Verification Extension to FFIP

1
Verification Extension to FFIP

• Jason Kirschenbaum
• The Ohio State University

2
Overview

• Introduction
• Overview of syntax and semantics
• Ideas for a more precise syntax for FFIP
• Ideas for semantics for FFIP
• Ideas for analysis of FFIP models
• Extension to FFIP notation

3
Syntax Overview

• Defines what a sensible FFIP model looks like
• More precise syntax gives more uniform FFIP
  models
• Tool support
• More precise syntax allows tools to provide more
  features
• Detect bugs

4
Example FFIP Syntax
5
Syntax Comparison
6
Semantics Overview

• Given a sensible FFIP model, defines what that
  model means
• Defines meaning of each language construct
• Needed for some analysis
• Current FFIP Semantics
• Guide. To direct the course of a flow along a
  specific path

7
First Order Logic Example
8
Example of Definition of Semantics

• Syntactic Entities

Semantic Entities
9
FFIP Extensions Syntax

• Make syntax more precise
• Restrict possible function/flow combinations
• E.g. Guide and Transfer functions
• Restricted basis for components
• Proof obligation
• E.g. Flow Limiter and Flow Transfer elements

10
FFIP Extension Semantics

• Programming language semantics
• Used in formal semantics field
• Axiomatic (mathematical assertions)
• Operational (abstract machine)
• Denotational (abstract function)
• Semantics needed in both functional and
  configuration models

11
Assignment

• Axiomatic
• Operational/Denotational

ltx E, sgt ? ltempty, su ? s(t) gt
12
FFIP Semantics Example

• Given a valve with INFLOW, CS and OUTFLOW
• Axiomatically
• QINFLOW\(OUTFLOW/CS) Valve Q
• Operationally/Denotationally
• ltValve,sgt ? ltempty, sOUTFLOW ? INFLOW CS gt

13
Function Failure Logic

• May be inferable from the syntax/semantics
• Support through user input for extra information

14
FFIP Analysis

• Define rules for transforming the functional,
  configuration and failure logic into a form to be
  analyzed
• Based on semantics
• Could include
• Model checking
• Theorem proving

15
General Overview of Tech.

• Model checkers
• NuSMV, SPIN, SAL
• Finite state, proves or gives counterexamples
• Theorem Provers
• Isabelle, Yives, E
• May provide counter examples
• Can be automated or user-guided
• No prover is both sound and complete

16
Extensions for Modular Reasoning

• Add ability to add modules around
• Functional blocks
• Component blocks
• Aids readability
• Significant advantage of using FFIP

17
Questions?