Hungarian approach to training, certification & leakage checking
Model Checking C# Code: A Translation Approach
description
Transcript of Model Checking C# Code: A Translation Approach
![Page 1: Model Checking C# Code: A Translation Approach](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681459d550346895db29131/html5/thumbnails/1.jpg)
Model Checking C# Code: A Translation Approach
![Page 2: Model Checking C# Code: A Translation Approach](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681459d550346895db29131/html5/thumbnails/2.jpg)
Contents
• Overview• Model Structure• Key Features
o Flow Controlo State Representationo Thread management
• What's Next
![Page 3: Model Checking C# Code: A Translation Approach](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681459d550346895db29131/html5/thumbnails/3.jpg)
Overview
• C Source Code Model Checkers: BLAST, SLAM and CBMC etc o Translate to Boolean Program or CIL (C Intermediate
Language)o use Theorem Prover or SAT Solver to check predicateso Translate to Promela and use SPIN to check
• Java and C# Model Checkerso Java PathFindero MoonWalkero act as a virtual machine to "run" the program
![Page 4: Model Checking C# Code: A Translation Approach](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681459d550346895db29131/html5/thumbnails/4.jpg)
Objectives
• Going down to byte-code level might not be necessary• PAT is a general Model Checker with good performance and
extensibility• PAT can import C# library, the polymorphism could be
handled smoothly and efficiently Extra• improve the traceability for testing, model checking and
debugging.• Refinement checking to ensure consistency (different dev
phases or branches)
![Page 5: Model Checking C# Code: A Translation Approach](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681459d550346895db29131/html5/thumbnails/5.jpg)
Structure
![Page 6: Model Checking C# Code: A Translation Approach](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681459d550346895db29131/html5/thumbnails/6.jpg)
Flow Control
• Statement• Branch• Loop• Block of Code• • Return• Exception
![Page 7: Model Checking C# Code: A Translation Approach](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681459d550346895db29131/html5/thumbnails/7.jpg)
Flow Control
{...statement1;statement2;...}
if(cond) {//block 1}else {//block 2}
Block(..) =((tau{statement1;} -> Skip);((tau{statement1;} -> Skip);...));
if (cond) { Block_1(..)} else { Block_2(..) }
![Page 8: Model Checking C# Code: A Translation Approach](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681459d550346895db29131/html5/thumbnails/8.jpg)
Flow Control
for(init; cond; increment) {//block 1}
For_1(..) = Block_1(); increment; if(Cond) {For_1(..)} else {Skip};
...init;if(cond) For_1(...);...
![Page 9: Model Checking C# Code: A Translation Approach](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681459d550346895db29131/html5/thumbnails/9.jpg)
State Representation
• Classes and Objectso Fields remaino Methods: Based on defined atomicity
![Page 10: Model Checking C# Code: A Translation Approach](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681459d550346895db29131/html5/thumbnails/10.jpg)
State Representation
class Philosopher{
int name;Fork left;Fork right;
}
class Philosopher : ExpressionValue{public int name;public int Get_name() {return name; }public void Set_name(int val) {name = val; }public int left;public int Get_left() {return left; }public void Set_left(int val) {left = val; }...
![Page 11: Model Checking C# Code: A Translation Approach](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681459d550346895db29131/html5/thumbnails/11.jpg)
State Representation
public class Memory : ExpressionValue{... public int Philosopher_Get_name(int obj) { return philosopherList.GetObj(obj).Get_name(); }public void Philosopher_Set_name(int obj, int val) { philosopherList.GetObj(obj).Set_name(val); }public int Philosopher_Get_left(int obj) { return philosopherList.GetObj(obj).Get_left(); }public void Philosopher_Set_left(int obj, int val) { PhilosopherList.GetObj(obj).Set_left(val); }...}
![Page 12: Model Checking C# Code: A Translation Approach](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681459d550346895db29131/html5/thumbnails/12.jpg)
Thread Management
CreateNewThread() = create_thread?ti.pid.obj -> NewThread(ti, pid, obj);
NewThread(ti, pid, obj) =case {(ti == 1) : Philosopher_run(pid, obj)default: Skip} || CreateNewThread();
Sys() = Main() || CreateNewThread();
![Page 13: Model Checking C# Code: A Translation Approach](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681459d550346895db29131/html5/thumbnails/13.jpg)
Thread Management
...//originThread newThread = new Thread(new ThreadStart(run));newThread.Start();...
