CDA 5416 Computer System Verification - PowerPoint Presentation

Slide1

CDA 5416 Computer System VerificationHW Review

Computer ArchitectureA Quantitative Approach, Fifth Edition

Instructor: Hao Zheng

Department of Computer Science & Engineering

University of South Florida

Tampa, FL 33620

Email:

haozheng@usf.edu

Phone: (813)974-4757

Fax: (813)974-5456

Slide2

HW

4

Slide3

Problem 2

Slide4

Problem 3

Slide5

Problem 4

Slide6

HW

3

Slide7

Slide8

Slide9

HW 2

Slide10

Draw program graphs for

two

processes

with

id

=

{0,1

}

.

Show

an execution of the composed program graph.

Build

a

Promela

model for this algorithm with

three

processes.  Think about the type of channels that should be used.

Format

the relevant correctness requirement(s) using a separate process(

es

) and/or assertions

in

Promela

. 

Use

the SPIN to check that the leader election model satisfies the correctness requirements.

Slide11

P0

P1

C0 (c0)

C1 (c1)

0

1

2

stop

/send(id0)

/

recv

(m0)

m0=id0

m0<id0

m0>id0/send(m0)

0

1

/

recv

(c0)

/send(c0)

Slide12

P0

P1

C0

C1

0

/<send(id0),

recv

(c1)>

0

0

0

1

0

1

0

0

1

0

1

/<send(id1),

recv

(c0)>

1

1

1

1

/<send(id1),

recv

(c0)>

/<send(id0),

recv

(c1)>

Slide13

P0

P1

C0

C1

1

1

1

1

/<send(id1),

recv

(c0)>

/<send(id0),

recv

(c1)>

2

0

1

1

/<send(c0),

recv

(m0)>

1

1

0

2

/<send(c1),

recv

(m1)>

Slide14

P0

P1

C0

C1

chan

C1

=

[

1

]

of

{

byte};

chan

C2 = [1] of {byte};

Slide15

0

1

2

stop

/

C1 ! id0

/

C0 ? m0

m0=id0

m0<id0

m0>id0/

C1 ! m0

proctype

P0() {

byte m0;

C1 ! id0;

do

:: C0 ? m0;

if

:: m0<id0 ->

goto

stop

:: m0>id0 -> C1 ! m0

fi

od

stop:

}

Slide16

HW 1

Slide17

byte n = 0;active [2] proctype P(){    byte reg;    byte cnt = 0;    do     :: cnt == 10 -> break    :: else ->            reg = n;            reg++;            n = reg;            cnt++    od;}

What are the largest and smallest values that n can be

produced

by the model upon termination?

Slide18

byte n = 0;byte stop = 0;active [2] proctype P(){    byte reg;    byte cnt = 0;    do     :: cnt == 10 -> break    :: else ->            reg = n;            reg++;            n = reg;            cnt++    od; stop++;}

/* passed 

active proctype checker1()

{

        if 

        :: stop==2 -> assert (n <= 20);

        fi

}

*/

/*

failed */

active proctype checker2()

{

        if 

        :: stop==2 -> assert (n <= 19);

        fi

}

Slide19

byte n = 0;byte stop = 0;active [2] proctype P(){    byte reg;    byte cnt = 0;    do     :: cnt == 10 -> break    :: else ->            reg = n;            reg++;            n = reg;            cnt++    od; stop++;}

/*

passed

active proctype checker4()

{

        if 

        :: stop==2 -> assert (n >= 2);

        fi

}

*/

/* failed */

active proctype checker4()

{

        if 

        :: stop==2 -> assert (n >= 3);

        fi

}

Slide20

byte n = 0;byte stop = 0;active [2] proctype P(){    byte reg;    byte cnt = 0;    do     :: cnt == 10 -> break    :: else ->            reg = n;            reg++;            n = reg;            cnt++    od; stop++;}

  1: proc  1 (p:1) a1_3.pml:12 (state 3) [else]  2: proc  1 (p:1) a1_3.pml:13 (state 4) [reg = n]   3: proc  1 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)] n = 0; reg0=0, cnt0=0, reg1=1, cnt1=0  4: proc  0 (p:1) a1_3.pml:12 (state 3) [else]  5: proc  0 (p:1) a1_3.pml:13 (state 4) [reg = n] n = 0; reg0=0, cnt0=0, reg1=1, cnt1=0  6: proc  1 (p:1) a1_3.pml:15 (state 6) [n = reg]  7: proc  1 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)] n = 1; reg0=0, cnt0=0, reg1=1, cnt1=1  8: proc  1 (p:1) a1_3.pml:12 (state 3) [else]  9: proc  1 (p:1) a1_3.pml:13 (state 4) [reg = n] 10: proc  1 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)] 11: proc  1 (p:1) a1_3.pml:15 (state 6) [n = reg] 12: proc  1 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)] n = 2; reg0=0, cnt0=0, reg1=2, cnt1=2

spin

-

p

-

t

model

.

