Formal Methods of Systems Specification Logical Specification of Hard and Software

1
Formal Methods of Systems SpecificationLogical
Specification of Hard- and Software

• Prof. Dr. Holger Schlingloff
• Institut für Informatik der Humboldt Universität
• and
• Fraunhofer Institut für Rechnerarchitektur und
  Softwaretechnik

2
Boolean Normal Forms

• DNF, CNF, NAND-, NOR-normal form
• (pq)(p?q) p(pp) (p?q)(pq)
• used for gate arrays
• Algebraic normal form
• XOR of conjunction of (positive) propositions
• later tree normal forms
• (ordering of propositions)

3
Boolean Modelling of Reactive Systems

• (Parallel) transition systems, shared variables
  programs
• shared variables program (V,D,T,s0)
• V(v1,,vn) is a set (sequence) of program
  variables
• D(D1,,Dn) is a tuple of corresponding finite
  domains Didi1,,dim
• T?D?D is a transition relation, and
• s0 (d11,,dn1) is the initial state
• Propositional representation of programs
• T((requesttrue)?(stateready)?(statebusy))
• Representation of non-boolean domains?

4
Binary Encoding of Domains

• Any variable on a finite domain D can be replaced
  by log(D) binary variables
• similar to encoding of data types by compilers
• e.g. var v 0..15 can be replaced byvar
  v1,v2,v3,v4 boolean(00000, 1 0001, 20010,
  30011, ..., 151111)
• State space
• still in the order of original domain!
• e.g. three int8-variables can have 224108 states
• e.g. array of length 10 with 10-bit values ? 1030
  states
• Representation of large sets of states?

5
Representation of Sets
6
Ordered Tree Form

• Normal form for propositional formulas
• Uses only the connective Ite
• Linear ordering on the set of propositions
• e.g., most significant bit first
• Shannon expansion

7
Truth table and tree form formula
Reduction Replace Ite (v,?,?) by ?
8
Abbreviations

• Introduce abbreviations
• maximally abbreviated

9
Binary Decision Trees (BDTs)

• Binary decision tree
• Elimination ofisomorphic subtrees(abbreviations)
  

10
Binary Decision Diagrams (BDDs)

• Elimination ofredundant nodes(redundant
  subformulas) Ite (v,?,?) by ?

11
A Toy Example

• How many states are reachable?
• How to check whether a given state is reachable?

12
Coding in nuSMV
13
Coding in SMV (cont.)

• SMV quickly finds a solution (rrddlluurrddlluurrdd
  lluurrdd)

14
Another Toy Example

• gibts vielleicht noch besser (color)

15
Verification Model of Shift Register
16
Non-toy Examples

• Software verification Correctness of aerospace
  and train computers, automobile controllers,
  nontrivial search problems, ...
• Hardware verification ALUs, PLAs, memory
  controllers, complete chip design, ...
• For safety-critical systems formal validation is
  mandatory, for widely deployed systems highly
  recommended

17
Calculation of BDDs
18
The Influence of Variable Ordering

• Heuristics keep dependent variables close
  together!

19
Transitive Closure

• Each finite (transition) relation can be
  represented as a boolean formula / BDD
• The transitive closure of a relation R is defined
  recursively by
• Thus, transitive closure be calculated by an
  iteration on BDDs
• Logical operations (?, ?, ?) can be directly
  performed on BDDs

20
Reachability

• State s is reachable iff s0Rs, where s0?S0 is an
  initial state and R is the transition relation
• Reachability is one of the most important
  properties in verification
• most safety properties can be reduced to it
• in a search algorithm, is the goal reachable?
• Can be arbitrarily hard
• for infinite state systems undecidable
• Can be efficiently calculated with BDDs

21

• Intuitively, xRy iff there is a sequence w0 w1
  ... wn of nodes connecting x with y
• In a finite model, this sequence must be smaller
  than the number of states.
• In practice, usually a few dozen steps are
  sufficient