1 / 14

Verification of Communication Protocols using SDL

Verification of Communication Protocols using SDL. (12.02.2003). Author: prep. eng. Calin Jebelean. Introduction. Software verification – an issue of undisputable importance Manual solutions, though widely used, don’t scale up to industrial-size projects

mervyn
Télécharger la présentation

Verification of Communication Protocols using SDL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Verification of Communication Protocols using SDL (12.02.2003) Author: prep. eng. Calin Jebelean

  2. Introduction • Software verification – an issue of undisputable importance • Manual solutions, though widely used, don’t scale up to industrial-size projects • Current approaches to software verification involve: • simulation • testing • formal verification

  3. Formal Verification – Model Checking Main idea: “Build a model of a system and perform exhaustive analysis on the model” Strong points: all system behaviors are covered highly automatable Weak points: state-explosion problem

  4. What Is SDL? Acronym for “Specification and Description Language” Formal language defined by the ITU-T as recommendation Z.100 Meant for specification of complex, event-driven, real-time systems involving concurrent activities that communicate through signals Extremely appropriate for describing communication protocols

  5. A Short Insight An SDL system consists of: structural level: system, block, process and procedure hierarchy communication level: signals with optional signal parameters and channels behavioral level: processes data level: abstract data types Commercial tools exist (ObjectGEODE), dedicated to: analysis design simulation testing code generation

  6. The Need For IF SDL itself – not suitable for model-checking: model-checking algorithms are difficult to integrate within commercial tools by third-parties SDL hierarchical structure – an impediment for analysis IF – an “Intermediate Format” for SDL IF – a plain, automaton-based representation of the SDL system IF representation – suitable for exhaustive state-space exploration

  7. Advantages Of IF Translation from SDL to IF reduces the model size (5 to 6 times, on average), mostly by eliminating certain transient states Analysis algorithms can run directly on the IF translation of the SDL specification Possibility to interconnect SDL with existing verification tools: SMV, Spin, etc., once translators from IF to the input language of these tools are available

  8. Results Using IF Several analysis techniques already implemented on IF, among which: “live variables” analysis a variable is live in a control state if there is a path from this state along which its value can be used before it is redefined “irrelevant variables” analysis a variable is irrelevant with respect to a property of interest if it has no effect on the respective property “compositional generation” technique based on the “divide-and-conquer” paradigm Model reductions of up to 100-500 times have been reported Model-checking can be applied on the reduced model

  9. Practical Results

  10. What We Want To Do Extract interfaces abstracting module-behavior in order to use them in the compositional verification of other modules, for which they constitute the environment Express properties of interest using a formalism such as temporal logic: CTL, LTL Check the model against such properties of interest Extend the capabilities of IF for dealing with external code written in other languages, such as C

  11. Some Examples Global properties: Absence of deadlock The initiator of the communication will either get connected or get an error within finite time Local properties: Any message received in some state must belong to a certain set of acceptable messages for that state A process must set a timer every time it begins waiting for some signal, to prevent blockage A process must deallocate all resources it is supposed to deallocate, if an “abandon” message is received

  12. Conclusions The IF formalism has certain advantages over other approaches to verification of SDL code Since SDL is widely used, there are clear possibilities for the application of formal methods and verification techniques on projects of industrial size and interest With SDL being a specification language, one could test an implementation against the specification, or the specification itself could be checked to reveal misconceptions

  13. Bibliography E. Clarke, J. Wing – “Formal Methods: State of the Art and Future Directions”, ACM Computing Surveys, 1996 E. Clarke, O. Grumberg, D. Long: “Verification Tools for Finite-State Concurrent Systems”, Lecture Notes in Computer Science, Springer Verlag, 1993 M. Bozga, J. Fernandez, L. Ghirvu, S. Graf, J. Krimm, L. Mounier: “IF: An Intermediate Representation and Validation Environment for Timed Asynchronous Systems”, Proceedings of FM’99, Toulouse, France, 1999 M. Bozga, J. Fernandez, L. Ghirvu, S. Graf, J. Krimm, L. Mounier, J. Sifakis: “IF: An Intermediate Representation for SDL and its Applications”, Proceedings of SDL-Forum’99, Montreal, Canada, 1999

  14. Thank You! Thank you for your attention!

More Related