Design and implementation of embedded formal verification assistants in the .NET framework

Design and implementation of

embedded formal verification assistants in the .NET framework

Ondrej RysavyBrno University of Technology, CZ

Rotor RFP II Capstone Workshop September 19-21, 2005 @ Redmond, US

2

Overview

Motivations Goals and the Scope Container-Concept-Algorithms approach Design principles Implementation issues Example Progress and future work

3

Introduction

Using formal methods is the acceptable approach for ensuring the development of more reliable systems. (http://www.fmeurope.org)

Why not used more extensively? Many reasons:

They’re expensive. Need to adapt the methods for particular kind of

applications. Need an easy way to specialize the tools. Tools are not only efficient algorithms, but also editors,

wizards, proof assistants, and other support tools.

4

The Goal

An experimental implementation of class library for .NET that would have the following properties: To collect well-known algorithms for MC and logical

reasoning in a class library designed in a uniform style To support the development of specialized tools by using

generic algorithms To exploit the advantages of .NET architecture To be extensible, efficient, manageable, and easy to use

library

5

What algorithms ?

Existing tools use various specialized versions of the common algorithms

Model Checking algorithms: Explicit state search – direct labeling procedure Automata theoretic – product operation, emptiness checking,

on-the-fly modifications, partial reductions Symbolic based on BDD library …

Logics: Sat solver for PL Simplification procedures Syntactic rules, rewriting …

6

.NET

First implementations had been done in .NET version 1.x. Redesigned and implemented for .NET 2.x, mainly

because we wanted to use generics. We mainly use C#, C++ and F# as implementation

languages. We wanted to follow as much as possible the rules of

Design guidelines for Cass Library Developers and the

spirit of .NET class libraries naming conventions, interface design, enumerators,

common design patterns, etc.

7

Library model

Algorithm-oriented library Efficient generic algorithms Container-Concept-Algorithm model

Container is an implementation of a concrete

data structure used as an input, output or

internal data in an algorithm Concept is a definition of properties of a

container needed by an algorithm

8

Algorithm oriented library

AlgorithmProblem Solution

Configuration

Concept

Container Reference

Procedure

9



Configuration

Concept

Container Reference

Procedure

10



Configuration

Concept

Container Reference

Procedure

11

Mapping CCA to .NET

The mapping is quite straightforward for object-oriented implementation languages:

CCA Model .NET

Algorithm Class

Concept Interface

Container Class

Procedure Method

Reference Class or Value type

Solution Interface/Class

Problem Interface/Class

Configuration Interface/Class

12

Container –Concept – Algorithm model

The purpose of CCA model is to allow us to write efficient

algorithms An algorithm defines a collection of concepts that each

container has to necessary meet A concept is a collection of properties or operations Container is in general a user defined object, but we have

also some predefined ones An algorithm works in an environment that supports all

other stuffs needed – internal concepts, provided through

problem definition and/or configuration set.

13

An efficiency note 1

Algorithms often create and use some auxiliary data For the efficiency reason one must also to provide

implementations for these internal data User provided all these implementations can arbitrary

customize and optimized them as needed We represent an internal data in the same way as input

data, through the concept notion. Sometimes it is not clearly separated what is the problem

specification and what is the internal concept.

14

The use of internal concepts

A trivial example:

ArrayList<term> sat;

ArrayList<term> sat0;

sat = new ArrayList();

sat0 = GetAllTerms();

while(!sat0.Equals(sat))

{

sat0 = new ArrayList(sat);

foreach(term t in sat0)

{

if(Satisfied(t))

sat.Add(t);

}

}

ISet<term> sat;

ISet<term> sat0;

sat = termSet.Empty();

sat0 = GetAllTerms();

while(!sat0.Equals(sat))

{

sat0 = sat.Copy();

foreach(term t in sat0)

{

if(Satisfied(t))

sat.Add(t);

}

}

15

The internal concepts

Configuration

Problem

AlgorithmInput-concepts Output-concepts

Internal-concepts

Input-conceptsOutput-concepts

Internal-concepts

Problem


Internal-concepts

16


Configuration

Problem


Internal-concepts


Internal-concepts

Problem


Internal-concepts

17


Configuration

Problem


Internal-concepts


Internal-concepts

Problem


Internal-concepts

18

Containers

As the name suggests a container usually models a

containment structure. Contrary to STL, we consider container in a slightly broader

sense: Generic Set, State machine, Expressions, Formula,

Path, Trace, Inference Tree, ... Containers provide concepts, it is convenient that they

provides only the concepts they are able to implement

efficiently. A library provides some predefined basic containers or

special broader usable containers.

19


Containers consists of items and we often need to work with these items.

How to represents these items ? As concepts – too weight in many situation, it can raise

to significant overhead and loss of performance As unspecified types – no restriction on the concrete

implementation (or possibly very general ones)

interface IState<LABEL>

{

bool InitState { get; }

ISet<IState> AdjancentStates { get; }

LABEL Label { get; }

}

interface IStateMachine<LABEL, STATE>

{

STATE InitState();

ISet<STATE> GetAdjancentStates(STATE s);

LABEL GetLabel(STATE s);

}

A

C

B

D

4 states vs.