pml

/* replay error trace “

model.pml.trail

” */

Slide21

byte n = 0;byte stop = 0;active [2] proctype P(){    byte reg;    byte cnt = 0;    do     :: cnt == 10 -> break    :: else ->            reg = n;            reg++;            n = reg;            cnt++    od; stop++;}

n =

2;

reg0=0, cnt0=0,

reg1=2, cnt1=2

 

13: proc  1 (p:1) a1_3.pml:12 (state 3) [else]

 14: proc  1 (p:1) a1_3.pml:13 (state 4) [reg = n]

 15: proc  1 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]

 16: proc  1 (p:1) a1_3.pml:15 (state 6) [n = reg]

 17: proc  1 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]

 

n =

3;

reg0=0, cnt0=0,

reg1=3, cnt1=3

18

: proc  1 (p:1) a1_3.pml:12 (state 3) [else]

 19: proc  1 (p:1) a1_3.pml:13 (state 4) [reg = n]

 20: proc  1 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]

 21: proc  1 (p:1) a1_3.pml:15 (state 6) [n = reg]

 22: proc  1 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]

 

n =

4;

reg0=0, cnt0=0,

reg1=4, cnt1=4

Slide22

byte n = 0;byte stop = 0;active [2] proctype P(){    byte reg;    byte cnt = 0;    do     :: cnt == 10 -> break    :: else ->            reg = n;            reg++;            n = reg;            cnt++    od; stop++;}

 

n =

4;

reg0=0, cnt0=0,

reg1=4, cnt1=4

 

23: proc  1 (p:1) a1_3.pml:12 (state 3) [else]

 24: proc  1 (p:1) a1_3.pml:13 (state 4) [reg = n]

 25: proc  1 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]

 26: proc  1 (p:1) a1_3.pml:15 (state 6) [n = reg]

 27: proc  1 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]

 

n =

5;

reg0=0, cnt0=0,

reg1=5, cnt1=5

 28: proc  1 (p:1) a1_3.pml:12 (state 3) [else]

 29: proc  1 (p:1) a1_3.pml:13 (state 4) [reg = n]

 30: proc  1 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]

 31: proc  1 (p:1) a1_3.pml:15 (state 6) [n = reg]

 32: proc  1 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]

 

n =

6;

reg0=0, cnt0=0,

reg1=6, cnt1=6

Slide23

byte n = 0;byte stop = 0;active [2] proctype P(){    byte reg;    byte cnt = 0;    do     :: cnt == 10 -> break    :: else ->            reg = n;            reg++;            n = reg;            cnt++    od; stop++;}

 

n =

8;

reg0=0, cnt0=0,

reg1=8, cnt1=8

43: proc  1 (p:1) a1_3.pml:12 (state 3) [else]

 44: proc  1 (p:1) a1_3.pml:13 (state 4) [reg = n]

 45: proc  1 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]

 46: proc  1 (p:1) a1_3.pml:15 (state 6) [n = reg]

 47: proc  1 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]

 48: proc  1 (p:1) a1_3.pml:12 (state 3) [else]

 

n =

9;

reg0=0, cnt0=0,

reg1=9, cnt1=9

 49: proc  0 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]

 50: proc  0 (p:1) a1_3.pml:15 (state 6) [n = reg]

 

n =

1; reg0=1,

cnt0=0, reg1=9, cnt1=9

 51: proc  1 (p:1) a1_3.pml:13 (state 4) [reg = n]

 52: proc  1 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]

 

n = 1; reg0=1, cnt0=0,

reg1=2, cnt1=9

Slide24

byte n = 0;byte stop = 0;active [2] proctype P(){    byte reg;    byte cnt = 0;    do     :: cnt == 10 -> break    :: else ->            reg = n;            reg++;            n = reg;            cnt++    od; stop++;}

 

n = 1; reg0=1,

cnt0=0, reg1=2, cnt1=9

53: proc  0 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]

 

n =

1; reg0=1, cnt0=1,

reg1=2, cnt1=9

 54: proc  0 (p:1) a1_3.pml:12 (state 3) [else]

 55: proc  0 (p:1) a1_3.pml:13 (state 4) [reg = n]

 56: proc  0 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]

 57: proc  0 (p:1) a1_3.pml:15 (state 6) [n = reg]

 58: proc  0 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]

 

n =

2; reg0=2, cnt2=2,

reg1=2, cnt1=9

 59: proc  0 (p:1) a1_3.pml:12 (state 3) [else]

 60: proc  0 (p:1) a1_3.pml:13 (state 4) [reg = n]

 61: proc  0 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]

 62: proc  0 (p:1) a1_3.pml:15 (state 6) [n = reg]

 63: proc  0 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]

 

n =

3; reg0=3, cnt0=3,

reg1=2,

cnt1=9

Slide25

byte n = 0;byte stop = 0;active [2] proctype P(){    byte reg;    byte cnt = 0;    do     :: cnt == 10 -> break    :: else ->            reg = n;            reg++;            n = reg;            cnt++    od; stop++;}

 

n =

3; reg0=3, cnt0=3,

reg1=2,

cnt1=9

64

: proc  0 (p:1) a1_3.pml:12 (state 3) [else]

 65: proc  0 (p:1) a1_3.pml:13 (state 4) [reg = n]

