Formal Description & Automated Verification

Verification ?

formal semantics

????!!!!

formal semanticsdivide (a, b) { while (a > 0) a = a-b; if (a == 0) return 1; else return 0; } Is this program correct ? How do I know what it is supposed to do ? It checks if a is divisible by b. I doubt it! What happens when b = 0 ? Well, sometimeshappens!

formal semanticsdivide (a, b) { while (a > 0) a = a-b; if (a == 0) return 1; else return 0; } Seriously, what does a=a-b; means ? What does this `if statement means ?

formal semanticsWhen we say a program is correct, what is the behavior model of the program ? What is the mathematics of program behaviors ?

formal semanticsstate,possible worldKripke structuredivide (a, b) { while (a > 0) a = a-b; if (a == 0) return 1; else return 0; }

formal semantics- an attemptdivide (a, b) { while (a > 0) a = a-b; if (a == 0) return 1; else return 0; } p(k): the statement at state k; a(k): the value of a at state k;b(k): the value of b at state k; k0(p(k)== a(k+1)==a(k)-b(k))First-order arithmetic!A lot of tools can help you predict the behaviors of the program.

The wonderful logics!logicsGoedelstate-space

Some incomputable problems (1/2)The validity of 1st-order logic formula (Hilberts 2nd problem)xyz(single(x) (parent(y,x)worried(y))Mortal matrix problem Given 15 33 matrices, M1, , M15, are there Mi1 Mim = 0 ?CFL ambiguity problem12-*

Some incomputable problems (2/2)Multivariable polynomial equations (Hilberts 10th problem) Incomputable for degree 4. Incomputable for 36 real variables. Incomputable for 11 integer variables. 12-*

Goedels incompleteness theorem:

State-space explosion problem ? When a and b are both 32 bits long, # states232232The safety analysis problem of Boolean program is PSPACE-complete. The satisfiability problem of LTL is PSPACE-complete. The satisfiability problem of 1st-order logics is undecidable! No algorithm exists! The safety analysis problem of algorithm is undecidable!

Things to learn in the courseState-transition models of computer systemsOnly with mathematical models, you can build EDA tools. Mathematical model construction Verification algorithms Practical techniques to overcome the complexity!

Things to learn in the courseState-transition models of computer systemsKripke structures

Things to learn in the courseMathematical model construction With REDLIB packagesfor automata with dense-time clocks

Things to learn in the courseVerification algorithms BDD manipulation algorithm for propositional logicsAutomata (regular expression) learning Linear temporal logic satisfiability checkingAutomata safety and liveneness analysisCTL model checking Automata simulation checking

Things to learn in the coursePractical techniques to overcome the complexity! BDD-based techniques

Course planBasic understanding of the knowledge of computer verificationThree projectsuse REDLIB to solve board gamesuse REDLIB to construct system model and making verification for untimed systems use REDLIB to do model-based testing for timed systems

Course schedule1. 9/14 Introduction 2. 9/21 Propositoinal Logic & BDD technology3. 9/28 Propositoinal Logic & BDD technology 1st project announcement4. 10/5 Propositoinal Logic & BDD technology5. 10/12 State Machines & Learning 6. 10/19 State Machines7. 10/26 State Machines 1st project report, 2nd project announcement8. 11/2 State Machines

Course schedule (continued) 9. 11/9 Temporal Logics & Symbolic Model-Checking10. 11/16 Midterm Exam12. 11/23 Temporal Logics & Symbolic Model-Checking13. 11/30 Temporal Logics & Symbolic Model-Checking 2nd project report, 3rd project announcement. 14. 12/7 Embedded Systems 15. 12/14 Simulation & Bisimulation 15. 12/21 Game theories 16. 12/28 Model-based Testing17. 1/4 3rd project report 18. 1/11 Final exam 9am-11:50am

http://cc.ee.ntu.edu.tw/~farn/courses/FMV/

travisho0014@gmail.comTuesday p.m. 2:00~3:00, 631

EvaluationTwo scenariosWithout paper presentation midterm: 30%, final: 30%, projects:30%, homework: 10%

Handbook of Logic in Computer Science: Vol. 1-2, edited by S. Abramsky (1993), Oxford. Handbook of Theoretical Computer Science, Vol. A & B, edited by J. van Leeuwen, Elsevier.Model Checking, E. Clarke, O. Grumberg, D. Peled, MIT PressFormal Methods for Real-Time Systemsedited by C. Heitmeyer, D. Mandrioli, Wiley

************************