Hano¨ı Tower – simulation the counterexample with the solution 49 / 52
  • 50. Hano¨ı Tower – optimal solution Trying formulas like [] ( count3!=5 || moves!=50) and decrease moves count and we got the optimal solution with [] ( count3!=5 || moves!=31)! It required to reduce Maximum Search Depth to 1000 steps. 50 / 52
  • 51. My research on Model Checking Towards a Probabilistic Extension to Non-Deterministic Transitions in Model-Based Checking. SYRCoSE 2019. Applying Model Checking Approach with Floating Point Arithmetic for Verification of Air Collision Avoidance Maneuver Hybrid Model. Accepted for SPIN 2019. A Method to Verify Parallel and Distributed Software in C# by Doing Roslyn AST Transformation to a Promela Model. Preprint. 51 / 52
  • 52. Learn more about Model Checking by reading in a calm place 52 / 52