 66: proc  0 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]

 67: proc  0 (p:1) a1_3.pml:15 (state 6) [n = reg]

 68: proc  0 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]

 

n =

4; reg0=4, cnt0=4,

reg1=2, cnt1=9

 69: proc  0 (p:1) a1_3.pml:12 (state 3) [else]

 70: proc  0 (p:1) a1_3.pml:13 (state 4) [reg = n]

 71: proc  0 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]

 72: proc  0 (p:1) a1_3.pml:15 (state 6) [n = reg]

 73: proc  0 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]

 

n =

5; reg0=5, cnt0=5,

reg1=2,

cnt1=9

Slide26

byte n = 0;byte stop = 0;active [2] proctype P(){    byte reg;    byte cnt = 0;    do     :: cnt == 10 -> break    :: else ->            reg = n;            reg++;            n = reg;            cnt++    od; stop++;}

 

n =

5; reg0=5, cnt0=5,

reg1=2,

cnt1=9

 

74: proc  0 (p:1) a1_3.pml:12 (state 3) [else]

 75: proc  0 (p:1) a1_3.pml:13 (state 4) [reg = n]

 76: proc  0 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]

 77: proc  0 (p:1) a1_3.pml:15 (state 6) [n = reg]

 78: proc  0 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]

 

n =

6; reg0=6, cnt0=6,

reg1=2, cnt1=9

 79: proc  0 (p:1) a1_3.pml:12 (state 3) [else]

 80: proc  0 (p:1) a1_3.pml:13 (state 4) [reg = n]

 81: proc  0 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]

 82: proc  0 (p:1) a1_3.pml:15 (state 6) [n = reg]

 83: proc  0 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]

 

n =

7; reg0=7, cnt0=7,

reg1=2,

cnt1=9

Slide27

byte n = 0;byte stop = 0;active [2] proctype P(){    byte reg;    byte cnt = 0;    do     :: cnt == 10 -> break    :: else ->            reg = n;            reg++;            n = reg;            cnt++    od; stop++;}

 

n =

7; reg0=7, cnt0=7,

reg1=2,

cnt1=9

 

84: proc  0 (p:1) a1_3.pml:12 (state 3) [else]

 85: proc  0 (p:1) a1_3.pml:13 (state 4) [reg = n]

 86: proc  0 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]

 87: proc  0 (p:1) a1_3.pml:15 (state 6) [n = reg]

 88: proc  0 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]

  

n =

8; reg0=8, cnt0=8,

reg1=2, cnt1=9

89

: proc  0 (p:1) a1_3.pml:12 (state 3) [else]

 90: proc  0 (p:1) a1_3.pml:13 (state 4) [reg = n]

 91: proc  0 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]

 92: proc  0 (p:1) a1_3.pml:15 (state 6) [n = reg]

 93: proc  0 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]

 

n =

9; reg0=9, cnt0=9,

reg1=2,

cnt1=9

Slide28

byte n = 0;byte stop = 0;active [2] proctype P(){    byte reg;    byte cnt = 0;    do     :: cnt == 10 -> break    :: else ->            reg = n;            reg++;            n = reg;            cnt++    od; stop++;}

 

n =

9; reg0=9, cnt0=9,

reg1=2,

cnt1=9

 

94: proc  0 (p:1) a1_3.pml:12 (state 3) [else]

 95: proc  0 (p:1) a1_3.pml:13 (state 4) [reg = n]

 96: proc  0 (p:1) a1_3.pml:14 (state 5) [reg = (reg+1)]

 97: proc  0 (p:1) a1_3.pml:15 (state 6) [n = reg]

  

n =

10; reg0=10,

cnt0=9, reg1=2, cnt1=9

98

: proc  1 (p:1) a1_3.pml:15 (state 6) [n = reg]

 99: proc  1 (p:1) a1_3.pml:16 (state 7) [cnt = (cnt+1)]

100: proc  1 (p:1) a1_3.pml:11 (state 1) [((cnt==10))]

101: proc  1 (p:1) a1_3.pml:18 (state 11) [stop = (stop+1)]

n

=

2;

reg0=9, cnt0=9, reg1=2,

cnt1=10; stop=1

Slide29

byte n = 0;byte stop = 0;active [2] proctype P(){    byte reg;    byte cnt = 0;    do     :: cnt == 10 -> break    :: else ->            reg = n;            reg++;            n = reg;            cnt++    od; stop++;}

n

=

2;

reg0=9, cnt0=9, reg1=2,

cnt1=10; stop=1

102: proc  0 (p:1) a1_3.pml:16 (state 7) [

cnt

= (cnt+1)]

103: proc  0 (p:1) a1_3.pml:11 (state 1) [((

cnt

==10))]

104: proc  0 (p:1) a1_3.pml:18 (state 11) [stop = (stop+1)]

n

= 2; reg0=9,

cnt0=10,

reg1=2, cnt1=10;

stop=2

105

: proc  2 (checker4:1) a1_3.pml:71 (state 1)

[((

stop==2))]

106

: proc  2 (checker4:1) a1_3.pml:71 (state 2)

[

assert((n>=3))]