4.106 states

class StateMachine :

IStateMachine<int, int>

{

int GetLabel(int s) {

return states[s].label; }

}

class State : IState<int, int>

{

private:

int stateId;

StateMachine *machine;

}

20

References and iterators are of “unknown types”

The concepts are parameterized with

these types. It brings also the flexibility besides the

mentioned efficiency.

+GetAtomValue(in term : Term) : Atom+GetLeftSubterm(in term : Term) : Term+GetRightSubterm(in term : Term) : Term+GetSubterm(in term : Term) : Term+GetTermType() : LtlTermType

ILtlFormula

Term, Atom

+Atom+Not+Or+And+Imply+Equiv+X+G+F+U+R+W

«enumeration»LtlTermType

// F# implementation of Termtype 'a Term = | True | False | Atom of 'a | Not of 'a Term | And of 'a Term * 'a Term | Or of 'a Term * 'a Term | Imply of 'a Term * 'a Term | Equiv of 'a Term * 'a Term | X of 'a Term | F of 'a Term | G of 'a Term | U of 'a Term * 'a Term | W of 'a Term * 'a Term | R of 'a Term * 'a Termwith ...end

// C# implementation of Termclass Term<T> { private LtlTermType typ; private Term<T> subterms[2]; private T atom; ... }

21

SolutionProblem

Architecture example

Labelling algorithmC#StateMachine

C++, STL

CtlFormulaF#

Custom AllocatorC++

State CollectionC++, STL

Labelling algorithm

Formula

Automaton Set of States

Formula

.NET GC

22

SolutionProblem

Architecture example

Labelling algorithmC#StateMachine

C++, STL

CtlFormulaF#

Custom AllocatorC++

State CollectionC++, STL

Labelling algorithm

Formula

Automaton Set of States

Formula

.NET GC

23

GC Internal Tables


Creating each item in a container as GC object may be very expensive. The present model allows the programmer implementing the container to

take more optimal approach, e.g. array of values. As C++ can work with memory in the “classical style” it is still possible to

write containers with custom memory management model.

ObjectHeader

TypeHandle

ObjectFields

4B

4B

+

24

Example: The Labeling algorithm [1]

Formula CTL is defined by the abstract syntax:

f ::= p | f * f | f + f | !f | f -> f | f <-> f

| AG f | AF f | AX f | EG f | EF f | EX f | f AU g | f EU g

Automaton A = (S, T, L)

S –set of states

T ⊆ S × S – transition relation

L: S → 2AP - labeling of states with a set of atomic

propositions (AP) satisfied in the

state

Labeling algorithm is a function

Fun : A × F → 2S

Container

Concepts

Container

Concepts

Algorithm

25


Labeling Algorithm

Automaton

Ctl Formula

State Set

State

Term

Atom

State Set Factory

State Labeling

Algorithm Reference Concept

26


Labeling Algorithm

Automaton

Ctl Formula

State Set

State

Term

Atom

State Set Factory

State Labeling


27


Labeling Algorithm

Automaton

Ctl Formula

State Set

State

Term

Atom

State Set Factory

State Labeling


28

Example: The Labeling algorithm [3]public interface ILabellingProblem<State, Term, Atom> : IProblem{ ICtlFormula<Term, Atom> Formula { get; } IAutomatonStateBackward<State> Automaton { get; } ILabeledStates<State, Atom> StateLabelling { get; }}

public class LabellingAlgorithm<State, Term, Atom> : IAlgorithm{ public static LabellingAlgorithm<State, Term, Atom> Create(ILabellingConfiguration configuration); public ILabellingSolution<State, Term, Atom> Solve(ILabellingProblem problem); ...}

public interface ILabellingConfiguration<State, Term, Atom> : IConfiguration{ ISetFactory<State> StateSetFactory { get; } bool ComputeAllOperators{ get; }}

public interface ILabellingSolution<State, Term, Atom> : ISolution{ ICtlFormula<Term, Atom> Formula { get; } ISet<State> States { get; }}

29





30





31

Example: The Labeling algorithm [3]public interface ILabellingProblem<State, Term, Atom> : IProblem{ ICtlFormula<Term, Atom> Formula { get; } IAutomatonStateBackward<State> Automaton { get; } ILabeledStates<State, Label> StateLabelling { get; }}




32

Project progress and future work

Design the model and the basic architecture, Develop an infrastructure for the project Implementation of the foundations Implementation of several selected algorithms, and basic

containers Polish the implementation and make it available online Complete the documentation throughout the library Evaluation and comparison of the efficiency of the

implementation of algorithms Intensive testing Further development of the library

Future Present Past

33

Links

The official project website: http://vutbrmsr.sourceforge.net/ Other (related) projects:

Orbital library (JAVA)http://www.functologic.com/orbital/

BOOST C++ librarieshttp://www.boost.org/

Carnegie Mellon Univ. Model-Checking toolshttp://www.cs.cmu.edu/~modelcheck/code.htm

Common Framework Initiative for algebraic specification and development http://www.brics.dk/Projects/CoFI/

Community Z Toolshttp://czt.sourceforge.net/

Formal Methods Projects page at FM Libraryhttp://vl.fmnet.info/projects/

Math.NEThttp://nmath.sourceforge.net

JavaDD library http://javaddlib.sourceforge.net/

Design and implementation of embedded formal verification assistants in the .NET framework

Documents

Transcript of Design and implementation of embedded formal verification assistants in the .NET framework