...//translated((create_thread!1.pid.objx -> Skip);(atomic {tau{cpid++} -> Philosopher_run_chan_in!cpid.objx -> Skip};...
Philosopher_run() =(Philosopher_run_chan_in?pid.obj -> ...
![Page 14: Model Checking C# Code: A Translation Approach](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681459d550346895db29131/html5/thumbnails/14.jpg)
Lock
Fork_Lock(pid, obj) =[0 == memory.Fork_Get_LOCK(obj)]((tau{ memory.Fork_Set_LOCK(obj, pid); } -> Skip));
Fork_Unlock(pid, obj) =assert(memory.Fork_Get_LOCK(obj) == pid);((tau{ memory.Fork_Set_LOCK(obj, 0); } -> Skip));
![Page 15: Model Checking C# Code: A Translation Approach](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681459d550346895db29131/html5/thumbnails/15.jpg)
Lock
(Fork_Lock(pid, memory.Philosopher_Get_left(obj));(Fork_Lock(pid, memory.Philosopher_Get_right(obj));...(Fork_Unlock(pid, memory.Philosopher_Get_right(obj));(Fork_Unlock(pid, memory.Philosopher_Get_left(obj))
lock (left) { lock (right) { // eat! }}
![Page 16: Model Checking C# Code: A Translation Approach](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681459d550346895db29131/html5/thumbnails/16.jpg)
Parameter Pass and Local Variable
//origin
public Philosopher (Fork le, Fork ri, int na){left = le;right = ri;name = na;...}
![Page 17: Model Checking C# Code: A Translation Approach](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681459d550346895db29131/html5/thumbnails/17.jpg)
Parameter Pass and Local Variable
//translated version 1
Philosopher_CreateObj() =(Philosopher_CreateObj_chan_in?pid.le.ri.na -> ((tau{ memory.Philosopher_Set_le(le); } -> Skip);((tau{ memory.Philosopher_Set_ri(ri); } -> Skip);((tau{ memory.Philosopher_Set_na(na); } -> Skip);((tau{ objx = memory.Philosopher_CreateObj(); } -> Skip);((tau{ memory.Philosopher_Set_left(objx, memory.Philosopher_Get_le()); } -> Skip);((tau{ memory.Philosopher_Set_right(objx, memory.Philosopher_Get_ri()); } -> Skip);((tau{ memory.Philosopher_Set_name(objx, memory.Philosopher_Get_na()); } -> Skip);...))))))))));
![Page 18: Model Checking C# Code: A Translation Approach](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681459d550346895db29131/html5/thumbnails/18.jpg)
Parameter Pass and Local Variable
//translated version 2
Philosopher_CreateObj() =(Philosopher_CreateObj_chan_in?pid.le.ri.na -> ((tau{ objx = memory.Philosopher_CreateObj(); } -> Skip);((tau{ memory.Philosopher_Set_left(objx, le); } -> Skip);((tau{ memory.Philosopher_Set_right(objx, ri); } -> Skip);((tau{ memory.Philosopher_Set_name(objx, na); } -> Skip);...))))))));
![Page 19: Model Checking C# Code: A Translation Approach](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681459d550346895db29131/html5/thumbnails/19.jpg)
What's next
• Exception handling• Atomicity control
![Page 20: Model Checking C# Code: A Translation Approach](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681459d550346895db29131/html5/thumbnails/20.jpg)
Thank You!
![Page 21: Model Checking C# Code: A Translation Approach](https://reader036.fdocuments.in/reader036/viewer/2022062314/5681459d550346895db29131/html5/thumbnails/21.jpg)
Reference
[1] J. Sun, Y. Liu, J. S. Dong, and J. Pang, “PAT: towardsflexible verification under fairness,” in Proceedings of the 21thInternational Conference on Computer Aided Verification(CAV’09). [2] K. Havelund and T. Pressburger, “Model checking javaprograms using java pathfinder,” International Journal onSoftware Tools for Technology Transfer (STTT), vol. 2, no. 4,pp. 366 – 381, 2000.
[3] Wendi Zhah, Yet Another Model Checker for PROMELA, to be appear..