Outline - PowerPoint PPT Presentation

1 / 14

About This Presentation

Title:

Outline

Description:

Number of Views:33

Avg rating:3.0/5.0

Slides: 15

Provided by: tuongn

Category:

Tags: ignore | outline

Transcript and Presenter's Notes

Title: Outline

1
Outline

2
SPIN

SPIN is a popular open-source software tool that
can be used for the formal verification of
distributed software systems.
The tool was developed at Bell Labs in the
original Unix group of the Computing Sciences
Research Center, starting in 1980.
The software has been available freely since
1991, and continues to evolve to keep pace with
new developments in the field.
The website of SPIN is found at
www.spinroot.com.

3
SPIN Basic Modes

SPIN can be used in three basic modes
as a simulator, allowing for rapid prototyping
with a random, guided, or interactive simulations
as an exhaustive verifier, capable of rigorously
proving the validity of user specified
correctness requirements (using partial order
reduction theory to optimize the search)
as proof approximation system that can validate
even very large system models with maximal
coverage of the state space.
All SPIN software is written in ANSI standard C,
and is portable across all versions of Unix,
Linux, cygwin, Plan9, Inferno, Solaris, Mac, and
Windows.

4
PROMELA

To verify a design, a formal model is built using
PROMELA (a PROcess MEta LAnguage), served as
input to SPIN.
PROMELA is a non-deterministic language, loosely
based on Dijkstra's guarded command language
notation and borrowing the notation for I/O
operations from Hoare's CSP language.

5
PROMELA Example

This go-back-n sliding window protocol p5 follows
the description from Tanenbaum. In file
L2_gobackn1.txt is the PROMELA specification of
that protocol, which includes some annotations to
facilitate simulations.
define MaxSeq 3 / window size /
define Wrong(x) x (x1) (MaxSeq)
define Right(x) x (x1) (MaxSeq 1)
define inc(x) Right(x)
/
file ex.9 /
chan q2 MaxSeq of byte, byte /
message channel /
active 2 proctype p5() / starts two copies
of proctype p5 /
The senders window size is defined as 3 2n
-1, where n 2.
In this example, there are 2 processes
exchanging messages in bidirectional mode.
q is an array of 2 (unidirectional) message
channels. Each message channel can store up to 3
messages. Each message consists of 2 bytes.

6
PROMELA Example

active 2 proctype p5() / starts two copies
of proctype p5 /
byte NextFrame, AckExp, FrameExp, r, s,
nbuf, i
chan in, out
in q_pid
out q1-_pid
xr in xs out / partial order
reduction claims /
do
nbuf lt MaxSeq -gt / outgoing messages
/
q_pid?r,s -gt / incoming messages
/
timeout -gt / retransmission
timeout /
od
Two channels of array q are assigned to each
process as the input and output channels.
Inside the loop is something like Dijkstra's
guarded command language notation.

7
PROMELA Example

8
PROMELA Example

timeout -gt / retransmission
timeout /
NextFrame AckExp
printf("MSC timeout\n")
i 1
do
i lt nbuf -gt
out!NextFrame , (FrameExp
MaxSeq) (MaxSeq 1)
inc(NextFrame)
i
else -gt break
od
To simplify the simulation, the start/stop
activities of the timer associated with each
outstanding message are all ignored in this
specification.

9
XSPIN

XSPIN is an optional, but highly recommended,
graphical user interface to SPIN, written in
Tcl/Tk.
The easiest way to get started with SPIN is to
use the graphical interface XSPIN.
The graphical interface runs independently from
SPIN itself, and helps by generating the proper
SPIN commands based on menu selections.
XSPIN runs SPIN in the background to obtain the
desired output, and wherever possible it will
attempt to generate a graphical representation of
such output. XSPIN knows when and how to compile
code for the model checkers that SPIN can
generate, and it knows when and how to execute
it, so there is less to remember.